So Ive been trying to root v20 for some time now. Ive followed instructions up to point of step 4. I type in terminal emulator applypatch /system/bin/atd /storage/emulated/0/dirtysanta. Nothing happens
Next it reads
Filenames may be of the form
MTD:<partition>:<len_1>:<sha1_1>:<len_2>:<sha1_2>:...
to specify reading from or writing to an MTD partition.
Have I done something wrong? Has something changed? any help would be greatly appreciated.
You are patched. No root for you.
ZV5 or earlier only.
Lg v20 vs995
So I"ve been trying to root v20 for some time now. I've followed instructions up to point of step 4. I type in terminal emulator applypatch /system/bin/atd /storage/emulated/0/dirtysanta. Nothing happens
Next it reads
Filenames may be of the form
MTD:<partition>:<len_1>:<sha1_1>:<len_2>:<sha1_2>: ...
to specify reading from or writing to an MTD partition.
I've tried it alot of times again and again but it says same all the time
Please help me
Roll back to a version that has the December 2016 security patch or earlier. There are several threads around here that tell you what version you need to be on (heck I wrote one of them) -- search is your friend.
-- Brian
runningnak3d said:
Roll back to a version that has the December 2016 security patch or earlier. There are several threads around here that tell you what version you need to be on (heck I wrote one of them) -- search is your friend.
-- Brian
Click to expand...
Click to collapse
Can I roll back from ZVD? I SEARCHE AND COULDN'T FIND ANYTHING. Multiple sources have told me its impossible.
rayulove69 said:
Can I roll back from ZVD? I SEARCHE AND COULDN'T FIND ANYTHING. Multiple sources have told me its impossible.
Click to expand...
Click to collapse
No you can't roll back and if you try anyway you will brick. Theres basically no hope of post zv7 ls997 getting rooted ever
runningnak3d said:
It has been confirmed that If you have the engineering bootloader, AND have a fusing device (which AFAIK all LS997 are), AND install firmware that is ARB 1 or greater, it will brick your phone.
If you are ARB 1 or greater, and install the eng. bootloader -- brick.
When I was doing testing on ARB and the engineering bootloader, I was doing it on a non-fusing device, so my results are null and void.
So, we need a method of unlocking the production bootloader -- and there is, just not the LS997 aboot. It would require flashing either the H915 or US996 aboot, and you can't do that due to ARB.
Unless an engineering aboot leaks that is ARB 1 or an engineering boot leaks that has dm-verity disabled, or a flaw is found in the current aboot, I do not see the LS997 getting root.
EDIT: not trying to keep too much hope alive, but if when Oreo is released, they increment ARB on either the H915 or US996 and DON'T increment it on the LS997, then you would be able to flash either aboot and root....
-- Brian
Click to expand...
Click to collapse
Related
Just a heads up for everyone developing, ZV5 doesn't allow rollback and there isnt a zv5 tot available yet. So probably not a good idea to update until we get root.
And what is your base for this?
Warboy said:
And what is your base for this?
Click to expand...
Click to collapse
There's apparently a flag set in the new firmware that prevents rolling back.
It was discovered while attempting to test a root method that involved a modified ZV4-based image, on a phone that was updated to zv5.
Warboy said:
And what is your base for this?
Click to expand...
Click to collapse
http://forum.xda-developers.com/sprint-lg-g5/development/request-zv5-tot-t3433674
This explains a bit.
I highly doubt this is the case, and it's something we can't do right now with the limited tools we have.
Nothing out of the ordinary, the G4 LS991 was the same way - had Anti-Rollback after LS991 ZVA version.
Just as a note, i have tried using the 'Send_Command' trick @ 9% with LGUP on the G5 like we did on the G4 (see my sig), but something has been patched and now entering anything at the root prompt, says 'Hello, I am LAF nice to meet you!'. This means no DD commands will work to pull the system image, modify then put back like we did on G4.
We will have to wait for another trick.
If you have a v20 that has ARB 0, and are on a security patch greater than Dec 2016, I can help you root it if you want. The model doesn't matter, but it must be on ARB 0
To find your ARB, on the keypad dial: *#LGMENU#*model#
So for example, a H990: *#LGMENU#*990#
Choose SVC Menu then choose Version and scroll to the bottom. You will see Anti-Rollback Version.
Also, please include your model and current firmware version.
If you are ARB 0, and you have a KDZ for your model:
US996 (unlocked or US Cellular) KDZ
VS995 KDZ
H915 KDZ
H918 KDZ
H990(DS / N / T) KDZ
F800 (S / K / L) KDZ
Grab the patched LG UP, and before starting use the DUMP option to dump your current firmware (select ALL partitions). You will need it if there wasn't an exact KDZ for your phone. Not to mention that it makes it real easy to get back to the firmware you are on.
Download the KDZ for your model, flash it with LG UP (use partition DL mode), and then you can then root with dirtycow -- use the method that is specific for your model.
That leaves:
H910 - I already made a post for this model here.
LS997 - The post for the LS997 (up to and including ZV7, but NOT ZV8 or above) is here.
If you don't know what you are doing, send me a PM *BEFORE* you start. For example, the H990 can use the firmware from the other models, but everything may not work until you get the proper firmware back onto the phone.
If you have an H918 and are on 10p or later (ARB 1+), then you can use lafsploit 1.0
-- Brian
ARB 0
runningnak3d said:
The model doesn't matter, but it must be on ARB 0
-- Brian
Click to expand...
Click to collapse
I have ARB 0, how can I do this?
What do you think about a US Cellular V20? April 2017 security patch, software US99610h, build NRD90M.
Trying to figure out if it is still possible to root this thing, and what the optimal way is. Thanks for any help!
I have arb 2 on zv9 on my second ls997
ABR 1
@JerichoAbles You have to be willing to factory reset your phone. Unfortunately we need some files off of it before it ever boots. I will update the first post with that bit of info. If you are OK with that, I will post the full details when I am back at a PC. @TFKt44 The version, and security patch don't matter. The ARB version does. I don't know what ARB version us996 10h is. You will have to look.
For you folks on ARB 1 or 2, sorry, your carrier effed you good.
It will be possible to root ARB > 0 ... but that will take some time.
runningnak3d said:
@JerichoAbles You have to be willing to factory reset your phone. Unfortunately we need some files off of it before it ever boots. I will update the first post with that bit of info. If you are OK with that, I will post the full details when I am back at a PC. @TFKt44 The version, and security patch don't matter. The ARB version does. I don't know what ARB version us996 10h is. You will have to look.
For you folks on ARB 1 or 2, sorry, your carrier effed you good.
It will be possible to root ARB > 0 ... but that will take some time.
Click to expand...
Click to collapse
Yeah, I am abr01
Sent from my LG V20 using XDA Labs
runningnak3d said:
@JerichoAbles You have to be willing to factory reset your phone. Unfortunately we need some files off of it before it ever boots. I will update the first post with that bit of info. If you are OK with that, I will post the full details when I am back at a PC. @TFKt44 The version, and security patch don't matter. The ARB version does. I don't know what ARB version us996 10h is. You will have to look.
For you folks on ARB 1 or 2, sorry, your carrier effed you good.
It will be possible to root ARB > 0 ... but that will take some time.
Click to expand...
Click to collapse
My ARB is 0. Should've put that in my initial post.
@TKFT44 Yours is easy. There are two models of US996, the unlocked, and the US Cellular. You can flash either, but your phone may not be able to make calls if you flash the wrong one. Lucky for you, there are KDZs for both, so fixing your phone after it is rooted is a no brainer. Flash this. It is a KDZ for the unlocked US996 version that is still rootable. After you get your phone rooted, you can switch back to the 10h firmware manually, so that you keep root -- and then your modem will work. If you need step by step instructions, send me a PM.
Actually, I am pulling both down just to make sure that LG didn't use a different RSA key. That would brick your phone. I will send you a PM and let you know if it is safe.
As for everyone else. Please include:
Model
ARB version (even if it is > 0)
Current firmware version
I may not be able to help you right now, but if I don't have all of that info, I can't even try.
runningnak3d said:
Actually, I am pulling both down just to make sure that LG didn't use a different RSA key. That would brick your phone. I will send you a PM and let you know if it is safe.
Click to expand...
Click to collapse
I previously flashed an unlocked 996 on my usc v20 and it worked fine it was just a little wonky but it was safe
okay I tried flashing with DirtyElf but when I get to the factory reset part it still gives me the triangle and no boot how can I reflash
Mine is:
H990ds
ARB Version 0
Software Version H990ds10g-IDN-XX
I don't even get a menu to pop up or anything.
@JerichoAbles You flashed the 10f KDZ and then followed DirtyElf?
@myisn Yours is easy as well, you have a KDZ: link. Flash it, and then root with the standard H990DS root procedure. Then if you want to upgrade to the latest firmware, you can do it manually and keep root. Again, I will be glad to help with that part.
Help rooting
I have an unlocked US996 (non US Cellular) V20 with the December 2016 patch (no surprise there). I understand the device is rootable and that I can get more recent patches by rooting it, but even reading up on the subject I don't feel confident that I have the knowledge and background to do so.
For instance are we talking about entering *#LGMENU#*996# on the dialer keypad?
---------- Post added at 04:03 PM ---------- Previous post was at 03:56 PM ----------
I might add that I can't enter alphabetical characters on the dialer keypad.
SFrsfair said:
I have an unlocked US996 (non US Cellular) V20 with the December 2016 patch (no surprise there). I understand the device is rootable and that I can get more recent patches by rooting it, but even reading up on the subject I don't feel confident that I have the knowledge and background to do so.
For instance are we talking about entering *#LGMENU#*996# on the dialer keypad?
---------- Post added at 04:03 PM ---------- Previous post was at 03:56 PM ----------
I might add that I can't enter alphabetical characters on the dialer keypad.
Click to expand...
Click to collapse
that's not how it works, you type the numbers that correspond with the alphabetical letters, Also, you can just unlock your bootloader at developer.lge.com
---------- Post added at 07:03 PM ---------- Previous post was at 07:01 PM ----------
runningnak3d said:
@JerichoAbles You flashed the 10f KDZ and then followed DirtyElf?
Click to expand...
Click to collapse
Yes, but after the fastboot part I never took the battery out so I think the permissions disappeared but I can't reflash I don't know how please help
What happens when you try to enter download mode?
runningnak3d said:
What happens when you try to enter download mode?
Click to expand...
Click to collapse
Well originally it wouldn't work but it's become apparent to me that it was because my phone did not have enough charge because the corrupt triangle and charging from my computer would not work but I'll try again and get back to you
Yea, you have to make sure your phone is charged good, it disables charging when certain events are triggered, and I don't have a full list of them, so when you are flashing always make sure you have a full charge. If your phone dies part way through flashing part of the boot loader .... there is no fixing that right now. Luckily your phone is responding, so you should be OK.
Okay so I did everything right this time, but now it's not sending me to twrp, it's just booting like normal
Hi all,
I was downgrading to root my lv v20 to older firmware (used lgup) and now my phone wont boot up. No LG logo. nothing... and no its not the battery. lol.. any ideas? I'm still under the 1yr warranty period so I might send it.. What's weird is that I used this method before without any issues..
what version were you at before trying to downgrade?
dimm0k said:
what version were you at before trying to downgrade?
Click to expand...
Click to collapse
10j...
You didn't need to downgrade 10j -- it was rootable.
Something must have happened while the phone was flashing, and either the XBL or ABOOT didn't get written (LG UP erases before it writes), and now you have a brick that only LG can fix.
If you have a warranty with either your carrier, or the phone is still covered by LG, open an RMA. Unfortunately, there is no way to fix that for the average person anymore -- booting from SD card has been pulled.
-- Brian
runningnak3d said:
You didn't need to downgrade 10j -- it was rootable.
Something must have happened while the phone was flashing, and either the XBL or ABOOT didn't get written (LG UP erases before it writes), and now you have a brick that only LG can fix.
If you have a warranty with either your carrier, or the phone is still covered by LG, open an RMA. Unfortunately, there is no way to fix that for the average person anymore -- booting from SD card has been pulled.
-- Brian
Click to expand...
Click to collapse
o wait.. i wasnt on 10j.. i was downgrading to 10j... I was on 10p i believe.. but yea.. i called t-mobile.. i still had 1yr warranty.. (i think it ends mid dec)..
You got bit by ARB (anti-rollback). 10p is ARB version 1, 10j is ARB version 0.
-- Brian
runningnak3d said:
You got bit by ARB (anti-rollback). 10p is ARB version 1, 10j is ARB version 0.
-- Brian
Click to expand...
Click to collapse
suck a duck.. didnt even think that was an option.. well, lucky i still had warranty..
Hi, i hope this is the right forum, i am a noobie at LG flashing, been reading some, but it is a little confusing (coming from Oneplus One), so i bought an LG V20 - US996, and i thought i could unlock the bootloader via LG Developers website, so i started the process, install drivers, follow the instructions, etc. then when i submitted IMEI and device id i got an error, message, stating :your device (TEST_GPIN) does not support unlocking bootloader", i emailed LG with the question but still no answer, so i did a little research and found out that my phone is a demo unit or something like it. on the inside sticker it says "not for sale" the model on the sticker is US996. i have attached some screens that show software versions etc.
so basically i would like to know if anyone knows if i am out of luck and cant unlock the bootloader to flash twrp and root, or if it can be done, and point me in the right direction, any help will be greatly appreciated.
i obviously would not want to brick my device, but am willing to try to unlock if possible.
thanks.
That's very interesting. Wondering if that's the model the debug bootloader was pulled from to root the US carrier v20's. I'm not an expert in this but have you tried to flash the us99610f (Dec 1 2016 sec patch) kdz using LG UP. That should put you on official LG firmware that is still rootable. The kdz will flash every piece of firmware getting you off of that demo firmware. From there you could try to unlock the bootloader again using LGs website, or worst case use dirtysanta to root the phone if you wish. There's a hacked lgup thread somewhere in the guide section that should do the trick.
thanks toastyp, i will download 10f, and look for the hacked lgup.
rluque35 said:
thanks toastyp, i will download 10f, and look for the hacked lgup.
Click to expand...
Click to collapse
Here's the link just in case
https://www.google.com/amp/s/forum....e-patch-lgup-to-unlock-features-t3652222/amp/
thanks guys, i used LGUP from Prowler_gr thread https://forum.xda-developers.com/v20/how-to/guide-patch-lgup-to-unlock-features-t3652222/page8 Thanks by the way.
downloaded 10f, and flashed with LGUP, no i have a fully working US996 (not demo version) at US99610f, i will keep reading so i can do the bootloader unlock and root.
thanks again for your help
rluque35 said:
thanks guys, i used LGUP from Prowler_gr thread https://forum.xda-developers.com/v20/how-to/guide-patch-lgup-to-unlock-features-t3652222/page8 Thanks by the way.
downloaded 10f, and flashed with LGUP, no i have a fully working US996 (not demo version) at US99610f, i will keep reading so i can do the bootloader unlock and root.
thanks again for your help
Click to expand...
Click to collapse
Glad everything worked for you. I would try to root using LGs official unlock.bin method as it will be the easiest way to root the phone. Plus you get to keep your stock bootloader which is potentially helpful in the event LG implements ARB on the us996. If it still doesn't work you can try the dirty elf thread. I believe it's the dirtysanta method for the us996. This process will flash a debug bootloader with full fastboot commands that is unlocked. From there you can flash twrp normally.
https://www.google.com/amp/s/forum....0-h915us996-dirtyelf-bootloader-t3568013/amp/
thanks toastyp, LG official unlock still not working, as i guess the IMEI is still recognized as from a demo unit, i will try dirty elf method, might take a while since my home pc just died (mobo or cpu) anyway , as soon as i can i will try it.
thanks.
Planning to get a refurbed V20 H910.
Can this phone be rooted and bootloader unlocked and TWRP installed??
I read something that this ARB will prevent some or all of these things.
Even having read every thing I am still VERY confused. Thanks.
boowho said:
Planning to get a refurbed V20 H910.
Can this phone be rooted and bootloader unlocked and TWRP installed??
I read something that this ARB will prevent some or all of these things.
Even having read every thing I am still VERY confused. Thanks.
Click to expand...
Click to collapse
Start here - https://r.tapatalk.com/shareLink?ur...share_tid=3664500&share_fid=3793&share_type=t
All H910 are ARB - 0
Sent from my PH-1 using Tapatalk
ARB is LG's implementation of Anti-rollback protection. At a low level, it involves blowing a fuse on the SoC (not as violent as it sounds) when x software version is installed, preventing rollback to an earlier version.
For one or two variants, going past stock v10p (I think) triggers ARB to be incremented to 1 from 0, meaning they can't go back to any stock version earlier than said 10p or a custom ROM that's aware of ARB being tripped.
The linked thread above is a good place to start.
clsA said:
Start here - https://r.tapatalk.com/shareLink?ur...share_tid=3664500&share_fid=3793&share_type=t
All H910 are ARB - 0
Sent from my PH-1 using Tapatalk
Click to expand...
Click to collapse
ALL H910 ARB = 0 Does that mean I don't have to be concerned with it? I may want to UN-root and relock the BL in the future?
clsA said:
Start here - https://r.tapatalk.com/shareLink?ur...share_tid=3664500&share_fid=3793&share_type=t
All H910 are ARB - 0
Sent from my PH-1 using Tapatalk
Click to expand...
Click to collapse
Redline said:
ARB is LG's implementation of Anti-rollback protection. At a low level, it involves blowing a fuse on the SoC (not as violent as it sounds) when x software version is installed, preventing rollback to an earlier version.
For one or two variants, going past stock v10p (I think) triggers ARB to be incremented to 1 from 0, meaning they can't go back to any stock version earlier than said 10p or a custom ROM that's aware of ARB being tripped.
The linked thread above is a good place to start.
Click to expand...
Click to collapse
Thanks.
boowho said:
ALL H910 ARB = 0 Does that mean I don't have to be concerned with it? I may want to UN-root and relock the BL in the future?
Click to expand...
Click to collapse
No problems.
Correct. No need to worry about it on any ARB = 0 variants.
Redline said:
No problems.
Correct. No need to worry about it on any ARB = 0 variants.
Click to expand...
Click to collapse
Thanks.
Still issues.
The phone arrived today and though it was advertised as UNLOCKED, it is AT&T branded.
As a result of AT&T fooling further with their mods I cannot get into recovery mode using the normal VOL DN + POWER button combination.
Any way to get past the AT&T crap so as to unlock BL, install TWRP and root this phone??
Or am I just screwed??
Boowho??
boowho said:
The phone arrived today and though it was advertised as UNLOCKED, it is AT&T branded.
As a result of AT&T fooling further with their mods I cannot get into recovery mode using the normal VOL DN + POWER button combination.
Any way to get past the AT&T crap so as to unlock BL, install TWRP and root this phone??
Or am I just screwed??
Boowho??
Click to expand...
Click to collapse
Doing a quick search online would tell you the H910 is an AT&T branded V20 variant. You'd want something like the H990DS or the US996 which is unlocked for the US market (someone correct me if I'm wrong with this one).
Doing a quick search on the V20 forums will show you multiple guides to get started if you intend to stick with the H910.
Specifically, the DirtySanta bootloader unlock & root guide is what I'd recommend.
Following that will get you on the road to a custom ROM.
If ADB Debugging is enabled and you have ADB installed on your PC, you can plug the phone in and do 'adb reboot recovery' from your computer which will reboot the phone to recovery.
Redline said:
Doing a quick search online would tell you the H910 is an AT&T branded V20 variant. You'd want something like the H990DS or the US996 which is unlocked for the US market (someone correct me if I'm wrong with this one).
Doing a quick search on the V20 forums will show you multiple guides to get started if you intend to stick with the H910.
Specifically, the DirtySanta bootloader unlock & root guide is what I'd recommend.
Following that will get you on the road to a custom ROM.
If ADB Debugging is enabled and you have ADB installed on your PC, you can plug the phone in and do 'adb reboot recovery' from your computer which will reboot the phone to recovery.
Click to expand...
Click to collapse
Dirty santa will only work if his security patch level is prior to Dec 2016, which is doubtful, and you can't downgrade as there are no kdz for the 910
Sent from my LG-H910 using XDA Labs
Well, even though I thought I did, I apparently didn't do my homework well enough.
I can get it into Download mode, but then it just sits there expecting an update. I assume LGUP or something similar needs to be on my PC, right??
Maybe I can salvage this thing yet.
But maybe the EBay seller may be willing for a return; hopefully. Either way I'd be happy.
Changed to US996
I've been able to swap the H910 for a US996. I found it interesting that the bootloader and download screens were exactly the same, since I thought this lock out was done by AT&T.
But I have the same question as before. Will the US996 phone have the ARB = 0 or otherwise??
Then, assuming I decide to unlock BL, install TWRP and root are any certain methods better than others? I't appears to me that there have been more than one technique posted here.
The phone is used so has no warranty from LG, so I figured on using LG's own procedure to unlock BL. Good idea -Bad idea??
Obviously, I don't want to brick this device. I've hacked my old Zenfone 2 until it was "exhaused" and I'd know my way around that phone in the dark.
But I'm breaking all new ground with the V20
Thanks.
Boowho??
H910, H915, VS995 and US996 are identical devices and fully cross-flashable. Use the patched LGUP to flash a US996 KDZ onto the phone, and you'll have an unlocked phone
boowho said:
I've been able to swap the H910 for a US996. I found it interesting that the bootloader and download screens were exactly the same, since I thought this lock out was done by AT&T.
But I have the same question as before. Will the US996 phone have the ARB = 0 or otherwise??
Then, assuming I decide to unlock BL, install TWRP and root are any certain methods better than others? I't appears to me that there have been more than one technique posted here.
The phone is used so has no warranty from LG, so I figured on using LG's own procedure to unlock BL. Good idea -Bad idea??
Obviously, I don't want to brick this device. I've hacked my old Zenfone 2 until it was "exhaused" and I'd know my way around that phone in the dark.
But I'm breaking all new ground with the V20
Thanks.
Boowho??
Click to expand...
Click to collapse
The 996 is arb0
Sent from my LG-H910 using XDA Labs
boowho said:
I've been able to swap the H910 for a US996. I found it interesting that the bootloader and download screens were exactly the same, since I thought this lock out was done by AT&T.
But I have the same question as before. Will the US996 phone have the ARB = 0 or otherwise??
Then, assuming I decide to unlock BL, install TWRP and root are any certain methods better than others? I't appears to me that there have been more than one technique posted here.
The phone is used so has no warranty from LG, so I figured on using LG's own procedure to unlock BL. Good idea -Bad idea??
Obviously, I don't want to brick this device. I've hacked my old Zenfone 2 until it was "exhaused" and I'd know my way around that phone in the dark.
But I'm breaking all new ground with the V20
Thanks.
Boowho??
Click to expand...
Click to collapse
995,996 and 910 does not have arb 1 now,and even you brick your v20, in most case you can unbrick it in 9008 mode