Tested for myself working (Xperia 5II)
All of the stuff and tutorials which is needed is already explained in the thread from @Miustone (https://forum.xda-developers.com/t/...g-with-magisk-and-flashing-firmwares.4177209/).
At this point also a big thanks for his guide. This helped me alot.
Download the new firmware from XperiFirm
Drag the file boot_***.sin from the new firmware over the Unsin.exe to get a patchable boot.img for Magisk
Copy this boot.img to your phone and patch it through Magisk to get the magisk_patched.img and copy this to your platform tools folder
Now delete the "persist.sin" and "userdata.sin" in the firmware folder (so your userdata won't be deleted)
Copy the remaining files to the Newflasher folder
Shut down your phone - hold the volume down and connect your phone with your pc
Start Newflasher.exe and in the prompt press f,n,n - wait for installation and close prompt
(After the installation my phone didn't boot into fastboot mode so if you see still a green light on led notification on your phone after installation please unplug usb cable - press volume up and reconnect the usb cable - blue light for fastboot mode)
In fastboot mode install the magisk_patched.img file to slot a and b to maintain root
First startup from new firmware will take some time but for me it booted up and everything is working and all of my data still remain.
isn't it possible to update using the OTA updates if we relock the bootloader? (while still keeping magisk)
or maybe we need to relock, unroot then install updates and root again?
dgmortal said:
isn't it possible to update using the OTA updates if we relock the bootloader? (while still keeping magisk)
or maybe we need to relock, unroot then install updates and root again?
Click to expand...
Click to collapse
You can't boot If rooted and relocked. So this is the only way besides maybe having TWRP and Zips which do include the Firmware Parts Like Modem, Bootloader etc.
T3chDelicious said:
Tested for myself working (Xperia 5II)
All of the stuff and tutorials which is needed is already explained in the thread from @Miustone (https://forum.xda-developers.com/t/...g-with-magisk-and-flashing-firmwares.4177209/).
At this point also a big thanks for his guide. This helped me alot.
Download the new firmware from XperiFirm
Drag the file boot_***.sin from the new firmware over the Unsin.exe to get a patchable boot.img for Magisk
Copy this boot.img to your phone and patch it through Magisk to get the magisk_patched.img and copy this to your platform tools folder
Now delete the "persist.sin" and "userdata.sin" in the firmware folder (so your userdata won't be deleted)
Copy the remaining files to the Newflasher folder
Shut down your phone - hold the volume down and connect your phone with your pc
Start Newflasher.exe and in the prompt press f,n,n - wait for installation and close prompt
(After the installation my phone didn't boot into fastboot mode so if you see still a green light on led notification on your phone after installation please unplug usb cable - press volume up and reconnect the usb cable - blue light for fastboot mode)
In fastboot mode install the magisk_patched.img file to slot a and b to maintain root
First startup from new firmware will take some time but for me it booted up and everything is working and all of my data still remain.
Click to expand...
Click to collapse
Is this working from 10 to 11?
no app to do these steps? OxygenUpdater sort of..
Can you lock the bootloader if you remove the root? I only want root to modify one app (need call recording), after that I'd be more happy without root (compatibility, updates and potential for instability)
Related
i did like this thread
[b KERNELS] WITH CWM AND ROOT FOR SK17i-ST15i-WT19i BASED ON 4.0.2.A.0.62 FIRMWARE
NEEDS UNLOCKED BOOTLOADER
Nothing extra in these kernels.Stability is not compromised.Just the absolutely necessary.CWM recovery (5.0.2.7), root privileges and all the goodies of a debuggable kernel (like init.d support)
INSTALLATION INSTRUCTIONS:
Run cmd in the folder that contains fastboot.exe.Unzip boot.zip in the same folder.Connect your sk17i-st15i-wt19i in fastboot mode(shutdown your device,hold volume up and connect your device to your pc via usb (blue led lights up)at least this is the way for sk17i).
Type:fastboot flash boot boot.img
Disconnect the usb cable.
Reboot.
ENJOY!
To enter CWM press the power on-off key once or twice as soon as the text se logo gets brighter.
Download links:
SK17i:
i have fastboot.exe
and boot.img
in a folder and the cmd it says in every time i try to root my phone < waiting for device >
my phone is in the fast mode (with blue light) connecting to my PC
so whats wrong what did i miss ??
any help will be much appreciated
thanks in advance
Make sure usb driver is installed. Check device manager make sure there are no problems (while phone is connected in fastboot).
wrt54gs7 said:
Make sure usb driver is installed. Check device manager make sure there are no problems (while phone is connected in fastboot).
Click to expand...
Click to collapse
i did check device manager and the usb driver every thing was working good, but the problem still happen all the times the cmd says waiting for device any help
I suggest you install flashtool and check its log while you dis/connect your phone.
a few days ago I tried to root my xperia S to get more functionality. So i read on the internet on several blogs and started to download a rom. First i unlocked my phone with fastboot.exe. Then i try to boot via Command prompt. It says everinthing was okay in about 120 secs, but when i disconnect and tried to start my phone, i only got the sony logo and that was freezed. Even if i reboot, it cames again. I've tried some other ftf files to flash, but nothing worked. Now my battery is empty, and i don't get the phone back in fastboot mode.
Anyone have tips for me? Im very new in it so please help me...
leenbrak said:
a few days ago I tried to root my xperia S to get more functionality. So i read on the internet on several blogs and started to download a rom. First i unlocked my phone with fastboot.exe. Then i try to boot via Command prompt. It says everinthing was okay in about 120 secs, but when i disconnect and tried to start my phone, i only got the sony logo and that was freezed. Even if i reboot, it cames again. I've tried some other ftf files to flash, but nothing worked. Now my battery is empty, and i don't get the phone back in fastboot mode.
Anyone have tips for me? Im very new in it so please help me...
Click to expand...
Click to collapse
For now, charge your battery first. U atleast need to have 80% charge before u can fastboot/flash your phone.
- (Only If Your Phone Doesnt Start) Press Power Button+Volume Up for some 10/15 seconds, u will get three vibrations which mean u just hard reset the phone. It normally takes about 2/3 minutes to boot up a phone after a new flash or kernel has been installed. If not then follow the the below instructions after the hard reset and see if it works.
- Assuming that you have already got the downloaded ftf (Firmware file) saved in the FIRMWARE folder of flashtool, if not then save it.
- Open up your flashtool.
- Press and hold the VOLUME DOWN key.
- Keep it pressed, connect the USB cable to your PC (assuming that u already have the usb connected to the phone)
- Release the Volume Down key when phone's GREEN LED lights
- Click the flash button (yes: the thunder icon up left)
- Select "Flahsmode" and click "OK"
- Select your desire firmware and click "OK", DON'T TOUCH ANYTHING ELSE
- Flashtool will prepare the files for flashing, just be patient
- Flashtool will start flashing automatically, let it finish to 100%
- At the end, Flashtool will prompt a line saying u need to check Unknown Sources And USB Debugging mode and thats when u know that u have successfully flashed a stock/custom ROM.
- Disconnect the phone, power up and give it some minute to boot up and work.
- Have fun :highfive:
HOW TO ROOT:
Depending on the Firmware/ROM the rooting method varies, i use Advanced Kernel Build14 on my new stock ICS firmware but always used DoomKernelv0.4+Recovery to Root Stock GB firmwares
You Can Download Any One Of them:
- AdvancedKernel14(Fastboot) For ICS
- DoomKernels(Fastboot+Recovery) Thread
How to Fastboot and just Root without Recovery and back to STOCK KERNEL:
First of all i will advice you to do this if ONLY you are planning to root your phone but want to come back on your stock kernel. Its a good thing to do if you have just flashed a new firmware like 6.0.A.2.45
Here's what you do:
[ requirements ]
# bootloader of the device is UNLOCKED
# Download and install FASTBOOT DRIVERS (DoomLord)
# Downlaod and Unzip FASTBOOT BINARIES
- Unplugged your USB from pc and Turn Off your phone
- Rename Advanced Kernel Build 14 to kernel.elf or unzip DoomlordKernelv0.4, unzip it and copy kernel.elf
- Open Fastboot Binaries folder
- Go To Fastboot folder, paste the kernel.elf file
- Press and hold VOLUME UP key.
- Keep it pressed and connect your phone and pc through USB.
- BLUE LED light will turn on means you are in fastboot mode, release the key.
- Fastboot folder opened, press SHIFT+RIGHT MOUSE button on the screen and choose Open Command Window here.
- Type
fastboot devices
Click to expand...
Click to collapse
to check if your phone is connected properly and if it is, something like PSDN : xxxxx will be shown.
- Type
fastboot flash boot kernel.elf
Click to expand...
Click to collapse
- Give it some seconds as it will load the kernel on the phone.
- Type
fastboot reboot
Click to expand...
Click to collapse
and your phone will restart. Give it some minute and it will boot up plus you will have root access :highfive:
ONLY IF YOU WANT TO GO BACK ON STOCK KERNEL WITH ROOT ACCESS:
- Assuming you have 7zip installed in your system, if not then google, download and install the programme.
- Right click on the ftf (firmware) file.
- Choose 7zip > Open Archive
- Click kernel.sin > Extract and save it anywhere in your PC
- Connect your phone through USB (You Can do it even if your phone is ON)
- Click the THUNDER ICON.
- Choose FASTBOOT. Choose OK.
- Click Reboot into fastboot mode (via ADB) if it gives error on flashtool then click REBOOT INTO FASTBOOT MODE ( via FASTBOOT)
- The Phone will turn off and will automatically go into fastboot mode ( BLUE LED )
- Click SELECT KERNEL TO FLASH
- Choose kernel.sin
- Give the kernel some seconds to flash and the phone will restart.
- You will see the SONY logo again if you have done it correctly ( YES YOU WILL because you just successfully flashed the stock kernel)
- Wait for some minute and the phone will reboot with stock kernel still with root access to it.
ALTERNATIVE WAY TO FLASH THE kernel.sin :
- Copy and paste the kernel.sin file over at the fastboot folder in fastboot binaries. Delete the kernel.elf
- Type fastboot devices
- Type fastboot flash boot kernel.sin
- Type fastboot reboot
:highfive: :highfive:
Follow the above steps and you will definitely have a success
I dont think i can charge my battery. When i put it on a charger, the led is burning red. I've done that for a hole night. But if i disconnect, and try to power up, it doesnt react at all. When i connect it on my pc, the pc doesnt recognize it as a device, only the red led is burning. After a few time the sony logo appears. But stil no recognizing by pc, and still not 3 vibrates after trying a hard reset...
okay, after 3 weeks of waiting im back. I had brought de Xperia S to a telecom store to fix it, but they said that it was impossible for them. Now, i tried for my self again. There are some things to explain.
1 flashing a kernel(eg. kernel.sin) is possible.
2 then, i want to flash a the system partition
3 if i do that via the command prompt by this command it says it fails
4 if i do that by the flashtool by clicking on the thunder icon, then choose the flashmode, and choose the version to load, it's unpackage some files, but then it asks to put the phone into flashmode. If i do that by pushing the volume downbutton and then connect phone with PC, the green LED is burning, but the flashtool still asks to put into flashmode. So it does not start to flash at all, because the phone is not really in flashmode.
Anyone suggestions??
You say you unlocked your phone, do you mean unlocked the bootloader? If it's stuck at boot loop this is sometimes due to locked bootloader. Try to unlock again making sure it has correctly unlocked.
If your pc cannot detect your phone in flash mode, it may be that you don't have all the drivers installed. I don't understand 2.
All in all if your phone is in flashmode but it still says put phone into flash mode im going to presume the drivers aren't installed (or installed correctly).
Here is what I have done in a similar situation.
1, Hold the vol up and vol down buttons pressed at the same with your thumb the while holding the full button pressed, press down on the power button, you are now holding power button and volume +/- at the same time, maintain this pressure for a while, you will feel 1 vibration but keep pressing until you feel 3 vibrations then take your fingers off the power and the volume.
2, Press the vol down and insert your usb that is connected to the PC. you should get a green light, if not try # 1 again 2-3 times
3,Recharge it should only take an hour or two to get decent charge.
4, Start flashtool or PC companion. flash or update.
U should avoid unlocking ur device if u r a noob..and wait for devs to develop a method that roots the device widout hving to unlock bootloader like recentlyBin4ry has developed
Sent from my LT26i using xda premium
Finally, I found the solution by installing flashtool update 9.6.0. With that installed, my phone went into flashmode and it was flashed well. A new question: i installed a rooted version of the ICS firmware. But now it is now longer possible to install updates. Is that a known issue, and is there a solution?
Hi,
in fastboot mode on my device, the volume up key is not recognized but this key perfectly work in android OS.
I tried opening lk.bin with an hex editor and I can see all the fastboot commands and some variables (the file is very long...).
Is it possible to edit it for implement the volume up key (the volume down work perfectly) or delete the confirmation for the oem unlock ?
TY :good:
Have thee same problem and have same question
Is there anyone out there to help?
also need this for a figo gravity x55l
GREAT NEWS I MANAGED TO GET ROOT WITHOUT UNLOCKING THE BOOTLOADER ALL YOU NEED IS TO
1.download your firmware and extract it
2.extract the boot.img from the firmware and put it on your phone REMEMBER WHERE YOU PUT IT SINCE YOU WILL NEED THIS!
3download magiskmanager install it and open it.
4click install and choose the boot.img it will install magisk into it
5.put it back in your firmware folder on your pc
6 look for a file that says Checksum_gen and run it
7 once that completes use spflash tool and load your scatterfile and flash JUST THE BOOT.IMG wait for the reboot and you have root!
THANK YOU DEVELOPERS OF MAGISKMANAGER!
Does somebody have a step by step guid to install this on my device?
I found this and this but I dont know if this can be used to install the rom on my device.
I just know you need to unlook your bootloader first before to do anything.
I already checked and my device can be unlooked.
Go ahead man those guides are just fine. This is what I did to install Carbon.
Read all the steps first then do it, and also definitely read the note* at the end
Write down your IMEI somewhere safe
Unlocked bootloader. Get unlock code from Sony's official site. Just Google it it's easy to find. Don't follow unofficial websites, apps.
Turn the phone off.
Hold down the vol-up button.
While holding, attach the usb cable, wait a few sec.
Release the button. On laptop issue the command
Code:
fastboot devices
(download the fastboot from here on the forum if not already). You should see you'r device serial number.
If not, instead of attaching usb cable use the power button to turn the phone on (nothing happens on the phone screen) then attach usb cable.
Issue the command
Code:
fastboot oem unlock 0xTHE_CODE_YOU_GOT_FROM_SONY
Reboot perhaps?
Code:
fastboot reboot
If you rebooted, go back to fastboot mode as described above.
Flash TWRP (recovery.img). Download it's image from here on the forum. Use the command
Code:
fastboot flash FOTAKernel recovery.img
Detach USB cable, reboot, turn the phone off.
Hold down the vol-down key and power key. Phone turns on, when you see sony logo, release the buttons. The phone boots into TWRP.
There's a backup button. Make a backup. DO IT!
Attach the usb cable. Transfer the backup to laptop.
Back to main screen, choose wipe. wipe everything, internal, system, blabla.
Transfer the carbon ROM to phone.
Choose what was it on twrp? install? flash? it's the first option.
Choose the zip file.
Look for open-gapps and magisk here on the forum. Install them just the way you installed the ROM if you wish.
Reboot. Phone might reboot itself while loading the carbon once or twice.
If you have wifi and network, congrats. if not, look for z2 baseband patch here on the forum.
Boot back into the TWRP, transfer the file to phone, flash it. Reboot. Hopefully you have network.
If you have not bricked the phone by now, congrats you have carbon on your phone, have your guaranty voided, and all your personal data wiped from the phone.
There's just one catch that after flashing the baseband, you get carrier network back but wifi stops working. Which I'm strggling to fix yet.
note*:
Before installing the carbon, after you have unlocked the bootloader, installed TWRP, and made a backup, on your laptop run the following commands to have your current firmware, in cast the baseband patch doesn't work:
While in the TWRP, go to mount section, mount the system.
On the laptop:
Code:
adb shell
cd /sdcard
cp -r /system/etc /sdcard
tar cf original_rom_etc_backup.tar /sdcard/etc
exit
Then transfer the original_rom_etc_backup.tar file created on the phone to your laptop and store it safely.
Later you can extract this file and chery pick the modem files and replace carbon modem firmware with the original see if yo get lucky :shrug
Hi All,
With the recent launch of LineageOS 18.1 I decided to take the plunge and get it installed on my fully stock Videotron/Freedom H915. Since I had to smash together info from a half dozen other threads, I figured I'd gather it all together here for folks with a Canadian phone trying to make this work.
Since I knew absolutely nothing coming into this, I'm going to go a little more detailed on this write-up. If you've been flashing ROMs since the old days of Cyanogenmod you can probably skim half of this.
Disclaimer : I'm not responsible for any bricked phones or other negative outcomes. This is what worked for me, but I'm far from being an expert. If you continue past this point you agree to take your time, do your reading, be responsible for your own device/actions and not hold me or the forum accountable for anything that might go wrong. You've been warned.
IMPORTANT NOTE #1
If you've picked up an H915 on ebay and you are intending to use it on a network other than the one it's SIM locked on, make sure you do the whole SIM unlock process on the stock ROM either before you get started at all, or once you've reverted to the vulnerable stock ROM after Step 1 below.
I actually use Telus as my provider and I wasted a bunch of time trying to figure out why I couldn't get signal because only the stock ROM will prompt you for a SIM Unlock code. Lineage will just sit there dumbly and not allow you to enable data.
Once you've unlocked the SIM it will stay unlocked from that point forward, just make sure to unlock it and verify your SIM is working with LTE on the stock ROM before you get started.
IMPORTANT NOTE #2
Use LGUP's "DUMP" feature to take a backup of ALL partitions on your phone before you start. If you're reading this thinking "I just bought this phone off ebay, there's nothing on it I care about", take the backup anyway. You never know when you might need a copy of the modem partitions or other things from your phone's original build. It came in super handy for me in troubleshooting the process. So go do a backup!
Current Issues:
If signal is too weak to connect to a tower (or non-existent), the OS tends to crash with a modem error. Still trying to figure this one out.
I think I can get this working without first jumping to US996 but haven't had a chance to verify that. If I do I'll update the thread.
Download Prerequisites
Links working as of 2021-06-29
LGUP with patch
Link
Working adb/fastboot environment
Instructions
Download
Fastboot Drivers
Link
Universal ADB Driver
Link
Videotron/Freedom H915 Android 7 (Nougat) version E - H91510e_00_VTR_CA_OP_1205.kdz
Link
USA General US996 Android 7 (Nougat) version F - US99610f_00_1205.kdz
Link
APK for Terminal Emulator
Link or Alternate Link
LG V20 Root Package Original (v4?)
Link
Old TWRP for Root Package
Link
Videotron/Freedom H915 Modem Partition Image
Link
Lineage Install Zip for H910 (grab the latest, I'm using lineage-18.1-20210506-nightly-h910-signed.zip which is already out of date)
Link
MindTheGapps
Link
(Optional, for rooting) Magisk
Link
Different Boot Modes
For those not familiar with these phones, there are three different "modes" the phone can boot into. Here's a quick reference on how to boot into each one.
Download Mode
This mode is used for pushing KDZ files or individual partition backups using LGUP
Turn Off Phone
Hold the Up-Volume Button
Insert USB-C Cable with other end already plugged into PC
Bootloader (aka Fastboot) Mode
The H915 doesn't come with this mode by default. If you try it, you'll just get battery charging. We'll be temporarily converting the phone to a US996 in order to use the DirtySanta exploit to replace the bootloader partition with a leaked Engineering aboot.
This mode is used with the fastboot tool to load the TWRP utility into the Recovery partition.
Turn Off Phone
Hold the Down-Volume Button
Insert USB-C Cable with other end already plugged into PC
Recovery Mode
The recovery mode on a stock phone is used to perform a factory reset. We will be using the Factory Reset a couple times with the stock ROMs, then replacing the contents of the recovery partition with the TWRP tool that allows us to format partitions, load partition images, and sideload apps and LineageOS itself.
Turn Off Phone
Hold the Down-Volume Button
Press and hold Power-On (rear fingerprint sensor/button). When LG Logo appears, release power button for 1 second then press and hold again
When "Factory Data Reset" appears, release all buttons
Press Volume Down to highlight "Yes" then press power button to select the option
Repeat for the confirmation
Note about flashing KDZ files using LGUP
You can flash KDZ files onto the phone using LGUP from two places - either with the phone in "Download Mode", or with the phone booted into the OS with the USB Options set to "File Transfer" and USB Debugging turned on.
The difference between these two is when it performs the OS compatibility check.
In Download Mode it's the code of the Download Mode partition that does the check. In the OS, it's the OS that does the check before booting to Download Mode and bypassing Download Mode's check.
Why is this important? Because when converting from one phone to another (Say, an H915 to a US996 like we do below), you initially can't flash the KDZ using LGUP's "Upgrade" function. You can only use "Partition DL" to replace the contents of partitions with the contents of the KDZ. This kind of works, but ends up with a phone that will sometimes identify as a H915 (in Download Mode) but sometimes identify as a US996 (in the OS). To clean it up, once you've done the Partition DL method, you can do it again from the OS and use the Upgrade method to get a really clean install.
It works going back the other way as well when you want to return to stock.
If this doesn't make sense, don't worry. You don't need to fully understand it to follow the instructions below, I just found it to be interesting info that didn't seem to appear in other threads.
Process Overview
Revert the phone to an old/vulnerable stock Nougat ROM for Videotron/Freedom Mobile
Enable Dev Options
Dump contents of US996 KDZ partitions over top of existing partitions
Cleanup by re-flashing US996 KDZ partitions over top of existing partitions
Transfer files to the SDCard and install Terminal Emulator
Unlock the Bootloader using the DirtySanta exploit
Boot to old TWRP and install new TWRP
Boot to new TWRP, install LineageOS, Google Apps, and flash modem partition image
Reboot to LineageOS
Actual Process
1 - Revert the phone to an old/vulnerable stock Nougat ROM for Videotron/Freedom Mobile
We need to be on Nougat for this to work, so if you're on Oreo you have to downgrade to Nougat before we begin. I chose a Nougat ROM for the H915 that's vulnerable to the DirtySanta exploit because I know it works and because I'm hoping in the future to be able to skip converting the phone to a US996 if possible.
Boot phone into Download Mode
Launch LGUP with Patch
Select "Upgrade" radio button
Select bin file : H91510e_00_VTR_CA_OP_1205.kdz
Click Start
When finished phone will reboot
1.5 - Do this if Step 1 Failed... Otherwise continue to Step 2
Depending on what's loaded on your phone when you start, it might complain about doing Step 1. This should allow us to bypass the issue and allow Step 1 to work. You can use this step if you've already converted the phone to another model as long as it's not bricked.
Boot phone into download mode
Launch LGIP with Patch
Select "PartitionDL" radio button
Select bin file : H91510e_00_VTR_CA_OP_1205.kdz
Click Start
Click the "Select All" partitions checkbox and click OK. When done it will reboot.
If it hangs or loops on reboot, boot into "Recovery Mode" (which at this point will Factory Reset the OS)
The phone boots into the OS
Quickly go through setup wizard. Skip as many things as possible.
Go Settings - General - About Phone - Software Info - Make sure it identifies as H91510e
Change the USB Option mode to "File Transfer"
Then repeat Step 1, but from inside the OS instead of in Download Mode
2 - Enable Dev Options and File Transfer Mode
We need these enabled after every time we flash the OS so that our LGUP and adb commands will work. You'll get used to doing these steps a bunch.
Quickly go through setup wizard. Skip as many things as possible.
Unplug USB-C cable
Swipe down from the top and change from USB Charging mode to File Transfer mode
Settings - General - About Phone - Software Info
Tap on Build Number many times until it unlocks Developer Mode
Go back 2 menus and enter the new "Developer Options" menus
Make sure "Enable OEM Unlock" is enabled
Enable "USB Debugging" (will be greyed out if USB-C cable is still attached)
Go back to main screen
Plug USB-C cable back in.
A pop-up will appear asking to Allow USB Debugging. Check the "Always Allow" box and tap OK
3 - Dump contents of US996 KDZ partitions over top of existing partition
The Videotron/Freedom KDZ has no Bootloader/Fastboot mode. If you try to enter bootloader mode you'll just end up charging the battery. So we have to cross-flash the US996 KDZ to get a phone with a bootloader which we can then replace with the engineering version using the DirtySanta exploit.
Boot phone into download mode
Launch LGUP with Patch
Select "PartitionDL" radio button
Select bin file : US99610f_00_1205.kdz
Click Start
Click the "Select All" partitions checkbox and click OK
When the phone boots back into the OS, repeat all of Step 2.
Note: If it asks for a password on startup, follow the "Boot to Recovery" steps and since
we don't have anything loaded in the recovery partition it will wipe/erase the phone
and remove the password.
4 - Cleanup by re-flashing US996 KDZ partitions over top of existing partitions
As mentioned in the "Note about flashing KDZ files using LGUP" section above, after you use the PartitionDL method you get a kind of dirty phone image that doesn't always identify as its new model. To clean up, we repeat the process in Upgrade Mode, taking advantage of the fact that at least the OS now identifies as US996 even if Download Mode doesn't. After this, Download Mode will also identify as US996.
Starting booted into the OS with a USB-C cable attached (File Transfer mode, USB Debugging on):
Launch LGUP with Patch
Select "Upgrade" radio button
Select bin file : US99610f_00_1205.kdz
Click Start
When the phone boots back into the OS, repeat all of Step 2.
5 - Transfer files to the SDCard and install Terminal Emulator
We will need some files on the SDCard in the phone in order to install them, either inside the OS (in the case of Terminal Emulator), or later on from TWRP. The Terminal Emulator will be used for the DirtySanta exploit so we need to get that installed now.
Make sure the USB Connection is set to Data Transfer mode and copy the following files to the SDCard:
APK for Terminal Emulator
twrp-3.5.1_9-0-us996.img
h915freedommobilemodem.img
Enable installing apps from unknown sources by:
Settings - General - Fingerprints and Security - Unknown sources (turn it On)
Install Terminal Emulator:
Tools - File Manager
Choose "Allow" when prompted
Click the up-arrow next to "Internal Storage"
Choose SD Card
Scroll down and tap on jackpal.androidterm-1.0.70-71-minAPI4.apk
Install
6 - Unlock the Bootloader using the DirtySanta exploit
The US996 KDZ has a bootloader but it's locked. In order to unlock it we need to use the DirtySanta exploit to give us permissions to replace the Bootloader/Fastboot with a leaked engineering version.
Starting booted into the OS with a USB-C cable attached (File Transfer mode, USB Debugging on):
Settings - General - About Phone - Software Info
Verify that Software Version lists as US99610f
Copy the twrp-3.0.2-1-us996.img file into the folder containing the LG V20 Root Package
Open a command prompt window and change to the folder containing the LG V20 Root Package and run "Step1.bat"
It will push multiple files to the phone and apply some patches/exploits.
This proces will take 5 minutes and put you out at an "elsa:/ $" prompt
At this "elsa:/ $" prompt in your command prompt window type the following:
run-as con
chmod 0777 /storage/emulated/0/*
On the phone, launch Terminal Emulator and run the following:
id
Verify that the string which comes back contains the string "context-u:r:untrusted_app".
If not, run Step1.bat again, else continue forward
Enter the follosing command into Terminal Emulator (be very careful to type it properly):
applypatch /system/bin/atd /storage/emulated/0/dirtysanta
If that command came back with an error, close and re-open Terminal Emulator and try again
The command should begin to patch another file. This will take 5 minutes and will return you to the "elsa:/ $" prompt in Terminal Emulator when it has finished
Open another command prompt to the same folder and run "Step2.bat"
This step will download backup copies of the boot and aboot partitions from the phone then boot the phone into bootloader/fastboot mode.
You'll know it worked if the first line at the top of the phone screen appears in red
In the command prompt window, run Step3.bat
It will flash boot1.img and the TWRP Recovery image multiple times then restart the phone
The phone will hang, no matter how long it's left. Wait 5 minutes (at least until the logo re-loads once) then do the following:
Unplug the USB-C cable
Remove the battery from the phone to turn it off
Replace the battery
Boot into Fastboot mode and run the following commands in your command prompt:
fastboot flash boot bootbackup.img
Remove the USB-C cable and battery to turn off the phone. Then replace the battery and enter Recovery Mode
The phone will show a big red exclamation mark saying "Your device is corrupt". This is normal. It will go away after a few seconds then boot into recovery. This error screen is the result of the engineering "aboot" image that was flashed to give us an unlocked bootloader and will always happen on boot.
7 - Boot to old TWRP and install new TWRP
The old version of TWRP recovery will load. Don't ask me why we can't just go straight to new TWRP above, it didn't work well when I tried it.
If it asks for a password to decrypt data, click Cancel
Swipe to allow modifications
Install - Select Storage - MicroSD Card - OK
Install Image - Scroll down and tap the "twrp-3.5.1_9-0-us996.img"
Select the Recovery partition and swipe to confirm flash
Back to main menu
Reboot - Recovery
8 - Boot to new TWRP, install LineageOS, Google Apps, and flash modem partition image
The new version of TWRP will load:
Check the "Never show this screen during boot again" box
Swipe to allow modifications
Wipe - Format Data - type "yes" to continue
This is likely to fail the first time. Repeat it to properly format the data partition.
Go back to Main Menu - Wipe - Advanced Wipe - Select "Dalvik / ART Cache", "System", and "Cache"
Swipe to wipe
Back to main menu
Advanced - ADB Sideload
Plug in USB-C cable
Swipe to start sideload
In command prompt window on PC type the following:
adb sideload lineage-18.1-20210506-nightly-h910-signed.zip
When complete tap "back" and "ADB Sideload" and swipe again to apply another file:
adb sideload MindTheGapps-11.0.0-arm64-20210412_124247.zip
If you want to root the phone (completely optional, not necessary for this process), now is the time to do it. Tap "back" and "ADB Sideload" and swipe again to apply another file:
adb sideload Magisk-v23.zip
Go back to main menu - Install - Install Image - tap the h915freedommobilemodem.img file
Select the Modem partition and swipe to confirm flash
Remove USB-C cable
9. Reboot to LineageOS
Go back to main menu - Reboot - System - Swipe to reboot
References where I got the info to make this tutorial
Official Lineage 18.1 for LG V20 Release Thread
LineageOS Wiki for H910
DirtySanta Bootloader Unlock and Root Guide (Original)
H910 Rooting Thread (Cross-flash H915 then DirtySanta to US996)
H915 Root, TWRP using DirtySanta [WorkingSignals]
Noob Friendly Root TWRP using DirtySanta
General info about Modem Hardware, Firmware, Radio Interface Layer
[Reserved]
thank you so much. i need it
Great job for writing a complete how-to guide!
Thank You, You saved my old V20 H915
hi have you been able to find a better modem?
btw i'm not able to decrypt under twrp, can you?
Just want to confirm, it's only guide wich works for me. But I have issues with modem:
1. When I tried to change mode of modem, "prefered network type", phone stayed in the loop of the kernel panic "modem crash"
2. It were difficult to revert changes back. Finally, safe mode (in order to get it, you need to press volume up and volume down in the same time, during LinageOS booting process) helped me - when I disabled airplan mode, I had 2-10 seconds until next kernel panic. And in ~10 attempts, I were able to finally switch modem's mode to GSM/WDCMA/LTE
3. I used this phone 3 days, and once the kernel panic (because of modem) happened again
Any ideas what to do with modem? Also, the picture "Your phone is corrupt" is not fan Any ideas how to change it?
I did my best to follow all the instructions but after step 7's reboot I just get blocks full of static. I can tell it's trying to do fresh install setup though from what's peeking through the blocks.
Riot54 said:
I did my best to follow all the instructions but after step 7's reboot I just get blocks full of static. I can tell it's trying to do fresh install setup though from what's peeking through the blocks.
Click to expand...
Click to collapse
This is normal. Flash a kernel that's patched for dirty santa OR, cover the proximity sensor on boot and keep it covered until boot is complete.
That worked, thanks.
After multiple attempts going back and forth with step 6, I finally did it! I might switch to Lighthouse or Arros but I wouldn't have gotten this far without your guide.