vs986 & ls991 - FirehoseProgrammer, Raw, & Patch - for - QFIL & QPST - G4 General

These are the Folders & Files I used in the DE-HARD-BRICKING of the Verizon variant of the LG G4. The word out on the streets is that plenty of infected Qualcomm tools have been floating around, so I decided to share with the XDA community, as far as I know, the most recent and infection free versions that really work. I can feel for the ethical hackers out here that need to get things done with the peice of sound mind that there is nothing involved that may risk their machines security or waste time with tweaked versions that wont work for some reason or other. About the Firehose, Raw, & Patch... These are THEE ones for vs986 & ls991. I DO NOT KNOW if they will work with any other variants, although, I SUSPECT that they may work with all G4's. On the other hand . . . they very well may not. AGAIN, I DO NOT KNOW. Only vs986 & ls991 are confirmed. I am looking for HardBricked G4 owners to use these with non-confirmed variants to establish a consensus of statistics to universally root the G5 using Qualcomm Utilities. I know, Iknow. eMMc & UFS are different, Bro. BLAH! Blah! BlAh! I'm only asking for volunteers whom have a G4 in the 9008 coma and have nothing to loose. If somebody knows something that I don't, that can convince me I'm wasting my time, I am open to "practical reason". or if somebody knows that these DO WORK for all G4 models on all Android LP & MM, then this I'd also like to know also. Misdirection shan't be tolerated. MY un-bricking method is posted here
DriverPack>https://drive.google.com/file/d/0B41ACD_ESYnHQU1qSnVlVXhORjA/view?usp=sharing
G4BootRepair>https://drive.google.com/file/d/0B41ACD_ESYnHQy1sY0paaWYwQUU/view?usp=sharing
method>https://forum.xda-developers.com/g4/help/lg-g4-vs986-super-hard-brick-unbrick-fw-t3666784
QPST>https://drive.google.com/file/d/0B41ACD_ESYnHemxoOEdGVFVOVUE/view?usp=sharing
QFIL>https://drive.google.com/file/d/0B41ACD_ESYnHRG4ta2ZZMFVtcW8/view?usp=sharing
Driver Enforcement>https://drive.google.com/file/d/0B41ACD_ESYnHWWY4Rm1GelZZZ2c/view?usp=sharing
I'll be putting together a more detailed tut. if I feelm it's needed. but for now I'm assuming most of us are pretty far along. A big thank You to TheMadScientist for being the first volunteer of the G5. MODs , if this needs to be moved feel free.

CAN'T FORGET TO MENTION THIS GREAT WORK OF ART https://forum.xda-developers.com/showthread.php?t=2600575 & * USE BOARD_DIAG-2.99 FOR TOTS

There are things which are important when it comes to using this method
first of all there are no infected files out there. at least none I'm aware of and you can believe me I know a little about this topic.
the next thing is that it highly depends on what files you are using because they are device specific! I don't say they would not work though but they will make your phone a different one.
there is NO universal one package available to unbrick all device models with the same files! This is just imposssible.
There is one method available which is able to convert any G4 and for this just check my PoC thread in the G4 forum.
It's not possible to make all this without device specific files because you flash parts of the bootloader stack and those are always device specific.
I haven't looked into your files here yet but when they work for both device models then your files are converting ones which means either it will convert to ls991 or it will convert to vs986 depending on what files you have. I strongly believe you have those for the ls991.
I can say that I have all of them and I investigated then in deep.
There are some rare for ex for the H815 which work without converting and without blowing the fuses. But there some named as h815 but containing converting to ls991.
Keep in mind that converting a device this way may be irreversible depending on the files used.
If you blow efuses you're lost and its not possible to have your previous device model back again. Well ok when you buy a new mainboard then.. But that's the only way.
I just want to warn users especially bc I'm working on a safe way for converting a device forward and backwards.
When you have a vs986 and used that method: you should bring your device in fastboot mode. Check the serial. Does it starts with LGLS991....? Then you converted the device.
sfX
Sent from my LG-H815 using XDA Labs

Well put.I agree with every thing you mention. Although the end result I'm achieving is download mode to flash the correct FW that matches the board. This is why I only use the files related to laf and take notice that I am not including the boot.IMG because that would essentially be a game changer like you said. I personally am not interested in converting carrier variants.

I'd like to add, I have personally used these firehouse ,raw, & patch on both sprint and Verizon g4's to handle 9008 bricks. I just don't have in my possession an AT&t or TMO to try these files with. If anybody has an AT&T or TMO G4 that is 9008 bricked and would like to attempt something they have not tried yet. Do Not include any boot.IMG in the created recovery folder that is to be flashed. We are achieving download mode. That's it. To be able to use LGUP TO FLASH kdz or tot.

ls991 "Download Mode" recovery image
I have taken this https://drive.google.com/file/d/0B41ACD_ESYnHa3pIQlFLYUttdzg/view?usp=sharing and simply relaced sprint stuff with verizon stuff. maybe I should rename my thread from "unbrick " to "recover download mode".

If when
If when I flash the ls991 recovery folder to vs986 in QFIL, fastboot is acheived and the command prompt window report back as my verizon with the correct serial number. maybe this info can be useful to you, I hope. Because I change carriers more than I change devices and the crossover is a major PITA.

gratefuldeaddougie said:
If when I flash the ls991 recovery folder to vs986 in QFIL, fastboot is acheived and the command prompt window report back as my verizon with the correct serial number. maybe this info can be useful to you, I hope. Because I change carriers more than I change devices and the crossover is a major PITA.
Click to expand...
Click to collapse
What do you see in fastboot? Can you make a pic for me?
Sent from my LG-H815 using XDA Labs

I can not today. As I have sold the vs986 but am receiving 2 more bricked vs986's this week. I will post a pick. Pic of phone or PC cmd window? Which is of interest. Just curious although I'll post both.

gratefuldeaddougie said:
I can not today. As I have sold the vs986 but am receiving 2 more bricked vs986's this week. I will post a pick. Pic of phone or PC cmd window? Which is of interest. Just curious although I'll post both.
Click to expand...
Click to collapse
no just a photo of the fastboot screen is enough. thx
btw: the download you link in your OP does not contain any image files - only the XMLs and the firehose?! or do i miss something here?
thx
sfX

I wanna jump on the hard brick train
Just everybody remember improper use or jumping the gun can lead past hard brick to totally unrecoverable device seen it happen a many times.

Ready Set Go
Before I begin, In reference to infected files, there are many discussions such as this https://forum.xda-developers.com/g4/help/mbn-msm8992-qpst-2-7-430-unbrick-g4-t3292097 Today I received a vs986 that as of first connection does not appear in device manager. I'm gonna be reviving it regardless of what it may needs. It's 98% cosmetically and I got it for $29 and I love doing this. the process will be documented and posted. And most of all I'd like to thank TheMadScientist & steadfasterX for their inspiration or I wouldn't be doing this. Let's cross are fingers and hope for a 9008 brick. I'll force QDloader mode with test points and screenshot the device manager and go from there. If a hardware issue is present then I will deal with that deck of cards first. Until then. . . . . . . . .. .

@ steadfasterX
Maybe I assume too much. I imagine that those who have made it this far are aware of the fact that they should have a copy of the firmware version they bricked on. At least as the bare minimum to get started with. Be back tomorrow with the results.

Having trouble?
https://drive.google.com/file/d/0B41...ew?usp=sharing Extract folder / Move folder into QFIL folder as a folder not as individual files / load the firehoseprogrammer, patch, & raw / Flash / Remove battery / insert battery / hold volume up and plug in at same time until "download mode" appears on device / wait for drivers to install ? flash vs98627C.kdz with LGUP.
This will only work if the device bricked on 27C or earlier. If you know what FW version you bricked on the extract that FW and replace the appropriate files in the recovery image folder. (for ls991 sprint>https://drive.google.com/file/d/0B41ACD_ESYnHa3pIQlFLYUttdzg/view?usp=sharing

i have my g4 on 28a so it means is not possible yet with mine ? :S

This guy figured it out back in May. Exactly the method I used. Here is his guide> http://forum.gsmdevelopers.com/showthread.php?t=28897&highlight=VS986+REPAIR I can now confirm this works only with the files from the version of FW that the device bricked on. .

28a kdz mega link
gustax said:
i have my g4 on 28a so it means is not possible yet with mine ? :S
Click to expand...
Click to collapse
https://mega.nz/#!blN0UCRB!OqJbq776ePL_PNBjzzooGU8kwTPWLAHNyXQz52TxovI

I HAVE TRIED TO EXTRACT THE FILES FROM FW 28A WITH WindowsLGFirmwareExtract-1.2.5.0, I CAN EXTRACT THE DZ FROM KDZFILE BUT WHEN I TRY TO EXTRACT THE FILE FROM DZ, THE SOFTWARE CRUSHED, I HAVE TRIED WITH WINDOWS 10 AND WINDOWS 7 AND THE SAME ISSUE. THE KDZ IT IS OK BECAUSE IT IS THE ONE I USED TO UPDATE MY PHONE
COULD YOU HELP WITH THIS

i downloaded the fw 27c and tried to extract the dz and happened the same issue, so i guess the problem is te software, but i dont know what a i need, any advice?

gustax said:
i downloaded the fw 27c and tried to extract the dz and happened the same issue, so i guess the problem is te software, but i dont know what a i need, any advice?
Click to expand...
Click to collapse
I will try the extraction on my PC. I have learned something about this method this weekend. This is a one time shot. After the second attempt the device blows a fuse. I believe the firehose programmer is the same, but, the raw & patch files are specifically for the sprint. I think I may have permanently bricked a device attempting to re-create the scenario in which I was successful with during the first go at it. I'm gonna look at the 27C.kdz real quick

Related

Can i flash this H910PR10j_00_1205 firmware to my AT&T H910?

Can i flash this H910PR10j_00_1205 firmware to my AT&T H910? Will it work?
ssgsunny said:
Can i flash this H910PR10j_00_1205 firmware to my AT&T H910? Will it work?
Click to expand...
Click to collapse
We need a link to actually see the file.
me2151 said:
We need a link to actually see the file.
Click to expand...
Click to collapse
https://lg-firmwares.com/lg-h910pr-firmwares/#more-4385
What is it for?
Wouldnt recommend unless you want to test risk it. Its a kdz so format is right but its not for the us region.
This is a nice way to brick.
Cross-flashing radios, and/or bootloaders = GG
me2151 said:
Wouldnt recommend unless you want to test risk it. Its a kdz so format is right but its not for the us region.
Click to expand...
Click to collapse
I tried it and now I am on a island by myself. I got service, made a phone call and got text. It run through about every service possible and then dropped them all!!! It was such a kick in the ballz. Come swim with me the water great!
h910pr
i can confirm i have flashed the h910pr rom to my att h910 and it worked fine for me. stuck on the claro software but its actually better than atts lol. maybe someone could work on this firmware version since we have a kdz of it.
@predheadtx I don't suppose you checked to see if someone was asleep at the wheel and left fastboot oem unlock wide open?
Not sure.
runningnak3d said:
@predheadtx I don't suppose you checked to see if someone was asleep at the wheel and left fastboot oem unlock wide open?
Click to expand...
Click to collapse
I was originally on the h910 att firmware, then used dirty santa to open the bootloader and root. I found a rom that i really like and ran fast as heck, but it wouldn't sync with my watch. I tried a factory reset with led me to a twrp boot loop and nothing i did would get me out of it. so i tried to reflash twrp and it led me to a bricked phone that wouldn't power on past the boot loader unlocked notification. After tons of research and a little tweaking to a few things i got lgup to recognize my phone and flash the h910pr kdz to my phone. if anyone needs i can make a zip of the tools i used and post it somewhere.
edit- uploading to mega right now. will post a link in a little bit to a zip with my lgup folder configured exactly as it needed. install lgup2016 and the lg drivers then copy the lgup from this zip over the lgup folder in your programfiles(x86). essentially all you really need here is the lgup_common.dll which is actually just the h918.dll with the name changed. i had read the fccid's on the h910,h910pr and the h918 were the same, which meant by a measurable standard they are the same hardware. so i took the assumption the dlls would be compatable. by pure blind luck with the folder layout as shown in the zip and the kdz included as well it took. i was a little worried because i had read someone tried this and could not get carrier service. i thought id at least make the phone usable in case a fix was found.my phone reports itself as an h910pr now but is connected to the att network with no issues, text, talk and web all work fine as well as att services.
I had checked a while back and saw that the h910 and h918 had the same FCC ID, which, as you stated, means they have to be the same hardware. I am using my h910 on T-Mobile, so now that I know (if it fails for some reason) that I can flash the h910pr KDZ, I am going to try the h918.
Sorry that you almost had a brick, but thanks so much for verifying that this works.
hi to everyone concerned, i have begun monitoring this thread;
https://forum.xda-developers.com/v20/help/lg-v20-h910-kdz-t3612524/page2#post72599368
please direct any inquiry's to my experience there. there is also a link and directions there to restore any bricked lgh910 to the h910pr version, as well as development on using the h915 and h918 firmware.

Can somebody with a Z3x box, make a firmware of the version LS997V6 as a TOT?

Hey guys
I was wondering if someone here is still on the V6 version of the security update, if you are you can make the TOT file out of the V20 Sprint model. Whoever has the Z3X box for LG, follow these steps:
1. Start the LG Tools
2. Select H918
3. Select the Port 1 in Workspace, in connection put it to: AndroidNet USB Serial Port
4. Search phone button will find the LS997 model.
5. Select the Firmware Maker on the bottom of the right box
This will make the firmware of the version 6, the one that has the hidden menu for the unlock, since we cannot downgrade, maybe we can try it this way, it creates a TOT file that is flashable through the Z3X software
Does anyone have the box with this version, before it was updated. Because I lost that in the hidden menu the unlock function and now I cant even get signal, having issues wanna downgrade.
If someone has this LS997V6, create the firmware so we can flash it and maybe we can go back to that security update before it was patched, been looking around for it. But I dont have that version or else would have created the file to share.
ayoshidage said:
Hey guys
I was wondering if someone here is still on the V6 version of the security update, if you are you can make the TOT file out of the V20 Sprint model. Whoever has the Z3X box for LG, follow these steps:
1. Start the LG Tools
2. Select H918
3. Select the Port 1 in Workspace, in connection put it to: AndroidNet USB Serial Port
4. Search phone button will find the LS997 model.
5. Select the Firmware Maker on the bottom of the right box
This will make the firmware of the version 6, the one that has the hidden menu for the unlock, since we cannot downgrade, maybe we can try it this way, it creates a TOT file that is flashable through the Z3X software
Does anyone have the box with this version, before it was updated. Because I lost that in the hidden menu the unlock function and now I cant even get signal, having issues wanna downgrade.
If someone has this LS997V6, create the firmware so we can flash it and maybe we can go back to that security update before it was patched, been looking around for it. But I dont have that version or else would have created the file to share.
Click to expand...
Click to collapse
But didn’t antirollback change? If so firmware or not you cannot downgrade
Sent from my iPhone using Tapatalk
hyelton said:
But didn’t antirollback change? If so firmware or not you cannot downgrade
Sent from my iPhone using Tapatalk
Click to expand...
Click to collapse
Yes, but I am currently working on it, but I need that firmware version to see what I can do, because I dont have that, I need someone to make a copy of that from their phone using the methods I have provided for me to do the work on it.
ayoshidage said:
Yes, but I am currently working on it, but I need that firmware version to see what I can do, because I dont have that, I need someone to make a copy of that from their phone using the methods I have provided for me to do the work on it.
Click to expand...
Click to collapse
If antirollback did change, there’s no physical possible way to downgrade. It’s not possible, there’s no way around antirollback.
Sent from my iPhone using Tapatalk
hyelton said:
If antirollback did change, there’s no physical possible way to downgrade. It’s not possible, there’s no way around antirollback.
Sent from my iPhone using Tapatalk
Click to expand...
Click to collapse
There is always a way for everything, keep in mind Samsung did the same thing to prevent downgrading the firmware, I have found a way to downgrade that to the first version installed on the device even if you are on the latest version, but took me a very long time to find the exploit for it. So trust me, when I tell you there is always a way. Would I share that, no I wont, because its my business and my hard work alone. But I am willing to share my work for this project.
What is there to lose, you have a person here willing to work for free, and work on this project to share with the community.
ayoshidage said:
There is always a way for everything, keep in mind Samsung did the same thing to prevent downgrading the firmware, I have found a way to downgrade that to the first version installed on the device even if you are on the latest version, but took me a very long time to find the exploit for it. So trust me, when I tell you there is always a way. Would I share that, no I wont, because its my business and my hard work alone. But I am willing to share my work for this project.
What is there to lose, you have a person here willing to work for free, and work on this project to share with the community.
Click to expand...
Click to collapse
Yeah nothing to loose .
Here’s a good post on it. https://forum.xda-developers.com/showpost.php?p=73206763&postcount=3
Here is a post from another thread:
“In short: the ARB is implemented in the bootloader and to be more clear in the certificates within. There is 100% no chance to change this other then when you break the signature algo or find a bug in the implementation”
Good luck, If you get anything be sure to post updates!
Without being able to inject code between the CPU and the NAND, it can't be done. I would LOVE to be proven wrong, but here is a quick overview:
The PBL is located in QFPROM on the CPU. ARB is located in QFPROM on the CPU. The RSA key is located in QFPROM on the CPU.
When you power on the phone, the PBL loads XBL and checks the ARB version. If it is less than what is burned into the CPU, it goes into 9008 mode. It also use the RSA key to verify the signature of XBL. If it is modified -- 9008 mode.
When a phone successfully loads XBL that has a greater ARB version than what is burned into the CPU, it immediately burns the greater ARB version into the CPU.
So there are a couple of attack vectors:
1 - Have some cool hardware that can read the RSA key from the CPU and try and brute force the RSA cert with the key and the sig.
2 - Have some cool hardware that can do a MITM attack on the CPU and NAND replying with a valid return so that the CPU will boot no matter what is on the NAND.
Good luck, I will be following this closely....
-- Brian
runningnak3d said:
Without being able to inject code between the CPU and the NAND, it can't be done. I would LOVE to be proven wrong, but here is a quick overview:
The PBL is located in QFPROM on the CPU. ARB is located in QFPROM on the CPU. The RSA key is located in QFPROM on the CPU.
When you power on the phone, the PBL loads XBL and checks the ARB version. If it is less than what is burned into the CPU, it goes into 9008 mode. It also use the RSA key to verify the signature of XBL. If it is modified -- 9008 mode.
When a phone successfully loads XBL that has a greater ARB version than what is burned into the CPU, it immediately burns the greater ARB version into the CPU.
So there are a couple of attack vectors:
1 - Have some cool hardware that can read the RSA key from the CPU and try and brute force the RSA cert with the key and the sig.
2 - Have some cool hardware that can do a MITM attack on the CPU and NAND replying with a valid return so that the CPU will boot no matter what is on the NAND.
Good luck, I will be following this closely....
-- Brian
Click to expand...
Click to collapse
Hi Brian
Thank you for all the information and all the input, I am gonna try to see what I can do from my end, my issue is this, before the update was patched from the hidden menu. This is the problem that has occured. Before the update, when I got this phone, was running on V6, I believe that was the last version that supported the HiddenMenu.apk, that you were able to change production to lab mode. Now since the mistake I did in updating the security software that has been patched and because of it. I have very weak signal and now also the 4G is gone. Before the update, I had full signal bars and 4G service. Now the bars come and go with the data connected. The phone was unlocked this method (temp method) and then was unlocked using Octopus after the update.
These are the issues:
1. The signal bars goes up and down to 0 and goes up again, I am in a very strong signal area.
2. The 4G was working but not the greatest speeds, was doing like 4-8MB a sec down and 0.1Kbs upload. Which is terrible.
I tried Resetting the Security via box and now the 4G is gone and data. Calls are working but same signal issues.
The issue is I know sprint uses the CDMA technologly, and where I am its GSM network, but my service uses WCDMA because it runs on the AWS network 1700/2100. The problem is this. I can get the HiddenMenu to work again, but that special section in the old version does not exist anymore because it has been patched in the new security update.
I am also able to get in to the band selection, AWS and all other bands are there, but the issue is if you select AWS it says FAILED to connect on any band except on AUTO, so this is why I wanted to have the old version extracted on the version 6, so that I could work on it, since Sprint does not have firmware files you can flash.
So this is the problem. Very stupid the way they did this firmware method OVER THE AIR method. The funny thing is that the it supports all the bands that the GSM supports here and the UMTS.
I just want to get this phone back to full bars with the data restored and have the full speed I had when I did the temp fix, but real solution. I know maybe I can flash a custom rom, but I dont know how reliable that is and if it will resolve the issue.
Whats your input on all of this?
Those issues your having are typical issues of using a sprint device on another carrier. Only fix is flashing a different model firmware which won’t ever be possible for the Sprint model. Never rely on a sprint device unless your using it on sprint.
Sent from my iPhone using Tapatalk
Yes I'm aware of these things of Sprint after finding out. But the weird thing is I never had an issue after that fix for the hidden menu patch that unlocks it when out into lab mode and specifying the APN. Never had a dropped signal once or data. This issued occured after the update. This is my first time owning an Sprint phone so I didn't know there were no firmware which is why I wanted to work on this project.
They say the workround is flashing a DirtySanta ROM. But then again if you fladh that rom would u have those old options back in hidden menu and would it fix the issue. That's the real question.
I am also aware that since you unlock the bootloader and lock it again you can brick the device. Luckly I have made a tot of my whole system firmware image latest version.
What's the best approach to getting this back to working state. My network runs on WCDMA that's why AWS is needed.
Just want to know how to get this working...
> would i share that, no i wont, its my hard work alone ...
>i need someone to ...
I see a hiccup in the reasoning here.
Best of luck. Development on this device came to a screeching halt when ARB hit.r
elijah420 said:
> would i share that, no i wont, its my hard work alone ...
>i need someone to ...
I see a hiccup in the reasoning here.
Best of luck. Development on this device came to a screeching halt when ARB hit.r
Click to expand...
Click to collapse
That's phrase is for the Samsung exploit. Not LG two different phones and companies.
If nobody cares to share that firmware version to extract no worries I won't work on it. Worst comes to worst I'll sell the phone that's all.
Good luck finding a way to do it yourself then. Dont questions others people work when you don't know what skills they have in the mobile field.
Thanks for everyone else for their input.
ayoshidage said:
That's phrase is for the Samsung exploit. Not LG two different phones and companies.
If nobody cares to share that firmware version to extract no worries I won't work on it. Worst comes to worst I'll sell the phone that's all.
Good luck finding a way to do it yourself then. Dont questions others people work when you don't know what skills they have in the mobile field.
Thanks for everyone else for their input.
Click to expand...
Click to collapse
Well thank you, but you fail to understand something very basic here. While there may have been a question mark in there somewhere, in no way was your request a request. It was rather demanding. You demanded someone do something for you, with no reciprocity from you. I think attitudes like that tend to rankle rather than disarm.
As far as the last bit of your snarky comment - bear this in mind - I'm not the one looking for a 'way to do it myself'.
Again, best of luck.
elijah420 said:
Well thank you, but you fail to understand something very basic here. While there may have been a question mark in there somewhere, in no way was your request a request. It was rather demanding. You demanded someone do something for you, with no reciprocity from you. I think attitudes like that tend to rankle rather than disarm.
As far as the last bit of your snarky comment - bear this in mind - I'm not the one looking for a 'way to do it myself'.
Again, best of luck.
Click to expand...
Click to collapse
Thanks for you reply, but I dont think you understood the meaning of what request means? Request means " an act of asking politely or formally for something" I think you should understand what the meaning of request means before commenting no sense. Also I didn't demand someone, I was asking if someone had a dump file or if someone could create a dump file for me to work on the project. I am here to help people out to find solutions, you are here for the purpose of starting rant on the forums. By no means, this was demand or any sort of order in bossing people around. But its all good, I dont have the phone anymore, so no need to work on it anymore, have a great day.
Thanks.

Need IMG file for SM-950U

Can someone please connect their rooted S8 via adb and run the following commands:
adb shell
su
dd if=/dev/block/mmcblk0 of=/storage/sdcard1/unbrick.img bs=512 count=30535646
Make sure you have an empty 16+ GB sd card inserted into your phone.
unbrick.img should be in your SD card.
Please zip the file and share it with me so I can unbrick my S8.
Thank you so much!!
I will make a guide once the device is successfully unbricked.
thehaXor said:
Can someone please connect their rooted S8 via adb and run the following commands:
adb shell
su
dd if=/dev/block/mmcblk0 of=/storage/sdcard1/unbrick.img bs=512 count=30535646
Make sure you have an empty 16+ GB sd card inserted into your phone.
unbrick.img should be in your SD card.
Please zip the file and share it with me so I can unbrick my S8.
Thank you so much!!
I will make a guide once the device is successfully unbricked.
Click to expand...
Click to collapse
1) that comand is wrong. This would back up their entire ssd which would give you all their files. Don't do this.
2) there are plenty of root methods on this vs very site. If you could apply to kind of image your can use one of them
Partcyborg I had your rom installed on my s8, but I hardbricked it by running xposed. Now all I see is "qualcomm hs-usb qdloader 9008" when I plug in my s8 but the phone is unresponsive no download mode and no recovery. I read on another posting on
https://forum.xda-developers.com/yureka/help/question-qualcomm-download-mode-k-t3068040
That if someone provides me with a img I can use it to revive my phone.
Please help me.
thehaXor said:
Partcyborg I had your rom installed on my s8, but I hardbricked it by running xposed. Now all I see is "qualcomm hs-usb qdloader 9008" when I plug in my s8 but the phone is unresponsive no download mode and no recovery. I read on another posting on
https://forum.xda-developers.com/yureka/help/question-qualcomm-download-mode-k-t3068040
That if someone provides me with a img I can use it to revive my phone.
Please help me.
Click to expand...
Click to collapse
Hello
I can make you a backup of my device.
Yes true some of the files from my device could be bad for you to have.
Like the EFS partition that contains the IMEI number Serial number ect.
Im not too worried about that but if you have a dump of your efs partition that would be very helpful.
Now the thread you linked too is a way of unbricking some of the devices that arent so heavily secured.
Unless you have the Samsung Signed Firehose i dont think it will work.
Good news is that there is a way to make a debrick image that you burn to a sd card.
Then putting the sd card in the device gets it booted into download mode.
The bad news is I dont know exactly how to create the unbrick.img.
Currtently i am trying to do this for my Galaxy Tab E.
If someone knows how to make the debrick.img I have all the files needed.
Someone out here please help us make a debrick.img
This all seems really complicated its not really. U want that partition? Download es file explorer and follow me... Thumbnails below. Your device must be rooted.
BigCountry907 said:
Hello
I can make you a backup of my device.
Yes true some of the files from my device could be bad for you to have.
Like the EFS partition that contains the IMEI number Serial number ect.
Im not too worried about that but if you have a dump of your efs partition that would be very helpful.
Now the thread you linked too is a way of unbricking some of the devices that arent so heavily secured.
Unless you have the Samsung Signed Firehose i dont think it will work.
Good news is that there is a way to make a debrick image that you burn to a sd card.
Then putting the sd card in the device gets it booted into download mode.
The bad news is I dont know exactly how to create the unbrick.img.
Currtently i am trying to do this for my Galaxy Tab E.
If someone knows how to make the debrick.img I have all the files needed.
Someone out here please help us make a debrick.img
Click to expand...
Click to collapse
thehaXor said:
Partcyborg I had your rom installed on my s8, but I hardbricked it by running xposed. Now all I see is "qualcomm hs-usb qdloader 9008" when I plug in my s8 but the phone is unresponsive no download mode and no recovery. I read on another posting on
https://forum.xda-developers.com/yureka/help/question-qualcomm-download-mode-k-t3068040
That if someone provides me with a img I can use it to revive my phone.
Please help me.
Click to expand...
Click to collapse
There is no way you hardbricked running xposed. If you Google there is a recovery img that is out there for 9008 u2 bootloader
thehaXor said:
Partcyborg I had your rom installed on my s8, but I hardbricked it by running xposed. Now all I see is "qualcomm hs-usb qdloader 9008" when I plug in my s8 but the phone is unresponsive no download mode and no recovery. I read on another posting on
https://forum.xda-developers.com/yureka/help/question-qualcomm-download-mode-k-t3068040
That if someone provides me with a img I can use it to revive my phone.
Please help me.
Click to expand...
Click to collapse
Ok a few things:
1) this did not happen because of "Xposed". This is literally impossible. Xposed only modifies things in /system, this can not cause you to be stuck in 9008. Only bad modifications to bootloader files can do this, which again, Xposed doesn't touch.
2) you don't need someones system image, in fact system images aren't what you need all. You need to flash a working set of bootloaders using the firehose programmer. If you were on my rom then you're in luck, the v2 programmer is out there so doing this is possible.
All you need is a copy of the stock rom, and the firehose programmer with xmls. I think they were shared around here before, if not I can post them for you. Just make sure the stock bl files you upload are for 950u v2 ONLY, or you might not be able to root anymore, or it won't fix it
Depending on what rev bootloader you are on I have the EDL Files.
The official samsung edl files to unbrick your s8.
The sd card trick don't work on the newer samsungs.
You need to use the edl files and flash in edl mode.
Let me know what bootloader you are on.
BigCountry907 said:
Depending on what rev bootloader you are on I have the EDL Files.
The official samsung edl files to unbrick your s8.
The sd card trick don't work on the newer samsungs.
You need to use the edl files and flash in edl mode.
Let me know what bootloader you are on.
Click to expand...
Click to collapse
Probably the ones I shared In my groups....
I have a whole automated script to fix it But I still want to know what this guy was really doing
TheMadScientist said:
Probably the ones I shared In my groups....
I have a whole automated script to fix it But I still want to know what this guy was really doing
Click to expand...
Click to collapse
There is the possibility that the files I have may have originated by you.
But they did not come from XDA they came from a very different source.
I do agree with you that the only way to truly brick the device is to mess with the bootloaders.
Even mixing bootloaders can cause the brick.
I believe the bat file your referring to was released along with the EDL bootloaders.
But you could have easily wrote it it's not very complicated.
I'm just grateful that these files got leaked no matter where they came from.
At one point they were made by samsung at samsung factory without any doubt.
Either a samsung employee or an authorized samsung repair center that had them Leaked the files.
Unless you have samsungs private Key. Actually 3 of them considering the bootloaders are signed using 3 different certs.
If you have that then we should all be running unlocked devices. Please share.
I have been working on unlocking the bootloader for the N950U. Or at least finding a way to load a custom kernel. I believe the EDL bootloaders may have more ability than the stock or combination bootloaders.
We would need to pull the signatures from all the bootloaders and first determine if there using a 2 cert or 3 cert signing scheme. Then by looking at how certain bits of the device serial and other data in the signature we can determine if the debug level is set higher. Like Jtag access and what not.
I do have a copy of the msm8998 Source Code that was leaked. Its a very recent version. There are some things we can use it for but ultimately it would be nice to have the KEY. I'd be happy just to have the private key for signing the boot.img.
BigCountry907 said:
There is the possibility that the files I have may have originated by you.
But they did not come from XDA they came from a very different source.
I do agree with you that the only way to truly brick the device is to mess with the bootloaders.
Even mixing bootloaders can cause the brick.
I believe the bat file your referring to was released along with the EDL bootloaders.
But you could have easily wrote it it's not very complicated.
I'm just grateful that these files got leaked no matter where they came from.
At one point they were made by samsung at samsung factory without any doubt.
Either a samsung employee or an authorized samsung repair center that had them Leaked the files.
Unless you have samsungs private Key. Actually 3 of them considering the bootloaders are signed using 3 different certs.
If you have that then we should all be running unlocked devices. Please share.
I have been working on unlocking the bootloader for the N950U. Or at least finding a way to load a custom kernel. I believe the EDL bootloaders may have more ability than the stock or combination bootloaders.
We would need to pull the signatures from all the bootloaders and first determine if there using a 2 cert or 3 cert signing scheme. Then by looking at how certain bits of the device serial and other data in the signature we can determine if the debug level is set higher. Like Jtag access and what not.
I do have a copy of the msm8998 Source Code that was leaked. Its a very recent version. There are some things we can use it for but ultimately it would be nice to have the KEY. I'd be happy just to have the private key for signing the boot.img.
Click to expand...
Click to collapse
Actually a friend wrote the bat lol Pm me I have a telegram group not much activity but several s8 devs
including some well known fellars in it
Im pretty sure they use 3 keys But Several of us have looked into it quite extensively....
You are more than welcome to join the group and shoot the crap

Can anyone share a dump folder of .ops file? (python)

*EDIT 05-24
I had a problem where I would get stuck even after using MSMDOWNLOADTOOL completely. With the help of great minds,
#fullofhell #Dark Nightmare #Scott and frankly a god #Eliminater74 I could fix the phone completely. I am heading for modem work, which put me into this situation.
As of this point, I cannot find any misbehavior but I am quite new to this, so I can be deadly wrong. (Well but then, sensors are fine, calls , texts, data, wifi is working just fine. I don't know what else to check!)
I know as a fact that what happened to me is not really that rare (although it is quite rare, it happened before as well.)
So I was about to share how I fixed it but decided not because what I did was so out of experimental and I frankly have no idea if the same would work for others.
Tbh, if you are in the same position as I am, go ahead and contact the Oneplus service team. I did what I did only because I had to, I am Korean, and couldn't get it fixed.
If anyone, comes to this point and has absolutely no way to get it fixed, I will be glad to help,
(only if that person agrees that there is more chance to totally destroy it then fixing it XD.)
Again, Thank you so much Scott, dark nightmare. What you guys shared with me saved a bunch of time and you guys are what the forum truely needs!
P.S, Still couldn't find the moded MSMdownload tool. What can you recall what functions it had? Maybe enabled engineer mode?
I can't assist with your dump file, I'm just curious though how exactly did you brick your device?
Pain-N-Panic said:
I can't assist with your dump file, I'm just curious though how exactly did you brick your device?
Click to expand...
Click to collapse
Although it's pure stupidity, I guess it's worth sharing. I was messing around with the modem and somehow somewhere I broke proximity sensor.
So, I used fastboot flash tools including critical partitions. Which is the same process shared by amt911 "https://forum.xda-developers.com/oneplus-6t/help/bricked-oneplus-6t-msmdownloadtool-t3900145". Once I was done with flashing, I could not reboot. Here, I could have just side load or try to find other way out but I decided to use msm tool, which locked my oem.
basically, I think it's critical partition that causes un-recoverable boot-loop to some of us. That is not fixed by msmdownloadtool for now.
Which, I am curious, do you think msm-download tool will wipe and flash every partitions? From what I searched so far, everyone seems to agree that msm tool will flash every partitions including the critical parts (which is not exactly true because I know for a fact it doesn't wipe out efs partition). If not, do you think there is a way to force it?
Thank you for your interest though! I am going quite sad and mad alone here!
Somehowko said:
Although it's pure stupidity, I guess it's worth sharing. I was messing around with the modem and somehow somewhere I broke proximity sensor.
So, I used fastboot flash tools including critical partitions. Which is the same process shared by amt911 "https://forum.xda-developers.com/oneplus-6t/help/bricked-oneplus-6t-msmdownloadtool-t3900145". Once I was done with flashing, I could not reboot. Here, I could have just side load or try to find other way out but I decided to use msm tool, which locked my oem.
basically, I think it's critical partition that causes un-recoverable boot-loop to some of us. That is not fixed by msmdownloadtool for now.
Which, I am curious, do you think msm-download tool will wipe and flash every partitions? From what I searched so far, everyone seems to agree that msm tool will flash every partitions including the critical parts (which is not exactly true because I know for a fact it doesn't wipe out efs partition). If not, do you think there is a way to force it?
Thank you for your interest though! I am going quite sad and mad alone here!
Click to expand...
Click to collapse
Damn man, sorry to hear that. I've never had to mess with msm tool, thankfully. The fact that it locks the bootloader kind of scares me. From what I've read about the tool it does sound like it wipes/flashes all partitions including critical.
Are you able to unlock the BL in fastboot mode using the command?
Pain-N-Panic said:
Damn man, sorry to hear that. I've never had to mess with msm tool, thankfully. The fact that it locks the bootloader kind of scares me. From what I've read about the tool it does sound like it wipes/flashes all partitions including critical.
Are you able to unlock the BL in fastboot mode using the command?
Click to expand...
Click to collapse
As the bootloader is locked and I cannot boot, I am can't put enable oem-unlock on the data. Which means, yes I cannot unlock the bootloader as long as oneplus 6t doesn't have a loophole like oneplus 3T. I am pretty sure that was fixed though.
Well, I don't know if it's msm tool really. If I just started with that I would have been fine (at least I believe so). Yes I didn't wanted to lock the boot loader, which is why I used fastboot flash tool. But then, that's why I ended up here. So, if you end up in a situation where you might, might need msm tool or flash tool, always go with the msm tool !
For msm, I am quite certain it doesn't flash all partitions. I think there is some partition checkup somewhere. Here is why I think so
1) Completely formatted OS cannot be on a boot loop unless it's caused by hardware issue.
2) All partitions except vendor, system goes way too fast. It ends within 200 seconds for me. I would assume that kinda makes sense as it really is the problem of usb-pc hardware power but installing the image should take longer I think (but then I truly have no idea)
My conclusion is that the tool checks partition size before flashing, and does not touch / replace every file. I am probably wrong since it is
EDI tool after all, but I simply cannot believe msm tool cannot fix something that has nothing to do with the hardware.
I mean, imagine we can brake our newly formatted PC OS without any single components corrupted! (Is it even possible?)
I don't know man....with the bootloader locked you're not able to fastboot flash ANYTHING?
Somehowko said:
For msm, I am quite certain it doesn't flash all partitions.
Click to expand...
Click to collapse
Im sure this is correct. This is about the 3rd or so thread that I have read whereas the MSM tool could not completely recover the phone.
So far no one has found a solution. One person ended up sending theres back to OnePlus so we are waiting to find out how it turned out. Here is the thread I am referencing: https://forum.xda-developers.com/oneplus-6t/help/bricked-oneplus-6t-msmdownloadtool-t3900145
Scott said:
Im sure this is correct. This is about the 3rd or so thread that I have read whereas the MSM tool could not completely recover the phone.
So far no one has found a solution. One person ended up sending theres back to OnePlus so we are waiting to find out how it turned out. Here is the thread I am referencing: https://forum.xda-developers.com/oneplus-6t/help/bricked-oneplus-6t-msmdownloadtool-t3900145
Click to expand...
Click to collapse
Well, tbh, we know as a matter of fact it is not a complete flashing. I mean it clearly says flashing to partition _a only unlike previous versions of msm tools (ah, good days.) What I am curious of is if there is anything we can do about skipping partitions. I am suspecting using qfil would, through unpacking ops files. Although it seems like a long shot.
Btw, thank you for your interest!
Scott said:
Im sure this is correct. This is about the 3rd or so thread that I have read whereas the MSM tool could not completely recover the phone.
So far no one has found a solution. One person ended up sending theres back to OnePlus so we are waiting to find out how it turned out. Here is the thread I am referencing: https://forum.xda-developers.com/oneplus-6t/help/bricked-oneplus-6t-msmdownloadtool-t3900145
Click to expand...
Click to collapse
Msm tool has hidden functions, it's a pain but not impossible.
Search Google and gsm forums for readback mode, smt wipe, and imei/esn restore...
Siren siren... Watch out the xda police gunna blow down and remove my comment.. oh nooooo aghastt....
Btw u cannot use berklers script without an AES recovery key. There aren't any around as far as I know for fajita.
Easiest thing is if OnePlus bought device, get an exchange.. play dumb.. oops I dunno, your Android Q crap broke it..
Or if tmo bought, add insurance if u don't have it, play dumb. Get a new one. I did for a scratched screen..but made it about the modem not working, bc I erased it...
These corporations owe us nothing.
Get a new phone man
fullofhell said:
Msm tool has hidden functions, it's a pain but not impossible.
Search Google and gsm forums for readback mode, smt wipe, and imei/esn restore...
Get a new phone man
Click to expand...
Click to collapse
Thank you so much! I don't have to hassle with python anymore!!! That thing was making my brain fart!
Sadly, That's the only option that I got. As I am living in Korea and I cannot send a phone outside of a country (funny isn't it? they say battery hazard, I say licking Samsung's ass) I can't even get it fixed.
Frankly, I love my phone and I would go an extra mile even for a hint of getting it back to work again.
I will try to look for back up and smt wipe. Hopefully, I wouldn't totally destroy my phone. (again, hopefully.)
If you have any other information, please share with me!
Somehowko said:
Thank you so much! I don't have to hassle with python anymore!!! That thing was making my brain fart!
Sadly, That's the only option that I got. As I am living in Korea and I cannot send a phone outside of a country (funny isn't it? they say battery hazard, I say licking Samsung's ass) I can't even get it fixed.
Frankly, I love my phone and I would go an extra mile even for a hint of getting it back to work again.
I will try to look for back up and smt wipe. Hopefully, I wouldn't totally destroy my phone. (again, hopefully.)
If you have any other information, please share with me!
Click to expand...
Click to collapse
You're saying an msm reload didn't fix the device? Btw you can use the unlocked device msm tool as well as of version 9.0.11 I believe, just look for the modded tool that skips the model check, did you do a full system backup before tinkering? If so you can dd files back into place if msm doesn't overwrite them the way its supposed to, I've done some crazy things to the 6t, a bit surprised recovery didn't fix it for you...
And yeah FoH already pointed out that decrypt tool is useless to us.
Dark Nightmare said:
You're saying an msm reload didn't fix the device? Btw you can use the unlocked device msm tool as well as of version 9.0.11 I .
Click to expand...
Click to collapse
Are you talking about what
PHP:
Eliminater74
shared with us? if so, I tried to use back up before smt download but it fails. firehorse read data error 995.
And I didn't do the back up; I only flashed every partition with the fastboot-flash tool. I am quite surprised to see msm letting me down as well );
Can you share more if you know more?
Somehowko said:
Are you talking about what
PHP:
Eliminater74
shared with us? if so, I tried to use back up before smt download but it fails. firehorse read data error 995.
And I didn't do the back up; I only flashed every partition with the fastboot-flash tool. I am quite surprised to see msm letting me down as well );
Can you share more if you know more?
Click to expand...
Click to collapse
Na, there was another someone else had modded, it should be in the general forum, I believe it was linked in the new international conversion method, the one after my thread. If you simply flashed using the fastboot-flash-tool, then you should definitely be recoverable, attempt a msm reload, I believe you may have a usb port issue if you're having firehose failures, try using an onboard port and not the front ports.
Dark Nightmare said:
Na, there was another someone else had modded, it should be in the general forum, I believe it was linked in the new international conversion method, the one after my thread. If you simply flashed using the fastboot-flash-tool, then you should definitely be recoverable, attempt a msm reload, I believe you may have a usb port issue if you're having firehose failures, try using an onboard port and not the front ports.
Click to expand...
Click to collapse
That's weird. If I had a usb port issue it would say it during the msmdownloading wouldn't it? Msmdownload goes fine but I just can't use the readback function.
And thank you I will go and look for it!
Somehowko said:
That's weird. If I had a usb port issue it would say it during the msmdownloading wouldn't it? Msmdownload goes fine but I just can't use the readback function.
And thank you I will go and look for it!
Click to expand...
Click to collapse
qusb is weird, it would let me backup but not flash once, tried a different port and it worked fine for both, so I figured I'd suggest such, doesn't hurt to try after all?
Dark Nightmare said:
qusb is weird, it would let me backup but not flash once, tried a different port and it worked fine for both, so I figured I'd suggest such, doesn't hurt to try after all?
Click to expand...
Click to collapse
Weird, different port different errors. Error code changed. I will try with other desktops this afternoon.
For another msmdownload tool, are you referring to the thread "T-Mobile 6T to International Conversion (WITHOUT unlocked bootloader/SIM unlock!)"?
Thank you so much for your help!
Somehowko said:
Weird, different port different errors. Error code changed. I will try with other desktops this afternoon.
For another msmdownload tool, are you referring to the thread "T-Mobile 6T to International Conversion (WITHOUT unlocked bootloader/SIM unlock!)"?
Thank you so much for your help!
Click to expand...
Click to collapse
That's correct and if you're on windows 10 it may be a system update messing with the drivers, its dumb, but it actually affects the simplest of things.
Somehowko said:
Weird, different port different errors. Error code changed. I will try with other desktops this afternoon.
For another msmdownload tool, are you referring to the thread "T-Mobile 6T to International Conversion (WITHOUT unlocked bootloader/SIM unlock!)"?
Thank you so much for your help!
Click to expand...
Click to collapse
As crazy as it sounds three reboots and four different ports did the trcik!
And sincerely thank you! Although I couldn't find the modded msmtool you told me I was able to boot into the os finally.

unlock boot loader US996

Is this do-able with out unlock.bin??
I've tried using adb/fastboot. ADB reports the device OK; fastboot can't see the device.
I've tried all manner of drivers to load........ I know there are separate drivers for adb and fastboot.
This is driving me nuts.
Finally, are there different SUB-variants of the 996?? One generic and one US Sprint??
Thanks
You must use dirtysanta to root
[Guide][Tutorial] Root TWRP LG V20 using Dirtysanta[Most Variants][Noobfriendly]
Good day, Here's the modified dirtysanta method to root LG V20 and install TWRP. This guide will help you in rooting your device with much easier situation. Before you begin: (Your phone's internal storage will be wiped or simply formatted or...
forum.xda-developers.com
ROMSG said:
You must use dirtysanta to root
[Guide][Tutorial] Root TWRP LG V20 using Dirtysanta[Most Variants][Noobfriendly]
Good day, Here's the modified dirtysanta method to root LG V20 and install TWRP. This guide will help you in rooting your device with much easier situation. Before you begin: (Your phone's internal storage will be wiped or simply formatted or...
forum.xda-developers.com
Click to expand...
Click to collapse
The only issue with that response: The DirtySanta thread you link to lists the following devices, admonishing that any others will get bricked:
- Verizon (VS995)
- Sprint (LS997)
- ATT (H910)
- Korean(F800L)
- USS996 (BPT, UCL)
- Canadian (H915)
Unless there's a typo in it, the USS996 is NOT the same as the US996. The US996 is a carrier unlocked US variant. The other US996 is locked to US Cellular. A bit of clarity is necessary here...
Graf_Eberstein said:
The only issue with that response: The DirtySanta thread you link to lists the following devices, admonishing that any others will get bricked:
- Verizon (VS995)
- Sprint (LS997)
- ATT (H910)
- Korean(F800L)
- USS996 (BPT, UCL)
- Canadian (H915)
Unless there's a typo in it, the USS996 is NOT the same as the US996. The US996 is a carrier unlocked US variant. The other US996 is locked to US Cellular. A bit of clarity is necessary here...
Click to expand...
Click to collapse
I found this some of the Links are broken.
V20 [H915|US996] DirtyElf Bootloader Unlock and Root guide
Firmware
US99610f_00_1205.kdz
usb drivers for windows
Terminal Emulator for Android "f-droid Download APK at bottom of page"
Before you flash the KDZ to downgrade your firwmare make a DUMP backup of ALL files first it will have your EFS and that's very very important it has your IMEI number. You don't need to dump system or cache.
Darnrain1 said:
I found this some of the Links are broken.
V20 [H915|US996] DirtyElf Bootloader Unlock and Root guide
Firmware
US99610f_00_1205.kdz
usb drivers for windows
Terminal Emulator for Android "f-droid Download APK at bottom of page"
Before you flash the KDZ to downgrade your firwmare make a DUMP backup of ALL files first it will have your EFS and that's very very important it has your IMEI number. You don't need to dump system or cache.
Click to expand...
Click to collapse
Thank you! I am looking that over. One question I do have for you: Is that dump backup needed for anything beyond the EFS to get the IMEI? Asking only because I was able to extract the IMEI already. I'm not physically working on this till the weekend, so I'm going to read up/download stuff in the interim and go from there. If I end up with questions (and I just might from the bit I've read so far*), I'll append this post or reply to it.
* This is an example of where the uncertainty sets in: "For official US996 model owners that do not want to void their warranty, follow the Dirtysanta Sprint(LS997) method but make sure to flash a US996 Stock rom instead." I'm assuming "official" applies to an actual V20 model US996, regardless of carrier/unlock status. I'm extrapolating that the H915 is an US996 with a differently configured kernel. Since the LS997 is only mentioned separately, is the 997 a CDMA version of the (GSM) 996?
LTE is inferred, GSM is for distinction, so I'm assuming the 915 and 996 are GSM devices. I also know Sprint is/was a CDMA carrier. CDMA hardware would infer different modules would be loaded by the kernel, than for GSM, and could therefore hang or brick the device. At least that's where the rail line used by my train of thought takes me. Or, does the difference between CDMA and GSM versions not matter?
You are correct about the broken links: Tilde88's US996 100% Stock deODEXEd Rom, which is listed in the linked article, is a bad link. I did some fairly general "looking" for that ROM elsewhere, found a couple of articles when Google-searching, but haven't had a chance to check those out (that will have to wait until tomorrow). If it turns out that there is no alternate link to the ROM, are there any other ways of getting it, short of looping @Tilde88 in?
Graf_Eberstein said:
Thank you! I am looking that over. One question I do have for you: Is that dump backup needed for anything beyond the EFS to get the IMEI? Asking only because I was able to extract the IMEI already. I'm not physically working on this till the weekend, so I'm going to read up/download stuff in the interim and go from there. If I end up with questions (and I just might from the bit I've read so far*), I'll append this post or reply to it.
* This is an example of where the uncertainty sets in: "For official US996 model owners that do not want to void their warranty, follow the Dirtysanta Sprint(LS997) method but make sure to flash a US996 Stock rom instead." I'm assuming "official" applies to an actual V20 model US996, regardless of carrier/unlock status. I'm extrapolating that the H915 is an US996 with a differently configured kernel. Since the LS997 is only mentioned separately, is the 997 a CDMA version of the (GSM) 996?
LTE is inferred, GSM is for distinction, so I'm assuming the 915 and 996 are GSM devices. I also know Sprint is/was a CDMA carrier. CDMA hardware would infer different modules would be loaded by the kernel, than for GSM, and could therefore hang or brick the device. At least that's where the rail line used by my train of thought takes me. Or, does the difference between CDMA and GSM versions not matter?
You are correct about the broken links: Tilde88's US996 100% Stock deODEXEd Rom, which is listed in the linked article, is a bad link. Since I haven't gotten past the first post yet, I'm going to see if I can find that elsewhere and report back.
Click to expand...
Click to collapse
Sometimes downgrading your firmware to root your phone will corrupt your EFS on the phone and you have to restore it to get cell service working again or to bring back your IMEI number.
There are four files that are your EFS.
With the phone powered off, hold the down vol and plug in usb to computer to restore EFS.
fastboot flash fsg fsg_COM6
fastboot flash misc misc_COM6
fastboot flash modemst1 modemst1_COM6
fastboot flash modemst2 modemst2_COM6
fastboot reboot
Darnrain1 said:
Sometimes downgrading your firmware to root your phone will corrupt your EFS on the phone and you have to restore it to get cell service working again or to bring back your IMEI number.
There are four files that are your EFS.
With the phone powered off, hold the down vol and plug in usb to computer to restore EFS.
fastboot flash fsg fsg_COM6
fastboot flash misc misc_COM6
fastboot flash modemst1 modemst1_COM6
fastboot flash modemst2 modemst2_COM6
fastboot reboot
Click to expand...
Click to collapse
Thank you.
FYI, I just amended my prior response (above) re. the ROM as well.
Graf_Eberstein said:
Thank you.
FYI, I just amended my prior response (above) re. the ROM as well.
Click to expand...
Click to collapse
Your welcome,
Stock Oreo Rom, flash in order But there are a lot more roms for the Lgv20 you can look around if you want.
LG V20 ROMs, Kernels, Recoveries, & Other Developm
US996 DIrtysanta Rom
ezV2020 kernel for Oreo link
Magisk-v21.4.zip
Latest version of twrp link
Darnrain1 said:
I found this some of the Links are broken.
V20 [H915|US996] DirtyElf Bootloader Unlock and Root guide
Firmware
US99610f_00_1205.kdz
usb drivers for windows
Terminal Emulator for Android "f-droid Download APK at bottom of page"
Before you flash the KDZ to downgrade your firwmare make a DUMP backup of ALL files first it will have your EFS and that's very very important it has your IMEI number. You don't need to dump system or cache.
Click to expand...
Click to collapse
Ok, so I finally got to where I'm able to run that dump backup. I've been at it for the better part of 8 man hours, and it keeps crashing. Finally got everything backed up except SYSTEM IMAGE. Whenever I try to back up that segment, the backup crashes. You said I don't need to do this against CACHE, which I get. There's both a SYSTEM and a SYSTEM IMAGE, so now I'm wondering if you meant the latter instead of the former... If not, how do I get past this obstacle?
FWIW, I'm writing to an otherwise empty, brand new 32 GB Class 10 card. Initially I was using a surplus 16 GB card, then realized that I was coming up around 4 GB short, and pegged the failure on that. But the same happens on the larger card. In case it matters, the backup gets to about 60% before failing...
Graf_Eberstein said:
Ok, so I finally got to where I'm able to run that dump backup. I've been at it for the better part of 8 man hours, and it keeps crashing. Finally got everything backed up except SYSTEM IMAGE. Whenever I try to back up that segment, the backup crashes. You said I don't need to do this against CACHE, which I get. There's both a SYSTEM and a SYSTEM IMAGE, so now I'm wondering if you meant the latter instead of the former... If not, how do I get past this obstacle?
FWIW, I'm writing to an otherwise empty, brand new 32 GB Class 10 card. Initially I was using a surplus 16 GB card, then realized that I was coming up around 4 GB short, and pegged the failure on that. But the same happens on the larger card. In case it matters, the backup gets to about 60% before failing...
Click to expand...
Click to collapse
Your phone is rooted great.
DUMP backup with LGUP. Might not be to late. Just hold vol up and plug in usb to phone and computer. Go into LGUP and choose DUMP all files. You don't need to dump system or cache. This will save all the files on your computer. Back the files up like google drive or something.
Take battery out and put back in. Then you want to boot into twrp and do a format.
Then your ready to install an OS on your phone. Why don't you check out my rom I made it's stock Oreo debloated. There are some good guides on there also you can follow. link
If you need any more help just ask. I don't mind.
I just wanted to thank you for the guidance to date. Great news: After many fits, starts, wrong turns, interruptions, and muckups both real and imagined, my V20 now has Oreo Lemondrop installed, and I presume it is also rooted.
With the initial hurdle overcome, it's time for new questions (see photos for the first three):
* The device reports no S/N. Normal?
* The OS reports no kernel version. Normal?
* The device still boots to the red triangle before loading Lemondrop. I was under the impression that would go away now, or am I wrong?
* A lot of games and other crud is being installed by Mobile Services Manager. Is that because I missed something?
The latter may not matter much: I'm going to move the SIM from my regular phone to the V20 to see if it will make/receive calls. If it does, it'll get a SIM of its own, so I can use it as a second line. If it doesn't work (I've seen posts about bands not working, etc), I'll be done with it altogether.
However, should the phone work, what'll make this whole enterprise a complete success, will be to install a more current Android release; I'm expecting 10 or 11, but would be tickled if it's 12 or 13. But first things first...
Graf_Eberstein said:
I just wanted to thank you for the guidance to date. Great news: After many fits, starts, wrong turns, interruptions, and muckups both real and imagined, my V20 now has Oreo Lemondrop installed, and I presume it is also rooted.
With the initial hurdle overcome, it's time for new questions (see photos for the first three):
* The device reports no S/N. Normal?
* The OS reports no kernel version. Normal?
* The device still boots to the red triangle before loading Lemondrop. I was under the impression that would go away now, or am I wrong?
* A lot of games and other crud is being installed by Mobile Services Manager. Is that because I missed something?
The latter may not matter much: I'm going to move the SIM from my regular phone to the V20 to see if it will make/receive calls. If it does, it'll get a SIM of its own, so I can use it as a second line. If it doesn't work (I've seen posts about bands not working, etc), I'll be done with it altogether.
However, should the phone work, what'll make this whole enterprise a complete success, will be to install a more current Android release; I'm expecting 10 or 11, but would be tickled if it's 12 or 13. But first things first...
Click to expand...
Click to collapse
Yeah no SN and no Kernel is normal. It's also normal to have the boot screen come up, it's because your phone is rooted now.
I have to run Oreo because LTE is not working in crDroid or Lineage os. There are proprietary drivers that are in Oreo to make LTE work and they are not in any other android os. But if all you need is 4G then maybe another os would work for you. In the USA they did away with 4G only LTE now. So I thought I would make the Lemon Drop rom, if I have to use Oreo why not make it fast. Plus most everything works in Lemon Drop. Like second screen and so on. I have used crDroid before it's good I will link the files for you.
Update: I found and removed Mobile Services Manager in the latest version of Auto_Debloat. Thanks for bringing this to my attention.
crDroid 11 just format and flash in twrp reboot.
also flash Magisk-v21.4.zip so you can have root.
you may have to flash twrp also I am not sure, it's been awhile before I install crDroid. You can always flash twrp in fastboot mode if you have to.
Take Care.
Darnrain1 said:
Yeah no SN and no Kernel is normal. It's also normal to have the boot screen come up, it's because your phone is rooted now.
I have to run Oreo because LTE is not working in crDroid or Lineage os. There are proprietary drivers that are in Oreo to make LTE work and they are not in any other android os. But if all you need is 4G then maybe another os would work for you. In the USA they did away with 4G only LTE now. So I thought I would make the Lemon Drop rom, if I have to use Oreo why not make it fast. Plus most everything works in Lemon Drop. Like second screen and so on. I have used crDroid before it's good I will link the files for you.
Update: I found and removed Mobile Services Manager in the latest version of Auto_Debloat. Thanks for bringing this to my attention.
crDroid 11 just format and flash in twrp reboot.
also flash Magisk-v21.4.zip so you can have root.
you may have to flash twrp also I am not sure, it's been awhile before I install crDroid. You can always flash twrp in fastboot mode if you have to.
Take Care.
Click to expand...
Click to collapse
Thank you again, and you're welcome for the bit on the Mobile Services Manager. My apologies for the lag in responding too; real life got in the way for a bit there. I'll look into your suggestion as I get a chance and will report back.
Graf_Eberstein said:
Thank you again, and you're welcome for the bit on the Mobile Services Manager. My apologies for the lag in responding too; real life got in the way for a bit there. I'll look into your suggestion as I get a chance and will report back.
Click to expand...
Click to collapse
Not a problem. Because I only have an H910 I didn't get all the bloatware on other lgv20 phones. But that Mobile Services Manager is a huge bloatware that installs more bloatware. So I thought I would try and find it and remove it in the latest version. You can update Auto_Debloat and it should get rid of that Mobile Services Manager for you. All you have to do is just flash the new version in twrp and reboot.

Categories

Resources