Related
This warning also serves to other variants.
I see that many users of this variant are using other variant binaries and images trying to unlock the bootloader and install TWRP recovery.
My advise is to not do this or you can end with a brick.
Even worse, when trying to unbrick the phone, people are using other variant nand backup images, this will lead you to the infamous lost IMEI problem, and from this point if you don't have your modemst partitions backups, you are lost.
Flashing KDZ won't recover these partitions, they are unique to your phone and are not flashed in a normal KDZ flash, the only way to flash them is in TWRP or ADB.
I already supplied the proper D410HN Kitkat v10c and Lollipop v20a/b/c (they are the same) unlocked aboots and bootstacks but people insist flashing files from other variants.
My advise is, after rooting your phone, before doing anything else, the first thing you must do is to backup your modemst1 and modemst2 partitions to make sure you IMEI data is safe. You can make this backup in ADB or Android Terminal app with:
Code:
dd if=/dev/block/platform/msm_sdcc.1/by-name/modemst1 of=/storage/external_SD/modemst1.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/modemst2 of=/storage/external_SD/modemst2.img
This will save modemst1.img and modemst2.img in your external microSD. If you want to save in your internal SD, replace /storage/external_SD to /sdcard.
Also, make a nand backup image in case of you need to make a testpoint or direct flash in nand to attempt to unbrick the phone.
Code:
dd if=/dev/block/mmcblk0 of=/storage/external_SD/unbrick.img bs=512 count=323583
This will save an unbrick.img in your external microSD. If you want to save in your internal SD, replace /storage/external_SD to /sdcard. Do not share this file with anyone else, this image have your IMEI data.
Why make your own unbrick.img file?
If you look at the partition table, you will have this:
Code:
GNU Parted 1.8.8.1.179-aef3
Using /dev/block/mmcblk0
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) unit s
unit s
(parted) print
print
Model: MMC 8WMB3R (sd/mmc)
Disk /dev/block/mmcblk0: 15269888s
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
1 16384s 147455s 131072s fat16 modem
2 147456s 149503s 2048s sbl1
3 149504s 150527s 1024s rpm
4 150528s 151551s 1024s tz
5 151552s 152575s 1024s sdi
6 152576s 156671s 4096s aboot
7 156672s 157695s 1024s rpmb
8 157696s 158719s 1024s tzb
9 158720s 162815s 4096s abootb
10 162816s 166911s 4096s pad
11 166912s 173055s 6144s modemst1
12 173056s 179199s 6144s modemst2
13 179200s 211967s 32768s misc
14 212992s 278527s 65536s ext4 persist
15 278528s 323583s 45056s laf
16 327680s 372735s 45056s boot
17 372736s 417791s 45056s recovery
18 417792s 423935s 6144s fsg
19 425984s 427007s 1024s fsc
20 427008s 428031s 1024s ssd
21 442368s 443391s 1024s DDR
22 458752s 459775s 1024s encrypt
23 459776s 460799s 1024s rct
24 475136s 491519s 16384s ext4 drm
25 491520s 507903s 16384s ext4 sns
26 507904s 548863s 40960s factory
27 548864s 614399s 65536s fota
28 622592s 624639s 2048s sbl1b
29 624640s 690175s 65536s ext4 mpt
30 704512s 909311s 204800s ext4 cust
31 917504s 918527s 1024s eksst
32 933888s 5128191s 4194304s ext4 system
33 5128192s 6971391s 1843200s ext4 cache
34 6971392s 15223807s 8252416s ext4 userdata
35 15237120s 15269854s 32735s grow
(parted)
This ubrick image have your partition table and the partitions until sector 323583 (partition 15 - laf), which is enough to enter in download mode and flash KDZ with LG Flash Tool and make a complete and perfect recover. This also explains why when you flash an unbrick image from a unknown source and variant you lose your IMEI, modemst1 (11) and modemst2 (12) partitions are flashed along, overwriting your unique data.
Keep your backups in a safe place and now you can go ahead and unlock the bootloader, install TWRP, change partitions size and etc knowing that if anything goes wrong, if you manage to unbrick your phone, you won't loose your IMEI.
Good luck :good:
Files:
Unlocked bootloaders (aboot):
D410HN KitKat v10c: http://www.mediafire.com/download/lg0ewb6vnl184mq/aboot_d410hn_v10c_unlocked_.zip
D410HN Lollipop v20abc: http://www.mediafire.com/download/dzp38dk9jivw31j/aboot_d410hn_v20abc_unlocked.zip
TWRP Custom Recovery: http://forum.xda-developers.com/lg-l90/development/recovery-twrp2-7-1-0lgl90w7xxshoxx-t2826150
Bootstacks:
D410HN KitKat v10c: http://www.mediafire.com/download/qx3cv5fzdzjsod2/Bootstack_D410hn_KitKat_v10c.zip
D410HN Lollipop v20c: http://www.mediafire.com/download/wxa5m1ch80hth54/Bootstack_D410hn_Lollipop_v20c.zip
Stock Flashable ZIP (for stock partition tables only):
D410HN KitKat v10c: http://www.mediafire.com/download/8u4zsj8tnyz4r6n/Flashable_D410hn_Stock_KitKat_v10c.zip
D410HN Lollipop v20c: http://www.mediafire.com/download/oqp0ubsq2jmzjph/Flashable_D410hn_Stock_Lollipop_v20c.zip
Thanks for posting these files for D410hn and warning owners of this LG L90 variant.
Recently, I decided to switch from stock to cyanogenmod and I got to find out your files in the middle of other posts.
Now this post made things crystal clear.
Thanks !
Gacrux, i must first of all thank you for your effort on gather all that info e put it on one post, this for us newbies was a great hand. But, for those like me that already have did things wrong, and already are on a mud puddle, and not expert like you guys here on XDA learning and teaching all concernments about root, flash, custom rom, stock, our beloved android, i must ask you some more of your patience, and write some more detailed tutorial, link us to posts that can help recover lost IMEI because used that russian files and process that you quote on another post. I managed after long time research to find a process that a could insert one of my IMEI to the slot one, but slot 2 stills IMEI "0", checked with *#06#. Interesting is that here on my home, phone are getting signal on both sims, i have tested and both can do and receive calls, data flow, etc, but when i got to drive to another near city, like go to my job, i loose signal on both. So, i dont have (i didnt know that i have to) that backups modemst1 and modemst2 partitions, what can i do ? I still can remove my battery and put on a paper that 2 IMEi numbers that i need, in case to do some process. I'm using D410HN lollipop 5.0.2, base band M8626A-AAAANAZM-1.0.6063 kernel 3.4.0+ ,next info LRX22G.A1440649755 and V20c-OP1-HQ What would be the steps i need to follow to at least try to put IMEI on place, unlock, install a more light rom, that consumes least internal storage space, but all functions like cameras, nfc, bluetooth, etc are working. I'm sure 100% that you will be helping a lot of people. Thanks another time, and awatin directions !
I'll try to look into this IMEI issue soon and try to find out if there is a chance to rebuild both modemst partitions with both SIM cards on D410hn, but from what I could find until now, I wouldn't get hopes up... In the past, when IMEI were stored in EFS partitions, they were stored in plain text and could be hex edited, but they don't do this anymore, I downloaded modemst partitions from two L90 and compared them and found out that this data is now fully encrypted.
You loose signal probably because you are using other variant modem and modemst data.
Regarding the storage issue, I have a self made slim version of stock v20c and modified the partition tool in this topic (http://forum.xda-developers.com/lg-...ck-partition-table-tool-lg-l90really-t2946323) to fit to my needs, and more importantly, to change the units he used to respect the partitions beginnings and ends (partition by sectors I find to be more precise and safe), I removed everything that I judged useless from the stock LG rom and remade the partition table to shrink system partition to give more room for userdata.
I removed this stuff from the original ROM:
/system/usbautorun.iso
/system/app/Books
/system/app/ChromeWithBrowser
/system/app/Drive
/system/app/Gmail2
/system/app/GoogleTTS
/system/app/Hangouts
/system/app/LGPCSuiteUI
/system/app/LGSearchWidgetProvider
/system/app/LGWeather
/system/app/LGWeatherService
/system/app/LGWeatherTheme
/system/app/Maps
/system/app/Music2
/system/app/Newsstand
/system/app/PlayGames
/system/app/PlusOne
/system/app/Street
/system/app/talkback
/system/app/Videos
/system/app/YouTube
/system/apps/bootup/LGBoxnet
/system/apps/bootup/LGFlashlightWidget
/system/apps/bootup/LGSmartWorld
/system/apps/bootup/LGTaskManager
/system/priv-app/LGApplicationManager
/system/priv-app/LGBackup
/system/priv-app/LGBrowser
/system/priv-app/LGDictionary
/system/priv-app/LGDMSClient
/system/priv-app/LGEasyHome
/system/priv-app/LGEmail
/system/priv-app/LGFileManager
/system/priv-app/LGMemo
/system/priv-app/LGPCSuite
/system/priv-app/LGQTranslator
/system/priv-app/LGUpdateCenter
/system/priv-app/Velvet
/system/vendor/carrier/system/LGRemoteCall
/system/vendor/carrier/system/rspermlge
/system/vendor/overlay/com.android.browser
/system/vendor/overlay/com.lge.appbox.client
/system/vendor/overlay/com.lge.bnr
/system/vendor/overlay/com.lge.easyhome
/system/vendor/overlay/com.lge.email
/system/vendor/overlay/com.lge.filemanager
/system/vendor/overlay/com.lge.lgworld
/system/vendor/overlay/com.lge.task
/system/vendor/overlay/com.lge.updatecenter
/system/vendor/overlay/com.lge.sizechangable.weather
/system/vendor/overlay/com.lge.sizechangable.weather.theme.optimus
My post on the repartition tool thread about my personal changes: http://forum.xda-developers.com/showpost.php?p=63218497&postcount=151
So, about that modem partitions, i read somewhere, that some "box" called octopus/octoplus can repair that **** i did on my phone e by that restore that 2 IMEI to his place, i looked into some tecnicians here im my city, but anyone have that, nor knows nothing that can repair, help me, i will try a day off my job next week to search on a bigger city for a technical assistance that have this box to try it out, this is what i could found, about this problem losing imei by overrun that partition where they are writed. I must say that I have encountered too much resistence from the people that knows how to do the process, because they think i stole the phone, even seeing me gather to his front door inside my police uniform. I must thank you Gacrux another time to be willing to help me and other people, even without know me, thank you man ! About your rom, all hardware is functional ? Did you managed to reduce the size of that system data about to 4.21 GB that are untouchable, chequing from configuration=>general=>storage just below cache data, "many" where when i click i can see that "system data" in about 4.21 GB. I already did a full wipe, but i dont have a custom recovery, because i tried to install twrp from "rom installer" from JRummy and it says that no one is compatible with my phone. This is one thing that i wanted to with a custom recovery, install a custom rom that have this system data a little smaller.
My phone is fully functional, mainly because from the start I never flashed other variant files in my phone and after rooting I knew it was a wise move to backup my modemst partitions before doing anything else after root the phone.
When I decided to mod my L90 I saw that nobody had unlocked the D410hn variant or made proper bootstack for us, with a little search I realized how to unlock our kitkat and lollipop aboots with IDA disassembler and built the proper bootstack from the partitions extracted of our kdz file.
As far as I tested, from bootloader downgrade and softbricks, the modemst and own unbrick images were enough to make a perfect recover of the phone (I had to simulate some scenarios in my own phone to test if my files and my advises would actually work).
Unfortunately, for the ones that didn't know that they MUST do some obligatory backups files, the lack of these backups lead them to problems like the one you are facing.
Custom recovery can be flashed with adb, no need for app, I'll post later when I arrive home.
System partition is actually 2GB. With stock LG ROM, there are around 60MB free. The debloating I did freed around 610MB, this allowed me to reduce system partition to 1.39GB. Also, I reduced cache partition from 900MB to 64MB. The difference was given to userdata partition, allowing me to grow from the stock 3.34GB to 5.38GB.
thank you your attention ! From your knowledge im making my own, thank you for advices too, that i will follow for sure !
To flash custom recovery with adb only (needs root and unlocked bootloader, if you already have, there is no need to repeat):
1. Root.
2. Copy aboot.bin and recovery.img (rename TWRP_2.8.7.0_270615_L90.img) to the root of your external microSD card.
3. Open adb shell or android terminal, take superuser permission with su and allow it in your phone screen.
4. Flash the hacked unlocked bootloader for D410HN Lollipop with dd if=/storage/external_SD/aboot.bin of=/dev/block/platform/msm_sdcc.1/by-name/aboot
5. Flash custom recovery (TWRP) with dd if=/storage/external_SD/recovery.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
To boot the custom recovery, from android you can send reboot recovery in adb or terminal (needs su). To boot recovery from the phone off, hold VOL - and PWR, when LG logo appears, release and hold PWR button. A blank screen asking to reset the phone to factory settings will appear, select YES twice and wait custom recovery to boot. Don't worry, your phone won't be reset since stock recovery was replaced with a custom one.
Well, i think i can take that line of commands with ADB, but the problem here is that files, can you please link that needed files that are "for sure" functioning in D410HN lollipop 5.0.2, because i dont want a new brick ! You can link to some post, that you are certain about, and i will go there e download, thanks again !
edit: I dont have unlocked bootloader, because, as i said i was feared that i could download wrong files and did **** again, if you can help in this one too, i will pay a beer !
edit: About root, i tried purpledrake, towelroot, and others, last one, and only that works was kingroot, fully functional, checked with root checker.
I think I found a way to recover the second SIM IMEI.
Requires Qualcomm Product Support Tools (QPST), HxD (or any other decent hex editor), LG Mobile Support Tool and an IMEI to HEX converter.
Though I didn't tested it myself in my own phone, I believe it's going to works, also in any Dual-SIM variant.
I'll first try to find a way to convert the SIM to those HEX values (they are not a straight text to HEX conversion), if OK, I'll write something about this matter and will post soon.
---
It's done, read: http://forum.xda-developers.com/lg-l90/general/imei-fix-2nd-sim-slot-t3229097
Hi there. I also have a D410hn. I was on 20b rooted and using TWRP, then the 20c upgrade came. So I've used your 20c flashable zip to go to 20c.
It worked just fine, then I've used the flashable superuser as you've suggested and it worked just fine too. The problem is that when I go to phone settings -> about this phone -> software info it displays "V20B-SCA-XXXX". I've checked build.prop and it shows 20c, so what's wrong?
If I flash your 20c bootstack it will fix it? Will I lose something like have to root or install custom recovery again?
Thanks
Sent from my LG-D410 using XDA Free mobile app
Flash v20c bootstack. Lollipop bootstack v20c is different from v20ab, as noted here: http://forum.xda-developers.com/showpost.php?p=63292272&postcount=57
The user who edits the topic didn't updated to include the newer bootstack for D410hn.
You are not going to loose anything since it won't flash boot and system partitions.
It worked, settings display 20c now. Thanks
Sent from my LG-D410 using XDA Free mobile app
Hello. I have D405n and when I try to unlock bootloader i bricked phone. Then I was searching for solution and somehow did that with success but in setting phone was D405 (without N). It was few months ago but these days I was testing custom roms and noticed that on rom 5.1.1 i dont have imei and dont have signal, but on stock lollipop I have signal but imei is zero. Any ideas how to fix this?
Would help flashing loader?
Fangio92 said:
Hello. I have D405n and when I try to unlock bootloader i bricked phone. Then I was searching for solution and somehow did that with success but in setting phone was D405 (without N). It was few months ago but these days I was testing custom roms and noticed that on rom 5.1.1 i dont have imei and dont have signal, but on stock lollipop I have signal but imei is zero. Any ideas how to fix this?
Would help flashing loader?
Click to expand...
Click to collapse
Try QPST: http://forum.xda-developers.com/showthread.php?t=2701861
This can also be a 5.1.1 issue or you are in a different bootloader. CM development for L90 is a little messy, don't know if it's using kitkat or lollipop bootloader now.
How to flash stock bootloader? I try flashing 4.4 kdz and 5.0 kdz and its the same.
Fangio92 said:
How to flash stock bootloader? I try flashing 4.4 kdz and 5.0 kdz and its the same.
Click to expand...
Click to collapse
http://forum.xda-developers.com/lg-l90/general/guide-flash-stock-kdz-offline-lg-l90-t2803479
Done that few times and its the same... QPST not working but with EFS I manage to read data but not to write.
If I get a backup of another L90 and restore it to mine, and then change the IMEI 1 through the QPST, does it works?
ps .: my IMEI 2 is zero
LG-D410HN "deadboot"
Hello, have a LG D410hn with deadboot, someone would have Loader.img file D410hn (Brazil), as did only with the D410 and the front camera has stopped working and zeroed IMEI. If anyone can help I am grateful!
TWRP is an open source, community project. TWRP development is done by roughly 4 people at this point. We also have a large support community with many people who are willing to answer questions and help people with their devices either through our IRC channel or on forums like xda-developers.
Team Win was originally formed to work on porting WiMAX to CM7 for the HTC EVO 4G. After our work on the EVO 4G we wanted to work on a project that would work on more devices than just the EVO 4G and we settled on working on a recovery. Today TWRP is the leading custom recovery for Android phones.
A custom recovery is used for installing custom software on your device. This custom software can include smaller modifications like rooting your device or even replacing the firmware of the device with a completely custom "ROM" like OmniROM
Click to expand...
Click to collapse
WARNING!!! Be careful what you do here. One mistake and the device is soft-bricked. I take no responsibility for bricked devices, lost warranty or even OTAs not working!! Booting and/or flashing files from this post is on your own risk.
Requirements
Unlocked bootloader
Yoga Tablet 3 Plus with and without LTE (YT-X703L and YT-X703F) are supported
Known Issues
WARNING! Our device uses dm-verity (verified boot). The system partition should remain read-only. Otherwise a bootloop will occur. You can flash my modified kernel or SuperSU to resolve this but OTA's are no longer possible! You have to restore a factory image or clean system backup to receive OTAs
Potentially DRM keys are lost! Pure unlocking and rooting does not cause the issue. However, there have been reports of lost DRM keys by some unknown action. It is advised to act with caution. Losing your DRM keys can lead to issues with some apps which use DRM which could then have limited or no functionality. E.g. Netflix will only stream in SD (480p). You can check with DRM info if you still have L1 security level which means DRM keys are intact.
Download
Official TWRP for YT-X703F (Wifi): twrp.me
Official TWRP for YT-X703L (LTE): twrp.me
Instructions
Install fastboot and adb on your PC, e.g. from here
Enable developer options and in there select to unlock your bootloader by enabling OEM unlock and enable USB debugging
Connect your PC to your tablet and run
Code:
adb reboot bootloader
using adb on command line. The tablet will reboot into bootloader mode where you will only see the Lenovo logo. Now you use
Code:
fastboot oem unlock-go
to unlock. This will factory reset your device
Setup the tablet again and reboot again to the bootloader
Then run
Code:
fastboot boot twrp-3.2.1-0-yt_x703f.img
to temporarily boot into TWRP. You can also flash if you are sure
Select to keep system read only when TWRP starts to avoid modification which will make OTAs impossible
Optionally flash SuperSU or Magisk in TWRP which should install system less. Keep OEM unlock enabled if you flash or modify anything
Additional Downloads
Backup of original boot, recovery and system image for YT-X703F S000936: MEGA
Modified Boot image with forceencrypt disabled and it switches off CABC fully. You need to factory reset after flashing to format data without encryption boot_yt_x703f_s000963_noforceencrypt_cabc.img (YT-X703F S000963) / boot_yt_x703l_s000963_noforceencrypt_cabc.img (YT-X703L S000963) . Use
Code:
fastboot flash boot boot_yt_x703f_s000963_noforceencrypt_cabc.img
to flash the kernel in fastboot. SuperSU or Magisk should be flashed afterwards if root is desired.
Full factory images with flash tool and instructions YT_X703F_S000689, YT_X703L_S000704, YT_X703F_S000725, YT_X703L_S000725, YT_X703F_S000734, YT_X703L_S000734, YT_X703L_S000744, YT-X703F_S000744, YT-X703L_S000963, YT-X703F_S000963 and OTA updates: MEGA (These images contain the individual boot, recovery and system images that you need to restore from any modification mentioned above)
System Updates (OTA)
In order to successfully apply Lenovo system updates after root you have to restore the original boot, recovery (if you flashed TWRP) and system partitions from your current installed version (e.g. S000744) for your variant of the tablet. This will NOT delete your apps and data but will unroot. Note that OTAs are block based and always check the contents of most of the partitions. This means that all of these partitions (except your data) have to be original and have to be on the exact same version (e.g. S000734) for the update to succeed.
See here for instructions how to restore the partitions with fastboot.
Credits
@pogo1975 - for providing the factory images and fixing the AV sync issue
@launcher20 and @deecept - for testing the LTE version
TeamWin
Changelog
v4:
Now official TWRP with version 3.0.3-0
v3:
enable full disk encryption for access to the encrypted data partition
update TWRP kernel to latest S000725 version
v2:
add support for LTE variant (YT-X703L)
add further mount points to be able to backup more data
Thanks buddy! You are an absolute champion! Tell me what you need me to do and I'll do it before rooting and up load what you need.
Doing good work here.
Who wants to bet on a race between matshias and Lenovo support for who can fix the issues with this device first?
That's great and fast, I'm thinking tab 3 plus is getting hot now.
Great to see there is something moving for the yoga now. You think it will support the lte Version anytime? Or maybee even lineageos?
so you know, i've managed to install xposed thanks to this thread https://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268 and is working well.
wayney said:
Thanks buddy! You are an absolute champion! Tell me what you need me to do and I'll do it before rooting and up load what you need.
Click to expand...
Click to collapse
Well if you haven't modified anything yet then it'd be great if you can boot into TWRP with system read only and then connect via ADB to the tablet with a big SD card inserted which has enough free space (4 GB).
The run the following command
Code:
dd if=/dev/block/bootdevice/by-name/system of=/sdcard1/system.img
This will take a while. Then copy the file system.img from your SD card to a PC and zip it (or 7z, rar). Then upload it
Gogoho said:
Great to see there is something moving for the yoga now. You think it will support the lte Version anytime? Or maybee even lineageos?
Click to expand...
Click to collapse
The LTE variant is probably very similar and it wouldn't be much work. But I don't own the device, so I would need some help. So someone with the LTE variant who is not afraid to experiment with fastboot and adb and who can provide me with the details needed I am happy to compile a TWRP for it.
LineageOS is much much more work than TWRP. For an experienced cyanogenmod/LineageOS dev it is not much of a thing and would take only a few days, especially since it is a Qualcomm device and there are already ports for devices with SD 652. But for me this is new as well so it'll take much longer. As soon as I have time I'll look into it.
matshias said:
Well if you haven't modified anything yet then it'd be great if you can boot into TWRP with system read only and then connect via ADB to the tablet with a big SD card inserted which has enough free space (4 GB).
The run the following command
Code:
dd if=/dev/block/bootdevice/by-name/system of=/sdcard1/system.img
This will take a while. Then copy the file system.img from your SD card to a PC and zip it (or 7z, rar). Then upload it
Click to expand...
Click to collapse
You forgot to tell me to go to adb shell :silly:
DD is currently doing a dump, non interactive so I hope it is still alive, it has been close to 1 hour so far. I will upload the clean image once it is done and await further instructions from you. :good:
I'm in Perth, Western Australia (UTC +8:00), so we might be playing timezone tag.
wayney said:
You forgot to tell me to go to adb shell :silly:
DD is currently doing a dump, non interactive so I hope it is still alive, it has been close to 1 hour so far. I will upload the clean image once it is done and await further instructions from you. :good:
I'm in Perth, Western Australia (UTC +8:00), so we might be playing timezone tag.
Click to expand...
Click to collapse
I think I forgot one more thing. The external SD card needs to be mounted in the TWRP menu. I believe it's not mounted automatically. So the DD command does nothing. It shouldn't take that long. Sorry about that!
It's UTC +1:00 here in Germany
matshias said:
Well if you haven't modified anything yet then it'd be great if you can boot into TWRP with system read only and then connect via ADB to the tablet with a big SD card inserted which has enough free space (4 GB).
The run the following command
Code:
dd if=/dev/block/bootdevice/by-name/system of=/sdcard1/system.img
This will take a while. Then copy the file system.img from your SD card to a PC and zip it (or 7z, rar). Then upload it
Click to expand...
Click to collapse
matshias said:
I think I forgot one more thing. The external SD card needs to be mounted in the TWRP menu. I believe it's not mounted automatically. So the DD command does nothing. It shouldn't take that long. Sorry about that!
It's UTC +1:00 here in Germany
Click to expand...
Click to collapse
I was wondering why nothing was happening after 3 hours.
I have rared it and it is uploading at the moment, it is going to take 5 hours.
wayney said:
I was wondering why nothing was happening after 3 hours.
I have rared it and it is uploading at the moment, it is going to take 5 hours.
Click to expand...
Click to collapse
Wow ok. Well thanks a lot for your efforts. This will not just help me but anyone with modified system partition to get OTAs.
Unmodified System Image
Here is the vanilla image via DD of the system partition.
Software Version : YT-X703F_160817
Android Version : 6.0.1
Security Patch Level : 1 September 2016
Kernel Version : 3.10.84-perf
Build Number : YT-X703F_S000689_161105_ROW
Tablet purchased retail from Australia.
https://mega.nz/#!bos0GIjI!vcO9dpSJX...Grjb7k3z6mjnqA
wayney said:
Here is the vanilla image via DD of the system partition.
Software Version : YT-X703F_160817
Android Version : 6.0.1
Security Patch Level : 1 September 2016
Kernel Version : 3.10.84-perf
Build Number : YT-X703F_S000689_161105_ROW
Tablet purchased retail from Australia.
https://mega.nz/#!bos0GIjI
Click to expand...
Click to collapse
Perfect!!
Can you send me the key for the download via PM or post it?
matshias said:
Perfect!!
Can you send me the key for the download via PM or post it?
Click to expand...
Click to collapse
Let's try that again.
https://mega.nz/#!bos0GIjI!vcO9dpSJXp6cKtdH07Kt0RSaqpqQ7Grjb7k3z6mjnqA
matshias said:
Wow ok. Well thanks a lot for your efforts. This will not just help me but anyone with modified system partition to get OTAs.
Click to expand...
Click to collapse
Thank you guys for spending times on it, it would be wonderful if Lenovo people do thing like this way, too.
In the depths of the Russian Internet i have found this
YT-X703F_USR_S000689_1611051146_Q00237_ROW.zip
https://drive.google.com/drive/folders/0B_jGuhC9WsNfYUZzZmhRY2NhQlU?usp=sharing
it is supose to be complete image to Wifi-Version.
I HAVE NOT FLASHED THIS YET. Do it on your risk.
pogo1975 said:
In the depths of the Russian Internet i have found this
YT-X703F_USR_S000689_1611051146_Q00237_ROW.zip
https://drive.google.com/drive/folders/0B_jGuhC9WsNfYUZzZmhRY2NhQlU?usp=sharing
it is supose to be complete image to Wifi-Version.
I HAVE NOT FLASHED THIS YET. Do it on your risk.
Click to expand...
Click to collapse
Hahaha got to love the dark corner of the Russian internets :laugh:
pogo1975 said:
In the depths of the Russian Internet i have found this
YT-X703F_USR_S000689_1611051146_Q00237_ROW.zip
https://drive.google.com/drive/folders/0B_jGuhC9WsNfYUZzZmhRY2NhQlU?usp=sharing
it is supose to be complete image to Wifi-Version.
I HAVE NOT FLASHED THIS YET. Do it on your risk.
Click to expand...
Click to collapse
If that's real it would have saved me a lot of time finding the loophole in the system to extract the boot and recovery image. But still a great find which will rescue some soft-bricked devices.
matshias said:
If that's real it would have saved me a lot of time finding the loophole in the system to extract the boot and recovery image. But still a great find which will rescue some soft-bricked devices.
Click to expand...
Click to collapse
so long as it's safe and not loaded with malware...
First, here is the link to the TWRP zip I made to crossflash the sprint g8 to Open US 20c: https://forum.xda-developers.com/showthread.php?t=4181557
Second, crossflashing is really only useful for two cases: you have an at&t or sprint g8 that you bootloader unlocked for other reasons and want to get updates, or you absolutely need volte and/or vowifi to work. Bootloader unlocking just to crossflash in the way explained below without further reasons is practically pointless.
I'll just repeat some things I said in that post to clarify why the following steps need to be done: on the g8 and v50, LG implemented a hardware lock, where you have an OPID (operator ID, such as sprint), and a value of either 1 or 0 for IMPL. I'm not entirely certain about this, but I think the IMPL value being true or false determines whether the OPID will be checked or not, and IMPL can only be made 0 with some hardware mods. The OPID exists somewhere in the hardware and is then crosschecked with an OPID in the software, and if they don't match, you're greeted with the words "OPID mismatch" on boot (unless IMPL = 0). However, I discovered that the OPID checked during boot is just /OP/totc.cfg, which is a just a one line .cfg file containing something like "SPR_US." So, we can just flash most of the relevant partitions that get updated in OTAs from a different kdz, including system, vendor, boot (although using dragonfly or metaphysics kernel is better), and product. There are a bunch of other partitions like the abls and xbls that will stay the same during a major android update release, are probably the same across variants, and are generally just safer to leave be. For the OP partition, we can flash it, and since TWRP still works even when you face OPID mismatch when trying to boot into system, we can just replace the totc.cfg in the new /OP with one we saved from the original one. All that said, here are the steps to do all that after you choose a variant to crossflash to. Beware that on the korean v50, after crossflashing, changing NT code appears to be necessary for networks to work, which can only be done when IMPL = 0. This might apply to the Korean g8 as well or other models, but I think all US models should be fine (just don't crossflash to the korean variant). A prerequisite of the guide is also to have backups of your partitions, so you can just flash them back if you run into any unfixable issues.
Prerequisites:
- Have a backup of all the partitions that will be altered / flashed in this guide (system, product, vendor, boot, and most importantly, OP)
- Have a working TWRP where you can mount OP configs and successfully see /OP/totc.cfg
- This will wipe your data along with your internal storage, so make sure to backup what you need
- Have the disable dm verity force encrypt twrp zip, which is included in either of the bl unlock guides
- Half optional: have metaphysics or dragonfly kernel as your boot img so that you don't end up using an old stock boot img on a newer software version and potentially not boot
- At least half a brain
1. Go to /OP/totc.cfg either in a root file manager or in TWRP and copy it to your computer, sdcard, or wherever will survive an internal storage wipe
2. Go on lg-firmwares and download your desired kdz. I would use either the latest Open Canada or Open US one. Just because canada might be on 20h and OPEN US is on 20c, that doesn't mean OPEN US is really that far behind in updates, it just received less in total, so it could have arrived at the same security patch as Open Canada while having a much lower version number. If you live in the US, just go with OPEN US (same goes for Canada), and if you live elsewhere maybe go with the Canadian kdz
3. https://github.com/steadfasterX/kdztools READ the documentation
4. Use the documentation to figure out how to extract the system, vendor, and product partitions from your downloaded kdz and do so!
5. https://bbs.lge.fun/thread-75.htm Use this guide to extract the OP partition from your kdz. This is by far the hardest part because kdztools can't do it correctly on its own.
6. Transfer all the partitions to your phone: system, vendor, product, OP
7. Flash all those partitions in TWRP
8. Hold down vol- + power until you reboot from within TWRP, and keep holding that key combination until you get back into TWRP again
9. Format data in TWRP
10. Mount OP configs, go to /OP in TWRP's file manager, and delete totc.cfg
11. Transfer your saved totc.cfg (from your original OP partition), to your internal storage, and then copy that to /OP again using TWRP's file manager
12. Flash the disable dm verity force encrypt zip
13. Done
Hello, I have a question, does this procedure unlock the carrier? Or, is it still locked for sprint SIM cards?, Thanks.
Nice guide. Thank you so much! Now I can use Open firmware without unused operation apps.
Since we have the programmer file for EDL I would like to do this for my g8x sprint variant. However I still need to sim unlock it first before I attempt to boot loader unlock it. The OPID is in the first 2 offsets of hex code in the OP_a.bin image.
For example my partition dump for my G8x g850um reads the below
Code:
TMO_US
MSVN 0
So I extracted the tot file from the phone image dump and verified this for myself and am confused as to why it says TMO_US if I have a sprint splash screen. Was my phone cross flashed before I got it? How to I verify what the IMPL value is? Where is that stored?
antintin said:
First, here is the link to the TWRP zip I made to crossflash the sprint g8 to Open US 20c: https://forum.xda-developers.com/showthread.php?t=4181557
Second, crossflashing is really only useful for two cases: you have an at&t or sprint g8 that you bootloader unlocked for other reasons and want to get updates, or you absolutely need volte and/or vowifi to work. Bootloader unlocking just to crossflash in the way explained below without further reasons is practically pointless.
I'll just repeat some things I said in that post to clarify why the following steps need to be done: on the g8 and v50, LG implemented a hardware lock, where you have an OPID (operator ID, such as sprint), and a value of either 1 or 0 for IMPL. I'm not entirely certain about this, but I think the IMPL value being true or false determines whether the OPID will be checked or not, and IMPL can only be made 0 with some hardware mods. The OPID exists somewhere in the hardware and is then crosschecked with an OPID in the software, and if they don't match, you're greeted with the words "OPID mismatch" on boot (unless IMPL = 0). However, I discovered that the OPID checked during boot is just /OP/totc.cfg, which is a just a one line .cfg file containing something like "SPR_US." So, we can just flash most of the relevant partitions that get updated in OTAs from a different kdz, including system, vendor, boot (although using dragonfly or metaphysics kernel is better), and product. There are a bunch of other partitions like the abls and xbls that will stay the same during a major android update release, are probably the same across variants, and are generally just safer to leave be. For the OP partition, we can flash it, and since TWRP still works even when you face OPID mismatch when trying to boot into system, we can just replace the totc.cfg in the new /OP with one we saved from the original one. All that said, here are the steps to do all that after you choose a variant to crossflash to. Beware that on the korean v50, after crossflashing, changing NT code appears to be necessary for networks to work, which can only be done when IMPL = 0. This might apply to the Korean g8 as well or other models, but I think all US models should be fine (just don't crossflash to the korean variant). A prerequisite of the guide is also to have backups of your partitions, so you can just flash them back if you run into any unfixable issues.
Prerequisites:
- Have a backup of all the partitions that will be altered / flashed in this guide (system, product, vendor, boot, and most importantly, OP)
- Have a working TWRP where you can mount OP configs and successfully see /OP/totc.cfg
- This will wipe your data along with your internal storage, so make sure to backup what you need
- Have the disable dm verity force encrypt twrp zip, which is included in either of the bl unlock guides
- Half optional: have metaphysics or dragonfly kernel as your boot img so that you don't end up using an old stock boot img on a newer software version and potentially not boot
- At least half a brain
1. Go to /OP/totc.cfg either in a root file manager or in TWRP and copy it to your computer, sdcard, or wherever will survive an internal storage wipe
2. Go on lg-firmwares and download your desired kdz. I would use either the latest Open Canada or Open US one. Just because canada might be on 20h and OPEN US is on 20c, that doesn't mean OPEN US is really that far behind in updates, it just received less in total, so it could have arrived at the same security patch as Open Canada while having a much lower version number. If you live in the US, just go with OPEN US (same goes for Canada), and if you live elsewhere maybe go with the Canadian kdz
3. https://github.com/steadfasterX/kdztools READ the documentation
4. Use the documentation to figure out how to extract the system, vendor, and product partitions from your downloaded kdz and do so!
5. https://bbs.lge.fun/thread-75.htm Use this guide to extract the OP partition from your kdz. This is by far the hardest part because kdztools can't do it correctly on its own.
6. Transfer all the partitions to your phone: system, vendor, product, OP
7. Flash all those partitions in TWRP
8. Hold down vol- + power until you reboot from within TWRP, and keep holding that key combination until you get back into TWRP again
9. Format data in TWRP
10. Mount OP configs, go to /OP in TWRP's file manager, and delete totc.cfg
11. Transfer your saved totc.cfg (from your original OP partition), to your internal storage, and then copy that to /OP again using TWRP's file manager
12. Flash the disable dm verity force encrypt zip
13. Done
Click to expand...
Click to collapse
Do you think this method can be tried for flashing G8S partitions on a T-mobile G8 ? I really need VoLTE and my G8S has it.
antintin said:
LG implemented a hardware lock, where you have an OPID (operator ID, such as sprint), and a value of either 1 or 0 for IMPL.
Click to expand...
Click to collapse
as far as I discovered, there is no HW lock but it seems it is about sth like a serial number (maybe device id) which is later checked by software and determines the original opid of the device. you can check device id by the query "at%deviceid" in modem while port check is enabled.
however, erasing some partitions will hinder sw to check and inspect opid. In Open_ca 20 you can erase modem (not modemst) and it fails to check and determine the original opid so it lets device to get flashed by any kdz, although later it is needed to modify opid in op partition.
hello i'm new to the forum and i have a doubt, my lg g8 is blocked to use only at&t chip, if i do the bootloader deblocking and change the rom i can use another operator's chip ?, i'm in brazil and i can't use an operator local
At the moment no custom Rom for lg g8
I followed every step exactly as described for extracting OP partition but the resulting file size is around 16 MBs larger than my device's OP partition (LG V50 V450) , and TWRP cannot flash it (throws file size larger than device error), so I flashed in EDL mode by QFIL but it has a warning (file overflow) and it flashed without issue but the device gets stuck at boot and off course I copied over my original totc.cfg to the OP partition but still stuck on the boot screen, I also flashed boot image from the KDZ to the boot partition still the same , BTW my active slot is A , and it doesn't matter which kdz I use I always end up with same file size of 716 MBs , but my device's OP partition is 700 MBs, I backed everything up and I have no issue going back to stock sprint.
On many occasions I didn't copy the totc.cfg back to the device on purpose and I did not get OPID mismatch error which concludes that OP Decryption method from KDZ is buggy (at least for V450)
So is there something that I missed here ? or is this only working for G8 ?
Same size mismatch error with trying to crossflash OP partition on my LG G8. So not working either.
armodons said:
Same size mismatch error with trying to crossflash OP partition on my LG G8. So not working either.
Click to expand...
Click to collapse
So I was not the only one, there has to be a better way to extract the OP partition , deleting the first 512 bytes of code may not be enough , maybe in the middle or at the there are other things that need to be deleted using Ultra edit.
Bronnel said:
So I was not the only one, there has to be a better way to extract the OP partition , deleting the first 512 bytes of code may not be enough , maybe in the middle or at the there are other things that need to be deleted using Ultra edit.
Click to expand...
Click to collapse
I think the extracted OP partition after eliminating the 512 bytes of data is probably the correct version because it can be extracted and the contents viewed--different phone variants may just have differently sized partitions. No idea how to get around this issue though...
armodons said:
I think the extracted OP partition after eliminating the 512 bytes of data is probably the correct version because it can be extracted and the contents viewed--different phone variants may just have differently sized partitions. No idea how to get around this issue though...
Click to expand...
Click to collapse
you are correct but I tried many KDZs including pie and all of them end up the same file size (roughly 716 MBs), I mean shouldn't there be at least a minor difference ?
I can't help those with issues creating the OP partition, although one would have to think others have tried to do that / had probs / posted results. There must be help for that in some threads somewhere...
I used the OP partition (from us 20c) in this thread, and was able to accomplish what I needed with a lot less effort then doing this 'crossflashing' (thnx Cloud Man).
So, what I needed? Really only wanted volte and vowifi to work with my mint mobile sim. My sprint phone with a10 20f continuously tried to connect to 'carrier services' (it couldn't, I'm not on sprint), and vowifi or volte didn't work with other carrier even though it was sim unlocked.
A simple fix was to use twrp and flash only the OP partition (as described in this thread), then also restore the original totc.cfg (also as described in this thread).
Edit 11/8/21: Note: You don't need to flash the totc.cfg if you have a sprint device and flashing the us Open OP provide here, it already has the totc changed to sprint.
That's it, didn't flash any of the other partitions (did try that way initially but got boot loop). So now my sprint device is basically indistinguishable from a US Open device. No sprint bloat, no more constantly trying to 'configure carrier services', and vowifi and volte work.
cheers
Not sure if this is terribly different than the one in the OirgPost (20c), but this is the OP from latest US OP kdz (20f).
Also, as in op notes, have to put your original totc file in place of the one that this comes with.
cheers
antintin said:
First, here is the link to the TWRP zip I made to crossflash the sprint g8 to Open US 20c: https://forum.xda-developers.com/showthread.php?t=4181557
Second, crossflashing is really only useful for two cases: you have an at&t or sprint g8 that you bootloader unlocked for other reasons and want to get updates, or you absolutely need volte and/or vowifi to work. Bootloader unlocking just to crossflash in the way explained below without further reasons is practically pointless.
I'll just repeat some things I said in that post to clarify why the following steps need to be done: on the g8 and v50, LG implemented a hardware lock, where you have an OPID (operator ID, such as sprint), and a value of either 1 or 0 for IMPL. I'm not entirely certain about this, but I think the IMPL value being true or false determines whether the OPID will be checked or not, and IMPL can only be made 0 with some hardware mods. The OPID exists somewhere in the hardware and is then crosschecked with an OPID in the software, and if they don't match, you're greeted with the words "OPID mismatch" on boot (unless IMPL = 0). However, I discovered that the OPID checked during boot is just /OP/totc.cfg, which is a just a one line .cfg file containing something like "SPR_US." So, we can just flash most of the relevant partitions that get updated in OTAs from a different kdz, including system, vendor, boot (although using dragonfly or metaphysics kernel is better), and product. There are a bunch of other partitions like the abls and xbls that will stay the same during a major android update release, are probably the same across variants, and are generally just safer to leave be. For the OP partition, we can flash it, and since TWRP still works even when you face OPID mismatch when trying to boot into system, we can just replace the totc.cfg in the new /OP with one we saved from the original one. All that said, here are the steps to do all that after you choose a variant to crossflash to. Beware that on the korean v50, after crossflashing, changing NT code appears to be necessary for networks to work, which can only be done when IMPL = 0. This might apply to the Korean g8 as well or other models, but I think all US models should be fine (just don't crossflash to the korean variant). A prerequisite of the guide is also to have backups of your partitions, so you can just flash them back if you run into any unfixable issues.
Prerequisites:
- Have a backup of all the partitions that will be altered / flashed in this guide (system, product, vendor, boot, and most importantly, OP)
- Have a working TWRP where you can mount OP configs and successfully see /OP/totc.cfg
- This will wipe your data along with your internal storage, so make sure to backup what you need
- Have the disable dm verity force encrypt twrp zip, which is included in either of the bl unlock guides
- Half optional: have metaphysics or dragonfly kernel as your boot img so that you don't end up using an old stock boot img on a newer software version and potentially not boot
- At least half a brain
1. Go to /OP/totc.cfg either in a root file manager or in TWRP and copy it to your computer, sdcard, or wherever will survive an internal storage wipe
2. Go on lg-firmwares and download your desired kdz. I would use either the latest Open Canada or Open US one. Just because canada might be on 20h and OPEN US is on 20c, that doesn't mean OPEN US is really that far behind in updates, it just received less in total, so it could have arrived at the same security patch as Open Canada while having a much lower version number. If you live in the US, just go with OPEN US (same goes for Canada), and if you live elsewhere maybe go with the Canadian kdz
3. https://github.com/steadfasterX/kdztools READ the documentation
4. Use the documentation to figure out how to extract the system, vendor, and product partitions from your downloaded kdz and do so!
5. https://bbs.lge.fun/thread-75.htm Use this guide to extract the OP partition from your kdz. This is by far the hardest part because kdztools can't do it correctly on its own.
6. Transfer all the partitions to your phone: system, vendor, product, OP
7. Flash all those partitions in TWRP
8. Hold down vol- + power until you reboot from within TWRP, and keep holding that key combination until you get back into TWRP again
9. Format data in TWRP
10. Mount OP configs, go to /OP in TWRP's file manager, and delete totc.cfg
11. Transfer your saved totc.cfg (from your original OP partition), to your internal storage, and then copy that to /OP again using TWRP's file manager
12. Flash the disable dm verity force encrypt zip
13. Done
Click to expand...
Click to collapse
Hello, I don't want to bother you but by any chance do you have any idea in which file or partition the "sim" network lock is, I want to test if I can unlock the network of an LG G8 ThinQ Xfinity mobile
AsItLies said:
Not sure if this is terribly different than the one in the OirgPost (20c), but this is the OP from latest US OP kdz (20f).
Also, as in op notes, have to put your original totc file in place of the one that this comes with.
cheers
Click to expand...
Click to collapse
Would I be able to do a simple update to A11 US OPEN using LGUP when /if the kdz comes?
mangojain said:
Would I be able to do a simple update to A11 US OPEN using LGUP when /if the kdz comes?
Click to expand...
Click to collapse
No, I don't think so. You could try it, might work, don't know that anyone has tried that as we don't have updates coming.
But worse case scenario is you follow the OP and re crossflash and go through setup again. Not that big of a deal.
cheers
AsItLies said:
No, I don't think so. You could try it, might work, don't know that anyone has tried that as we don't have updates coming.
But worse case scenario is you follow the OP and re crossflash and go through setup again. Not that big of a deal.
cheers
Click to expand...
Click to collapse
You see, extracting the OP partition is beyond me, so i would have to wait for an expert like you to do it, IF the update comes. Actually I'm fairly hopeful that it will, considering that the CA OPEN has come.
mangojain said:
You see, extracting the OP partition is beyond me, so i would have to wait for an expert like you to do it, IF the update comes. Actually I'm fairly hopeful that it will, considering that the CA OPEN has come.
Click to expand...
Click to collapse
well thanks, but as far as the US version becoming available, keep in mind that LG has a long history here. It seems that their contracts with other US carriers stipulate the US op version can't be released until the carriers release their version. So if one of the carriers doesn't do the update, the US will never be available.
I may try the ca open soon and will modify the latest US open OP to work with it, that may well be the best (latest) update ever available?
cheers
Hello,
Wanted to backup my phone in twrp but found that the partitions I know have changed.
What are:
Dtbo
Firmware
Optics image
Super
I understand that super somehow is the system, other than that should I backup these?
Overview | Android Open Source Project
source.android.com
what you should backup depends on what partitions are going to be affected or altered by what your doing.
right now we mainly only have GSI roms to flash which only alter the system partition. backing up system or super and data should be enough to restore to stock again from a GSI. passwords, pin numbers and fingerprints don't currently work when restored so deactivate them before taking a backup.
for stock based roms like CleanOS, you can look inside the zip before you flash and see which partitions it's going to flash. those should be the only ones needing backup along with data.
Thanks for your reply.
Can you elaborate what is the functionality of each partition other thab the normal system, data, efs etc.?
YMatrix said:
Thanks for your reply.
Can you elaborate what is the functionality of each partition other thab the normal system, data, efs etc.?
Click to expand...
Click to collapse
honestly no I couldn't without looking it up. maybe ask afaneh92 in his TWRP thread if he's got a good link we can read, that would be handy for a lot of people.
@afaneh92
Could you give some advice?
I need help, I'm really lost trying to root my device I own a REVVL V+ which that phone is really rare, I managed to get the Stock ROM for it. When I was trying to get the boot.img so I can patch it on Magisk there's two boot.img:
boot_a.img
boot_b.img
So, what I can do?
That's odd. There is a scheme for Android phones to use two "slots" for seamless system updates, so for kernel and system partitions there's two slots for each: boot_a/boot_b, system_a/system_b.
What I would do in your case is use a tool to compare the two and determine if there's any differences. If not, it doesn't matter which one you use. It's odd that they provide two boot images; for most A/B phones, only one boot image is used, which can be applied to one or both slots.