Develop Bugs

Typo in Project FreeGee script, and LG Motion test

I'm unable to post in the actual thread for the Project FreeGee, because my post count is too low. I wanted to report a tiny typo in the FreeGee script for unlocking the bootloader. In the file: freegee.sh
line 6
exhit 250
Also, I'm planning to attempt flashing this FreeGee bootloader+recovery on a LG Motion 4G. It is also a snapdragon CPU, but a different chipset. I understand that there is a high chance that it will fail and hard brick the device. Since the authors of FreeGee haven't revealed their "secret sauce", then I feel I can't know for certain that it won't work without trying. Unless one of the authors of FreeGee can assure me that it won't work, then I plan to try it in the coming weeks.
Thanks

This probably wont help you but...the Freegee v.5 in that post has been revised. Up to v.54 and a paid app from the Playstore. So i'd guess its been fixed.
As for trying it on something its not built for...good luck.
Sent from my LG-LS970 using xda premium

Sepero said:
I'm unable to post in the actual thread for the Project FreeGee, because my post count is too low. I wanted to report a tiny typo in the FreeGee script for unlocking the bootloader. In the file: freegee.sh
line 6
exhit 250
Also, I'm planning to attempt flashing this FreeGee bootloader+recovery on a LG Motion 4G. It is also a snapdragon CPU, but a different chipset. I understand that there is a high chance that it will fail and hard brick the device. Since the authors of FreeGee haven't revealed their "secret sauce", then I feel I can't know for certain that it won't work without trying. Unless one of the authors of FreeGee can assure me that it won't work, then I plan to try it in the coming weeks.
Thanks
Click to expand...
Click to collapse
I can assure you it won't work. Bootloaders are not compatible with different devices for many reasons. Flashing our bootloader on your device would certainly brick you. The devices are not at all similar.

xboxfanj said:
I can assure you it won't work. Bootloaders are not compatible with different devices for many reasons. Flashing our bootloader on your device would certainly brick you. The devices are not at all similar.
Click to expand...
Click to collapse
would you nu any chance be able to help us alter your process for the Motion?

plasticarmyman said:
would you nu any chance be able to help us alter your process for the Motion?
Click to expand...
Click to collapse
Unfortunately for you, we were simply lucky. We simply use the Nexus 4 bootloaders and VOILA, we are unlocked. Unfortunately for you, there is not a similar Nexus device to you. You could try building Qualcomm's LK (Little Kernel), which could help you, but unfortunately for you, this bootloader here will not help you.

xboxfanj said:
Unfortunately for you, we were simply lucky. We simply use the Nexus 4 bootloaders and VOILA, we are unlocked. Unfortunately for you, there is not a similar Nexus device to you. You could try building Qualcomm's LK (Little Kernel), which could help you, but unfortunately for you, this bootloader here will not help you.
Click to expand...
Click to collapse
thanks, even if we built a kernel we would not be able to flash it because of the locked bootloader :\

Nah, it's what the Android Bootloader is based on
http://cc.bingj.com/cache.aspx?q=qu...lang=en-US&w=8tsMLLdET5LziiycMiCaRvq68qL0xsDQ
You could flash it with dd in terminal emulator or adb shell, but if it didn't work, it could brick you.

[Q] Bootloader unlocking for LG G3 D850,D855

Looked at some threads and still wondering if they still works on unlocking bootloader. Seems like it tooks so much time for Devs, have anyone knows whats happening? Is it seems unlockable or not? :/

bdogan1912 said:
Looked at some threads and still wondering if they still works on unlocking bootloader. Seems like it tooks so much time for Devs, have anyone knows whats happening? Is it seems unlockable or not? :/
Click to expand...
Click to collapse
The T-Mobile US version comes unlocked. No one knows yet whether the other G3 versions will be able to be unlocked. The G2 was never unlocked but a work around where you could install custom Roms and kernels was eventually found. Its very much wait and see.

Batfink33 said:
The T-Mobile US version comes unlocked. No one knows yet whether the other G3 versions will be able to be unlocked. The G2 was never unlocked but a work around where you could install custom Roms and kernels was eventually found. Its very much wait and see.
Click to expand...
Click to collapse
Looked at many forums that people opened about 1-2 months ago. It seems like very very difficult to unlock it. I have much respect developers whichones tries to unlock it. Hope they can be successful on this. I'm glad to have stock rom this is very smooth i can admit it not like laggy touchwiz. But want to give a try to CM or PA or any AOSP ROM's like this, because back in time i was used AOSP based rom on my S III I9300 and loved it. Only reason that i want AOSP ROM is i think im loving pure Android it gives me ultra-smooth performance and simple UI.

The Verizon and AT&T threads have a bounty over $5700 and it looks like a few devs are close to having a solution.

what about the sprint ls990
Any word for Tge sprint ls990 at all I know it might be wrong section but might as well post somewhere

i can try
If someone can point me into the direction required to do bootloader unlocking i will give it a shot. Am a developer but have never attempted to do a bootloader unlock.
​

crqzyvonzipper said:
If someone can point me into the direction required to do bootloader unlocking i will give it a shot. Am a developer but have never attempted to do a bootloader unlock.
​
Click to expand...
Click to collapse
Well we have to ask it to developers whichones pro. on this.

bdogan1912 said:
Well we have to ask it to developers whichones pro. on this.
Click to expand...
Click to collapse
If only someone could tell me how to get to debug the software then ill be able to go from there because google isnt your friend when trying to find out.

[email protected] said:
Any word for Tge sprint ls990 at all I know it might be wrong section but might as well post somewhere
Click to expand...
Click to collapse
Devs in the AT&T bounty thread are working on an unlock for ALL variants besides the T-Mobile one.
sent from my LG G3

Yes. I know about that but it seems ike they are tking quite some time and I am not sure if they have given up?
Sent from my LG-D855 using XDA Free mobile app

joeyhdownsouth said:
Devs in the AT&T bounty thread are working on an unlock for ALL variants besides the T-Mobile one.
sent from my LG G3
Click to expand...
Click to collapse
Hope they can unlock soon. Phone was out on May and we're on September. Almost 4 months since released. And i know its hard but we have to wait. I wish i have money to donate/bounty 20 more dollars :/

crqzyvonzipper said:
Yes. I know about that but it seems ike they are tking quite some time and I am not sure if they have given up?
Sent from my LG-D855 using XDA Free mobile app
Click to expand...
Click to collapse
It's giving them hell, there not sure they are gonna be able to, but there's always Loki to try, which is kinda like going around the boot loader.
sent from my LG G3

joeyhdownsouth said:
It's giving them hell, there not sure they are gonna be able to, but there's always Loki to try, which is kinda like going around the boot loader.
sent from my LG G3
Click to expand...
Click to collapse
Locked bootloader is like hot beer. Seems and tastes awfully. I wish companies sends their flagships with unlocked bootloader like T-Mobile did. Without custom recovery we're not able to even do a simple tweak (The tweaks who requires recovery such as modified frameworks and SystemUI's) Otherwise there is another option G3 Tweaksbox. But it shows very limited options if you're poor to buy it.

joeyhdownsouth said:
It's giving them hell, there not sure they are gonna be able to, but there's always Loki to try, which is kinda like going around the boot loader.
sent from my LG G3
Click to expand...
Click to collapse
HMMMM well ill have a look at what i can do tomorrow. Maybe i can find a small window here. I almost want to say that the abswer would be to adjust the bootloader to simply allow multi boot possibilities with partitions (at least in my mind that would be pretty cute).
I dont even really want the money. I just want to be able to do what i need to do. Multi OS's on one device.

bdogan1912 said:
Locked bootloader is like hot beer. Seems and tastes awfully. I wish companies sends their flagships with unlocked bootloader like T-Mobile did. Without custom recovery we're not able to even do a simple tweak (The tweaks who requires recovery such as modified frameworks and SystemUI's) Otherwise there is another option G3 Tweaksbox. But it shows very limited options if you're poor to buy it.
Click to expand...
Click to collapse
I've tried modifying one line in build prop, ended up softbricking. I won't change a thing until unlock, at least then you can have nandroids.
sent from my LG G3

crqzyvonzipper said:
If only someone could tell me how to get to debug the software then ill be able to go from there because google isnt your friend when trying to find out.
Click to expand...
Click to collapse
Also it's good to someone has interest about it. But it's ultimately hard job that they cannot solved in past 4 months. I appreciate all the tries/works on this job. Developers, you da real MVP! Well, other than that small joke we're still waiting. Not only international model D855 other models such as AT&T is waiting to unlock bootloader. T-Mobile users lucky that they got unlocked G3. I hope they will find a cure about it. If you can afford http://forum.xda-developers.com/att-lg-g3/general/bounty-att-lg-g3-bootloader-unlock-t2820785 go this thread and give some bounty (You're not have to do that its only suggest and saying thanks to hardwork)

yeeeeeepppp
joeyhdownsouth said:
I've tried modifying one line in build prop, ended up softbricking. I won't change a thing until unlock, at least then you can have nandroids.
sent from my LG G3
Click to expand...
Click to collapse
Hehe ive also bricked this baby a few times now but lg has a cool restore tool that fixes all the issues.
Why cant we just copy the unlocked bootloader and overwrite the locked bootloader?
But nontheless. Maybe ill end upnrewriting a boot loader to work. But that might take some more time.

joeyhdownsouth said:
I've tried modifying one line in build prop, ended up softbricking. I won't change a thing until unlock, at least then you can have nandroids.
sent from my LG G3
Click to expand...
Click to collapse
So you can say, i tried to modifiying build prop and ended with softbricking but so i got nandroid which is nice to me. Me neither. On my Note 3 i was tweaking build prop without any problem i've even enabled softkeys (I wondered a bit about how it will look etc.) But not gonna touch until this thing unlocks fully. Using stock rom & root with bloatware removed. With helper programs such as Greenify+Coolify. It's like science it's all about develop, try, fail, develop (or fix/debug),try, fail, develop try, success. It's alla about to hardwork and i appreciate all the efforts that developers given on this topic.

crqzyvonzipper said:
Hehe ive also bricked this baby a few times now but lg has a cool restore tool that fixes all the issues.
Why cant we just copy the unlocked bootloader and overwrite the locked bootloader?
But nontheless. Maybe ill end upnrewriting a boot loader to work. But that might take some more time.
Click to expand...
Click to collapse
Variants have different bootloaders. So we cannot do a copy/paste on it. If it works like this the devices will be unlocked in 10 min. I almost softbricked too but won against my wonder and didn't touched anything. It now works good. I love G3 even its bootloader locked lol

crqzyvonzipper said:
Hehe ive also bricked this baby a few times now but lg has a cool restore tool that fixes all the issues.
Why cant we just copy the unlocked bootloader and overwrite the locked bootloader?
But nontheless. Maybe ill end upnrewriting a boot loader to work. But that might take some more time.
Click to expand...
Click to collapse
Why don't you go to the irc chat room where all the devs hang out and do their work? You can talk to them there and see what they've tried or what they haven't. Believe the channel is: #lg-g3

Please help stuck at at&t boot logo. v495

Hello all. Please help me. I have a v495 with root replaced by su. all was fine till I was getting ready to install the TWRP recovery. I did not even install it but I did install flashify and twrp manager approving root access but never installed/flashed the revovery img. After installing twrp manager it asked for me to select a device but did not see the v495,496 or 498 so I just exited. I restarted the device and it just sat at the at&t boot logo. again I did not install anything other than flashify and twrp manager. Anyway I panicked and searched online to reset the device thinking I could just start over. I found the directions (hold power and vol down. release power hold vol up down and power). I was able to do factory reset but now its still stuck at the a&t logo and it won't shut off.
Is there anything else I can do?

It is against XDA forum rules to post the same question in multiple threads. Please don't do this in the future. I answered you in the other (first) thread you posted about this problem.

Hi, Sorry for the duplicate post I was not aware.. I thought we just couldn't create new threads with same topic.
Anyway thanks but the waiting did not help. I installed LG Bridge and trying to do software update but I keep getting LGE MTP driver failed install errors.. Holding the up and power buttons allowed me to shut the device off and enter charge only state. Wish there was a way to reload the stock rom but I have not found any software or roms as of yet.

SOL
unfortunately for any ATT customer it is the hardest to get any firmware for any of their devices. I dont know why they feel the need to make it proprietary. I had run into the same problem and I am not getting anywhere with it. There is chinese website that says it has the stock kdz file for it but you need 5 coins or some type of BS to even look at it.

Well this socks...
I guess my car tab project will have to wait till we get some dev support. Im surprised there are so few of us seeing how these things were practically being given away at one point.

Bryan858 said:
I guess my car tab project will have to wait till we get some dev support. Im surprised there are so few of us seeing how these things were practically being given away at one point.
Click to expand...
Click to collapse
Sorry I don't have any other ideas. I feel your pain. It's a similar situation with my VK810 but at least there has been some development and TWRP was updated thankfully, plus Verizon releases the firmware.

atxdave said:
unfortunately for any ATT customer it is the hardest to get any firmware for any of their devices. I dont know why they feel the need to make it proprietary. I had run into the same problem and I am not getting anywhere with it. There is chinese website that says it has the stock kdz file for it but you need 5 coins or some type of BS to even look at it.
Click to expand...
Click to collapse
Please could you link to the Chinese site for some of us who have no alternatives? If the site does really have the firmware I don't mind paying to get it, but be certain I will re-upload and link here. Thanks.

ezeuba said:
Please could you link to the Chinese site for some of us who have no alternatives? If the site does really have the firmware I don't mind paying to get it, but be certain I will re-upload and link here. Thanks.
Click to expand...
Click to collapse
Probably the same as for my device. http://www.lgbbs.com:41/thread-838-1-1.html. Not willing to pay for it since I don't need it, but if you need it bad enough I think it equates to 10 U.S. dollars last I checked. Note that the one I linked to is supposed to be the one for my device, the VK810.

roirraW "edor" ehT said:
Probably the same as for my device. http://www.lgbbs.com:41/thread-838-1-1.html. Not willing to pay for it since I don't need it, but if you need it bad enough I think it equates to 10 U.S. dollars last I checked. Note that the one I linked to is supposed to be the one for my device, the VK810.
Click to expand...
Click to collapse
Thanks for the link, but I didn't find my model's firmware there - V495 AT&T... I would willingly pay to download this firmware so I can fix my issue. I rooted mine, didn't like the Kingroot su manager and changed it to SuperSU with Supersume and the tab didn't boot again. It just hangs at the LG logo, or if I leave it for long it will show the AT&T logo and that's all. I wish I never messed with it. Just brand new off ebay.

ezeuba said:
Thanks for the link, but I didn't find my model's firmware there - V495 AT&T... I would willingly pay to download this firmware so I can fix my issue. I rooted mine, didn't like the Kingroot su manager and changed it to SuperSU with Supersume and the tab didn't boot again. It just hangs at the LG logo, or if I leave it for long it will show the AT&T logo and that's all. I wish I never messed with it. Just brand new off ebay.
Click to expand...
Click to collapse
Kick me if this is too obvious, but have you tried Googling:
Code:
V495 TOT
or
Code:
V495 KDZ
?
Although I might be wrong, but I think I heard that Sprint and AT&T don't provide KDZs for LG devices.
Is it still under LG's warranty? Do you have the IMEI/serial number for it that you can try to RMA it through LG? I got excellent warranty service for my model when I needed it. Don't tell them what you tried doing to it, though.

It gets worse... From really bad to terribly worse... I searched and searched and searched for the V495 KDZ to no avail, but I saw for V490 and V496. I downloaded both. I tried with V490 and it flashed and booted but touchscreen was not responsive. I guess due to not being for the exact same version. I tried the V496 which is the same model but the T-Mobile variant. The flashing went well until around 85% when the screen went blank and although the flashing completed, the screen never came up again, yet it makes a sound when connected to the laptop. So I went into Device Manager on my laptop to see how things were, and what it was seeing it as was HSUSB DQLoader 9008 or something like that. A hard brick!!! All because I tried to root this device... Some things are better left without messing around with them... However, if there's any help I would appreciate it very much; this is a new tab, still with the cover screen unremoved...

ezeuba said:
It gets worse... From really bad to terribly worse... I searched and searched and searched for the V495 KDZ to no avail, but I saw for V490 and V496. I downloaded both. I tried with V490 and it flashed and booted but touchscreen was not responsive. I guess due to not being for the exact same version. I tried the V496 which is the same model but the T-Mobile variant. The flashing went well until around 85% when the screen went blank and although the flashing completed, the screen never came up again, yet it makes a sound when connected to the laptop. So I went into Device Manager on my laptop to see how things were, and what it was seeing it as was HSUSB DQLoader 9008 or something like that. A hard brick!!! All because I tried to root this device... Some things are better left without messing around with them... However, if there's any help I would appreciate it very much; this is a new tab, still with the cover screen unremoved...
Click to expand...
Click to collapse
I'm really sorry to hear about that. That sucks. Unfortunately, recovering from QHBUSB BULK 9008 mode requires a TOT file, although I've wondered if it might also work with a KDZ, but in your case you can't find either so there's really no hope.
Are you going to see if it's under warranty with LG and try to RMA it?
I guess you know this now, but never, ever flash something that's made for a different model/variant, although in your case it didn't really hurt to try since either way you were bricked.
---------- Post added at 08:01 AM ---------- Previous post was at 07:54 AM ----------
@ezeuba, I did a variation of one of the previous searches I suggested. I Googled for:
Code:
at&t v495 tot
The second and third links look promising.

roirraW "edor" ehT said:
I'm really sorry to hear about that. That sucks. Unfortunately, recovering from QHBUSB BULK 9008 mode requires a TOT file, although I've wondered if it might also work with a KDZ, but in your case you can't find either so there's really no hope.
Are you going to see if it's under warranty with LG and try to RMA it?
I guess you know this now, but never, ever flash something that's made for a different model/variant, although in your case it didn't really hurt to try since either way you were bricked.
---------- Post added at 08:01 AM ---------- Previous post was at 07:54 AM ----------
@ezeuba, I did a variation of one of the previous searches I suggested. I Googled for:
Code:
at&t v495 tot
The second and third links look promising.
Click to expand...
Click to collapse
If only I could read Chinese... Google Translate doesn't work for that site... I wouldn't mind paying to download the file, if I could see how...

ezeuba said:
If only I could read Chinese... Google Translate doesn't work for that site... I wouldn't mind paying to download the file, if I could see how...
Click to expand...
Click to collapse
Although the "Translate this page" link next to each search result didn't work, it still translated fine for me after loading both pages the normal way.

If only there was a way to 'make' a tot file from another V495 tab's files... I got the second one now and have no intention of messing with it again. I only wonder if it were possible to 'create' a tot file one can use in unbricking the bricked one... Just a thought...

ezeuba said:
If only there was a way to 'make' a tot file from another V495 tab's files... I got the second one now and have no intention of messing with it again. I only wonder if it were possible to 'create' a tot file one can use in unbricking the bricked one... Just a thought...
Click to expand...
Click to collapse
I've wondered about the same - possibility to create KDZs and TOTs out of partition image files. After all, there are tools to extract both, so although possibly more difficult, theoretically it should be possible to create both. I have no knowledge that would help look into the possibility, however.
Did you pursue any further getting to that page? I can still get to it fine.

roirraW "edor" ehT said:
I've wondered about the same - possibility to create KDZs and TOTs out of partition image files. After all, there are tools to extract both, so although possibly more difficult, theoretically it should be possible to create both. I have no knowledge that would help look into the possibility, however.
Did you pursue any further getting to that page? I can still get to it fine.
Click to expand...
Click to collapse
Yea, I could get to that page but still cannot make out how to pay to download the KDZ. It would be great if any mandarin speakers could help us out...

ezeuba said:
Yea, I could get to that page but still cannot make out how to pay to download the KDZ. It would be great if any mandarin speakers could help us out...
Click to expand...
Click to collapse
Did you get it to translate by choosing to translate *after* loading the webpage? You should first register on the site in the upper right corner.
You probably have to buy credits using PayPal, then use those credits to buy the link to the TOT, lower on the page.

Are Qualcomm TrustZone keymaster keys the path to our unlocked bootloaders?

It seems we are getting the keymaster keys very soon:
https://twitter.com/laginimaineb/status/737051964857561093
Could this mean we all get to unlock our bootloaders?

And more importantly, can we lock our bootloaders? I've got the H815, European model, so I can unlock my bootloader, but then it's stuck unlocked. Bam! Warranty gone.

Can someone briefly explain the end-user aspect of this to me please? Does this mean we'll eventually be able to unlock Qualcomm bootloaders and/or boot unsigned images on the Verizon G4? If so, any idea if it's dependent on a MM or KK base or should work on any version?

Icculus760 said:
Can someone briefly explain the end-user aspect of this to me please? Does this mean we'll eventually be able to unlock Qualcomm bootloaders and/or boot unsigned images on the Verizon G4? If so, any idea if it's dependent on a MM or KK base or should work on any version?
Click to expand...
Click to collapse
What I DO know is that if you encrypt your device. The device can now be decrypted in the hands of a hacker or anyone else for that matter with the relevant skillset.
The only real roadblock is the passcode on your phone if there is one set. And at that point, brute force (aka trying til you get it right) will get the job done.
As for the bootloader. I'm not too educated in Android (Took level 1 Android at school, didn't like it) but it looks like it might have some potential in helping us out. But I'll let one of the devs make that call. Feels too good to be true.

If it can decrypt 64 bit sys like it claims very well could be possible.
---------- Post added at 05:54 PM ---------- Previous post was at 05:52 PM ----------
256 bit sorry

Just saw this news today, hoping we get a universal bootloader unblocker soon!
Sent from my LG-H815 using XDA-Developers mobile app

He said he did it on the nexus 6 why would this work on current phones?
Sent from my SM-G930P using XDA-Developers mobile app

Sounds like a good news. I don't have phone encrypted, so no bad news for me.

by this point G4 is over a year old
even if this was a viable option of unlocking the bootloader, I doubt many would be interested in it and that it would suddenly bring ROM developers to the G4..
LG blew it with G4 (regarding the bootloader unlock), the damage has been done and most of the relevant people moved on

Furma said:
by this point G4 is over a year old
even if this was a viable option of unlocking the bootloader, I doubt many would be interested in it and that it would suddenly bring ROM developers to the G4..
LG blew it with G4 (regarding the bootloader unlock), the damage has been done and most of the relevant people moved on
Click to expand...
Click to collapse
About the same thing ive been saying for months now. Again ive seen unlocks come more than 2 or3 years after release but unlikly and most devs have already moved on

furzewolf said:
And more importantly, can we lock our bootloaders? I've got the H815, European model, so I can unlock my bootloader, but then it's stuck unlocked. Bam! Warranty gone.
Click to expand...
Click to collapse
warranty is not gone unless they see your phone broke because of something you made (i repaired my phone twice un 2 months, for free)

I wish the script would get released just to see if i can decrypt the partitions even if it dont unlock unencrypted will help 10 fold . thats why oem unlock isnt even reconized. Cause of the encryption

TheMadScientist420 said:
I wish the script would get released just to see if i can decrypt the partitions even if it dont unlock unencrypted will help 10 fold . thats why oem unlock isnt even reconized. Cause of the encryption
Click to expand...
Click to collapse
I've seen you around in the Sprint G4 forum and I wish you luck. We need some good to come from this situation.

LaughingCarrot said:
I've seen you around in the Sprint G4 forum and I wish you luck. We need some good to come from this situation.
Click to expand...
Click to collapse
Thanx man i aint no one special. Im just puttin in my best i aint in it for no bounty or nothin i just want a device that works rite. Just hopin is all. Ive been in this for a while. I used to mod nes roms back in the day on hex edit so i have a little know how in that area. Ive managed To fix all my hardbricks most def with the help of others but if theres a tool thatll get us one step closer im in. Ill test it on my own device im so mad at lg and sprint i dont care if it does brick at this point ill go back to my og note 1
All i know at this point that most of the boot partitions are encrypted with a 256 bit key which would take some of the strongest computers in the world a long time to brute force thats why i think this script prob wont work but i dont know until i try it. Its kinda like tryin to hack the password on a zip file but worse. Ive spent weeks trying to brute force zips so thats why i got my doubts

TheMadScientist420 said:
Thanx man i aint no one special. Im just puttin in my best i aint in it for no bounty or nothin i just want a device that works rite. Just hopin is all. Ive been in this for a while. I used to mod nes roms back in the day on hex edit so i have a little know how in that area. Ive managed To fix all my hardbricks most def with the help of others but if theres a tool thatll get us one step closer im in. Ill test it on my own device im so mad at lg and sprint i dont care if it does brick at this point ill go back to my og note 1
All i know at this point that most of the boot partitions are encrypted with a 256 bit key which would take some of the strongest computers in the world a long time to brute force thats why i think this script prob wont work but i dont know until i try it. Its kinda like tryin to hack the password on a zip file but worse. Ive spent weeks trying to brute force zips so thats why i got my doubts
Click to expand...
Click to collapse
https://www.reddit.com/r/Android/comments/4luifx/qualcomm_trustzone_keymaster_keys_are_extracted/
Have you taken a look at this Reddit post?

LaughingCarrot said:
https://www.reddit.com/r/Android/comments/4luifx/qualcomm_trustzone_keymaster_keys_are_extracted/
Have you taken a look at this Reddit post?
Click to expand...
Click to collapse
Im trying to find one of the scripts that extract the keys i cant find one. Most of the comments lean towards it being able to decrypt any qualcom chiped device from what it sou ds

TheMadScientist420 said:
Im trying to find one of the scripts that extract the keys i cant find one. Most of the comments lean towards it being able to decrypt any qualcom chiped device from what it sou ds
Click to expand...
Click to collapse
The guy hasn't released the script yet so that may be why.

TheMadScientist420 said:
Im trying to find one of the scripts that extract the keys i cant find one. Most of the comments lean towards it being able to decrypt any qualcom chiped device from what it sou ds
Click to expand...
Click to collapse
So what exactly does this mean for us assuming the script is released? Will we be able to pull our encryption keys and therefore unlock the bootloader (assuming any necessary changes are made), or am I misinterpreting all of this? Also, it appears that he did this with phones containing the Snapdragon 805 SoCs, does that have any bearings on us seeing as ours is an 808 SoC, or is it not bound by the SoC? Sorry for the newbish questions. Not really well versed in the inner workings and creations/implementations of hacking/exploits/etc.

Quickdraw996 said:
So what exactly does this mean for us assuming the script is released? Will we be able to pull our encryption keys and therefore unlock the bootloader (assuming any necessary changes are made), or am I misinterpreting all of this? Also, it appears that he did this with phones containing the Snapdragon 805 SoCs, does that have any bearings on us seeing as ours is an 808 SoC, or is it not bound by the SoC? Sorry for the newbish questions. Not really well versed in the inner workings and creations/implementations of hacking/exploits/etc.
Click to expand...
Click to collapse
thats about it were just hopin it will unencrypt the bootloader then from there a unlock should be a lot easier

"@laginimaineb And wrote a script to decrypt all keystore keys. This can also be used to bruteforce the FDE passphrase off the device! (2/2)"

[CLOSED][ANY BL locked G4]need testers [follow the new thread!]

First of all: Do not continue if you don't know what a hard brick is!!!
so well its that simple: Either my method will work or fail.
Please follow the story here now:
https://forum.xda-developers.com/g4/general/bl-unlock-unlock-bootloader-proof-t3648288
Previously this was the OP:
if not: this could result in a completely unusable device (soft or even hard bricks are possible)
If it works: you could unlock your phone in fastboot with a simple command - no unlock key is required (but even when the method WORKS its possible that this produces other issues. we can not know all impacts yet)
So AGAIN
The whole process is dangerous but the chance to get an unlocked phone would be worth it - maybe. It depends on you.
I can't test it atm by myself because my device is on its way to LG (due to another issue)..
My method does not modify something within the bootloader like others tried already - because this would definitively break the boot chain.
I will not release any details to the public until there is anything proofed or verified. The whole process is very risky and as said: I have currently no device to test it.
The only thing which is proofed is the theory. It should work as long as nothing unpredictable happens: As long as we do not own the complete sources of all parts of the boot chain there is still a risk.
Keeping the details under the hood is not to make things mysterious. It's just for safety reasons until I can proof anything.
If you still ask for details here or by PM they will not be answered.
If you not able to join an IRC channel you better leave it directly.
I'm not 24/7 online but usually from Mo-Fr for sure so it is important to wait for answers while in the IRC because depending on your timezone this can take some hours (hey I have to sleep somewhen!)
Once I have my device back from LG I can test the method by myself on a H815 EUR version. It doesn't matters that this can be officially unlocked though. The risks are the same.
So if you're too scared for the moment just wait about 2 weeks or so and then I can tell if it worked on my device at least.
.... and if you do not want to wait: Follow me into the IRC for instructions
If you never were in touch with IRC before here are some client examples for you:
PC (HexChat and Pidgin are only 2 of them! This list is not complete!)
Android (Yaaic, AndChat, HoloIRC, AndroIRC are only a few of them! This list is not complete!)
The IRC channel is: #Carbon-user
The IRC server network is: freenode
Once you're connected with the IRC network I need this from you:
your phone model
the currently installed EXACT firmware (link to the used KDZ would be most helpful. If you have none check the phone details and e.g. make screenshots)
.

reserved

Super excited about the possible G4 unlock! Wish I could test it but my phone is my daily driver and my source of internet at home so if it breaks, I'm screwed for my online classes. Thanks for your hard work as always!

steadfasterX said:
reserved
Click to expand...
Click to collapse
ima see if i can get her to boot up since mines about trashed anyways lol
ls991
zv6 firmware
lol i got the perfect test subject if she will boot
cant try it on a g5 can you

Good luck to the testers, we're all rooting for an unlocked H818p Brazil.

TheMadScientist420 said:
ima see if i can get her to boot up since mines about trashed anyways lol
ls991
zv6 firmware
lol i got the perfect test subject if she will boot
cant try it on a g5 can you
Click to expand...
Click to collapse
is download mode working?
zv6 is LL or MM?
Go familiar with IRC asap then.. see u there
.

steadfasterX said:
is download mode working?
zv6 is LL or MM?
Go familiar with IRC asap then.. see u there
.
Click to expand...
Click to collapse
no she wont boot anything dead as can be like no power no nothing pc dont even been when plugged in
---------- Post added at 06:59 AM ---------- Previous post was at 06:48 AM ----------
ive took her apart like 5 times hoping something stupid shes got a hairline crack in the motherboard rite by the main camera rite on the top

Unbrick
TheMadScientist420 said:
no she wont boot anything dead as can be like no power no nothing pc dont even been when plugged in
---------- Post added at 06:59 AM ---------- Previous post was at 06:48 AM ----------
ive took her apart like 5 times hoping something stupid shes got a hairline crack in the motherboard rite by the main camera rite on the top
Click to expand...
Click to collapse
It happened to mine 818p too, you need to disasseble it and short two pins on the motherboard while starting it. (They are in the upper left corner on the MB.) This page (forum.gsmhosting.com/vbb/f779/unbrick-lg-g4-brick-hs-usb-qdloader-9008-without-box-2211744/) has the entire process explained but I was unable to sucessfully use the QFIL app, it didnt recover anything, at least the phone was seen on PC as the 9008 serial port. I hope it helps
P.S: Sorry for my bad english.

i hope you get it going man. so lots of users can enjoy this device like it should be.. youll be saving LG G4.. am glad that what i mentioned you got your brain thinking and finding ways i beleive this all was what i mention on fish. good luck to all of you.:fingers-crossed:

Tomonok said:
It happened to mine 818p too, you need to disasseble it and short two pins on the motherboard while starting it. (They are in the upper left corner on the MB.) This page (forum.gsmhosting.com/vbb/f779/unbrick-lg-g4-brick-hs-usb-qdloader-9008-without-box-2211744/) has the entire process explained but I was unable to sucessfully use the QFIL app, it didnt recover anything, at least the phone was seen on PC as the 9008 serial port. I hope it helps
P.S: Sorry for my bad english.
Click to expand...
Click to collapse
Its not bricked. I thre it about 6 months ago. Destroyed her. It cracked the mb ruined the rear camera. The earpice speaker. Ir port. And wifi antenna.
I put a old cracked screen on her and been using it since til about 2 or weeks ago it just shut off. Dead. It has heavy damage interiorly. I got the multimeter out and not getting any voltage any where on the board. Thats why i say if itll boot i got a perfect canidate
---------- Post added at 01:45 PM ---------- Previous post was at 01:43 PM ----------
raptorddd said:
i hope you get it going man. so lots of users can enjoy this device like it should be.. youll be saving LG G4.. am glad that what i mentioned you got your brain thinking and finding ways i beleive this all was what i mention on fish. good luck to all of you.:fingers-crossed:
Click to expand...
Click to collapse
Im trying to solder a coulple point together on mb to see if shell boot. But im jot even gettin charging lights.
---------- Post added at 01:45 PM ---------- Previous post was at 01:45 PM ----------
Like i said ill throw down my g5 on nougat lol. If it work for her should for g4

TheMadScientist420 said:
Its not bricked. I thre it about 6 months ago. Destroyed her. It cracked the mb ruined the rear camera. The earpice speaker. Ir port. And wifi antenna.
I put a old cracked screen on her and been using it since til about 2 or weeks ago it just shut off. Dead. It has heavy damage interiorly. I got the multimeter out and not getting any voltage any where on the board. Thats why i say if itll boot i got a perfect canidate
Click to expand...
Click to collapse
Oh, sorry, I thought it was bricked, not physically broken.

Tomonok said:
Oh, sorry, I thought it was bricked, not physically broken.
Click to expand...
Click to collapse
Yea i still used it for about 6 months. Put the fish to her. Even still vred with thr cracked screen. Like i said. Went to check the time and nothin. So im assuming shes dead. Ive done got a g5.no root and no twrp. Yea. Just the way i like it. I know i know. If i wanted root i shoulda bought an unlockable model. But i take what i can get cheap. Bought my sprint g5 for 25 bucks at a police auction

steadfasterX said:
is download mode working?
zv6 is LL or MM?
Go familiar with IRC asap then.. see u there
.
Click to expand...
Click to collapse
Hi, I have the model H815T but... now it Hard Bricked haha. Anyway, I can boot it like LS991 model (with QFIL), and Download Mode it's working too. So... is useful for your method?

steadfasterX said:
First of all: Do not continue if you don't know what a hard brick is!!!
so well its that simple: Either my method will work or fail.
if not: this could result in a completely unusable device (soft or even hard bricks are possible)
If it works: you could unlock your phone in fastboot with a simple command - no unlock key is required (but even when the method WORKS its possible that this produces other issues. we can not know all impacts yet)
So AGAIN
The whole process is dangerous but the chance to get an unlocked phone would be worth it - maybe. It depends on you.
I can't test it atm by myself because my device is on its way to LG (due to another issue)..
My method does not modify something within the bootloader like others tried already - because this would definitively break the boot chain.
I will not release any details to the public until there is anything proofed or verified. The whole process is very risky and as said: I have currently no device to test it.
The only thing which is proofed is the theory. It should work as long as nothing unpredictable happens: As long as we do not own the complete sources of all parts of the boot chain there is still a risk.
Keeping the details under the hood is not to make things mysterious. It's just for safety reasons until I can proof anything.
If you still ask for details here or by PM they will not be answered.
If you not able to join an IRC channel you better leave it directly.
I'm not 24/7 online but usually from Mo-Fr for sure so it is important to wait for answers while in the IRC because depending on your timezone this can take some hours (hey I have to sleep somewhen!)
Once I have my device back from LG I can test the method by myself on a H815 EUR version. It doesn't matters that this can be officially unlocked though. The risks are the same.
So if you're too scared for the moment just wait about 2 weeks or so and then I can tell if it worked on my device at least.
.... and if you do not want to wait: Follow me into the IRC for instructions
If you never were in touch with IRC before here are some client examples for you:
PC (HexChat and Pidgin are only 2 of them! This list is not complete!)
Android (Yaaic, AndChat, HoloIRC, AndroIRC are only a few of them! This list is not complete!)
The IRC channel is: #Carbon-user
The IRC server network is: freenode
Once you're connected with the IRC network I need this from you:
your phone model
the currently installed EXACT firmware (link to the used KDZ would be most helpful. If you have none check the phone details and e.g. make screenshots)
.
Click to expand...
Click to collapse
Now out of curiosity would a bootlooped g4 work. Most of em boot into dl mode and if it bricks dl modde youd know rite away anyways right?

the_naxhoo said:
Hi, I have the model H815T but... now it Hard Bricked haha. Anyway, I can boot it like LS991 model (with QFIL), and Download Mode it's working too. So... is useful for your method?
Click to expand...
Click to collapse
Qcom 9008 mode? It could be fixed afaik.. You can also try the sdcard boot method for this kind of brick. you should try that first in any case..
I'm not sure if my method will work in that kind of brick mode you are in but if you nevertheless want to test you need Linux / best is using FWUL because it has everything needed inside.
Once ready went to IRC on Mo-Fr and stay until Im there.
TheMadScientist420 said:
Now out of curiosity would a bootlooped g4 work. Most of em boot into dl mode and if it bricks dl modde youd know rite away anyways right?
Click to expand...
Click to collapse
it depends. When it stays in download mode without looping.. yes - maybe!
I need access to to the partitions which may work even in download mode via a special shell but it may requires MM and will not work for LL firmware (strange right? normally one would expect the other way around..).
That has to be tested though. On my device (locked H815) I had access but that may differ from other models.
Having root access makes things so much more easier
Testing if it would be possible on a bootlooping device would be simple:
You best use FWUL (recommended because here is all installed and working) or any other Linux with the LGLaf shell.
You would then connect while in download mode and you will have a shell like in adb.
I can guide you but again IRC is the best way to go here..
I'm searching since several days for such looping and even otherwise broken/defect devices but they all want to have a plenty of money for it (80-150 €!!)
.

steadfasterX said:
Qcom 9008 mode? It could be fixed afaik.. You can also try the sdcard boot method for this kind of brick. you should try that first in any case..
I'm not sure if my method will work in that kind of brick mode you are in but if you nevertheless want to test you need Linux / best is using FWUL because it has everything needed inside.
Once ready went to IRC on Mo-Fr and stay until Im there.
.
Click to expand...
Click to collapse
Yes, QCOM 9008 mode. I can't flash the H815 image and make my G4 H815 again so, the only way to booting, it's flashing the LS991 image (and with Fastboot; I flashing every partition one by one).
I have Linux Mint whit adb/fastboot drivers, It's enough?

the_naxhoo said:
Yes, QCOM 9008 mode. I can't flash the H815 image and make my G4 H815 again so, the only way to booting, it's flashing the LS991 image (and with Fastboot; I flashing every partition one by one).
I have Linux Mint whit adb/fastboot drivers, It's enough?
Click to expand...
Click to collapse
Hmm I can't help you unbricking. I just know that there are ways to do so. You need the correct drivers etc.. But well if you tried all this already we can try
Any Linux is ok as long as you can handle it
Havin TeamViewer installed may help too...
Well so if you like go to IRC Monday to Friday and we will see
Edit:
--------
Do you have seen this? https://forum.xda-developers.com/g4/help/lg-g4-force-to-enter-qhsusbbulk-t3633583
.
Sent from my LG-H815 using XDA Labs

So... This has been quite quiet... Has anyone tried this method yet??
Sent from my LG-H870 using Tapatalk

U
lmiked said:
So... This has been quite quiet... Has anyone tried this method yet??
Click to expand...
Click to collapse
Yes. today I have bad and good news.
First of all I had 1 single tester who was brave enough going the first approach I had. Unfortunately my first idea failed.
JL if you see this come back I said I can unbrick your device!!!
Ok so the good news are: I'm able to give you a near unlocked experience with all the things you love like installing custom kernel, recovery and ROM. Without actually unlocking!!! It's all tested on a h815 device which was never unlocked !
Near unlocked means it will behave like an unlocked device without actually unlocking the bootloader. Or to say it in other words: The boot chain verification is ignored.
The bad news: the process is not cleaned out yet but it requires one thing for sure: it will convert your whole device bootloader stack. The basic idea is to replace the whole bootloader stack with a modified one which allows all the mentioned things.
That way is very risky and I HARD bricked my device over 30 times until getting to the finally working result.
It also means that once your device is converted there is no way back atm. Flashing an original kdz will BRICK your device in 9008 mode! Not that bad because you can recover at any time but that's one thing you have to have in mind. It may never be a h811, h812..... whatever again. Until we find a corresponding and working bootloader replacement which may never happen. So no LG up or LG flash tools anymore! Instead you will have the qfil tool.
Again I know no way back to original state so warranty will be very very likely refused once you do this. Ok there is a way to blank out all partitions just for the case you need to send it really back. This should delete then most traces of this hack but no guarantees.
Besides this I don't know if there are any issues in functionality after doing all this. I havent made any tests for this yet. That includes phone calls, WiFi etc. I just checked booting ROM, booting TWRP, flashing supersu, getting root.
I will upload a video asap to show you the current result.
I need to test things further and of course I need testers with other devices. Again that process is risky and even if it worked for me it may not work for you (very unlikely but who knows). Manually forcing the 9008 is very easy and it may be required to do so. This may requires opening the device (I think it will work even without but I need testers.. ) so if you want to test... See you in the IRC.
If all this is working and verified by others I will provide the whole story ofc!
....can't believe that all these above took me 5 days in full time of work. And for what? I mean I do not need it because I can unlock my device OFFICIALLY..
BUT it was all for educational learning. I learned really a LOT of android and qcom during all these hours ...
Ok but Now I need some couple of hours of sleep
See u on the other site..
sfX
.
Sent from my LG-H815 using XDA Labs

so........what now ? i have a F500k device . and i'm willing to test your method . but i'm not sure what you are saying here. ( i didn't understand a single word) . but if it means that i can't flash official KDZ or can't use LGUP....no problem to me.
just share to me how i'll do it and if i hardbrick how i'll restore it. thats all.