This warning also serves to other variants.
I see that many users of this variant are using other variant binaries and images trying to unlock the bootloader and install TWRP recovery.
My advise is to not do this or you can end with a brick.
Even worse, when trying to unbrick the phone, people are using other variant nand backup images, this will lead you to the infamous lost IMEI problem, and from this point if you don't have your modemst partitions backups, you are lost.
Flashing KDZ won't recover these partitions, they are unique to your phone and are not flashed in a normal KDZ flash, the only way to flash them is in TWRP or ADB.
I already supplied the proper D410HN Kitkat v10c and Lollipop v20a/b/c (they are the same) unlocked aboots and bootstacks but people insist flashing files from other variants.
My advise is, after rooting your phone, before doing anything else, the first thing you must do is to backup your modemst1 and modemst2 partitions to make sure you IMEI data is safe. You can make this backup in ADB or Android Terminal app with:
Code:
dd if=/dev/block/platform/msm_sdcc.1/by-name/modemst1 of=/storage/external_SD/modemst1.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/modemst2 of=/storage/external_SD/modemst2.img
This will save modemst1.img and modemst2.img in your external microSD. If you want to save in your internal SD, replace /storage/external_SD to /sdcard.
Also, make a nand backup image in case of you need to make a testpoint or direct flash in nand to attempt to unbrick the phone.
Code:
dd if=/dev/block/mmcblk0 of=/storage/external_SD/unbrick.img bs=512 count=323583
This will save an unbrick.img in your external microSD. If you want to save in your internal SD, replace /storage/external_SD to /sdcard. Do not share this file with anyone else, this image have your IMEI data.
Why make your own unbrick.img file?
If you look at the partition table, you will have this:
Code:
GNU Parted 1.8.8.1.179-aef3
Using /dev/block/mmcblk0
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) unit s
unit s
(parted) print
print
Model: MMC 8WMB3R (sd/mmc)
Disk /dev/block/mmcblk0: 15269888s
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
1 16384s 147455s 131072s fat16 modem
2 147456s 149503s 2048s sbl1
3 149504s 150527s 1024s rpm
4 150528s 151551s 1024s tz
5 151552s 152575s 1024s sdi
6 152576s 156671s 4096s aboot
7 156672s 157695s 1024s rpmb
8 157696s 158719s 1024s tzb
9 158720s 162815s 4096s abootb
10 162816s 166911s 4096s pad
11 166912s 173055s 6144s modemst1
12 173056s 179199s 6144s modemst2
13 179200s 211967s 32768s misc
14 212992s 278527s 65536s ext4 persist
15 278528s 323583s 45056s laf
16 327680s 372735s 45056s boot
17 372736s 417791s 45056s recovery
18 417792s 423935s 6144s fsg
19 425984s 427007s 1024s fsc
20 427008s 428031s 1024s ssd
21 442368s 443391s 1024s DDR
22 458752s 459775s 1024s encrypt
23 459776s 460799s 1024s rct
24 475136s 491519s 16384s ext4 drm
25 491520s 507903s 16384s ext4 sns
26 507904s 548863s 40960s factory
27 548864s 614399s 65536s fota
28 622592s 624639s 2048s sbl1b
29 624640s 690175s 65536s ext4 mpt
30 704512s 909311s 204800s ext4 cust
31 917504s 918527s 1024s eksst
32 933888s 5128191s 4194304s ext4 system
33 5128192s 6971391s 1843200s ext4 cache
34 6971392s 15223807s 8252416s ext4 userdata
35 15237120s 15269854s 32735s grow
(parted)
This ubrick image have your partition table and the partitions until sector 323583 (partition 15 - laf), which is enough to enter in download mode and flash KDZ with LG Flash Tool and make a complete and perfect recover. This also explains why when you flash an unbrick image from a unknown source and variant you lose your IMEI, modemst1 (11) and modemst2 (12) partitions are flashed along, overwriting your unique data.
Keep your backups in a safe place and now you can go ahead and unlock the bootloader, install TWRP, change partitions size and etc knowing that if anything goes wrong, if you manage to unbrick your phone, you won't loose your IMEI.
Good luck :good:
Files:
Unlocked bootloaders (aboot):
D410HN KitKat v10c: http://www.mediafire.com/download/lg0ewb6vnl184mq/aboot_d410hn_v10c_unlocked_.zip
D410HN Lollipop v20abc: http://www.mediafire.com/download/dzp38dk9jivw31j/aboot_d410hn_v20abc_unlocked.zip
TWRP Custom Recovery: http://forum.xda-developers.com/lg-l90/development/recovery-twrp2-7-1-0lgl90w7xxshoxx-t2826150
Bootstacks:
D410HN KitKat v10c: http://www.mediafire.com/download/qx3cv5fzdzjsod2/Bootstack_D410hn_KitKat_v10c.zip
D410HN Lollipop v20c: http://www.mediafire.com/download/wxa5m1ch80hth54/Bootstack_D410hn_Lollipop_v20c.zip
Stock Flashable ZIP (for stock partition tables only):
D410HN KitKat v10c: http://www.mediafire.com/download/8u4zsj8tnyz4r6n/Flashable_D410hn_Stock_KitKat_v10c.zip
D410HN Lollipop v20c: http://www.mediafire.com/download/oqp0ubsq2jmzjph/Flashable_D410hn_Stock_Lollipop_v20c.zip
Thanks for posting these files for D410hn and warning owners of this LG L90 variant.
Recently, I decided to switch from stock to cyanogenmod and I got to find out your files in the middle of other posts.
Now this post made things crystal clear.
Thanks !
Gacrux, i must first of all thank you for your effort on gather all that info e put it on one post, this for us newbies was a great hand. But, for those like me that already have did things wrong, and already are on a mud puddle, and not expert like you guys here on XDA learning and teaching all concernments about root, flash, custom rom, stock, our beloved android, i must ask you some more of your patience, and write some more detailed tutorial, link us to posts that can help recover lost IMEI because used that russian files and process that you quote on another post. I managed after long time research to find a process that a could insert one of my IMEI to the slot one, but slot 2 stills IMEI "0", checked with *#06#. Interesting is that here on my home, phone are getting signal on both sims, i have tested and both can do and receive calls, data flow, etc, but when i got to drive to another near city, like go to my job, i loose signal on both. So, i dont have (i didnt know that i have to) that backups modemst1 and modemst2 partitions, what can i do ? I still can remove my battery and put on a paper that 2 IMEi numbers that i need, in case to do some process. I'm using D410HN lollipop 5.0.2, base band M8626A-AAAANAZM-1.0.6063 kernel 3.4.0+ ,next info LRX22G.A1440649755 and V20c-OP1-HQ What would be the steps i need to follow to at least try to put IMEI on place, unlock, install a more light rom, that consumes least internal storage space, but all functions like cameras, nfc, bluetooth, etc are working. I'm sure 100% that you will be helping a lot of people. Thanks another time, and awatin directions !
I'll try to look into this IMEI issue soon and try to find out if there is a chance to rebuild both modemst partitions with both SIM cards on D410hn, but from what I could find until now, I wouldn't get hopes up... In the past, when IMEI were stored in EFS partitions, they were stored in plain text and could be hex edited, but they don't do this anymore, I downloaded modemst partitions from two L90 and compared them and found out that this data is now fully encrypted.
You loose signal probably because you are using other variant modem and modemst data.
Regarding the storage issue, I have a self made slim version of stock v20c and modified the partition tool in this topic (http://forum.xda-developers.com/lg-...ck-partition-table-tool-lg-l90really-t2946323) to fit to my needs, and more importantly, to change the units he used to respect the partitions beginnings and ends (partition by sectors I find to be more precise and safe), I removed everything that I judged useless from the stock LG rom and remade the partition table to shrink system partition to give more room for userdata.
I removed this stuff from the original ROM:
/system/usbautorun.iso
/system/app/Books
/system/app/ChromeWithBrowser
/system/app/Drive
/system/app/Gmail2
/system/app/GoogleTTS
/system/app/Hangouts
/system/app/LGPCSuiteUI
/system/app/LGSearchWidgetProvider
/system/app/LGWeather
/system/app/LGWeatherService
/system/app/LGWeatherTheme
/system/app/Maps
/system/app/Music2
/system/app/Newsstand
/system/app/PlayGames
/system/app/PlusOne
/system/app/Street
/system/app/talkback
/system/app/Videos
/system/app/YouTube
/system/apps/bootup/LGBoxnet
/system/apps/bootup/LGFlashlightWidget
/system/apps/bootup/LGSmartWorld
/system/apps/bootup/LGTaskManager
/system/priv-app/LGApplicationManager
/system/priv-app/LGBackup
/system/priv-app/LGBrowser
/system/priv-app/LGDictionary
/system/priv-app/LGDMSClient
/system/priv-app/LGEasyHome
/system/priv-app/LGEmail
/system/priv-app/LGFileManager
/system/priv-app/LGMemo
/system/priv-app/LGPCSuite
/system/priv-app/LGQTranslator
/system/priv-app/LGUpdateCenter
/system/priv-app/Velvet
/system/vendor/carrier/system/LGRemoteCall
/system/vendor/carrier/system/rspermlge
/system/vendor/overlay/com.android.browser
/system/vendor/overlay/com.lge.appbox.client
/system/vendor/overlay/com.lge.bnr
/system/vendor/overlay/com.lge.easyhome
/system/vendor/overlay/com.lge.email
/system/vendor/overlay/com.lge.filemanager
/system/vendor/overlay/com.lge.lgworld
/system/vendor/overlay/com.lge.task
/system/vendor/overlay/com.lge.updatecenter
/system/vendor/overlay/com.lge.sizechangable.weather
/system/vendor/overlay/com.lge.sizechangable.weather.theme.optimus
My post on the repartition tool thread about my personal changes: http://forum.xda-developers.com/showpost.php?p=63218497&postcount=151
So, about that modem partitions, i read somewhere, that some "box" called octopus/octoplus can repair that **** i did on my phone e by that restore that 2 IMEI to his place, i looked into some tecnicians here im my city, but anyone have that, nor knows nothing that can repair, help me, i will try a day off my job next week to search on a bigger city for a technical assistance that have this box to try it out, this is what i could found, about this problem losing imei by overrun that partition where they are writed. I must say that I have encountered too much resistence from the people that knows how to do the process, because they think i stole the phone, even seeing me gather to his front door inside my police uniform. I must thank you Gacrux another time to be willing to help me and other people, even without know me, thank you man ! About your rom, all hardware is functional ? Did you managed to reduce the size of that system data about to 4.21 GB that are untouchable, chequing from configuration=>general=>storage just below cache data, "many" where when i click i can see that "system data" in about 4.21 GB. I already did a full wipe, but i dont have a custom recovery, because i tried to install twrp from "rom installer" from JRummy and it says that no one is compatible with my phone. This is one thing that i wanted to with a custom recovery, install a custom rom that have this system data a little smaller.
My phone is fully functional, mainly because from the start I never flashed other variant files in my phone and after rooting I knew it was a wise move to backup my modemst partitions before doing anything else after root the phone.
When I decided to mod my L90 I saw that nobody had unlocked the D410hn variant or made proper bootstack for us, with a little search I realized how to unlock our kitkat and lollipop aboots with IDA disassembler and built the proper bootstack from the partitions extracted of our kdz file.
As far as I tested, from bootloader downgrade and softbricks, the modemst and own unbrick images were enough to make a perfect recover of the phone (I had to simulate some scenarios in my own phone to test if my files and my advises would actually work).
Unfortunately, for the ones that didn't know that they MUST do some obligatory backups files, the lack of these backups lead them to problems like the one you are facing.
Custom recovery can be flashed with adb, no need for app, I'll post later when I arrive home.
System partition is actually 2GB. With stock LG ROM, there are around 60MB free. The debloating I did freed around 610MB, this allowed me to reduce system partition to 1.39GB. Also, I reduced cache partition from 900MB to 64MB. The difference was given to userdata partition, allowing me to grow from the stock 3.34GB to 5.38GB.
thank you your attention ! From your knowledge im making my own, thank you for advices too, that i will follow for sure !
To flash custom recovery with adb only (needs root and unlocked bootloader, if you already have, there is no need to repeat):
1. Root.
2. Copy aboot.bin and recovery.img (rename TWRP_2.8.7.0_270615_L90.img) to the root of your external microSD card.
3. Open adb shell or android terminal, take superuser permission with su and allow it in your phone screen.
4. Flash the hacked unlocked bootloader for D410HN Lollipop with dd if=/storage/external_SD/aboot.bin of=/dev/block/platform/msm_sdcc.1/by-name/aboot
5. Flash custom recovery (TWRP) with dd if=/storage/external_SD/recovery.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
To boot the custom recovery, from android you can send reboot recovery in adb or terminal (needs su). To boot recovery from the phone off, hold VOL - and PWR, when LG logo appears, release and hold PWR button. A blank screen asking to reset the phone to factory settings will appear, select YES twice and wait custom recovery to boot. Don't worry, your phone won't be reset since stock recovery was replaced with a custom one.
Well, i think i can take that line of commands with ADB, but the problem here is that files, can you please link that needed files that are "for sure" functioning in D410HN lollipop 5.0.2, because i dont want a new brick ! You can link to some post, that you are certain about, and i will go there e download, thanks again !
edit: I dont have unlocked bootloader, because, as i said i was feared that i could download wrong files and did **** again, if you can help in this one too, i will pay a beer !
edit: About root, i tried purpledrake, towelroot, and others, last one, and only that works was kingroot, fully functional, checked with root checker.
I think I found a way to recover the second SIM IMEI.
Requires Qualcomm Product Support Tools (QPST), HxD (or any other decent hex editor), LG Mobile Support Tool and an IMEI to HEX converter.
Though I didn't tested it myself in my own phone, I believe it's going to works, also in any Dual-SIM variant.
I'll first try to find a way to convert the SIM to those HEX values (they are not a straight text to HEX conversion), if OK, I'll write something about this matter and will post soon.
---
It's done, read: http://forum.xda-developers.com/lg-l90/general/imei-fix-2nd-sim-slot-t3229097
Hi there. I also have a D410hn. I was on 20b rooted and using TWRP, then the 20c upgrade came. So I've used your 20c flashable zip to go to 20c.
It worked just fine, then I've used the flashable superuser as you've suggested and it worked just fine too. The problem is that when I go to phone settings -> about this phone -> software info it displays "V20B-SCA-XXXX". I've checked build.prop and it shows 20c, so what's wrong?
If I flash your 20c bootstack it will fix it? Will I lose something like have to root or install custom recovery again?
Thanks
Sent from my LG-D410 using XDA Free mobile app
Flash v20c bootstack. Lollipop bootstack v20c is different from v20ab, as noted here: http://forum.xda-developers.com/showpost.php?p=63292272&postcount=57
The user who edits the topic didn't updated to include the newer bootstack for D410hn.
You are not going to loose anything since it won't flash boot and system partitions.
It worked, settings display 20c now. Thanks
Sent from my LG-D410 using XDA Free mobile app
Hello. I have D405n and when I try to unlock bootloader i bricked phone. Then I was searching for solution and somehow did that with success but in setting phone was D405 (without N). It was few months ago but these days I was testing custom roms and noticed that on rom 5.1.1 i dont have imei and dont have signal, but on stock lollipop I have signal but imei is zero. Any ideas how to fix this?
Would help flashing loader?
Fangio92 said:
Hello. I have D405n and when I try to unlock bootloader i bricked phone. Then I was searching for solution and somehow did that with success but in setting phone was D405 (without N). It was few months ago but these days I was testing custom roms and noticed that on rom 5.1.1 i dont have imei and dont have signal, but on stock lollipop I have signal but imei is zero. Any ideas how to fix this?
Would help flashing loader?
Click to expand...
Click to collapse
Try QPST: http://forum.xda-developers.com/showthread.php?t=2701861
This can also be a 5.1.1 issue or you are in a different bootloader. CM development for L90 is a little messy, don't know if it's using kitkat or lollipop bootloader now.
How to flash stock bootloader? I try flashing 4.4 kdz and 5.0 kdz and its the same.
Fangio92 said:
How to flash stock bootloader? I try flashing 4.4 kdz and 5.0 kdz and its the same.
Click to expand...
Click to collapse
http://forum.xda-developers.com/lg-l90/general/guide-flash-stock-kdz-offline-lg-l90-t2803479
Done that few times and its the same... QPST not working but with EFS I manage to read data but not to write.
If I get a backup of another L90 and restore it to mine, and then change the IMEI 1 through the QPST, does it works?
ps .: my IMEI 2 is zero
LG-D410HN "deadboot"
Hello, have a LG D410hn with deadboot, someone would have Loader.img file D410hn (Brazil), as did only with the D410 and the front camera has stopped working and zeroed IMEI. If anyone can help I am grateful!
Related
*** NVflash Toolkit - Backup, Restore, Resize, Recovery, Rescue ***
**** NOOBS READ THIS ****
What is the first thing you see when you boot up your phone?
It will be one of three things:
1. A white LG logo - you are running the original bootloader and partition layout.
2. A pink LG logo - you are running the new bootloader with the new partition layout.
**** It is important to know which one you are on before using nvflash or flashing any roms ****
I have put together a little toolkit to make NVflash a bit easier to use for the most common functions. The toolkit is still a work in progress, so not everything may work as intended! I would advise taking a nandroid backup to your external SD card and copying any important files from your internal SD to somewhere safe before trying this out. This version is for the original partition layout.
First, download and unzip the toolkit to your PC, it is available here: NVflash_Toolkit_0.2.zip - 218.14 MB
Second, connect your phone in NVflash mode (battery out, Volume UP+DOWN buttons pressed, connect to USB) and install the NVflash drivers if necessary (they are included in the download)
Third, run the nvflash-toolkit.bat batch file which will guide you through the functions.
After each NVflash attempt, I would recommend disconnecting and reconnecting the phone before the next flash - I had problems trying to recover the data partition in the same nvflash session as intitialising the partition layout.
The Internal SD card partition is too large to recover using NVflash, but you can mount the backed up internalsd.img file using something like DiskInternals Linux Reader if you want to access the files on it.
***NEW ICS TOOLKIT*** NVflash_ToolkitICS_02.zip - 291.39 MB
This is for the new ICS partition format with unlocked bootloader included.
1. Backup internal partitions (useful for rooting any new builds)
2. Flash v28e ICS rom or backed up partitions using new LG partitition table
3. Revert to gingerbread partition layout with normal and large (ICS) partition size (no rom included, boot to CWM only)
4. Restore ICS data partition
I will add more functions later...
Let me know if there are any other useful NVflash functions it would be worth putting into the toolkit. My initial version has a supersized option as well as large which has a larger 2Gb Data partition. Would it be better to have a 1Gb system partition rather than 512Mb in the supersized partition layout so that it is useful for anyone who is using dual boot? Also, I have put in v10b as a rescue rom for now, but I could put in a different one there, or even have a selection of rom images that could be used for a quick rescue of the phone. Tell me which you think would be the most useful one to have, since nobody actually uses v10b any more!!
Changelog
Version 0.2 - Fixed CWM 5.0.2.8 installation, Rescue rom now includes CWM 5.0.2.8
Thanks to Koush for his indispensable CWM recoveries, Rusty! for his NVflash recoveries which inspired me to make this script, and the search button for teaching me everything I know.
do you think this can be usefull with the RCs cm10 since we don t have any space left in system
mivv said:
do you think this can be usefull with the RCs cm10 since we don t have any space left in system
Click to expand...
Click to collapse
The main reason I made this was because it's going to be a struggle fitting modified ICS and CM10 roms into the original system partition, but we still want to use the original unlocked bootloader if we can get kernels that are compatible.
There are various threads with tips on how to use nvflash to change partition sizes, or go back to a stock rom in an emergency, or flash a recovery, but I thought it would be worth making a one stop shop for all the common nvflash functions. Also I haven't seen any discussions in the O2X forums about using nvflash for backup and restore, so those are the functions I am not quite so confident about yet...
Hi
I wanna thank for yet another fantastic tool. Trying it as writing. I have a wish for an updated resque rom like 20s if possible. And maybe add the dual boot development as an additional feature.
Anyways, great work
Please create a reliable mirror. Your chosen download site is down. Thank you!
Raum1807 said:
Please create a reliable mirror. Your chosen download site is down. Thank you!
Click to expand...
Click to collapse
+1
cant access it...maybe upload somewhere else
Thanks
Raum1807 said:
Please create a reliable mirror. Your chosen download site is down. Thank you!
Click to expand...
Click to collapse
SREEPRAJAY said:
+1
cant access it...maybe upload somewhere else
Thanks
Click to expand...
Click to collapse
OK, Guys!...
Code:
http://depositfiles.com/files/huuok0szl
I kind of think many would like to have your tool with bigger system partitions to avoid the risk of editing the file(s)
SuperSkill said:
I kind of think many would like to have your tool with bigger system partitions to avoid the risk of editing the file(s)
Click to expand...
Click to collapse
I'll probably put up versions with different rescue roms. AT the moment I'm most likely to be switching between LG leaks with the totally insane new partition layout (what the hell is that AP2 partition 6 all about?), and good old fashioned roms with a bigger system partition for better tweakability. I'll do a CM7 stable release, and then add a CM10 once it the milestone build is out.
Might not happen immediately as I am playing around with all the new leaks and my batch file is a mess just now because of all the switched partition numbering and tweaking it to help me use bitdomo's root method.
This is the Linux version, I hope will be useful.
INSTALLATION:
Decompress RAR and copy its contents into the folder NVflash_Toolkit_0.2
EDIT:
Correction of error in v0.2 and uploaded new version ICS
Homero2 said:
This is the Linux version, I hope will be useful.
INSTALLATION:
Decompress RAR and copy its contents into the folder NVflash_Toolkit_0.2
Click to expand...
Click to collapse
Thanks for that. I don't have a Linux machine at the moment.
If you have one you could try injecting the superuser files into a backed up v28 system image and then copying it back to the phone. That's how I was going to try rooting the v28 roms, and it might be simpler than the rather roundabout method of doing it using the old bootloader and recovery.
Not sure how that would work with file ownership and permissions though - my Linux skills are very rusty.
Sent from my LG-P990 using Tapatalk 2
Better late than never, great work. It is now easier to work with NVFlash
I have several NVFlash to CWM recovery and with system.img rooted.
The only problem is that with ICS I cannot mount the file system correctly, and course, if I don't ride I can not modify its contents.
But I'm still doing tests.
Homero2 said:
Better late than never, great work. It is now easier to work with NVFlash
I have several NVFlash to CWM recovery and with system.img rooted.
The only problem is that with ICS I cannot mount the file system correctly, and course, if I don't ride I can not modify its contents.
But I'm still doing tests.
Click to expand...
Click to collapse
There's still more chance of doing it in Linux as all the windows toold for reading EXT filesytems are read only.
I've just made a cfg file for the new ICS partitions layout, but without an unlocked bootloader and recovery it's not much use as nvflash cannot properly write the encrypted bootloader.
I'm going to try wkpark's unlocked bootloader for the SU660 and see what happens....
SUCCESS WITH THE UNLOCKED BOOTLOADER!! --- wkpark is officially an O2X Genius
....now, to get some kind of CWM working on it....
Great joy gives to try something and that works, really!?
Homero2 said:
Great joy gives to try something and that works, really!?
Click to expand...
Click to collapse
We need a new version of CWM compiled for the new partition layout, but the unlocked bootloader is great. I'm just uploading and nvflash version in the big ICS leak thread and will be updating my toolkit with a version for the new ICS partition layout with a few useful tools.
Rmein, how to change system partition to 768 with ur tool? As the max it go is 512. Tks
LG-P990
BB 1120
rmein said:
There's still more chance of doing it in Linux as all the windows toold for reading EXT filesytems are read only.
I've just made a cfg file for the new ICS partitions layout, but without an unlocked bootloader and recovery it's not much use as nvflash cannot properly write the encrypted bootloader.
I'm going to try wkpark's unlocked bootloader for the SU660 and see what happens....
Click to expand...
Click to collapse
Here's a tool that reads and writes EXT files in Windows:
http://www.linuxquestions.org/quest...artition-from-windows-7-a-799039/#post4394675
http://www.ext2fsd.com/
Sir rmein, I apologize now if my question is nubbish but you can add a tool to the option to back up only the data partition? In the section up to the number 3 option also includes the system and I think it would be a good thing that the two options are separated.
Thank you for your attention and for the great job you did with the tool.
bree1 said:
Sir rmein, I apologize now if my question is nubbish but you can add a tool to the option to back up only the data partition? In the section up to the number 3 option also includes the system and I think it would be a good thing that the two options are separated.
Thank you for your attention and for the great job you did with the tool.
Click to expand...
Click to collapse
Just uploading a toolkit for ICS partition layout which includes that function, and then I will go back to do another version of the GB toolkit to make that easier and include a supersized system partition which can fit dual boot roms.
***NEW ICS TOOLKIT*** NVflash_ToolkitICS.zip - 291.31 MB
This is for the new ICS partition format with unlocked bootloader included.
1. Backup internal partitions (useful for rooting any new builds)
2. Flash v28e ICS rom or backed up partitions using new LG partitition table
3. Revert to gingerbread partition layout with normal and large (ICS) partition size (no rom included, boot to CWM only)
4. Restore ICS data partition
I will add more functions later...
As you know, root has been achieved on this device. Now, let's move on to recovery. The recovery.img is a lot like the boot.img, in the way that you can boot from it. In theory, if we make a 3e recovery.bin for this device (TWRP/CWM), and we boot from it, we will be able to install any rom. Let's let the Recovery.bin development start!
THIS DEVICE DOES NOT SUPPORT FLASHING RECOVERIES. YOU HAVE TO BOOT FROM THEM IN FASTBOOT.
This device now has 2 custom recoveries, those 2 being TWRP (Team Win Recovery Project) and CM (CyanogenMod) Recovery. CyanogenMod recovery is much like the stock recovery, with the only difference being that CM Recovery can install files that don't have the Amazon ZIP Signature. TWRP, on the other hand, has a touchscreen display, and is much more user friendly than CM Recovery. The links to both are here:
CM Recovery
TWRP
You can do many things in a Custom Recovery, such as:
Install custom ROMs (Found here)
Install modifications to your current OS (XPosed Framework, Root, etc.)
Install GAPPS (Google Applications, including Play Store and Play Services)
Wipe your current ROM
Backup your current ROM
Restore a backup of a previous ROM
If you have any questions, ask them here.
Now, press the thank button here and thank the developers that made these recoveries and ROMs possible, and you are good to go.
Good Luck!
Im dumping the recovery partition right now as well as the boot as well and the other two extra bootloader stuff that may help us
I have attached the images we can use. I dont know if we need the system image file but if we do just let me know hopefully ill be able to upload it or someone else might cause its 1 GB it may take some time.
Awesomeslayerg said:
I have attached the images we can use. I dont know if we need the system image file but if we do just let me know hopefully ill be able to upload it or someone else might cause its 1 GB it may take some time.
Click to expand...
Click to collapse
Well, we just need someone to build a recovery for this device. Once that is bootable, we can install roms. Also, since we will most likely not be able to unlock the bootloader, Safestrap might be our best bet.
True.. it's a mediatek soc so there's gotta be a way to unlock the bootloader because most of the mediatek devices have unlocked bootloader I think. And besides it gives us an unlock code so we need to see what that deal is
Just leaving here partitions structure:
Model: MMC 8GND3R (sd/mmc)
Disk /dev/block/mmcblk0: 7818MB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
1 1049kB 2097kB 1049kB KB
2 2097kB 3146kB 1049kB DKB
3 3146kB 21.4MB 18.2MB EXPDB
4 21.4MB 22.4MB 1049kB UBOOT
5 22.4MB 39.2MB 16.8MB boot
6 39.2MB 56.0MB 16.8MB recovery
7 56.0MB 56.5MB 524kB MISC
8 56.5MB 60.2MB 3670kB LOGO
9 60.2MB 65.4MB 5243kB TEE1
10 65.4MB 70.6MB 5243kB TEE2
11 70.6MB 1329MB 1258MB ext4 system
12 1329MB 1591MB 262MB ext4 cache
13 1591MB 7818MB 6227MB ext4 userdata
Hmm it looks like the MTK Droid Root and Tools V2.5.3 works now so we can flash images via that as well as recovery AND boot. But someone should get a 2nd fire and try it out because we have no scatter file.
We could possibly install a 2nd bootloader
Awesomeslayerg said:
Hmm it looks like the MTK Droid Root and Tools V2.5.3 works now so we can flash images via that as well as recovery AND boot. But someone should get a 2nd fire and try it out because we have no scatter file.
We could possibly install a 2nd bootloader
Click to expand...
Click to collapse
I have made this one and test ro readback partitions bug gets error 2004
Partition lists
storage, boot_channel & block_size maybe not good
Model: MMC 8GND3R (sd/mmc)
storage: SDMMC ????
Sometimes tablet wont boot and have to remove battery connector
Last SP Flash TOOL, linux version have much errors and force to remove battery
http://firmware.su/51343-sp-flash-tool.html
DO NO USE TO DOWNLOAD ANYTHING
UNDER CONSTRUCTION
scatter updated, UNTESTED
Lets go recovery!
idme print as su
unlock_code:
---------- Post added at 12:09 PM ---------- Previous post was at 11:52 AM ----------
There are 2 boads type and 2 preloaders......
Mine have preloader_prod.img board_id: 0025001040000015
Code:
# check if production device
if ("0025001000000015" == read_file_str("/proc/idme/board_id") ||
"0025001000010015" == read_file_str("/proc/idme/board_id") ||
"0025001010000015" == read_file_str("/proc/idme/board_id") ||
"0025001010010015" == read_file_str("/proc/idme/board_id") ||
"0025001020000015" == read_file_str("/proc/idme/board_id"))
then
ui_print("Copying preloader.img to boot partition 0 for unsecure device...");
package_extract_file("images/preloader.img", "/dev/block/platform/mtk-msdc.0/mmcblk0boot0");
else
ui_print("Copying preloader_prod.img to boot partition 0 for secure device...");
package_extract_file("images/preloader_prod.img", "/dev/block/platform/mtk-msdc.0/mmcblk0boot0");
endif;
my /proc/idme/board_id reads 0025001040000015
Can anyone try this: http://forum.xda-developers.com/showthread.php?t=2798257?
Sent from my KFFOWI using Tapatalk
I did yesterday didn't work
Awesomeslayerg said:
I did yesterday didn't work
Click to expand...
Click to collapse
Did you try Fastboot boot recovery.img with the one it gave?
Sent from my XT912 using Tapatalk
No I'll try today
Okay i used the MTK-TWRP thing right now and used it to unpack the recovery image and it looks like we can use this to our advantage to flash unverified files by editing some of the prop settings.
Can someone try this: http://xda-university.com/as-a-developer/porting-clockworkmod-recovery-to-a-new-device? It might work.
How would we flash it?
Awesomeslayerg said:
How would we flash it?
Click to expand...
Click to collapse
Zips are flashable in flashfire...
Awesomeslayerg said:
How would we flash it?
Click to expand...
Click to collapse
Use the following commands to flash the recovery
Code:
adb shell
su
dd if=/sdcard/recovery.img of=/dev/block/platform/mtk-msdc.0/by-name/recovery
- I have Cyanogenmod Recovery working except a few minor niggles
- Let you know once it's fully working
- It looks like we can't boot unsigned images that are flashed to the recovery partition
- If I boot the image from fastboot rather than flashing it then it works
- CVE-2014-0973 is patched in the bootloader
TWRP is an open source, community project. TWRP development is done by roughly 4 people at this point. We also have a large support community with many people who are willing to answer questions and help people with their devices either through our IRC channel or on forums like xda-developers.
Team Win was originally formed to work on porting WiMAX to CM7 for the HTC EVO 4G. After our work on the EVO 4G we wanted to work on a project that would work on more devices than just the EVO 4G and we settled on working on a recovery. Today TWRP is the leading custom recovery for Android phones.
A custom recovery is used for installing custom software on your device. This custom software can include smaller modifications like rooting your device or even replacing the firmware of the device with a completely custom "ROM" like OmniROM
Click to expand...
Click to collapse
WARNING!!! Be careful what you do here. One mistake and the device is soft-bricked. I take no responsibility for bricked devices, lost warranty or even OTAs not working!! Booting and/or flashing files from this post is on your own risk.
Requirements
Unlocked bootloader
Yoga Tablet 3 Plus with and without LTE (YT-X703L and YT-X703F) are supported
Known Issues
WARNING! Our device uses dm-verity (verified boot). The system partition should remain read-only. Otherwise a bootloop will occur. You can flash my modified kernel or SuperSU to resolve this but OTA's are no longer possible! You have to restore a factory image or clean system backup to receive OTAs
Potentially DRM keys are lost! Pure unlocking and rooting does not cause the issue. However, there have been reports of lost DRM keys by some unknown action. It is advised to act with caution. Losing your DRM keys can lead to issues with some apps which use DRM which could then have limited or no functionality. E.g. Netflix will only stream in SD (480p). You can check with DRM info if you still have L1 security level which means DRM keys are intact.
Download
Official TWRP for YT-X703F (Wifi): twrp.me
Official TWRP for YT-X703L (LTE): twrp.me
Instructions
Install fastboot and adb on your PC, e.g. from here
Enable developer options and in there select to unlock your bootloader by enabling OEM unlock and enable USB debugging
Connect your PC to your tablet and run
Code:
adb reboot bootloader
using adb on command line. The tablet will reboot into bootloader mode where you will only see the Lenovo logo. Now you use
Code:
fastboot oem unlock-go
to unlock. This will factory reset your device
Setup the tablet again and reboot again to the bootloader
Then run
Code:
fastboot boot twrp-3.2.1-0-yt_x703f.img
to temporarily boot into TWRP. You can also flash if you are sure
Select to keep system read only when TWRP starts to avoid modification which will make OTAs impossible
Optionally flash SuperSU or Magisk in TWRP which should install system less. Keep OEM unlock enabled if you flash or modify anything
Additional Downloads
Backup of original boot, recovery and system image for YT-X703F S000936: MEGA
Modified Boot image with forceencrypt disabled and it switches off CABC fully. You need to factory reset after flashing to format data without encryption boot_yt_x703f_s000963_noforceencrypt_cabc.img (YT-X703F S000963) / boot_yt_x703l_s000963_noforceencrypt_cabc.img (YT-X703L S000963) . Use
Code:
fastboot flash boot boot_yt_x703f_s000963_noforceencrypt_cabc.img
to flash the kernel in fastboot. SuperSU or Magisk should be flashed afterwards if root is desired.
Full factory images with flash tool and instructions YT_X703F_S000689, YT_X703L_S000704, YT_X703F_S000725, YT_X703L_S000725, YT_X703F_S000734, YT_X703L_S000734, YT_X703L_S000744, YT-X703F_S000744, YT-X703L_S000963, YT-X703F_S000963 and OTA updates: MEGA (These images contain the individual boot, recovery and system images that you need to restore from any modification mentioned above)
System Updates (OTA)
In order to successfully apply Lenovo system updates after root you have to restore the original boot, recovery (if you flashed TWRP) and system partitions from your current installed version (e.g. S000744) for your variant of the tablet. This will NOT delete your apps and data but will unroot. Note that OTAs are block based and always check the contents of most of the partitions. This means that all of these partitions (except your data) have to be original and have to be on the exact same version (e.g. S000734) for the update to succeed.
See here for instructions how to restore the partitions with fastboot.
Credits
@pogo1975 - for providing the factory images and fixing the AV sync issue
@launcher20 and @deecept - for testing the LTE version
TeamWin
Changelog
v4:
Now official TWRP with version 3.0.3-0
v3:
enable full disk encryption for access to the encrypted data partition
update TWRP kernel to latest S000725 version
v2:
add support for LTE variant (YT-X703L)
add further mount points to be able to backup more data
Thanks buddy! You are an absolute champion! Tell me what you need me to do and I'll do it before rooting and up load what you need.
Doing good work here.
Who wants to bet on a race between matshias and Lenovo support for who can fix the issues with this device first?
That's great and fast, I'm thinking tab 3 plus is getting hot now.
Great to see there is something moving for the yoga now. You think it will support the lte Version anytime? Or maybee even lineageos?
so you know, i've managed to install xposed thanks to this thread https://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268 and is working well.
wayney said:
Thanks buddy! You are an absolute champion! Tell me what you need me to do and I'll do it before rooting and up load what you need.
Click to expand...
Click to collapse
Well if you haven't modified anything yet then it'd be great if you can boot into TWRP with system read only and then connect via ADB to the tablet with a big SD card inserted which has enough free space (4 GB).
The run the following command
Code:
dd if=/dev/block/bootdevice/by-name/system of=/sdcard1/system.img
This will take a while. Then copy the file system.img from your SD card to a PC and zip it (or 7z, rar). Then upload it
Gogoho said:
Great to see there is something moving for the yoga now. You think it will support the lte Version anytime? Or maybee even lineageos?
Click to expand...
Click to collapse
The LTE variant is probably very similar and it wouldn't be much work. But I don't own the device, so I would need some help. So someone with the LTE variant who is not afraid to experiment with fastboot and adb and who can provide me with the details needed I am happy to compile a TWRP for it.
LineageOS is much much more work than TWRP. For an experienced cyanogenmod/LineageOS dev it is not much of a thing and would take only a few days, especially since it is a Qualcomm device and there are already ports for devices with SD 652. But for me this is new as well so it'll take much longer. As soon as I have time I'll look into it.
matshias said:
Well if you haven't modified anything yet then it'd be great if you can boot into TWRP with system read only and then connect via ADB to the tablet with a big SD card inserted which has enough free space (4 GB).
The run the following command
Code:
dd if=/dev/block/bootdevice/by-name/system of=/sdcard1/system.img
This will take a while. Then copy the file system.img from your SD card to a PC and zip it (or 7z, rar). Then upload it
Click to expand...
Click to collapse
You forgot to tell me to go to adb shell :silly:
DD is currently doing a dump, non interactive so I hope it is still alive, it has been close to 1 hour so far. I will upload the clean image once it is done and await further instructions from you. :good:
I'm in Perth, Western Australia (UTC +8:00), so we might be playing timezone tag.
wayney said:
You forgot to tell me to go to adb shell :silly:
DD is currently doing a dump, non interactive so I hope it is still alive, it has been close to 1 hour so far. I will upload the clean image once it is done and await further instructions from you. :good:
I'm in Perth, Western Australia (UTC +8:00), so we might be playing timezone tag.
Click to expand...
Click to collapse
I think I forgot one more thing. The external SD card needs to be mounted in the TWRP menu. I believe it's not mounted automatically. So the DD command does nothing. It shouldn't take that long. Sorry about that!
It's UTC +1:00 here in Germany
matshias said:
Well if you haven't modified anything yet then it'd be great if you can boot into TWRP with system read only and then connect via ADB to the tablet with a big SD card inserted which has enough free space (4 GB).
The run the following command
Code:
dd if=/dev/block/bootdevice/by-name/system of=/sdcard1/system.img
This will take a while. Then copy the file system.img from your SD card to a PC and zip it (or 7z, rar). Then upload it
Click to expand...
Click to collapse
matshias said:
I think I forgot one more thing. The external SD card needs to be mounted in the TWRP menu. I believe it's not mounted automatically. So the DD command does nothing. It shouldn't take that long. Sorry about that!
It's UTC +1:00 here in Germany
Click to expand...
Click to collapse
I was wondering why nothing was happening after 3 hours.
I have rared it and it is uploading at the moment, it is going to take 5 hours.
wayney said:
I was wondering why nothing was happening after 3 hours.
I have rared it and it is uploading at the moment, it is going to take 5 hours.
Click to expand...
Click to collapse
Wow ok. Well thanks a lot for your efforts. This will not just help me but anyone with modified system partition to get OTAs.
Unmodified System Image
Here is the vanilla image via DD of the system partition.
Software Version : YT-X703F_160817
Android Version : 6.0.1
Security Patch Level : 1 September 2016
Kernel Version : 3.10.84-perf
Build Number : YT-X703F_S000689_161105_ROW
Tablet purchased retail from Australia.
https://mega.nz/#!bos0GIjI!vcO9dpSJX...Grjb7k3z6mjnqA
wayney said:
Here is the vanilla image via DD of the system partition.
Software Version : YT-X703F_160817
Android Version : 6.0.1
Security Patch Level : 1 September 2016
Kernel Version : 3.10.84-perf
Build Number : YT-X703F_S000689_161105_ROW
Tablet purchased retail from Australia.
https://mega.nz/#!bos0GIjI
Click to expand...
Click to collapse
Perfect!!
Can you send me the key for the download via PM or post it?
matshias said:
Perfect!!
Can you send me the key for the download via PM or post it?
Click to expand...
Click to collapse
Let's try that again.
https://mega.nz/#!bos0GIjI!vcO9dpSJXp6cKtdH07Kt0RSaqpqQ7Grjb7k3z6mjnqA
matshias said:
Wow ok. Well thanks a lot for your efforts. This will not just help me but anyone with modified system partition to get OTAs.
Click to expand...
Click to collapse
Thank you guys for spending times on it, it would be wonderful if Lenovo people do thing like this way, too.
In the depths of the Russian Internet i have found this
YT-X703F_USR_S000689_1611051146_Q00237_ROW.zip
https://drive.google.com/drive/folders/0B_jGuhC9WsNfYUZzZmhRY2NhQlU?usp=sharing
it is supose to be complete image to Wifi-Version.
I HAVE NOT FLASHED THIS YET. Do it on your risk.
pogo1975 said:
In the depths of the Russian Internet i have found this
YT-X703F_USR_S000689_1611051146_Q00237_ROW.zip
https://drive.google.com/drive/folders/0B_jGuhC9WsNfYUZzZmhRY2NhQlU?usp=sharing
it is supose to be complete image to Wifi-Version.
I HAVE NOT FLASHED THIS YET. Do it on your risk.
Click to expand...
Click to collapse
Hahaha got to love the dark corner of the Russian internets :laugh:
pogo1975 said:
In the depths of the Russian Internet i have found this
YT-X703F_USR_S000689_1611051146_Q00237_ROW.zip
https://drive.google.com/drive/folders/0B_jGuhC9WsNfYUZzZmhRY2NhQlU?usp=sharing
it is supose to be complete image to Wifi-Version.
I HAVE NOT FLASHED THIS YET. Do it on your risk.
Click to expand...
Click to collapse
If that's real it would have saved me a lot of time finding the loophole in the system to extract the boot and recovery image. But still a great find which will rescue some soft-bricked devices.
matshias said:
If that's real it would have saved me a lot of time finding the loophole in the system to extract the boot and recovery image. But still a great find which will rescue some soft-bricked devices.
Click to expand...
Click to collapse
so long as it's safe and not loaded with malware...
WARNING #1: operations indicated on this post might potentially brick your device, make it unusable, to cause explosions, eruptions of nearest volcano and a lot of similar disasters.
For sure they will void your warranty in most countries and need all of your data permanently deleted, so make a copy of anything valuable before starting and don't do any operations if you are not a trained guy and sure about what you are going to do.
These are *not* operations for rookies. I will not be responsible in any case about eventual damages. XDA is your friend: if unsure, please ask! :fingers-crossed:
WARNING #2: operations elencated on this post are indicated and first hand tested as working only on Moto Z2 Force (Nash) XT1789-06 GSM/3G/LTE dual sim 6GB RAM 64GB storage unbranded international version on sale on German market with Nougat v.7.1.1 onboard.
They will probably work on most of unlockable bootloader & SIM unlocked versions, included US -04 versions too, but you'll test them yourself.
They are not intended for (US mainly...) CDMA versions (-01 & -03 if I don't go wrong...) since of a bit different hw/fw so avoid to apply them "as is" on those devices.
WARNING #3: there will probably be better methods to obtain same results and, for sure, there would be more in future. This is only a "recap" of what I've found working and applied first hand on my unbranded XT1789-06 Nash - with, IMHO, great results... - on November 2017.
I think this could be useful for many.
WARNING #4: I'm Italian, English is not my first Language, so... be patient!
1. INTRODUCTION
On this guide you will not find anything particularly new and/or not already present on this section of XDA.
So, why this guide? For some reasons...
First of all, to date every guide posted here is for a single operation (e.g. root, TWRP, etc...) and do not take in needed consideration interactions between single operations that, often, can be present, potentially dangerous and/or lead to unexpected behaviours.
More, for a single operation here there are often different posts with different guides/solutions and this could leads to errors and or doubts about what's better for our device...
Last but not the least, to date Nash developers here are mainly from US and so working on devices for the most part provided with branded fw and/or a bit different hw/fw respect to international unbranded versions sold on Europe, Asia, South America & Australia.
From my previous experience with my "old" Griffin (Moto Z) Motorola's fws are often interchangeable between devices with no (or only minimal...) issues at all, but, anyway, having a guide with operations first hand tested on same device is surely safer...
So, in this guide I'll link all best single guides posted here and I'll comment & link them to obtain a single complete "to do list" of works...
2. WHAT WE'LL GET
Following this guide we'll get a Moto Z2 Force with unlocked bootloader, latest available firmware (at present...) on board, a working TWRP recovery, complete root access, BusyBox support (needed for A LOT of interesting sw/tasks...) and Xposed support (I don't think I need to explain Xposed features & benefits here... ).
Taking in consideration how Moto's devices come with a "quite stock/vanilla" Android version on board, they are between the best devices to be rooted & Xposed provided to obtain a great customized system.
If you want to remain stock with your device eventually go with Samsungs (or similar...), but if you want a device that is a "blank canvas" for your customizations, Motorolas and this configuration would quite be the best you could want.
You are surely thinking about lack of Magisk and "SU hiding" solutions... obviously there are reasons for this.
Magisk: I have first hand seen how Magisk is a "very intrusive" software with its installation, it goes to modify *A LOT* of things on system partitions and this could leads to eventual issues/incompatibility.
More, it has its own rooting system (that in my humble opinion isn't better than SuperSU) that I preferred not to use (beneath I think it could be disabled... ) and that could conflict with SuperSU, if not now, maybe on successive Magisk updates (as it happened on my old Griffin... ).
Last but not the least, it seems to still have issues with particular partitioning present on our device (we'll see them later) and with TWRP flashing for same reasons...
Not to mention how, to date, it has really so few functions/modules we can't have using Xposed....
SUhide: there is a detailed guide on how to install succesfully SuperSU with its SUhide function on our device. On the same guide it's reported how that method is uncompatible with Xposed and leads to unsolvable bootloops if we setup both of them.
It is still not clear (to me...) if this is related to SUhide itself or to the different SU installation needed for SUhide to work but, anyway, I preferred Xposed obviously.
Not to mention that for Xposed have been developed some modules to succesfully hidden root (even if I don't know if they already works with Nougat... )
3. LET'S TAKE A LOOK TO OUR DEVICE
Knowledge is power. So, taking a look to our device particular features will help us to avoid errors and eventual issues...
Motorola developed our device with a new configuration/partitioning scheme seen before only on Google Pixels / Pixels XL, making our device probably the first "not Google" one to adopt it.
It is mainly marked by two news:
- there is no more a recovery partition :crying:
- there are two copies of boot and system partitions, called boot_a, boot_b, system_a & system_b and device is capable eventually to boot from every of them :cyclops:
Let's look them in details..
Recovery is obviously still present victory BUT it has no more its own partition, it is instead included in boot partition (where before there was only kernel and little more...) creating a potentially unwanted (by us tweakers, probably wanted by Google for the opposite reason! ) link between boot and recovery where safe rules would want them as unlinked as possible!
This leads to the need to flash a boot.img containing both kernel and recovery when we want to update only one of them (e.g. installing TWRP...) and this will have to be taken in account every time we would go to update kernel, TWRP but even when rooting (in fact, at first, developers were not able to gain root together with TWRP... issue then solved succesfully :highfive.
On Pixels their developers have found some methods to overcome this problem, but on our device, to date, we still don't have a complete solution to this issue. Anyway we are going in the right direction and it will be only matter of time in my opinion (especially since I'm "stressing" our developers to realize a similar solution...! ).
Double partitions for boot & system, often referred as "A/B partitioning" is a system introduced by Google to distribute OTAs in safer & seamless way, without interrupting user work during updates... (bah... ).
They are so totally unuseful as originally designed for US, since of going with TWRP/root, OTAs are no more a solution to upgrade and this partitioning scheme introduced some complications which have led to issues as with Magisk (as already seen...).
BUT as soon as we'll learn how to well manage them, new horizons will open (like updating fw on a partition still having the older one on the other for safety reasons and/or having two different fw versions and be able to choose what to boot from.. ). It's only matter of time...
Anyway in this guide we'll face them ever with safe in mind at the moment...
4. READY? LET'S GO WITH UNLOCKING BOOTLOADER!
If your device has unlockable bootloader (and if it is an international unbranded XT1789-06 it should have...!), you can easily unlock it with this good guide:
https://forum.xda-developers.com/z2-force/how-to/how-to-unlock-bootloader-t-mobile-t3654657
There is no more to say about this guide since it is well done, only some notes:
- guide title speaks of T-Mobile but obviously is suitable for international/unbranded too...
- please note that unlocking bootloader will wipe from your device all data & media storage (and they will be wiped again in successive steps, so *be sure* not having nothing valuable - e.g. your girl pics.. - before starting with procedures);
- install Motorola's latest drivers & fastboot provided on their site as hinted on guide. Don't skip this step to avoid potential issues in successive steps...
- if I don't wrong remember, step 8 of guide has to be repeated two times to confirm unlocking. Anyway look at your console messages and follow directions...
Reboot to system and make a fast configuration (we'll wipe them in minutes... ) to check all is ok and re-enabling usb debugging is preferred.
5. DOWNLOAD & UPDATE YOUR FW
I don't know with what firmware your device will come, BUT if it has anything *before* Nougat v.7.1.1 rel. NXPS26-122-68-1 we well go to update to this for following reasons:
- we need a (good) complete stock fw image to be flashed in case of problems;
- it is updated to September 2017 security patch;
- we have a TWRP with *this exact kernel* (they are linked in same image, remember?) for those (like me... ) which like a "so close to stock as possible" system...
This firmware can be downloaded from the following link: https://mirrors.lolinet.com/firmwar...ubsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip (about 2,35 GB..)
PLEASE NOTE: If you have newer firmware don't use this BUT try to download a matching version with your actual one.
Zipped file has to be fully unzipped into the folder containing fastboot executable (downloaded from Motorola!) on your PC.
If you get any error unzipping, *DON'T FLASH* anything and download again (eventually from another browser/PC).
Fastboot sequence I used is the following:
Code:
fastboot devices
pause
fastboot flash modem NON-HLOS.bin
pause
fastboot flash fsg fsg.mbn
pause
fastboot erase modemst1
pause
fastboot erase modemst2
pause
fastboot flash bluetooth BTFM.bin
pause
fastboot flash dsp adspso.bin
pause
fastboot flash logo logo.bin
pause
fastboot flash boot boot.img
pause
fastboot flash system system.img_sparsechunk.0
pause
fastboot flash system system.img_sparsechunk.1
pause
fastboot flash system system.img_sparsechunk.2
pause
fastboot flash system system.img_sparsechunk.3
pause
fastboot flash system system.img_sparsechunk.4
pause
fastboot flash system system.img_sparsechunk.5
pause
fastboot flash system_b system_b.img_sparsechunk.0
pause
fastboot flash system_b system_b.img_sparsechunk.1
pause
fastboot flash system_b system_b.img_sparsechunk.2
pause
fastboot flash system_b system_b.img_sparsechunk.3
pause
fastboot flash oem oem.img
pause
fastboot erase carrier
pause
fastboot erase cache
pause
fastboot erase userdata
pause
fastboot erase ddr
pause
fastboot reboot
That is ready to be put into a batch file to avoid errors and having the possibility to check results of every single flashing since of pause commands presence (press a key to continue to next file). Batch file has to be placed and started from same folder of fastboot & unzipped files to avoid errors.
Please note:
- I've added a fastboot devices command as first to check if your device is properly connected;
- I've used stock sequence of flashing BUT removed gpt (partitions) and bootloader for safety reasons (no need to flash them usually... and let Motorola upgrading your bootloader rarely is a good choice... )
If all flashes will go fine your device /data would be wiped (yes, again!) and phone will reboot after last command.
If something go wrong stop the sequence by CTRL+C and do not reboot your phone until you have understood/cleared/fixed what has gone wrong.
If fine, again... reboot to system and make a fast configuration (we'll wipe them in minutes... ) to check all is ok and re-enabling usb debugging is preferred.
6. INSTALL TWRP
This is a quite simple step, but you have to take a decision before you start...
I'll provide two different boot+TWRP image files as attachment to chose from (both of them realized by @joemossjr )
First one is composed by stock NPXS26 kernel and TWRP v.2 (it's a 3.1.1-0 in TWRP versions), while the second is composed by a kernel recompiled (with little modifications) from sources by joemossjr and TWRP v.3 (still a 3.1.1-0 in TWRP versions) with some little improvements (you can go to his thread for details on TWRP https://forum.xda-developers.com/z2-force/development/twrp-3-1-1-0-moto-z2-force-nash-t3687421 and to this one for details on Pantheon kernel https://forum.xda-developers.com/z2-force/development/kernel-pantheon-kernel-t3702208 ).
If you are on NXPS software version (flashed before) and want to remain "full stock" go with TWRPNPXS.zip, otherwise (you preferring newest firmware or want all newest features) go with TWRPREV3.zip.
Both files *have to be* decompressed, *can't be directly flashed* and your choice of them has to be flashed in fastboot mode with the command:
Code:
fastboot flash boot TWRPxxxx.img
where xxxx is matching your choice.
If all have gone fine, you can now reboot to recovery and make some backups if you prefer (please note you will need to place them to an sd card or to a plugged USB key, since internal memory will be fully deleted again soon...
PLEASE NOTE: during this phase still *don't enable* TWRP to Mount system as R/W ("Swipe to allow modifications for /system" message...) since it could lead to a not booting system if DM verity check is still enabled (it shouldn't since what @ChainfireXDA reported on Twitter, but it is better to be safe...).
A reboot to system to check all is still ok is preferred. If TWRP asks to install his app files on exit, *be sure* to decline/skip (ever! There is an option in TWRP to disable this request too!).
PLEASE NOTE: this way we are flashing ONLY ONE of the boot partitions with TWRP (usually boot_a) while the other (boot_b) is unaffected. This is a wanted behaviour to stay on "safe side".
PLEASE NOTE: On the linked thread @joemossjr put a flashable zip file to update it from inside TWRP itself which flash both boot_a & boot_b. So if you'll want to update to newer versions (and remain on safe side...) unzip that file too (instead to flash it in TWRP), extract boot.img contained inside and flash it with the same command indicated before.
Please note all newer versions will use Pantheon Kernel.
WARNING: If you will in future reflash kernel/TWRP to update them, you would lose both root & disabled forced encryption!!!
So, after every boot.img flashing *you will need*, before booting system, to boot TWRP and flash again SuperSU before reboot to system.
If you fail to do this you'll face bootloops and/or your /data partition will be corrupted. So a /data backup (on external storage!) before a kernel/TWRP update would be mandatory.
7. ROOT & DECRYPT DEVICE
In this step we will go to finally root the device and decrypt its /data partition. This operation *will delete all data again* on you device (downloaded files & pics too!).
Decryption of /data is needed for many reasons:
- to date TWRP is unable to work with compressed /data (and, anyway, it's ever dangerous to work with encrypted data backups/restore... )
- some advanced software you'll go to use could have issues with encrypted data
- a decrypted device is slightly faster
- you definitely will want it unencrypted... listen to me!
Since our phone will come "force encrypted" (it can't be disabled on stock fw!), we need SuperSU help on this and so we'll need to follow *at perfection* the following provided sequence!
Not all SuperSU are equals (more... they are all different! :silly so, tested working fine version to be used is this: http://download.chainfire.eu/1220/SuperSU/SR5-SuperSU-v2.82-SR5-20171001224502.zip?retrieve_file=1
If newer will be out, don't mind, you could ever upgrade it from inside a working system...
Steps are:
- boot to fastboot mode (from off, VOL DOWN + POWER)
- from fastboot mode select RECOVERY mode
- go to wipe menu and select /data FORMAT (not wipe or factory reset, FORMAT!)
- if you have placed downloaded SuperSU zip file on SDcard or USB key browse to it in TWRP Install menu (otherwise connect your phone to PC and trasfer it to internal memory and then browse for it), then Flash it.
- *do not* and I repeat it, *do NOT* clear cache/dalvik cache
- reboot to system
First boot could take a while and probably it reboots one (or two...) times, but at the end it will boot... :fingers-crossed:
You'll have to reconfigure again your system BUT this time, if all has gone fine, it's the good one, so you can do a better configuration if you want.
You will need a working Play Store for next steps, so add a data SIM and/or a wireless network and setup a Google account to enable it.
To check if all has gone fine you should have:
- a SuperSu icon into apps drawer
- on Settings - Security there should be an option to encrypt your system (DON'T chose it! :silly instead of the previous "encrypted" status..
It could be a good moment to download an useful Root check app. A good one is Root Check by JRummy Apps which is able to check Busybox & Xposed presence too (and more...).
8. BUSYBOX & XPOSED
If you have reached this point and all is fine, now it's very simple to complete.
Both Busybox & Xposed can in fact be installed from inside a working rooted system, so...
- download from Play Store BusyBox (free version) by Stephen (Stericson), open it, grant root permissions and press Install button without wait all the (unuseful) checks
- reboot
- enable in Settings - Security the "unknown sources"
- download from here https://forum.xda-developers.com/attachment.php?attachmentid=4319220&d=1509453299 latest Xposed installer/manager apk
- install it, open it and grant root
- select Xposed v.88.2 (or newer if available) for arm64 (if many options are showed be sure to select this, arm64!!!) and select Install (*NOT* via recovery... simply normal Install)
- when prompted for a reboot, accept it.
Please note first reboot could take a while and, again, it could self reboot one (or two times...). When at last it will reboot... gotcha!!! It's cigar time!!! :victory:
Well... it has been a LONG WORK to write this as simple & complete as possible. I hope to not have inserted any error and to have been enough clear on provided instructions.
If you'll find any errors please report to me for corrections.
Newer & better methods are welcome too.
If you liked this, PLEASE USE THANKS BUTTON!
EneTec
MANY THANKS TO:
@seniorstew
@joemossjr
@jhofseth
@Uzephi
for their useful linked guides and/or great development! :good:
Reserved #1.
Reserved #2.
Awesome guide! One of the most intricate guides that goes over every last detail that I've read on XDA in a long time. Thank you. ?
...
Great guide, thanks for the notes re: Xposed...I kept trying to install from TWRP (habit)
3's&7's said:
Great guide, thanks for the notes re: Xposed...I kept trying to install from TWRP (habit)
Click to expand...
Click to collapse
Our device still needs some cautions & tips...
Issue with Modem/Radio
After following your guide to the letter, my phone would not connect to a mobile network and would say "Error while searching for networks" when I tried to force it to find one. I ended up following this guide to try and get back to a working setup:
https://forum.xda-developers.com/z2...m-stock-november-hybrid-rom-t-mobile-t3712795
Unfortunately, nothing is working. Any help would be greatly appreciated.
Thanks!
-Josh-
I figured it out. Had to use the Flash ALL Package from that other post. The modem firmware is very specific.
might be this is the reason i loose 4G+ (4G instead) signal after flashing lmfao
just Wow!! What a great post!!
Damn! Why did follow this guide!? I knew I didn't need to flash anything but boot/boot_a and stay on stock FW with only TWRP from Pantheon kernel!
Now I have a Moto Z2 Force (Dual SIM, UK, retail) without wifi, mac 02:00:00:00:00:00:00:00 and it cannot switch it on!
Any one have full stock image, at least of the boot partition from Dual SIM, UK?
PS: No need to link to Factory Image Moto Z2 Force (NASH) RETAIL. both of them aren't fixing anything for me.
hashnon said:
Damn! Why did follow this guide!? I knew I didn't need to flash anything but boot/boot_a and stay on stock FW with only TWRP from Pantheon kernel!
Now I have a Moto Z2 Force (Dual SIM, UK, retail) without wifi, mac 02:00:00:00:00:00:00:00 and it cannot switch it on!
Any one have full stock image, at least of the boot partition from Dual SIM, UK?
PS: No need to link to Factory Image Moto Z2 Force (NASH) RETAIL. both of them aren't fixing anything for me.
Click to expand...
Click to collapse
Bitdefender blocked it for me for the longest time, then after reinstalling minimal ADB and Fastboot, Motorola Manager, and allowing access to Windows File Explore through Bitdefender, it worked for me; check your antivirus, hope that helps.
Blocked what? And anyway, I don't have any antivirus. There is brain and Linux for that!
hashnon said:
Blocked what? And anyway, I don't have any antivirus. There is brain and Linux for that!
Click to expand...
Click to collapse
Oh my bad, lol
Ok, fixed it my self, this: https://forum.xda-developers.com/ne...0000000000-t3257465/post65960082#post65960082 gave me general idea what to do and what to check.
hashnon said:
Ok, fixed it my self, this: https://forum.xda-developers.com/ne...0000000000-t3257465/post65960082#post65960082 gave my general idea what to do and what to check.
Click to expand...
Click to collapse
Good to hear that, I got so mad when I went in and tried rooting my Z2F without reading this guide first on the very first day that I got it. ??
Deester4x4jr said:
I figured it out. Had to use the Flash ALL Package from that other post. The modem firmware is very specific.
Click to expand...
Click to collapse
This is intended/tested only on EU/intl. XT1789-06... on what version did you applied all this?
ilovemeow said:
might be this is the reason i loose 4G+ (4G instead) signal after flashing lmfao
Click to expand...
Click to collapse
This is intended/tested only on EU/intl. XT1789-06... on what version did you applied all this?
hashnon said:
Ok, fixed it my self, this: https://forum.xda-developers.com/ne...0000000000-t3257465/post65960082#post65960082 gave me general idea what to do and what to check.
Click to expand...
Click to collapse
This is intended/tested only on EU/intl. XT1789-06... on what version did you applied all this?
How do you fix your wifi issue exactly?
First, here is the link to the TWRP zip I made to crossflash the sprint g8 to Open US 20c: https://forum.xda-developers.com/showthread.php?t=4181557
Second, crossflashing is really only useful for two cases: you have an at&t or sprint g8 that you bootloader unlocked for other reasons and want to get updates, or you absolutely need volte and/or vowifi to work. Bootloader unlocking just to crossflash in the way explained below without further reasons is practically pointless.
I'll just repeat some things I said in that post to clarify why the following steps need to be done: on the g8 and v50, LG implemented a hardware lock, where you have an OPID (operator ID, such as sprint), and a value of either 1 or 0 for IMPL. I'm not entirely certain about this, but I think the IMPL value being true or false determines whether the OPID will be checked or not, and IMPL can only be made 0 with some hardware mods. The OPID exists somewhere in the hardware and is then crosschecked with an OPID in the software, and if they don't match, you're greeted with the words "OPID mismatch" on boot (unless IMPL = 0). However, I discovered that the OPID checked during boot is just /OP/totc.cfg, which is a just a one line .cfg file containing something like "SPR_US." So, we can just flash most of the relevant partitions that get updated in OTAs from a different kdz, including system, vendor, boot (although using dragonfly or metaphysics kernel is better), and product. There are a bunch of other partitions like the abls and xbls that will stay the same during a major android update release, are probably the same across variants, and are generally just safer to leave be. For the OP partition, we can flash it, and since TWRP still works even when you face OPID mismatch when trying to boot into system, we can just replace the totc.cfg in the new /OP with one we saved from the original one. All that said, here are the steps to do all that after you choose a variant to crossflash to. Beware that on the korean v50, after crossflashing, changing NT code appears to be necessary for networks to work, which can only be done when IMPL = 0. This might apply to the Korean g8 as well or other models, but I think all US models should be fine (just don't crossflash to the korean variant). A prerequisite of the guide is also to have backups of your partitions, so you can just flash them back if you run into any unfixable issues.
Prerequisites:
- Have a backup of all the partitions that will be altered / flashed in this guide (system, product, vendor, boot, and most importantly, OP)
- Have a working TWRP where you can mount OP configs and successfully see /OP/totc.cfg
- This will wipe your data along with your internal storage, so make sure to backup what you need
- Have the disable dm verity force encrypt twrp zip, which is included in either of the bl unlock guides
- Half optional: have metaphysics or dragonfly kernel as your boot img so that you don't end up using an old stock boot img on a newer software version and potentially not boot
- At least half a brain
1. Go to /OP/totc.cfg either in a root file manager or in TWRP and copy it to your computer, sdcard, or wherever will survive an internal storage wipe
2. Go on lg-firmwares and download your desired kdz. I would use either the latest Open Canada or Open US one. Just because canada might be on 20h and OPEN US is on 20c, that doesn't mean OPEN US is really that far behind in updates, it just received less in total, so it could have arrived at the same security patch as Open Canada while having a much lower version number. If you live in the US, just go with OPEN US (same goes for Canada), and if you live elsewhere maybe go with the Canadian kdz
3. https://github.com/steadfasterX/kdztools READ the documentation
4. Use the documentation to figure out how to extract the system, vendor, and product partitions from your downloaded kdz and do so!
5. https://bbs.lge.fun/thread-75.htm Use this guide to extract the OP partition from your kdz. This is by far the hardest part because kdztools can't do it correctly on its own.
6. Transfer all the partitions to your phone: system, vendor, product, OP
7. Flash all those partitions in TWRP
8. Hold down vol- + power until you reboot from within TWRP, and keep holding that key combination until you get back into TWRP again
9. Format data in TWRP
10. Mount OP configs, go to /OP in TWRP's file manager, and delete totc.cfg
11. Transfer your saved totc.cfg (from your original OP partition), to your internal storage, and then copy that to /OP again using TWRP's file manager
12. Flash the disable dm verity force encrypt zip
13. Done
Hello, I have a question, does this procedure unlock the carrier? Or, is it still locked for sprint SIM cards?, Thanks.
Nice guide. Thank you so much! Now I can use Open firmware without unused operation apps.
Since we have the programmer file for EDL I would like to do this for my g8x sprint variant. However I still need to sim unlock it first before I attempt to boot loader unlock it. The OPID is in the first 2 offsets of hex code in the OP_a.bin image.
For example my partition dump for my G8x g850um reads the below
Code:
TMO_US
MSVN 0
So I extracted the tot file from the phone image dump and verified this for myself and am confused as to why it says TMO_US if I have a sprint splash screen. Was my phone cross flashed before I got it? How to I verify what the IMPL value is? Where is that stored?
antintin said:
First, here is the link to the TWRP zip I made to crossflash the sprint g8 to Open US 20c: https://forum.xda-developers.com/showthread.php?t=4181557
Second, crossflashing is really only useful for two cases: you have an at&t or sprint g8 that you bootloader unlocked for other reasons and want to get updates, or you absolutely need volte and/or vowifi to work. Bootloader unlocking just to crossflash in the way explained below without further reasons is practically pointless.
I'll just repeat some things I said in that post to clarify why the following steps need to be done: on the g8 and v50, LG implemented a hardware lock, where you have an OPID (operator ID, such as sprint), and a value of either 1 or 0 for IMPL. I'm not entirely certain about this, but I think the IMPL value being true or false determines whether the OPID will be checked or not, and IMPL can only be made 0 with some hardware mods. The OPID exists somewhere in the hardware and is then crosschecked with an OPID in the software, and if they don't match, you're greeted with the words "OPID mismatch" on boot (unless IMPL = 0). However, I discovered that the OPID checked during boot is just /OP/totc.cfg, which is a just a one line .cfg file containing something like "SPR_US." So, we can just flash most of the relevant partitions that get updated in OTAs from a different kdz, including system, vendor, boot (although using dragonfly or metaphysics kernel is better), and product. There are a bunch of other partitions like the abls and xbls that will stay the same during a major android update release, are probably the same across variants, and are generally just safer to leave be. For the OP partition, we can flash it, and since TWRP still works even when you face OPID mismatch when trying to boot into system, we can just replace the totc.cfg in the new /OP with one we saved from the original one. All that said, here are the steps to do all that after you choose a variant to crossflash to. Beware that on the korean v50, after crossflashing, changing NT code appears to be necessary for networks to work, which can only be done when IMPL = 0. This might apply to the Korean g8 as well or other models, but I think all US models should be fine (just don't crossflash to the korean variant). A prerequisite of the guide is also to have backups of your partitions, so you can just flash them back if you run into any unfixable issues.
Prerequisites:
- Have a backup of all the partitions that will be altered / flashed in this guide (system, product, vendor, boot, and most importantly, OP)
- Have a working TWRP where you can mount OP configs and successfully see /OP/totc.cfg
- This will wipe your data along with your internal storage, so make sure to backup what you need
- Have the disable dm verity force encrypt twrp zip, which is included in either of the bl unlock guides
- Half optional: have metaphysics or dragonfly kernel as your boot img so that you don't end up using an old stock boot img on a newer software version and potentially not boot
- At least half a brain
1. Go to /OP/totc.cfg either in a root file manager or in TWRP and copy it to your computer, sdcard, or wherever will survive an internal storage wipe
2. Go on lg-firmwares and download your desired kdz. I would use either the latest Open Canada or Open US one. Just because canada might be on 20h and OPEN US is on 20c, that doesn't mean OPEN US is really that far behind in updates, it just received less in total, so it could have arrived at the same security patch as Open Canada while having a much lower version number. If you live in the US, just go with OPEN US (same goes for Canada), and if you live elsewhere maybe go with the Canadian kdz
3. https://github.com/steadfasterX/kdztools READ the documentation
4. Use the documentation to figure out how to extract the system, vendor, and product partitions from your downloaded kdz and do so!
5. https://bbs.lge.fun/thread-75.htm Use this guide to extract the OP partition from your kdz. This is by far the hardest part because kdztools can't do it correctly on its own.
6. Transfer all the partitions to your phone: system, vendor, product, OP
7. Flash all those partitions in TWRP
8. Hold down vol- + power until you reboot from within TWRP, and keep holding that key combination until you get back into TWRP again
9. Format data in TWRP
10. Mount OP configs, go to /OP in TWRP's file manager, and delete totc.cfg
11. Transfer your saved totc.cfg (from your original OP partition), to your internal storage, and then copy that to /OP again using TWRP's file manager
12. Flash the disable dm verity force encrypt zip
13. Done
Click to expand...
Click to collapse
Do you think this method can be tried for flashing G8S partitions on a T-mobile G8 ? I really need VoLTE and my G8S has it.
antintin said:
LG implemented a hardware lock, where you have an OPID (operator ID, such as sprint), and a value of either 1 or 0 for IMPL.
Click to expand...
Click to collapse
as far as I discovered, there is no HW lock but it seems it is about sth like a serial number (maybe device id) which is later checked by software and determines the original opid of the device. you can check device id by the query "at%deviceid" in modem while port check is enabled.
however, erasing some partitions will hinder sw to check and inspect opid. In Open_ca 20 you can erase modem (not modemst) and it fails to check and determine the original opid so it lets device to get flashed by any kdz, although later it is needed to modify opid in op partition.
hello i'm new to the forum and i have a doubt, my lg g8 is blocked to use only at&t chip, if i do the bootloader deblocking and change the rom i can use another operator's chip ?, i'm in brazil and i can't use an operator local
At the moment no custom Rom for lg g8
I followed every step exactly as described for extracting OP partition but the resulting file size is around 16 MBs larger than my device's OP partition (LG V50 V450) , and TWRP cannot flash it (throws file size larger than device error), so I flashed in EDL mode by QFIL but it has a warning (file overflow) and it flashed without issue but the device gets stuck at boot and off course I copied over my original totc.cfg to the OP partition but still stuck on the boot screen, I also flashed boot image from the KDZ to the boot partition still the same , BTW my active slot is A , and it doesn't matter which kdz I use I always end up with same file size of 716 MBs , but my device's OP partition is 700 MBs, I backed everything up and I have no issue going back to stock sprint.
On many occasions I didn't copy the totc.cfg back to the device on purpose and I did not get OPID mismatch error which concludes that OP Decryption method from KDZ is buggy (at least for V450)
So is there something that I missed here ? or is this only working for G8 ?
Same size mismatch error with trying to crossflash OP partition on my LG G8. So not working either.
armodons said:
Same size mismatch error with trying to crossflash OP partition on my LG G8. So not working either.
Click to expand...
Click to collapse
So I was not the only one, there has to be a better way to extract the OP partition , deleting the first 512 bytes of code may not be enough , maybe in the middle or at the there are other things that need to be deleted using Ultra edit.
Bronnel said:
So I was not the only one, there has to be a better way to extract the OP partition , deleting the first 512 bytes of code may not be enough , maybe in the middle or at the there are other things that need to be deleted using Ultra edit.
Click to expand...
Click to collapse
I think the extracted OP partition after eliminating the 512 bytes of data is probably the correct version because it can be extracted and the contents viewed--different phone variants may just have differently sized partitions. No idea how to get around this issue though...
armodons said:
I think the extracted OP partition after eliminating the 512 bytes of data is probably the correct version because it can be extracted and the contents viewed--different phone variants may just have differently sized partitions. No idea how to get around this issue though...
Click to expand...
Click to collapse
you are correct but I tried many KDZs including pie and all of them end up the same file size (roughly 716 MBs), I mean shouldn't there be at least a minor difference ?
I can't help those with issues creating the OP partition, although one would have to think others have tried to do that / had probs / posted results. There must be help for that in some threads somewhere...
I used the OP partition (from us 20c) in this thread, and was able to accomplish what I needed with a lot less effort then doing this 'crossflashing' (thnx Cloud Man).
So, what I needed? Really only wanted volte and vowifi to work with my mint mobile sim. My sprint phone with a10 20f continuously tried to connect to 'carrier services' (it couldn't, I'm not on sprint), and vowifi or volte didn't work with other carrier even though it was sim unlocked.
A simple fix was to use twrp and flash only the OP partition (as described in this thread), then also restore the original totc.cfg (also as described in this thread).
Edit 11/8/21: Note: You don't need to flash the totc.cfg if you have a sprint device and flashing the us Open OP provide here, it already has the totc changed to sprint.
That's it, didn't flash any of the other partitions (did try that way initially but got boot loop). So now my sprint device is basically indistinguishable from a US Open device. No sprint bloat, no more constantly trying to 'configure carrier services', and vowifi and volte work.
cheers
Not sure if this is terribly different than the one in the OirgPost (20c), but this is the OP from latest US OP kdz (20f).
Also, as in op notes, have to put your original totc file in place of the one that this comes with.
cheers
antintin said:
First, here is the link to the TWRP zip I made to crossflash the sprint g8 to Open US 20c: https://forum.xda-developers.com/showthread.php?t=4181557
Second, crossflashing is really only useful for two cases: you have an at&t or sprint g8 that you bootloader unlocked for other reasons and want to get updates, or you absolutely need volte and/or vowifi to work. Bootloader unlocking just to crossflash in the way explained below without further reasons is practically pointless.
I'll just repeat some things I said in that post to clarify why the following steps need to be done: on the g8 and v50, LG implemented a hardware lock, where you have an OPID (operator ID, such as sprint), and a value of either 1 or 0 for IMPL. I'm not entirely certain about this, but I think the IMPL value being true or false determines whether the OPID will be checked or not, and IMPL can only be made 0 with some hardware mods. The OPID exists somewhere in the hardware and is then crosschecked with an OPID in the software, and if they don't match, you're greeted with the words "OPID mismatch" on boot (unless IMPL = 0). However, I discovered that the OPID checked during boot is just /OP/totc.cfg, which is a just a one line .cfg file containing something like "SPR_US." So, we can just flash most of the relevant partitions that get updated in OTAs from a different kdz, including system, vendor, boot (although using dragonfly or metaphysics kernel is better), and product. There are a bunch of other partitions like the abls and xbls that will stay the same during a major android update release, are probably the same across variants, and are generally just safer to leave be. For the OP partition, we can flash it, and since TWRP still works even when you face OPID mismatch when trying to boot into system, we can just replace the totc.cfg in the new /OP with one we saved from the original one. All that said, here are the steps to do all that after you choose a variant to crossflash to. Beware that on the korean v50, after crossflashing, changing NT code appears to be necessary for networks to work, which can only be done when IMPL = 0. This might apply to the Korean g8 as well or other models, but I think all US models should be fine (just don't crossflash to the korean variant). A prerequisite of the guide is also to have backups of your partitions, so you can just flash them back if you run into any unfixable issues.
Prerequisites:
- Have a backup of all the partitions that will be altered / flashed in this guide (system, product, vendor, boot, and most importantly, OP)
- Have a working TWRP where you can mount OP configs and successfully see /OP/totc.cfg
- This will wipe your data along with your internal storage, so make sure to backup what you need
- Have the disable dm verity force encrypt twrp zip, which is included in either of the bl unlock guides
- Half optional: have metaphysics or dragonfly kernel as your boot img so that you don't end up using an old stock boot img on a newer software version and potentially not boot
- At least half a brain
1. Go to /OP/totc.cfg either in a root file manager or in TWRP and copy it to your computer, sdcard, or wherever will survive an internal storage wipe
2. Go on lg-firmwares and download your desired kdz. I would use either the latest Open Canada or Open US one. Just because canada might be on 20h and OPEN US is on 20c, that doesn't mean OPEN US is really that far behind in updates, it just received less in total, so it could have arrived at the same security patch as Open Canada while having a much lower version number. If you live in the US, just go with OPEN US (same goes for Canada), and if you live elsewhere maybe go with the Canadian kdz
3. https://github.com/steadfasterX/kdztools READ the documentation
4. Use the documentation to figure out how to extract the system, vendor, and product partitions from your downloaded kdz and do so!
5. https://bbs.lge.fun/thread-75.htm Use this guide to extract the OP partition from your kdz. This is by far the hardest part because kdztools can't do it correctly on its own.
6. Transfer all the partitions to your phone: system, vendor, product, OP
7. Flash all those partitions in TWRP
8. Hold down vol- + power until you reboot from within TWRP, and keep holding that key combination until you get back into TWRP again
9. Format data in TWRP
10. Mount OP configs, go to /OP in TWRP's file manager, and delete totc.cfg
11. Transfer your saved totc.cfg (from your original OP partition), to your internal storage, and then copy that to /OP again using TWRP's file manager
12. Flash the disable dm verity force encrypt zip
13. Done
Click to expand...
Click to collapse
Hello, I don't want to bother you but by any chance do you have any idea in which file or partition the "sim" network lock is, I want to test if I can unlock the network of an LG G8 ThinQ Xfinity mobile
AsItLies said:
Not sure if this is terribly different than the one in the OirgPost (20c), but this is the OP from latest US OP kdz (20f).
Also, as in op notes, have to put your original totc file in place of the one that this comes with.
cheers
Click to expand...
Click to collapse
Would I be able to do a simple update to A11 US OPEN using LGUP when /if the kdz comes?
mangojain said:
Would I be able to do a simple update to A11 US OPEN using LGUP when /if the kdz comes?
Click to expand...
Click to collapse
No, I don't think so. You could try it, might work, don't know that anyone has tried that as we don't have updates coming.
But worse case scenario is you follow the OP and re crossflash and go through setup again. Not that big of a deal.
cheers
AsItLies said:
No, I don't think so. You could try it, might work, don't know that anyone has tried that as we don't have updates coming.
But worse case scenario is you follow the OP and re crossflash and go through setup again. Not that big of a deal.
cheers
Click to expand...
Click to collapse
You see, extracting the OP partition is beyond me, so i would have to wait for an expert like you to do it, IF the update comes. Actually I'm fairly hopeful that it will, considering that the CA OPEN has come.
mangojain said:
You see, extracting the OP partition is beyond me, so i would have to wait for an expert like you to do it, IF the update comes. Actually I'm fairly hopeful that it will, considering that the CA OPEN has come.
Click to expand...
Click to collapse
well thanks, but as far as the US version becoming available, keep in mind that LG has a long history here. It seems that their contracts with other US carriers stipulate the US op version can't be released until the carriers release their version. So if one of the carriers doesn't do the update, the US will never be available.
I may try the ca open soon and will modify the latest US open OP to work with it, that may well be the best (latest) update ever available?
cheers