I'm still attempting this myself, current test involves proxying through Europe, thought maybe lg started filtering ip's from the us models running euro roms to prevent the token from unlocking it. No evidence of it but just a thought. I'm even seeing if a few of my coder friends can sift through the bootloader machine code after I disassembled it, but I wouldn't get your hopes up, machine code isn't exactly a specialty of theirs, wish I had that nice ida convert back to c option, c code would actually be useful in this situation.
Sent from my Amazon Kindle Fire HD using Tapatalk