Develop Bugs

LG K10 LGM250n rooting

Starting this thread for i've found no viable method for rooting, custom ROMs, etc. for the 2017 european model of K10 ( which actually is supplied carrier unlocked in my country with ROM version LGM250AT-00-V12q-COM-DEC-18-2017+0 at this moment, )
First of all, there is *no way* to get into bootloader mode, by ADB or key combo at startup, tried everything suggested on forums , docs pages, whatnot. To be honest, the Internet is full of crap, there should be some censoring, or whoever isn't really fit to publish information or methods they don't master, simply refrain themselves from doing so.
What i have: actually managed to capture the original ROM file, M250n10n_00_OPEN_EU_OP_1218.kdz from the LG Updater tool , can be downloaded from below link. 7zipped for minimal size and password protected the archive, the password is 12345678, for just in case
h.t.t.p.s:././ drive.google.com/file/d/1_uYKC1ecAOvhqyqSr3h2-XSTWvZfHOWn/view?usp=sharing
Apparently, the .kdz file can be successfully unpacked with WindowsLGFirmwareExtract-1.2.6.1 , the boot image extracted from the .dz file, etc. At this point, my knowledge on this is exhausted , haven't done any phone hacking in the last 10 years, last and only time was an Alcatel OTC 960 (i think), with Android 2, don't remember squat now. Don't exactly have time for research and tinkering too much either, i'd rather pass over to someone with more up to date knowledge and experience.
The phone hardware is quite powerful for it's price class, 8 core CPU of which the high perf cluster (4 cores) runs on 1.5 GHz, the low power cluster on 1 GHz, 2 GB DDR2 RAM @667 MHz, 16 GB flash , a decent GPU , generic connectivity options, sd card support, overall a good phone for day by day use.
Full of bloatware though, dire need of rooting, cleanup and some advanced tweaking possibility ( which obviously requires rooting).

Booting into native recovery mode
.. it does work, to some extent. Method:
- connect to ADB make sure all debug stuff, oem unlock etc. is set
- issue command 'adb reboot recovery' command, phone will reboot into recovery mode, with a burnt out android dummy on screen
- press Power + Volume UP simultaneously for a second, the recovery menu will show up
The recovery menu offers a fair few options: reboot to bootloader, format, install update from fota partition or sdcard, mount /system or normal reboot. The reboot to bootloader option doesn't work, it will force a normal reboot. Interesting the manufacturer left this option at all, while non functional. or better, there must be some hidden option to be set which will actually unlock the bootloader, but it's definitely not the "enable OEM unlock" from the developer menu nor from the r&d diagnostic hidden menu.
The option to install an update in recovery mode, from sd card sounds promising though. I wonder if somebody has any experience with that, if so, please share it here.

Wipe recovery partition first, then go into recovery..its look like freeze coz recovery partition now empty but this is the way for fastboot

ElRongMcBong said:
Wipe recovery partition first, then go into recovery..its look like freeze coz recovery partition now empty but this is the way for fastboot
Click to expand...
Click to collapse
then, how can we wipe recovery partition?

we're going in circles. no root, no wipe. but for root, need unlocked bootloader. and the default bootloader doesn't allow fastboot/rooting, etc. so it's a stall. please guys, if you have any ***working*** method, post only that.

So far, i have a working method to downgrade the firmware:
- install LG UP
- extract the "LGUP_c.dll" file from the firmware using WindowsLGFirmwareExtract-1.2.6.1-Release
- download and run Uppercut, it likely will detect the phone, keep it open then go to the LG UP installation directory c:\Program Files (x86)\LG Electronics\LGUP\model\ , duplicate the "common" folder ( or it'll vanish when Uppercut is closed)
- close Uppercut, it's useless, rename back the duplicate "common" folder, place the extracted "LGUPc.dll", rename it literally to "LGUP_common.dll" ; obviously, will need to delete the one from teh folder, that's garbage by Uppercut. Keep "WPDAPI.exe", it's needed.
- run LG UP , choose the .kdz file, both Upgrade and FOTA Upgrade work ( this last one flashes the /fota partition). Refurbish doesn't work, and no idea what it does, so far
- let LG UP do it's thing, at 100% upload , the phone will restart, then a white background shows with the upgrading message, etc. and a progress bar , the phone will either restart at 97 % of the progress bar, or go directly into normal OS load, then within the OS will see the upgrading continues for a few seconds, etc. It depends on the firmware version.
And here comes my problem. None of the available firmwares have the bootloader unlockable. The oldest, M250n10g_00_OPEN_EU_OP_0420.kdz is still from April, dated 3 months after the original release.
We need some of the very first firmwares, if indeed the claim by pvineeth97 is true that he could root it and install TWRP recovery. To be honest, the guy seems to be a hack, probably copy - pasted the method from the older K10 model, and he actually has no proof for having a working method for the 2017 model. Also, doesn't answer to private messages, so that's that... I saw a lot of "methods" by googling, everybody just adds the M250N model to the list, claims rooting works, etc. IT IS NOT TRUE, these are all false claims, just some idiots looking for cheap popularity, taking credit for some other peoples' work, and so on...
I can put the tools onto my gdrive and share the link, if someone else wants to try, but so far, we're short on a proper firmware image.

Try using the scatter file for MT6750.

adacsaba said:
So far, i have a working method to downgrade the firmware:
- install LG UP
- extract the "LGUP_c.dll" file from the firmware using WindowsLGFirmwareExtract-1.2.6.1-Release
- download and run Uppercut, it likely will detect the phone, keep it open then go to the LG UP installation directory c:\Program Files (x86)\LG Electronics\LGUP\model\ , duplicate the "common" folder ( or it'll vanish when Uppercut is closed)
- close Uppercut, it's useless, rename back the duplicate "common" folder, place the extracted "LGUPc.dll", rename it literally to "LGUP_common.dll" ; obviously, will need to delete the one from teh folder, that's garbage by Uppercut. Keep "WPDAPI.exe", it's needed.
- run LG UP , choose the .kdz file, both Upgrade and FOTA Upgrade work ( this last one flashes the /fota partition). Refurbish doesn't work, and no idea what it does, so far
- let LG UP do it's thing, at 100% upload , the phone will restart, then a white background shows with the upgrading message, etc. and a progress bar , the phone will either restart at 97 % of the progress bar, or go directly into normal OS load, then within the OS will see the upgrading continues for a few seconds, etc. It depends on the firmware version.
And here comes my problem. None of the available firmwares have the bootloader unlockable. The oldest, M250n10g_00_OPEN_EU_OP_0420.kdz is still from April, dated 3 months after the original release.
We need some of the very first firmwares, if indeed the claim by pvineeth97 is true that he could root it and install TWRP recovery. To be honest, the guy seems to be a hack, probably copy - pasted the method from the older K10 model, and he actually has no proof for having a working method for the 2017 model. Also, doesn't answer to private messages, so that's that... I saw a lot of "methods" by googling, everybody just adds the M250N model to the list, claims rooting works, etc. IT IS NOT TRUE, these are all false claims, just some idiots looking for cheap popularity, taking credit for some other peoples' work, and so on...
I can put the tools onto my gdrive and share the link, if someone else wants to try, but so far, we're short on a proper firmware image.
Click to expand...
Click to collapse
You are true, @adacsaba but try the scatter file method unique to MTK. I hope that works.

adacsaba said:
Starting this thread for i've found no viable method for rooting, custom ROMs, etc. for the 2017 european model of K10 ( which actually is supplied carrier unlocked in my country with ROM version LGM250AT-00-V12q-COM-DEC-18-2017+0 at this moment, )
First of all, there is *no way* to get into bootloader mode, by ADB or key combo at startup, tried everything suggested on forums , docs pages, whatnot. To be honest, the Internet is full of crap, there should be some censoring, or whoever isn't really fit to publish information or methods they don't master, simply refrain themselves from doing so.
What i have: actually managed to capture the original ROM file, M250n10n_00_OPEN_EU_OP_1218.kdz from the LG Updater tool , can be downloaded from below link. 7zipped for minimal size and password protected the archive, the password is 12345678, for just in case
h.t.t.p.s:././ drive.google.com/file/d/1_uYKC1ecAOvhqyqSr3h2-XSTWvZfHOWn/view?usp=sharing
Apparently, the .kdz file can be successfully unpacked with WindowsLGFirmwareExtract-1.2.6.1 , the boot image extracted from the .dz file, etc. At this point, my knowledge on this is exhausted , haven't done any phone hacking in the last 10 years, last and only time was an Alcatel OTC 960 (i think), with Android 2, don't remember squat now. Don't exactly have time for research and tinkering too much either, i'd rather pass over to someone with more up to date knowledge and experience.
The phone hardware is quite powerful for it's price class, 8 core CPU of which the high perf cluster (4 cores) runs on 1.5 GHz, the low power cluster on 1 GHz, 2 GB DDR2 RAM @667 MHz, 16 GB flash , a decent GPU , generic connectivity options, sd card support, overall a good phone for day by day use.
Full of bloatware though, dire need of rooting, cleanup and some advanced tweaking possibility ( which obviously requires rooting).
Click to expand...
Click to collapse
Hi,
You have helped me to get rid of bloatware ) thank you so much I was trying to install new firmware all day. Now I have clean phone.

adacsaba said:
we're going in circles. no root, no wipe. but for root, need unlocked bootloader. and the default bootloader doesn't allow fastboot/rooting, etc. so it's a stall. please guys, if you have any ***working*** method, post only that.
Click to expand...
Click to collapse
No friend, By what I read here in the forum, it is not necessary to unlock the bootloader in this template

Someone checked this secret menu * # 546368 # * 250 #? has several options that I did not check for lack of experience anyone any solution to open the fastboot or unlock the bootloader
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
---------- Post added at 06:53 AM ---------- Previous post was at 06:49 AM ----------
*#546368#*250# code

you can test your phone without problems...
Still no solution for root or how to make this phone google free :crying:

whitearmor said:
Hi,
You have helped me to get rid of bloatware ) thank you so much I was trying to install new firmware all day. Now I have clean phone.
Click to expand...
Click to collapse
Hello! How did you do it? could you explain? It would be good since you can not even root this team, because at least remove the bloatware from the system, recovering the space of the applications that still exist in the private folder on the same system.

I have a LG Tribute Empire (LM-X220PM). It is also based on the MTK 6750, my device seems to be on running 32-Bit instead of 64-Bit though.
I cannot enter fastboot mode either. I have all of these problems as mentioned in the OP. I was going to start a thread until I saw this. Does deleting the recovery partition really allow the device to boot into fastboot mode?
Because I was about to start looking into lglaf, the advanced flash functions might be a solid connect on a mediatek system. Because Mediatek Devices are normally unlockable. I just need to find my own device's firmware so I can look at the system and ramdisk. Everything about the phone screams there can be root. Maybe a system root though. I need to find the Dev Patched LG UP though to flash partitions. And read how to give LG Advanced Flash commands.

Delgoth said:
Does deleting the recovery partition really allow the device to boot into fastboot mode?
Click to expand...
Click to collapse
Nope. You can wipe it but then it boots to the system which rebuilds recovery from the boot.
I have though about wiping the boot too, to see how it reacts, but there might be some catch.
Also the lgup hasn't been always so steady recognizing my device, m250n.
Also the LG's Bridge has sometimes recognized it to some totally different device.
Odd, but so far I've used it through virtualbox, which might have something do with it.
Delgoth said:
Because I was about to start looking into lglaf, the advanced flash functions might be a solid connect on a mediatek system. Because Mediatek Devices are normally unlockable. I just need to find my own device's firmware so I can look at the system and ramdisk. Everything about the phone screams there can be root. Maybe a system root though. I need to find the Dev Patched LG UP though to flash partitions. And read how to give LG Advanced Flash commands.
Click to expand...
Click to collapse
LG has done their best to remove MTK stuff from m250n, don't know about your device...

CXZa said:
Nope. You can wipe it but then it boots to the system which rebuilds recovery from the boot.
I have though about wiping the boot too, to see how it reacts, but there might be some catch.
Also the lgup hasn't been always so steady recognizing my device, m250n.
Also the LG's Bridge has sometimes recognized it to some totally different device.
Odd, but so far I've used it through virtualbox, which might have something do with it.
LG has done their best to remove MTK stuff from m250n, don't know about your device...
Click to expand...
Click to collapse
Sounds like I need to figure out how to customize the flasher to my device then is all. LGUP 1.4 didn't recognize my device at all.

Delgoth said:
Sounds like I need to figure out how to customize the flasher to my device then is all. LGUP 1.4 didn't recognize my device at all.
Click to expand...
Click to collapse
You might need to use your devices own dll which is inside the kdz file.
---> [LG TOOL] KDZ dll extractor

CXZa said:
You might need to use your devices own dll which is inside the kdz file.
---> [LG TOOL] KDZ dll extractor
Click to expand...
Click to collapse
Or maybe these help, IDK... you probably have found them too...
https://www.mylgphones.com/lgup-dll-for-sprint-lg-tribute-empire.html
https://www.mylgphones.com/how-to-dump-backup-lg-tribute-empire-lmx220pm-firmware.html

CXZa said:
You might need to use your devices own dll which is inside the kdz file.
---> [LG TOOL] KDZ dll extractor
Click to expand...
Click to collapse
I've seen that a lot of LG information is spread around. I normally have Samsung Devices I work with. So the whole flashing process is different. Different Tools, different build types.
Really I'm still trying to wrap my around the LG process. There seems to be many different ways to do things but are kind of device specific. I've only just recently learned about the patched LGUP but I can't find my firmware anywhere to get started with it and get it patched. So I'll look around to hopefully find a KDZ somewhere for the x220pm.
lol I feel like a newb again just because I switched OEM's.

[OTA] System fingerprint needed!

As it's Android One device, it probably uses Google OTA service. If you would be able to provide me with system fingerprint, there's a chance for me to get full OTA link to start up the development for this and possibly other devices.
How to do it?
Install Terminal Emulator from Google Play, type:
Code:
getprop | grep fingerprint
and click enter.
if you want to provide more of usable data, use just
Code:
getprop
Thread will be updated with links once somebody helps. Or will be closed in case of no solution.

pastebin.com/wWpYHPHd

WmcB said:
pastebin.com/wWpYHPHd
Click to expand...
Click to collapse
No update available yet, so I can't check currently if there will be full OTA zips. If you still have the access to this device, try getting kdz download link or file itself (via the official LG tool). Or post/*pm* the IMEI (it may be without last three numbers, because I don't need your own, but just any of them to simulate LG Bridge request). Basically, the only way to get fw now is to get the kdz. Aand last question: is G7 One bootloader unlockable? From what I saw in getprop, there was a prop suggesting that OEM unlock switch is blocked.

j1505243 said:
No update available yet, so I can't check currently if there will be full OTA zips. If you still have the access to this device, try getting kdz download link or file itself (via the official LG tool). Or post/*pm* the IMEI (it may be without last three numbers, because I don't need your own, but just any of them to simulate LG Bridge request). Basically, the only way to get fw now is to get the kdz. Aand last question: is G7 One bootloader unlockable? From what I saw in getprop, there was a prop suggesting that OEM unlock switch is blocked.
Click to expand...
Click to collapse
After enabling developer mode, I am given the option of unlocking the bootloader from the developer menu. I am able to enable it but I didn't test it.
The config [sys.oem_unlock_allowed]: [1] is now set
I tried using LG Mobile Support tool. Software is up to date, so I went into Upgrade Recovery menu option. It did a few checks and failed after "analyzing software version."
The error was "problem with communication between cell phone and PC." Maybe LG's support tool isnt updated to handle the phone yet.
I'll PM you an IMEI

WmcB said:
After enabling developer mode, I am given the option of unlocking the bootloader from the developer menu. I am able to enable it but I didn't test it.
The config [sys.oem_unlock_allowed]: [1] is now set
I tried using LG Mobile Support tool. Software is up to date, so I went into Upgrade Recovery menu option. It did a few checks and failed after "analyzing software version."
The error was "problem with communication between cell phone and PC." Maybe LG's support tool isnt updated to handle the phone yet.
I'll PM you an IMEI
Click to expand...
Click to collapse
Ok, managed to decrypt LGMST thingies. So, it seems that LG just didn't push any kdz yet. But the good news is that we should be able to fetch them as soon as they do it. In the free time, see if you can extract the Camera app from the device. Through Solid Explorer, for example.

j1505243 said:
Ok, managed to decrypt LGMST thingies. So, it seems that LG just didn't push any kdz yet. But the good news is that we should be able to fetch them as soon as they do it. In the free time, see if you can extract the Camera app from the device. Through Solid Explorer, for example.
Click to expand...
Click to collapse
Camera apk extracted
drive.google.com/drive/folders/1aRgQAUxq_aqtU7kOeXd3A1OD_dR6oUDo

WmcB said:
After enabling developer mode, I am given the option of unlocking the bootloader from the developer menu. I am able to enable it but I didn't test it.
The config [sys.oem_unlock_allowed]: [1] is now set
Click to expand...
Click to collapse
Did you end up unlocking the bootloader? I am considering getting this phone tomorrow but only if the bootloader can be unlocked.

jfd3220 said:
Did you end up unlocking the bootloader? I am considering getting this phone tomorrow but only if the bootloader can be unlocked.
Click to expand...
Click to collapse
I may not be savvy enough to test if it is unlocked. I ran "adb reboot bootloader" but it rebooted normally. Is there another way I can check?

WmcB said:
I may not be savvy enough to test if it is unlocked. I ran "adb reboot bootloader" but it rebooted normally. Is there another way I can check?
Click to expand...
Click to collapse
Maybe try
Code:
fastboot oem device-info

Bootloader unlocked from dev options.

I recall seeing other phones with that option that did not actually have unlockable bootloaders.

Pr0l1f1k said:
Bootloader unlocked from dev options.
Click to expand...
Click to collapse
Thanks but that's just a setting that you have to change to enable the unlocking. You also have to enable USB Debugging in Developer Options, then reboot into fastboot as instructed here.
Enable USB-Debugging on your phone. USB-Debugging is required for the commands “adb” and “fastboot” to work. To enable USB-Debugging, go to Settings > About phone > Software info and tap Build number 7 times. Return to the previous screen, select Developer options and enable USB-Debugging.
Enable OEM unlock on your phone. Activating the "Enable OEM unlock" is necessary for the bootloader unlock. To enable OEM unlock, go to Settings > Developer options and check Enable OEM unlock.
You can view the Device ID by connecting your phone to the PC using a USB cable and entering "adb reboot bootloader" in DOS command window. Your phone will reboot into the fastboot mode. Enter "fastboot oem device-id" in DOS command window.
Are you able to retrieve the Device ID?
EDIT: Never mind. I just got this from LG Support Chat: "As per our MC Specialists, unlocking the bootloader on G7 One is not possible anymore."

jfd3220 said:
EDIT: Never mind. I just got this from LG Support Chat: "As per our MC Specialists, unlocking the bootloader on G7 One is not possible anymore."
Click to expand...
Click to collapse
I can confirm that this phone will not enter fastboot with the "adb reboot bootloader" command. It just reboots to system like normal.

snardos said:
I can confirm that this phone will not enter fastboot with the "adb reboot bootloader" command. It just reboots to system like normal.
Click to expand...
Click to collapse
So is that it? Will we ever be able to unlock the bootloader.

j1505243 said:
As it's Android One device, it probably uses Google OTA service. If you would be able to provide me with system fingerprint, there's a chance for me to get full OTA link to start up the development for this and possibly other devices.
How to do it?
Install Terminal Emulator from Google Play, type:
Code:
getprop | grep fingerprint
and click enter.
if you want to provide more of usable data, use just
Code:
getprop
Thread will be updated with links once somebody helps. Or will be closed in case of no solution.
Click to expand...
Click to collapse
Hi ! I will receive my LG G7 One this week and I'm fully commited to help you get the files / test things on my device.
Please let me know, if can be any help !

Simshady97 said:
As it's Android One device, it probably uses Google OTA service. If you would be able to provide me with system fingerprint, there's a chance for me to get full OTA link to start up the development for this and possibly other devices.
How to do it?
Install Terminal Emulator from Google Play, type: and click enter.
if you want to provide more of usable data, use just
Hi ! I will receive my LG G7 One this week and I'm fully commited to help you get the files / test things on my device.
Please let me know, if can be any help !
Click to expand...
Click to collapse
Nah, we are seemingly clogged, until kdz start to distribute. For now, you may just capture the OTA link in adb.

Heads up for anyone interested in this phone: it is available on ebay. I've looked a few times over the last week, and there have been several of them up for grabs for a reasonable price. It's also available on Canadian Amazon (amazon.ca).
If anyone is wondering what frequency bands the phone will use, let me know and I can call around and ask some place that sells this phone.

Ok
Sent from my LGE LG-Q710AL using XDA Labs

fingerprint
O:/ $ getprop | grep fingerprint
[ro.boot.vendor.lge.fingerprint_sensor]: [1]
[ro.bootimage.build.fingerprint]: [lge/phoenix_lao_com/phoenix_sprout:9/PKQ1.180904.001/191471306ed81:user/release-keys]
[ro.build.fingerprint]: [lge/phoenix_lao_com/phoenix_sprout:9/PKQ1.180904.001/191471306ed81:user/release-keys]
[ro.vendor.build.fingerprint]: [lge/phoenix_lao_com/phoenix_sprout:9/PKQ1.180904.001/191471306ed81:user/release-keys]
:/ $

Can someone please share the stock camera APK of this phone?

[ROM][SHT-AL09][Fenris_SHT-AL09]

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Fenris Features
Built in current MicroG
Built in Magisk
Built in BusyBox
Built in GNU Utils compiled for android ( bash etc )
Radically debloated
Built for Lucky Patcher ( lvm already patched and modded playstore in place )
Working Desktop Mode ( PC mode ), Yes you read that right
320 DPI and working camera UI etc.
Better sized Launcher icons.
Shipped as a old school zip so fully customisable by anyone with winrar
Bugs
Wallpapers etc missing ( belongs to an apk i deleted and cant be bothered to track it down ) fixed in beta 2
Standard filemanager is replaced by CM native file manager ( dont want the big H knowing whats on your drive ) so some share functions may not be available
but SMB over the network is fine and thats all im interested in.
Both the TWRP 's are flaky, this version https://forum.xda-developers.com/honor-view-10/development/recovery-twrp-3-2-1-0-t3769917 has just refused to boot on me twice despite a decrypted data partition. But thats not down to Fenris in any way. The second twrp ( view 10 ) is no longer possible. It requires formating /data and by doing that wipes all the themes/wallpapers and screws the theming engine so i am having to stick with the first TWRP.
Unfortunately it BARELY works, just good enough to flash Fenris and associated zip kind of correctly.
Because of a crap TWRP Magisk needs to be setup on first use and download the manager, ie internet needed. It also can not update its zip so that has to be flashed by hand
Battery.... Tablet manager had to go, it deliberately interferes with LP in-app spoofing, but it also provides battery statistics and possibly with it missing, battery life could be worse than stock
( memory handling could also be compromised ). Its a damn hard thing to check since i have never run the tab stock. Tablet manager is back, it controls the recents screen which is broken without one of tablet managers services. Writing a startup script to disable some TM services, but at moment i use MyAndroidTools to do same
Maybe more, this is a beta.
Dev Info.
Huawei have done a good job with their Andfroid shell, its very memory aware and frugal ( unlike samsung and HTC ), its a very good base for Fenris
I would have kept a lot more native apk's but then there are some security concerns so anything with a free line out had to go ( except HwShare, use at your own risk )
If there is demand i will release a total stock zip so peeps can mix-match and roll their own.
Information
Based on MediaPad M5 8.4 SHT-AL09 hw eu Schubert-AL09A 8.0.0.196(C432) Firmware 8.0.0 r1 EMUI8.0 05014XYF.
the link for this firmware https://androidhost.ru/tuA
You must be on this firmware to grantee Fenris operating correctly ( currently Fenris does not ship the vendor or kernel due to issues with the TWRP available being flaky )
, fenris may work on other firmware ( Android O ) but this is for you to try.
I will most prob keep Fenris SHT-AL09 updated as i find stuff i like/do not like, but i AM NOT a Dev, i only get my hands dirty when i need to, so as far as support goes, dont expect much and you will not be disappointed.
My tested method of getting fenris on your SHT-AL09
......download Fenris from here https://mega.nz/#!BKpX2YpT!DhotPKAkJvASYQUPeUlNz3MrZanmFNCxmm6tcd4qcE4
......download Huawei MediaPad M5 8.4 SHT-AL09 hw eu Schubert-AL09A 8.0.0.196(C432) Firmware 8.0.0 r1 EMUI8.0 05014XYF from here https://androidhost.ru/6n0
......downgrade using the dload method
......Get a bootloader unlock code using DC unlocker method ( keep the bootloader unlock code, you will friggin need it )
......Unlock bootloader using Fastboot Unlock Method
......download MediaPad M5 8.4 SHT-AL09 hw eu Schubert-AL09A 8.0.0.196(C432) Firmware 8.0.0 r1 EMUI8.0 05014XYF. from here https://androidhost.ru/tuA
......Upgrade using the Dload method
......Unlock bootloader using Fastboot Unlock Method ( dont worry the code is the same )
......Go into you new 196 system and Activate ADB and OEM-Unlock
......Flash this TWRP https://forum.xda-developers.com/mediapad-m5/development/recovery-twrp-3-2-2-1-t3813825 using TWRP fastboot method
......DO NOT LET IT BOOT INTO SYSTEM, BOOT INTO TWRP INSTEAD
......Have a OTG USB adapter ( you can also use the sd card but that is a pain ) and Stick ready , copy all the files your going to need in the further steps onto it
......Hook up the stick and Flash Disable_Dm-Verity_ForceEncrypt_Quota_05.21.2019.zip from here https://zackptg5.com/android.php#disverfe
......Also Kernel-Sepolicy-Patcher.zip from here also https://zackptg5.com/android.php#disverfe
......THen finally flash Fenris
......Boot ito Fenris
TWRP fastboot method
1.... Make sure you have latest HW adb drivers installed ( check by getting an adb shell to work )
2.... Download latest Android platform tools https://developer.android.com/studio/releases/platform-tools
3)... Decompress etc, get to fastboot dir, open a CMD there
4)... Copy your TWRP image to same dir
5).... Boot into Download mode ( vol down while plufgging USB into computer with drivers set up )
5).... fastboot.exe flash recovery_ramdisk xxxxxxxxxx.img
6).... Get frigin ready to pull the usb and hold power + vol UP ( to reboot int TWRP you just flashed ) DO NOT LET IT BOOT INTO SYSTEM
7).... fastboot.exe reboot
8).... Pull USB, Boot into TWRP
9).... TWRP reboot Menue to shutdown
Dload Method
1.... extract the archive
2.... copy dload folder to root of a fat32 formated sd card
3.... boot up, enable dev options
4.... In dev options enable OEM-unlock ( you will need to be on internet from setup onwards ) unlock and adb
5.... In phone dialer dial *#*#2846579#*#*
6..... Get to upgrade from sd card and hit it.
7..... Phone reboots and does the ****
8..... If you have used online Erecovery downgrading may fail but if setting up from new ( unboxing) this will def work
Dc Unlocker Method ( copied from a p20lite thread , but works for m5 identically )
1)First connect your phone to the PC using the original USB cable.
2)When drivers are installed a popup screen would appear to view the "HiSuite" drive. This is a created drive-letter which contains a HiSuite Software downloader. Click to open or use the Windows Explorer to browse to this virtual drive.
3)Install the HiSuite software - this is important to get the correct drivers AND correct COM ports installed on your system. Skipping this step will result in non working DC Unlocker software.
4)When all is done go to the settings in your phone and open: System -> About Phone and tap the Build-number line about 7 to 8 times. Most likely the phone will ask for a PIN to active the developers mode. This is the code you've setup to use your phone. If you're already have a "developers option" you can skip this step.
5)Now click the "back" arrow once and select "Developer options".
6)Tap OEM-Unlock to activate it (confirm if needed), scroll down and tap USB Debugging to turn it on.
7)Your phone should ask permission to connect your PC (with some MAC address). Confirm it so the connection is approved. If that doesn't show up disconnect the USB cable and check if the USB debug mode is still active in the "Developer options". Than reconnect the cable to your PC.
ready to use the DC-Unlocker software to get our unlock code:
8)First you need some credits and you can buy the using this link: https://www.dc-unlocker.com/buy
9)Just fill in the the fields User-name, E-mail and Credits. Leave the "New user account" option selected if you are a new user.
10)For the Credits you only need 4 of them. I, initially, bought 5 so I still have one left
11)You'll receive a confirmation e-mail with a username and password. These are needed a bit later.
12)Extract the DC-Unlocker client to a fold and start it by clicking dc-unlocker2client.exe using the Windows Explorer (or any other file manager). To be sure you can also right-click the file and start the program using Administrator credentials.
13)Select in the right portion of the program the tab "Server" and enter the username and password you've received by mail. Check the "Remeber" box and click "Check login" to verify your account.
14)Click in the left portion of the program the dropdown list below "Select manufacturer" and choose "Huawei phones".
15)Leave the droplist "Select model" selected at "Auto detect (recommended)".
16)Grab your phone and open your dialer to type this code: *#*#2846579#*#* - this will get you into the service menu of the phone.
17)Tap 1. Background Settings -> USB Port Settings and select Manufacture Mode and than tap Close.
18)Put the phone done and let your PC install the newly found drivers.
19)If that's done click the Magnifying glass in the DC-Unlocker client software.
20)If all is connected correctly your phone is detected and a message in the white part of the program will tell you so. Also the "Select Model" field should display Huawei HiSilicon Kirin Android if the detection is succesfull.
**ready to read the unlock code! Yeah!
21)Click in the right portion of the DC-Unlocker client on the tab Unlocking.
22)Several buttons are visible but just click Unlock which could take a few moments before something is displayed in the white area at the bottom of the program window.
23)The unlock code can be copied and pasted - so please do copy the number to a text file and store it savely on your computer or in your cloud.
Fastboot Unlock Method
1).... Make sure you have latest HW adb drivers installed ( check by getting an adb shell to work )
2).... Download latest Android platform tools https://developer.android.com/studio/releases/platform-tools
3)... Decompress etc, get to fastboot dir, open a CMD there
5).... Boot into Download mode ( vol down while plugging USB into computer with drivers set up )
6).... fastboot oem unlock xxxxxxxxxxxxxx

Glad to read that the development of our Schubert isn't dead

massima said:
Glad to read that the development of our Schubert isn't dead
Click to expand...
Click to collapse
Not sure about that Seems barren in terms of real development. But in this case stock is a very good base, and in terms of memory usage very competitive with LOS, so in this case do not miss real open source code for the device.
The TWRP for our device is not great, and thats something i will get hands dirty fixing.

Any chance you could upload few pictures to show us how pc mode looks on smaller device, and will ever update your rom to 9.0?
Thanks in advance.

xabat said:
Any chance you could upload few pictures to show us how pc mode looks on smaller device, and will ever update your rom to 9.0?
Thanks in advance.
Click to expand...
Click to collapse
Yes sure will get a few screenshots out.
Will update to 9 when the dev community ( LP, Xposed, and all the other projects ) catches up.
At the moment we are prob a year away. ( Xposed barely works on EMUI 8 ).
Fenris is not your normal developers rom, its not about the latest version or untested beta code. Its about providing a stable platform for "alternative" open source code projects focused on Penetration testing, and pushing the boundaries.

any chance you could tell us how to activate desktop mode on stock rom ?

Are you rooted with the TWRP mentioned in the post ?
If not not much point in going further, plus its not an easy job mate, you good at messing around with your internal files ? Permissions and selinux contexts ? Edify script ? If so then you prob could do it. Otherwise best not even start.

vecna said:
Are you rooted with the TWRP mentioned in the post ?
If not not much point in going further, plus its not an easy job mate, you good at messing around with your internal files ? Permissions and selinux contexts ? Edify script ? If so then you prob could do it. Otherwise best not even start.
Click to expand...
Click to collapse
Yes, I unlocked bootloader months ago and I have root.

xabat said:
Yes, I unlocked bootloader months ago and I have root.
Click to expand...
Click to collapse
And twrp ? Cos your going to have to write an edify script to flash everything.

vecna said:
And twrp ? Cos your going to have to write an edify script to flash everything.
Click to expand...
Click to collapse
No I don't have twrp at the moment. I can't find working recovery for emui 9.
I wanted to see if desktop mode will work on android 9

xabat said:
No I don't have twrp at the moment. I can't find working recovery for emui 9.
I wanted to see if desktop mode will work on android 9
Click to expand...
Click to collapse
Well on EMUI 9 not happening, and not happening without TWRP anyway.
So why exactly are you on EMUI 9

I guess there is no external monitor support as I dident read that anywhere.
Is it a hardware limitation?

Well, this ROM is clean and awsome, i have the 10 inch tablet but i envy those who have the Schubert model as they can try this ROM??

Fenris is now at Beta 4, front post updated.

any development for this rom?

LG V30 Unbrick guide (Qualcomm EDL 9008 Mode, Hardbirck, with no download mode)

If you try this method, I nor anybody else is responsible for any further damage done to your phone.
Models Confirmed : V300L
We currently have firehose for V30.
Therefore, we can program UFS flash memory in 9008 mode.
It requires rawprogram?.xml(s) and patch?.xml(s) to program it.
It's easy to generate rawprogram?.xml(s) from kdz file, but generate patch?.xml(s) is not easy. (Unfortunately, I couldn't have time to generate patch?.xml(s)).
I have edited kdztools to generate rawprogram?.xml(s) easily (You can generate it by using "-r" argument. Currently, generate patch?.xml(s) is not supported. I'll add it soon).
I used patch?.xml(s) in post. it works well, but boot loop in the LG Logo.
However, it was possible to enter download mode.
------------------- GUIDE -------------------​1. Download rawprogram?.xml patch?.xml with images from link. (It uses V300L30h000906.kdz)
2. Download firehose (prog_ufs_firehose_8998_lgev30.elf) from link.
<< Linux >>
3. Build qdl or download pre-built binary
4. Extract zip or tar.gz files 1, 2, 3 in any folder.
5. Run
Code:
$ ./qdl --storage ufs prog_ufs_firehose_8998_lgev30.elf rawprogram0.xml patch0.xml rawprogram1.xml patch1.xml rawprogram2.xml patch2.xml rawprogram3.xml patch3.xml rawprogram4.xml patch4.xml rawprogram5.xml patch5.xml rawprogram6.xml patch6.xml
in the terminal.
6. If LG logo shows, enter to the download mode.
<< Windows >>
3-6. You can program by QFIL similar as qdl.
7. Connect to any Windows PC with LGUP (must support Android Pie).
8. Flash kdz with ChipErase. (IMPORTANT)
9. If it boots successfully, your device has unbricked.

you can create rawprogramer and patch.xml with this program
I have already tried it on lg v10 kdz with successful.
after extract kdz :
1-open qualcomtool 2.4 and go to EMMC tabe.
2-clic browse and select primarygpt_0.bin
3- select all partitions and click exract partition
4- click extract firmware
you will find every things you need in extracted folder.
you can edid rowprogramer.xml with notepad ++ .
edit : tryed with lg v30 kdz not work
(gpt not present when select file)

Thank you for your work

download problem
quickwshell said:
If you try this method, I nor anybody else is responsible for any further damage done to your phone.
Models Confirmed : V300L
We currently have firehose for V30.
Therefore, we can program UFS flash memory in 9008 mode.
It requires rawprogram?.xml(s) and patch?.xml(s) to program it.
It's easy to generate rawprogram?.xml(s) from kdz file, but generate patch?.xml(s) is not easy. (Unfortunately, I couldn't have time to generate patch?.xml(s)).
I have edited kdztools to generate rawprogram?.xml(s) easily (You can generate it by using "-r" argument. Currently, generate patch?.xml(s) is not supported. I'll add it soon).
I used patch?.xml(s) in post. it works well, but boot loop in the LG Logo.
However, it was possible to enter download mode.
------------------- GUIDE -------------------​1. Download rawprogram?.xml patch?.xml with images from link. (It uses V300L30h000906.kdz)
2. Download firehose (prog_ufs_firehose_8998_lgev30.elf) from link.
<< Linux >>
3. Build qdl or download pre-built binary
4. Extract zip or tar.gz files 1, 2, 3 in any folder.
5. Run
Code:
$ ./qdl --storage ufs prog_ufs_firehose_8998_lgev30.elf rawprogram0.xml patch0.xml rawprogram1.xml patch1.xml rawprogram2.xml patch2.xml rawprogram3.xml patch3.xml rawprogram4.xml patch4.xml rawprogram5.xml patch5.xml rawprogram6.xml patch6.xml
in the terminal.
6. If LG logo shows, enter to the download mode.
<< Windows >>
3-6. You can program by QFIL similar as qdl.
7. Connect to any Windows PC with LGUP (must support Android Pie).
8. Flash kdz with ChipErase. (IMPORTANT)
9. If it boots successfully, your device has unbricked.
Click to expand...
Click to collapse
thank you so much,but can't download zip from this website,if you can offer other download way,such as google,mega,onedrive,i will apreciate it so much,thanks for your work

Johoneycn said:
thank you so much,but can't download zip from this website,if you can offer other download way,such as google,mega,onedrive,i will apreciate it so much,thanks for your work
Click to expand...
Click to collapse
Sorry for the late reply
mega. nz/#!zCZBkC4D!Vxo9wrd1c9vsZgCfQIrLelcp3unTY7sJAqMXjANvzjQ is V30_UNBRICK.zip
and mega. nz/#!PLIBzQ6L!JKtfq_RH2iFgcQckkRi_LtZGt9u2zaO2YF6x8dtHL6A is a firehose.

It is a shame we resort to such lengths for this. Shame on vendors. It is like pure gold or diamonds when we come across a programmer...

Hi, @quickwshell, could you see this: Help! bootloop per 5 sec, cannot enter rec, download or fastboot. Does the problem I'm facing now is what your method targeting to?

@quickwshell
Thank you so much for sharing firehorse for v30 and this solution. I have LS998 bricked bootloop after interrupting upgrade as @zacox123. I tried your files posted but still phone cant get download mode. Now Im trying to create rawprogram.xml and patch.xml from specific firmware model ls998 but I want to know what partitions are necesary just for getting download mode and then try to upgrade for usb mode.
Could you please help me?
thanks in advance

Pulian said:
@quickwshell
Thank you so much for sharing firehorse for v30 and this solution. I have LS998 bricked bootloop after interrupting upgrade as @zacox123. I tried your files posted but still phone cant get download mode. Now Im trying to create rawprogram.xml and patch.xml from specific firmware model ls998 but I want to know what partitions are necesary just for getting download mode and then try to upgrade for usb mode.
Could you please help me?
thanks in advance
Click to expand...
Click to collapse
How did you do with your phone? Have you made your phone into 9008 mode? Did you use the correct tool?
I have not processed my problem yet. But I read some other posts introducing that, use qpst or miracle box or any similar tools with the edl file provided by @quickwshell to flash in twrp directly, instead of getting download mode back. Maybe you can have a trial.

I was converting my lg [email protected] for unlocking. I have tools for flashing and I did it before with others phones. Accidently flashing process was interrupted and phone got that condition, no download mode. Now I'm using testpoint connection and UMT (tool for repair Qualcomm Phones) for trying to recover download mode. I suppose you can use QFIL for programming after we have correct rawprogramer.xml and patch.xml. Let me finish my test and I'll post results.
Pd: bootloader is not unlocked and I don't know if I can write twrp and it'll work.
Could you share links referring this topic and phone? Thanks.

Well, it definitely worked :good:.
Partitions extracted from us998 firmware
. Now I'm flashing again.
Pd: sorry for inverted picture. I make it from cellphone without edition

Do we need any special process before the computer work, @quickwshell and @Pulian? Is any special cable or teardown work needed? I have never used 9008 before but see other brands like xiaomi cannot simply enter 9008 mode directly.
---------- Post added at 04:27 PM ---------- Previous post was at 04:08 PM ----------
Pulian said:
Well, it definitely worked :good:.
Partitions extracted from us998 firmware
. Now I'm flashing again.
Pd: sorry for inverted picture. I make it from cellphone without edition
Click to expand...
Click to collapse
I see octoplus in your pic. Could you please share your tools and detailed steps? I have never tried 9008, so I hope some extra hand-by-hand instructions. Thanks.
The post I read is from an Android community app, and I'm afraid I cannot provide a link to it. And the author of that post said he had not tested yet, just some common sense and rough idea. I'd hear more from you, afterwards you have succeeded.

Thanks again @quickwshell. Firehorse file is the most important think for starting.
1. I extracted files partitions from firmware KDZ using this software https://forum.xda-developers.com/showthread.php?t=2600575
2.. I used testpoint for getting EDL (QUALCOM 9008) connection. https://forum.xda-developers.com/showpost.php?p=78573920&postcount=2
3. I tried firmware posted here without success (Maybe it works on others). So I wrote critical partitions extracted from my specific firmware (US998) using UMT box and I didnt need to create .xml files because this tool can read and detect internal partitions.
4. I got download mode and just write firmware by USB using octoplusbox. Phone Alive!!
I think every step here can be replaced using diferent software. good luck!

nate0 said:
It is a shame we resort to such lengths for this. Shame on vendors. It is like pure gold or diamonds when we come across a programmer...
Click to expand...
Click to collapse
yes,i think so too, lg is too bad on the software

Pulian said:
Thanks again @quickwshell. Firehorse file is the most important think for starting.
1. I extracted files partitions from firmware KDZ using this software https://forum.xda-developers.com/showthread.php?t=2600575
2.. I used testpoint for getting EDL (QUALCOM 9008) connection. https://forum.xda-developers.com/showpost.php?p=78573920&postcount=2
3. I tried firmware posted here without success (Maybe it works on others). So I wrote critical partitions extracted from my specific firmware (US998) using UMT box and I didnt need to create .xml files because this tool can read and detect internal partitions.
4. I got download mode and just write firmware by USB using octoplusbox. Phone Alive!!
I think every step here can be replaced using diferent software. good luck!
Click to expand...
Click to collapse
After getting download mode back, do we need chiperase like @quickwshell mentioned? I don't know if octoplusbox did it before writing firmware and I suppose most people would still use LGUP for firmware writing. Did you lose s/n, imei, etc. after phone booting? If not, I guess partition dl should be OK.

I didnt touch imei and security partitions. My phone worked after flashing without problems.

Pulian said:
Thanks again @quickwshell. Firehorse file is the most important think for starting.
1. I extracted files partitions from firmware KDZ using this software https://forum.xda-developers.com/showthread.php?t=2600575
2.. I used testpoint for getting EDL (QUALCOM 9008) connection. https://forum.xda-developers.com/showpost.php?p=78573920&postcount=2
3. I tried firmware posted here without success (Maybe it works on others). So I wrote critical partitions extracted from my specific firmware (US998) using UMT box and I didnt need to create .xml files because this tool can read and detect internal partitions.
4. I got download mode and just write firmware by USB using octoplusbox. Phone Alive!!
I think every step here can be replaced using diferent software. good luck!
Click to expand...
Click to collapse
I searched a lot for UMT Box and it seems like one has to collect it with the dongle or else it's not gonna work. Getting frustrated here Are there any way other than umt? Can you or anyone suggest?

moyedchowdhury said:
I searched a lot for UMT Box and it seems like one has to collect it with the dongle or else it's not gonna work. Getting frustrated here Are there any way other than umt? Can you or anyone suggest?
Click to expand...
Click to collapse
use cracked miracle box

seloka180 said:
use cracked miracle box
Click to expand...
Click to collapse
THANKS FOR COMING BACK. Mine is a LS998 converted into US998.
I'm So disappointed right now. Past few days have been unbearable. Even my Blood pressure is getting high
I'll describe what happened so that the situation is understood and you could suggest accordingly.
*I unlocked bootloader by wtf method.
*Tried several roms.
*Decided to stay on LOS 17.1 Q [Nearly got f*****g everything]
*Flushed a module via magisk which offered pixel boot animation(actually was searching for smartpixel to turn off 50% pixels)
*Rebooted and the device stuck into bootloop
*Rebooted into fastboot mode and reinstalled twrp and reboot- No luck
*Used a guide to wipe different partitions via fastboot and then reinstall twrp. Success but still boot stuck.
*Tried to go into download mode by pressing volume up while connecting USB, went into the mode but "waiting for any connection..." showed and was not detected by device mgr.
*Thought relocking the bootloader might get me into download mode.(That's when I burnt my luck I guess...)
*Did lock the bootloader.
*Aaaand still not detected in device manager.
*Moreover, now showing that Your device has failed a routine security check and will not boot!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
*Opened the back and test pointed motherboard, detected in 9008 mode
*Tried QFIL with V30_Unbrick.zip, sahara error.
*Tried a bunch of other tools most of them were so old that they didn't even have the firehose for this model.
Please someone help.

seloka180 said:
use cracked miracle box
Click to expand...
Click to collapse
Can't thank you enough mate! Used it and miracle did happen. I even tried to use it before but after you said it, I tried hard this time. Searched here and there, then took some risk and started to do things like this way -
I had V30_UNBRICK.zip unzipped in a folder with firehose and xml files.
*Disable defender or any other antivirus. (Normally not recommended, but it's the first thing I do when doing these things, also I have an extra laptop where I do all these which doesn't have any private or necessary files, never had any problem though).
*Also, disable driver signature enforcement on Windows(https://windowsreport.com/driver-signature-enforcement-windows-10/)
1. I searched and found Miracle box Thunder v2.93 with loader (No box needed)
2. Select Qualcomm, then flashing and Write Flash.
3. Untick the auto button beside firehose.
4. Under "write flash"
see this image
i. Select firehose, this doesn't recognize the .elf file so renamed it to .mbn (finger was crossed) and it worked!
ii. There are six rawprogram?.xml and patch?.xml (Here, ? = 1, 2, 3....6), I only used rawprogram0.xml and
iii. patch0.xml
5. Got everything ready and then detached the phone from cable.
6. Pressed the start button right after entering into Testpoint EDL Mode. The process starts and failed after a while due to missing files. Then I matched which files were present corresponding to the lines in the xml file, after that deleted all the extra lines(i. e. file was not present in the V30_UNBRICK.zip) from rawprogram0.xml and saved the file (patch0.xml was untouched). I used Notepad++ for editing.
7. Again detached the phone, detached battery, reattached battery, pressed the start button right after I shorted the edl test points, even before the device was detected in the device manager, no delay.
8. The process was completed, files flashed. These files were flashed so that we can now flash proper kdz with download mode. Do not turn on the phone. Or else you'll get into bootloop.
9. Detached the battery, shorted power button for a while(skip if you don't understand), reattached the battery.
10. Pressed volume up and inserted USB cable. Not detected first time. Detached and reattached with pressing volume up button hard this time.
11. witnessed one of the happiest moment seeing it was detected as an LG device in device manager. Wasn't 100% sure yet.
12. Flashed chiperase(important) with patched LGUP in dev mode. And it was done.
13. I will upload the XML file, you can use it with the existing files inside V30_UNBRICK.zip.
the xml file here
Before doing all that I spent five horrific days searching for a solution and almost ordered a motherboard from Aliexpress with a price tag of $100. I tried to be as elaborative as possible so that whoever next encounter the issue don't have to go through what I experienced past few days. If you're reading this and having a problem understanding anything, read again, repeat 10 times, then repeat more 10 times(worked for me), still no solution? knock me here (also: [email protected]). I could help you(with v 30, g6) remotely if I have time, no charges, donate if you will and if you don't I'll still be happy to help. Keep flashing, peace.
---------- Post added at 05:36 AM ---------- Previous post was at 04:57 AM ----------
quickwshell said:
If you try this method, I nor anybody else is responsible for any further damage done to your phone.
Models Confirmed : V300L
We currently have firehose for V30.
Therefore, we can program UFS flash memory in 9008 mode.
It requires rawprogram?.xml(s) and patch?.xml(s) to program it.
It's easy to generate rawprogram?.xml(s) from kdz file, but generate patch?.xml(s) is not easy. (Unfortunately, I couldn't have time to generate patch?.xml(s)).
I have edited kdztools to generate rawprogram?.xml(s) easily (You can generate it by using "-r" argument. Currently, generate patch?.xml(s) is not supported. I'll add it soon).
I used patch?.xml(s) in post. it works well, but boot loop in the LG Logo.
However, it was possible to enter download mode.
------------------- GUIDE -------------------​1. Download rawprogram?.xml patch?.xml with images from link. (It uses V300L30h000906.kdz)
2. Download firehose (prog_ufs_firehose_8998_lgev30.elf) from link.
<< Linux >>
3. Build qdl or download pre-built binary
4. Extract zip or tar.gz files 1, 2, 3 in any folder.
5. Run
Code:
$ ./qdl --storage ufs prog_ufs_firehose_8998_lgev30.elf rawprogram0.xml patch0.xml rawprogram1.xml patch1.xml rawprogram2.xml patch2.xml rawprogram3.xml patch3.xml rawprogram4.xml patch4.xml rawprogram5.xml patch5.xml rawprogram6.xml patch6.xml
in the terminal.
6. If LG logo shows, enter to the download mode.
<< Windows >>
3-6. You can program by QFIL similar as qdl.
7. Connect to any Windows PC with LGUP (must support Android Pie).
8. Flash kdz with ChipErase. (IMPORTANT)
9. If it boots successfully, your device has unbricked.
Click to expand...
Click to collapse
Thank you, Your post helped me to understand a lot of things. Without whome I'd be having an expensive brick which can't even be used to build anything.
This is the way I recovered. So posting it here for people might get help.
seloka180 said:
use cracked miracle box
Click to expand...
Click to collapse
Can't thank you enough mate! Used it and miracle did happen. I even tried to use it before but after you said it, I tried hard this time. Searched here and there, then took some risk and started to do things like this way -
I had V30_UNBRICK.zip unzipped in a folder with firehose and xml files.
*Disable defender or any other antivirus. (Normally not recommended, but it's the first thing I do when doing these things, also I have an extra laptop where I do all these which doesn't have any private or necessary files, but never had any problems).
*Also, disable driver signature enforcement on Windows(https://windowsreport.com/driver-sig...nt-windows-10/)
1. I searched and found Miracle box Thunder v2.93 with loader (No box needed)
2. Select Qualcomm, then flashing and Write Flash.
3. Untick the auto button beside firehose.
4. Under "write flash"
see this image
i. Select firehose, this doesn't recognize the .elf file so renamed it to .mbn (finger was crossed) and it worked!
ii. There are six rawprogram?.xml and patch?.xml (Here, ? = 1, 2, 3....6), I only used rawprogram0.xml and
iii. patch0.xml
5. Got everything ready and then detached the phone from cable.
6. Pressed the start button right after entering into Testpoint EDL Mode. The process starts and failed after a while due to missing files. Then I matched which files were present corresponding to the lines in the xml file, after that deleted all the extra lines(i. e. file was not present in the V30_UNBRICK.zip) from rawprogram0.xml and saved the file (patch0.xml was untouched). I used Notepad++ for editing.
7. Again detached the phone, detached battery, reattached battery, pressed the start button right after I shorted the edl test points, even before the device was detected in the device manager, no delay.
8. The process was completed, files flashed. These files were flashed so that we can now flash proper kdz with download mode.
9. Detached the battery, shorted power button for a while(skip if you don't understand), reattached the battery.
10. Pressed volume up and inserted USB cable. Not detected first time. Detached and reattached with pressing volume button hard this time.
11. witnessed one of the happiest moment seeing it was detected as an LG device in device manager. Wasn't 100% sure yet.
12. Flashed chiperase(important) with patched LGUP in dev mode. And it was done.
13. I will upload the XML file, you can use it with the existing files inside V30_UNBRICK.zip.
the xml file here
Before doing all that I spent five horrific days searching for a solution and almost ordered a motherboard from Aliexpress with a price tag of $100. I tried to be as elaborative as possible so that whoever next encounter the issue don't have to go through what I experienced past few days. If you're reading this and having a problem understanding anything, read again, repeat 10 times, then repeat more 10 times(worked for me). Keep flashing, peace.

How To Guide CPH2451 Rooters Please refrain to g96818 guide to Improve the Init_boot method.

Hey guys, i have tested the new method posted by g96818 and it works perfect.
Since he has more experience than me with OnePlus rooting I'll delete this post soon.
My fear is the future proofing of my method and i understand that his method is better in the case of future updates and less risky.

Finally!. Excited to see the rooting movement beginning let's go. Would have tried but I've got CPH2447.

hitzzzzzzzz said:
Finally!. Excited to see the rooting movement beginning let's go. Would have tried but I've got CPH2447.
Click to expand...
Click to collapse
Hey man, but there is a full OTA for that, you just need to subtract the info you need from it.
Since i dont have that device, i dont want to tell you what to do.

Nice. It'd be fantastic too if we could use this as a ongoing reference for future OTA's. Have someone drop by and post a patched init_boot image everytime a new OTA comes out and keep track of them for the CPH2451

scott.hart.bti said:
Nice. It'd be fantastic too if we could use this as a ongoing reference for future OTA's. Have someone drop by and post a patched init_boot image everytime a new OTA comes out and keep track of them for the CPH2451
Click to expand...
Click to collapse
Yeah that's true that would be nice.

Adb connect works better than adb pair from wireless debugging adb connect then adb shell then run reboot bootloader command For me it would connect with pair but not recognize my device

scottlam1 said:
Adb connect works better than adb pair from wireless debugging adb connect then adb shell then run reboot bootloader command For me it would connect with pair but not recognize my device
Click to expand...
Click to collapse
adb and also the fastboot drivers installed? and USB debugging activated?
and only adb works over wifi , fastboot only with usb cable

blasbenoit said:
I am not responsible for any any harm, such as bricking, or bootloops, which may happen to your device. This is what worked for me and other guys in this forum.
Important notes to consider: A big thanks to azsl1326 he got us the Patched Init_boot to make this possible.
-You need to unlock the bootloader of your device. This means you'll lose the data ect ect ect.
-People are losing Netflix access after this process, right now we haven't found a "cure" for this, but is pretty normal if you have root a Oneplus device before, when i found the fix i'll edit this right away.
-I'll write this for experts and newcomers a like just in case so they don't have to start asking for simple questions.
-After the root some people have the issue that they cant use security like passwords, fingerprint...ect ect. (as of now the only fix they have is to reset everything and doing the rooting again for 2+times). If i find the "cure" i'll let you guys know.
Spoiler: Issues connecting your device to the PC?
To some people the USB debugging is not working at all, because the phone turn it off after you try to use it or connect it to the PC.
I personally had this issue so i just workaround it. This is what i did:
1- Connect the OnePlus to the same network as your PC.
2- Turn On Wireless debugging on your OP11 and select Pair device with pairing code:
3- Then use this on your PC after you open CMD of course:
Then put the code you have.
The check with this command to see if it is connected:
Now that it is connected you can enter bootloader and connect it to your PC in that mode normally with:
OK now back to the deal:
1- Download the latest platform tools from here:
-Unzip it and put it in the desktop for easy access.
2-The bootloader
Spoiler: Unlock the Bootloader
Step 1 - Unlocking Bootloader:
1.A - Enable OEM Unlocking:
1. Open Settings Application -> About device -> Version -> Tap on Build Number 7 times
2. Open Settings Application -> Additional Settings -> Developer Options
3. Enable OEM Unlocking
4. Enable USB Debugging
1.B - Entering Bootloader
The bootloader must be unlocked in order to flash the recovery.
Ensure the device is connected to the computer via ADB by entering the following command
Code:
adb devices
The output should be something similar to this:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
(note the device name on the left will not be the same)
Reboot into the bootloader by entering the following command:
Code:
adb reboot bootloader
1.C - Unlock
Once entered, enter the following command:
Code:
fastboot flashing unlock
WARNING: THIS WILL WIPE ALL DATA ON THE DEVICE
Use the volume keys to select unlocking, and then use the power button to confirm.
Once complete, enter the following command:
Code:
fastboot reboot
You will now have to go through the device setup.
Repeat steps 1.A and 1.B to enter back into the bootloader
3- Flashing the Init_Boot.img
In this case i'll provide the already patched Init_boot.img for A07!!! so you don't have to look for it, is attached to this thread.
Download the img and put it in the same folder as the platform tools for easy access.
Spoiler: Magisk Canary
After you enter the device.
1. Dowload the Magisk Canary version from this link:
2. Install it on you device.
Spoiler: Opening CMD (Command Prompt)
After you got everything in place open the platform folder and type CMD on the location box, then press Enter.
If that doesn't work, just open CMD and type:
CD and write the location of the platform folder to get it to work.
Now to the "flashing"
Enter the bootloader like before to start, now type this:
The above command should automatically flash the init_boot to both the slots. However, if you face any issues while executing that command, then you could also manually specify the slots while flashing. Like this:
And
4-Restart your phone and check the magisk canary app that everything is OK.
Spoiler: Bypassing Safetynet
This is optional; however, highly recommend
Note, due to the nature of Safetynet, this can change at anytime and may begin failing in the future.
A - Repackaging Magisk
1. Launch Magisk Manager
2. Tap Settings Icon (Top Right Corner)
3. Tap "Hide The Magisk App"
4. Enter New Application Name
5. Click OK and wait
6. Uninstall original Magisk APK if it has persisted
B - Enable Zygisk & Deny List
1. Launch Magisk Manager
2. Tap Settings Icon (Top Right Corner)
3. Enable "Zygisk"
4. Enable "Enforce Deny List"
C - Configure Deny List
it is recommended to add any application you would like to hide from Magisk here
1. Launch Magisk Manager
2. Tap Settings Icon (Top Right Corner)
3. Tap "Configure DenyList"
4. Tap the 3 dots in the top right and select "Show System Apps"
5. Select the following applications:
~ Android System
~ Google Play Store
~ Google Play Services
~ Google Services Framework
D - Delete App Data
1. Launch Settings Application
2. Select Apps
3. Select App Management
4. Clear data for the following apps:
~ Google Play Store
~ Google Play Services
~ Google Services Framework
5. Reboot the device
E - Flash Universal Safetynet Fix
1. Download the Universal Safetynet Fix
2. Launch Magisk
3. Select Modules
4. Select "Install From Storage"
5. Select Universal Safetynet Fix
6. Wait for Flashing to complete
7. Reboot
Download a safetynet check just to be sure.
And thats pretty much it, if you guys find some issues after the root, please post them here so i'll start adding more and more info about it for future references and fixes.
Click to expand...
Click to collapse
You are so helpful! This worked flawlessly!

ChrisFeiveel84 said:
adb and also the fastboot drivers installed? and USB debugging activated?
and only adb works over wifi , fastboot only with usb cable
Click to expand...
Click to collapse
Yeah fastboot still has to be hardwired I'm just going by my experience that pair function didn't work for me adb connect did wireless you still put in the IP and port but no pair key

scottlam1 said:
Yeah fastboot still has to be hardwired I'm just going by my experience that pair function didn't work for me adb connect did wireless you still put in the IP and port but no pair key
Click to expand...
Click to collapse
i never use adb over wifi sorry

Do you by chance have the stock unpatched init_boot.img? When you say that you have to redo the whole root process a couple of times to get screen lock working, uprooting would be flashing a stock init_boot yeah?

H4X0R46 said:
Do you by chance have the stock unpatched init_boot.img? When you say that you have to redo the whole root process a couple of times to get screen lock working, uprooting would be flashing a stock init_boot yeah?
Click to expand...
Click to collapse
unrooting before the update is actually only needed if you do the update via incremental update (e.g. eu and india get full firmware packets) so you don't need to unroot first

ChrisFeiveel84 said:
unrooting before the update is actually only needed if you do the update via incremental update (e.g. eu and india get full firmware packets) so you don't need to unroot first
Click to expand...
Click to collapse
Mine is the USA model CPH 2451, I updated my phone to A.07 already by normal means, my bootloader is still locked, so I haven't even begun to mess with it YET. This might cause issues with my lock and fingerprint I'm assuming? Just wanna be sure I'm understanding this correctly. Thanks man for all your help! Much appreciated

H4X0R46 said:
Mine is the USA model CPH 2451, I updated my phone to A.07 already by normal means, my bootloader is still locked, so I haven't even begun to mess with it YET. This might cause issues with my lock and fingerprint I'm assuming? Just wanna be sure I'm understanding this correctly. Thanks man for all your help! Much appreciated
Click to expand...
Click to collapse
I didn't have an issue with my lock screen and stuff. I also didn't do anything to the phone other than unlock bootloader and root. Once I did this my lock screen and fingerprint and stuff wasn't an issue at all. Maybe I got lucky.

H4X0R46 said:
Do you by chance have the stock unpatched init_boot.img? When you say that you have to redo the whole root process a couple of times to get screen lock working, uprooting would be flashing a stock init_boot yeah?
Click to expand...
Click to collapse
The password issue has nothing to do with rooting, it is caused by unlocking the bootloader. Before you do any rooting, first lock and unlock the bootloader 3 times. After the third time, you can set the password (or pin, or pattern/etc) and THEN do the actual rooting.

Do you have boot.img instead i rather have temp root

i accidentally pushed the patched init boot img to phone before updating, now i keep getting failed system update, any way to revert back to original A06 init_boot.img so i can take update and then come back and root

SappyHanger said:
Do you have boot.img instead i rather have temp root
Click to expand...
Click to collapse
Sorry m8, they haven't release the full IMG yet, just incremental, unless you are in (UPDATE A06), i can tell you where to get it for that one.

blasbenoit said:
Sorry m8, they haven't release the full IMG yet, just incremental, unless you are in (UPDATE A06), i can tell you where to get it for that one.
Click to expand...
Click to collapse
can you point me to the init boot image on A06, i accidentally pushed the patched a07 version to a06 w/o updating to a07

So I did the above and magisk turns into a green android icon and won't start. It did start before I flashed the init boot.... ?? Tried to re-install magisk, same thing. green icon.....
Do I need to sideload magisk? (adb sideload Magisk-v25.2.zip) ???