UPDATE Thanks to @thjubeck for testing this, it seems that this userdebug kernel actually works on all devices running antirollback v0 and running Marshmallow! I only have the Sprint variant, so be careful!!! Enjoy root guys 
A bit of a disclaimer is that this is root through adb. dm-verity is off and system is rw, so you can install apps as root, get a hotspot hack to work, and anything through a shell but I am having trouble installing SuperSU. Please try yourself though as I am probably doing something wrong! If there are any bugs you have found please post them, as this phone is my backup and not my daily driver.
So okay, here is the guide:
PLEASE MAKE SURE YOU HAVE A WAY TO GO BACK INCASE THINGS GO WRONG. DO NOT ATTEMPT TO ROOT THIS WITHOUT HAVING A KDZ/TOT FOR YOUR DEVICE THAT YOU KNOW YOU CAN FLASH BACK TO. I AM NOT RESPONSIBLE FOR THINGS GOING WRONG.
Here is the fix for LGUP
1. Download this zip
2. Install Terminal Emulator from the Play Store
(This is modified from the V20 bootloader unlock, HUGE thanks to all of those devs for sharing their dirtysanta code with me and allowing me to modify it!)
3. Copy all the files from inside the "dirtysanta-boot" and paste it into your active ADB directory
4. Plug your device into the computer and verify ADB is working. Then;
On Windows, double-click "RUNMEFIRST.bat, DO NOT CLOSE THE LOG WINDOW THAT OPENS, then double-click "Step1.bat"
On Linux/MacOS ("#" Signifies a comment below)
Open a Separate Terminal next to the RUNMEFIRST terminal, then type:
(When you run The sh or Bat files there may be a Permission denied error on 2 files: Flatland and Flatland64. This is normal and nothing to worry about.)
5. Wait for a shell prompt, then type (or copy):
6. Open Up Terminal Emulator on your phone
Type:
Check if context is "Untrusted_app". If it is then we're good to go!
7. Type into Terminal Emulator:
8. Watch the RUNMEFIRST dialog for when it tells you to run Step2 (we don't have a step 2)
9. Reboot the phone into recovery mode and wipe data again
BOOM! Now the you have a userdebug kernel running on a userdebug system Time to turn off dm-verity, otherwise you will have a red triangle on reboot (Your device is corrupt. It cannot be trusted and may not boot) and cannot edit /system.
1. Finish setting up the phone and enable USB Debugging in developer options (you should know how to do this)
2. Plug the phone into your computer, and run these commands
3. Reboot the phone
4. Run
Bam. Enjoy your FULL UNLIMITED root shell with system set to rw and dm-verity off!!! Just make sure to type "adb root" before "adb shell"
If you ever want to go back, just flash your stock TOT/KDZ with UPPERCUT and you'll be all good!
BUY ME A PIZZA FOR THE HARD WORK: BTC 197ct1uti4zutJu76bYAW51H8NZ6zXeoEV PayPal: [email protected]
THANKS:
@tungkick for the userdebug boot and helping me with the ZV4 TOTs
@autoprime for UPPERCUT
@me2151 @glitschi667 @EMSpilot @elliwigy for their AMAZING work on the V20 and sharing their code!
A bit of a disclaimer is that this is root through adb. dm-verity is off and system is rw, so you can install apps as root, get a hotspot hack to work, and anything through a shell but I am having trouble installing SuperSU. Please try yourself though as I am probably doing something wrong! If there are any bugs you have found please post them, as this phone is my backup and not my daily driver.
So okay, here is the guide:
PLEASE MAKE SURE YOU HAVE A WAY TO GO BACK INCASE THINGS GO WRONG. DO NOT ATTEMPT TO ROOT THIS WITHOUT HAVING A KDZ/TOT FOR YOUR DEVICE THAT YOU KNOW YOU CAN FLASH BACK TO. I AM NOT RESPONSIBLE FOR THINGS GOING WRONG.
Here is the fix for LGUP
1. Download this zip
2. Install Terminal Emulator from the Play Store
(This is modified from the V20 bootloader unlock, HUGE thanks to all of those devs for sharing their dirtysanta code with me and allowing me to modify it!)
3. Copy all the files from inside the "dirtysanta-boot" and paste it into your active ADB directory
4. Plug your device into the computer and verify ADB is working. Then;
On Windows, double-click "RUNMEFIRST.bat, DO NOT CLOSE THE LOG WINDOW THAT OPENS, then double-click "Step1.bat"
On Linux/MacOS ("#" Signifies a comment below)
Code:
./RUNMEFIRST.sh
# OR
bash ./RUNMEFIRST.sh
Code:
./Step1.sh
# OR
bash ./Step1.sh5. Wait for a shell prompt, then type (or copy):
Code:
run-as con
chmod 0777 /storage/emulated/0/*Type:
Code:
id7. Type into Terminal Emulator:
Code:
applypatch /system/bin/atd /storage/emulated/0/dirtysanta9. Reboot the phone into recovery mode and wipe data again
BOOM! Now the you have a userdebug kernel running on a userdebug system
Time to turn off dm-verity, otherwise you will have a red triangle on reboot (Your device is corrupt. It cannot be trusted and may not boot) and cannot edit /system.1. Finish setting up the phone and enable USB Debugging in developer options (you should know how to do this)
2. Plug the phone into your computer, and run these commands
Code:
adb root
adb disable-verity4. Run
Code:
adb root
adb shell
mount -o rw,remount,rw /systemIf you ever want to go back, just flash your stock TOT/KDZ with UPPERCUT and you'll be all good!
BUY ME A PIZZA FOR THE HARD WORK: BTC 197ct1uti4zutJu76bYAW51H8NZ6zXeoEV PayPal: [email protected]
THANKS:
@tungkick for the userdebug boot and helping me with the ZV4 TOTs
@autoprime for UPPERCUT
@me2151 @glitschi667 @EMSpilot @elliwigy for their AMAZING work on the V20 and sharing their code!
Last edited:
