Hi everyone, new poster here but long time user!
I have recently rooted and installed twrp on my sprint lgv20. I also installed the stock international ROM to sim unlock for various uses. My only annoyance with the root is the red warning corruption screen, i was wondering if anyone had a work around or image to flash to get rid or hide the screen somehow with maybe an lg screen or anything.
Thank you for any suggestions,
Zach
juicemane141997 said:
Hi everyone, new poster here but long time user!
I have recently rooted and installed twrp on my sprint lgv20. I also installed the stock international ROM to sim unlock for various uses. My only annoyance with the root is the red warning corruption screen, i was wondering if anyone had a work around or image to flash to get rid or hide the screen somehow with maybe an lg screen or anything.
Thank you for any suggestions,
Zach
Click to expand...
Click to collapse
Unfortunately there is no current fix for this. I am not sure what exactly is needed for this to be fixed, but I would assume that those people who are developing roms for the V20 have already exhausted what ever options there are.
Would be nice to have fixed, but since that screen is only during initial boot up I don't think anyone is terribly concerned with getting this corrected.
Hope this helps.
No fix
It is related to google
Not lg
I would imagine the reason for this is both for security and to let manufacturers know when a phone has been modified.
I don't believe there is a workaround for it either because it can't be done (doubtful as I am sure its software based) or people just don't care (honestly I am sure some developers were annoyed enough to look into it). I just don't think anyone has found a way around it.
This "feature" was introduced in marshmallow.
Edit: further research shows the Nexus 5x developers were able to work around it by replacing the image. So while it doesn't remove the function it hides it.
https://forum.xda-developers.com/nexus-5x/help/to-remove-corruption-warning-message-t3248441
Please note this is a marshmallow phone not nougat so I am not sure the same concept would work on our phone.
Sent from my LG-H918 using XDA-Developers Legacy app
That's what they did with the HTC one m7. Was to replace the image. It's just finding the way to do it. As Everytime the devs find a way around something. Then Google, the phone makers,or carriers patches it to make it harder next time. I understand why they make that tamper screen because to many people trying to root and bricks their phones lies about not tampering with their phones OS. They say don't know what happened I just turned it on and nothing. I am sure they will find a way to replace the image. It just takes time and it's low priority on the devs list of things to do.
Sent from my LG-H910 using Tapatalk
Dark Jedi said:
That's what they did with the HTC one m7. Was to replace the image. It's just finding the way to do it. As Everytime the devs find a way around something. Then Google, the phone makers,or carriers patches it to make it harder next time. I understand why they make that tamper screen because to many people trying to root and bricks their phones lies about not tampering with their phones OS. They say don't know what happened I just turned it on and nothing. I am sure they will find a way to replace the image. It just takes time and it's low priority on the devs list of things to do.
Sent from my LG-H910 using Tapatalk
Click to expand...
Click to collapse
It appears that the image is located within the bootloader. It would have to be extracted, changed, and put back in assuming there is not a signature check with it on boot up. From what I was reading it depends on which partition it is located in whether it can be done or not. If it is in aboot, Tilde has mentioned that we can't edit this partition. Unfortunately it doesn't sound like it's a simple case of replacing an image.
androiddiego said:
It appears that the image is located within the bootloader. It would have to be extracted, changed, and put back in assuming there is not a signature check with it on boot up. From what I was reading it depends on which partition it is located in whether it can be done or not. If it is in aboot, Tilde has mentioned that we can't edit this partition. Unfortunately it doesn't sound like it's a simple case of replacing an image.
Click to expand...
Click to collapse
I can confirm it is located in aboot itself.
Related
Hello guys!
I'm in need of a help here. I have selected the infamous USA radio band on my Moto X Play XT1562/EU/6.0.1 and now only have access to 4G network, no calls available.
As i don't have access to a a computer atm, can anyone make a backup of modem and fsg partition using Partitions Backup app, upload it, or send it to me privately.
I know about the erase modemst1/2 commands, they work, i purposely selected the USA band again, to see, if i can fix this problem without a computer. I don't really understand why such a thing is so hard to revert...
I tried flashing the modem firmware with Flashfire by extracting the FW files from stock ROM, but no success so far. Maybe if i use the PB app and try restoring the partition from there, it would revert back to normal EU band. I'm highly doubtful this works though.
I would appreciate if anyone would make that backup and upload, any other suggestions on how to revert the problem without using fastboot/adb would be appreciated.
Thanks in advance.
Not possible. Get a computer, download whatever brand stock rom, extract the required files and flash it. You can find more information on this in the General section as there are threads regarding stock firmware downloads.
Alright, thanks for the answer. I'm still puzzled as why this is so hard to revert though.
hightechlowlife said:
Alright, thanks for the answer. I'm still puzzled as why this is so hard to revert though.
Click to expand...
Click to collapse
When you flash system it ovewrites the target location and deletes what was previously there. In order to revert it you need to flash the original, and the easiest way to do so is with a computer. If you had made a backup before making changes then you wouldn't be in this situation mate
mazhdini said:
When you flash system it ovewrites the target location and deletes what was previously there. In order to revert it you need to flash the original, and the easiest way to do so is with a computer.
Click to expand...
Click to collapse
I understand, but still, just one click and it lets overwrite such critical information all too easily, if i was a total noob and not knew how to use google i would be very frustrated. Also, it's a bit of a security flaw in disguise IMO. People with bad intentions can just tap the code on the phone, change the band, and there you have it. The owner would have no calls and no idea what has happened. This is something that phone makers or devs need to take in considersation and possibly change it or remove the option alltogether. I understand laypeople are not supposed to mess with these unknown codes, but curiosity won't let us stop doing stupid things.
it's a bit of a security flaw in disguise
Click to expand...
Click to collapse
Do you frequently hand your phone over and let people reprogram it?
It's not a flaw, it's a feature. Not a useful one to the end user, but a feature none the less. That is like blaming an oven manufacturer, or the water company when you burned yourself on boiling water on top of it.
Alright, well i did exaggerate a bit but, still. Too easy to mess up and not so easy to revert is my point. I don't even understand why this feature is available. What purpose does it serve? Who wants to permanently switch to USA band without having an option to switch back to the old one. This is a bit mystical.
Presumably like all of you who have unlocked your bootloader, I am faced each time I boot with the garbage page with random text telling me "my software cannot be checked for corruption". Can anyone tell me where that page is stored (partition or folder) would be thankful for any information.
metpolds said:
Presumably like all of you who have unlocked your bootloader, I am faced each time I boot with the garbage page with random text telling me "my software cannot be checked for corruption". Can anyone tell me where that page is stored (partition or folder) would be thankful for any information.
Click to expand...
Click to collapse
Its not random, and if you look closer its a bootmenu. you can get past it marginally quicker by just tapping power button or use it to boot to recovery, fastboot/bootloader, etc.
And you cannot remove it.
You can go back to b20...
@nujackk and @lafester .. Thanks both of you for your comments. @nujackk I accept that the screen is a way of booting into fastboot mode, I just never used it, before I installed TWRP I always used MiFav Recovery to boot into fastboot. I am presuming that the screen is an integral part of the boot image and I shall continue to try and hunt it down.
@lafester as always lol your comment.
If either of you are interested I am just going to set up a new thread in "Themes Apps and Mods" where I shall post 3 flashable zip boot animations and hopefully in the coming days I will add to them.
metpolds said:
Presumably like all of you who have unlocked your bootloader, I am faced each time I boot with the garbage page with random text telling me "my software cannot be checked for corruption". Can anyone tell me where that page is stored (partition or folder) would be thankful for any information.
Click to expand...
Click to collapse
The screen is part of the bootloader image. I strongly advise you to just live with it since if you screw up the bootloader you're bricked.
Might I suggest you start by looking around in the bootloader unlock zip. Might give you some idea where it is or if it can be removed.
Also look at older list mentioning it, I remember seeing mention of other phones it's been used on, maybe someone has more info in one of those forums.
And I will look for those boot animations. If I can suggest a superman or superAndy would be nice
Good Hunting
metpolds said:
@nujackk and @lafester .. Thanks both of you for your comments. @nujackk I accept that the screen is a way of booting into fastboot mode, I just never used it, before I installed TWRP I always used MiFav Recovery to boot into fastboot. I am presuming that the screen is an integral part of the boot image and I shall continue to try and hunt it down.
@lafester as always lol your comment.
If either of you are interested I am just going to set up a new thread in "Themes Apps and Mods" where I shall post 3 flashable zip boot animations and hopefully in the coming days I will add to them.
Click to expand...
Click to collapse
I know what you are talking about - on older motorola phones we did away with it - it was just a stored image in those phones. Seeing as how here it is a fully functional menu I would bet any attempt to remove or replace it would most definitely brick the phone. I gave up on it a long time ago.
@lafester .. @nujackk .. @bkores .. @tabletalker7 .. Thanks guys for all your comments - I guess my next step eventually, there is no great hurry for this, is to make certain I have a couple of good backups before messing around with disassembling the bootloader and boot image. If I ever get anywhere with this I will let you guys know.
@nujackk I note your comments re the animations. I'm about to add another Andy animation to the thread but have searched in the past for usable Superman material without much success, however I will see what I can find.
Yeah I haven't seen many that were very good either, but keeping hope alive :fingers-crossed:
Hey guys
I was wondering if someone here is still on the V6 version of the security update, if you are you can make the TOT file out of the V20 Sprint model. Whoever has the Z3X box for LG, follow these steps:
1. Start the LG Tools
2. Select H918
3. Select the Port 1 in Workspace, in connection put it to: AndroidNet USB Serial Port
4. Search phone button will find the LS997 model.
5. Select the Firmware Maker on the bottom of the right box
This will make the firmware of the version 6, the one that has the hidden menu for the unlock, since we cannot downgrade, maybe we can try it this way, it creates a TOT file that is flashable through the Z3X software
Does anyone have the box with this version, before it was updated. Because I lost that in the hidden menu the unlock function and now I cant even get signal, having issues wanna downgrade.
If someone has this LS997V6, create the firmware so we can flash it and maybe we can go back to that security update before it was patched, been looking around for it. But I dont have that version or else would have created the file to share.
ayoshidage said:
Hey guys
I was wondering if someone here is still on the V6 version of the security update, if you are you can make the TOT file out of the V20 Sprint model. Whoever has the Z3X box for LG, follow these steps:
1. Start the LG Tools
2. Select H918
3. Select the Port 1 in Workspace, in connection put it to: AndroidNet USB Serial Port
4. Search phone button will find the LS997 model.
5. Select the Firmware Maker on the bottom of the right box
This will make the firmware of the version 6, the one that has the hidden menu for the unlock, since we cannot downgrade, maybe we can try it this way, it creates a TOT file that is flashable through the Z3X software
Does anyone have the box with this version, before it was updated. Because I lost that in the hidden menu the unlock function and now I cant even get signal, having issues wanna downgrade.
If someone has this LS997V6, create the firmware so we can flash it and maybe we can go back to that security update before it was patched, been looking around for it. But I dont have that version or else would have created the file to share.
Click to expand...
Click to collapse
But didn’t antirollback change? If so firmware or not you cannot downgrade
Sent from my iPhone using Tapatalk
hyelton said:
But didn’t antirollback change? If so firmware or not you cannot downgrade
Sent from my iPhone using Tapatalk
Click to expand...
Click to collapse
Yes, but I am currently working on it, but I need that firmware version to see what I can do, because I dont have that, I need someone to make a copy of that from their phone using the methods I have provided for me to do the work on it.
ayoshidage said:
Yes, but I am currently working on it, but I need that firmware version to see what I can do, because I dont have that, I need someone to make a copy of that from their phone using the methods I have provided for me to do the work on it.
Click to expand...
Click to collapse
If antirollback did change, there’s no physical possible way to downgrade. It’s not possible, there’s no way around antirollback.
Sent from my iPhone using Tapatalk
hyelton said:
If antirollback did change, there’s no physical possible way to downgrade. It’s not possible, there’s no way around antirollback.
Sent from my iPhone using Tapatalk
Click to expand...
Click to collapse
There is always a way for everything, keep in mind Samsung did the same thing to prevent downgrading the firmware, I have found a way to downgrade that to the first version installed on the device even if you are on the latest version, but took me a very long time to find the exploit for it. So trust me, when I tell you there is always a way. Would I share that, no I wont, because its my business and my hard work alone. But I am willing to share my work for this project.
What is there to lose, you have a person here willing to work for free, and work on this project to share with the community.
ayoshidage said:
There is always a way for everything, keep in mind Samsung did the same thing to prevent downgrading the firmware, I have found a way to downgrade that to the first version installed on the device even if you are on the latest version, but took me a very long time to find the exploit for it. So trust me, when I tell you there is always a way. Would I share that, no I wont, because its my business and my hard work alone. But I am willing to share my work for this project.
What is there to lose, you have a person here willing to work for free, and work on this project to share with the community.
Click to expand...
Click to collapse
Yeah nothing to loose .
Here’s a good post on it. https://forum.xda-developers.com/showpost.php?p=73206763&postcount=3
Here is a post from another thread:
“In short: the ARB is implemented in the bootloader and to be more clear in the certificates within. There is 100% no chance to change this other then when you break the signature algo or find a bug in the implementation”
Good luck, If you get anything be sure to post updates!
Without being able to inject code between the CPU and the NAND, it can't be done. I would LOVE to be proven wrong, but here is a quick overview:
The PBL is located in QFPROM on the CPU. ARB is located in QFPROM on the CPU. The RSA key is located in QFPROM on the CPU.
When you power on the phone, the PBL loads XBL and checks the ARB version. If it is less than what is burned into the CPU, it goes into 9008 mode. It also use the RSA key to verify the signature of XBL. If it is modified -- 9008 mode.
When a phone successfully loads XBL that has a greater ARB version than what is burned into the CPU, it immediately burns the greater ARB version into the CPU.
So there are a couple of attack vectors:
1 - Have some cool hardware that can read the RSA key from the CPU and try and brute force the RSA cert with the key and the sig.
2 - Have some cool hardware that can do a MITM attack on the CPU and NAND replying with a valid return so that the CPU will boot no matter what is on the NAND.
Good luck, I will be following this closely....
-- Brian
runningnak3d said:
Without being able to inject code between the CPU and the NAND, it can't be done. I would LOVE to be proven wrong, but here is a quick overview:
The PBL is located in QFPROM on the CPU. ARB is located in QFPROM on the CPU. The RSA key is located in QFPROM on the CPU.
When you power on the phone, the PBL loads XBL and checks the ARB version. If it is less than what is burned into the CPU, it goes into 9008 mode. It also use the RSA key to verify the signature of XBL. If it is modified -- 9008 mode.
When a phone successfully loads XBL that has a greater ARB version than what is burned into the CPU, it immediately burns the greater ARB version into the CPU.
So there are a couple of attack vectors:
1 - Have some cool hardware that can read the RSA key from the CPU and try and brute force the RSA cert with the key and the sig.
2 - Have some cool hardware that can do a MITM attack on the CPU and NAND replying with a valid return so that the CPU will boot no matter what is on the NAND.
Good luck, I will be following this closely....
-- Brian
Click to expand...
Click to collapse
Hi Brian
Thank you for all the information and all the input, I am gonna try to see what I can do from my end, my issue is this, before the update was patched from the hidden menu. This is the problem that has occured. Before the update, when I got this phone, was running on V6, I believe that was the last version that supported the HiddenMenu.apk, that you were able to change production to lab mode. Now since the mistake I did in updating the security software that has been patched and because of it. I have very weak signal and now also the 4G is gone. Before the update, I had full signal bars and 4G service. Now the bars come and go with the data connected. The phone was unlocked this method (temp method) and then was unlocked using Octopus after the update.
These are the issues:
1. The signal bars goes up and down to 0 and goes up again, I am in a very strong signal area.
2. The 4G was working but not the greatest speeds, was doing like 4-8MB a sec down and 0.1Kbs upload. Which is terrible.
I tried Resetting the Security via box and now the 4G is gone and data. Calls are working but same signal issues.
The issue is I know sprint uses the CDMA technologly, and where I am its GSM network, but my service uses WCDMA because it runs on the AWS network 1700/2100. The problem is this. I can get the HiddenMenu to work again, but that special section in the old version does not exist anymore because it has been patched in the new security update.
I am also able to get in to the band selection, AWS and all other bands are there, but the issue is if you select AWS it says FAILED to connect on any band except on AUTO, so this is why I wanted to have the old version extracted on the version 6, so that I could work on it, since Sprint does not have firmware files you can flash.
So this is the problem. Very stupid the way they did this firmware method OVER THE AIR method. The funny thing is that the it supports all the bands that the GSM supports here and the UMTS.
I just want to get this phone back to full bars with the data restored and have the full speed I had when I did the temp fix, but real solution. I know maybe I can flash a custom rom, but I dont know how reliable that is and if it will resolve the issue.
Whats your input on all of this?
Those issues your having are typical issues of using a sprint device on another carrier. Only fix is flashing a different model firmware which won’t ever be possible for the Sprint model. Never rely on a sprint device unless your using it on sprint.
Sent from my iPhone using Tapatalk
Yes I'm aware of these things of Sprint after finding out. But the weird thing is I never had an issue after that fix for the hidden menu patch that unlocks it when out into lab mode and specifying the APN. Never had a dropped signal once or data. This issued occured after the update. This is my first time owning an Sprint phone so I didn't know there were no firmware which is why I wanted to work on this project.
They say the workround is flashing a DirtySanta ROM. But then again if you fladh that rom would u have those old options back in hidden menu and would it fix the issue. That's the real question.
I am also aware that since you unlock the bootloader and lock it again you can brick the device. Luckly I have made a tot of my whole system firmware image latest version.
What's the best approach to getting this back to working state. My network runs on WCDMA that's why AWS is needed.
Just want to know how to get this working...
> would i share that, no i wont, its my hard work alone ...
>i need someone to ...
I see a hiccup in the reasoning here.
Best of luck. Development on this device came to a screeching halt when ARB hit.r
elijah420 said:
> would i share that, no i wont, its my hard work alone ...
>i need someone to ...
I see a hiccup in the reasoning here.
Best of luck. Development on this device came to a screeching halt when ARB hit.r
Click to expand...
Click to collapse
That's phrase is for the Samsung exploit. Not LG two different phones and companies.
If nobody cares to share that firmware version to extract no worries I won't work on it. Worst comes to worst I'll sell the phone that's all.
Good luck finding a way to do it yourself then. Dont questions others people work when you don't know what skills they have in the mobile field.
Thanks for everyone else for their input.
ayoshidage said:
That's phrase is for the Samsung exploit. Not LG two different phones and companies.
If nobody cares to share that firmware version to extract no worries I won't work on it. Worst comes to worst I'll sell the phone that's all.
Good luck finding a way to do it yourself then. Dont questions others people work when you don't know what skills they have in the mobile field.
Thanks for everyone else for their input.
Click to expand...
Click to collapse
Well thank you, but you fail to understand something very basic here. While there may have been a question mark in there somewhere, in no way was your request a request. It was rather demanding. You demanded someone do something for you, with no reciprocity from you. I think attitudes like that tend to rankle rather than disarm.
As far as the last bit of your snarky comment - bear this in mind - I'm not the one looking for a 'way to do it myself'.
Again, best of luck.
elijah420 said:
Well thank you, but you fail to understand something very basic here. While there may have been a question mark in there somewhere, in no way was your request a request. It was rather demanding. You demanded someone do something for you, with no reciprocity from you. I think attitudes like that tend to rankle rather than disarm.
As far as the last bit of your snarky comment - bear this in mind - I'm not the one looking for a 'way to do it myself'.
Again, best of luck.
Click to expand...
Click to collapse
Thanks for you reply, but I dont think you understood the meaning of what request means? Request means " an act of asking politely or formally for something" I think you should understand what the meaning of request means before commenting no sense. Also I didn't demand someone, I was asking if someone had a dump file or if someone could create a dump file for me to work on the project. I am here to help people out to find solutions, you are here for the purpose of starting rant on the forums. By no means, this was demand or any sort of order in bossing people around. But its all good, I dont have the phone anymore, so no need to work on it anymore, have a great day.
Thanks.
I thought I had 2 pictures. Anyway I'm thinking maybe we can do something with this. I'm going to reread the thread where the retail fowlkes use Verizon ROMs and keep root.. if be tucked to death if we could manage to get root. I'm probably naive but I'll tell you how I got there.. by accident.
I rebooted holding down volume down and power. This takes you to some kind of mode, download maybe, here you use the volume keys to select recovery. It will reboot and a Droid will be in the middle of the screen. From here it seems like your stuck,,. Here you hold volume up and power for a while and when you let go BAM a clockworkmod type recovery. Sort of like the old Droid X.
What do you think?
That's always been there
I used that 2 recover my phone (after forgetting my login password) about 1 month ago.
Thanks. Shew damn. I figured someone had already found it but I hadn't seen anything about it. I hadn't looked either lol.
****. Since Verizon sent me another phone when mine wouldn't update, then they're wouldn't, I'm taking OTA, and using their windows based app.
So I'm guessing even if I extract boot.img from a system image and magisk. Even if I could put it back, the locked bootloader would prevent it working. Or is there bootloader contained in boot.img.
I always thought the bootloader was something like Lilo or grub I'm Linux..
Damn hahahaha
Thanks. Shew damn. I figured someone had already found it but I hadn't seen anything about it. I hadn't looked either lol.
****. Since Verizon sent me another phone when mine wouldn't update, then they're wouldn't, I'm taking OTA, and using their windows based app.
So I'm guessing even if I extract boot.img from a system image and magisk. Even if I could put it back, the locked bootloader would prevent it working. Or is there bootloader contained in boot.img.
I always thought the bootloader was something like Lilo or grub I'm Linux..
Damn hahahaha
I should have mentioned that I am NOT Rooted By the way & my Boot Loader is Locked.
Yeah I'd give my left testicle for root. I understand it's a security flaw,. I don't believe so, someone (the owner ) should have the ability to do whatever to their phones. I will love to run microg I'm thinking about going back to my old S5 just for a custom ROM just to be able to get those microg going and get rid of all the crap on phones these days. Even as lightweight as the motoz4 is compared to something from Samsung it's still got all that Qualcomm **** too
Hello! So this may be a long post, but I don't give a heck. Also, when I say hackers, I mean In a good way, like white hats. So, here is my first inquiry. How do people even find these exploits to put in the root binary? I've read articals about people intentionally crashing devices, which then puts it in a state vulnerable enough to bruteforce the binary in (At least that's what I thought...) I know that android is also based off of java, (Once again, an assumption) and I wonder where and how people get these ideas.
My second question is, As I haven't been able to find anything of this, aren't apps installed into portions of a phone where the normal user isnt able to touch on phones without root? Again, a newbie assumption.
So anyways, I am pretty interested in android development and rooting/custom code/bootloaders, and I'm not to keen on the subject.
I am also pretty bad at understand android right now, sooo, you can laugh at me if you want :silly:
Also I don't know if this is in the right thread
Alright, so I'm not sure about this, but I was thinking about what happened yesterday, and I thought about when I accidentally flashed the wrong CP file in Odin, and then when I tried to boot it, it gave me the "An error has occurred whilst the phone was updating. Please launch the Verizon Software Assistant". I also realized very quickly, that this is just the download screen without the extra information in the top right, and also realized that the download bar shows up also when you use Odin.
To give you my real question, I want to know if the Software Assistant uses any other method that isn't using Odin, and that if that is so, If you could maybe modify where it gets the flashing files to flash files onto the phone, without the phone realizing that they aren't official files?
To also be honest, I'm not an exploit finder, and maybe other people have thought of this, but eh, why not try and ask people about it? :good:
also I don't know if the phone itself will check those files....
also here is the zip with the Software Assistant.
Click here for the Assistant.