Develop Bugs

[ROOT] H932 - lafploit 1.5 up to v20a

WARNING​
DO NOT LET YOUR PHONE REBOOT, OR POWER OFF UNTIL I TELL YOU THAT IS WHAT YOU NEED TO DO.
If you do, I am not sure what shape your phone will be in.
This should go without saying, but you MUST have your bootloader unlocked (check OEM UNLOCK in developer options AND fastboot oem unlock). If you don't, you will probably brick your phone.
If you use this on any model V30 besides the H932, you will be stuck in a bootloop, and you will not be able to fix it since you will have wiped out download mode!
This is safe if no mistakes are made (typos, missing a step, etc). However, if you do mess up, the risk is high that you lose download mode at best, or brick your phone at worst.
If you deviate from this procedure, and think: "I can just skip a step, or I can do this on my own Linux install". Don't complain if you brick your phone.
PREREQUISITES:
You MUST to be on 10d: link
You must have H933 10h laf installed. You will need the KDZ: link
We are going to flash this using the patched LG UP: link MOD EDIT: original link dead. Try THIS ONE instead
It MUST be installed in: Crogram Files (x86)LG ElectronicsLGUP
You can't just unzip it anywhere and run it, it will not find the model file.
You need TWRP: link
You need an SD card that is formatted for FAT16 with TWRP copied onto it EXACTLY as it is named when you download it.
You need to grab FWUL (version 2.7 or later) and burn it to a USB stick: link
Even if you have Linux, and you think you can install the dependencies, don't. I know this works from FWUL.
After installing TWRP, grab @weakNPCdotCom's latest TWRP flashable ROM threads: Oreo 20s or Pie 30d
MOD EDIT: If your phone is (or has been) on Pie, you need to use a later LGUP version to roll back to Nougat 10d, then SWITCH to the original LGUP version linked below for the remaining steps. See this post for details.
PROCEDURE PART 1: Getting a working LAF onto your phone
By far this is the most dangerous part of this procedure.
Make sure you are on or downgraded to 10d
Boot to download mode
In LG UP, choose partition DL.
Pick the H933 10h KDZ
Click start
You will be given a list of partitions to flash, ONLY check laf
Click start
You will get a warning about additional modified partitions -- ignore it, and click OK.
As a safety feature, LG UP will start flashing those modified partitions after laf completes flashing.
After the flash is initiated, pay close attention to the "step" and as soon as it changes from laf to another partition, PULL THE USB CABLE!
If you let it completely flash the H933 KDZ, your phone WILL reboot, and you WILL have a brick that can't be fixed.
You NEED to pay attention. The additional partitions that are flashed are very small. The second that step changes from laf to
the next partition, PULL THE USB CABLE!
Click OK and it will start flashing.
Once laf is flashed, and you have pulled the USB cable, you can click exit, and then re-open LG UP.
Choose partition DL again, and this time pick the H932 10d KDZ.
Select all partitions except laf. If you forget to uncheck laf, you will have to do this all over again.
When it completes, it will reboot your phone.
Go back into download mode. This time you will be running the H933 laf, and we can continue with PART 2
PROCEDURE PART 2: Installing TWRP
Boot from your FWUL USB stick.
Put your phone into download mode. With the phone powered off, hold vol up and plug in the USB cable. You do not need to
touch the power button -- the phone will power on and enter download mode.
Once booted, login. The password is: linux
Double click the LG folder that is on the desktop
Double click on LG LAF (runningnak3d) icon and you will be at a terminal prompt.
The following are the commands that you enter into that terminal. You can copy / paste them if you like.
MOD EDIT: Refer to THIS POST to make sure that LGLAF is able to read the SD card
Code:
git pull
git checkout h932-dd-write
./step1.sh
When you are told to, pull the USB cable, and the phone will power off. You now have TWRP installed. At this point you can flash a ROM, or Magisk or whatever you like.
You must use the key combination (with phone off, hold vol down + power. When the LG logo appears, immediately release and then hold power until you get the the factory reset screen. Choose yes twice and you will be in TWRP) to IMMEDIATELY boot into recovery. If you don't, then recovery-from-boot.p will wipe out TWRP, and you will have to do THIS part again.
CREDITS:
Lekensteyn -- His base work on the G2 / G3 gave me a GREAT headstart!
@steadfasterX - He added some real nice features, great guy to bounce ideas off, and just testing crazy ideas because he wasn't afraid to brick his phone Also, for FWUL
tuxuser - Helping with my lacking in Python
@smitel - His original reverse engineering of LG UP. Great inspiration!
-- Brian
XDA:DevDB Information
[H932] lafsploit 1.5, Tool/Utility for the LG V30
Contributors
runningnak3d
Version Information
Status: Testing
Created 2018-09-14
Last Updated 2020-07-21

PROCEDURE PART 1: Getting a working LAF onto your phone
Make sure you are on version 10d. Again, check in Software Info / Software Version if you are unsure.
Boot to download mode
In LG UP, choose partition DL.
Pick the H933 10h KDZ
Click start
You will be given a list of partitions to flash, ONLY check laf
Click start
You will get a warning about additional modified partitions (cache, OP, userdata) -- ignore it, and click OK.
Click OK and it will start flashing.
Once the flash completes, your phone will reboot into the OS. Just power off, and go back into download mode.
Choose partition DL again, and this time pick the H932 10d KDZ.
Select all partitions except laf. If you forget to uncheck laf, you will have to do this all over again.
When it completes, it will reboot your phone.
Go back into download mode. This time you will be running the H933 laf, and we can continue with PART 2

PROCEDURE PART 2: Installing TWRP and rooting
Make sure the SD card is in your phone.
Boot from your FWUL USB stick.
Put your phone into download mode. With the phone powered off, hold vol up and plug in the USB cable. You do not need to
touch the power button -- the phone will power on and enter download mode.
Once booted, login. The password is: linux
Double click the LG folder that is on the desktop
Double click on LG LAF (runningnak3d) icon and you will be at a terminal prompt.
The following are the commands that you enter into that terminal. You can copy / paste them if you like.
Code:
git pull
git checkout h932-dd-write
./lglaf.py
These next commands you will type into the LGLAF shell. It will look like this:
Code:
LGLAF.py by Peter Wu (https://lekensteyn.nl/lglaf)
Type a shell command to execute or "exit" to leave.
#
You will type these commands at the # prompt that you see above. When you enter the commands, you will NOT get any indication that the command completed. However, if you get this:
Code:
Hello, I am LAF. Nice to meet you.
then you typed the command incorrectly, and you need to try again. There are TWO spaces between !EXEC and toybox.
Also, the phone will NOT indicate that flashing is taking place since we are using dd and NOT the normal WRTE opcode. When you enter !CTRL POFF, the phone will go to 100%.
Lastly CAPS matter. These lines need to be typed exactly (better to use copy / paste). If you mess up, it is no big deal, just try again.
Code:
!EXEC toybox dd if=/storage/external_SD/twrp.img of=/dev/block/sde bs=4096 seek=10246\0
!CTRL POFF
You can now pull the USB cable, and your phone will power off. You now have TWRP installed. At this point you can flash a ROM, or Magisk or whatever you like.
You must use the key combination to immediately boot to TWRP:
Power off your phone
Hold vol down + power.
When the LG logo appears, immediately release power (and ONLY power) and then immediately hold power again until you get the the factory reset screen.
You never let go of vol down until the factory reset screen appears. Once it appears, you can release both buttons.
Choose yes twice by using the vol down key and power to select, and you will be in TWRP.
You should only tap the power key to select yes. Don't press and hold, and don't spam the power key.
It takes TWRP a little bit to boot -- be patient.
If you don't do this, and you let the phone boot into the OS, then recovery-from-boot.p will wipe out TWRP, and you will have to do THIS part again.
By THIS part, I mean if you mess up the key combo, and the phone boots to the OS, you only have to do PART 2 -- not this entire process.
ROOTING:
OK, so now you are in TWRP, we need to flash a few things or TWRP will be wiped out, and your phone will be encrypted again.
First swipe to allow modifications
Choose wipe / format data / type yes
Choose reboot / recovery -- this will reload TWRP. Do not choose reboot / system. Make sure that when it reboots you are able to mount data without it prompting for a pin / passcode.
If it does, then you need to format data again and reboot to recovery because you chose WIPE and not FORMAT.
Pick install, and browse to your SD card where you have Magisk, dm-noverity-opt-encrypt, and rctd remover
You can install each one individually, or you can add them all together in the queue -- it is your choice. Also, Magisk needs to be flashed first -- the order of the other two zips doesn't matter.
Now that they are flashed, reboot to recovery yet again just for good measure. If everything looks good, reboot to system and you should have a rooted phone.
OPTIONAL:
If you would like a second copy of TWRP on your laf partition (I *highly* recommend this), follow these instructions:
Download the version of TWRP that you want to install onto laf.
Rename it to twrp.img
Boot your phone to TWRP, and connect it to your PC
Open a command prompt where you downloaded TWRP and type:
adb push twrp.img /sdcard/
adb shell dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/laf
With the phone off, hold vol up and plug in the USB cable and you should be greeted by your second copy of TWRP.
CLEANING UP:
If you do NOT want TWRP on laf, then we at least need to get the H932 laf back onto your phone.
Download this zip onto your phone: h932_laf.zip
Boot to TWRP
Choose install, and browse to where you downloaded the zip
When it finishes flashing, you will have the H932 laf back.
I can't say this enough, you should really consider keeping two copies of TWRP around. You will never be in a situation where you go: "Man, I wish I had download mode, but all I have is TWRP".
However, there are plenty of times that you may wish that you had a second copy of TWRP. Imagine flashing a ROM that wipes out recovery. Oppps. Imagine flashing a new version of TWRP and
it doesn't boot -- again -- opps.
-- Brian

I've added link to WTF instructions pointing T-mobile H932 users to here. ALL other V30/30+/V30S can use that easier method, but T-mobile H932 HAS to use this method.

OK -- those are the final instructions for now. Root away!
I have upgraded to Oreo, and then downgraded to 10d and tested this 4 times so I know it works fine. However, getting H933 laf onto your phone is dangerous. PLEASE pay attention and pull the USB cable. You can be too quick -- pulling it while it is still flashing laf. If you do, then you just need to flash 10d and start again. However, if you wait and your phone reboots, the H933 has a different RSA key and your phone is toast.
I don't have a TMO G7 to test with, but this should work for them as well. Just need to find the correct laf to flash for them.
-- Brian

I remember when the OP released this method for the T-Mobile G6 (I used to have one). Many bricked their phones in the process. Others were successful and happy. Too risky for me.

I can't post a screenshot right now, but here ya go -- proof that this works:
Code:
joan:/ $ su
joan:/ #
joan:/ # cd sys
sys/ system/
joan:/ # cd system/
joan:/system # cat build.prop | grep H932
ro.product.model=LG-H932
ro.lge.swversion=H93210d
ro.lge.factoryversion=LGH932AT-00-V10d-TMO-US-JAN-11-2018-ARB00+0
joan:/system #
-- Brian

First thing: Nice job, Brian! Thank you, and those who helped bring this to light by being guinea pigs.
Second: Brian, there appears to be a break in the link for FWUL. I was still able to copy the link text, then take the break out after pasting it into the address bar to get to the page, but wanted to let you know that the break is there.

runningnak3d said:
OK --
I don't have a TMO G7 to test with, but this should work for them as well. Just need to find the correct laf to flash for them.
-- Brian
Click to expand...
Click to collapse
Man I hope that's true but the g7 has a locked bootloader HTC style unlock now. LG haven't unlocked the Tmo version last I checked unless I missed something
Also, so it's okay to OTA to Oreo now? I'm on nougat and much rather be on Oreo

NOOO Don't ever take an OTA. You will need to flash an Oreo zip to get back. I am guessing there isn't one since there would be no need.
I don't have time to make one today unfortunately.
EDIT: and what?! you mean TMO finally has a locked bootloader on the G7 just like all other carriers? They didn't just strip fastboot flash, they removed oem unlock as well?
-- Brian

inuyasha1999 said:
First thing: Nice job, Brian! Thank you, and those who helped bring this to light by being guinea pigs.
Second: Brian, there appears to be a break in the link for FWUL. I was still able to copy the link text, then take the break out after pasting it into the address bar to get to the page, but wanted to let you know that the break is there.
Click to expand...
Click to collapse
Fixed. Please let me know if you catch anything else.
-- Brian

runningnak3d said:
NOOO Don't ever take an OTA. You will need to flash an Oreo zip to get back. I am guessing there isn't one since there would be no need.
I don't have time to make one today unfortunately.
EDIT: and what?! you mean TMO finally has a locked bootloader on the G7 just like all other carriers? They didn't just strip fastboot flash, they removed oem unlock as well?
-- Brian
Click to expand...
Click to collapse
I should have added im sick in bed today and haven't rooted yet so itd be a 100pct stock OTA. Is it still not recommend to OTA to Oreo beforehand?
And yup, it appears LG has done the HTC style unlock and the Tmo version isn't unlockable yet and probably won't be Imo. I think it was LG but could be Tmo since it seems the more custs they get, the more like at&t they become

Josh McGrath said:
I should have added im sick in bed today and haven't rooted yet so itd be a 100pct stock OTA. Is it still not recommend to OTA to Oreo beforehand?
And yup, it appears LG has done the HTC style unlock and the Tmo version isn't unlockable yet and probably won't be Imo. I think it was LG but could be Tmo since it seems the more custs they get, the more like at&t they become
Click to expand...
Click to collapse
If you did, you will be wasting your time since you have to downgrade to 10d.
I will try to get a 20a flashable zip up as soon as I can.
-- Brian

runningnak3d said:
If you did, you will be wasting your time since you have to downgrade to 10d.
I will try to get a 20a flashable zip up as soon as I can.
-- Brian
Click to expand...
Click to collapse
Wow. Being so sick has made me not think straight . I can't believe I didn't think about that since you have to flash back to 10d.
No pressure on the flashable. It isn't that big of deal for me or us but thanks for thinking about us with the extra work.

Hey Brian. I dont know if you saw my pm but im glad it works

@me2151 No, sorry, my PM box is so backed up. I am going to have to spend some time this weekend going through it.
This isn't quite the same as lafsploit for the H918, but the concept came from research for that project.
Next tasks:
* Get Oreo and root working on the V20
* Get all other G6s root in addition to the H872
* Consider buying a V30 so I can help here as well
-- Brian

runningnak3d said:
@me2151 No, sorry, my PM box is so backed up. I am going to have to spend some time this weekend going through it.
This isn't quite the same as lafsploit for the H918, but the concept came from research for that project.
Next tasks:
* Get Oreo and root working on the V20
* Get all other G6s root in addition to the H872
* Consider buying a V30 so I can help here as well
-- Brian
Click to expand...
Click to collapse
Ah lol. My pm had jsut suggested taking a look into the h932 since its similar to the h918 in regards to bootloader. yea you should join us. I have my P rom working now. ill probably hold off on releasing it to the public though til i do more features. However. Only non stock rom to have enforcing on Joan

@runningnak3d
You stated, "You need to grab FWUL (version 2.7 or later) and burn it to a USB stick: link
Even if you have Linux, and you think you can install the dependencies, don't. I know this works from FWUL."
When I went to the page it has 2 options/2 types of FWUL... which should we download:
"Main Download Server:
persistent mode ( read FAQ #4 ): Latest version (click)
forgetful mode ( read FAQ #4 ): Latest version (click)"
I'm guessing Persistent mode version....?
Thanks
runningnak3d said:
WARNING​
DO NOT LET YOUR PHONE REBOOT, OR POWER OFF UNTIL I TELL YOU THAT IS WHAT YOU NEED TO DO.
If you do, I am not sure what shape your phone will be in.
This should go without saying, but you MUST have your bootloader unlocked (check OEM UNLOCK in developer options AND fastboot oem unlock). If you don't, you will probably brick your phone.
If you use this on any model V30 besides the H932, you will be stuck in a bootloop, and you will not be able to fix it since you will have wiped out download mode!
This is safe if no mistakes are made (typos, missing a step, etc). However, if you do mess up, the risk is high that you lose download mode at best, or brick your phone at worst.
If you deviate from this procedure, and think: "I can just skip a step, or I can do this on my own Linux install". Don't complain if you brick your phone.
PREREQUISITES:
You MUST to be on 10d: link
You must have H933 10h laf installed. You will need the KDZ: link
We are going to flash this using the patched LG UP: link
It MUST be installed in: Crogram Files (x86)LG ElectronicsLGUP
You can't just unzip it anywhere and run it, it will not find the model file.
You need TWRP: link
You need Magisk: link
You need an SD card that is formatted for FAT16 with TWRP copied onto it and named twrp.img. Also copy the Magisk zip onto the card.
You need to grab FWUL (version 2.7 or later) and burn it to a USB stick: link
Even if you have Linux, and you think you can install the dependencies, don't. I know this works from FWUL.
PROCEDURE PART 1: Getting a working LAF onto your phone
By far this is the most dangerous part of this procedure.
Make sure you are on or downgraded to 10d
Boot to download mode
In LG UP, choose partition DL.
Pick the H933 10h KDZ
Click start
You will be given a list of partitions to flash, ONLY check laf
Click start
You will get a warning about additional modified partitions -- ignore it, and click OK.
As a safety feature, LG UP will start flashing those modified partitions after laf completes flashing.
After the flash is initiated, pay close attention to the "step" and as soon as it changes from laf to another partition, PULL THE USB CABLE!
If you let it completely flash the H933 KDZ, your phone WILL reboot, and you WILL have a brick that can't be fixed.
You NEED to pay attention. The additional partitions that are flashed are very small. The second that step changes from laf to
the next partition, PULL THE USB CABLE!
Click OK and it will start flashing.
Once laf is flashed, and you have pulled the USB cable, you can click exit, and then re-open LG UP.
Choose partition DL again, and this time pick the H932 10d KDZ.
Select all partitions except laf. If you forget to uncheck laf, you will have to do this all over again.
When it completes, it will reboot your phone.
Go back into download mode. This time you will be running the H933 laf, and we can continue with PART 2
PROCEDURE PART 2: Installing TWRP
Boot from your FWUL USB stick.
Put your phone into download mode. With the phone powered off, hold vol up and plug in the USB cable. You do not need to
touch the power button -- the phone will power on and enter download mode.
Once booted, login. The password is: linux
Double click the LG folder that is on the desktop
Double click on LG LAF (runningnak3d) icon and you will be at a terminal prompt.
The following are the commands that you enter into that terminal. You can copy / paste them if you like.
Code:
git pull
git checkout h932-dd-write
./lgaf.py
!EXEC toybox dd if=/storage/external_SD/twrp.img of=/dev/block/sde bs=4096 seek=10246\0
!CTRL POFF
When you are told to, pull the USB cable, and the phone will power off. You now have TWRP installed. At this point you can flash a ROM, or Magisk or whatever you like.
You must use the key combination (with phone off, hold vol down + power. When the LG logo appears, immediately release and then hold power until you get the the factory reset screen. Choose yes twice and you will be in TWRP) to IMMEDIATELY boot into recovery. If you don't, then recovery-from-boot.p will wipe out TWRP, and you will have to do THIS part again.
You will have to format data, and make sure you flash Magisk before rebooting into the OS!
CREDITS:
Lekensteyn -- His base work on the G2 / G3 gave me a GREAT headstart!
@steadfasterX - He added some real nice features, great guy to bounce ideas off, and just testing crazy ideas because he wasn't afraid to brick his phone Also, for FWUL
tuxuser - Helping with my lacking in Python
@smitel - His original reverse engineering of LG UP. Great inspiration!
-- Brian
XDA:DevDB Information
[H932] lafsploit 1.5, Tool/Utility for the LG V30
Contributors
runningnak3d
Version Information
Status: Testing
Created 2018-09-14
Last Updated 2018-09-14
Click to expand...
Click to collapse

Feedback
I had a moment to go through the instructions as a "typical user", and am providing feedback to make this as painless as possible, crystal-clear, & hopefully prevent any bricks!: (Please correct any inaccuracies!!)
runningnak3d said:
This should go without saying, but you MUST have your bootloader unlocked (check OEM UNLOCK in developer options AND fastboot oem unlock)...
Click to expand...
Click to collapse
EVERYTHING should be said!!! Especially things that will brick our phones People like me that ARE extremely computer literate and have been 'custom rom-ing' for almost a decade still won't know all of these nuances. I've been just catching up on all of these advancements with the V30 and your latest discovery, read hundreds of posts, but I still won't pretend to know everything! And apparently a mistake like this could've made my phone gar-bosh. So don't underestimate peeps like me So: in Android phone settings->Developer Options: There are 2 checkbox(es) we need to select? "OEM Unlock" and "Fastboot OEM unlock"? (Im not sure about the latter mostly)
runningnak3d said:
...You MUST to be on 10d...
Click to expand...
Click to collapse
Link or steps if you're NOT? Ways to check? (I like many users will either get a random phone off ebay, or have one already, and won't know our baseline or how to determine this. & is this a deal breaker if it's not 10d?)
runningnak3d said:
...You must have H933 10h laf installed...
Click to expand...
Click to collapse
Link or steps if you're NOT? Does that link also contain the software or is there another link we need? (Again, if there's another link, version-mismatch might cause unpredictable results for some users)
Fat32: I've used SwissKnife https://swissknife.en.uptodown.com/windows to do easy FAT (same as FAT16) formatting. I say this because I already saw issues around this.
I'm looking to buy a V30 only since you figured this out Much thanks! I'll say that again, you're awesome & I'm jealous! It sounds like now ALL variants can get the bootloader unlocked and a custom recovery installed: H932 via this thread/method & all other variants via WTF exploit (Again, please keep me honest!). (I just want to double-check my info so I (& others) buy a phone that will be able to get a custom ROM & plan to get the H932 and will report back if/when I get band 71 working for those interested.
I know some of you that have been in this since the beginning are thinking, come on man, read the posts! Like I said, I have been for over a week. There are thousands of posts, and even if I/we read EVERYTHING, we still wouldn't be able to decipher the bad info from the good! ...so thanks for your patience I'll post more once I actually try this. And thanks again Brian!! Really awesome...
---------- Post added at 03:07 PM ---------- Previous post was at 03:01 PM ----------
runningnak3d said:
* Consider buying a V30 so I can help here as well
Click to expand...
Click to collapse
Umm... For all of us that use this and get it working, I think we should do donations until Brian can get a free V30, eh?!? (Can't yall read between the lines ) Besides, think of all the additional support you'll get if he actually has a phone to test with!! haha

@igotroot
Did you get it working yet? If not I can run you through the hardest part of it. Also, choose the persistent FWUL. Basically persistent mode means it saves your data when you leave. It's just easier that way

LG V35 with unlocked bootloader, rooted, but no custom recovery

I bought a LG V35 recently. When I got the phone, I found its rooted already and looks like bootloader is unlocked since the 1st screen shows the warning unlocked messages. See attachments.
After I got into the system, I could see magisk and used root permission without any problem.
I wanted to do a system backup in the customer recovery like twrp or CWM. (I thought it should be there, since phone is rooted) But after I clicked "reboot to recovery" with TaiBackup APP, I could not get into recovery and screen shows "erasing data" and then rebooted. When system was started up again, phone was done a factory reset and magisk did not work any more...(I checked, I still can see the unlocked bootloader messages at that time)
Then I had to send my phone to the seller and got rooted again. I really do not understand how the seller rooted this phone!!
Now I am wondering if I can flash any custom recovery like twrp? I do not see LG V35 in official twrp's support device list. Dare I try the twrp for LG G7 or LG V30 or others?
If I have to try twrp for LG G7, is there anybody knows how to do a recovery backup via ADB beforehand? Anything I can do to minimize the risk?

He probably dumped the boot image with LGUP, and manually patched it with Magisk on another device

crumbling9999 said:
He probably dumped the boot image with LGUP, and manually patched it with Magisk on another device
Click to expand...
Click to collapse
Yes, I searched with google about patching magisk boot img and now I agree with you.
Now, when I trying to install some modules in magisk, I will get "installation failed". See the attachment.
I googled and tried to find the solution. It is said that I could update/re-install the magisk manager apk to solve the problem. But the seller told me DO NOT touch the magisk and even update it.
Do you know if I can update the magisk manager when rooted in the patching boot img way?
Do you know if I can install xposed in the magisk in this case?
Are there some DONTs when rooted in the patching boot img way?
Thanks for your reply.

Mate just start first with a backup via LGUP than check if you can reboot to bootloader. Then read a bit G7 thread and if you are confident in your knowledge and skills continue - it is an easy job to firstly backup your both boot mages, patch them and flash them back to your phone if you have fastboot.

vlad48 said:
Mate just start first with a backup via LGUP than check if you can reboot to bootloader. Then read a bit G7 thread and if you are confident in your knowledge and skills continue - it is an easy job to firstly backup your both boot mages, patch them and flash them back to your phone if you have fastboot.
Click to expand...
Click to collapse
Please tell me how to backup both boot images? Thx

alex.coffen said:
Yes, I searched with google about patching magisk boot img and now I agree with you.
Now, when I trying to install some modules in magisk, I will get "installation failed". See the attachment.
I googled and tried to find the solution. It is said that I could update/re-install the magisk manager apk to solve the problem. But the seller told me DO NOT touch the magisk and even update it.
Do you know if I can update the magisk manager when rooted in the patching boot img way?
Do you know if I can install xposed in the magisk in this case?
Are there some DONTs when rooted in the patching boot img way?
Thanks for your reply.
Click to expand...
Click to collapse
Is there somebody can tell me how to solve the issue that i can not install any module in magisk?
Can i update the magisk framework to 18.1 when the root method is coming from the patching boot image?

Since you have full fastboot, grab a copy of TWRP for the G7 and try booting it. I verified today that laf from the G7 boots just fine on the V35, so TWRP should work until (yes I am being optimistic here) I can get the V35 rooted and build our own TWRP.
In case you are new, the command will be:
Code:
fastboot boot twrp.img
Where twrp.img is whatever the filename of TWRP is. If the touch screen works, and the rest of the functionality is there, you can use that for now. However, you will have to have a PC and fastboot boot it every time you want to get into TWRP.
On SD845 and later devices (which the G7 and V35 have), recovery is no longer a separate partition -- it is included in boot. So, you do NOT want to flash the G7 version because while the G7 kernel may work fine for laf, and TWRP, it probably wouldn't be ideal to use as a system kernel.
Let me know if you have any questions.
I do have a question for you. Where did you get your phone from? I have a hard time believing that there are so many V35s out there with engineering bootloaders -- so I would like to get my hands on one and figure out how they unlocked the bootloader.
-- Brian

runningnak3d said:
Since you have full fastboot, grab a copy of TWRP for the G7 and try booting it. I verified today that laf from the G7 boots just fine on the V35, so TWRP should work until (yes I am being optimistic here) I can get the V35 rooted and build our own TWRP.
In case you are new, the command will be:
Code:
fastboot boot twrp.img
Where twrp.img is whatever the filename of TWRP is. If the touch screen works, and the rest of the functionality is there, you can use that for now. However, you will have to have a PC and fastboot boot it every time you want to get into TWRP.
On SD845 and later devices (which the G7 and V35 have), recovery is no longer a separate partition -- it is included in boot. So, you do NOT want to flash the G7 version because while the G7 kernel may work fine for laf, and TWRP, it probably wouldn't be ideal to use as a system kernel.
Let me know if you have any questions.
I do have a question for you. Where did you get your phone from? I have a hard time believing that there are so many V35s out there with engineering bootloaders -- so I would like to get my hands on one and figure out how they unlocked the bootloader.
-- Brian
Click to expand...
Click to collapse
Thanks for your answers.
I bought this phone from taobao which is a bigest famous online shopping site in China. I do not know how they unlocked the bootloader and tell me if something I can help with.
I unlocked LG G2/G4/oneplus 5T myself so I know the basic knowledges about how to execute ADB command and the normal root process. But I do not know the one using patched magisk boot img way.
As far as I understand, you meant that we can temporarily boot into the G7 twrp to use its functions but we cannot actually flash the twrp to the phone. Booting to G7 twrp image, is it safe? (The "safe" I mean is that, if I encounter problems, at least I still can startup the phone with rooted. Otherwise, I need to send my phone to the seller who is 2000KM away to root it again...Last time I booted into its recovery, all my data was erased...) Anyway, I will try it as you suggested, but I will put it the 2nd priority.
The 1st priority is that, I truely want to solve the problem I met about installing magisk module failed. See my attachment. I want to know if I can fix the problem by updating the magisk framework. I need the "safe" way as I just said.
So if I click "yes" in the 33.jpg I attached, do you know which would happen?
A. brick the phone
B. restart and get a factory reset, then I cannot use root any more
C. nothing changed, still install module failed but root can work
D. Solve the problem and can install module successfully

If you press "Yes" it will just download Magisk setup which will fail doing anything it will reboot to the stock recovery which will perform security check and wipeout magisk from boot image.
To solve your problem and install the module properly you need to patch externally your boot image and and flash it back in fastboot mode overwriting both a and b slots.
So:
1. Dump boot via LGUP download mode.
2. Patch it via Magisk Manager.
3. Flash it back under fastboot mode.
4. Install your module and enjoy...
P.S.: If you are not confident on how to perform any of the listed steps above please do not start it at all because definitely you will need to travel 200 km again for restoring root...

vlad48 said:
If you press "Yes" it will just download Magisk setup which will fail doing anything it will reboot to the stock recovery which will perform security check and wipeout magisk from boot image.
To solve your problem and install the module properly you need to patch externally your boot image and and flash it back in fastboot mode overwriting both a and b slots.
So:
1. Dump boot via LGUP download mode.
2. Patch it via Magisk Manager.
3. Flash it back under fastboot mode.
4. Install your module and enjoy...
P.S.: If you are not confident on how to perform any of the listed steps above please do not start it at all because definitely you will need to travel 200 km again for restoring root...
Click to expand...
Click to collapse
Thanks for explaining. That is what I worry about. Some questions for you:
1. I have used LGUP to dump boot_a and boot_b. (Very slow, took 1 hour. I renamed them to boot_a_org.img and boot_b_org.img, they are no difference with cksum). So this is currently boot images patched by seller? So, no matter what problems I encounter, I can flash boot_a_org.img(boot_b_org.img) back to boot_a and boot_b to recover my phone anytime and still get rooted? If so, I can feel free to do anything no worrying about the 2000KM delivery...
2. You mentioned "Patch it via Magisk Manager". I can directly patch boot_a_org.img to do it? I think boot_a_org.img is already patched by seller. (I do not have the original unpatched and unlocked bootloader img for V35...)
3. "Patch it via Magisk Manager". can only be done in my V35 phone, or it is OK to do it in other phones?
4. Can I try to boot into G7 twrp then I can flash the newest magisk via twrp? In this way I can fix my problem?
Thank you very much in advance.

1. Download LGUP from HERE
(make sure you put it in the right place afterwards: C:\Program Files (x86)\LG Electronics\LGUP)
2. Shut down your phone and then press VOL+ button and connect it via USB cable to your computer (The phone will boot in download mode).
3. Start LGUP.exe and select DUMP mode. DUMP only those partitions (place checkbox):
abl_a
abl_b
boot_a
boot_b
xbl_a
xbl_b
This will finish our backup preparation, so report back once done.
(Also just come to a better idea - compress and upload somewhere your boot_a file I'll try to patch it with latest Magisk and upload it back to you)

vlad48 said:
If you press "Yes" it will just download Magisk setup which will fail doing anything it will reboot to the stock recovery which will perform security check and wipeout magisk from boot image.
To solve your problem and install the module properly you need to patch externally your boot image and and flash it back in fastboot mode overwriting both a and b slots.
So:
1. Dump boot via LGUP download mode.
2. Patch it via Magisk Manager.
3. Flash it back under fastboot mode.
4. Install your module and enjoy...
P.S.: If you are not confident on how to perform any of the listed steps above please do not start it at all because definitely you will need to travel 200 km again for restoring root...
Click to expand...
Click to collapse
Laf has new security that prevents reading for now. LG UP 1.14 and 1.15 can't read .. and I can't find a copy of 1.16.
-- Brian

@runningnak3d maybe you are mixing V40 with V35. Using this DUMP only version of LGUP bootloader unlocked phones are able to dump all (even non kdz partitions) so he will be able to perform this operation.

vlad48 said:
@runningnak3d maybe you are mixing V40 with V35. Using this DUMP only version of LGUP bootloader unlocked phones are able to dump all (even non kdz partitions) so he will be able to perform this operation.
Click to expand...
Click to collapse
This only works for v35 phones with unlocked bootloader?

Yes, I have already dumped those part:
abl_a
abl_b
boot_a ============> I rename this one to boot.img
boot_b
xbl_a
xbl_b
Could you teach me what is each one used for?
So boot.img is currently boot image patched by seller? So, no matter what problems I encounter, I can flash boot.img back to boot_a and boot_b to recover my phone anytime and still get rooted? If so, I can feel free to do anything no worrying about the 2000KM delivery...
You mentioned "Patch it via Magisk Manager". I can directly patch boot.img to do it? I think boot.img is already patched by seller. (I do not have the original unpatched and unlocked bootloader img for V35...)

alex.coffen said:
Yes, I have already dumped those part:
abl_a
abl_b
boot_a ============> I rename this one to boot.img
boot_b
xbl_a
xbl_b
Could you teach me what is each one used for?
So boot.img is currently boot image patched by seller? So, no matter what problems I encounter, I can flash boot.img back to boot_a and boot_b to recover my phone anytime and still get rooted? If so, I can feel free to do anything no worrying about the 2000KM delivery...
You mentioned "Patch it via Magisk Manager". I can directly patch boot.img to do it? I think boot.img is already patched by seller. (I do not have the original unpatched and unlocked bootloader img for V35...)
Click to expand...
Click to collapse
The files I dumped from LGUP are bin file or img file?
I try to patch the boot.img file but everytime I get error. See attachment.

@alex.coffen Yes if you backup your boot image and do not boot into RECOVERY everything will be safe.
It appears your DUMP was not done properly. Please if possible open your boot.img with HEX editor and take a look at it - if there are only 0-es there than it appears something is wrong with your dump.

vlad48 said:
@alex.coffen Yes if you backup your boot image and do not boot into RECOVERY everything will be safe.
It appears your DUMP was not done properly. Please if possible open your boot.img with HEX editor and take a look at it - if there are only 0-es there than it appears something is wrong with your dump.
Click to expand...
Click to collapse
Yes, all 0-es. What should I do? I have already re-installed the USB dirver 4.2.0. See attachment.

Since I failed to use LGUP dump boot img, I think about another way.
I installed termintor on my phone. Under directory /dev/block/bootdevice/by-name, I execute "ls -l" then I can find all partitions, for one example:
boot_a -> /dev/block/sde11
In this case, do you know if I can use "dd if=/dev/block/sde11 of=/storage/emulated/0/Download/boot_a.img" to get the boot img?
@runningnak3d， @vlad48

Since I failed to use LGUP to dump boot img, I think about another way.
I installed termintor on my phone. Under directory /dev/block/bootdevice/by-name, I execute "ls -l" then I can find all partitions, for one example:
boot_a -> /dev/block/sde11
In this case, do you know if I can use "dd if=/dev/block/sde11 of=/storage/emulated/0/Download/boot_a.img" to get the boot img?
@runningnak3d， @vlad48

unbrick Nokia 3.2

Hello together,
after many tries to get my nokia 3.2 rooted, i end up now with a black screen.
Only the Qulacomm mode is working.
Get anyone managed to flash the stock firmware with QFIL provided from the rooting thread?
I always end up with "sahara fails".
Every help is welcome!
Thanks!!!!

After many tries I have finally put my phone back to life.
My instructions how to do it will come soon!

page1875 said:
After many tries I have finally put my phone back to life.
My instructions how to do it will come soon!
Click to expand...
Click to collapse
please do, i encountered a similar problem.

HowTo Flash STOCK 00WW
1. Trigger nokia 3.2 to edl-mode (https://forum.xda-developers.com/nokia-3-2/how-to/guide-how-to-trigger-nokia-3-2-to-edl-t3962841)
2. Flash the given image from this thread (https://forum.xda-developers.com/nokia-3-2/how-to/rooted-nokia-3-2-t3945206)
- This was the main problem. I never managed it to flash the image with the Windows Programmer QFIL. After more research in Internet, i found finally a Linux application called QDL that work directly without any problems. This application can be found here https://www.96boards.org/documentation/consumer/guides/qdl.md.html .
- Flashing the software ends up into a bootloop. Also i got a message on startup that the bootloader could not be trusted anymore. After a software-update, this message disappears.
3. Flash all the user images again manually with fastboot.
fastboot flash boot boot.img
fastboot flash dtbo dtbo.img
fastboot flash system system.img
fastboot flash vendor vendor.img
flastboot flash vbmeta vbmeta.img
Whyever you have to flash this partitions only to the active partitions without the suffix _a or _b.
Then the bootloop is finished.
The phone boots normally to Android ONE.
The next problem which occurs on my phone is now that it is not able to connect to GSM network. I guess this happens because i deleted all the necessary partitions for the modem (modemst1, modemst2, fsg).
I get it managed to restore the imei, but still no service available.
In original my phone had the software 00EEA. Perhaps they use different drivers. My luck is that i got a cheap damaged phone from ebay with that firmware.
My next step is to modify the code from QDL that it can read the partitions from the damaged phone and save the software to computer.
Then i will flash this software to my phone and look if this software will run on my phone!

page1875 said:
1. Trigger nokia 3.2 to edl-mode (https://forum.xda-developers.com/nokia-3-2/how-to/guide-how-to-trigger-nokia-3-2-to-edl-t3962841)
2. Flash the given image from this thread (https://forum.xda-developers.com/nokia-3-2/how-to/rooted-nokia-3-2-t3945206)
- This was the main problem. I never managed it to flash the image with the Windows Programmer QFIL. After more research in Internet, i found finally a Linux application called QDL that work directly without any problems. This application can be found here https://www.96boards.org/documentation/consumer/guides/qdl.md.html .
- Flashing the software ends up into a bootloop. Also i got a message on startup that the bootloader could not be trusted anymore. After a software-update, this message disappears.
3. Flash all the user images again manually with fastboot.
fastboot flash boot boot.img
fastboot flash dtbo dtbo.img
fastboot flash system system.img
fastboot flash vendor vendor.img
flastboot flash vbmeta vbmeta.img
Whyever you have to flash this partitions only to the active partitions without the suffix _a or _b.
Then the bootloop is finished.
The phone boots normally to Android ONE.
The next problem which occurs on my phone is now that it is not able to connect to GSM network. I guess this happens because i deleted all the necessary partitions for the modem (modemst1, modemst2, fsg).
I get it managed to restore the imei, but still no service available.
In original my phone had the software 00EEA. Perhaps they use different drivers. My luck is that i got a cheap damaged phone from ebay with that firmware.
My next step is to modify the code from QDL that it can read the partitions from the damaged phone and save the software to computer.
Then i will flash this software to my phone and look if this software will run on my phone!
Click to expand...
Click to collapse
Thank you for your reply, it seems that your problem is more complicated than mine.
I have a global variant with 00WW software and i attempt to root the phone. I successfully flash the patched boot.img and had root access. However wi-fi didn't work after that.
Since before flashing the patched boot.img my phone was running on a different firmware from the one that boot.img was extracted from, so i think that was the problem.
I attempted to use QFIL to flash my phone back to 00WW_15 and it failed half way, bricked my phone.

Normally you can use the EDL Mode every time.
My phone only showed black screen and it was always possible to connect in EDL Mode and flash again.
Did you try to flash again? What happens then?

Flash the given image from this thread (https://forum.xda-developers.com/nokia-3-2/how-to/rooted-nokia-3-2-t3945206)
Click to expand...
Click to collapse
What did you mean by Flash the given image ? Was it flash the firmware package with QFIL ?
My main problem is flashing, it always failed half-way and the error log reported that needed files were missing from the package.

Okay. I used the linux program QDL for flashing.
But i saw, that in the xml file rawprogram0.xml a few files are missing.
The linux programm jump over these files but perhaps QFIL do not.
For example is there a picture.img listed which is not available..
Try to remove them manually from the rawfile and test again.

page1875 said:
Okay. I used the linux program QDL for flashing.
But i saw, that in the xml file rawprogram0.xml a few files are missing.
The linux programm jump over these files but perhaps QFIL do not.
For example is there a picture.img listed which is not available..
Try to remove them manually from the rawfile and test again.
Click to expand...
Click to collapse
@update:
Also the files "demoapp.img", "dp_AP_signed.mbn" and "dp_MSA_signed.mbn" are missing.
Remove them from the XML file and try again!

@update
Okay QFIL still failed half-way but i manually flash the user images and my phone boots normally now

Hello,
my nokia 3.2 europe variant wont boot up its stuck in fastboot mode. What can i do to bring it back?
I get this: FAILED (remote: partition table doesn't exist)
P.S. if i do a fastboot reboot it boots back into bootloader

I also had this problems for many many times and don't know what went wrong when this happens.
The only thing that helped was flashing the complete firmware again in EDL-mode.
You can try first to flash only the 5 user-images with fastboot, which i mentioned before in this thread.
I uploaded this files for you, because you don't will find the europe files in internet yet.
Here is the link:
https://transfernow.net/81iti7q21s0s
Good luck!

Hi,
Thank you very much. Is this the complete Firmware? (All Images from Device) Another question: I couldnt Access the recovery System. Did you have the same Problem when your Nokia didnt boot up and was stuck in Bootloader? So is this normal that the recovery is unaccessible?

Yes, that also happens sometimes with my phone.
No, that are not all firmware files, which you need to do a full EDL-Flash.
But with this files you can first try a fastboot flash!
If it does not work, you can take all the other files from the Global-Stock-Firmware, given in the thread https://forum.xda-developers.com/nokia-3-2/how-to/rooted-nokia-3-2-t3945206.
Delete the 5 files with the same names, flash the Global-Stock-Firmware in EDL-Mode, with QFIL or QDL, (without the 5 files) and in the following flash the 5 europe-image files with fastboot.

Thanks, ive sent it in and got Friday a 00WW Variant of the device back. I will upload those User images for 00EEA to my Google drive so that anyone who needs those files can download them

hello
i wanted to install custom rom and i bricked my phone. i lost recovery mode and i have only fastboot mode .but can not write any img file for example twrp.img beacuse show this error : FAILED (remote: partition table doesn't exist). can please anyone help me.
thank you very much

thanks so much i was able to put my phone back to life. i had almost given up.

smure said:
thanks so much i was able to put my phone back to life. i had almost given up.
Click to expand...
Click to collapse
Hello to ervery one
how you flashed your phone. can you please guide?
i am also stucked in fastboot mode after rooting.

damn... I've been finding on how to restore the wifi and sound because I uninstalled magisk and it failed. I don't think I can thank you enough for this post.

How To Guide [Stock ROM] How to root the Snapdragon Moto E 2020

Alexenferman is not responsible for any damages or bricks made to your device. Please do some research if you have any concerns about rooting, its features and downsides. You are choosing to make these modifications, you should blame yourself for any mistakes you make.
Rooting may require a factory reset, please backup your data. Rooting will void your device warrany. By rooting your device, you will not be able to install OTA updates on your phone.
US carrier specific devices such as Verizon and Sprint might not be bootloader unlockable, therefore, not rootable.[/B]
You will need:
Platform Tools (Download from here)
Motorola Drivers
Windows or Linux PC
Bootloader Unlocked Moto E 2020
Your phone must be bootloader unlocked. Rooting your phone and not unlocking the bootloader will result in a soft brick.
Download the latest Magisk Manager APK from Github: https://github.com/topjohnwu/Magisk/releases/download/manager-v8.0.0/MagiskManager-v8.0.0.apk
Install the APK file. Make sure to enable "Unknown Sources" in the Settings app
Patching the boot image
To retrieve the boot image in order to patch it, you will need to download the stock ROM for your specific variant.
Download the ROM from your variant from here: https://mirrors.lolinet.com/firmware/moto/ginna/official/
To check which region is your device, go to Settings > About Phone > Software Channel.
After downloading, open the ROM zip file with an archive manager.
Extract the boot.img file only.
Transfer the boot.img file on your phone.
On your phone, open the Magisk app.
Select "Install" > "Install" > "Select and Patch a File"
Locate the boot image in the internal storage on your phone. Select the boot.img file.
Transfer the magisk_patched.img file on your computer.
Rooting the device
Boot the device into fastboot mode by holding the [Volume Down] and [Power] buttons.
Connect your phone to your PC.
On your PC, open a fastboot console window.
Type:
Code:
fastboot devices
Your phone serial number should be displayed along with the word "fastboot" or "device" in the console.
Now, type the following commands:
Code:
fastboot flash boot_a patched_boot.img
fastboot flash boot_b patched_boot.img
Replace patched_boot.img with the path to your boot image we patched previously.
To reboot the device, type:
Code:
fastboot reboot
Once the device rebooted, open the Magisk app.
If you see the "Magisk is installed" message, you have successfully rooted your device!
You are done!
To view instructions with images, follow these instructions: https://www.alexenferman.com/articles/MotoE2020/root-moto-e-2020-magisk

I can confirm this works, I was about to give up on root or TWRP until I saw this. I'm now rooted, but I still can't find a download link for the latest TWRP for the Ginna model.

Hypercore said:
I can confirm this works, I was about to give up on root or TWRP until I saw this. I'm now rooted, but I still can't find a download link for the latest TWRP for the Ginna model.
Click to expand...
Click to collapse
Me neither, can anyone provide a TWRP for ginna?

I eventually found it after a ton of digging. I've uploaded it to my drive to assure the link stays active for anyone else who may need it.
For peace of mind, here's the VirusTotal scan HERE.
And here is the link to twrp-3.4.0-10_0-ginna HERE.

Hypercore said:
I eventually found it after a ton of digging. I've uploaded it to my drive to assure the link stays active for anyone else who may need it.
For peace of mind, here's the VirusTotal scan HERE.
And here is the link to twrp-3.4.0-10_0-ginna HERE.
Click to expand...
Click to collapse
Confirmed working. Tyvm!

Before I brick my phone. Can anyone confirm if the Tracphone version XT2052DL is rootable?

I'd like to know, too. Can we root our Tracfone XT2025DLs? Anyone successful?

dragonfire0501 said:
Before I brick my phone. Can anyone confirm if the Tracphone version XT2052DL is rootable?
Click to expand...
Click to collapse
Ranthalion75 said:
I'd like to know, too. Can we root our Tracfone XT2025DLs? Anyone successful?
Click to expand...
Click to collapse
I have one too and I've tried to unlock the bootloader however Motorola's website says the bootloader for this phone is not unlockable. It seems like this is what's preventing me from being able to install a different firmware like the stock one or root the device.
I do not know if there is any sort of workaround for this

For some reason on a Moto E, after rescuing using the Moto rescue assistant and then using

you guys can also use OFox Recovery and swipe magisk to root

Thank you. I used this guide to root my Moto E
QPGS30.82-135-2_Root.img

This method works well for QPGS30.82-135-2, but I just attempted it with QPGS30.82-135-9 and unfortunately the Magisk patched boot image will not work. I tried it 3 times, re-patching boot image each time. I suppose Motorola updated something in android to block this?

i can't get this to work at all, i cannot find a matching stock firmware being qpg30.82-135, there's no extra S and nothing else after the 135, got this phone from my motorola insiders rewards and now it's bootlooping after trying the 135-2 patched image

Has anyone been able to root and hopefully install a custom recovery on the lastest update? Mine is QPGS30.82-135-14, and so far I've only been able to get orangefox to boot but couldn't get it to decrypt my storage or install magisk. I tried twrp first, but to no avail, touch screen still doesn't work on it, so now I'm asking on a few different threads for this phone lol. Any help would be great!

Do you know of an updated method to get it to flash correctly? I was able to boot into ofox, but couldn't get it to properly flash. Ended up stuck on a screen that said my phone was unlocked and couldn't be trusted and that it'll reboot in 5 seconds. I don't know much about ofox either, been using twrp for years lol, it looks too different. Anyhow, any help would be appreciate much!
ace120ms said:
you guys can also use OFox Recovery and swipe magisk to root
Click to expand...
Click to collapse

You have to fastboot boot it anyway I don't have this phone anymore so idk

bouyakasha said:
This method works well for QPGS30.82-135-2, but I just attempted it with QPGS30.82-135-9 and unfortunately the Magisk patched boot image will not work. I tried it 3 times, re-patching boot image each time. I suppose Motorola updated something in android to block this?
Click to expand...
Click to collapse
I have the same problem with QPGS30.82-135-9. I can't get it to boot after Magisk patched boot image.

Guide LG G8/G8x/v50 Bootloader Unlock and Magisk Root using Firehose by Seasee606

I gave up on unlocking the bootloader of my V50 sprint version because I thought it was impossible. Not until I stumbled upon this guide in the LG G8 forum.
I think it is good to have the information in the LG V50 thread also. The thread is owned by Seasee606.
Guide LG G8/G8x/v50 Bootloader Unlock and Magisk Root using Firehose
Disclaimer: I am not responsible for any problems from using this guide. Works for G8, G8s, G8x, and v50 Confirmed working on G8 and v50 Requirements: Android 10 QFIL...
forum.xda-developers.com

good idea !
I ve put this thread in the LG V50 wiki : https://android.fandom.com/wiki/V50_ThinQ ! - everybody is welcome to contribute
I ve just received my korean V50 and I ll try to bootloaderunlock-root it as soon as I ll have the time ...

pierro78 said:
good idea !
I ve put this thread in the LG V50 wiki : https://android.fandom.com/wiki/V50_ThinQ ! - everybody is welcome to contribute
I ve just received my korean V50 and I ll try to bootloaderunlock-root it as soon as I ll have the time ...
Click to expand...
Click to collapse
I don't think it's been confirmed to work on the G8 let alone a single V50

ldeveraux said:
I don't think it's been confirmed to work on the G8 let alone a single V50
Click to expand...
Click to collapse
did you see there are at least 2 custom roms for the V50 ?? then how do you think people bl unlock their V50 ??

pierro78 said:
did you see there are at least 2 custom roms for the V50 ?? then how do you think people bl unlock their V50 ??
Click to expand...
Click to collapse
Did you look at the original G8 thread? People bricking left and right, zero help from the developer who posted the method. I think one guy who says he got it working on a Sprint V50. Have fun bricking your phone!

people on the V50 telegram (founded by the LineageOS dev) seem to be helpful ...

pierro78 said:
people on the V50 telegram (founded by the LineageOS dev) seem to be helpful ...
Click to expand...
Click to collapse
I'm on xda so I don't have to resort to telegram. we've been over this.

I ve just done it on my V500N
took me about 2 hours so not so easy but not impossible
maybe I was lucky ?
couple of difficulties :
* first I could not get into EDL mode but I took the LG USB cable from the box and this worked
* the first time I exited the QFIL partition manager the phone rebooted to EDL mode but was not recognized as "qualcomm device" (there was an unknown usb device in the device manager) ... I just manually rebooted into EDL mode and the phone was recognized as "qualcomm device" this time and I could continue the method without issue ...

(deleted) (see below)

pierro78 said:
nice (and strange !) surprise :
* after bootloader unlock I was supposed to enter "fastboot flash abl_a abl_a.bin" and "fastboot flash abl_b abl_b.bin" but the phone rebooted without issue (telling me first I was bl-unlocked)
Click to expand...
Click to collapse
Oh I had to "fastboot flash abl_a abl_a.bin" and "fastboot flash abl_b abl_b.bin" otherwise my software version would be LM-G850N20z (instead of V500N20z)

I successully unlocked my V50 sprint version. It was fairly easy to do it.
1) To be safe, use the original LG cable. was not successful unlocking the bootloader the first time when I used a generic cable. Even though I was able to enter EDL mode.
2) Make sure to verify that the correct abl_a.bin and abl_b.bin versions are downloaded. The size should be about 1MB.
3) One part in the guide that was not clear was which abl engineering image to flash on a and b partitions. Well, it is the downloaded abl_a.bin that should be flashed in the abl_a and abl_b partitions.

I can see this is very recent which gives me hope, I just bought a v50 (v450vm) on a whim and am wanting to flash twrp and install an aftermarket rom on it. Is there a working version of twrp for this model and has anyone had any success in flashing it? I'm really wanting to the try the new unofficial dotOS version that was recently posted. Thanks in advance for any help/info provided.

I finally got around to rooting my Sprint V50 (LM-V450PM), and I agree that the overall process wasn't difficult. It's just that the guide has little to no explanation for specific models, causing a lot of confusion among users in that thread. It also doesn't help that the guide's OP pretty much posted it, edited it once, and never returned to XDA. And the TWRP installation guide posted by someone else is poorly laid out and has been rightfully criticized by others.
So, here are some pointers from my experience:
- Getting into EDL mode is a bit tricky in getting the timing right, so it may take a few tries to get used to it.
- As has already been mentioned, it's a good idea to use the LG OEM cable to connect the phone to the computer. Some people have been getting a "Sahara fail error" in QFIL that might be due to different cables
- You are backing up the abl and boot partition files for both A and B slots because you don't know yet which slot is active on the phone until you enter fastboot mode, which gets enabled after flashing the modified abl engineering file to replace both abl_a and abl_b partitions.
- For getting root, the newer Magisk versions no longer have a separate Manager APK and ZIP files; they are combined into one APK file now. So, instead of the Manager, you just install the single APK file from the Magisk website. From there, you should be able to patch your boot image file just like it says in the guide.
For TWRP:
- As lallolu mentioned in another post, there are two different versions: One for USA models and one for non-U.S. variants. I'm assuming that the U.S. one is for the Sprint and Verizon V50 while the non-U.S. is for all other types.
- You flash the TWRP ZIP package inside Magisk manually as a module. Note that this will remove root as it tells you on the progress screen when done flashing.
- Since for some reason, the touch screen is not active when entering recovery from a reboot, you need to turn off the phone and then enter recovery via the button combination. Some V50 models appear to have the button combination disabled, and there is a separate guide on here for getting it back, but on the Sprint model, it's still enabled: With the phone off, hold volume-up + power, and when the logo shows up, briefly release the power button while still holding volume-up and then hold power again alongside holding volume-up until the factory reset screen shows up. Answer YES twice, and you will eventually enter TWRP.
- TWRP will greet you with a password, but you just hit cancel to continue and get to the main menu. From there, you'll need to go to Wipe and Format Data (where it will ask you to type "yes") to remove encryption.
- Now you want to get root back by flashing Magisk. All you need to do is rename the Magisk APK file extension to ZIP and flash that in TWRP. Right after that, you should also flash a file called Disable_Dm-Verity_ForceEncrypt_03.04.2020.zip which is also needed to remove encryption.
- Reboot into the system, go through the initial setup, and everything should be set.
For the Verizon model, I'm assuming that the "Enable OEM unlock" switch in the Developer Settings doesn't exist, and so the Verizon FRP image used for the Verizon G8 should also be used. The button combination to enter recovery may also be different. But everything else should be identical to the process for the Sprint model.

C D said:
I finally got around to rooting my Sprint V50 (LM-V450PM), and I agree that the overall process wasn't difficult. It's just that the guide has little to no explanation for specific models, causing a lot of confusion among users in that thread. It also doesn't help that the guide's OP pretty much posted it, edited it once, and never returned to XDA. And the TWRP installation guide posted by someone else is poorly laid out and has been rightfully criticized by others.
So, here are some pointers from my experience:
- Getting into EDL mode is a bit tricky in getting the timing right, so it may take a few tries to get used to it.
- As has already been mentioned, it's a good idea to use the LG OEM cable to connect the phone to the computer. Some people have been getting a "Sahara fail error" in QFIL that might be due to different cables
- You are backing up the abl and boot partition files for both A and B slots because you don't know yet which slot is active on the phone until you enter fastboot mode, which gets enabled after flashing the modified abl engineering file to replace both abl_a and abl_b partitions.
- For getting root, the newer Magisk versions no longer have a separate Manager APK and ZIP files; they are combined into one APK file now. So, instead of the Manager, you just install the single APK file from the Magisk website. From there, you should be able to patch your boot image file just like it says in the guide.
For TWRP:
- As lallolu mentioned in another post, there are two different versions: One for USA models and one for non-U.S. variants. I'm assuming that the U.S. one is for the Sprint and Verizon V50 while the non-U.S. is for all other types.
- You flash the TWRP ZIP package inside Magisk manually. Note that this will remove root as it tells you on the progress screen when done flashing.
- Since for some reason, the touch screen is not active when entering recovery from a reboot, you need to turn off the phone and then enter recovery via the button combination. Some V50 models appear to have the button combination disabled, and there is a separate guide on here for getting it back, but on the Sprint model, it's still enabled: With the phone off, hold volume-up + power, and when the logo shows up, briefly release the power button while still holding volume-up and then hold power again alongside holding volume-up until the factory reset screen shows up. Answer YES twice, and you will eventually enter TWRP.
- TWRP will greet you with a password, but you just hit cancel to continue and get to the main menu. From there, you'll need to go to Wipe and Format Data (where it will ask you to type "yes") to remove encryption.
- Now you want to get root back by flashing Magisk. All you need to do is rename the Magisk APK file extension to ZIP and flash that in TWRP. Right after that, you should also flash a file called Disable_Dm-Verity_ForceEncrypt_03.04.2020.zip which is also needed to remove encryption.
- Reboot into the system, go through the initial setup, and everything should be set.
For the Verizon model, I'm assuming that the "Enable OEM unlock" switch in the Developer Settings doesn't exist, and so the Verizon FRP image used for the Verizon G8 should also be used. Everything else should be identical to the process for the Sprint model.
Click to expand...
Click to collapse
I tried tge volume up+power but twrp don't show up

Khmer_Boy said:
I tried tge volume up+power but twrp don't show up
Click to expand...
Click to collapse
Did you briefly release the power button and then hold it down again? It may take a few tries to get it right if you are not used to doing this. The white factory reset screen will show up if you did it correctly.

I got into the white factory reset screen by doing the volume down+power. What do i do? Select erase or just exit?

Khmer_Boy said:
I got into the white factory reset screen by doing the volume down+power. What do i do? Select erase or just exit?
Click to expand...
Click to collapse
As I mentioned above, you have to answer YES twice. If TWRP is installed, it will go there, and nothing will be erased. If it isn't installed, then the phone will do a factory reset.

C D said:
As I mentioned above, you have to answer YES twice. If TWRP is installed, it will go there, and nothing will be erased. If it isn't installed, then the phone will do a factory reset.
Click to expand...
Click to collapse
Ok. I got into TWRP, but it doesn’t recognize The internal storage. Is there a work around to it?

Khmer_Boy said:
Ok. I got into TWRP, but it doesn’t recognize The internal storage. Is there a work around to it?
Click to expand...
Click to collapse
Did you format data like I mentioned above?

C D said:
Did you format data like I mentioned above?
Click to expand...
Click to collapse
I’m going to give it another try