Root LG G3 & Partition information

Search This thread
By:
Advanced…
hoangnova

hoangnova

Senior Member
Feb 25, 2011
445
1,050
40
GB
Root 4.4.2 G3
--------------
Updated: 8 Jull 2014.

Use this method. It's easy.
http://xdaforums.com/showthread.php?t=2791091



----------------

1. Install LG Driver

2. Enable USB Debug :
Setting -> About phone -> Software infomation -> tap 7 times on Build number
Go back Setting -> Developer options -> Tick USB debugging
Connnect computer with PTP

3. Download roottool - Thanks @jarari2 here and extract.
Run Run.bat press any key to go to Recovery <3e>
Chose apply update from ADB in recovery 3e

root_lg_g3_step1-jpg.28111


Then press any key from command window


root_lg_g3_step2-jpg.28112


Last step, press reboot and Root G3 success

Source: lgviet.com
 

Attachments

  • root_lg_g3_step1.jpg
    root_lg_g3_step1.jpg
    53.9 KB · Views: 2,164
  • root_lg_g3_step2.jpg
    root_lg_g3_step2.jpg
    59.8 KB · Views: 2,213
Last edited:
  • Like
Reactions: joe zack, Jiggity Janx, chevro1et and 19 others
hoangnova

hoangnova

Senior Member
Feb 25, 2011
445
1,050
40
GB
LG G3 Full partition info:

G3 has 2 bootloaders ?!



adb shell ls -la /dev/block/platform/msm_sdcc.1/by-name/

lrwxrwxrwx root root 1970-01-01 08:13 DDR -> /dev/block/mmcblk0p4
lrwxrwxrwx root root 1970-01-01 08:13 aboot -> /dev/block/mmcblk0p5
lrwxrwxrwx root root 1970-01-01 08:13 abootf -> /dev/block/mmcblk0p16
lrwxrwxrwx root root 1970-01-01 08:13 boot -> /dev/block/mmcblk0p18
lrwxrwxrwx root root 1970-01-01 08:13 cache -> /dev/block/mmcblk0p41
lrwxrwxrwx root root 1970-01-01 08:13 dbi -> /dev/block/mmcblk0p3
lrwxrwxrwx root root 1970-01-01 08:13 dbibak -> /dev/block/mmcblk0p10
lrwxrwxrwx root root 1970-01-01 08:13 drm -> /dev/block/mmcblk0p36
lrwxrwxrwx root root 1970-01-01 08:13 eksst -> /dev/block/mmcblk0p29
lrwxrwxrwx root root 1970-01-01 08:13 encrypt -> /dev/block/mmcblk0p28
lrwxrwxrwx root root 1970-01-01 08:13 factory -> /dev/block/mmcblk0p39
lrwxrwxrwx root root 1970-01-01 08:13 fota -> /dev/block/mmcblk0p34
lrwxrwxrwx root root 1970-01-01 08:13 fsc -> /dev/block/mmcblk0p25
lrwxrwxrwx root root 1970-01-01 08:13 fsg -> /dev/block/mmcblk0p24
lrwxrwxrwx root root 1970-01-01 08:13 grow -> /dev/block/mmcblk0p43
lrwxrwxrwx root root 1970-01-01 08:13 laf -> /dev/block/mmcblk0p33
lrwxrwxrwx root root 1970-01-01 08:13 misc -> /dev/block/mmcblk0p32
lrwxrwxrwx root root 1970-01-01 08:13 modem -> /dev/block/mmcblk0p1
lrwxrwxrwx root root 1970-01-01 08:13 modemst1 -> /dev/block/mmcblk0p21
lrwxrwxrwx root root 1970-01-01 08:13 modemst2 -> /dev/block/mmcblk0p22
lrwxrwxrwx root root 1970-01-01 08:13 mpt -> /dev/block/mmcblk0p38
lrwxrwxrwx root root 1970-01-01 08:13 pad -> /dev/block/mmcblk0p8
lrwxrwxrwx root root 1970-01-01 08:13 pad1 -> /dev/block/mmcblk0p23
lrwxrwxrwx root root 1970-01-01 08:13 pad2 -> /dev/block/mmcblk0p27
lrwxrwxrwx root root 1970-01-01 08:13 persist -> /dev/block/mmcblk0p19
lrwxrwxrwx root root 1970-01-01 08:13 rct -> /dev/block/mmcblk0p30
lrwxrwxrwx root root 1970-01-01 08:13 recovery -> /dev/block/mmcblk0p20
lrwxrwxrwx root root 1970-01-01 08:13 rpm -> /dev/block/mmcblk0p6
lrwxrwxrwx root root 1970-01-01 08:13 rpmbak -> /dev/block/mmcblk0p11
lrwxrwxrwx root root 1970-01-01 08:13 rpmf -> /dev/block/mmcblk0p13
lrwxrwxrwx root root 1970-01-01 08:13 sbl1 -> /dev/block/mmcblk0p2
lrwxrwxrwx root root 1970-01-01 08:13 sbl1b -> /dev/block/mmcblk0p9
lrwxrwxrwx root root 1970-01-01 08:13 sdif -> /dev/block/mmcblk0p15
lrwxrwxrwx root root 1970-01-01 08:13 sns -> /dev/block/mmcblk0p37
lrwxrwxrwx root root 1970-01-01 08:13 spare1 -> /dev/block/mmcblk0p17
lrwxrwxrwx root root 1970-01-01 08:13 spare2 -> /dev/block/mmcblk0p31
lrwxrwxrwx root root 1970-01-01 08:13 spare3 -> /dev/block/mmcblk0p35
lrwxrwxrwx root root 1970-01-01 08:13 ssd -> /dev/block/mmcblk0p26
lrwxrwxrwx root root 1970-01-01 08:13 system -> /dev/block/mmcblk0p40
lrwxrwxrwx root root 1970-01-01 08:13 tz -> /dev/block/mmcblk0p7
lrwxrwxrwx root root 1970-01-01 08:13 tzbak -> /dev/block/mmcblk0p12
lrwxrwxrwx root root 1970-01-01 08:13 tzf -> /dev/block/mmcblk0p14
lrwxrwxrwx root root 1970-01-01 08:13 userdata -> /dev/block/mmcblk0p42
 
Fentadroid

Fentadroid

Senior Member
Jan 23, 2014
579
121
47
Turin
It appears rootool.zip was made for Optimus G Pro... so they used the same program to root i guess...
 
hoangnova

hoangnova

Senior Member
Feb 25, 2011
445
1,050
40
GB
major minor #blocks name

179 0 30535680 mmcblk0
179 1 65536 mmcblk0p1
179 2 1024 mmcblk0p2
179 3 512 mmcblk0p3
179 4 512 mmcblk0p4
179 5 2048 mmcblk0p5
179 6 1024 mmcblk0p6
179 7 1024 mmcblk0p7
179 8 4 mmcblk0p8
179 9 1024 mmcblk0p9
179 10 512 mmcblk0p10
179 11 1024 mmcblk0p11
179 12 1024 mmcblk0p12
179 13 1024 mmcblk0p13
179 14 1024 mmcblk0p14
179 15 512 mmcblk0p15
179 16 2048 mmcblk0p16
179 17 2044 mmcblk0p17
179 18 16384 mmcblk0p18
179 19 32768 mmcblk0p19
179 20 16384 mmcblk0p20
179 21 3072 mmcblk0p21
179 22 3072 mmcblk0p22
179 23 4 mmcblk0p23
179 24 3072 mmcblk0p24
179 25 512 mmcblk0p25
179 26 512 mmcblk0p26
179 27 4 mmcblk0p27
179 28 512 mmcblk0p28
179 29 512 mmcblk0p29
179 30 8 mmcblk0p30
179 31 5104 mmcblk0p31
259 0 16384 mmcblk0p32
259 1 32768 mmcblk0p33
259 2 32768 mmcblk0p34
259 3 16384 mmcblk0p35
259 4 8192 mmcblk0p36
259 5 8192 mmcblk0p37
259 6 32768 mmcblk0p38
259 7 32768 mmcblk0p39
259 8 2523136 mmcblk0p40
259 9 868352 mmcblk0p41
259 10 26783226 mmcblk0p42
259 11 501 mmcblk0p43
179 32 4096 mmcblk0rpmb
 
hoangnova

hoangnova

Senior Member
Feb 25, 2011
445
1,050
40
GB
LG G3 Build.prop

Code: 
# begin build properties
# autogenerated by buildinfo.sh
ro.build.id=KVT49L.F400K10b
ro.build.display.id=KVT49L.F400K10b
ro.build.version.incremental=F400K10b.1400553914
ro.build.version.sdk=19
ro.build.version.codename=REL
ro.build.version.release=4.4.2
ro.build.date=Tue May 20 11:58:06 KST 2014
ro.build.date.utc=1400554686
ro.build.type=user
ro.build.user=hoyoung25.kim
ro.build.host=LGEARND1B13
ro.build.tags=release-keys
ro.product.model=LG-F400K
ro.product.brand=lge
ro.product.name=g3_kt_kr
ro.product.device=g3
ro.product.board=MSM8974
ro.product.cpu.abi=armeabi-v7a
ro.product.cpu.abi2=armeabi
ro.product.manufacturer=LGE
ro.product.locale.language=ko
ro.product.locale.region=KR
ro.wifi.channels=
ro.board.platform=msm8974
# ro.build.product is obsolete; use ro.product.device
ro.build.product=g3
# Do not try to parse ro.build.description or .fingerprint
ro.build.description=g3_kt_kr-user 4.4.2 KVT49L.F400K10b F400K10b.1400553914 release-keys
ro.build.fingerprint=lge/g3_kt_kr/g3:4.4.2/KVT49L.F400K10b/F400K10b.1400553914:user/release-keys
ro.build.characteristics=default
# end build properties
#
# from device/lge/g3/system.prop
#
#
# system.prop for msm8974
#

rild.libpath=/vendor/lib/libril-qc-qmi-1.so
rild.libargs=-d /dev/smd0
persist.rild.nitz_plmn=
persist.rild.nitz_long_ons_0=
persist.rild.nitz_long_ons_1=
persist.rild.nitz_long_ons_2=
persist.rild.nitz_long_ons_3=
persist.rild.nitz_short_ons_0=
persist.rild.nitz_short_ons_1=
persist.rild.nitz_short_ons_2=
persist.rild.nitz_short_ons_3=
ril.subscription.types=NV,RUIM
DEVICE_PROVISIONED=1
# Start in GWL mode (NETWORK_MODE_LTE_GSM_WCDMA)
#ro.telephony.default_network=9

debug.sf.hw=1
debug.egl.hw=1
debug.composition.type=c2d
persist.hwc.mdpcomp.enable=true
debug.mdpcomp.logs=0
dalvik.vm.heapsize=36m
dev.pm.dyn_samplingrate=1
persist.demo.hdmirotationlock=false

ro.hdmi.enable=true
persist.speaker.prot.enable=false

#
# system props for the cne module
#
persist.cne.feature=1

#system props for the MM modules

media.stagefright.enable-player=true
media.stagefright.enable-http=true
media.stagefright.enable-aac=true
media.stagefright.enable-qcp=true
media.stagefright.enable-fma2dp=true
media.stagefright.enable-scan=true
mmp.enable.3g2=true
media.aac_51_output_enabled=true

#
# system props for the data modules
#
ro.use_data_netmgrd=true

#2013-08-31 kwangbin.yim@lge.com LGP_DATA_TEMPORARY_PATCH_FOR_G2_KLP_APP_TEST[START]
#persist.data.netmgrd.qos.enable=true
persist.data.netmgrd.qos.enable=false
#2013-08-31 kwangbin.yim@lge.com LGP_DATA_TEMPORARY_PATCH_FOR_G2_KLP_APP_TEST[END]

#system props for time-services
persist.timed.enable=true

#
# system prop for opengles version
#
# 196608 is decimal for 0x30000 to report version 3
ro.opengles.version=196608

# System property for cabl
ro.qualcomm.cabl=0

#
# System props for telephony
# System prop to turn on CdmaLTEPhone always
telephony.lteOnCdmaDevice=1

#Simulate sdcard on /data/media
#
persist.fuse_sdcard=true

#system prop for Bluetooth hci transport
ro.qualcomm.bt.hci_transport=smd

#
#snapdragon value add features
#
ro.qc.sdk.audio.ssr=false
##fluencetype can be "fluence" or "fluencepro" or "none"
ro.qc.sdk.audio.fluencetype=fluence
# LGE CHANGE_S, 2013-10-11, seonghyon.cho@lgepartner.com
#ro.qc.sdk.sensors.gestures=true
# LGE CHANGE_E, 2013-10-11, seonghyon.cho@lgepartner.com
ro.qc.sdk.camera.facialproc=false
#property to enable user to access Google WFD settings.
persist.debug.wfd.enable=1
#property to choose between virtual/external wfd display
persist.sys.wfd.virtual=0

# qualcomm sensors enable
#
# LGE CHANGE_S, 2013-10-29, G2-Task-Sensor@lge.com
# below sensor is default true by HAL source.
#ro.qualcomm.sensors.qmd=true
#ro.qc.sdk.sensors.gestures=true
#ro.qualcomm.sensors.pedometer=true
#ro.qc.sensors.step_detector=true
#ro.qc.sensors.step_counter=true
#ro.qualcomm.sensors.pam=true
#ro.qualcomm.sensors.scrn_ortn=true
#ro.qualcomm.sensors.smd=true
#ro.qualcomm.sensors.game_rv=true
#ro.qualcomm.sensors.georv=true
# LGE CHANGE_E, 2013-10-29, G2-Task-Sensor@lge.com

# qualcomm sensors debugging property
#
debug.qualcomm.sns.hal=i
debug.qualcomm.sns.daemon=i
debug.qualcomm.sns.libsensor1=e

# System props for audio
persist.audio.fluence.mode=endfire
persist.audio.handset.mic=digital
# LGE CHANGE_S, 2013-02-14, tomm.lee@lge.com
persist.audio.voicecall.mic=0
# LGE CHANGE_E, 2013-02-14, tomm.lee@lge.com
persist.audio.voice.clarity=none
# LGE CHANGE_E, 2013-05-09, jungsoo1221.lee@lge.com
persist.aanc.enable=false
persist.audio.headset_fluence=false
# LGE CHANGE, 2013-06-19, heejeong.seo@lge.com
persist.audio.handset_rx_type=DEFAULT
# LGE CHANGE, 2014-02-04, hoseong.kang@lge.com
use.voice.path.for.pcm.voip=true

#// LGE_CHANGE_S, [Net_Patch_0300][CALL_FRW][COMMON], 2012-05-25, Airplane Mode Pop-Up display property value {
ro.airplane.phoneapp=1
#// LGE_CHANGE_E, [Net_Patch_0300][CALL_FRW][COMMON], 2012-05-25, Airplane Mode Pop-Up display property value }

# [blue.park@lge.com] For Blue Error Handler V1.4
ro.blue_handler.level=0

# LGE_CHANGE_S [g2][framework][common] the screen auto-brightness adjustment setting
persist.power.useautobrightadj=true
# LGE_CHANGE_E [g2][framework][common] the screen auto-brightness adjustment setting

# LGE_CHANGE_S [g2][framework][protocol]
persist.radio.add_power_save=1
# LGE_CHANGE_E [g2][framework][protocol]

# LGE_CHANGE_S [g2][framework][common] Define HW key led feature
lge.hw.frontkeyled=false
# LGE_CHANGE_E [g2][framework][common] Define HW key led feature

# 2013-04-19 Bokyum.Kim (bokyum.kim@lge.com) [A1] Make a property named debug.strictmode and set it to 0 for StrictMode [START]
# Remove this property to save the space for other properties
# debug.strictmode=0
# 2013-04-19 Bokyum.Kim (bokyum.kim@lge.com) [A1] Make a property named debug.strictmode and set it to 0 for StrictMode [END]

# LGE_CHANGE_S [g2][framework][common] change lcd default brightness 149->173
#ro.lge.lcd_default_brightness=173
# LGE_CHANGE_S [g2][framework][common] change lcd default brightness 149->173

# LGE_CHANGE_S, [WiFi][hayun.kim@lge.com], 2013-01-22, Wifi Bring Up
# reserved wifi related property
dhcp.ap.macaddress=
dhcp.wlan0.dns1=
dhcp.wlan0.dns2=
dhcp.wlan0.dns3=
dhcp.wlan0.dns4=
dhcp.wlan0.gateway=
dhcp.wlan0.ipaddress=
dhcp.wlan0.leasetime=
dhcp.wlan0.mask=
dhcp.wlan0.pid=
dhcp.wlan0.reason=
dhcp.wlan0.result=
dhcp.wlan0.server=
dhcp.wlan0.vendorInfo=
dhcp.p2p.dns1=
dhcp.p2p.dns2=
dhcp.p2p.dns3=
dhcp.p2p.dns4=
dhcp.p2p.gateway=
dhcp.p2p.ipaddress=
dhcp.p2p.leasetime=
dhcp.p2p.mask=
dhcp.p2p.pid=
dhcp.p2p.reason=
dhcp.p2p.result=
dhcp.p2p.server=
dhcp.p2p.vendorInfo=
init.svc.dhcpcd_wlan0=
init.svc.dhcpcd_p2p=
init.svc.p2p_supplicant=
init.svc.iprenew_wlan0=
net.dns1=
net.dns2=
net.dnschange=
net.p2p-p2p0-0.dns1=
net.p2p-p2p0-0.dns2=
net.wlan0.dns1=
net.wlan0.dns2=
wlan.driver.status=
persist.sys.security=
persist.sys.hotssid.ksc5601=
wifi.lge.autochannel=
# LGE_CHANGE_S, [WiFi][hayun.kim@lge.com], 2013-01-22, Wifi Bring Up

# LGE_CHANGE_S Audio_Framework: HiFi Sound
# reduce Default minimum length allowed for offload in 30 sec.
audio.offload.min.duration.secs=30
# LGE_CHANGE_E

# LGE_CHANGE_S [CFW][Memory][dongsoo.joo@lge.com] Add oomAdj value
ro.sys.fw.bg_apps_limit=24
ro.sys.fw.mOomAdj1=0
ro.sys.fw.mOomAdj2=1
ro.sys.fw.mOomAdj3=2
ro.sys.fw.mOomAdj4=4
ro.sys.fw.mOomAdj5=9
ro.sys.fw.mOomAdj6=15
ro.sys.fw.mOomMinFree1=49152
ro.sys.fw.mOomMinFree2=61440
ro.sys.fw.mOomMinFree3=73728
ro.sys.fw.mOomMinFree4=114688
ro.sys.fw.mOomMinFree5=196608
ro.sys.fw.mOomMinFree6=245760
# LGE_CHANGE_E

#
# ADDITIONAL_BUILD_PROPERTIES
#
ro.build.target_operator=KT
ro.build.target_country=KR
ro.lge.swversion=F400K10b
ro.lge.swversion_short=V10b
ro.lge.swversion_rev=0
ro.lge.factoryversion=LGF400KAT-00-V10b-KT-KR-MAY-20-2014+0
ro.lge.heat_finish=51.0
telephony.lteOnCdmaDevice=0
ro.config.vibrate_type=1
persist.audio.nsenabled=OFF
persist.audio.spkcall_2mic=ON
persist.audio.spk_sm_fluence=OFF
persist.audio.voip_nsenabled=ON
persist.audio.nxp=ON
persist.audio.sm_fluence=ON
persist.audio.fluence.voicecall=true
ro.lge.bt_gain_control_factor=0.9
ime_extend_row_keyboard=true
ime_onehand_keyboard=true
ime_split_keyboard=true
ime_theme=true
ime_keyboard_layout=ko=QWERTY
ime_vibration_pattern=0:20
ro.config.vc_call_vol_steps=9
ro.config.vc_call_vol_default=5
ro.lge.lcd_default_brightness=177
ro.lge.dataprotect=1
lge.nfc.vendor=nxp
ro.com.google.gmsversion=4.4_r3
ro.setupwizard.mode=DISABLED
ro.livewallpaper.map=DISABLED
ro.com.google.apphider=off
tangible_device_config=B1BCNAOTNA
ro.lge.vib_magnitude_index=0,20,40,60,80,100,120,127
lge.normalizer.param=version2.0/true/9.6/true/10500/0.8/5200/0.42
ro.sdcrypto.syscall=378
ro.config.ringtone=01_Lifes_Good.ogg
ro.config.notification_sound=Crystal.ogg
ro.config.alarm_alert=Lifes_Good_Alarm.ogg
ro.config.timer_alert=Timer.ogg
ro.com.google.clientidbase=android-om-lge
ro.com.google.clientidbase.ms=android-kt-kr
ro.com.google.clientidbase.yt=android-om-lge
ro.com.google.clientidbase.am=android-kt-kr
ro.com.google.clientidbase.gmm=android-om-lge
drm.service.enabled=true
persist.sys.strictmode.disable=true
persist.hwc.mdpcomp.enable=true
ro.opengles.version=196608
ro.hwui.texture_cache_size=72
ro.hwui.layer_cache_size=48
ro.hwui.r_buffer_cache_size=8
ro.hwui.path_cache_size=32
ro.hwui.gradient_cache_size=1
ro.hwui.drop_shadow_cache_size=6
ro.hwui.texture_cache_flushrate=0.4
ro.hwui.text_small_cache_width=1024
ro.hwui.text_small_cache_height=1024
ro.hwui.text_large_cache_width=2048
ro.hwui.text_large_cache_height=1024
qcom.thermal=thermal-engine
ro.sf.lcd_density=640
persist.fuse_sdcard=true
persist.sys.emmc_size=0
persist.service.crash.enable=0
persist.sys.ssr.restart_level=3
ro.lge.zwait=false
audio.offload.disable=0
av.offload.enable=0
mm.enable.qcom_parser=37491
vidc.debug.level=1
mm.enable.smoothstreaming=true
persist.qcril.disable_retry=true
ro.com.android.dataroaming=false
ro.afwdata.LGfeatureset=KTBASE
ro.support_mpdn=true
net.tethering.noprovisioning=true
persist.lg.data.fd=-1
ro.vendor.extension_library=/vendor/lib/libqc-opt.so
ro.boot.svelte=1
keyguard.no_require_sim=true
ro.com.android.dateformat=MM-dd-yyyy
ro.carrier=unknown
dalvik.vm.heapstartsize=8m
dalvik.vm.heapgrowthlimit=256m
dalvik.vm.heapsize=512m
dalvik.vm.heaptargetutilization=0.25
dalvik.vm.heapminfree=4m
dalvik.vm.heapmaxfree=16m
persist.radio.apm_sim_not_pwdn=1
lge.signed_image=true
ro.lge.capp_splitwindow=true
persist.splitwindow.support_all=false
ro.lge.capp_ZDi_O=true
lge.zdi.actionsend=false
lge.zdi.onactivityresult=true
lge.zdi.dragdropintent=false
ro.lge.capp_hidenav=true
ro.lge.lcd_auto_brightness_mode=false
ro.lge.audio_soundexception=true
ro.lge.capp_emotional_led=true
ro.lge.capp_wfd=true
ro.lge.capp_almond=true
ro.lge.qslide.max_window=2
wlan.chip.vendor=brcm
wifi.lge.patch=true
dhcp.dlna.using=false
wlan.lge.concurrency=MCC
wlan.lge.supportsimaka=yes
wlan.lge.wifidisplay=both
wifi.lge.kt.cm=true
wifi.lge.hanglessid=true
wlan.chip.version=bcm4339
wifi.lge.common_hotspot=true
wlan.lge.dcf.enable=true
wlan.lge.dcf.poor_link_cnt=4
wlan.lge.softap5g=yes
ro.telephony.default_network=9
persist.sys.dalvik.vm.lib=libdvm.so
net.bt.name=Android
dalvik.vm.stack-trace-file=/data/anr/traces.txt
ro.qc.sdk.izat.premium_enabled=0
ro.qc.sdk.izat.service_mask=0x0
persist.gps.qc_nlp_in_use=1
persist.loc.nlp_name=com.qualcomm.services.location
ro.gps.agps_provider=1

Source: LGViet.com
 
E

ericzhf

Member
Feb 4, 2010
45
4
Rooted already? Thank you so much. Is that means G3 has unlocked bootloader?

Sent from my SAMSUNG-SGH-I337 using Tapatalk
 
R

rushless

Senior Member
Jan 16, 2008
3,684
446
Hoping the versions we get (especially Verizon) are just as simple. All I want to do is have write permissions for sd card and kill some bloat with Titanium.
 
thecubed

thecubed

Inactive Recognized Developer
Aug 19, 2008
1,046
10,458
Austin, TX
Anyone want to buy me one so we can start working on an unlock? ;)

Also, whomever owns this particular phone, please post aboot, abootf, SBL1,LAF, boot, and recovery.
There will be no personally identifiable information in those partitions, and it'll help speed up the whole process of getting recovery and unlocks ported.

EDIT: also, great job @hoangnova for getting this posted to get the momentum going.
Since your device is using test-keys for recovery, you could flash anything signed with the test-keys via sideload, which is an interesting find.

Thanks!
 
Last edited:
  • Like
Reactions: optimusv45, ant78, androitri and 5 others
hoangnova

hoangnova

Senior Member
Feb 25, 2011
445
1,050
40
GB
thecubed said:
Anyone want to buy me one so we can start working on an unlock? ;)

Also, whomever owns this particular phone, please post aboot, abootf, SBL1,LAF, boot, and recovery.
There will be no personally identifiable information in those partitions, and it'll help speed up the whole process of getting recovery and unlocks ported.

EDIT: also, great job @hoangnova for getting this posted to get the momentum going.
Since your device is using test-keys for recovery, you could flash anything signed with the test-keys via sideload, which is an interesting find.

Thanks!
Click to expand...
Click to collapse
we doesn't have test-key. (may be @jarari2 has this one)
Only one way to bypass bootloader : loki patch ( @djrbliss) , but since 4.4.2 Kitkat LG has patched this bug.
 
hoangnova

hoangnova

Senior Member
Feb 25, 2011
445
1,050
40
GB
thecubed said:
Anyone want to buy me one so we can start working on an unlock? ;)

Also, whomever owns this particular phone, please post aboot, abootf, SBL1,LAF, boot, and recovery.
There will be no personally identifiable information in those partitions, and it'll help speed up the whole process of getting recovery and unlocks ported.

EDIT: also, great job @hoangnova for getting this posted to get the momentum going.
Since your device is using test-keys for recovery, you could flash anything signed with the test-keys via sideload, which is an interesting find.

Thanks!
Click to expand...
Click to collapse

http://xdaforums.com/showthread.php?t=2766437
all partition dump here
 
thecubed

thecubed

Inactive Recognized Developer
Aug 19, 2008
1,046
10,458
Austin, TX
hoangnova said:
we doesn't have test-key. (may be @jarari2 has this one)
Only one way to bypass bootloader : loki patch ( @djrbliss) , but since 4.4.2 Kitkat LG has patched this bug.
Click to expand...
Click to collapse

Actually, we've been sitting on some possible avenues for bypassing SBL1's signature checking of ABOOT since the G2 and Flex, to allow us to flash a modified ABOOT that would not check signatures of boot images - however, for obvious reasons (loki still works, and downgrade attacks still work too) we have not released this or delved too deeply into a proof of concept.

We have also found some other suspicious code in the G2's bootloader that suggests an official unlock is feasible.

Having a device in-hand would definitely help though ;)
 
  • Like
Reactions: Jiggity Janx, Heisenberg420, Ralu and 4 others
hoangnova

hoangnova

Senior Member
Feb 25, 2011
445
1,050
40
GB
thecubed said:
Actually, we've been sitting on some possible avenues for bypassing SBL1's signature checking of ABOOT since the G2 and Flex, to allow us to flash a modified ABOOT that would not check signatures of boot images - however, for obvious reasons (loki still works, and downgrade attacks still work too) we have not released this or delved too deeply into a proof of concept.

We have also found some other suspicious code in the G2's bootloader that suggests an official unlock is feasible.

Having a device in-hand would definitely help though ;)
Click to expand...
Click to collapse

Thanks you for this info.
 
A

akyp

Senior Member
Mar 30, 2011
196
70
It's nice to see it rooted just days after announcement, even though it's for F400K (Korean version) so the same trick may not work on D855.
 
thecubed

thecubed

Inactive Recognized Developer
Aug 19, 2008
1,046
10,458
Austin, TX
Looks like there's not much difference between this bootloader, the G Flex, the G2, and most new MSM8974 devices.

Also contains the same curious strings and check code that we were interested in. Now we just have to throw it into IDA to confirm our suspicions. Me and IDA aren't exactly best friends, so it's a bit of a slow process, but we'll get there.

Now we just need to get the US versions dumped too :)
 
  • Like
Reactions: jal3223
You must log in or register to reply here.

Similar threads

A
[Guide]LG One Click Root - root LG firmwares (KitKat / Lollipop)
Replies
3K
Views
2M
Robertas725
Robertas725
hyelton
[Guide] LG G3 Stock Firmware (Go Back to Stock) KDZ &amp; TOT Method With LGUP
Replies
6K
Views
2M
Z
zhanghua520
CrawnberyJack
[LG G3] Android Marshmallow discussions
Replies
3K
Views
831K
L
lg g3 please0.
A
LG G3 D855 KDZ download
Replies
2K
Views
783K
chuyennho184
chuyennho184
digital-bug
[GUIDE][ROOT] Newest Root Method for LG devices
Replies
1K
Views
604K
A
alkanaft

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 22
    hoangnova
    hoangnova
    Root 4.4.2 G3
    --------------
    Updated: 8 Jull 2014.

    Use this method. It's easy.
    http://xdaforums.com/showthread.php?t=2791091



    ----------------

    1. Install LG Driver

    2. Enable USB Debug :
    Setting -> About phone -> Software infomation -> tap 7 times on Build number
    Go back Setting -> Developer options -> Tick USB debugging
    Connnect computer with PTP

    3. Download roottool - Thanks @jarari2 here and extract.
    Run Run.bat press any key to go to Recovery <3e>
    Chose apply update from ADB in recovery 3e

    root_lg_g3_step1-jpg.28111


    Then press any key from command window


    root_lg_g3_step2-jpg.28112


    Last step, press reboot and Root G3 success

    Source: lgviet.com
    View
    8
    thecubed
    thecubed
    Anyone want to buy me one so we can start working on an unlock? ;)

    Also, whomever owns this particular phone, please post aboot, abootf, SBL1,LAF, boot, and recovery.
    There will be no personally identifiable information in those partitions, and it'll help speed up the whole process of getting recovery and unlocks ported.

    EDIT: also, great job @hoangnova for getting this posted to get the momentum going.
    Since your device is using test-keys for recovery, you could flash anything signed with the test-keys via sideload, which is an interesting find.

    Thanks!
    View
    7
    thecubed
    thecubed
    hoangnova said:
    we doesn't have test-key. (may be @jarari2 has this one)
    Only one way to bypass bootloader : loki patch ( @djrbliss) , but since 4.4.2 Kitkat LG has patched this bug.
    Click to expand...
    Click to collapse

    Actually, we've been sitting on some possible avenues for bypassing SBL1's signature checking of ABOOT since the G2 and Flex, to allow us to flash a modified ABOOT that would not check signatures of boot images - however, for obvious reasons (loki still works, and downgrade attacks still work too) we have not released this or delved too deeply into a proof of concept.

    We have also found some other suspicious code in the G2's bootloader that suggests an official unlock is feasible.

    Having a device in-hand would definitely help though ;)
    View
    3
    K
    krmdb
    Hope this photo helps.uploadfromtaptalk1401607381790.jpg

    Sent from my SM-N9005 using XDA Premium HD app
    View
    2
    K
    krmdb
    Guitarfreak26 said:
    Is this a Korean version rooted?

    Sent from my SM-G900F using Tapatalk
    Click to expand...
    Click to collapse

    I tried this method for my Korean version F400L and it works well.
    View

New posts