G8 Crossflashing Guide (Requires root and may have issues on korean + more variants)

Search This thread

antintin

Senior Member
Sep 11, 2019
595
142
LG V40
LG G8
First, here is the link to the TWRP zip I made to crossflash the sprint g8 to Open US 20c: https://forum.xda-developers.com/showthread.php?t=4181557

Second, crossflashing is really only useful for two cases: you have an at&t or sprint g8 that you bootloader unlocked for other reasons and want to get updates, or you absolutely need volte and/or vowifi to work. Bootloader unlocking just to crossflash in the way explained below without further reasons is practically pointless.

I'll just repeat some things I said in that post to clarify why the following steps need to be done: on the g8 and v50, LG implemented a hardware lock, where you have an OPID (operator ID, such as sprint), and a value of either 1 or 0 for IMPL. I'm not entirely certain about this, but I think the IMPL value being true or false determines whether the OPID will be checked or not, and IMPL can only be made 0 with some hardware mods. The OPID exists somewhere in the hardware and is then crosschecked with an OPID in the software, and if they don't match, you're greeted with the words "OPID mismatch" on boot (unless IMPL = 0). However, I discovered that the OPID checked during boot is just /OP/totc.cfg, which is a just a one line .cfg file containing something like "SPR_US." So, we can just flash most of the relevant partitions that get updated in OTAs from a different kdz, including system, vendor, boot (although using dragonfly or metaphysics kernel is better), and product. There are a bunch of other partitions like the abls and xbls that will stay the same during a major android update release, are probably the same across variants, and are generally just safer to leave be. For the OP partition, we can flash it, and since TWRP still works even when you face OPID mismatch when trying to boot into system, we can just replace the totc.cfg in the new /OP with one we saved from the original one. All that said, here are the steps to do all that after you choose a variant to crossflash to. Beware that on the korean v50, after crossflashing, changing NT code appears to be necessary for networks to work, which can only be done when IMPL = 0. This might apply to the Korean g8 as well or other models, but I think all US models should be fine (just don't crossflash to the korean variant). A prerequisite of the guide is also to have backups of your partitions, so you can just flash them back if you run into any unfixable issues.

Prerequisites:

- Have a backup of all the partitions that will be altered / flashed in this guide (system, product, vendor, boot, and most importantly, OP)

- Have a working TWRP where you can mount OP configs and successfully see /OP/totc.cfg

- This will wipe your data along with your internal storage, so make sure to backup what you need

- Have the disable dm verity force encrypt twrp zip, which is included in either of the bl unlock guides

- Half optional: have metaphysics or dragonfly kernel as your boot img so that you don't end up using an old stock boot img on a newer software version and potentially not boot

- At least half a brain


1. Go to /OP/totc.cfg either in a root file manager or in TWRP and copy it to your computer, sdcard, or wherever will survive an internal storage wipe

2. Go on lg-firmwares and download your desired kdz. I would use either the latest Open Canada or Open US one. Just because canada might be on 20h and OPEN US is on 20c, that doesn't mean OPEN US is really that far behind in updates, it just received less in total, so it could have arrived at the same security patch as Open Canada while having a much lower version number. If you live in the US, just go with OPEN US (same goes for Canada), and if you live elsewhere maybe go with the Canadian kdz

3. https://github.com/steadfasterX/kdztools READ the documentation

4. Use the documentation to figure out how to extract the system, vendor, and product partitions from your downloaded kdz and do so!

5. https://bbs.lge.fun/thread-75.htm Use this guide to extract the OP partition from your kdz. This is by far the hardest part because kdztools can't do it correctly on its own.

6. Transfer all the partitions to your phone: system, vendor, product, OP

7. Flash all those partitions in TWRP

8. Hold down vol- + power until you reboot from within TWRP, and keep holding that key combination until you get back into TWRP again

9. Format data in TWRP

10. Mount OP configs, go to /OP in TWRP's file manager, and delete totc.cfg

11. Transfer your saved totc.cfg (from your original OP partition), to your internal storage, and then copy that to /OP again using TWRP's file manager

12. Flash the disable dm verity force encrypt zip

13. Done
 

Erickonce

Member
Apr 6, 2019
36
5
Hello, I have a question, does this procedure unlock the carrier? Or, is it still locked for sprint SIM cards?, Thanks.
 

quantan

Senior Member
Jan 26, 2011
334
155
Nice guide. Thank you so much! Now I can use Open firmware without unused operation apps.
 

nate0

Senior Member
Mar 27, 2015
976
158
Since we have the programmer file for EDL I would like to do this for my g8x sprint variant. However I still need to sim unlock it first before I attempt to boot loader unlock it. The OPID is in the first 2 offsets of hex code in the OP_a.bin image.

For example my partition dump for my G8x g850um reads the below
Code:
                TMO_US
MSVN   0

So I extracted the tot file from the phone image dump and verified this for myself and am confused as to why it says TMO_US if I have a sprint splash screen. Was my phone cross flashed before I got it? How to I verify what the IMPL value is? Where is that stored?
 

mangojain

Senior Member
Jul 24, 2010
213
21
First, here is the link to the TWRP zip I made to crossflash the sprint g8 to Open US 20c: https://forum.xda-developers.com/showthread.php?t=4181557

Second, crossflashing is really only useful for two cases: you have an at&t or sprint g8 that you bootloader unlocked for other reasons and want to get updates, or you absolutely need volte and/or vowifi to work. Bootloader unlocking just to crossflash in the way explained below without further reasons is practically pointless.

I'll just repeat some things I said in that post to clarify why the following steps need to be done: on the g8 and v50, LG implemented a hardware lock, where you have an OPID (operator ID, such as sprint), and a value of either 1 or 0 for IMPL. I'm not entirely certain about this, but I think the IMPL value being true or false determines whether the OPID will be checked or not, and IMPL can only be made 0 with some hardware mods. The OPID exists somewhere in the hardware and is then crosschecked with an OPID in the software, and if they don't match, you're greeted with the words "OPID mismatch" on boot (unless IMPL = 0). However, I discovered that the OPID checked during boot is just /OP/totc.cfg, which is a just a one line .cfg file containing something like "SPR_US." So, we can just flash most of the relevant partitions that get updated in OTAs from a different kdz, including system, vendor, boot (although using dragonfly or metaphysics kernel is better), and product. There are a bunch of other partitions like the abls and xbls that will stay the same during a major android update release, are probably the same across variants, and are generally just safer to leave be. For the OP partition, we can flash it, and since TWRP still works even when you face OPID mismatch when trying to boot into system, we can just replace the totc.cfg in the new /OP with one we saved from the original one. All that said, here are the steps to do all that after you choose a variant to crossflash to. Beware that on the korean v50, after crossflashing, changing NT code appears to be necessary for networks to work, which can only be done when IMPL = 0. This might apply to the Korean g8 as well or other models, but I think all US models should be fine (just don't crossflash to the korean variant). A prerequisite of the guide is also to have backups of your partitions, so you can just flash them back if you run into any unfixable issues.

Prerequisites:

- Have a backup of all the partitions that will be altered / flashed in this guide (system, product, vendor, boot, and most importantly, OP)

- Have a working TWRP where you can mount OP configs and successfully see /OP/totc.cfg

- This will wipe your data along with your internal storage, so make sure to backup what you need

- Have the disable dm verity force encrypt twrp zip, which is included in either of the bl unlock guides

- Half optional: have metaphysics or dragonfly kernel as your boot img so that you don't end up using an old stock boot img on a newer software version and potentially not boot

- At least half a brain


1. Go to /OP/totc.cfg either in a root file manager or in TWRP and copy it to your computer, sdcard, or wherever will survive an internal storage wipe

2. Go on lg-firmwares and download your desired kdz. I would use either the latest Open Canada or Open US one. Just because canada might be on 20h and OPEN US is on 20c, that doesn't mean OPEN US is really that far behind in updates, it just received less in total, so it could have arrived at the same security patch as Open Canada while having a much lower version number. If you live in the US, just go with OPEN US (same goes for Canada), and if you live elsewhere maybe go with the Canadian kdz

3. https://github.com/steadfasterX/kdztools READ the documentation

4. Use the documentation to figure out how to extract the system, vendor, and product partitions from your downloaded kdz and do so!

5. https://bbs.lge.fun/thread-75.htm Use this guide to extract the OP partition from your kdz. This is by far the hardest part because kdztools can't do it correctly on its own.

6. Transfer all the partitions to your phone: system, vendor, product, OP

7. Flash all those partitions in TWRP

8. Hold down vol- + power until you reboot from within TWRP, and keep holding that key combination until you get back into TWRP again

9. Format data in TWRP

10. Mount OP configs, go to /OP in TWRP's file manager, and delete totc.cfg

11. Transfer your saved totc.cfg (from your original OP partition), to your internal storage, and then copy that to /OP again using TWRP's file manager

12. Flash the disable dm verity force encrypt zip

13. Done
Do you think this method can be tried for flashing G8S partitions on a T-mobile G8 ? I really need VoLTE and my G8S has it.
 

netmsm

Senior Member
Oct 3, 2010
436
200
Esfahan
LG implemented a hardware lock, where you have an OPID (operator ID, such as sprint), and a value of either 1 or 0 for IMPL.
as far as I discovered, there is no HW lock but it seems it is about sth like a serial number (maybe device id) which is later checked by software and determines the original opid of the device. you can check device id by the query "at%deviceid" in modem while port check is enabled.
however, erasing some partitions will hinder sw to check and inspect opid. In Open_ca 20 you can erase modem (not modemst) and it fails to check and determine the original opid so it lets device to get flashed by any kdz, although later it is needed to modify opid in op partition.
 
  • Like
Reactions: ThatLatinGuy

petrusalvesba

Member
Jun 2, 2021
11
2
hello i'm new to the forum and i have a doubt, my lg g8 is blocked to use only at&t chip, if i do the bootloader deblocking and change the rom i can use another operator's chip ?, i'm in brazil and i can't use an operator local
 

Bronnel

Senior Member
Nov 14, 2015
315
108
Iraq
I followed every step exactly as described for extracting OP partition but the resulting file size is around 16 MBs larger than my device's OP partition (LG V50 V450) , and TWRP cannot flash it (throws file size larger than device error), so I flashed in EDL mode by QFIL but it has a warning (file overflow) and it flashed without issue but the device gets stuck at boot and off course I copied over my original totc.cfg to the OP partition but still stuck on the boot screen, I also flashed boot image from the KDZ to the boot partition still the same , BTW my active slot is A , and it doesn't matter which kdz I use I always end up with same file size of 716 MBs , but my device's OP partition is 700 MBs, I backed everything up and I have no issue going back to stock sprint.

On many occasions I didn't copy the totc.cfg back to the device on purpose and I did not get OPID mismatch error which concludes that OP Decryption method from KDZ is buggy (at least for V450)

So is there something that I missed here ? or is this only working for G8 ?
 
Last edited:

Bronnel

Senior Member
Nov 14, 2015
315
108
Iraq
Same size mismatch error with trying to crossflash OP partition on my LG G8. So not working either.
So I was not the only one, there has to be a better way to extract the OP partition , deleting the first 512 bytes of code may not be enough , maybe in the middle or at the there are other things that need to be deleted using Ultra edit.
 

armodons

Senior Member
Mar 10, 2012
78
21
LG G8
So I was not the only one, there has to be a better way to extract the OP partition , deleting the first 512 bytes of code may not be enough , maybe in the middle or at the there are other things that need to be deleted using Ultra edit.

I think the extracted OP partition after eliminating the 512 bytes of data is probably the correct version because it can be extracted and the contents viewed--different phone variants may just have differently sized partitions. No idea how to get around this issue though...
 

Bronnel

Senior Member
Nov 14, 2015
315
108
Iraq
I think the extracted OP partition after eliminating the 512 bytes of data is probably the correct version because it can be extracted and the contents viewed--different phone variants may just have differently sized partitions. No idea how to get around this issue though...
you are correct but I tried many KDZs including pie and all of them end up the same file size (roughly 716 MBs), I mean shouldn't there be at least a minor difference ?
 

AsItLies

Senior Member
Nov 4, 2009
1,670
614
tucson
Samsung Galaxy S10
I can't help those with issues creating the OP partition, although one would have to think others have tried to do that / had probs / posted results. There must be help for that in some threads somewhere...

I used the OP partition (from us 20c) in this thread, and was able to accomplish what I needed with a lot less effort then doing this 'crossflashing' (thnx Cloud Man).

So, what I needed? Really only wanted volte and vowifi to work with my mint mobile sim. My sprint phone with a10 20f continuously tried to connect to 'carrier services' (it couldn't, I'm not on sprint), and vowifi or volte didn't work with other carrier even though it was sim unlocked.

A simple fix was to use twrp and flash only the OP partition (as described in this thread), then also restore the original totc.cfg (also as described in this thread).

Edit 11/8/21: Note: You don't need to flash the totc.cfg if you have a sprint device and flashing the us Open OP provide here, it already has the totc changed to sprint.

That's it, didn't flash any of the other partitions (did try that way initially but got boot loop). So now my sprint device is basically indistinguishable from a US Open device. No sprint bloat, no more constantly trying to 'configure carrier services', and vowifi and volte work.

cheers
 
Last edited:

AsItLies

Senior Member
Nov 4, 2009
1,670
614
tucson
Samsung Galaxy S10
Not sure if this is terribly different than the one in the OirgPost (20c), but this is the OP from latest US OP kdz (20f).

Also, as in op notes, have to put your original totc file in place of the one that this comes with.

cheers
 
Last edited:

felixpaz1992

Senior Member
May 18, 2014
125
18
First, here is the link to the TWRP zip I made to crossflash the sprint g8 to Open US 20c: https://forum.xda-developers.com/showthread.php?t=4181557

Second, crossflashing is really only useful for two cases: you have an at&t or sprint g8 that you bootloader unlocked for other reasons and want to get updates, or you absolutely need volte and/or vowifi to work. Bootloader unlocking just to crossflash in the way explained below without further reasons is practically pointless.

I'll just repeat some things I said in that post to clarify why the following steps need to be done: on the g8 and v50, LG implemented a hardware lock, where you have an OPID (operator ID, such as sprint), and a value of either 1 or 0 for IMPL. I'm not entirely certain about this, but I think the IMPL value being true or false determines whether the OPID will be checked or not, and IMPL can only be made 0 with some hardware mods. The OPID exists somewhere in the hardware and is then crosschecked with an OPID in the software, and if they don't match, you're greeted with the words "OPID mismatch" on boot (unless IMPL = 0). However, I discovered that the OPID checked during boot is just /OP/totc.cfg, which is a just a one line .cfg file containing something like "SPR_US." So, we can just flash most of the relevant partitions that get updated in OTAs from a different kdz, including system, vendor, boot (although using dragonfly or metaphysics kernel is better), and product. There are a bunch of other partitions like the abls and xbls that will stay the same during a major android update release, are probably the same across variants, and are generally just safer to leave be. For the OP partition, we can flash it, and since TWRP still works even when you face OPID mismatch when trying to boot into system, we can just replace the totc.cfg in the new /OP with one we saved from the original one. All that said, here are the steps to do all that after you choose a variant to crossflash to. Beware that on the korean v50, after crossflashing, changing NT code appears to be necessary for networks to work, which can only be done when IMPL = 0. This might apply to the Korean g8 as well or other models, but I think all US models should be fine (just don't crossflash to the korean variant). A prerequisite of the guide is also to have backups of your partitions, so you can just flash them back if you run into any unfixable issues.

Prerequisites:

- Have a backup of all the partitions that will be altered / flashed in this guide (system, product, vendor, boot, and most importantly, OP)

- Have a working TWRP where you can mount OP configs and successfully see /OP/totc.cfg

- This will wipe your data along with your internal storage, so make sure to backup what you need

- Have the disable dm verity force encrypt twrp zip, which is included in either of the bl unlock guides

- Half optional: have metaphysics or dragonfly kernel as your boot img so that you don't end up using an old stock boot img on a newer software version and potentially not boot

- At least half a brain


1. Go to /OP/totc.cfg either in a root file manager or in TWRP and copy it to your computer, sdcard, or wherever will survive an internal storage wipe

2. Go on lg-firmwares and download your desired kdz. I would use either the latest Open Canada or Open US one. Just because canada might be on 20h and OPEN US is on 20c, that doesn't mean OPEN US is really that far behind in updates, it just received less in total, so it could have arrived at the same security patch as Open Canada while having a much lower version number. If you live in the US, just go with OPEN US (same goes for Canada), and if you live elsewhere maybe go with the Canadian kdz

3. https://github.com/steadfasterX/kdztools READ the documentation

4. Use the documentation to figure out how to extract the system, vendor, and product partitions from your downloaded kdz and do so!

5. https://bbs.lge.fun/thread-75.htm Use this guide to extract the OP partition from your kdz. This is by far the hardest part because kdztools can't do it correctly on its own.

6. Transfer all the partitions to your phone: system, vendor, product, OP

7. Flash all those partitions in TWRP

8. Hold down vol- + power until you reboot from within TWRP, and keep holding that key combination until you get back into TWRP again

9. Format data in TWRP

10. Mount OP configs, go to /OP in TWRP's file manager, and delete totc.cfg

11. Transfer your saved totc.cfg (from your original OP partition), to your internal storage, and then copy that to /OP again using TWRP's file manager

12. Flash the disable dm verity force encrypt zip

13. Done
Hello, I don't want to bother you but by any chance do you have any idea in which file or partition the "sim" network lock is, I want to test if I can unlock the network of an LG G8 ThinQ Xfinity mobile
 

mangojain

Senior Member
Jul 24, 2010
213
21
No, I don't think so. You could try it, might work, don't know that anyone has tried that as we don't have updates coming.

But worse case scenario is you follow the OP and re crossflash and go through setup again. Not that big of a deal.

cheers
You see, extracting the OP partition is beyond me, so i would have to wait for an expert like you to do it, IF the update comes. Actually I'm fairly hopeful that it will, considering that the CA OPEN has come.
 

AsItLies

Senior Member
Nov 4, 2009
1,670
614
tucson
Samsung Galaxy S10
You see, extracting the OP partition is beyond me, so i would have to wait for an expert like you to do it, IF the update comes. Actually I'm fairly hopeful that it will, considering that the CA OPEN has come.
well thanks, but as far as the US version becoming available, keep in mind that LG has a long history here. It seems that their contracts with other US carriers stipulate the US op version can't be released until the carriers release their version. So if one of the carriers doesn't do the update, the US will never be available.

I may try the ca open soon and will modify the latest US open OP to work with it, that may well be the best (latest) update ever available?

cheers
 

Top Liked Posts

  • There are no posts matching your filters.
  • 6
    First, here is the link to the TWRP zip I made to crossflash the sprint g8 to Open US 20c: https://forum.xda-developers.com/showthread.php?t=4181557

    Second, crossflashing is really only useful for two cases: you have an at&t or sprint g8 that you bootloader unlocked for other reasons and want to get updates, or you absolutely need volte and/or vowifi to work. Bootloader unlocking just to crossflash in the way explained below without further reasons is practically pointless.

    I'll just repeat some things I said in that post to clarify why the following steps need to be done: on the g8 and v50, LG implemented a hardware lock, where you have an OPID (operator ID, such as sprint), and a value of either 1 or 0 for IMPL. I'm not entirely certain about this, but I think the IMPL value being true or false determines whether the OPID will be checked or not, and IMPL can only be made 0 with some hardware mods. The OPID exists somewhere in the hardware and is then crosschecked with an OPID in the software, and if they don't match, you're greeted with the words "OPID mismatch" on boot (unless IMPL = 0). However, I discovered that the OPID checked during boot is just /OP/totc.cfg, which is a just a one line .cfg file containing something like "SPR_US." So, we can just flash most of the relevant partitions that get updated in OTAs from a different kdz, including system, vendor, boot (although using dragonfly or metaphysics kernel is better), and product. There are a bunch of other partitions like the abls and xbls that will stay the same during a major android update release, are probably the same across variants, and are generally just safer to leave be. For the OP partition, we can flash it, and since TWRP still works even when you face OPID mismatch when trying to boot into system, we can just replace the totc.cfg in the new /OP with one we saved from the original one. All that said, here are the steps to do all that after you choose a variant to crossflash to. Beware that on the korean v50, after crossflashing, changing NT code appears to be necessary for networks to work, which can only be done when IMPL = 0. This might apply to the Korean g8 as well or other models, but I think all US models should be fine (just don't crossflash to the korean variant). A prerequisite of the guide is also to have backups of your partitions, so you can just flash them back if you run into any unfixable issues.

    Prerequisites:

    - Have a backup of all the partitions that will be altered / flashed in this guide (system, product, vendor, boot, and most importantly, OP)

    - Have a working TWRP where you can mount OP configs and successfully see /OP/totc.cfg

    - This will wipe your data along with your internal storage, so make sure to backup what you need

    - Have the disable dm verity force encrypt twrp zip, which is included in either of the bl unlock guides

    - Half optional: have metaphysics or dragonfly kernel as your boot img so that you don't end up using an old stock boot img on a newer software version and potentially not boot

    - At least half a brain


    1. Go to /OP/totc.cfg either in a root file manager or in TWRP and copy it to your computer, sdcard, or wherever will survive an internal storage wipe

    2. Go on lg-firmwares and download your desired kdz. I would use either the latest Open Canada or Open US one. Just because canada might be on 20h and OPEN US is on 20c, that doesn't mean OPEN US is really that far behind in updates, it just received less in total, so it could have arrived at the same security patch as Open Canada while having a much lower version number. If you live in the US, just go with OPEN US (same goes for Canada), and if you live elsewhere maybe go with the Canadian kdz

    3. https://github.com/steadfasterX/kdztools READ the documentation

    4. Use the documentation to figure out how to extract the system, vendor, and product partitions from your downloaded kdz and do so!

    5. https://bbs.lge.fun/thread-75.htm Use this guide to extract the OP partition from your kdz. This is by far the hardest part because kdztools can't do it correctly on its own.

    6. Transfer all the partitions to your phone: system, vendor, product, OP

    7. Flash all those partitions in TWRP

    8. Hold down vol- + power until you reboot from within TWRP, and keep holding that key combination until you get back into TWRP again

    9. Format data in TWRP

    10. Mount OP configs, go to /OP in TWRP's file manager, and delete totc.cfg

    11. Transfer your saved totc.cfg (from your original OP partition), to your internal storage, and then copy that to /OP again using TWRP's file manager

    12. Flash the disable dm verity force encrypt zip

    13. Done
    3
    I can't help those with issues creating the OP partition, although one would have to think others have tried to do that / had probs / posted results. There must be help for that in some threads somewhere...

    I used the OP partition (from us 20c) in this thread, and was able to accomplish what I needed with a lot less effort then doing this 'crossflashing' (thnx Cloud Man).

    So, what I needed? Really only wanted volte and vowifi to work with my mint mobile sim. My sprint phone with a10 20f continuously tried to connect to 'carrier services' (it couldn't, I'm not on sprint), and vowifi or volte didn't work with other carrier even though it was sim unlocked.

    A simple fix was to use twrp and flash only the OP partition (as described in this thread), then also restore the original totc.cfg (also as described in this thread).

    Edit 11/8/21: Note: You don't need to flash the totc.cfg if you have a sprint device and flashing the us Open OP provide here, it already has the totc changed to sprint.

    That's it, didn't flash any of the other partitions (did try that way initially but got boot loop). So now my sprint device is basically indistinguishable from a US Open device. No sprint bloat, no more constantly trying to 'configure carrier services', and vowifi and volte work.

    cheers
    1
    LG implemented a hardware lock, where you have an OPID (operator ID, such as sprint), and a value of either 1 or 0 for IMPL.
    as far as I discovered, there is no HW lock but it seems it is about sth like a serial number (maybe device id) which is later checked by software and determines the original opid of the device. you can check device id by the query "at%deviceid" in modem while port check is enabled.
    however, erasing some partitions will hinder sw to check and inspect opid. In Open_ca 20 you can erase modem (not modemst) and it fails to check and determine the original opid so it lets device to get flashed by any kdz, although later it is needed to modify opid in op partition.
    1
    You see, extracting the OP partition is beyond me, so i would have to wait for an expert like you to do it
    If any one still having trouble extracting OP partition from A11-A12 kdz, use this guide for extracting the kdz with a python script:


    Extracted OP partition will be roughly 1200Mb.

    For Open EU A12 you'll need to open it up in Hex Editor and delete everything starting from this offset: 2BC00000

    For other firmware the offset may differ. You can locate the end of data, by looking for this string: AVBf, then counting 64 bytes from the letter "A" (41 hex)