About

h818

loooooooong

over 1 year ago

puzzle

unlock

biggest

Hijacking the boot process via EFIdroid, TWRP in FIsH and FIsH in general AntiRollback and firehose(!) findings Partition tables for any G4 FWUL because I needed a valid base for all my testers (one of the reasons why I started FWUL) The LG-Up replacement and now unlocking tool SALT ! Without SALT this all would be absolutely crazy risky and absolutely nothing for the average user! many many unlock methods/theories (and millions of times soft and hard bricked) in my PoC thread while unbricking I found a way to unbrick even when QFIl fails with my sdcard unbrick method hard-hard bricked (no other recovery then by LG / chip replacement) for 4 times .. (thanks ILAPO!) many TWRP tests and changes to detect UsU devices properly

HINT:



OPEN THIS THREAD IN A BROWSER!

NOT IN AN APP!

THATS THE ONLY WAY TO FULLY SEE EVERYTHING AS IT SHOULD BE

REQUIREMENTS

not

LS991

F500

H810

H811 (wth? yes that works but.. you can unlock OFFICIALLY! its just a fastboot command!)

H812 ( NOTE: firmware: v20x or higher is strictly required before flashing! )

) H815 - any non EUR

H815 EUR (wth? yes that works but.. you can unlock OFFICIALLY! its just a login on the LG website)

disabled : H818 (KNOWN ISSUE: TOUCH STOPS WORKING! current state )

: H818 ) H819

US991

VS986

Note: SALT will tell you which ROM type is compatible with your device within the main screen: GPT compatibility

Yes there is a way to flash also H815 ROMs on those who do not support it out-of-the-box but this is very risky and requires either a change of the partition table or the ROM build developer need to change the fstab (riskless for you) Note: SALT will tell you which ROM type is compatible with your device within the main screen:Yes there is a way to flash also H815 ROMs on those who do not support it out-of-the-box but this is very risky and requires either a change of the partition table or the ROM build developer need to change the fstab (riskless for you)

2

So ARB 3,4,5,........ WILL NOT WORK!!



Just use SALT to identify your current ARB and read here how to identify and verify:



* Reason:

UsU is based on an ARB 2 based aboot (part of the bootloader stack - see FAQ #27) and so ARB > 2 will hard-hard brick your device if you would flash UsU on it. Hard-Hard brick means no way to recover other then sending for repair.

Just use SALT to identify your current ARB and read here how to identify and verify: G4 AntiRollback * Reason:UsU is based on an ARB 2 based aboot (part of the bootloader stack - see FAQ #27) and so ARB > 2 will hard-hard brick your device if you would flash UsU on it. Hard-Hard brick means no way to recover other then sending for repair.

H812

v20x or higher is strictly required before flashing!

Yes you can flash and use UsU even when on LP but believe me: you don't want to. You will encounter issues sooner or later when runnin LP so take your time and upgrade your device to MM before proceeding here.

LIMITATIONS / KNOWN ISSUES

1) Do not use QFIL or flash any KDZ / TOT s or any ROM containing a bootloader stack (like v29a pure does) ! You WILL loose unlock and may hard-hard-brick your device (at least HARD BRICK )!

s or any ROM containing a bootloader stack (like v29a pure does) ! You WILL loose unlock and may hard-hard-brick your device (at least )! 2) Do not use QFIL or flash any KDZ / TOT s or any ROM containing a bootloader stack (like v29a pure does) ! You WILL loose unlock and may hard-hard-brick your device (at least HARD BRICK )!

s or any ROM containing a bootloader stack (like v29a pure does) ! You WILL loose unlock and may hard-hard-brick your device (at least )! 3) Do not flash any MM or N bootloader stack containing the file named: aboot . This will immediately lock your device and so definitively HARD BRICK !

containing the file named: . This will immediately lock your device and so definitively ! 4) If you want to flash a MM or N modem partition (aka firmware) you need to re-flash <model>_UsU_basebands_flash-in-twrp.zip otherwise you will bootloop, stuck on boot or see a blue screen with a modem crash (this may change if I ever get my kernel module working...)

(aka firmware) you need to otherwise you will bootloop, stuck on boot or see a blue screen with a modem crash (this may change if I ever get my kernel module working...) 5) If a ROM has no active developer or the developer has not made it UsU compatible you may need to open the ROM zip file on your PC and change the update-script within (just remove the assert line(s) at the top is enough)

line(s) at the top is enough) 6) The fastboot mode coming with UsU will enable fastboot flash but the command fastboot boot will not work (like on the semi-official N bootloader stack)

but the command will not work (like on the semi-official N bootloader stack) 7) Most important: Once you go this way - there is (maybe) no way back! SERIOUSLY . The only way to make the device exactly like before is replacing the mainboard. If you're scared: good .

Read the new findings on that part here - some models may be able to revert UsU!

Think twice and don't complain later if you go on!

. The only way to make the device exactly like before is replacing the mainboard. If you're scared: . Read the new findings on that part here - some models may be able to revert UsU! 8) Do not use QFIL or flash any KDZ / TOT s or any ROM containing a bootloader stack (like v29a pure does) ! You WILL loose unlock and may hard-hard-brick your device (at least HARD BRICK )!

s or any ROM containing a bootloader stack (like v29a pure does) ! You WILL loose unlock and may hard-hard-brick your device (at least )! 9) video framerates are lowered after flashing UsU. This is due to the fact that required files for high performance video will not load properly anymore and so must be replaced. Replacing those firmware files is a risk and as it is working ok enough for the most users that patch will not be included in any ROM. If you really think you need this patched ensure you read the instructions here thoroughly and understand them 100% before proceeding to apply it: G4-VideoLag-Fix

YES I REPEATED MYSELF 3 (THREE) TIMES (... for a reason)!

Code: #include <std_disclaimer.h> /* * Your warranty is now (maybe) void (well not really but just for the case...) * * I'am not responsible for bricked devices, dead SD cards, * thermonuclear war, or you getting fired because the alarm app failed. Please * do some research if you have any concerns about this howto/unlock method * before using it! ---> YOU <--- are choosing to make these modifications, and if * you point the finger at me for messing up your device, I will laugh at you. * */

Downloads

Latest unlock package by steadfasterX (only download for your device model required) --> <model>_UsU_unlock.zip

by steadfasterX (only download for your device model required) --> <model>_UsU_unlock.zip Latest baseband package (only download for your device model required) --> <model>_UsU_baseband_flash-in-twrp.zip

(only download for your device model required) --> <model>_UsU_baseband_flash-in-twrp.zip Latest TWRP (PREVIEW- 103 or higher!) by steadfasterX --> http://leech.binbash.rocks:8008/TWRP/O

(PREVIEW- or higher!) by steadfasterX --> http://leech.binbash.rocks:8008/TWRP/O A custom ROM of your choice (see Requirements topic to find a compatible one!) --> e.g. all newer builds here: http://leech.binbash.rocks:8008/

(see Requirements topic to find a compatible one!) --> e.g. all newer builds here: http://leech.binbash.rocks:8008/ Linux: I highly recommend to use FWUL . This is an android lovers live ISO which can be booted from an USB stick which has everything needed on board - including SALT!

Latest FWUL *persistent* by steadfasterX (HAVE TO be version 2.6 or later!): https://bit.do/FWULatXDA

even when FWUL forgetful will work fine, too: the persistent one will save your settings and so is always the best choice !

only if NOT using FWUL: minimum version: v3.19 ! ) by steadfasterX: Latest SALT version () by steadfasterX: SALT

to use . This is an android lovers live ISO which can be booted from an USB stick which has everything needed on board - including SALT! Latest by steadfasterX (HAVE TO be or later!): https://bit.do/FWULatXDA even when FWUL will work fine, too: the one will save your settings and so is always the best choice ! only if using FWUL: Important note about bootloader/modem stuff!

You will find on several ROM threads the hint that you must have a specific bootloader stack (FAQ #27) in order to make the ROM working properly.

What in reality is needed on these ROMs is just the MODEM (aka firmware ) partition nothing else. Believe me I know this for sure

If you later want to install custom ROMs based on N or O ( any model! and any ARB) --> N modem

1) Flash G4_29a_N_modem_UsU.zip in TWRP

2) Flash your baseband package (<model>_UsU_baseband_flash-in-twrp.zip) in TWRP again!! If you don't you will get bootloops, android hanging on boot or modem SoC crashes (blue demigod screen)

COMPLETELY OPTIONAL!!!! AND ONLY: If your device is a h815 one ARB = 0 you COULD flash the complete bootloader stack though (if you wish - but as said it is NOT needed): UsU bootloader stack for N / O





about bootloader/modem stuff! You will find on several ROM threads the hint that you must have a specific bootloader stack (FAQ #27) in order to make the ROM working properly. What in reality is on these ROMs is just the (aka ) partition nothing else. Believe me I know this If you later want to install custom ROMs based on ( model! and ARB) --> N modem 1) Flash G4_29a_N_modem_UsU.zip in TWRP 2) Flash your baseband package (<model>_UsU_baseband_flash-in-twrp.zip) in TWRP again!! If you don't you will get bootloops, android hanging on boot or modem SoC crashes (blue demigod screen) COMPLETELY OPTIONAL!!!! AND ONLY: If your device is a h815 one you COULD flash the complete bootloader stack though (if you wish - but as said it is needed): Optional (only when you encounter issues which requires debugging):

The aoscp DEBUG only build which ensures kernel will not crash on modem issue and ADB is enabled without auth

aoscp_UsU_4.1.2-20171222_DEBUG.zip

Flash UsU with SALT

understood

3 different ways

by an external sdcard (must be VFAT formatted)

by using your internal storage

by direct flashing (only when available - SALT will show this option only when possible for your device)

OK enough about all this: LETS UNLEASH YOUR DEVICE!

At very first: ensure you are using the LATEST version of SALT!

SALT contains an internal updater and when a new version has been detected online it will display an upgrade hint. DO THAT if you see any. It doesn't hurt to also trigger the update process even if you see no popup just to be sure that you have the latest version. You can also check the SALT release notes and compare the version with yours (title of the SALT window displays your version).

That step is really easy but incredible important. Do not miss that!

SALT contains an internal updater and when a new version has been detected online it will display an upgrade hint. DO THAT if you see any. It doesn't hurt to also trigger the update process even if you see no popup just to be sure that you have the latest version. You can also check the SALT release notes and compare the version with yours (title of the SALT window displays your version). That step is really easy but incredible important. Just to say it again as its crucial important: USE THE SALT UPDATER to ensure you have the latest version!

Extract <model>_UsU_unlock.zip and copy the aboot_UsU.img, laf_UsU.img and rawres_UsU.img to either:

a) your external SDcard ( directly on the external sdcard - not in any folder!). The sdcard must be formatted as VFAT .

or

b) connect your running Android device with your PC, select MTP mode in Android and copy it to the:

- " Internal Storage " and folder " Download " (exactly there!)

to either: a) your external SDcard ( on the external sdcard - in any folder!). The sdcard must be formatted as . or b) connect your running Android device with your PC, select mode in Android and copy it to the: - " " and folder " " Start SALT

If you have not done already: DO A BACKUP NOW I'm serious this is your last chance to grab the important files and it just takes some minutes (in basic mode) but you have all in place if needed!

If you skip this step no one may can help you later!

I'm serious this is your last chance to grab the important files and it just takes some minutes (in basic mode) but you have all in place if needed! Notice and WRITE DOWN the "GPT compatibility" info! DO NOT PROCEED IF IT STATES "unknown"

This part will become crucial important when it comes to which ROM you can flash!

The only valid information about that can be found in SALT! If you see a " H811 " there you have to flash H811 ROMs later (if no specific ROM is available for your model) If you see a " H815 " there you have to flash H815 ROMs later (if no specific ROM is available for your model) If you see a " unknown " there you have to STOP and provide the SALT debug log (advanced menu)

This part will become crucial important when it comes to which ROM you can flash! The only valid information about that can be found in SALT! Open the Advanced Menu

Click the "Unlock G4 (UsU) " button and read carefully the popup. Click Unlock, choose your unlock way and follow the instructions

" button and read carefully the popup. Click Unlock, choose your unlock way and follow the instructions If the UsU flashing fails for any reason (SALT will do important pre-checks and validiations before actually flashing):



If you see a popup about UsU flashing has partially failed do not be scared - just read and follow the instructions!

If you see a different error: do not reboot or power off the device! Ask for support and provide the debug log in SALT (in Advanced Menu -> Debug Logfile button -> Upload button and share the link)!



for any reason (SALT will do important pre-checks and validiations before actually flashing): If the UsU flashing was successful (SALT will validate the flashing) continue:

Boot your device into fastboot mode (yes UsU has enabled an unlocked fastboot access for you!): take out the battery unplug the usb cable from the PC (not from the device) Insert the battery again wait 2 sec press volume DOWN and while keeping it pressed: plug the USB cable to the device keep volume DOWN pressed until you see the fastboot screen

(SALT will validate the flashing) continue: Boot your device into mode (yes UsU has enabled an fastboot access for you!): Flash TWRP (yes you can do that now... because of UsU!):

fastboot flash recovery <twrp.img> (replace <twrp.img> with the real filename)

(replace <twrp.img> with the real filename) YOU MUST boot to TWRP now (you will notice a secure boot error but TWRP will load !): disconnect USB cable take out battery put battery back in press volume down AND the power button and keep both pressed until.. you see TWRP!

Gotcha! Try that with a locked phone and you will fail !

but TWRP !): If you do not boot to TWRP after flashing it it will get OVERWRITTEN and you have to do all the steps for flashing TWRP again!

Optional (not needed when you flash an UsU compatible ROM later) Flash the baseband package now: <model>_UsU_baseband_flash-in-twrp.zip

now: While still in TWRP choose REBOOT menu and reboot to RECOVERY (yes again!)

(yes again!) Notice: TWRP will show your REAL device model when connected to the PC now.

If not: SHARE THE recovery LOG (how-to for grabbing the recovery log is written in FAQ #4A)!

If not: SHARE THE LOG (how-to for grabbing the recovery log is written in FAQ #4A)! I would say: its a good time to create a TWRP backup isn't it (ensure you also select "Bootloader" in TWRP backup)?

isn't it (ensure you also select "Bootloader" in TWRP backup)? I HIGHLY RECOMMEND to do nothing else now. Just boot into your ROM as it is! Check if everything is working and proceed only if it boots fine and works fine!

Optional : just root now. Use Magisk or SuperSU to root your current installed stock ROM to see that it works

: just root now. Use Magisk or SuperSU to root your current installed stock ROM to see that it works Done. Do not miss to read the Changes in behavior topic!

topic! Whats next? Lol you are FREE! Flash SuperSu, Magisk or a custom ROM. Up to you. Flashing issues? Read the LIMITATIONS/KNOWN ISSUES topic (especially #1, #2, #3).

Changes in behavior

Booting to recovery, custom ROM booting (or stock but rooted), booting into download mode

NOT

Fastboot

take out the battery

unplug the usb cable from the PC (not from the device)

Insert the battery again

wait 2 sec

press volume DOWN and while keeping it pressed: plug the USB cable to the device

and while it pressed: plug the USB cable to the device keep volume DOWN pressed until you see the fastboot screen

fastboot flash <partition> <filename>

NOT

fastboot boot ..

TWRP/Recovery hardware key combo

power off device

unplug the usb cable from the device (if any)

press volume DOWN + power button and KEEP THEM BOTH pressed the WHOLE TIME until you see "Recovery loading" or TWRP

Factory reset hardware key combo

power off device

disconnect any usb cable from the device

press volume UP + power button and KEEP THEM BOTH pressed until you see the LG logo the first time! THEN you have to immediately release the power button ( ONLY that) and press and keep holding the power button directly again! Keep them pressed until you see the white LG factory reset screen

Proofs

ANY

ANY

MEAN

H818

can

confirmed:

check the current poll results: https://forum.xda-developers.com/poll.php?do=showresults&pollid=26680





LS991 (confirmed) --> https://forum.xda-developers.com/poll.php?do=showresults&pollid=26680

--> https://forum.xda-developers.com/poll.php?do=showresults&pollid=26680 F500 (confirmed) --> https://forum.xda-developers.com/poll.php?do=showresults&pollid=26680

--> https://forum.xda-developers.com/poll.php?do=showresults&pollid=26680 H810 (confirmed) --> https://forum.xda-developers.com/sho...&postcount=298 and https://forum.xda-developers.com/sho...&postcount=456

--> https://forum.xda-developers.com/sho...&postcount=298 and https://forum.xda-developers.com/sho...&postcount=456 H812 (confirmed) --> https://forum.xda-developers.com/sho...&postcount=298

--> https://forum.xda-developers.com/sho...&postcount=298 H815 (confirmed) --> My own one! and https://forum.xda-developers.com/sho...&postcount=276 and https://forum.xda-developers.com/sho...&postcount=458

--> My own one! and https://forum.xda-developers.com/sho...&postcount=276 and https://forum.xda-developers.com/sho...&postcount=458 H818 (confirmed)* --> https://forum.xda-developers.com/sho...&postcount=307 * SEE ABOVE REGARDING THE CURRENT ISSUES

--> https://forum.xda-developers.com/sho...&postcount=307 * H819 (confirmed) --> https://forum.xda-developers.com/poll.php?do=showresults&pollid=26680

--> https://forum.xda-developers.com/poll.php?do=showresults&pollid=26680 US991 (confirmed) --> https://forum.xda-developers.com/poll.php?do=showresults&pollid=26680

--> https://forum.xda-developers.com/poll.php?do=showresults&pollid=26680 VS986 (confirmed) --> https://forum.xda-developers.com/sho...&postcount=293

Support / IRC Channel

best

FWUL : choose v3.1 or higher and you will see the IRC hexchat icon right on the desktop.

: choose and you will see the IRC hexchat icon right on the desktop. with your Browser (just a click away) (Freenode Webchat (recommended), KiwiIRC Webchat)

(Freenode Webchat (recommended), KiwiIRC Webchat) PC software (HexChat and Pidgin are only 2 of them! This list is not complete!)

(HexChat and Pidgin are only 2 of them! This list is not complete!) Android app (Yaaic, AndChat, HoloIRC, AndroIRC are only a few of them! This list is not complete!)



(Yaaic, AndChat, HoloIRC, AndroIRC are only a few of them! This list is not complete!) When you have to choose a channel it is: #Carbonfusion-user

When you be asked for a server network choose: freenode

Model specific ROM threads

Making the baseband flashing obsolete

When you flash a full UsU compatible ROM (like those linked above) there is no need anymore to flash the baseband package.

ROM (like those linked above) there is no need anymore to flash the baseband package. When you flash another ROM which is not fully UsU compatible you can flash a kernel with UsU patches and so can avoid flashing the baseband package as well.

The UsU kernels can be found here.

fully UsU compatible you can flash and so can avoid flashing the baseband package as well. The UsU kernels can be found here. When the ROM is neither fully UsU compatible nor there is no kernel with UsU patches you can or better must flash the baseband package.

Credits

Mohd Saqib for the ls991 userdebug bootloader (http://www.gsmmarhaba.com/threads/lg...ith-qfil.3432/) stack. Without him.. no "unlock"

for the ls991 userdebug bootloader (http://www.gsmmarhaba.com/threads/lg...ith-qfil.3432/) stack. Without him.. no "unlock" LG for making a faulty mainboard which allowed me to replace it without an issue several times after hard-hard bricking

for making a faulty mainboard which allowed me to replace it without an issue several times after hard-hard bricking Me - steadfasterX bc I have done all this almost alone (besides the brave testers ofc) AND: just for FUN ! (I *CAN* UNLOCK OFFICIALLY!) and as the the whole guide and method is the result of many many days ... lol noooo *MONTHS* (!!!) of spending my free time on this topic!

bc I have done all this almost alone (besides the brave testers ofc) AND: just for FUN ! (I *CAN* UNLOCK OFFICIALLY!) and as the the whole guide and method is the result of many many days ... lol noooo *MONTHS* (!!!) of spending my free time on this topic! neutrondev (details about technical understanding + support)

uio88 (donator), jasonlindholm (recurring unteachable donator!), pablo103 (donator), britx (donator), ReeS86 (donator), ling751am (donator), 01189998819991197253 (donator), Korpse (donator), decibel_nv (donator), bdasmith (donator), hteles (donator), Leg0V0geL (donator), britx (donator), doop (donator), street_android (donator), ErismaSS (donator), ingcolchado (donator), fauxmight (donator), NwOg1984 (donator), pablogrs (donator), romanofski(donator), nenich78 (donator)

The overall sum (just for UsU) of donations (as of 2019-01-29): $ 247 !

While donations are accepted and appreciated there is NO need for it. I have done all this for fun and I like thx clicks more then money LOL

XDA:DevDB Information

Unofficial secureboot-off/steadfasterX Unlock, Tool/Utility for the LG G4

Contributors

Version Information

*works with any G4 model. Even though thecan be unlocked as well the touch display does not work anymore (should be possible to resolve but.. read on).so I decided to remove it from the UsU unlock. Read the details and process here: h818 topic This will "unlock" your bootloader and so enables you to install TWRP and custom ROMS as you like.To be honestis not the correct wording but I will still refer to it asas the result is the same:UsU will disable "Secure Boot" which verifies signatures on several partitions like: boot and recovery. Disabling secureboot means it will still verify and give you a secure boot error on boot BUT it will ignore and just boot afterwards (similar to a regular unlock).This is the outcome of afinding process. long? I started with the first attempt in this. yes.. (think about my nickname heh?!)A lot of stuff happend since then which all together helped me to accomplish UsU at the very end (yes all these links are my work including some brave testers ofc!).You wanna know how this bigfits together?UsU is notan! Its a combination of massive changes in TWRP, the G4 kernel and providing all the tools around like FWUL or SALT!It was really myproject in android development and its not just providing the actual unlock filesUsU doescare about a country version of a model (e.g. H815 TWN and H815 TUR are all referring to as H815).So you will find only the main part of your model listed which means it will work for any of them!Details:(keep Requirement #2 in your mind when upgrading to MM)which one? I highly recommend the latest MM version for your model --> but again beware of the ARB (not greater then 2)!devices need special attention though:Details:(bootloader stack is explained and described inYES. ALL of them:(requires SALT v3.21 / FWUL v3.1 or higher)Before proceeding ensure that you have read andthe "" topic and the "" topic in this thread!If you have a Windows PC the easiest way to get SALT is by flashingor higher on an USB stick (if you had read the "Downloads" topic above you should know that already).Before you ask if there is a Windows version of SALT: read the FAQ in thethread.UsU can be flashed in! Every way will unlock your device the only difference is where you place the UsU files. Choose the one which fits best for you:You will notice a... but it will load!... and NO: THIS MESSAGE CANBE REMOVED! If you can't live with that do not unlock :PAfter you unlocked your device with this method you will also have anwhich can be accessed by a key combo:Now what? You can flash whatever you want here with:you canas this is blocked like in the semi-official N bootloader stack.Flashing UsU changes the way the regular factory reset screen key combo is working.After flashing UsU we canAs written above the regular key combo to get into the LG factory reset screen changes a bit:IRC means Internet Relay Chat and youthere only!Choose how to get in:Well time goes by and so things change in the meantime. I have found a way to make the baseband flashing obsolete but that requires to flash either a device model specific ROM or kernel.That means: steadfasterX , the_naxhoo (tester), SePhIrOtX (tester), Chebhou (tester), fawadshah33 (tester), DoughMucker (tester), shane87 (tester), Guy Noir (tester), networkkid (tester), ling751am (tester), jmfecon (tester), r3pwn (tester)Stable2018-03-082018-03-082019-12-27