Database Users

How I upgraded my Consumer Cellular Moto G 2014 X1064 to Lollipop

Since I've been lurking all day looking for solutions, I thought I'd share my success story and instructions. I'm a new poster so I can't make links, so I'll do my best to give you an idea if you've got the right link. The fastboot instructions may be a little truncated, so look around if they seem unclear. These are the commands you need to enter, though. I wasn't able to relock my bootloader.
This is for the Consumer Cellular Moto G 2014 X1064. Starting from retail (where you have the Consumer Cellular app):
Unlock the bootloader on Moto's site at motorola-global-portal.custhelp dot com
Download Blur_Version.21.11.17.titan_retuaws.retuaws.en.US from droid-developers dot org slash phone device 36
Unzip that file into your fastboot folder
Enter Fastboot on your phone (how to: hold power and volume down until your device turns off, then hold it another 5-10 seconds, then let go and you should see a basic text screen)
Use these commands on your computer while being in the fastboot folder (I was using a Mac with the quick fastboot/ADB tools and just typed them in Terminal):
fastboot flash partition gpt.bin
fastboot flash motoboot motoboot.img
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot flash system system.img_sparsechunk.0
fastboot flash system system.img_sparsechunk.1
fastboot flash system system.img_sparsechunk.2
fastboot flash system system.img_sparsechunk.3
fastboot flash modem NON-HLOS.bin
fastboot erase modemst1
fastboot erase modemst2
fastboot flash fsg fsg.mbn
fastboot reboot
You should now be at stock Android 4.4.4 with an unlocked bootloader. No Consumer Cellular app.
Grab the torrent file from the thread titled "[OTA] Moto G 2014 XT1064 v22.11.6" on this subforum. It's on page 8, post #73
Rename that file to something simple like update.zip
Use Android File Transfer or similar (I had a Mac) to put that on the root of your device. It was at the same level as the Downloads folder. If you can see that, you're in the right place.
Reboot into fastboot mode
Select recovery mode (press volume down to highlight it, then volume up to select)
You'll now see an Android guy with a red triangle. Press volume up and power at the same time, let go, and you should be in another text menu.
Select boot from SD card (use volume down to highlight it, then power to select)
Select your update.zip
Wait 20 minutes or so while it works
Select reboot when you're finished
That was enough to get me to Android 5. Good luck everyone!

Janus Kirin said:
Since I've been lurking all day looking for solutions, I thought I'd share my success story and instructions. I'm a new poster so I can't make links, so I'll do my best to give you an idea if you've got the right link. The fastboot instructions may be a little truncated, so look around if they seem unclear. These are the commands you need to enter, though. I wasn't able to relock my bootloader.
This is for the Consumer Cellular Moto G 2014 X1064. Starting from retail (where you have the Consumer Cellular app):
Unlock the bootloader on Moto's site at motorola-global-portal.custhelp dot com
Download Blur_Version.21.11.17.titan_retuaws.retuaws.en.US from droid-developers dot org slash phone device 36
Unzip that file into your fastboot folder
Enter Fastboot on your phone (how to: hold power and volume down until your device turns off, then hold it another 5-10 seconds, then let go and you should see a basic text screen)
Use these commands on your computer while being in the fastboot folder (I was using a Mac with the quick fastboot/ADB tools and just typed them in Terminal):
fastboot flash partition gpt.bin
fastboot flash motoboot motoboot.img
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot flash system system.img_sparsechunk.0
fastboot flash system system.img_sparsechunk.1
fastboot flash system system.img_sparsechunk.2
fastboot flash system system.img_sparsechunk.3
fastboot flash modem NON-HLOS.bin
fastboot erase modemst1
fastboot erase modemst2
fastboot flash fsg fsg.mbn
fastboot reboot
You should now be at stock Android 4.4.4 with an unlocked bootloader. No Consumer Cellular app.
Grab the torrent file from the thread titled "[OTA] Moto G 2014 XT1064 v22.11.6" on this subforum. It's on page 8, post #73
Rename that file to something simple like update.zip
Use Android File Transfer or similar (I had a Mac) to put that on the root of your device. It was at the same level as the Downloads folder. If you can see that, you're in the right place.
Reboot into fastboot mode
Select recovery mode (press volume down to highlight it, then volume up to select)
You'll now see an Android guy with a red triangle. Press volume up and power at the same time, let go, and you should be in another text menu.
Select boot from SD card (use volume down to highlight it, then power to select)
Select your update.zip
Wait 20 minutes or so while it works
Select reboot when you're finished
That was enough to get me to Android 5. Good luck everyone!
Click to expand...
Click to collapse
During the first flash, did you not get System Downgrade errors? And after reboot i could still see same Consumer Cellular system version. Did you verify your system version before you updated Lollipop?
I still cant believe it worked for you as i have seen other people still having issues like me where they cannot flash 21.11.17 version because of system not permitting downgrading.
Please add any more insights or if you downloaded the ROM from somewhere else.
Thanks.

zoomingrocket said:
During the first flash, did you not get System Downgrade errors? And after reboot i could still see same Consumer Cellular system version. Did you verify your system version before you updated Lollipop?
I still cant believe it worked for you as i have seen other people still having issues like me where they cannot flash 21.11.17 version because of system not permitting downgrading.
Please add any more insights or if you downloaded the ROM from somewhere else.
Thanks.
Click to expand...
Click to collapse
I didn't get system downgrade errors, no. I unlocked first. Maybe that was it?
My system version was 21.11.23.titan_ccaws.AWSCC.en.US cc

Zoomingrocket, check out my post here: http://forum.xda-developers.com/showpost.php?p=56707918&postcount=26
Thanks for the guide, helped me to update to Lollipop after flashing the retail image. Are you able to lock your bootloader, or will I just have to live with it being unlocked?

Janus Kirin said:
I didn't get system downgrade errors, no. I unlocked first. Maybe that was it?
My system version was 21.11.23.titan_ccaws.AWSCC.en.US cc
Click to expand...
Click to collapse
That's the same version I had, and I got the same error as the person above.

chibichn said:
Zoomingrocket, check out my post here: http://forum.xda-developers.com/showpost.php?p=56707918&postcount=26
Thanks for the guide, helped me to update to Lollipop after flashing the retail image. Are you able to lock your bootloader, or will I just have to live with it being unlocked?
Click to expand...
Click to collapse
I was not able to lock the bootloader. It shows that warning for five seconds and then starts the boot animation. I'd also like to lock it, but I've decided not to press my luck.

Janus Kirin said:
I was not able to lock the bootloader. It shows that warning for five seconds and then starts the boot animation. I'd also like to lock it, but I've decided not to press my luck.
Click to expand...
Click to collapse
chibichn said:
Zoomingrocket, check out my post here: http://forum.xda-developers.com/showpost.php?p=56707918&postcount=26
Thanks for the guide, helped me to update to Lollipop after flashing the retail image. Are you able to lock your bootloader, or will I just have to live with it being unlocked?
Click to expand...
Click to collapse
Thanks a ton Janus & Chibichn, it works and i was able to downgrade and flash Lollipop via recovery!

See this post:
http://forum.xda-developers.com/showpost.php?p=56707918&postcount=26
Seems to work for me. Happily running Lollipop on my Consumer Cellular G (2014).

Other than the void warranty, any other disadvantage in unlocking the bootloader? Will we get future OTA updates or well have to flash every time?

Thanks, worked for me, for those who aren't able to downgrade, are you sure you got your bootloader unlocked?

Great tutorial, worked exactly as described. Thanks A LOT! Now to root and start restoring my TitaniumBackup.

Thanks for the tutorial, I am having issues on step 14 the installation aborts in recovery. I did rename the zip to update.zip. If some one can point me in the right direction that would be appreciated. Thanks.
Sent from my A0001 using XDA Free mobile app

Thanks a ton for this. Got my less than 24 hour old Moto G upgraded last night. Youre a lifesaver.

root??
work was actually really really perfect! however I noticed that when starting this root and lost without recovery. is normal in this version? because at the end she asked me to reinstall it would root.

I got the xt1064 from consumer cellular and have been trying to replicate the process but with a locked bootloader.
My cc x1064 originally came with 21.11.23.titan_ccaws.AWSCC.en.US cc. I couldn't flash an older US retail build (21.11.17.titan_retuaws.retuaws.en.US - the latest available for download at the time) because of downgrade issues. Locked bootloader wont let you downgrade, image verification issue.
As of today I was able to located the latest US retails aws rom for 21.11.23. I ended up getting it from a different faster mirror than the ones posted in another xda thread.
http://motofirmware.com/files/file/951-retuaws-xt1064-444-kxb2185-23-cid9-cfcxmlzip/
Fastboot flash of this rom was successful. No bootloader/image issues. My consumer cellular rom was removed, cc app was gone, and now my system version reads 21.11.23.titan_retuaws.retuaws.en.US cc ( build # kxb21.85-23). Don't know why the "cc" is still appended to the end of the system version. Baseband version also had CCAWS_CUST in it. Is this an indication that consumer cellular components like the baseband modem files were untouched during the US retail flash?
Anyway, tried all the tutorials on getting OTA to update via stock recovery thru "update form sd" but the update keeps failing. I keep getting message " package expect build finger print of motorola/titan_retuaws/titan_umts:4.4.4/kxb21.85-17/23:user/release-keys or motorola/titan_retuaws/titan_umts:5.0/LXB22.39-6/5:user/release-keys; this device has motorola/titan_retuaws/titan_umts:4.4.4KXB21.85-23/30:u Installation aborted."
So the phone is complaining that the package currently installed either had to be 21.85-17 (4.4.4) or lollipop 5.0, in order to flash , but found 21.85-23(4.4.4) on my phone instead, hence it fails because of version mismatch. So in order to update OTA lollipop with a locked bootloader only a currently installed build of 21.11.17 will allow you to do it? If that is the case, I can't downgrade and thus can update the OTA.

diamondjoker5 said:
I got the xt1064 from consumer cellular and have been trying to replicate the process but with a locked bootloader.
My cc x1064 originally came with 21.11.23.titan_ccaws.AWSCC.en.US cc. I couldn't flash an older US retail build (21.11.17.titan_retuaws.retuaws.en.US - the latest available for download at the time) because of downgrade issues. Locked bootloader wont let you downgrade, image verification issue.
As of today I was able to located the latest US retails aws rom for 21.11.23. I ended up getting it from a different faster mirror than the ones posted in another xda thread.
http://motofirmware.com/files/file/951-retuaws-xt1064-444-kxb2185-23-cid9-cfcxmlzip/
Fastboot flash of this rom was successful. No bootloader/image issues. My consumer cellular rom was removed, cc app was gone, and now my system version reads 21.11.23.titan_retuaws.retuaws.en.US cc ( build # kxb21.85-23). Don't know why the "cc" is still appended to the end of the system version. Baseband version also had CCAWS_CUST in it. Is this an indication that consumer cellular components like the baseband modem files were untouched during the US retail flash?
Anyway, tried all the tutorials on getting OTA to update via stock recovery thru "update form sd" but the update keeps failing. I keep getting message " package expect build finger print of motorola/titan_retuaws/titan_umts:4.4.4/kxb21.85-17/23:user/release-keys or motorola/titan_retuaws/titan_umts:5.0/LXB22.39-6/5:user/release-keys; this device has motorola/titan_retuaws/titan_umts:4.4.4KXB21.85-23/30:u Installation aborted."
So the phone is complaining that the package currently installed either had to be 21.85-17 (4.4.4) or lollipop 5.0, in order to flash , but found 21.85-23(4.4.4) on my phone instead, hence it fails because of version mismatch. So in order to update OTA lollipop with a locked bootloader only a currently installed build of 21.11.17 will allow you to do it? If that is the case, I can't downgrade and thus can update the OTA.
Click to expand...
Click to collapse
I also noticed that Base Band version stays from Consumer Cellular. Any idea if we should or can flash the Base Band to US Retail? Also as far i read, yes the lollipop update is based on top of 21.11.17 not 21.11.23. There may be a lollipop image on top of 21.11.23 but i am not sure.

^^ personally I didn't care to void the warranty since I picked it up for 75 (gift card for another 75), also the consumer cellular model. Updated it to 5.0 and using it as my spare phone for browsing and web on my secondary line, it works fine. Immediately after the update, getting back into recovery is an issue, haven't tried since but it's been working fine so I'm not complaining.

zoomingrocket said:
I also noticed that Base Band version stays from Consumer Cellular. Any idea if we should or can flash the Base Band to US Retail? Also as far i read, yes the lollipop update is based on top of 21.11.17 not 21.11.23. There may be a lollipop image on top of 21.11.23 but i am not sure.
Click to expand...
Click to collapse
I was successful with the Consumer Cellular XT1064, but I unlocked the bootloader first and left it that way. It is my understanding that this is required to downgrade, but I'm no expert.
The Lollipop *does* update the Baseband, though the CCAWS_CUST was/is appended throughout. Unsure what that is all about (or if it even relates to Consumer Cellular), but it works just fine. I'll paste the various Baseband, System, and Build numbers reported as I progressed below. Perhaps this will shed some light?
___________________________________
Consumer Cellular XT1064 - As found:
Baseband: MSM8626BP_1032.394.88.00R, CCAWS_CUST
System: 21.11.23.titan_ccaws.AWSCC.en.US.cc
Build: KXB21.85-23
___________________________________
After factory retail flash:
RETUAWS_XT1064_4.4.4_KXB21.85-17_cid9_CFC.xml.zip
Baseband: MSM8626BP_1032.394.88.00R, CCAWS_CUST
System: 21.11.17.titan_retuaws.retuaws.en.US na
Build: KXB21.85-17
___________________________________
After Lollipop update via adb sideload:
Blur_Version.21.11.17.titan_retuaws.retuaws.en.US.zip
Baseband: MSM8626BP_1032.3105.93.00R, CCAWS_CUST
System: 22.11.6.titan_retuaws.retuaws.en.US cc
Build: LBX22.39-6
___________________________________
Kinda strange that the System went from US cc, to US na, then back to US cc. ???
If someone can provide this information from another carrier or carrier-less, it would be interesting to compare. I have 2 more of these ordered and due to arrive Wednesday. I'll check back here before I alter them in case someone wants additional info. - Regards
---------- Post added at 02:48 AM ---------- Previous post was at 02:07 AM ----------
chibichn said:
Zoomingrocket, check out my post here: http://forum.xda-developers.com/showpost.php?p=56707918&postcount=26
Thanks for the guide, helped me to update to Lollipop after flashing the retail image. Are you able to lock your bootloader, or will I just have to live with it being unlocked?
Click to expand...
Click to collapse
Oh my, that bat file looks eerily familiar to me. Could be a coincidence, but I *know* Jack - very well

Recovery issue
Anyone else have issues getting back into recovery after flashing lollipop? Before I wipe mine and redownload the file, is anyone else's recovery an issue? I get stuck at the dead android logo and it won't show the recovery menu text/options.

By chance will this by default carrier unlock the device as well?

Getting rid of the unlocked bootloader warning message

The way to get rid of the warning caused by unlocking the bootloader on other phones would be to flash the proper bootloader logo in fastboot using:
Code:
fastboot flash logo logo.bin
This is how I did it on my old LG Nexus 5X.
Does anyone have the correct logo for the V20? Has anyone tried this on the V20?

It's not a logo file. It's located in aboot and you can't change it.

androiddiego said:
It's not a logo file. It's located in aboot and you can't change it.
Click to expand...
Click to collapse
That wasn't true on the 5X: https://forum.xda-developers.com/ne...-change-bootlogo-images-imgdata-tool-t3240052
Are you positive that it's different now?

Sizzlechest said:
That wasn't true on the 5X: https://forum.xda-developers.com/ne...-change-bootlogo-images-imgdata-tool-t3240052
Are you positive that it's different now?
Click to expand...
Click to collapse
Here is the tool that might be useful to search for and dump the relevant partition, mount it and investigate the source of the picture and text warning:
Partitions Backup & Restore
https://play.google.com/store/apps/details?id=ma.wanam.partitions
In the best case scenario, even use reverse engineering to skip the warning and its delay altogether, anyone?
Or is aboot non-writable?

You modify aboot in any way / shape / or form, and you better open a ticket with LG. When you unlock your bootloader, that stops aboot from verifying the signature of boot, laf, and recovery. XBL still very much does verification of all the other pieces of firmware. One of the first things it checks is the signature of aboot. If aboot has been modified, or wasn't signed with the same RSA cert that matches the RSA key that is in your model's QFPROM, then the phone goes into 9008 mode. At this time, there is no fixing that -- except sending it back to LG (and there may never be now that LG uses UFS nand in their phones).
-- Brian

I've personally looked into this and looks like it can't be changed.

I'm pretty sure the images is in the *raw_resources* partition. Look here.
It must be very hard to modify though considering LG use it for (all?) many models, since I've only found a single development thread for it, and as you'll see that didn't go very far.

@askermk2000 You are correct. Every single boot, charging, download mode, etc image is on that partition, and it isn't signed / checked, so modify away with no risk of bricking your phone.
There is an index with offsets for each image, but the format of the images isn't immediately obvious.
-- Brian

runningnak3d said:
@askermk2000 You are correct. Every single boot, charging, download mode, etc image is on that partition, and it isn't signed / checked, so modify away with no risk of bricking your phone.
There is an index with offsets for each image, but the format of the images isn't immediately obvious.
-- Brian
Click to expand...
Click to collapse
so it is indeed possible to change the unlocked bootloader warning?

Security wise, there is no reason that you can't change them. It looks like LG is using RLE encoding, so finding the start and end of an image is going to be interesting. There are offsets in the index, but they don't seem to align.
Also, while I don't think having a corrupt raw_resources partition would give you a 9008 brick, you might want to have a backup ready to flash if you decide to modify it. But, (and there is always a but), since aboot loads this, if aboot pukes and doesn't load, that WILL give you a 9008 brick.
If I were you, I would buy a used V10 off of eBay, and test on that since you can recover from a 9008 with an SD card.
-- Brian

ATT update 10/31

Has anyone on a pure stock h910 taken the latest update that has been pushed out today? I was wondering if anyone could check the ARB version.
*#546368#*910# on the dialer to enter hidden menu then select svc menu and then version info. Scroll to the bottom and you will see antirollback and a number listed. I just want to know what that number is. Thanks ahead of time!

Just updated. Antirollback number is 0.

Expertize said:
Just updated. Antirollback number is 0.
Click to expand...
Click to collapse
Really appreciate taking the time to report back! Thanks again

@Expertize Would you mind grabbing the patched LG UP and dumping it? If so, I can send you full details on which partitions to dump.
Also, what version is it now?
Thanks,
-- Brian

@runningnak3d @toastyp I figured i'd be brave and did the update myself. I'm confirming @Expertize 's post. Software vers. H91010q. Build is still NRD90M, Kernel 3.18.31, Security patch level 10/1/2017, Android 7.0, ARB 0.
I've got my laptop here at work and can do the LG up of what you need, though the upload will have to be later tonight when I get home (my portable hotspot is super slow to be uploading gigs lol).

And I just sent a request to LG for the 10p kernel source code, now I have to get 10q -- UGH! /sarcasm
@crackness Thanks very much dude! I forget, do you need the list of what partitions to dump, or are you good?
-- Brian

@runningnak3d Yeah, let me know what partitions you want me to dump. Do you need me to do a wipe first?

Yea, you need to factory reset before dumping so you have a clean system partition.
Code:
aboot
abootbak
apdp
boot
cmnlib
cmnlib64
cmnlib64bak
cmnlibbak
devcfg
devcfgbak
factory
hyp
hypbak
keymaster
keymasterbak
laf
lafbak
modem
msadp
persist
pmic
pmicbak
raw_resources
raw_resourcesbak
rct
recovery
recoverybak
rpm
rpmbak
sec
system
tz
tzbak
xbl
xbl2
xbl2bak
xblbak
Thanks again dude!
-- Brian

No problem. Will do tonight (around 11-12 Eastern).

Im using the h910 on another carrier so I cant receive updates. Can I use this dump to update my phone using LG Up?

@runningnak3d I've sent you a PM with a question.
You can ignore my PM, uninstalling then reinstalling fixed the issue.
Here's the zip of the 37 files you requested from my freshly factory reset 10q phone.
Let me know if you have any issues accessing.
Thanks.

@crackness Thanks very much!
@prismk You can use these to upgrade your firmware, but not with LG UP. You either have to flash them manually with dd, or wait for the TWRP flashable zip.

runningnak3d said:
@prismk You can use these to upgrade your firmware, but not with LG UP. You either have to flash them manually with dd, or wait for the TWRP flashable zip.
Click to expand...
Click to collapse
Can I flash with fastboot or dd all partitions except the recovery to not loosing TWRP?

If you are currently rooted, then yes, you can use fastboot to flash each file. The ones you don't want to flash in addition to recovery are:
Code:
aboot
abootbak
recovery
recoverybak
I only had him dump those in case someone wanted to return to stock.
Something you need to know ... the 10p and 10q firmware do not work with older boot(kernel) and system images. So if you flash this, you will have to use the kernel and system as well -- no *current* custom ROMs work with 10p or 10q. Also, since you have to use the stock kernel, you will have the static issue where you have to cover the prox sensor after every reboot. If none of that is a problem for you, flash away.
The good news is that 10q is still ARB 0, so if you don't like it, you can go back to 10m.
-- Brian

Ok! Thank you!

I just did a check, and mine says it's up to date, now, this may be because mine in unlocked on Cricket

I entered on fastboot mode and flashed the partitions. Worked like a charm

Is anyone planning to make a twrp flash able 10q? I'm on WETA, but since that's not being worked on anymore, I just assume go with the newer patch level and be rooted.

You're really not going to like the answer...it is..... 42
Just kidding, for real it says 0
Hope this is helpful.

prismk said:
I entered on fastboot mode and flashed the partitions. Worked like a charm
Click to expand...
Click to collapse
My front camera has stopped working unless I tap (not bang but tap) on the phone near the camera. I need to flash back to stock, including recovery. Can I do so in fastboot? If so, mind posting a quick little "how you did it"?
I know the commands for fastboot, but just want to make sure I do this correctly. Don't want to go into the AT&T store with a completely bricked phone...
Also, do I need to flash all partitions, or can I just flash recovery and kernel partitions and boot into ROM since I'm already on stock? That's really all I need to change, that and unroot the phone...

how to extract boot.img and aboot.img files in a firmware

I noticed when extracting a KDZ file I get a DZ file, after extracting DZ I get multiple BIN files, I need a boot.img file and an aboot file of V20 version H915 V10q

Be very, very careful messing with aboot. This is the bootloader of your device and one small wrong move will cause a hard brick. Not even booting into LGUP will be possible. If you have the dirtysanta bootloader, don't flash the aboot because it will relock your bootloader.
As for your question, simply rename .bin to .img!

Similar Prob
NotYetADev said:
Be very, very careful messing with aboot. This is the bootloader of your device and one small wrong move will cause a hard brick. Not even booting into LGUP will be possible. If you have the dirtysanta bootloader, don't flash the aboot because it will relock your bootloader.
As for your question, simply rename .bin to .img!
Click to expand...
Click to collapse
I have the exact same situation as OP but with a KDZ for different LG device..
I don't see boot.img anywhere after DZ extraction, just .BIN files..
Is it as simple as changing the extension from .BIN to .IMG??
I don't want to make a fatal mistake.

dano.556 said:
I have the exact same situation as OP but with a KDZ for different LG device..
I don't see boot.img anywhere after DZ extraction, just .BIN files..
Is it as simple as changing the extension from .BIN to .IMG??
I don't want to make a fatal mistake.
Click to expand...
Click to collapse
Yes it is. But seriously, you will hard brick your device why are you doing this?

dano.556 said:
I have the exact same situation as OP but with a KDZ for different LG device..
I don't see boot.img anywhere after DZ extraction, just .BIN files..
Is it as simple as changing the extension from .BIN to .IMG??
I don't want to make a fatal mistake.
Click to expand...
Click to collapse
Boot.bin is just boot.img with a different extension, just needs renamed. Aboot is the one you never want to touch.

alvinator94 said:
Yes it is. But seriously, you will hard brick your device why are you doing this?
Click to expand...
Click to collapse
This is to install Magisk, stock boot.img required..

What? Just flash Magisk from TWRP.
As far as aboot goes, you can flash aboot from any V20 onto any other V20 except the H918. If you flash ANY firmware from the H918 onto any other model -- brick. If you flash firmware from any model onto the H918 -- brick.
However, if you flash aboot, you ALSO have to flash xbl.
Anyway you want to look at it, if you are messing around with aboot and xbl, you are just looking to brick your phone.
-- Brian

runningnak3d said:
What? Just flash Magisk from TWRP
Click to expand...
Click to collapse
I don't have a custom recovery since Fastboot commands are non accessible on this device I want to install Magisk on. If there's a way to write recovery.img/boot.img without Root then might as well flash patched_boot.img & be done with it

And without fastboot being available, how do you propose flashing the patched boot.img?
-- Brian

runningnak3d said:
And without fastboot being available, how do you propose flashing the patched boot.img?
-- Brian
Click to expand...
Click to collapse
That's the million dollar question ? Maybe SP Flash Tool or Miracle box is the answer I don't know yet..

Or you could do a search on here. The only V20 model that can't (currently) be rooted, is the LS997 -- all other models can.
If you have any model except the H910 or H918, search for DirtySanta. If you have an H918, search for lafsploit, if you have an H910, search for H910 root.
It is Sunday morning, so I figured I would lend a hand even though it is obvious you didn't bother to even peruse this forum.
-- Brian

G6 Bootloader info

Hiya guys!
So, I've been plucking away at trial and error with my G6 (H873 Canadian) now that I have edl to fall back to and by using qdloader flashes to write my nand I have written my device with a hybrid of the pie beta 29a and an unlocked us997 aboot. after modifying the devinfo partition... my magisk modified boot image gets me as far as my lockscreen. I can login but my background is black. if I open magisk manager it shows it as installed but then crashes seconds later. ideas? I have very minimal knowledge of the partition structure and the chain of trust for this device and I am absolutely sure it's my mistake so maybe someone who is kind enough and has the time could explain a bit more to me about the inner workings of this mishmash bootup and possibly help me fix it to remain booted? Preferrable if I don't have to downgrade by the way pie has saved this device performance wise.

After more screwing about I somehow relocked the bootloader and the key that worked before is now rejected. Any help?

No further luck but it doesn't matter. the boot loops have stopped and my changes are intact. h873 running dual speaker mod and adblocking hosts file. root, however, is not still functioning and my attempted viper4android install is in some weird instant reboot to bootloader limbo.

If I can do it by simply ****ing around I'm confident someone can do more than me with enough time and knowledge. I'm not giving up either. I just honestly don't know what I'm doing. I do caution anyone who messes with this sort of stuff to dump a full partition level backup of your phone. I know I nearly lost my misc partition (imei won't work right without it) and was saved by an earlier dump in my preliminary testing

H873: Question what aboot did you use and how did you modify the devinfo partition? Ive literally been working on the aboot in Ghidra for 5 weeks, I have root in system with a modified su98, system is not currently mountable because it is not referenced in /proc/mounts . From what I can gather the devinfo must have 0x2 at both 0x10 and 0xe0 while both are equal to 2 and device reset is called the unlock bit in rpmb is equal to Y else it is N then it will erase unlock key from rpmb. Also im not afraid of bricking I have been in edl mode well over 50 times and have explored every single partition on this thing. I have the aboot for US997 unlocked variant and the files from runningnak3d's AFH. The fastboot portion of the aboot when looking at the de-compiled code in Ghidra is extremely small and strict.