Related
I am trying to update my bootloader to ICS
i finally got apx mode to work after changing my rom back to Lightspeed_2.1(7.014.15_COM_GEN1) from FLEXREAPER-R14_ICS_1.033.00/1.031.00
every looked to work fine !
afterota reads
A500/G100W Serial, Cpuid, Sbk, Bootloader & Android Build Info
Generated with Afterota Lite v1.06 ( info edition ) by Gersma©
---------------------------------------------------------------
Tablet Serial : 11619222615
Tablet Cpuid : 033C120041414357
Tablet Sbk : 0xC161D201 0x441AC501 0x1B522103 0x91032103
Bootloader : 0.03.14-MUL
Android Build : Lightspeed_2.1(7.014.15_COM_GEN1)
Generated on 05/06/12 at 19:06 hr
is this correct to now put FLEXREAPER-RF1-EXTREME-EDITION_rv3-No_Games (280MB) on
i thought the boot loader would read ICS somewhere in it whats MUL???
Looks like it.
You should see it on boot. Something like "skirlax_cz's bootloader ver.4 (.03.14-UL) or something similar. (I use version 4)
MD
TL;DR:
I have a "Groundhog day" green-lens defy. Likely a faulty NAND, w/o warranty, I'd like to use MultiBoot and boot from the SD card, but 2ndInit gets reset at each reboot in the "Groundhog day" effect.
/TL;DR.
After spending four days on google and XDA without success, I'm here asking for help.
I got a used Defy (MB525, Green lens) whose history I do not know. It currently boots to a Chinese ROM with the following information:
Code:
System version: Moto_Version.34.30.3601.MB525.Retail.en.SEA18
Android: 2.2.2
Modem: EPU93_U_00.59.02
kernel: 2.6.32.9-g0671d13 [email protected] #1
BPflex: UCAJRDNEMARAB1B80AA03.0R
APflex: GAS_ASIA_USAJRDNFRYORTINT_P011
Build: JEM_3.4.3-36-1
I can change the language, set up wifi, Google and everything else... but as soon as I reboot I am prompted by a factory-reset device.
I thought the issue was with the userdata partition, but I can successfully get root (through psneuter), install SuperSU, install 2ndInit (2.3) and get the green led. After a reboot I'm prompted with a factory-reset device with no trace of root (and bootmenu).
I've tried using both sbf_flash (on Linux and OSX) and RSDLite (on Windows) to flash both an European SBF and the Chinese SBF which corresponds to the above mentioned data. In either case the writing phase goes to 100% but the verify/check phase dies at CG35 (and every following CG). These attempts make a "Code corrupt" bootloader screen, but then flashing only userdata resets the "corrupt" flag and the device boots again.
It clearly has a faulty NAND, but I was hoping I could put 2ndInit + Bootmenu + Multiboot and load ROMs over the SD.
I can't make up a reason for the auto-reset at every reboot. Both manual (adb remount + push a file in /system/app) or autmated (2ndInit) changes get lost. I'm wondering if I'm missing something regarding bootloaders or CG versions.
I am not sure I can send it to Motorola under warranty, in which case I'd feel better if there was a way to "brick" it further and avoid the Chinese ROM to boot altogether (not knowing its history I don't know if it's the original ROM or if the previous author messed up with it).
Do you have any suggestions? Some tests, something to check... I've spent four days rooting, flashing SBFs and doing whatever I could find. Maybe I missed the golden egg.
EDIT: some more information.
- sbf_flash -r -v -d --boot gives me an error message, so it seems I am not able to dump the CG from the Defy.
Code:
>> waiting for phone: Connected.
>> downloading boot: 0.0%
RX(7): [02]ERR[1e][8a][03]
>> downloading boot: failed at b1000000/b1800000
[email protected]:~$
- Using APflex string id, the ROM running on the device can be only JRDNEM_U3_3.4.3-36-1_CHINESE_SIGN_SIGNED_UCAJRDNEMARAB1B80AA03A.0R_PDS03C_USAJRDNFRYORTINT_P011_A013_HWp3_Service1FF which I downloaded.
- Running smgver on the files extracted from the SBF gives me these results:
Code:
CG31.img version is 4
CG32.img version is 1
CG33.img version is 1
CG34.img version is 1
CG35.img version is 2
CG39.img version is 4
CG42.img: signature not found!
CG45.img version is 0
CG47.img version is 2
CG53.img: signature not found!
CG61.img version is 1
CG64.img version is 1
CG65.img version is 1
RDL03.img: signature not found!
- The ROM runs Froyo (2.2.2) so it should be on BL4. It is not listed in walter79's thread as there are 3.4.3-36-1.7 SEA deblur and 3.4.3-36 UAE deblur, but my ROM is 3.4.3-36.1 BLUR.
- When booted into the Chinese ROM, RSDLite [running RSDLite v5.7 Multi-Flash./ Multi-Flex tool] shows:
Code:
IMEI: [omissis]
Technology: UMTS
Software Version: JEM_3.4.3-36-1
Flex Version: UCAJRDNEMARAB1B80AA03A.0R
Bootloader Version: 0910
DRM Version: N/A
- When booted in BOOTLOADER, it shows:
Code:
IMEI/ESN/MEID: N / A
Technology: N / A
Software Version: N / A
Flex Version: N / A
Bootloader Version: v0x000910
DRM Version: N / A
AP Die ID: 1a600117177460010000d8ff0200
BP Die ID: 0000000000000000000000000000
AP Public ID: 7ace4f54571d6c6831fed219adb4fe9ce4443647
BP Public ID: 0000000000000000000000000000000000000000
And the first line shows S FLASH OMAP3630.
I use an MB525 as well and recently tried CM9. One fine day it FC'd apps and processes and started rebooting frequently. I've now flashed other ROM's but the same problem persists. Reboots every time with factory settings, doesn't seem to remember anything in memory. Did you have any luck?
Nope, still reverts to factory. Even /system and /cache get reset.
Hi,
read this
http://forum.xda-developers.com/showthread.php?t=1216982
and update your Defy.
joke19 said:
Hi,
read this
http://forum.xda-developers.com/showthread.php?t=1216982
and update your Defy.
Click to expand...
Click to collapse
Thanks, I read that guide multiple times but I don't understand which passage would be helpful to me. Both sbf_flash and RSDLite fail flashing a 3.4.x SBF, the same that I am running and which is available in my country. I don't get the black screen, it's the very flashing process which fails w/ an error.
I wouldn't mind running entirely from SDcard, bypassing the NAND after 2ndInit/2ndBoot, but 2ndInit doesn't persist. It is lost after a reboot.
I have searched, found and tested this rom.
It is a beta but it works very well, I leave the links of the original web where all the information of download and installation is.
I hope this humble contribution helps you.
web : http://getbest.ru/doogee_x5pro_nougat_beta.htm
TWRP : https://drive.google.com/file/d/0B3nYb3vN0P9VakpJWVU1Unh1NGc/view?usp=sharing
Flash Tool Firmware x32 : https://drive.google.com/file/d/0B3nYb3vN0P9VVGZvZlVIeEdQcG8/view?usp=sharing
Flash Tool Firmware x64 : https://drive.google.com/file/d/0B3nYb3vN0P9VVGZvZlVIeEdQcG8/view?usp=sharing
Super SU : https://s3-us-west-2.amazonaws.com/supersu/download/zip/SuperSU-v2.79-201612051815.zip
Hi, and thank you, I already had downloaded the BETA3 version from needROM.com but it seems this is updgraded
---------- Post added at 06:35 PM ---------- Previous post was at 06:33 PM ----------
Just a question, I have to use the Flashtool to flash the firmware and after that the TWRP and Supersu options?
I've been using beta4 (and beta3 previously) for months and quite like them. Also, since the original factory rom is filled with adaware, isn't as up-to-date with Android's security patches and doesn't pass SafetyNet, you're gaining a lot and not losing anything switching or rooting for that matter.
Though I still prefer magisk over rooting since it's more secure and more than enough for adaway.
juancarloscuba said:
Just a question, I have to use the Flashtool to flash the firmware and after that the TWRP and Supersu options?
Click to expand...
Click to collapse
You can but you don't have to. I had a problem flashing beta4 and twrp at one go but booting the phone once with just beta4 and then powering off and flashing twrp and\or rooting afterwards solved that.
Btw, the dev is developing gesture modules for the kernel (built-in beta4) and an app to go with them: http://getbest.ru/kernel_gesture.htm I didn't find the feature useful enough to keep around but it works as advertised and, once again, magisk was enough.
Overall, the rom is an absolute must as far as I'm concerned and I wouldn't be using this phone if it wasn't available. It would have been nice if the dev could keepup with android's patches better but seeing how he's doing a better job than doogee and for free I can't really complain.
Do the camera and fingerprint work?
Hi. I wish to give my really thanks to the developer of this rom.
It solve my problems:
Stock rom R16:
sim card WIND (IT) poor 4G/LTE reception
sim card VODAFONE (IT) no 4G/LTE reception
(tested switching 1-2, various city zones)
This Rom:
both full 4G/LTE reception!!
M.A.
Hello Maria and thanks for your experience.
What can you say to me about the fingerprint and camera functionality?
Do they work fine on this rom?
****_ve said:
I have searched, found and tested this rom.
It is a beta but it works very well, I leave the links of the original web where all the information of download and installation is.
I hope this humble contribution helps you.
web : http://getbest.ru/doogee_x5pro_nougat_beta.htm
TWRP : https://drive.google.com/file/d/0B3nYb3vN0P9VakpJWVU1Unh1NGc/view?usp=sharing
Flash Tool Firmware x32 : https://drive.google.com/file/d/0B3nYb3vN0P9VVGZvZlVIeEdQcG8/view?usp=sharing
Flash Tool Firmware x64 : https://drive.google.com/file/d/0B3nYb3vN0P9VVGZvZlVIeEdQcG8/view?usp=sharing
Super SU : https://s3-us-west-2.amazonaws.com/supersu/download/zip/SuperSU-v2.79-201612051815.zip
Click to expand...
Click to collapse
Can you please assist me with flashing this ROM? (either 32bit or 64bit) - I've tried using the Flash Tool guide, but with 32bit the clean install scatter file does nothing, and with 64bit the clean install scatter file comes up with error: "chip type not match!! target efuse value: 0xa4020000"
I've tried with and without battery, I have installed Android USB driver, and I've followed this guide: https://androidmtk.com/flash-stock-rom-using-smart-phone-flash-tool
Please help!
The Seeker said:
Hello Maria and thanks for your experience.
What can you say to me about the fingerprint and camera functionality?
Do they work fine on this rom?
Click to expand...
Click to collapse
Hi.
My phone (X5pro) hasn't fingerprint reader.
The camera seems to work in normal way.
M.A.
P.S.: May be it depends by my phone, but sometimes touch is not reponsive; I have to push the power button ("stand-by") and push it again to have normal touch response.
---------- Post added at 07:24 PM ---------- Previous post was at 07:19 PM ----------
Racxie said:
Can you please assist me with flashing this ROM? (either 32bit or 64bit) - I've tried using the Flash Tool guide, but with 32bit the clean install scatter file does nothing, and with 64bit the clean install scatter file comes up with error: "chip type not match!! target efuse value: 0xa4020000"
I've tried with and without battery, I have installed Android USB driver, and I've followed this guide: https://androidmtk.com/flash-stock-rom-using-smart-phone-flash-tool
Please help!
Click to expand...
Click to collapse
The flash guide you linked is the right guide.
What exact model of phone you have?
Does the scatter and other files are in the same folder? (unzipped, you know).
Does the flashtool give any error message with the 32bit version?
Regards
M.A.
I tried both the 32bit and 64 bit versions of this rom, it's pretty good for a beta. However I had a problem with the screen going dark while using it and once the screen inverted colours randomly. Has anyone else had this problem with this rom? I'm currently using the android 6 stock rom but would love to get 7.1.1 working perfectly.
installed with SP flash tools x5pro-7.1-x32-BETA4 from a stock kernel 6.0 (R16)
with no luck. At booting snowcatPDA logo shows for a while and continuously reboots.
Flashed from ubuntu linux 16.04:
Download Only option (should I have choosen Firmware Upgrade?)
Scatter-loading File MT6735M_Android_scatter-WIPE-CLEAN_INSTALL.txt (should I have choosen MT6735M_Android_scatter.txt?)
I had the bootloader locked in development options (had it to be open?)
I also had USB debugging ON
Any tips?
xe7um said:
installed with SP flash tools x5pro-7.1-x32-BETA4 from a stock kernel 6.0 (R16)
with no luck. At booting snowcatPDA logo shows for a while and continuously reboots.
.....
Any tips?
Click to expand...
Click to collapse
Hi.
Now I'm at home.
Tomorrow morning, when I'll be at office I'll write down steps by steps I did.
(home... office..., reverse of natural manner, because I do all my mobile hobbies at lunch pause; at home PC is used by others )
Hello, here I am.
The follows are the steps, more or less, that I did.
(maybe you already did some of these)
1-Start from official R16 ROM
2- Developer option
#a. Enable USB debug#b. Enable OEM unlock
3- Security: allow unknown origin installation
4- Unlock bootloader
#a. Connect in fastboot, from ADB command mode:type: adb reboot-bootloader ___ (Wait 1-3 second)type: fastboot devices ___ (verify device is detected)#b. verify bootloader unlock statustype: fastboot getvar all ___ and you get= warranty: yes= unlocked: no#c. unlock bootloadertype: fastboot oem unlock ___ and you get-> start unlock flow---> on screen appear:vol UP=Yes; void warranty, clear ALL datavol DWN=no; no unlockPress Vol UP#d. verify bootloader unlock statustype: fastboot getvar all ___ and you get= warranty: no= unlocked: yes#e. May be phone restart
5- shut down phone ___ AND ___ get out battery
6- Flash phone with
MT6735M_Android_scatter-WIPE-CLEAN_INSTALL.txtas per normal way (You know this , after some trying...)
7- WITHOUT starting phone, ___ Flash TWRP with
MT6735M_TWRPx32_scatter.txt (or the 64, according to the ROM you flashed)
9- Put battery in ___ AND___ start in TWRP recovery
#a. hold Vol Up, press ON button until appear a micro menu, release buttons#b. choose recovery with Vol Up and confirm with Vol Down
10- in recovery, choose wipe, and on bottom of the screen slide for factory reset
11- on TWRP main, choose reboot, power off
12- get out battery for some seconds
13- get in battery and start up (It can take a lot, may be leave the phone connected to main)
This is what I did (if I remember all the single steps...)
Try and report to us.
M.A.
Nope!, in step 9 when trying to start in TWRP recovery I get a continuous bootloop showing SnowcatPDA logo
xe7um said:
Nope!, in step 9 when trying to start in TWRP recovery I get a continuous bootloop showing SnowcatPDA logo
Click to expand...
Click to collapse
Hummmm....
It seems won't go in recovery mode, I think.
Try this:
1- flash entire stock ROM
(may be take this ===http://www.doogee.cc/bbs/viewtopic.php?t=29=== just in case)
2- start phone normal, up to home screen (so the phone is as just brougt)
3- power off and try to enter stock Recovery
If it works (and your bootloader is unloked) then try this
Connect phone to PC in fastboot
and enter
fastboot devices (I do this each time, just in case PC don't detect phone)
fastboot boot recovery.img
where recovery.img is your TWRP
The phone should start in TWRP recovery
The fastboot boot recovery.img command
send recovery (kernel?) image to temp phone folder/ram
and boot from that.
It unaffect normal rom/recovery.
By this step, we check If your phone accept this TWRP and sort out some possible troubles.
M.A.
when doing 'fastboot boot TWRP-3.1.1-X5PROx32.img' I get:
USB transferring...
USB transmission OK
and doesn't reboot into recovery but it boots normally
since I'm doing this from stock kernel R16 I wonder whether it's 32 or 64 bits
However I've found recovery-twrp-3.2.0-git-20171204.img that boots!. But I don't have scatter file, only .img! This recovery is from Lineage 14.1, but since this custom ROM installs from TWRP there is no need of scatter file
I've found another TWRP that boots with fastboot boot img: the TWRP recovery for 6.0 in needrom. This one has a scatter file
xe7um said:
I've found another TWRP that boots with fastboot boot img: https://www.needrom.com/wp-content/uploads/2016/12/TWRP_DG_X5Pro.rar
Click to expand...
Click to collapse
I get this error:
Needrom do not authorizing, the links referred by another website for download the ROMs.
The link must obligatory be clicked from of Needrom.com
Click to expand...
Click to collapse
Can you please link it correctly so we can download it?
The Seeker said:
I get this error:
Can you please link it correctly so we can download it?
Click to expand...
Click to collapse
Hi.
You have to select the file direct from the Needrom site.
www.needrom.com
(up)categories-doogee
on the right, click: Serial X
again, on the right, click: X5pro
and select the TWRP you desire.
(second line, second from left)
(click on "TWRP DG X5Pro (977 dls)")
Regards
M.A.
P.S.: even the link is
https://www.needrom.com/server/download.php?name=/2016/12/TWRP_DG_X5Pro.rar
you have to download from the site.
I'll try all this at the weekend, but my two cents are that it won't work. At first attempt I flashed BETA4 with MT6735M_Android_scatter-WIPE-CLEAN_INSTALL.txt (so no need to enter recovery and wipe cache/Dalvik) with a bootloop result.
My guess is that there are different ROM versions of X5 pro, and newest are incompatible with SnowcatPDA 7.1.1 firmware. Will see in a few days...
As I was suspecting I get a bootloop after logo. Now the question is: Is there a stable custom ROM (7.1 or newer) that I could use daily instead of MM 6.0 (R16) stock ROM?
About
UsU = Unofficial secureboot-off/steadfasterX Unlock
*works with any G4 model. Even though the h818 can be unlocked as well the touch display does not work anymore (should be possible to resolve but.. read on).
so I decided to remove it from the UsU unlock. Read the details and process here: h818 topic
This will "unlock" your bootloader and so enables you to install TWRP and custom ROMS as you like.
To be honest unlock is not the correct wording but I will still refer to it as unlock as the result is the same:
UsU will disable "Secure Boot" which verifies signatures on several partitions like: boot and recovery. Disabling secureboot means it will still verify and give you a secure boot error on boot BUT it will ignore and just boot afterwards (similar to a regular unlock).
This is the outcome of a loooooooong finding process. long? I started with the first attempt in this over 1 year ago. yes.. (think about my nickname heh?!)
A lot of stuff happend since then which all together helped me to accomplish UsU at the very end (yes all these links are my work including some brave testers ofc! ).
You wanna know how this big puzzle fits together?
UsU is not just an unlock! Its a combination of massive changes in TWRP, the G4 kernel and providing all the tools around like FWUL or SALT!
It was really my biggest project in android development and its not just providing the actual unlock files
Hijacking the boot process via EFIdroid, TWRP in FIsH and FIsH in general
AntiRollback and firehose(!) findings
Partition tables for any G4
mAid (fka FWUL) because I needed a valid base for all my testers (one of the reasons why I started FWUL)
The LG-Up replacement and now unlocking tool SALT ! Without SALT this all would be absolutely crazy risky and absolutely nothing for the average user!
many many unlock methods/theories (and millions of times soft and hard bricked) in my PoC thread
while unbricking I found a way to unbrick even when QFIl fails with my sdcard unbrick method
hard-hard bricked (no other recovery then by LG / chip replacement) for 4 times.. (thanks ILAPO!)
many TWRP tests and changes to detect UsU devices properly
HINT:
OPEN THIS THREAD IN A BROWSER!
NOT IN AN APP!
THATS THE ONLY WAY TO FULLY SEE EVERYTHING AS IT SHOULD BE
REQUIREMENTS
UsU does not care about a country version of a model (e.g. H815 TWN and H815 TUR are all referring to as H815).
So you will find only the main part of your model listed which means it will work for any of them!
1) Your device should be one of these (SALT will detect your device and only allows to flash for these variants):
LS991
F500
H810
H811 (wth? yes that works but.. you can unlock OFFICIALLY! its just a fastboot command!)
H812 (NOTE: firmware: v20x or higher is strictly required before flashing!)
H815 - any non EUR
H815 EUR (wth? yes that works but.. you can unlock OFFICIALLY! its just a login on the LG website)
disabled: H818 (KNOWN ISSUE: TOUCH STOPS WORKING! current state)
H819
US991
VS986
Note: SALT will tell you which ROM type is compatible with your device within the main screen: GPT compatibility
Yes there is a way to flash also H815 ROMs on those who do not support it out-of-the-box but this is very risky and requires either a change of the partition table or the ROM build developer need to change the fstab (riskless for you)
2) ARB less or equal 2
So ARB 3,4,5,........ WILL NOT WORK!!
Details:
Just use SALT to identify your current ARB and read here how to identify and verify: G4 AntiRollback
* Reason:
UsU is based on an ARB 2 based aboot (part of the bootloader stack - see FAQ #27) and so ARB > 2 will hard-hard brick your device if you would flash UsU on it. Hard-Hard brick means no way to recover other then sending for repair.
3) Your device firmware must be MM(keep Requirement #2 in your mind when upgrading to MM)
which one? I highly recommend the latest MM version for your model --> but again beware of the ARB (not greater then 2)!
H812 devices need special attention though: v20x or higher is strictly required before flashing!
Details:
Yes you can flash and use UsU even when on LP but believe me: you don't want to. You will encounter issues sooner or later when runnin LP so take your time and upgrade your device to MM before proceeding here.
LIMITATIONS / KNOWN ISSUES
(bootloader stack is explained and described in FAQ 27)
1) Do not use QFIL or flash any KDZ / TOTs or any ROM containing a bootloader stack (like v29a pure does) ! You WILL loose unlock and may hard-hard-brick your device (at least HARD BRICK)!
2) Do not use QFIL or flash any KDZ / TOTs or any ROM containing a bootloader stack (like v29a pure does) ! You WILL loose unlock and may hard-hard-brick your device (at least HARD BRICK)!
3) Do not flash any MM or N bootloader stack containing the file named: aboot. This will immediately lock your device and so definitively HARD BRICK!
4) If you want to flash a MM or N modem partition (aka firmware) you need to re-flash <model>_UsU_basebands_flash-in-twrp.zip otherwise you will bootloop, stuck on boot or see a blue screen with a modem crash (this may change if I ever get my kernel module working...)
5) If a ROM has no active developer or the developer has not made it UsU compatible you may need to open the ROM zip file on your PC and change the update-script within (just remove the assert line(s) at the top is enough)
6) The fastboot mode coming with UsU will enable fastboot flash but the command fastboot boot will not work (like on the semi-official N bootloader stack)
7) Most important: Once you go this way - there is (maybe) no way back! SERIOUSLY. The only way to make the device exactly like before is replacing the mainboard. If you're scared: good.
Read the new findings on that part here - some models may be able to revert UsU!
Think twice and don't complain later if you go on!
8) Do not use QFIL or flash any KDZ / TOTs or any ROM containing a bootloader stack (like v29a pure does) ! You WILL loose unlock and may hard-hard-brick your device (at least HARD BRICK)!
9) video framerates are lowered after flashing UsU. This is due to the fact that required files for high performance video will not load properly anymore and so must be replaced. Replacing those firmware files is a risk and as it is working ok enough for the most users that patch will not be included in any ROM. If you really think you need this patched ensure you read the instructions here thoroughly and understand them 100% before proceeding to apply it: G4-VideoLag-Fix
YES I REPEATED MYSELF 3 (THREE) TIMES (... for a reason)!
Code:
#include <std_disclaimer.h>
/*
* Your warranty is now (maybe) void (well not really but just for the case...)
*
* I'am not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research if you have any concerns about this howto/unlock method
* before using it! ---> YOU <--- are choosing to make these modifications, and if
* you point the finger at me for messing up your device, I will laugh at you.
*
*/
Downloads
YES. ALL of them:
Latest unlock package by steadfasterX (download the one for your device model only) --> <model>_UsU_unlock.zip (mirror)
Latest baseband package (download the one for your device model only) --> <model>_UsU_baseband_flash-in-twrp.zip (mirror)
Latest TWRP (PREVIEW-103 or higher!) by steadfasterX
- Nougat TWRP (if you plan to use + flash Nougat ROMs)
- Oreo TWRP (if you plan to use + flash Oreo ROMs)
- Pie TWRP (if you plan to use + flash Pie ROMs)
A custom ROM of your choice (see Requirements topic to find a compatible one!) --> e.g. all newer builds here: http://leech.binbash.rocks:8008/
Linux: I highly recommend to use mAid . This is an android lovers live ISO which can be booted from an USB stick which has everything needed on board - including SALT!
Latest mAid *persistent* by steadfasterX (HAVE TO be version 2.6 or later!): maid.binbash.rocks
only if NOT using mAid:
Latest SALT version (minimum version: v3.19!) by steadfasterX: SALT
Important note about bootloader/modem stuff!
You will find on several ROM threads the hint that you must have a specific bootloader stack (FAQ #27) in order to make the ROM working properly.
What in reality is needed on these ROMs is just the MODEM (aka firmware) partition nothing else. Believe me I know this for sure
1) Flash required modem partition in TWRP or fastboot mode
2) if using a ROM which is NOT specific an UsU ROM: Flash your baseband package (<model>_UsU_baseband_flash-in-twrp.zip) in TWRP again!! If you don't you will get bootloops, android hanging on boot or modem SoC crashes (blue demigod screen)
Flash UsU with SALT
(requires SALT v3.21 / mAid v3.2 or higher)
Before proceeding ensure that you have read and understood the "Limitations" topic and the "Changes in behavior" topic in this thread!
If you have a Windows PC the easiest way to get SALT is by flashing mAid v3.2 or higher on an USB stick (if you had read the "Downloads" topic above you should know that already).
Before you ask if there is a Windows version of SALT: read the FAQ in the SALT thread.
UsU can be flashed in 3 different ways! Every way will unlock your device the only difference is where you place the UsU files. Choose the one which fits best for you:
by an external sdcard (must be VFAT formatted)
by using your internal storage
by direct flashing (only when available - SALT will show this option only when possible for your device)
OK enough about all this: LETS UNLEASH YOUR DEVICE!
At very first: ensure you are using the LATEST version of SALT!
SALT contains an internal updater and when a new version has been detected online it will display an upgrade hint. DO THAT if you see any. It doesn't hurt to also trigger the update process even if you see no popup just to be sure that you have the latest version. You can also check the SALT release notes and compare the version with yours (title of the SALT window displays your version).
That step is really easy but incredible important. Do not miss that!
Just to say it again as its crucial important: USE THE SALT UPDATER to ensure you have the latest version!
Extract <model>_UsU_unlock.zip and copy the aboot_UsU.img, laf_UsU.img and rawres_UsU.img to either:
a) your external SDcard (directly on the external sdcard - not in any folder!). The sdcard must be formatted as VFAT.
or
b) connect your running Android device with your PC, select MTP mode in Android and copy it to the:
- "Internal Storage" and folder "Download" (exactly there!)
Start SALT
If you have not done already: DO A BACKUP NOW I'm serious this is your last chance to grab the important files and it just takes some minutes (in basic mode) but you have all in place if needed!
If you skip this step no one may can help you later!
Notice and WRITE DOWN the "GPT compatibility" info! DO NOT PROCEED IF IT STATES "unknown"
This part will become crucial important when it comes to which ROM you can flash!
The only valid information about that can be found in SALT!
If you see a "H811" there you have to flash H811 ROMs later (if no specific ROM is available for your model)
If you see a "H815" there you have to flash H815 ROMs later (if no specific ROM is available for your model)
If you see a "unknown" there you have to STOP and provide the SALT debug log (advanced menu)
Open the Advanced Menu
Click the "Unlock G4 (UsU)" button and read carefully the popup. Click Unlock, choose your unlock way and follow the instructions
If the UsU flashing fails for any reason (SALT will do important pre-checks and validiations before actually flashing):
If you see a popup about UsU flashing has partially failed do not be scared - just read and follow the instructions!
If you see a different error: do not reboot or power off the device! Ask for support and provide the debug log in SALT (in Advanced Menu -> Debug Logfile button -> Upload button and share the link)!
If the UsU flashing was successful (SALT will validate the flashing) continue:
Boot your device into fastboot mode (yes UsU has enabled an unlockedfastboot access for you!):
take out the battery
unplug the usb cable from the PC (not from the device)
Insert the battery again
wait 2 sec
press volume DOWN and while keeping it pressed: plug the USB cable to the device
keep volume DOWN pressed until you see the fastboot screen
Flash TWRP (yes you can do that now... because of UsU!):
fastboot flash recovery <twrp.img> (replace <twrp.img> with the real filename)
YOU MUST boot to TWRP now (you will notice a secure boot error but TWRP will load!):
disconnect USB cable
take out battery
put battery back in
press volume down AND the power button and keep both pressed until.. you see TWRP!
Gotcha! Try that with a locked phone and you will fail!
If you do not boot to TWRP after flashing it it will get OVERWRITTEN and you have to do all the steps for flashing TWRP again!
Optional (not needed when you flash an UsU compatible ROM later) Flash the baseband package now: <model>_UsU_baseband_flash-in-twrp.zip
While still in TWRP choose REBOOT menu and reboot to RECOVERY (yes again!)
Notice: TWRP will show your REAL device model when connected to the PC now.
If not: SHARE THE recovery LOG (how-to for grabbing the recovery log is written in FAQ #4A)!
I would say: its a good time to create a TWRP backup isn't it (ensure you also select "Bootloader" in TWRP backup)?
I HIGHLY RECOMMEND to do nothing else now. Just boot into your ROM as it is! Check if everything is working and proceed only if it boots fine and works fine!
Optional: just root now. Use Magisk or SuperSU to root your current installed stock ROM to see that it works
Done. Do not miss to read the Changes in behavior topic!
Whats next? Lol you are FREE! Flash SuperSu, Magisk or a custom ROM. Up to you. Flashing issues? Read the LIMITATIONS/KNOWN ISSUES topic (especially #1, #2, #3).
Changes in behavior
Booting to recovery, custom ROM booting (or stock but rooted), booting into download mode
You will notice a secure boot error ... and it will boot!!
... and NO: THIS MESSAGE CAN NOT BE REMOVED! If you can't live with that do not unlock
Fastboot
After you unlocked your device with this method you will also have an unlocked fastboot mode which can be accessed by a key combo:
take out the battery
unplug the usb cable from the PC (not from the device)
Insert the battery again
wait 2 sec
press volume DOWN and while keeping it pressed: plug the USB cable to the device
keep volume DOWN pressed until you see the fastboot screen
Now what? You can flash whatever you want here with: fastboot flash <partition> <filename>
you can NOT: fastboot boot .. as this is blocked like in the semi-official N bootloader stack.
TWRP/Recovery hardware key combo
Flashing UsU changes the way the regular factory reset screen key combo is working.
After flashing UsU we can boot directly into TWRP!
power off device
unplug the usb cable from the device (if any)
press volume DOWN + power button and KEEP THEM BOTH pressed the WHOLE TIME until you see "Recovery loading" or TWRP
Factory reset hardware key combo
As written above the regular key combo to get into the LG factory reset screen changes a bit:
power off device
disconnect any usb cable from the device
press volume UP + power button and KEEP THEM BOTH pressed until you see the LG logo the first time! THEN you have to immediately release the power button (ONLY that) and press and keep holding the power button directly again! Keep them pressed until you see the white LG factory reset screen
Proofs
Keep in mind: UsU will work for ANY LG G4 model and does not care about country specific ones, too! When I say: ANY, I MEAN any!
The only device which is a real special one because of different hardware (2 SIM slots) is the H818 which can be unlocked but has issues (see above)
confirmed:
check the current poll results: https://forum.xda-developers.com/poll.php?do=showresults&pollid=26680
LS991 (confirmed) --> https://forum.xda-developers.com/poll.php?do=showresults&pollid=26680
F500 (confirmed) --> https://forum.xda-developers.com/poll.php?do=showresults&pollid=26680
H810 (confirmed) --> https://forum.xda-developers.com/showpost.php?p=75126190&postcount=298 and https://forum.xda-developers.com/showpost.php?p=75736723&postcount=456
H812 (confirmed) --> https://forum.xda-developers.com/showpost.php?p=75126190&postcount=298
H815 (confirmed) --> My own one! and https://forum.xda-developers.com/showpost.php?p=75086602&postcount=276 and https://forum.xda-developers.com/showpost.php?p=75737617&postcount=458
H818 (confirmed)* --> https://forum.xda-developers.com/showpost.php?p=75133410&postcount=307 * SEE ABOVE REGARDING THE CURRENT ISSUES
H819 (confirmed) --> https://forum.xda-developers.com/poll.php?do=showresults&pollid=26680
US991 (confirmed) --> https://forum.xda-developers.com/poll.php?do=showresults&pollid=26680
VS986 (confirmed) --> https://forum.xda-developers.com/showpost.php?p=75109841&postcount=293
Support / Telegram
Of course in this thread but also by Telegram. I have created a generic group for all stuff around Android : here
and another one if you want to keep up2date whenever I build something (TWRP, SHRP, LOS, /e/, ...): here
Model specific ROM threads
H810:
- AOSCP Nougat
- LineageOS Oreo - general LOS all-in-one thread
- LineageOS Pie - all-in-one thread
- /e/ OS Pie - all-in-one-thread
H812:
- AOSCP Nougat
- LineageOS Oreo (deprecated) new: general LOS all-in-one thread
- AtomicOS
- LineageOS Pie - all-in-one thread
- /e/ OS Pie - all-in-one-thread
H815:
- AOSCP Nougat
- LineageOS Oreo (deprecated) new: general LOS all-in-one thread
- LineageOS Pie - all-in-one thread
- /e/ OS Pie - all-in-one-thread
VS986:
- AOSCP Nougat
- LineageOS Oreo (deprecated) new: general LOS all-in-one thread
- LineageOS Pie - all-in-one thread
- /e/ OS Pie - all-in-one-thread
any other model:
- LineageOS Oreo - all-in-one thread
- LineageOS Pie - all-in-one thread
- /e/ OS Pie - all-in-one-thread
Making the baseband flashing obsolete
Well time goes by and so things change in the meantime. I have found a way to make the baseband flashing obsolete but that requires to flash either a device model specific ROM or kernel.
That means:
When you flash a full UsU compatible ROM (like those linked above) there is no need anymore to flash the baseband package.
When you flash another ROM which is not fully UsU compatible you can flash a kernel with UsU patches and so can avoid flashing the baseband package as well.
The UsU kernels can be found here.
When the ROM is neither fully UsU compatible nor there is no kernel with UsU patches you can or better must flash the baseband package.
Credits
Mohd Saqib for the ls991 userdebug bootloader (https://forum.gsmdevelopers.com/lg-g-series-unified/32523-lg-g4-h811-boot-repair-qfil.html) stack. Without him.. no "unlock"
LG for making a faulty mainboard which allowed me to replace it without an issue several times after hard-hard bricking
Me - steadfasterX bc I have done all this almost alone (besides the brave testers ofc) AND: just for FUN ! (I *CAN* UNLOCK OFFICIALLY!) and as the the whole guide and method is the result of many many days ... lol noooo *MONTHS* (!!!) of spending my free time on this topic!
neutrondev (details about technical understanding + support)
uio88 (donator), jasonlindholm (recurring unteachable donator!), pablo103 (donator), britx (donator), ReeS86 (donator), ling751am (donator), 01189998819991197253 (donator), Korpse (donator), decibel_nv (donator), bdasmith (donator), hteles (donator), Leg0V0geL (donator), britx (donator), doop (donator), street_android (donator), ErismaSS (donator), ingcolchado (donator), fauxmight (donator), NwOg1984 (donator), pablogrs (donator), romanofski(donator), nenich78 (donator)
The overall sum (just for UsU) of donations (as of 2023-04-03): $252 !
While donations are accepted and appreciated there is NO need for it. I have done all this for fun and I like thx clicks more then money LOL
XDA:DevDB Information
Unofficial secureboot-off/steadfasterX Unlock, Tool/Utility for the LG G4
Contributors
steadfasterX, the_naxhoo (tester), SePhIrOtX (tester), Chebhou (tester), fawadshah33 (tester), DoughMucker (tester), shane87 (tester), Guy Noir (tester), networkkid (tester), ling751am (tester), jmfecon (tester), r3pwn (tester)
Version Information
Status: Stable
Stable Release Date: 2018-03-08
Alpha Release Date (PoC): 2017-07-28
Created 2018-03-08
FAQ
0) Is/will UsU be available for ARB 3 or higher?
no. never.
Reason:
UsU is based on an ARB 2 based aboot (part of the bootloader stack) and so any ARB > 2 will hard-hard brick your device if you would flash UsU on it.
(Hard-Hard brick means no way to recover other then sending for repair)
1) Is UsU reversible?
Yes and no.
Details: https://forum.xda-developers.com/showpost.php?p=76444983&postcount=968
2a) So I can't flash any KDZ/TOT anymore?
2b) So I can't upgrade my STOCK ROM with the LG updater anymore?
Have you really read the limitations topic? I guess no.
You can't! At least for the KDZ flashing part: not yet.
SALT will allow flashing of KDZ files with the upcoming version 4.0 but until then do not flash with lgup and do not use the LG Android internal updater --> You WILL 100% brick your device.
Why? Read the above FAQ.
3) Will UsU void my guarantee?
Sure.
4) I have flashed UsU and now in Android settings and/or in fastboot it shows up as a LG LS991 - WHY?
The aboot mentioned in FAQ 1) is from a specific device: the ls991. Usually this is nothing which you need to care about. What you see in the Android settings is just parsed from the commandline (means from what aboot is telling) and has no further impacts of nothing. Its just a wrong named "variable" thats it. I still work on a fix to adjust this on boot to your real model but atm of writing it would require a kernel for each model just for this cosmetic thing..
As the UsU fastboot IS ls991 as written in FAQ #1 you will see it there and this is unchangeable - but nothing you need to care about.
5a) I flashed UsU and now the ROM bootloops
5b) I flashed UsU and now the ROM does not start
5c) I flashed UsU and now Android crashes with a blue/purple demigod screen
5d) I flashed UsU and now I have no SOUND and/or CAMERA anymore
5e) I flashed UsU and now I have no cell service anymore
Well there could be 3 reasons why this can happen:
- Either you have not flashed the baseband package in TWRP
- you try to boot a ROM which is not compatible with your model (check the GPT compatibility in SALT!)
- or you have a very sensitive (or strict..) device model
The first thing you should try is flashing the UsU kernel for your installed ROM.
If there is no UsU kernel for your ROM install a supported ROM and flash the UsU kernel afterwards.
If the problem persists or if you still want to use the unsupported ROM: flash the baseband package and the GPT compatibility is ok with the ROM you trying to flash.
If the problem persists:
1 )Try to flash the modem partition of your SALT backup before flashing UsU (nothing else!)
if the problem persists:
2) Some devices require to flash the full modem partition of Lollipop (instead of flashing the baseband package) in order to work after UsU has been flashed so if you are sure that you flashed the baseband package go here and download the modem or the KDZ file of a 10 (Lollipop) modem.img/modem.bin: codefire if you cant find what you need try that one: storagecow
Flash the modem file in fastboot mode like this:
Code:
fastboot flash modem modem.img
or in TWRP like this:
Code:
adb push modem.bin /tmp
adb shell
dd if=/tmp/modem.bin of=/dev/block/bootdevice/by-name/modem
sync
reboot
6) Is there a windows version to flash UsU?
No and there will be never one. Why? For this FWUL exists. Flash FWUL on an USB stick and boot from it. It's as easy as it sounds.
7) I want to use a custom ROM based on Android Nougat or Oreo. In the ROM OP they say I need the v29a/N bootloader stack. Is this true?
No. You will find in several ROM threads the hint that you must have a specific bootloader stack in order to make the ROM working properly.
What in reality is needed on these ROMs is just the MODEM (aka firmware) partition nothing else. Believe me I know this for sure
If you later want to install custom ROMs based on N or O (any model! and any ARB) --> N modem
1) Flash G4_29a_N_modem_UsU.zip in TWRP
2) Flash your baseband package (<model>_UsU_baseband_flash-in-twrp.zip) in TWRP again!! If you don't you will get bootloops, android hanging on boot or modem SoC crashes (blue demigod screen)
When you have a H815(!!!!) device with ARB = 0 you COULD flash the complete bootloader stack though (if you wish - but as said it is NOT needed. READ MY LIPS: IT IS NOT NEEDED but its possible though ):
UsU bootloader stack for N / O
8a) I flashed a KDZ with LGUp / LG Flashtools (you really hexedited a kdz/tot just to brick your device? cooool)
8b) I flashed the non-UsU (see FAQ 7 for the UsU one) v29a bootloader stack on my device
8c) I have no idea why but i bricked my phone (actually you have but you don't wanna tell)
You will need an external sdcard or something like the infinity dongle. In theory there is also the way to unbrick by QFIL but this way is incredible dangerous if you use the wrong files (read FAQ #23!!). The external sdcard method will work only when your device is detected in 9008/QDL mode. If you connect your device to the PC and see nothing (Windows: device manager, Linux/FWUL: open a terminal and type: lsusb) then this guide will not work for you. The only chance is to use e.g. infinity or QFIL but there is no QFIL guide out there I would trust..
For the external sdcard unbrick read and follow the sdcard unbrick guide.
It is important that you know which bootloader stack you had on your device (in terms of ARB)
The only difference for UsU devices is that you need to flash:
the aboot_UsU.img to the aboot partition, the laf_UsU.img to the laf partition and the rawres_UsU.img to the raw_resources partition:
Code:
fastboot flash aboot aboot_UsU.img
fastboot flash laf laf_UsU.img
fastboot flash raw_resources rawres_UsU.img
9a) Will UsU work for my model?
Yes (h818 has been disabled though)
9b) Will UsU work for my country/region?
UsU has no restriction on a specific G4 model or country version.
9c) Will UsU work for any ARB?
UsU will work on ARB 0, 1 and 2 ONLY and you will need LP or MM to be able to actually flash UsU.
Again flashing UsU is a risk always. It happens on your own responsibility!
10a) Will UsU allow me to flash TWRP?
Yes.
10b) Will UsU allow me to flash stock ROMs?
Yes. You will be able to flash stock LP, MM, N
10c) Will UsU allow me to flash custom ROMs?
Yes. You will be able to flash any custom ROM of your choice (any android version)
10d) Will UsU allow me to root my device?
Yes. Ofc you can root with magisk as usual.
11) I follow your PoC thread since the beginning.. So UsU has no limitations regarding cell service/signal anymore?
Everything should work (cell service, mobile data, wifi, BT, call, sms, etc). UsU will not replace the complete bootloader stack as it was done in the early implementations.
By keeping your real bootloader stack the hardware like camera, modem / baseband can be initialized as it should and so no limitations are known (yet).
Again flashing an unofficial unlock is always a risk. Do not blame me when something is not working as it should.
You do this on your own responsibility
12) I want to flash a custom ROM but there is none for my model available what now?
SALT will show a field named GPT compatibility. Just flash a ROM which is compatible with your device. Thats it.
Read more about the compat check in SALT in the SALT FAQ #15.
13) I want to flash a custom ROM but it says "This ROM is for device xxxx but this device is >.< !! You told that I can flash any ROM so whats wrong here?
I wrote it in the LIMITATIONS/KNOWN ISSUES topic of the OP but here again:
Taken from the OP:
5) If a ROM has no active developer or the developer has not made it UsU compatible you may need to open the ROM zip file on your PC and change the update-script within (just remove the assert line at the top is enough)
Click to expand...
Click to collapse
Here a guide by @sdembiske https://forum.xda-developers.com/showpost.php?p=76405252&postcount=947
14) I have unlocked with UsU and all went fine. I flashed a ROM and it bootloops and now my phone died!! What have you done with my device? It never had this issue before in the last years!?
Unfortunately this is not UsU's fault. It's yours. Or better its LGs. The g4 is known to have faulty mainboard and when you boot a fresh flashed ROM this is very heavy cpu intensive and so can cause the ILAPO which means the hardware fault occurs. Yes it has not happened to you in the past but how often did you flashed a new ROM in the past? Ask LG for a mainboard replacement (yes even when out of guarantee) or check the bootloop fix it list : https://bit.do/ilapofixg4
15) I flashed the LP modem, but now it wont let me get past lockscreen. Do I need to factory reset?
background info: the modem partition contains decrypt parts so the screenlock may fail to decrypt.
Doing a factory reset is one option which will fix this.
If you dont want to loose your data reset just the password of the screen lock:
https://forum.xda-developers.com/android/software-hacking/remove-lockscreen-recovery-t3530008
16) I just wanna flash Nougat STOCK. Are there any worry free UsU downloads for it available?
Sure: here
After flashing ensure you flash your model baseband package!
After that and while still in TWRP: Choose Reboot -> RECOVERY ! This should ensure TWRP will not be overwritten on Android boot
17) What is the recommended way to backup with TWRP?
ONE/FIRST TIME backup. Do this just ONCE --> Select these partitions to backup:
Code:
- Firmware_Image
- EFS
- BL unlock state
- Bootloader
- Carrier
USUAL/DAILY BACKUP (e.g. to test other ROMs, before an upgrade, etc) --> Select these partitions to backup:
Code:
- Boot
- Recovery
- System
- Data
- Encryption metadata -> when your device is encrypted ONLY
- Firmware_Image
18) I have flashed the bootloader stack of N on my non-H815 device and now I have issues (no cell service, no bluetooth etc)
There could be 2 reasons why: Either you haven't read the OP guide properly and flashed the bootloader stack or you were one of the "early birds" flashed the full ROM which includes the Nougat bootloader stack.
H815-ONLY_ARB-0_29a_bootloader_UsU.zip (formerly named: G4_ARB-0_29a_bootloader_UsU.zip)
H815-ONLY_ARB-0_v29a_FULL-STOCK-ROM_UsU.zip (formerly named: G4_ARB-0_v29a_FULL-STOCK-ROM_UsU.zip)
The guide in the OP told you to do a SALT backup before flashing UsU.
If you have followed the guide properly you should have it and the above is one of the reasons why I said its required to do it.
( If you lost your backup there is still a way you can go: Follow FAQ #20 )
Open a terminal in the directory where you SALT backup before flashing UsU (or your extracted KDZ) is.
Then put your device in fastboot mode and type these commands:
Code:
fastboot flash factory factory.bin
fastboot flash hyp hyp.bin
fastboot flash modem modem.bin
fastboot flash pmic pmic.bin
fastboot flash rpm rpm.bin
fastboot flash sbl1 sbl1.bin
fastboot flash sdi sdi.bin
fastboot flash sec sec.bin
fastboot flash tz tz.bin
Read the output of the flashing on the screen and in your terminal. Do NOT flash anything else! Just the above - but ALL of the above! (if you miss a single file you will HARD BRICK)
If something is failing do NOT continue and try to re-do the above commands. if it still fails write in this thread or better come into IRC (when between Monday and Friday)!
If something failing here it WILL brick your phone.
19) I have flashed UsU but now I always see a secure boot error text at the top of my screen when booting (TWRP, Android, download and fastboot mode). Is it possible to remove that?
Really? I mean REALLY? Its clearly written in the OP - CHANGES IN BEHAVIOR !
20a)I have flashed UsU and now I want to downgrade/upgrade my bootloader stack. How?
20b)You were on LP or older MM firmware when you have flashed UsU and now having issues? -> Upgrade your bootloader to MM! Read here how:
Download a KDZ of your device model.
Keep in mind that there are frankenstein devices out there (means refurbished devices with mixed hardware inside so you think u have model XXX as it was shown in Android but the mainboard is NOT the same!).
How to identify a Frankenstein device? Read FAQ #21.
IMPORTANT: Check the ARB of that KDZ (SALT will show the ARB of a KDZ on extract!) - If you are unsure - DO NOT PROCEED. you can easily hard brick your device if!
Extract that KDZ with SALT - DO NOT USE ANY OTHER TOOL FOR EXTRACTING! The known windows tools like LG Firmware extract does not extract what we need here and not in the way we need it! So do not use that! You have been warned..
Open a terminal in the directory where you SALT backup before flashing UsU (or your extracted KDZ) is.
Then put your device in fastboot mode and type these commands (you have another file extension? read FAQ #24):
Code:
fastboot flash factory factory.bin
fastboot flash hyp hyp.bin
fastboot flash modem modem.bin
fastboot flash pmic pmic.bin
fastboot flash rpm rpm.bin
fastboot flash sbl1 sbl1.bin
fastboot flash sdi sdi.bin
fastboot flash sec sec.bin
fastboot flash tz tz.bin
Alternative with TWRP (if the above fastboot cmds work for you no need to do this!):
Code:
Boot TWRP
adb push factory.bin /tmp/
adb push hyp.bin /tmp/
adb push modem.bin /tmp/
adb push pmic.bin /tmp/
adb push rpm.bin /tmp/
adb push sbl1.bin /tmp/
adb push sdi.bin /tmp/
adb push sec.bin /tmp/
adb push tz.bin /tmp/
adb shell sync
adb shell "dd if=/tmp/factory.bin of=/dev/block/bootdevice/by-name/factory"
adb shell "dd if=/tmp/modem.bin of=/dev/block/bootdevice/by-name/modem"
adb shell "dd if=/tmp/hyp.bin of=/dev/block/bootdevice/by-name/hyp"
adb shell "dd if=/tmp/pmic.bin of=/dev/block/bootdevice/by-name/pmic"
adb shell "dd if=/tmp/rpm.bin of=/dev/block/bootdevice/by-name/rpm"
adb shell "dd if=/tmp/sbl1.bin of=/dev/block/bootdevice/by-name/sbl1"
adb shell "dd if=/tmp/sdi.bin of=/dev/block/bootdevice/by-name/sdi"
adb shell "dd if=/tmp/sec.bin of=/dev/block/bootdevice/by-name/sec"
adb shell "dd if=/tmp/tz.bin of=/dev/block/bootdevice/by-name/tz"
Download this verify tool to ensure the flashing was successful: [ATTACH]4687157[/ATTACH] ([URL="http://leech.binbash.it:8008/misc/verifyflash.zip"]mirror --> verifyflash.zip[/URL])
Usage:
extract verifyflash.zip
adb push verifyflash.sh /tmp/
adb shell chmod 755 /tmp/verifyflash.sh
adb shell /tmp/verifyflash.sh
Read the output of the flashing on the screen and in your terminal. Do NOT flash anything else! Just the above - but ALL of the above! (if you miss a single file you will HARD BRICK)
If something is failing do NOT continue and try to re-do the above commands. if it still fails write in this thread or better come into IRC (when between Monday and Friday)!
If something failing here it WILL brick your phone.
21)What is a frankenstein device and how can I identify if I have one?
A so called Frankenstein device shows up different in Android then it is in hardware.
Often happens on "refurbished" devices and almost everything you can buy on AliExpress is one.
The only way to identify your REAL model is by disassembling the device.
No there is NO other way. Everything else can be tricked by software.
Follow the guide here: https://www.ifixit.com/Guide/LG+G4+Motherboard+Replacement/51202
now you are able to see the REAL model printed on the front of your mainboard.
Is a Frankenstein bad? Hell yes. Can you live with one? Up to you. Technically there are good chances that it work as it should - especially when UsU'ing it.
Main problem here is that some stupid ppl out there take a board (often a h810 or h812 but there is no restriction) and flash a different PBL (primary boot loader) on it to load what they like to load. usually they flash h815 ROMs as that is best for selling as it can be unlocked officially (which NEVER works - as the IMEI and/or serial will never list a Frankenstein as a h815).
So actually it is not 100% clear what they did with your phone EXACTLY - and that leaves room for bricks when flashing stuff - or even worse: you might encounter partly not working stuff. In most of the Frankensteins I saw they work good when you flash the real models ROMs, bootloader stacks and modem partitions but well there is no guarantee for nothing here!
Other then that you can use SALT (part of mAid) to determine your model. This with the ARB shown gives you a 80 -90 % clue of your real device model.
E.g. when you bought a h815 (which is known to NEVER EVER have an ARB higher then 0) and it shows h810 in SALT then you can be 100% sure that it is not a h815 and 90% sure that it is the model shown in SALT instead.
22)I have a H812 and having issues after flashing the N stock ROM / AOSCP Nougat. What can I do?
Walk throughs:
Stock N report: https://forum.xda-developers.com/showpost.php?p=75913373&postcount=12 by user @grantdb (consider to show ur appreciation by clicking thx on that post)
AOSCP N report: https://forum.xda-developers.com/showpost.php?p=75890188&postcount=361 by user @sdembiske (consider to show ur appreciation by clicking thx on that post)
LineageOS O report: https://forum.xda-developers.com/showpost.php?p=76799406&postcount=1100 by user @sdembiske (consider to show ur appreciation by clicking thx on that post)
23)uhm I wanna / I have flashed with QFIL...
I wrote millions of times that using qfil is f*** dangerous and shouldn't be used.
The process of using QFIL with the wrong files can CONVERT your device or blow fuses! Never ever use qfil unless you REALLY understand what files you flash:
This requires to analyze the files (hexedit) you trying to flash with qfil. which is something 99% of the average user CAN'T.
Which means: do not use it unless you don't care about damaging your device ofc..
The only less-dangerous way is of unbricking from the 9008/QDL mode by my sdcard unbrick method but when you already used qfil you may have damaged your device already.
If you UsU'd your device there is even one more reason to NOT use qfil!
As said you shouldn't use qfil anyways but when you UsU'd your device it's even more important.
WHY I say using QFIL is evil?
Especially on devices which have no ARB >2 firmwares (like h812, h815, h818, h819 and F500) using QFIL is the worst idea you can have.
Just to be crystal clear: if you have UsU'd or not --> that doesn't matters!
QFIL is dangerous because:
some files you can find around will increase your ARB !
Increasing your ARB means you can never flash your original bootloader stack anymore (on devices having no ARB >2 firmwares)
If you can not flash your original bootloader stack anymore you can not load parts of the modem partition.
If you can not load these parts of the modem partitition you can not get any cell service - full stop. Yes here it ends. You can't go back and so you are stuck with like it is.
Well you can still go back by:
- replacing the mainboard
- replacing the cpu/whatever chip on the mainboard
There is ONE single exception to the above: If you have (still) a "nonfusing" device. Nonfusing devices may be able to flash any ARB but beware:
I had a nonfusing device which suddenly changed somewhen during my UsU hacking sessions.
I have one user who was able to flash a lower ARB then he had before because his device was stated as a nonfusing device. There is no guarantee but it is a chance for you.
Read more about the ARB background here: https://bit.do/unlockg4
24)I have a partition file with the extension: [ bin | image | img | mbn ]. How can I convert this?
The extension is not important. The way how you extract files - is. That's why I say all the time use SALT.
On Windows the file extension matters a lot which is not the case for Linux/Android.
There is no need to convert anything as they all are just raw image files.
25a)I have UsU'd but now in TWRP it does not show my model. Instead something like Chinese or strange characters.. How can I solve this?
25b)I have UsU'd but something went wrong while flashing..! I can still turn on the phone and I see the secure boot error.. What now?
25c)I have UsU'd but I cannot open the download mode anymore.. What now?
This can happen when you tried to flash UsU with a completely outdated version of SALT or using an unsupported version of FWUL (like using it in KVM, VMware ,..).
Ok how to fix this now?
Boot to fastboot mode.
Extract the UsU unlock zip file of your model.
Flash the following from that zip file:
Code:
fastboot flash raw_resources rawres_UsU.img
fastboot flash laf laf_UsU.img
That's it. TWRP will detect the model now correctly. If not share the TWRP log as described in the TWRP(!) thread FAQ 4a.
26a)How can I identify my bootloader stack from my backup files?
26b)How can I identify my current installed bootloader stack?
26a)
To find out which exact firmware version you had installed before UsU'd can be done easily when you have a backup (which you should have).
So to grab that info from your backup (requires Linux/FWUL):
Open a terminal in the directory where you have your SALT backup before UsU'd.
Then:
Code:
strings misc.bin | grep LG
It should display a long string containing your model name and the exact firmware version
26b)
There is no easy way atm for this. It is MUCH easier to just flash the newest bootloader stack like described in FAQ #20 in this post.
.. but if you really want something to start with:
a) do a SALT backup (basic)
b) extract sbl1 of any(!) KDZ files you can find for your model (you see now what a bad idea that is?)
c) do a md5sum on sbl1.img/bin (both: on your backup and the KDZ one) and compare. Once you have found a match you know the version.
27) a) What is the "bootloader stack" on the G4?
27) b) What is the boot process on a Qualcomm device like the G4?
The bootloader stack is a set of partitions (and optionally a partition table) which MUST be on the exact same firmware and ARB level.
There are exceptions to this but you really wanna risk a brick?
Keep the bootloader stack files together otherwise you will brick your device.
Why is explained in the following topic.
The LG G4's bootloader stack partitions are:
tz (Qualcomm Trust Zone. It performs low-level operations, including working with QFuses (rpmb secured mmc partition))
sbl1 (secondary bootloader)
sdi (trust zone storage partition. The data which is used by Trust Zone)
pmic (power management integrated circuit - related to rpm)
rpm (Resource and Power Manager firmware. Firmware for specialized SoC, responsible for resources and power)
aboot (<--- replaced by UsU ! so NEVER touch this again after UsU'ing) - Android boot, little kernel, lk, fastboot mode
hyp (Hypervisor - Virtual Machine Monitor, related to tz in order to protect the device/kernel - afaik)
Special partitions (NOT part of the bootloader stack - but either related, optional or as for the PBL - informative):
The following do not directly belongs to the above stack but it is related. You will never touch PBL, laf or raw_resources and the rest are optional ones.
PBL - Built-in ROM Qualcomm primary boot loader (read-only)
laf (download mode - can be anything on unlocked / UsU'd devices but for locked devices it MUST match the bootloader stack)
raw_resources - contains boot messages read by aboot. Examples: LG logo, bootloader has been unlocked warnings
recovery (recovery mode - can be anything on unlocked / UsU'd devices but for locked devices it MUST match the bootloader stack)
modem - hardware firmware (sound, baseband, camera, video, ...) accessed and loaded by rpm and Android (kernel, Android) - must STILL match the device's ARB of the bootloader! Otherwise those files cannot be read/loaded (most of them are signed so certificate protected!)
The boot process on a qualcomm device is as follows:
All of these partitions are signed by a certificate chain which starts in the PBL (which is read-only so cannot be altered - easily)
pbl verifies and boots: sbl1 partition
sbl1 verifies and boots: tz, then: aboot
aboot verifies the next boot stage (boot / recovery / laf partition):
-> for locked devices: enforce verification result (so decline boot when failed)
-> for unlocked or UsU'd devices: print just a warning (so continue when failed)
For a graphical view: https://lineageos.org/engineering/Qualcomm-Firmware/ (G4 is: "2013-2016 Era")
28)a) I want STOCK - how can I revert back once I flashed a custom ROM?
28)b) how can I flash another version of any STOCK rom for my model?
for Nougat: FAQ #16
for any other:
extract with SALT system + boot + modem partition of the stock ROM kdz of your choice
(beware of the ARB!!! SALT will tell you on extracting the ARB and in the main window your device's ARB. do not flash anything higher then what the SALT main screen is showing or you might have a paperweight afterwards!!!! yes, even the system image can blow fuses!)
flash them in fastboot:
Code:
fastboot flash boot boot.img
fastboot flash system system.img
fastboot flash modem modem.img
boot TWRP (if you do not get into TWRP at the first try it gets overwritten. if that happens you must re-flash TWRP in fastboot)
flash the baseband package of your model
factory reset in TWRP (obviously all your data will be lost - so backup before)
if you encounter issues FORMAT data in TWRP (obviously all your data will be lost - so backup before)
29) I have a h810 and an ARB of 3 or higher. I heard there is a way to unlock this specific model somehow?! Is that true? If so how??
UsU will only work up to and including ARB 2 but the h810 is special as it turns out that its PBL (primary bootloader) SEEMS to be compatible with the h811.
There are 2 users reported that it worked for them but again this is EXTREMELY risky - especially on Frankensteins (i.e. refurbished models) !!!
I cannot guide you on that but check out my answer here: https://forum.xda-developers.com/showpost.php?p=80056484&postcount=1857
30) Video framerates are low(er) with UsU?
As mentioned in the OP above the video framerates might be lowered after flashing UsU.
This is due to the fact that the required files for high performance video will not load properly anymore and so must be replaced.
Replacing those firmware files is a risk and as it is working ok enough for the most users that patch will not be included in any ROM.
If you really think you need this patched ensure you read the instructions here thoroughly and understand them 100% before proceeding to apply it: G4-VideoLag-Fix
ZZZ) I have a problem / question not listed here. What should I do?
All known issues are either fixed or listed above but ofc it can happen that you find something which is not listed here and you want to report it.
The very first thing you have to do is:
Open TWRP
Choose the Wipe menu
Choose FORMAT DATA (not a factory reset!)
Test if your problem is gone
ATTENTION:
This will completely clean your internal storage - all pictures etc everything will be lost so ensure you have a backup!
HINT: TWRP will not save your internal storage in a backup (read here why) so you have to take care otherwise!
UsU background
UsU explained (in short words)
This is just for those want to understand what UsU is in detail and how it works.
If you are not interested in background information.. well its worth to read anyways
rawres_UsU.img -> raw_resources partition
when to be flashed:
once (part of the unlock ZIP), after flashing another raw_resources partition
what it is:
Contains logo for boot, download mode and recovery loading
laf_UsU.img -> laf partition
when to be flashed:
once (part of the unlock ZIP), after flashing another laf partition
what it is:
The laf partition holds your download mode. This one is optimized for UsU and SALT.
aboot_UsU.img -> aboot partition
when to be flashed:
once (part of the unlock ZIP), after flashing another aboot partition (which should NEVER happen as it would hard brick your phone)
what it is:
The debug/engineering/whatever aboot partition and the heart of UsU. The aboot partition is part of your bootloader stack and besides this it also holds the fastboot mode.
Its a leaked file originally coming from Mohd Saqib (see credits in the OP) who may even don't know what he provided in his unbrick guide.
Most important: If you ever flash a KDZ/TOT with one of the windows tools out there it will overwrite this partition and HARD-BRICK your device.
That's why I write this so explicit in the LIMITATIONS/KNOWN ISSUES topic of the OP!
For more details refer to the above FAQ #27!
<model>_UsU_baseband_flash-in-twrp.zip
when to be flashed:
once, after flashing another modem partition (e.g. H-ROM still containing the modem partition! which is incredible bad practice btw)
what it is:
model dependent baseband / radio / modem files (the stuff needed to make your cell service work).
I extracted for every model these files and provided a flashable ZIP as this ensures the modem will not crash when on MM or N firmwares.
To be specific these files are always the latest LP basebands I was able to find/extract for each model and yes its still a kind of hackish this way.
If I will be able to get the kernel module working this file will be obsolete on newer ROMs but will be necessary on all which do not have that kernel patch.
Thank you man! I've been waiting for this since last July! Will try it as soon as I get home
Thank you.
I`ve been USU`d!
9TP968739A2116456
I think I will take a 1 year vacation now...
.
Congrats
You worked very hard over the last year.
Glorious
Even though I own an h815 I want to thank you for your work. This is truly glorious and truly impressive!
steadfasterX said:
I think I will take a 1 year vacation now...
.
Click to expand...
Click to collapse
Hahah You deserve more than 1 year I'm so excited to try it as soon as possible. Downloading necessarily files right now. Thank you again !
Im not clear how you flash twrp. Do you use lglaf? adb? Please tell me
Congrats steadfaster!!!! Does anyone know if there are any working roms for VS986 yet?
TheLatios381 said:
Im not clear how you flash twrp. Do you use lglaf? adb? Please tell me
Click to expand...
Click to collapse
pls do not try to unlock bc the very first thing is it requires carefully reading.
I do not flash TWRP but you would when you follow the guide.
How? Its all described. Read or do not go further.
.
I finished the unlock processes but now i cannot connect to the mobile network on VS986. Tried to set up the APN settings but not working. I'm on stock 13B Lollipop rom.
Edit: Figured it out. Had to do the modem flash from FAQ: 5c) I flashed UsU and now Android crashes with a blue/purple demigod screen
I followed the instructions. It worked. I'm using lineageOS on my h812!!! Thanks steadfasterX.
I installed RR 7.1.2 (H811 ver) on my h812 but there are a few issues popping up, like sound not working, youtube videos barely able to play, and sensors not working. Is anyone else experiencing these issues?
How would I go about telling if a ROM has a bootloader stack in it? I am slightly confused. Which versions would cause problems? Is it just v29a? Or are there more that cause problems?
I have read the limitations 6 times and I don't understand.
LS991 roms
Are the H815 roms supposed to be in the LS991 Lineage 13 folder?
Lg g4 h812
For the H812, witch model should I take, H811 or H815?
TheLatios381 said:
I installed RR 7.1.2 (H811 ver) on my h812 but there are a few issues popping up, like sound not working and youtube videos barely playing, is anyone else experiencing these issues?
Click to expand...
Click to collapse
When sound is not working its very likely a modem partition issue. Read the FAQ regarding bootloop and flash the modem partition of your device
adam_s_459_ said:
How would I go about telling if a ROM has a bootloader stack in it? I am slightly confused. Which versions would cause problems? Is it just v29a? Or are there more that cause problems?
I have read the limitations 6 times and I don't understand.
Click to expand...
Click to collapse
A custom ROM will never include a bootloader stack unless it is a stock ROM. Like the v29a.
If you open the ROM zip and you find a file named aboot do not flash it.
Custom ROMs like aoscp or LOS will never contain the bootloader stack.
TheDerpyLlamas said:
Are the H815 roms supposed to be in the LS991 Lineage 13 folder?
Click to expand...
Click to collapse
Ah good one I have to remove that folder.
And regarding your question read FAQ 12
TJtheBLueDragon said:
For the H812, witch model should I take, H811 or H815?
Click to expand...
Click to collapse
read FAQ 12
Sent from my LG-H815 using XDA Labs
Since my H810 isn't my daily driver any more and after following this thread for a looong time I decided to take the plung and unlock. Salt said "Some parts of UsU couldn't be flashed!" and continued but when that was done I was unable to boot into fastboot mode. From there things mostly failed. I do have a full salt backup from a few days ago. Right now the phone won't boot into either download or fastboot mode. Happy be be a guinea pig. Logs below:
https://bpaste.net/show/6028668ee3a1
Model Number: SM-N900V
Android Version: 5.0
BaseBand Version: N900VVRSEPL1
Kernel Version: 3.4.0 [email protected] #1
Build Number: LRX21VN900VVSEPL1
I think I have tried everything except those PC-based 1 click root apps. The arabic tool. CF-Root. Nothing. I'm starting to think I need an original kitkat firmware so some of these apps/hacks work. My goal is to get Magisk, TWRP and LineageOS installed.
Under Linux, ADB works fine. After I boot into bootloader mode, fastboot devices simply returns to a prompt. How do I get fastboot to see my device? Do I need to use Windows?
Also, there was some discrepancy about having a Exynos-powered device but in the "ODIN MODE" (bootloader) screen, it says, "QUALCOMM SECUREBOOT: ENABLE (CSB)". Does this mean it's safe to assume it's a Snapdragon device?
Any help is appreciated.
It looks like KitKat wasn't an option. Any help would be appreciated.
PBMaxx said:
Model Number: SM-N900V
Android Version: 5.0
BaseBand Version: N900VVRSEPL1
Kernel Version: 3.4.0 [email protected] #1
Build Number: LRX21VN900VVSEPL1
I think I have tried everything except those PC-based 1 click root apps. The arabic tool. CF-Root. Nothing. I'm starting to think I need an original kitkat firmware so some of these apps/hacks work. My goal is to get Magisk, TWRP and LineageOS installed.
Under Linux, ADB works fine. After I boot into bootloader mode, fastboot devices simply returns to a prompt. How do I get fastboot to see my device? Do I need to use Windows?
Also, there was some discrepancy about having a Exynos-powered device but in the "ODIN MODE" (bootloader) screen, it says, "QUALCOMM SECUREBOOT: ENABLE (CSB)". Does this mean it's safe to assume it's a Snapdragon device?
Any help is appreciated.
Click to expand...
Click to collapse
I spent over three days searching for the right combination of procedures and software (a lot of that you've already done) before I got my Note 3 rooted, bootloader unlocked, TWRP installed and finally LineageOS 14.1 installed.
What worked for me was: ArabicRootApp.exe that I found here: "https://download864.mediafire.com/8ca86uho3n2g/pvm1reerboz2c25/ArabicToolApp.zip", (installed to a Windows 10 box w/Samsung cell phone drivers installed - I included the URI to the file because the file seems to be difficult to find anymore), rooted the phone. "unlock_n3" run twice (through adb on Linux) unlocked the bootloader. Odin3 (on Windows again) installed TWRP, with which I installed LineageOS 14.1-20170713-UNOFFIICIAL-hlte).
The key is rooting the phone. After that, you'll have a "su" command you can execute in an adb shell and unlock_n3 will run.
I started with a clean android version 5.0 and ended up with version 7.1.2
wa7qzr said:
I spent over three days searching for the right combination of procedures and software (a lot of that you've already done) before I got my Note 3 rooted, bootloader unlocked, TWRP installed and finally LineageOS 14.1 installed.
What worked for me was: ArabicRootApp.exe that I found here: "https://download864.mediafire.com/8ca86uho3n2g/pvm1reerboz2c25/ArabicToolApp.zip", (installed to a Windows 10 box w/Samsung cell phone drivers installed - I included the URI to the file because the file seems to be difficult to find anymore), rooted the phone. "unlock_n3" run twice (through adb on Linux) unlocked the bootloader. Odin3 (on Windows again) installed TWRP, with which I installed LineageOS 14.1-20170713-UNOFFIICIAL-hlte).
The key is rooting the phone. After that, you'll have a "su" command you can execute in an adb shell and unlock_n3 will run.
I started with a clean android version 5.0 and ended up with version 7.1.2
Click to expand...
Click to collapse
the link isn't working anymore