• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[3.18.71-perf+][root] root shell for LG V20 variants

Search This thread

timba123

Senior Member
Feb 10, 2015
486
89
Maryland
LG V20
works great on H918 on latest Oreo.

use su98 to gain root shell, pull boot.img then install magisk manager and patch it then use dd to write boot back and reboot.. wayyyy easier then the other methods as far as lafsploit and dirty santa.. could prolly just dd twrp also now..

of course u need to unlick the bl first but after that ur golden.. at least on h918
Hello! Do you still have your H918? I unlocked my bootloader. I was on nougat 10S but am upgrading ota to oreo. I am interested in flashing patched magisk boot.img and twrp. What are the DD commands etc please?
 

timba123

Senior Member
Feb 10, 2015
486
89
Maryland
LG V20
I got twrp to install by using that tmp root shell and dd installed twrp. When i boot twrp it reboots. I think im close. Can i dd install the rooted boot.img from the oreo 20f rooted zip? I have extracted it. Maybe i can dd install the rooted boot.img too?
 

timba123

Senior Member
Feb 10, 2015
486
89
Maryland
LG V20
So with su98 root shell I dd flashed los recovery. Then flashed magisk. Then used twrp manager apk to install twrp and side loaded los 18.1. Thank you!!
 

Mysticblaze347

Senior Member
Jun 12, 2018
508
181
So with su98 root shell I dd flashed los recovery. Then flashed magisk. Then used twrp manager apk to install twrp and side loaded los 18.1. Thank you!!
I am guessing this is on an unlocked bootloader. My bootloader is locked (ls997) so I am not sure if will work for me. Be awesome If I can do twrp this way. I do have the shell running. Even a new kernel would be awesome via this way.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 15
    I made a root shell exploit based on CVE-2019-2215 for (some) 3.18 kernels. Tested on LS997 with 3.18.71-perf+ and latest (2018) patches. When you run it, it drops into a root shell. You may be able to use it to install a temp root binary, or just enjoy root privileges in the root shell. Is probably pretty buggy.

    Use at your own risk. Data corruption is possible.

    Download su98 from https://github.com/arpruss/cve2019-2215-3.18 . Then
    Code:
    adb push su98 /data/local/tmp
    adb shell
    cd /data/local/tmp
    chmod 755 su98
    ./su98

    Tell me what models it does or does not work on. It might work on some other phones than the LG V20, but I have no idea.

    **EDITED:** I've deleted the repository due to perhaps unnecessary legal scruples induced by this article: https://www.eff.org/deeplinks/2018/...s-whittle-our-own-personal-jailbreaking-tools
    2
    Ok going to try it and see if it works pls do wait as I am doing something else right now but I will see soon

    ---------- Post added at 06:53 AM ---------- Previous post was at 06:16 AM ----------

    This is the log i got I used su98.c in the command line not su98

    Microsoft Windows [Version 10.0.19042.388]
    (c) 2020 Microsoft Corporation. All rights reserved.

    C:\Users\mayuk>adb push C:\Users\mayuk\Downloads\su98.c /data/local/tmp
    C:\Users\mayuk\Downloads\su98.c: 1 file pushed, 0 skipped. 8.0 MB/s (36928 bytes in 0.004s)

    C:\Users\mayuk>adb shell
    elsa:/ $ cd /data/local/tmp
    elsa:/data/local/tmp $ chmod 755 su98.c
    elsa:/data/local/tmp $ ./su98
    /system/bin/sh: ./su98: not found
    127|elsa:/data/local/tmp $ ./su98.c
    MAIN: starting exploit for devices with waitqueue at 0x98
    PARENT: soon will be calling WRITEV
    CHILD: Doing EPOLL_CTL_DEL.
    CHILD: Finished EPOLL_CTL_DEL.
    CHILD: initial portion length 0x12000
    CHILD: task_struct_ptr = 0x0
    PARENT: writev() returns 0x13008
    PARENT: Reading leaked data
    CHILD: task_struct_ptr = 0x0
    CHILD: Finished write to FIFO.
    CHILD: **fail** problematic address pointer, e.g., 0
    MAIN: **fail** retrying
    PARENT: soon will be calling WRITEV
    CHILD: Doing EPOLL_CTL_DEL.
    CHILD: Finished EPOLL_CTL_DEL.
    CHILD: initial portion length 0x12000
    CHILD: task_struct_ptr = 0x0
    PARENT: writev() returns 0x13008
    PARENT: Reading leaked data
    CHILD: task_struct_ptr = 0x0
    CHILD: Finished write to FIFO.
    CHILD: **fail** problematic address pointer, e.g., 0
    MAIN: **fail** retrying
    PARENT: soon will be calling WRITEV
    CHILD: Doing EPOLL_CTL_DEL.
    CHILD: Finished EPOLL_CTL_DEL.
    CHILD: initial portion length 0x12000
    CHILD: task_struct_ptr = 0x0
    PARENT: writev() returns 0x13008
    PARENT: Reading leaked data
    CHILD: task_struct_ptr = 0x0
    CHILD: Finished write to FIFO.
    CHILD: **fail** problematic address pointer, e.g., 0
    MAIN: **fail** retrying
    Failed to leak data: error
    1|elsa:/data/local/tmp $

    the error is due to me already having root as all the new kernels like mk200 and EzV2020 uses 3.18.140 not 3.18.70
    2
    guys i have the file but i cant post the url as i am only a junior member sorry
    1
    works great on H918 on latest Oreo.

    use su98 to gain root shell, pull boot.img then install magisk manager and patch it then use dd to write boot back and reboot.. wayyyy easier then the other methods as far as lafsploit and dirty santa.. could prolly just dd twrp also now..

    of course u need to unlick the bl first but after that ur golden.. at least on h918
    1
    Did it (only rename the apk file for the keyboard)

    Well ****, I have no idea why it's not working.

    Did you try to manually install on your cell, and then run adb, adb phone, then run commands?