Better Mobile App

[ROOT] Saferoot: Root for AT&T Galaxy S4 ZOOM SM-C105AUCUAMJ2_On 4.2.2 JB

For now simply follow the instructions and use the provided file download from the link posted below
http://forum.xda-developers.com/showpost.php?p=48392009&postcount=1
I have personaly tested this method in full on My AT&T Samsung Galaxy S4 ZOOM SM-C105AUCUAMJ2 (4.2.2 Jelly Bean)
although it should be safe to use on any AT&T Samsung Galaxy S4 ZOOM running an android version prior to Kit-Kat
All Credit for this, "exellent completely safe", Root method goes to its creator k1mu
And please Know that it is only being shared with you via his explicit permission.
EDIT:
Q&A for [ROOT] Saferoot: Root for AT&T Galaxy S4 ZOOM SM-C105AUCUAMJ2_On 4.2.2 JB
Please if you are not on an AT&T Galaxy S4 ZOOM C-150a, Feel Free to Read
but Do not seek help,instruction, or any other type of advice by posting in this thread as it is hard enough to find information about a specific device when the said device does not have a dedicated forum. Thank You for your Understanding in this.

Instructions & Advice
If ?'s arise
and time allows I will add device specific instruction as well as any advice, Please bear with me. Same as above Q&A Link

Will this same method also work on the SM-C105AUCUAMJ2?

kbracing6 said:
Will this same method also work on the SM-C105AUCUAMJ2?
Click to expand...
Click to collapse
Most Definitely as this was the reason for my post

Hey @Phatboyj420, as far as converting a raw OTA file to Odin files, here's what I can tell you. The OTA file should be filename.cfg, i.e. a cfg file. Believe it or not, this can be manipulated like an archive (like zip or rar or tar) so open that cfg file in 7zip, WinRar, or whatever. You're going to want to extract the files like (I can't guarantee this a full list, just the ones I can remember) modem.bin, NON-HLOS.bin, boot.img, recovery.img, aboot.mbn, rpm.mbn, sbl1.mbn, sbl2.mbn, sbl3.mbn (you might not have all 3, idk), and tz.mbn. Again, there may be others you need, and/or not all the ones I just listed might be necessary, they're just the ones I remember dealing with before. Oh, you're going to need to make sure the system, cache, and persdata partitions are all packed into .img.ext4 files, idk if they're like that in the OTA cfg archive.
Here's where it gets even hazier for me. So, I know from personal experience that you can take any of these files (I'll just use recovery.img for this example). In a linux terminal (I use Ubuntu for convenience's sake, my laptop has windows and ubuntu partitions) run this command:
Code:
tar -H ustar -c recovery.img > recovery.tar
So that's how you can take any one of those files I mentioned last paragraph and pack it into an Odin-flashable tar. I'm still a n00b when it comes to the linux terminal, so I can't really say the syntax for packing more than one at once.
So I guess I haven't really given you the complete process, but hopefully this is at least a decent starting point. Honestly I consider myself a hobbyist at best, not an expert. muniz_ri, who Devo7v mentioned earlier, did all the heavy work in this regard so he can probably help you much more, I just didn't want to volunteer him for the job

thisisapoorusernamechoice said:
Hey @Phatboyj420, as far as converting a raw OTA file to Odin files, here's what I can tell you. The OTA file should be filename.cfg, i.e. a cfg file. Believe it or not, this can be manipulated like an archive (like zip or rar or tar) so open that cfg file in 7zip, WinRar, or whatever. You're going to want to extract the files like (I can't guarantee this a full list, just the ones I can remember) modem.bin, NON-HLOS.bin, boot.img, recovery.img, aboot.mbn, rpm.mbn, sbl1.mbn, sbl2.mbn, sbl3.mbn (you might not have all 3, idk), and tz.mbn. Again, there may be others you need, and/or not all the ones I just listed might be necessary, they're just the ones I remember dealing with before. Oh, you're going to need to make sure the system, cache, and persdata partitions are all packed into .img.ext4 files, idk if they're like that in the OTA cfg archive.
Here's where it gets even hazier for me. So, I know from personal experience that you can take any of these files (I'll just use recovery.img for this example). In a linux terminal (I use Ubuntu for convenience's sake, my laptop has windows and ubuntu partitions) run this command:
Code:
tar -H ustar -c recovery.img > recovery.tar
So that's how you can take any one of those files I mentioned last paragraph and pack it into an Odin-flashable tar. I'm still a n00b when it comes to the linux terminal, so I can't really say the syntax for packing more than one at once.
So I guess I haven't really given you the complete process, but hopefully this is at least a decent starting point. Honestly I consider myself a hobbyist at best, not an expert. muniz_ri, who Devo7v mentioned earlier, did all the heavy work in this regard so he can probably help you much more, I just didn't want to volunteer him for the job
Click to expand...
Click to collapse
Thanks My guy,
This definately gives me a good jumping off point.
The phone shipped with JB-4.2.2 and I think there has been an AT&T OTA for KK so it would have to be a complete Firmware so thats good news.
I'm working on several projects at once so I don't know exactly when I'll get to this but when I do the first thing will be to verify whether the .img's for data/system/cache are img.ext4 or not and if not how to produce correctly.
Also I don't have a Linux Dev setup yet I'm running Windows On a 2011 Dell XPS-17_L702x with an intel 2720 quad core. So from your post I take it Ubuntu would be your suggestion for Linux Distro. and should I make a separate Linux Partition and run from it, or run from a VM-Box inside of windows? Which do you think would be most efficient?
Now that I think of it I'm going to start a dedicated thread for development discussion for this specific device. If I start the thread in the Development section for the general S$-ZOOM but title it specifically for the " AT&T-C105a_ZOOM " do you think the mods would want to move it to the general Q&A section?
" I would hope that, as it would pertain directly to the development of the specific device they would see fit to leave it in the development section.
Sorry for the randomness of my thoughts but I will link you to the thread when I get around to starting on it.
For now I'm going to get back to work on the S4_Active for My daughters B-day I intend to have it Rooted and rommed out for her. When I get that done I'll make my way back to this Project, and start the dedicated thread.
Thanks again,
" I look forward to future collaboration as it seem we share a similar Hobie at the least ",
Phatboyj

Unfortunately for the few lonely SM-C105a users still hanging on out there this does not appear to be a completely effective root. I get this in dmesg: <3>[ 2130.920856] c0 Restricted changing UID. PID = 11580(su) PPID = 11575(sh)

capt_planit said:
Unfortunately for the few lonely SM-C105a users still hanging on out there this does not appear to be a completely effective root. I get this in dmesg: <3>[ 2130.920856] c0 Restricted changing UID. PID = 11580(su) PPID = 11575(sh)
Click to expand...
Click to collapse
What is your build # because this is a fully effective root method for the ATT SM-C105a running build# SM-C105AUCUAMJ2
Please elaborate on where your dmesg is coming from.
Is it from running Saferoot to obtain Root?
Or is it from some other function you are attempting after obtaining root?

@Phatboyj420 Great to see you here--when I'm sure your S4 Zoom is long gone. Yeah, that's my build and I should point out that I get that in dmesg only for certain operations in the system folder (trying to copy modules I think). No biggie, for day to day this method works fine. I'm more interested in whatever happened with that unbrick image you were trying to make from dd. Did you ever test it? Was it effective? My current efforts are focused on developing a reliable unbrick method for our phones. Rather than the complete image I think we may need to extract and flash the original bootloader in many cases. Can you provide any feedback on this?

capt_planit said:
@Phatboyj420 Great to see you here--when I'm sure your S4 Zoom is long gone. Yeah, that's my build and I should point out that I get that in dmesg only for certain operations in the system folder (trying to copy modules I think). No biggie, for day to day this method works fine. I'm more interested in whatever happened with that unbrick image you were trying to make from dd. Did you ever test it? Was it effective? My current efforts are focused on developing a reliable unbrick method for our phones. Rather than the complete image I think we may need to extract and flash the original bootloader in many cases. Can you provide any feedback on this?
Click to expand...
Click to collapse
@ capt_planit
while I have moved on from using my [email protected] S4-Zoom, I do still have it and the dd dumps of it the problem with providing said dumps publicly is that some "idiot would inevitably flash the complete dd.image to there phone giving them an exact clone of my phone explicitly the IMEI via EFS parition are my concerns.
That being said if I know that the dd.images were to be used in a proper manner, by say a knowledgeable Dev. I would gladly supply them to further /Kickoff Development,
It sounds as if we are of like mind but I found myself at a stand still and did not recieve any response from the plea in my Sig.
But rest assured if there is something I can do to assist I will.
as far as an unbrick.img for the Zoom c105a
I did make one but have had no reason to use it to know if it works or if the SD unbrick method even works for the Zoom like it does on the Galaxy S3 that the method was originally discovered on.
Even if it does work the SD-Unbrick method only gets you to a state where Download
mode works SO unless I am mistaken and you can access adb through Download Mode witch I'm pretty sure you cant, we would still be at a stand still as there is no stock firmware publicly available for our device " Ludacris I know " but true none the less.
Edit:
1 thing we need is the OTA update from JB to KitKat available for our device we need some one to extract it before updating then and only then might we be able to create an install-able firmware for our device.
if I'm not mistaken after you download the OTA update you should be able to find it in /cache/fota just zip the entire fota folder move it to your sd-card and make it available to me and we'll make it happen from there.
If you don't want to except the update just delete it at this point and reboot.
...
...

I think this user @awwar describes an inability to access download mode>here. In anycase, I think that thread would be a great place to post your unbrick. image. I think your dd image seems too small. But if you still have it, that is what @moomoo was asking for when he started that thread. I can't provide mine, except as separate img files. My understanding is that flashing an efs image won't provide a real IMEI. I think flashing some combination of boot, system, cache (I'm surprised this would be necessary) and recovery should get the operator some kind of system. But so far it doesn't seem to work that way. Your help getting some working phone flash would be greatly appreciated. I believe, BTW that the OTA is dead...

Who wants to help finish proprietary vendor blobs?

"Blobs" are the files specific to each device that we need in order to compile custom ROMS that work on our device. The process of finding them is tedious and slow... I have been picking away at them for months when I have time. There are over 600 files so far! But there are also references to files that are not being found. They are either missing, or they are not located where they are expected to be located. This is where I need help.
So, if you want to help, go HERE:
https://github.com/mightysween/android_vendor_motorola_payton
and look through the proprietary-files.txt file for anywhere that it says "warning".... and then search inside of the firmware (working on 8.0+ now, not 7.1 please) and try to track down the file that it says is missing [obviously, you will need a system dump, or to search on a rooted device]. If you find it, please post below like this:
LINE NUMBER OF THE WARNING (from github)
PATH TO THE MISSING FILE (relative to /system... in other words, don't inlude your own local path)
Once this file is complete, we can use it to automatically pull the correct vendor files into our build environments... having a working recovery, active kernel developement and completed vendor blobs should open us up to more development efforts.

Also, if anyone has done any testing and knows of other proproetary files that are needed, please post them here so I can include them.
My time at the computer to work on this is really limited, so I have only identified a dozen or so daemons that definitely call for proprietary libs... I am sure there are more

I would love to pitch in on this but have zero experience with anything related to development. Do you think I could still be of help? Sounds like a basic enough task that it wouldn't be too difficult. Let me check and see that I understand the process.
Went to github and looked at proprietary-files.txt. The first warning I found was in line 49: "blob file libpn553_fw.so missing or broken". Then searched for that file in my device's system folder using ES File Explorer with Root Explorer enabled.
So is this what you're looking for?
49
/system/vendor/firmware/libpn553_fw.so
---------- Post added at 14:31 ---------- Previous post was at 14:07 ----------
I'd like to contribute in some way but if this is best not left to a complete noob then I totally understand

mightysween said:
Also, if anyone has done any testing and knows of other proproetary files that are needed, please post them here so I can include them.
My time at the computer to work on this is really limited, so I have only identified a dozen or so daemons that definitely call for proprietary libs... I am sure there are more
Click to expand...
Click to collapse
Do you have a link to a system dump?

TheBassDude said:
I would love to pitch in on this but have zero experience with anything related to development. Do you think I could still be of help? Sounds like a basic enough task that it wouldn't be too difficult. Let me check and see that I understand the process.
Went to github and looked at proprietary-files.txt. The first warning I found was in line 49: "blob file libpn553_fw.so missing or broken". Then searched for that file in my device's system folder using ES File Explorer with Root Explorer enabled.
So is this what you're looking for?
49
/system/vendor/firmware/libpn553_fw.so
---------- Post added at 14:31 ---------- Previous post was at 14:07 ----------
I'd like to contribute in some way but if this is best not left to a complete noob then I totally understand
Click to expand...
Click to collapse
Thanks, that is all there is to it
Just time consuming (especially after the first 500)...lol

QWZR said:
Do you have a link to a system dump?
Click to expand...
Click to collapse
Nah, too big to conveniently upload... but if you are rooted, you can use the phone to search

mightysween said:
Nah, too big to conveniently upload... but if you are rooted, you can use the phone to search
Click to expand...
Click to collapse
Mine gets here next week

mightysween said:
Nah, too big to conveniently upload... but if you are rooted, you can use the phone to search
Click to expand...
Click to collapse
If you have root on the system you can find the files for, you should be able to find any given filename with:
find / -name "filename" -print
And it should output any filenames that match. I don't have time at the moment to dig into this any more, but would this resolve much of it?

ebrandsberg said:
If you have root on the system you can find the files for, you should be able to find any given filename with:
find / -name "filename" -print
And it should output any filenames that match. I don't have time at the moment to dig into this any more, but would this resolve much of it?
Click to expand...
Click to collapse
Any way that works is fine by me
I am on the road a lot and just don't have enough time to sit and work on it... so it is taking months. I bet a few people helping could finish it in a matter of hours.
I am hoping to have a few hours next week to work on it. But the sooner this is done, the sooner I can shift to trying to compile Lineage OS with working hardware.
BTW, Lineage *does* compile if I comment out all the stuff causing make errors... not much works, obviously.
The next step will be compiling with these blobs, then logging all the new errors and chasing down all the additional broken symlinks... and then adapting the kernel as needed.
Then, MAYBE we can get a base Lineage tree up and open up the X4 to building for other roms. I know someone started a skeleton tree for Carbon already on Github... they are likely just waiting for the completed device tree, too.

mightysween said:
Thanks, that is all there is to it
Just time consuming (especially after the first 500)...lol
Click to expand...
Click to collapse
ebrandsberg said:
If you have root on the system you can find the files for, you should be able to find any given filename with:
find / -name "filename" -print
And it should output any filenames that match. I don't have time at the moment to dig into this any more, but would this resolve much of it?
Click to expand...
Click to collapse
I don't own this device yet, but I was thinking of getting one. I figured this might help you all out (you'll need to be running linux):
First, let's get a list of all the files on the phone, to make searching faster.
Code:
adb shell
su
find / > /sdcard/allfiles.txt
exit
exit
adb pull /sdcard/allfiles.txt
Now you should have allfiles.txt on your machine. Also grab the proprietary-files.txt, and then run this:
Code:
grep -Po '(?<=(blob file )).*(?= missing or broken)' proprietary-files.txt | xargs -I @ grep "@" allfiles.txt
That should find the paths of all the missing files (except the ones marked "wildcard")

BLuFeNiX said:
I don't own this device yet, but I was thinking of getting one. I figured this might help you all out (you'll need to be running linux):
First, let's get a list of all the files on the phone, to make searching faster.
Code:
adb shell
su
find / > /sdcard/allfiles.txt
exit
exit
adb pull /sdcard/allfiles.txt
Now you should have allfiles.txt on your machine. Also grab the proprietary-files.txt, and then run this:
Code:
grep -Po '(?<=(blob file )).*(?= missing or broken)' proprietary-files.txt | xargs -I @ grep "@" allfiles.txt
That should find the paths of all the missing files (except the ones marked "wildcard")
Click to expand...
Click to collapse
Thanks, I had recently completed this, but your code worked fantastic for double checking, and actually helped me find one that I had missed :good:
Now, on to identifying any more daemons that need proprietary files... and then assembling the tree itself... PROGRESS!

PHASE 1 is complete!
https://github.com/mightysween/android_vendor_motorola_payton
I am 99% sure that this is only ~75% of what will be needed to actually build LOS15. But it is a good foundation to work off of now.
My plan is to start attempting to compile LOS and take error logs to chase down the remaning missing stuff. LOTS to be done still to get to that point...hoping for some other builders/devs to materialize here and help out

Hi! Just a question: it´s mandatory to use A/B partition scheme to build a custom ROM for this device or it will be possible to use a traditional partition scheme and free up some GBs of internal storage for use?

christianrj said:
Hi! Just a question: it´s mandatory to use A/B partition scheme to build a custom ROM for this device or it will be possible to use a traditional partition scheme and free up some GBs of internal storage for use?
Click to expand...
Click to collapse
It would seem that we will still be stuck with A/B, as the bootloader does the initial check of the active slot. Perhaps there may be some clever ways around this in the future...but nothing I will be tackling.

mightysween said:
It would seem that we will still be stuck with A/B, as the bootloader does the initial check of the active slot. Perhaps there may be some clever ways around this in the future...but nothing I will be tackling.
Click to expand...
Click to collapse
You would probably need a custom kernel to do it properly. The bootloader passes a kernel param (androidboot.ro.boot.slot_suffix) specifying which slot to use. In the absense of a kernel param, the value is read from the ro.boot.slot_suffix build property.
That being said, you might be able to just repartition your device to only have 1 slot, flash your ROM, and use
Code:
fastboot --set-active=_a
. If your ROM has disabled OTA updates from the OEM, you should be fine.

I'm going to get an X4 in the coming weeks. I'd like to help with this soon. I'm a seasoned developer by trade and can collab on GitHub. Hope to be able to start working with you soon. :good:

I don't know if any of you have seen this article, but it seems promising that it might not be too difficult to achieve for this device:
https://www.xda-developers.com/xiaomi-redmi-note-4-project-treble/

Hariiiii said:
I don't know if any of you have seen this article, but it seems promising that it might not be too difficult to achieve for this device:
https://www.xda-developers.com/xiaomi-redmi-note-4-project-treble/
Click to expand...
Click to collapse
@vache at the Moto G5 Plus forums has already managed it using the /oem partition which is otherwise unused for custom ROMs

Hariiiii said:
I don't know if any of you have seen this article, but it seems promising that it might not be too difficult to achieve for this device:
https://www.xda-developers.com/xiaomi-redmi-note-4-project-treble/
Click to expand...
Click to collapse
Cool... seems it may be possible. Will follow the progress on the Redmi and G5 devices

navenedrob said:
I'm going to get an X4 in the coming weeks. I'd like to help with this soon. I'm a seasoned developer by trade and can collab on GitHub. Hope to be able to start working with you soon. :good:
Click to expand...
Click to collapse
The more I am reading about enabling Treble, the more I think it is entirely possible.... and probably the best direction to focus our efforts.
Seems like we have partitions that could be used as /vendor. I am reading up on exactly how the Treble vendor partition is set up. Tricky, but not implausible.
EDIT: Actually, none of the partitions we could potentially re-purpose for /vendor are big enough. So, it may be harder on this device than on others. It may require repartitioning.

[solved] Get VoLTE running! (modem config files H930 EU SD835 mcfg_sw.mbn wanted!)

There's a guide thread now in Guide section, use that one pls as this one isn't detailed enough and the other one has some more instructions, e.g. for backing up the files and partitions we work with!
thanks to user @Krekos/CZ/ these files are available for everyone now find them in his post here (or attached on this post) and give him a thx pls :highfive: :cyclops:
original OP text:
Im on testing sessions regarding volte and at least got that far, that the IMS server in hidden menu can be configured (wasn't accessible before my edits). but I'm stuck for now: I by accident deleted following folder which contains the modem config files for different operators. Looks like they are on the EFS partition, as a kdz and standalone-modem reflash didn't help, unfortunately:
Code:
/firmware/image/modem_pr/mcfg/configs
pls, can someone with a true H930 rooted EU OPEN phone (I've bought mine via telefonica O2 Germany) help me and zip and upload this special folder for me? would be appreciated very very much!! I don't want to find out what happens when I reboot my phone now xD maybe unfixable bootloop...

noone...? come on, this is a 3-5 minutes job deleting takes only 2 secs as i know now... but w/o these files no modem config is possible, phone could be useless on next reboot. so, pls pls...
btw: no personal data stored in these directories. there are only config files for different operators inside, nothing else. mcfg_sw.mbn files, you can google for their function and have a look at them on your phone. easiest way for zipping them would be "root explorer", it offers this function, and tar compressing too. hm, when i think about it, tar would be better format

seadersn said:
noone...? come on, this is a 3-5 minutes job deleting takes only 2 secs as i know now... but w/o these files no modem config is possible, phone could be useless on next reboot. so, pls pls...
btw: no personal data stored in these directories. there are only config files for different operators inside, nothing else. mcfg_sw.mbn files, you can google for their function and have a look at them on your phone. easiest way for zipping them would be "root explorer", it offers this function, and tar compressing too. hm, when i think about it, tar would be better format
Click to expand...
Click to collapse
I would be glad to help but I don't have H930...

hmm, which one do you own then...? maybe worth a try to have a look at the files from a different phone as long as it's native open and an EU one. and: I've seen you're a really helpful person, a superb contributor, one of the best in v30 forums thx for that! :thumbsup:

H930 here, but it's not rooted.

grmpf, there's no way then to access these files, unfortunately but thx anyway

seadersn said:
hmm, which one do you own then...? maybe worth a try to have a look at the files from a different phone as long as it's native open and an EU one. and: I've seen you're a really helpful person, a superb contributor, one of the best in v30 forums thx for that! :thumbsup:
Click to expand...
Click to collapse
maybe @SGCMarkus or @Whiskeyomega can help?
---------- Post added at 07:55 AM ---------- Previous post was at 07:46 AM ----------
myb said:
H930 here, but it's not rooted.
Click to expand...
Click to collapse
Looks like you need to get busy this weekend! Just so you actually own your phone.

I have Rooted H930. But how can i access these files?? i can't see them in TWRP.

Krekos/CZ/ said:
I have Rooted H930. But how can i access these files?? i can't see them in TWRP.
Click to expand...
Click to collapse
wonderful!! if we get this working you're my hero
in twrp there's no way to get them, this has to be done in fully booted android system. you have got terminal emulator app installed? the command would be
Code:
tar -czf /sdcard/modem.tar.gz /firmware/image/modem_pr/mcfg/configs
the resulting file can be found in root dir of sdcard then. maybe it's small enough so you can attach it on your answering post, otherwise maybe using google drive or androidfilehost is needed.

double post, sry...

It's strange but i cannot compress these files. It always tell me, i dont have privilegies for that. I try severel Emulators. I also try TotalCommander App with root privilegies, and copy the files manually, but i ended with error aswell.

ouch... did you type "su" to give the terminal emulator root privileges before trying?

I got it! I finally found emulator which compress the files. i dont know why previous apps didnt work but w/e.
Here it is: https://goo.gl/Qk293b

yay!!!!! it worked, the files are back! THANK YOU VERY VERY MUCH!!! you saved my h930 thanks again! :good::highfive::victory:

hmm, is it okay for you when i attach this zip on the first post with big fat credits to you? maybe someone else needs these mbn files for his SD835 device at some time?

I have no problem with it. you can attach it.

thx, again

...aaaand: volte (and vowifi; don't know for sure about viwifi and vt/vilte. sms over wifi/volte needs to be tested too) is up and running! LoL... o2 wasn't able to help me in four service hotline sessions and two visits in their store. really funny as they told me every time "absolutely no way, sry. we can't do this (send some infos or activate volte in account [was already activated, it worked all the time with my s7flat]), we can't do that (flash something to get this working) and so on. k, this took me an serious amount of time my kids and wife weren't really happy and proud of, but hey, there are priorities, or not? hrhr...
is there a need for a guide for everyone? maybe I get a guide up and running. problem for now is, I don't know for sure which edits are really needed and essential. this will be a guide we need to work out all together to finally see which steps are necessary for a newbie and starter. let's see, would take some time but should be possible. when five ppls in this thread are telling "yes we want this guide, let's do this together!" then I'll do it
would've not been possible w/o the help from @Krekos/CZ/ I'm really happy he helped out! :good:

I would like to try this feature and you're welcome.

Nice one. So vollte will be available for every gsm operator on stock rooted rom?

Help with electrum wallet (will send btc)

I have an electrum wallet on an old android phone, for which I have forgotten the pin. Seed is also gone. The pin is a 6 digit number. I have found a script which was used to bruteforce it and send the funds into another account..
The problem is that I cannot figure out how to run the script on my phone. I am using android studio and uiautomator. I need to find a way to run the script on the electrum wallet app so it can bruteforce the pin.
Any advice is welcome. There is around 0.1 btc in the wallet so I promise to send 0.05 to anyone who figures it out.
Script: https://pastebin.com/XND4HXpU
Simillar thread:
https://www.reddit.com/r/Electrum/comments/5zwar6
The phone is an LG G4 running android 6.0
Cheers!

Have you tried pulling the wallet file off the device to your pc? It's probably easier to crack it from there.

ffff2 said:
Have you tried pulling the wallet file off the device to your pc? It's probably easier to crack it from there.
Click to expand...
Click to collapse
I couldn't find the wallet.dat file. I have seen that other people don't seem to find them easily as well.
Any idea how to do it?

dyelbuterol said:
I couldn't find the wallet.dat file. I have seen that other people don't seem to find them easily as well.
Any idea how to do it?
Click to expand...
Click to collapse
Do you have root? The file should be "defaul_wallet" not a wallet.dat

I don't. Searching for it doesn't return anything.
Any idea where it might be?

dyelbuterol said:
I don't. Searching for it doesn't return anything.
Any idea where it might be?
Click to expand...
Click to collapse
okok no worries, it won't show up if you don't have root
So basically make an adb backup of the device then extract the file from there then run btcrecover on the wallet to get the pin. This should be overall way quicker than using uiautomator.
from here:
https://www.reddit.com/r/Electrum/comments/6sqabv/_/dlfi341

I will give it a go as soon as I can and let you know.
Cheers

{Mod edit: Quoted post has been deleted. Oswald Boelcke}
I made it to the tar part using this guide and I have given the file to one of my programmer friends but I haven't heard back from him yet.

Question Found more files to help with msm tool (oem_qmi_client) by quadcomm

I'm so I'm just kind of putting this information out there I haven't got to go through it yet on the breakthrough of this knowledge I figured I should just make a post so people can get into it as quickly as possible it does look like the phone is running the same recovery set up as the sm8250 at least it has an entire file directory based on that number there's a lot of interesting files in therehow I got to them = (adb shell [then] cd ./sys/module/ [then] ls --color=auto -a [you should see all the files/dirs]) anyways I'm going to keep doing what I do and try to figure out this thing Happy hunting good luck people

AkayamiShurui said:
I'm so I'm just kind of putting this information out there I haven't got to go through it yet on the breakthrough of this knowledge I figured I should just make a post so people can get into it as quickly as possible it does look like the phone is running the same recovery set up as the sm8250 at least it has an entire file directory based on that number there's a lot of interesting files in therehow I got to them = (adb shell [then] cd ./sys/module/ [then] ls --color=auto -a [you should see all the files/dirs]) anyways I'm going to keep doing what I do and try to figure out this thing Happy hunting good luck people
Click to expand...
Click to collapse
can you do me a favor and pull the file from your that is called "oplus_locking_strategy" ... this may be to a bootloader unlock. For some reason i dont have this file on mine, but also my bootloader i unreachable... id appreciate it thx...
( a simple "adb pull ./sys/module/oplus_locking_strategy /sdcard/oplus_locking_strategy" should do it... then if you can dm me that would be spectacular! thx)

beatbreakee said:
can you do me a favor and pull the file from your that is called "oplus_locking_strategy" ... this may be to a bootloader unlock. For some reason i dont have this file on mine, but also my bootloader i unreachable... id appreciate it thx...
( a simple "adb pull ./sys/module/oplus_locking_strategy /sdcard/oplus_locking_strategy" should do it... then if you can dm me that would be spectacular! thx)
Click to expand...
Click to collapse
I can do you better I can give you the suppository to the phone models so you can just download every file from the phone it even has a link to build the phone with twerp plus it has to build tree files as well >Dumpfiles<

i think i have what you are referring to... i downloaded the original source for our phone, but it does me no good with a locked bootloader because the source does not include the android signing keys. If it did that would be VERY BAD for oneplus cuz anyone could forge updates packages. but afaik that file is not in the source build. i believe it is an after - addon offered to carriers

I can send you a copy

AkayamiShurui said:
I can send you a copy
Click to expand...
Click to collapse
dm sent