[Root & Bootloader Unlock] Docomo Optimus G

Search This thread

jcase

Retired Forum Mod / Senior Recognized Developer
Feb 20, 2010
6,307
15,757
Sequim WA
Original source: http://www.androidpolice.com/2013/01/21/exclusive-how-to-root-ntt-docomos-lg-optimus-g/

Credits:
adb backdoor: giantpune
Duct tape guru: jcase
bootloader: Team Codefire http://xdaforums.com/showthread.php?t=2001655
Testers: Shados and germes81m

Donations:
For giantpune : Paypal to giantpune@gmail.com
For jcase : http://xdaforums.com/donatetome.php?u=2376614

Download: http://d-h.st/d6p

Files: (Verify the MD5s before proceeding)
MD5 (boot.img) = 175c1bdaabbbbcbd7a4b69a315057e5b
MD5 (hotplug) = 9fbef20822281a2dd546b3e43d8c30dd
MD5 (lk.img) = bc54a6a730658550713a0779b30bf6b7
MD5 (unlock.sh) = 3871c2dde3d6b1d99d27ffa4021c81d3


Fastboot Drivers (needed for windows):
http://xdaforums.com/showthread.php?t=1996051

Notice:
This is an at your own risk kind of thing, if your phone becomes damaged or data lost, your
fault not mine. This does install a unsecured (ro.secure=0) boot image in the process, this
does potentially open your device to security risks (as do most customized firmwares.)


Story:
The Docomo Optimus G ships with a mandatory access control system, that prevents
remounting system, reading boot, executing some things as root, etc general pain in the butt.

We are using a backdoor found by giantpune (and later by Juggie). The backdoor is partially
broken on this device due to the MAC, so it does not yield a root shell for us. However we
can still use it with a couple extra steps to unlock the bootloader\s. We are also going to
install a modified boot img, that removes some of the phone's security features, and allows
us to actually have root access.

Notes:
Graphic glitches will occur while in the bootloader, you will have to use the bootloader 'blind'


Follow directions exactly.

Directions:


Code:
adb push lk.img /data/local/tmp/lk.img

adb push unlock.sh /data/local/tmp/unlock.sh

adb shell chmod 755 /data/local/tmp/unlock.sh

adb shell touch /sdcard/g_security

Disable USB Debugging, then enable usb debugging

Code:
adb shell id

Should recieve an error about not executing /system/bin/sh, this is what we want. If you
don't have the error, start over.

Code:
adb push hotplug /proc/sys/kernel/hotplug

Now toggle bluetooth once, and wait for your phone to display a garbaled screen (the bootloader).
If it displays a blank screen instead of a garbled screen, pull battery, reboot and run 'adb reboot bootloader'

Code:
fastboot devices

If you see your device listed, continue. If not then find the proper drivers, and then
continue.

Code:
fastboot flash boot boot.img
fastboot reboot
adb shell /sbin/rootme.sh

If your phone does not reconnect to your mobile network, try rebooting it serveral times.
If it does not still, then reflash stock firmware.

We are using supersu, and the app https://play.google.com/store/apps/details?id=eu.chainfire.supersu
is needed.
 
Last edited:

xonar_

Senior Member
Jun 1, 2012
810
619
Between here and there
a4vXv.png



I ran out of time, and without the device it is a PITA. I believe something in the kernel is protecting system, possible SEAndroid or something with similar protections.

Will be going back at this later this week, any ideas?

I don't have a Optimus G or a varient therof. I'm just helping a guy extracting the *.tot file and I came accross this.

and looking at the ls output

-rwsr-s-r-x root root su

Its wrong. Setuid bit is not set for other and it won't allow for increasing permissions when run.
 

jcase

Retired Forum Mod / Senior Recognized Developer
Feb 20, 2010
6,307
15,757
Sequim WA
Re: [Root] Docomo Optimus G

Good catch, will fix and try again when I get a chance. This still doesn't fix sh refusing to run as root.

The ccs-init is preventing it, and remounting.

I don't have a Optimus G or a varient therof. I'm just helping a guy extracting the *.tot file and I came accross this.

and looking at the ls output



Its wrong. Setuid bit is not set for other and it won't allow for increasing permissions when run.
 
Last edited:

jcase

Retired Forum Mod / Senior Recognized Developer
Feb 20, 2010
6,307
15,757
Sequim WA
Yes this wasn't the issue.

I don't have a Optimus G or a varient therof. I'm just helping a guy extracting the *.tot file and I came accross this.

and looking at the ls output



Its wrong. Setuid bit is not set for other and it won't allow for increasing permissions when run.
 

xonar_

Senior Member
Jun 1, 2012
810
619
Between here and there
Yes this wasn't the issue.

What does logcat say?

Try creating a minimalistic binary

Code:
#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>

int main()
{
  if(setuid(0)==-1)
  {
    printf("Failed Setting Root UID : %s",strerror(errno));
  }
  else
  {
    printf("Success!\nCurrent UID : %d",getuid());
  }

  return 0;
}
 
Last edited:

jcase

Retired Forum Mod / Senior Recognized Developer
Feb 20, 2010
6,307
15,757
Sequim WA
It failed, Docomo used a MAC (ccs-init/ccs-audit). We got the bootloader unlocked yesterday, so we can removed the access control. I'll post details in the morning.

What does logcat say?

Try creating a minimalistic binary

Code:
#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>

int main()
{
  if(setuid(0)==-1)
  {
    printf("Failed Setting Root UID : %s",strerror(errno));
  }
  else
  {
    printf("Success!\nCurrent UID : %d",getuid());
  }

  return 0;
}
 

Misudoll

Senior Member
May 17, 2012
142
23
Beijing
DOCOMO LG OPTIMUS G user here..how can I help sir Jcase?

EDITTEDT: you know how to flash stock firmware if there would be any issues?

use the lg flash tool and .tot file.uploading complete,you may download now and make a mirror if possible.I'll post a guide on our group later.
still cannot find the kdz file of this device...

---------- Post added at 09:01 AM ---------- Previous post was at 08:41 AM ----------

Original source: http://www.androidpolice.com/2013/01/21/exclusive-how-to-root-ntt-docomos-lg-optimus-g/

Credits:
adb backdoor: giantpune
Duct tape guru: jcase
bootloader: Team Codefire http://xdaforums.com/showthread.php?t=2001655
Testers: Shados and germes81m

Files: (Verify the MD5s before proceeding)
MD5 (boot.img) = 175c1bdaabbbbcbd7a4b69a315057e5b
MD5 (hotplug) = 9fbef20822281a2dd546b3e43d8c30dd
MD5 (lk.img) = bc54a6a730658550713a0779b30bf6b7
MD5 (unlock.sh) = 3871c2dde3d6b1d99d27ffa4021c81d3

it's an amazing job indeed. we're really grateful for what you've done on rooting the L-01E.:good::good::good:
do i have the permission to reprint this thread on other bbs in my country? I'll indicate the source of course.

THX again for rooting L-01E:fingers-crossed:
best regards.
 

jcase

Retired Forum Mod / Senior Recognized Developer
Feb 20, 2010
6,307
15,757
Sequim WA
use the lg flash tool and .tot file.uploading complete,you may download now and make a mirror if possible.I'll post a guide on our group later.
still cannot find the kdz file of this device...

---------- Post added at 09:01 AM ---------- Previous post was at 08:41 AM ----------



it's an amazing job indeed. we're really grateful for what you've done on rooting the L-01E.:good::good::good:
do i have the permission to reprint this thread on other bbs in my country? I'll indicate the source of course.

THX again for rooting L-01E:fingers-crossed:
best regards.


Repost as you wish, would be nice to have the README stay intact, as well as linking to the source.
 
  • Like
Reactions: Misudoll

chacho_2me

Senior Member
ammmm... i dont know why i cant install the the fastboot drivers... i only installed the lg united drivers...and some drivers via windows update.... need help.. already tried uninstall the driver and restarted the PC..but everytime i rebooted back.. drivers is again there.eventhough i disconnected my internet... yeah i know im dumb...sorry
 

jcase

Retired Forum Mod / Senior Recognized Developer
Feb 20, 2010
6,307
15,757
Sequim WA
ammmm... i dont know why i cant install the the fastboot drivers... i only installed the lg united drivers...and some drivers via windows update.... need help.. already tried uninstall the driver and restarted the PC..but everytime i rebooted back.. drivers is again there.eventhough i disconnected my internet... yeah i know im dumb...sorry

Not sure, not familiar enough with windows to give advice.
 

Misudoll

Senior Member
May 17, 2012
142
23
Beijing
It is OS independent, as long as fastboot and adb work.

so i shall open usb debugging at first and connect with the computer.and then follow the instructions to root the device?

and this step==> Now toggle bluetooth once
means i shall turn on and turn off the bluetooth,or just open it one time?
thx
 

demonntl

Senior Member
Jun 22, 2009
201
43
Ho Chi Minh
It would be nice if we can have a video instruction.
i will try to root tonight, and may be made a video if i can root.
Thank you Jcase for the wonderful job.
 

loogeo

Member
Feb 12, 2012
14
0
ChangSha
finally 10 post......:cyclops:
I have a dev LG F160S...It like F180...This is the first LG phone with 2G RAM
and This is the first LG phone with 4.1 jb :)....This is a great phone:D。。。but LG lock the BL...Can you help me to unlock the bl?

I can provide the .tot
offical aboot,recovery,boot here

btw,You can experiment with my phone:fingers-crossed:
 

Top Liked Posts

  • There are no posts matching your filters.
  • 14
    Original source: http://www.androidpolice.com/2013/01/21/exclusive-how-to-root-ntt-docomos-lg-optimus-g/

    Credits:
    adb backdoor: giantpune
    Duct tape guru: jcase
    bootloader: Team Codefire http://xdaforums.com/showthread.php?t=2001655
    Testers: Shados and germes81m

    Donations:
    For giantpune : Paypal to giantpune@gmail.com
    For jcase : http://xdaforums.com/donatetome.php?u=2376614

    Download: http://d-h.st/d6p

    Files: (Verify the MD5s before proceeding)
    MD5 (boot.img) = 175c1bdaabbbbcbd7a4b69a315057e5b
    MD5 (hotplug) = 9fbef20822281a2dd546b3e43d8c30dd
    MD5 (lk.img) = bc54a6a730658550713a0779b30bf6b7
    MD5 (unlock.sh) = 3871c2dde3d6b1d99d27ffa4021c81d3


    Fastboot Drivers (needed for windows):
    http://xdaforums.com/showthread.php?t=1996051

    Notice:
    This is an at your own risk kind of thing, if your phone becomes damaged or data lost, your
    fault not mine. This does install a unsecured (ro.secure=0) boot image in the process, this
    does potentially open your device to security risks (as do most customized firmwares.)


    Story:
    The Docomo Optimus G ships with a mandatory access control system, that prevents
    remounting system, reading boot, executing some things as root, etc general pain in the butt.

    We are using a backdoor found by giantpune (and later by Juggie). The backdoor is partially
    broken on this device due to the MAC, so it does not yield a root shell for us. However we
    can still use it with a couple extra steps to unlock the bootloader\s. We are also going to
    install a modified boot img, that removes some of the phone's security features, and allows
    us to actually have root access.

    Notes:
    Graphic glitches will occur while in the bootloader, you will have to use the bootloader 'blind'


    Follow directions exactly.

    Directions:


    Code:
    adb push lk.img /data/local/tmp/lk.img
    
    adb push unlock.sh /data/local/tmp/unlock.sh
    
    adb shell chmod 755 /data/local/tmp/unlock.sh
    
    adb shell touch /sdcard/g_security

    Disable USB Debugging, then enable usb debugging

    Code:
    adb shell id

    Should recieve an error about not executing /system/bin/sh, this is what we want. If you
    don't have the error, start over.

    Code:
    adb push hotplug /proc/sys/kernel/hotplug

    Now toggle bluetooth once, and wait for your phone to display a garbaled screen (the bootloader).
    If it displays a blank screen instead of a garbled screen, pull battery, reboot and run 'adb reboot bootloader'

    Code:
    fastboot devices

    If you see your device listed, continue. If not then find the proper drivers, and then
    continue.

    Code:
    fastboot flash boot boot.img
    fastboot reboot
    adb shell /sbin/rootme.sh

    If your phone does not reconnect to your mobile network, try rebooting it serveral times.
    If it does not still, then reflash stock firmware.

    We are using supersu, and the app https://play.google.com/store/apps/details?id=eu.chainfire.supersu
    is needed.
    3
    It failed, Docomo used a MAC (ccs-init/ccs-audit). We got the bootloader unlocked yesterday, so we can removed the access control. I'll post details in the morning.

    What does logcat say?

    Try creating a minimalistic binary

    Code:
    #include <sys/types.h>
    #include <unistd.h>
    #include <stdio.h>
    #include <errno.h>
    #include <string.h>
    
    int main()
    {
      if(setuid(0)==-1)
      {
        printf("Failed Setting Root UID : %s",strerror(errno));
      }
      else
      {
        printf("Success!\nCurrent UID : %d",getuid());
      }
    
      return 0;
    }
    1
    use the lg flash tool and .tot file.uploading complete,you may download now and make a mirror if possible.I'll post a guide on our group later.
    still cannot find the kdz file of this device...

    ---------- Post added at 09:01 AM ---------- Previous post was at 08:41 AM ----------



    it's an amazing job indeed. we're really grateful for what you've done on rooting the L-01E.:good::good::good:
    do i have the permission to reprint this thread on other bbs in my country? I'll indicate the source of course.

    THX again for rooting L-01E:fingers-crossed:
    best regards.


    Repost as you wish, would be nice to have the README stay intact, as well as linking to the source.
    1
    so looks like I am one of the first to confirm JCASE and his friends Rooting Procedure... ITS WORKING!!!!!

    but please be informed that since I had problems installing fastboot on windows... i used my Fedora to be safe... but I believe once you are sure with your fastboot drivers..then you too will not have any problems

    I know I may look redundant..but I want to share what I did so that some people can follow because I myself had some issues...

    so here goes.

    * my system was fedora 18 32bit

    1. I searched for android on the fedora package manager
    - Android Platform Tools (adb,fastboot)
    2. Downloaded the files as per sir JCASE
    3. on terminal, I followed this Commands

    adb push lk.img /data/local/tmp/lk.img

    adb push unlock.sh /data/local/tmp/unlock.sh

    adb shell chmod 755 /data/local/tmp/unlock.sh

    adb shell touch /sdcard/g_security

    4. Was kinda nervous about Disabling and Re-enabling USB DEBUGGING,

    so what I did is that I disconnected and reconnected my phone :)

    5. verified if my device is still seen by adb via this command

    adb devices

    6. once verified, then do this command

    adb shell id

    7. and I smiled when I had the error

    ---not executing /system/bin/sh

    8. next was this command

    adb push hotplug /proc/sys/kernel/hotplug

    9. Then I just Clicked the BLUETOOTH ICON in the STATUS BAR and then I did had the Screen Issue (and yup it is normal)

    10. CHecked if my device is connected via fastboot by this command

    fastboot devices

    11. Once my Device was seen, i followed these commands

    fastboot flash boot boot.img

    fastboot reboot

    12. after few seconds of reboot..I did this command


    adb shell /sbin/rootme.sh

    13. Then there was the note to install SuperSU

    14. After installation, I had some issues with network..so i restarted 2x

    15. And now I have Root, I just installed Cache Mate just to make sure and it worked


    Sorry Sir Jcase for being redundant

    anyway, this will not happen without the help of sir JCASW..so in behalf of all the L-01E Users, THANK YOU SO MUCH!!!!

    maybe this week..i will treat you with some coffee or beer.. hahahaha.. CHEERS!!!


    ***PLEASE TAKE NOTE THE COMMANDS from sir JCASE.. maybe due to my excitement, maybe i had some mixed up with the commands..

    again sir JCASE..thank you so much!!!
    1
    so at this step just click the bluetooth button once and that will do
    am I right dude ?
    congratulations you finally get the device root :D

    Sent from my LG-F160L using xda premium

    Yes toggle is turn off or on.