About
UsU = Unofficial secureboot-off/steadfasterX Unlock
*works with any G4 model. Even though the h818 can be unlocked as well the touch display does not work anymore (should be possible to resolve but.. read on).
so I decided to remove it from the UsU unlock. Read the details and process here: h818 topic
This will "unlock" your bootloader and so enables you to install TWRP and custom ROMS as you like.
To be honest unlock is not the correct wording but I will still refer to it as unlock as the result is the same:
UsU will disable "Secure Boot" which verifies signatures on several partitions like: boot and recovery. Disabling secureboot means it will still verify and give you a secure boot error on boot BUT it will ignore and just boot afterwards (similar to a regular unlock).
This is the outcome of a loooooooong finding process. long? I started with the first attempt in this over 1 year ago. yes.. (think about my nickname heh?!)
A lot of stuff happend since then which all together helped me to accomplish UsU at the very end (yes all these links are my work including some brave testers ofc! ).
You wanna know how this big puzzle fits together?
UsU is not just an unlock! Its a combination of massive changes in TWRP, the G4 kernel and providing all the tools around like FWUL or SALT!
It was really my biggest project in android development and its not just providing the actual unlock files
HINT:
OPEN THIS THREAD IN A BROWSER!
NOT IN AN APP!
THATS THE ONLY WAY TO FULLY SEE EVERYTHING AS IT SHOULD BE
REQUIREMENTS
UsU does not care about a country version of a model (e.g. H815 TWN and H815 TUR are all referring to as H815).
So you will find only the main part of your model listed which means it will work for any of them!
1) Your device should be one of these (SALT will detect your device and only allows to flash for these variants):
Note: SALT will tell you which ROM type is compatible with your device within the main screen: GPT compatibility
Yes there is a way to flash also H815 ROMs on those who do not support it out-of-the-box but this is very risky and requires either a change of the partition table or the ROM build developer need to change the fstab (riskless for you)
2) ARB less or equal 2
So ARB 3,4,5,........ WILL NOT WORK!!
Details:
Just use SALT to identify your current ARB and read here how to identify and verify: G4 AntiRollback
* Reason:
UsU is based on an ARB 2 based aboot (part of the bootloader stack - see FAQ #27) and so ARB > 2 will hard-hard brick your device if you would flash UsU on it. Hard-Hard brick means no way to recover other then sending for repair.
3) Your device firmware must be MM(keep Requirement #2 in your mind when upgrading to MM)
which one? I highly recommend the latest MM version for your model --> but again beware of the ARB (not greater then 2)!
H812 devices need special attention though: v20x or higher is strictly required before flashing!
Details:
LIMITATIONS / KNOWN ISSUES
(bootloader stack is explained and described in FAQ 27)
Downloads
YES. ALL of them:
Flash UsU with SALT
(requires SALT v3.21 / mAid v3.2 or higher)
Before proceeding ensure that you have read and understood the "Limitations" topic and the "Changes in behavior" topic in this thread!
If you have a Windows PC the easiest way to get SALT is by flashing mAid v3.2 or higher on an USB stick (if you had read the "Downloads" topic above you should know that already).
Before you ask if there is a Windows version of SALT: read the FAQ in the SALT thread.
UsU can be flashed in 3 different ways! Every way will unlock your device the only difference is where you place the UsU files. Choose the one which fits best for you:
OK enough about all this: LETS UNLEASH YOUR DEVICE!
Changes in behavior
Booting to recovery, custom ROM booting (or stock but rooted), booting into download mode
You will notice a secure boot error ... and it will boot!!
... and NO: THIS MESSAGE CAN NOT BE REMOVED! If you can't live with that do not unlock
Fastboot
After you unlocked your device with this method you will also have an unlocked fastboot mode which can be accessed by a key combo:
you can NOT: fastboot boot .. as this is blocked like in the semi-official N bootloader stack.
TWRP/Recovery hardware key combo
Flashing UsU changes the way the regular factory reset screen key combo is working.
After flashing UsU we can boot directly into TWRP!
Factory reset hardware key combo
As written above the regular key combo to get into the LG factory reset screen changes a bit:
Proofs
Keep in mind: UsU will work for ANY LG G4 model and does not care about country specific ones, too! When I say: ANY, I MEAN any!
The only device which is a real special one because of different hardware (2 SIM slots) is the H818 which can be unlocked but has issues (see above)
confirmed:
Support / Telegram
Of course in this thread but also by Telegram. I have created a generic group for all stuff around Android : here
and another one if you want to keep up2date whenever I build something (TWRP, SHRP, LOS, /e/, ...): here
Model specific ROM threads
Making the baseband flashing obsolete
Well time goes by and so things change in the meantime. I have found a way to make the baseband flashing obsolete but that requires to flash either a device model specific ROM or kernel.
That means:
Credits
XDA:DevDB Information
Unofficial secureboot-off/steadfasterX Unlock, Tool/Utility for the LG G4
Contributors
steadfasterX, the_naxhoo (tester), SePhIrOtX (tester), Chebhou (tester), fawadshah33 (tester), DoughMucker (tester), shane87 (tester), Guy Noir (tester), networkkid (tester), ling751am (tester), jmfecon (tester), r3pwn (tester)
Version Information
Status: Stable
Stable Release Date: 2018-03-08
Alpha Release Date (PoC): 2017-07-28
Created 2018-03-08
UsU = Unofficial secureboot-off/steadfasterX Unlock
*works with any G4 model. Even though the h818 can be unlocked as well the touch display does not work anymore (should be possible to resolve but.. read on).
so I decided to remove it from the UsU unlock. Read the details and process here: h818 topic
This will "unlock" your bootloader and so enables you to install TWRP and custom ROMS as you like.
To be honest unlock is not the correct wording but I will still refer to it as unlock as the result is the same:
UsU will disable "Secure Boot" which verifies signatures on several partitions like: boot and recovery. Disabling secureboot means it will still verify and give you a secure boot error on boot BUT it will ignore and just boot afterwards (similar to a regular unlock).
This is the outcome of a loooooooong finding process. long? I started with the first attempt in this over 1 year ago. yes.. (think about my nickname heh?!)
A lot of stuff happend since then which all together helped me to accomplish UsU at the very end (yes all these links are my work including some brave testers ofc! ).
You wanna know how this big puzzle fits together?
UsU is not just an unlock! Its a combination of massive changes in TWRP, the G4 kernel and providing all the tools around like FWUL or SALT!
It was really my biggest project in android development and its not just providing the actual unlock files
- Hijacking the boot process via EFIdroid, TWRP in FIsH and FIsH in general
- AntiRollback and firehose(!) findings
- Partition tables for any G4
- mAid (fka FWUL) because I needed a valid base for all my testers (one of the reasons why I started FWUL)
- The LG-Up replacement and now unlocking tool SALT ! Without SALT this all would be absolutely crazy risky and absolutely nothing for the average user!
- many many unlock methods/theories (and millions of times soft and hard bricked) in my PoC thread
- while unbricking I found a way to unbrick even when QFIl fails with my sdcard unbrick method
- hard-hard bricked (no other recovery then by LG / chip replacement) for 4 times.. (thanks ILAPO!)
- many TWRP tests and changes to detect UsU devices properly
HINT:
OPEN THIS THREAD IN A BROWSER!
NOT IN AN APP!
THATS THE ONLY WAY TO FULLY SEE EVERYTHING AS IT SHOULD BE
REQUIREMENTS
UsU does not care about a country version of a model (e.g. H815 TWN and H815 TUR are all referring to as H815).
So you will find only the main part of your model listed which means it will work for any of them!
1) Your device should be one of these (SALT will detect your device and only allows to flash for these variants):
- LS991
- F500
- H810
- H811 (wth? yes that works but.. you can unlock OFFICIALLY! its just a fastboot command!)
- H812 (NOTE: firmware: v20x or higher is strictly required before flashing!)
- H815 - any non EUR
- H815 EUR (wth? yes that works but.. you can unlock OFFICIALLY! its just a login on the LG website)
- disabled: H818 (KNOWN ISSUE: TOUCH STOPS WORKING! current state)
- H819
- US991
- VS986
Note: SALT will tell you which ROM type is compatible with your device within the main screen: GPT compatibility
Yes there is a way to flash also H815 ROMs on those who do not support it out-of-the-box but this is very risky and requires either a change of the partition table or the ROM build developer need to change the fstab (riskless for you)
2) ARB less or equal 2
So ARB 3,4,5,........ WILL NOT WORK!!
Details:
Just use SALT to identify your current ARB and read here how to identify and verify: G4 AntiRollback
* Reason:
UsU is based on an ARB 2 based aboot (part of the bootloader stack - see FAQ #27) and so ARB > 2 will hard-hard brick your device if you would flash UsU on it. Hard-Hard brick means no way to recover other then sending for repair.
3) Your device firmware must be MM(keep Requirement #2 in your mind when upgrading to MM)
which one? I highly recommend the latest MM version for your model --> but again beware of the ARB (not greater then 2)!
H812 devices need special attention though: v20x or higher is strictly required before flashing!
Details:
Yes you can flash and use UsU even when on LP but believe me: you don't want to. You will encounter issues sooner or later when runnin LP so take your time and upgrade your device to MM before proceeding here.
LIMITATIONS / KNOWN ISSUES
(bootloader stack is explained and described in FAQ 27)
- 1) Do not use QFIL or flash any KDZ / TOTs or any ROM containing a bootloader stack (like v29a pure does) ! You WILL loose unlock and may hard-hard-brick your device (at least HARD BRICK)!
- 2) Do not use QFIL or flash any KDZ / TOTs or any ROM containing a bootloader stack (like v29a pure does) ! You WILL loose unlock and may hard-hard-brick your device (at least HARD BRICK)!
- 3) Do not flash any MM or N bootloader stack containing the file named: aboot. This will immediately lock your device and so definitively HARD BRICK!
- 4) If you want to flash a MM or N modem partition (aka firmware) you need to re-flash <model>_UsU_basebands_flash-in-twrp.zip otherwise you will bootloop, stuck on boot or see a blue screen with a modem crash (this may change if I ever get my kernel module working...)
- 5) If a ROM has no active developer or the developer has not made it UsU compatible you may need to open the ROM zip file on your PC and change the update-script within (just remove the assert line(s) at the top is enough)
- 6) The fastboot mode coming with UsU will enable fastboot flash but the command fastboot boot will not work (like on the semi-official N bootloader stack)
- 7) Most important: Once you go this way - there is (maybe) no way back! SERIOUSLY. The only way to make the device exactly like before is replacing the mainboard. If you're scared: good.
Read the new findings on that part here - some models may be able to revert UsU!
Think twice and don't complain later if you go on! - 8) Do not use QFIL or flash any KDZ / TOTs or any ROM containing a bootloader stack (like v29a pure does) ! You WILL loose unlock and may hard-hard-brick your device (at least HARD BRICK)!
- 9) video framerates are lowered after flashing UsU. This is due to the fact that required files for high performance video will not load properly anymore and so must be replaced. Replacing those firmware files is a risk and as it is working ok enough for the most users that patch will not be included in any ROM. If you really think you need this patched ensure you read the instructions here thoroughly and understand them 100% before proceeding to apply it: G4-VideoLag-Fix
Code:
#include <std_disclaimer.h>
/*
* Your warranty is now (maybe) void (well not really but just for the case...)
*
* I'am not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research if you have any concerns about this howto/unlock method
* before using it! ---> YOU <--- are choosing to make these modifications, and if
* you point the finger at me for messing up your device, I will laugh at you.
*
*/
Downloads
YES. ALL of them:
- Latest unlock package by steadfasterX (download the one for your device model only) --> <model>_UsU_unlock.zip (mirror)
- Latest baseband package (download the one for your device model only) --> <model>_UsU_baseband_flash-in-twrp.zip (mirror)
- Latest TWRP (PREVIEW-103 or higher!) by steadfasterX
- Nougat TWRP (if you plan to use + flash Nougat ROMs)
- Oreo TWRP (if you plan to use + flash Oreo ROMs)
- Pie TWRP (if you plan to use + flash Pie ROMs) - A custom ROM of your choice (see Requirements topic to find a compatible one!) --> e.g. all newer builds here: http://leech.binbash.rocks:8008/
- Linux: I highly recommend to use mAid . This is an android lovers live ISO which can be booted from an USB stick which has everything needed on board - including SALT!
Latest mAid *persistent* by steadfasterX (HAVE TO be version 2.6 or later!): maid.binbash.rocks
only if NOT using mAid:Latest SALT version (minimum version: v3.19!) by steadfasterX: SALT - Important note about bootloader/modem stuff!
You will find on several ROM threads the hint that you must have a specific bootloader stack (FAQ #27) in order to make the ROM working properly.
What in reality is needed on these ROMs is just the MODEM (aka firmware) partition nothing else. Believe me I know this for sure
1) Flash required modem partition in TWRP or fastboot mode
2) if using a ROM which is NOT specific an UsU ROM: Flash your baseband package (<model>_UsU_baseband_flash-in-twrp.zip) in TWRP again!! If you don't you will get bootloops, android hanging on boot or modem SoC crashes (blue demigod screen)
Flash UsU with SALT
(requires SALT v3.21 / mAid v3.2 or higher)
Before proceeding ensure that you have read and understood the "Limitations" topic and the "Changes in behavior" topic in this thread!
If you have a Windows PC the easiest way to get SALT is by flashing mAid v3.2 or higher on an USB stick (if you had read the "Downloads" topic above you should know that already).
Before you ask if there is a Windows version of SALT: read the FAQ in the SALT thread.
UsU can be flashed in 3 different ways! Every way will unlock your device the only difference is where you place the UsU files. Choose the one which fits best for you:
- by an external sdcard (must be VFAT formatted)
- by using your internal storage
- by direct flashing (only when available - SALT will show this option only when possible for your device)
OK enough about all this: LETS UNLEASH YOUR DEVICE!
- At very first: ensure you are using the LATEST version of SALT!
SALT contains an internal updater and when a new version has been detected online it will display an upgrade hint. DO THAT if you see any. It doesn't hurt to also trigger the update process even if you see no popup just to be sure that you have the latest version. You can also check the SALT release notes and compare the version with yours (title of the SALT window displays your version).
That step is really easy but incredible important. Do not miss that! - Just to say it again as its crucial important: USE THE SALT UPDATER to ensure you have the latest version!
- Extract <model>_UsU_unlock.zip and copy the aboot_UsU.img, laf_UsU.img and rawres_UsU.img to either:
a) your external SDcard (directly on the external sdcard - not in any folder!). The sdcard must be formatted as VFAT.
or
b) connect your running Android device with your PC, select MTP mode in Android and copy it to the:
- "Internal Storage" and folder "Download" (exactly there!) - Start SALT
- If you have not done already: DO A BACKUP NOW I'm serious this is your last chance to grab the important files and it just takes some minutes (in basic mode) but you have all in place if needed!
If you skip this step no one may can help you later! - Notice and WRITE DOWN the "GPT compatibility" info! DO NOT PROCEED IF IT STATES "unknown"
This part will become crucial important when it comes to which ROM you can flash!
The only valid information about that can be found in SALT!- If you see a "H811" there you have to flash H811 ROMs later (if no specific ROM is available for your model)
- If you see a "H815" there you have to flash H815 ROMs later (if no specific ROM is available for your model)
- If you see a "unknown" there you have to STOP and provide the SALT debug log (advanced menu)
- Open the Advanced Menu
- Click the "Unlock G4 (UsU)" button and read carefully the popup. Click Unlock, choose your unlock way and follow the instructions
- If the UsU flashing fails for any reason (SALT will do important pre-checks and validiations before actually flashing):
If you see a popup about UsU flashing has partially failed do not be scared - just read and follow the instructions!
If you see a different error: do not reboot or power off the device! Ask for support and provide the debug log in SALT (in Advanced Menu -> Debug Logfile button -> Upload button and share the link)!
- If the UsU flashing was successful (SALT will validate the flashing) continue:
Boot your device into fastboot mode (yes UsU has enabled an unlockedfastboot access for you!):- take out the battery
- unplug the usb cable from the PC (not from the device)
- Insert the battery again
- wait 2 sec
- press volume DOWN and while keeping it pressed: plug the USB cable to the device
- keep volume DOWN pressed until you see the fastboot screen
- Flash TWRP (yes you can do that now... because of UsU!):
fastboot flash recovery <twrp.img> (replace <twrp.img> with the real filename) - YOU MUST boot to TWRP now (you will notice a secure boot error but TWRP will load!):
- disconnect USB cable
- take out battery
- put battery back in
- press volume down AND the power button and keep both pressed until.. you see TWRP!
Gotcha! Try that with a locked phone and you will fail!
- If you do not boot to TWRP after flashing it it will get OVERWRITTEN and you have to do all the steps for flashing TWRP again!
- Optional (not needed when you flash an UsU compatible ROM later) Flash the baseband package now: <model>_UsU_baseband_flash-in-twrp.zip
- While still in TWRP choose REBOOT menu and reboot to RECOVERY (yes again!)
- Notice: TWRP will show your REAL device model when connected to the PC now.
If not: SHARE THE recovery LOG (how-to for grabbing the recovery log is written in FAQ #4A)! - I would say: its a good time to create a TWRP backup isn't it (ensure you also select "Bootloader" in TWRP backup)?
- I HIGHLY RECOMMEND to do nothing else now. Just boot into your ROM as it is! Check if everything is working and proceed only if it boots fine and works fine!
- Optional: just root now. Use Magisk or SuperSU to root your current installed stock ROM to see that it works
- Done. Do not miss to read the Changes in behavior topic!
- Whats next? Lol you are FREE! Flash SuperSu, Magisk or a custom ROM. Up to you. Flashing issues? Read the LIMITATIONS/KNOWN ISSUES topic (especially #1, #2, #3).
Changes in behavior
Booting to recovery, custom ROM booting (or stock but rooted), booting into download mode
You will notice a secure boot error ... and it will boot!!
... and NO: THIS MESSAGE CAN NOT BE REMOVED! If you can't live with that do not unlock
Fastboot
After you unlocked your device with this method you will also have an unlocked fastboot mode which can be accessed by a key combo:
- take out the battery
- unplug the usb cable from the PC (not from the device)
- Insert the battery again
- wait 2 sec
- press volume DOWN and while keeping it pressed: plug the USB cable to the device
- keep volume DOWN pressed until you see the fastboot screen
you can NOT: fastboot boot .. as this is blocked like in the semi-official N bootloader stack.
TWRP/Recovery hardware key combo
Flashing UsU changes the way the regular factory reset screen key combo is working.
After flashing UsU we can boot directly into TWRP!
- power off device
- unplug the usb cable from the device (if any)
- press volume DOWN + power button and KEEP THEM BOTH pressed the WHOLE TIME until you see "Recovery loading" or TWRP
Factory reset hardware key combo
As written above the regular key combo to get into the LG factory reset screen changes a bit:
- power off device
- disconnect any usb cable from the device
- press volume UP + power button and KEEP THEM BOTH pressed until you see the LG logo the first time! THEN you have to immediately release the power button (ONLY that) and press and keep holding the power button directly again! Keep them pressed until you see the white LG factory reset screen
Proofs
Keep in mind: UsU will work for ANY LG G4 model and does not care about country specific ones, too! When I say: ANY, I MEAN any!
The only device which is a real special one because of different hardware (2 SIM slots) is the H818 which can be unlocked but has issues (see above)
confirmed:
- check the current poll results: https://xdaforums.com/poll.php?do=showresults&pollid=26680
- LS991 (confirmed) --> https://xdaforums.com/poll.php?do=showresults&pollid=26680
- F500 (confirmed) --> https://xdaforums.com/poll.php?do=showresults&pollid=26680
- H810 (confirmed) --> https://xdaforums.com/showpost.php?p=75126190&postcount=298 and https://xdaforums.com/showpost.php?p=75736723&postcount=456
- H812 (confirmed) --> https://xdaforums.com/showpost.php?p=75126190&postcount=298
- H815 (confirmed) --> My own one! and https://xdaforums.com/showpost.php?p=75086602&postcount=276 and https://xdaforums.com/showpost.php?p=75737617&postcount=458
- H818 (confirmed)* --> https://xdaforums.com/showpost.php?p=75133410&postcount=307 * SEE ABOVE REGARDING THE CURRENT ISSUES
- H819 (confirmed) --> https://xdaforums.com/poll.php?do=showresults&pollid=26680
- US991 (confirmed) --> https://xdaforums.com/poll.php?do=showresults&pollid=26680
- VS986 (confirmed) --> https://xdaforums.com/showpost.php?p=75109841&postcount=293
Support / Telegram
Of course in this thread but also by Telegram. I have created a generic group for all stuff around Android : here
and another one if you want to keep up2date whenever I build something (TWRP, SHRP, LOS, /e/, ...): here
Model specific ROM threads
- H810:
- AOSCP Nougat
- LineageOS Oreo - general LOS all-in-one thread
- LineageOS Pie - all-in-one thread
- /e/ OS Pie - all-in-one-thread
- H812:
- AOSCP Nougat
-LineageOS Oreo(deprecated) new: general LOS all-in-one thread
- AtomicOS
- LineageOS Pie - all-in-one thread
- /e/ OS Pie - all-in-one-thread
- H815:
- AOSCP Nougat
-LineageOS Oreo(deprecated) new: general LOS all-in-one thread
- LineageOS Pie - all-in-one thread
- /e/ OS Pie - all-in-one-thread
- VS986:
- AOSCP Nougat
-LineageOS Oreo(deprecated) new: general LOS all-in-one thread
- LineageOS Pie - all-in-one thread
- /e/ OS Pie - all-in-one-thread
- any other model:
- LineageOS Oreo - all-in-one thread
- LineageOS Pie - all-in-one thread
- /e/ OS Pie - all-in-one-thread
Making the baseband flashing obsolete
Well time goes by and so things change in the meantime. I have found a way to make the baseband flashing obsolete but that requires to flash either a device model specific ROM or kernel.
That means:
- When you flash a full UsU compatible ROM (like those linked above) there is no need anymore to flash the baseband package.
- When you flash another ROM which is not fully UsU compatible you can flash a kernel with UsU patches and so can avoid flashing the baseband package as well.
The UsU kernels can be found here. - When the ROM is neither fully UsU compatible nor there is no kernel with UsU patches you can or better must flash the baseband package.
Credits
- Mohd Saqib for the ls991 userdebug bootloader (https://forum.gsmdevelopers.com/lg-g-series-unified/32523-lg-g4-h811-boot-repair-qfil.html) stack. Without him.. no "unlock"
- LG for making a faulty mainboard which allowed me to replace it without an issue several times after hard-hard bricking
- Me - steadfasterX bc I have done all this almost alone (besides the brave testers ofc) AND: just for FUN ! (I *CAN* UNLOCK OFFICIALLY!) and as the the whole guide and method is the result of many many days ... lol noooo *MONTHS* (!!!) of spending my free time on this topic!
- neutrondev (details about technical understanding + support)
- uio88 (donator), jasonlindholm (recurring unteachable donator!), pablo103 (donator), britx (donator), ReeS86 (donator), ling751am (donator), 01189998819991197253 (donator), Korpse (donator), decibel_nv (donator), bdasmith (donator), hteles (donator), Leg0V0geL (donator), britx (donator), doop (donator), street_android (donator), ErismaSS (donator), ingcolchado (donator), fauxmight (donator), NwOg1984 (donator), pablogrs (donator), romanofski(donator), nenich78 (donator)
The overall sum (just for UsU) of donations (as of 2023-04-03): $252 !
While donations are accepted and appreciated there is NO need for it. I have done all this for fun and I like thx clicks more then money LOL
XDA:DevDB Information
Unofficial secureboot-off/steadfasterX Unlock, Tool/Utility for the LG G4
Contributors
steadfasterX, the_naxhoo (tester), SePhIrOtX (tester), Chebhou (tester), fawadshah33 (tester), DoughMucker (tester), shane87 (tester), Guy Noir (tester), networkkid (tester), ling751am (tester), jmfecon (tester), r3pwn (tester)
Version Information
Status: Stable
Stable Release Date: 2018-03-08
Alpha Release Date (PoC): 2017-07-28
Created 2018-03-08
Attachments
-
screenshot_003.png69.2 KB · Views: 13,711
-
screenshot_004.png46.8 KB · Views: 13,201
-
screenshot_005.png26.6 KB · Views: 12,876
-
screenshot_006.png31 KB · Views: 11,443
-
screenshot_007.png13.1 KB · Views: 10,698
-
screenshot_009.png18.2 KB · Views: 10,362
-
screenshot_012.png32.2 KB · Views: 9,984
-
screenshot_013.png131.4 KB · Views: 10,026
-
screenshot_014.png15.7 KB · Views: 10,219
Last edited: