G8 Crossflashing Guide (Requires root and may have issues on korean + more variants)

Search This thread

Beliathal

Member
Jul 11, 2022
5
9
You see, extracting the OP partition is beyond me, so i would have to wait for an expert like you to do it
If any one still having trouble extracting OP partition from A11-A12 kdz, use this guide for extracting the kdz with a python script:


Extracted OP partition will be roughly 1200Mb.

For Open EU A12 you'll need to open it up in Hex Editor and delete everything starting from this offset: 2BC00000

For other firmware the offset may differ. You can locate the end of data, by looking for this string: AVBf, then counting 64 bytes from the letter "A" (41 hex)
 
Last edited:
  • Like
Reactions: netmsm

Top Liked Posts

  • There are no posts matching your filters.
  • 6
    First, here is the link to the TWRP zip I made to crossflash the sprint g8 to Open US 20c: https://forum.xda-developers.com/showthread.php?t=4181557

    Second, crossflashing is really only useful for two cases: you have an at&t or sprint g8 that you bootloader unlocked for other reasons and want to get updates, or you absolutely need volte and/or vowifi to work. Bootloader unlocking just to crossflash in the way explained below without further reasons is practically pointless.

    I'll just repeat some things I said in that post to clarify why the following steps need to be done: on the g8 and v50, LG implemented a hardware lock, where you have an OPID (operator ID, such as sprint), and a value of either 1 or 0 for IMPL. I'm not entirely certain about this, but I think the IMPL value being true or false determines whether the OPID will be checked or not, and IMPL can only be made 0 with some hardware mods. The OPID exists somewhere in the hardware and is then crosschecked with an OPID in the software, and if they don't match, you're greeted with the words "OPID mismatch" on boot (unless IMPL = 0). However, I discovered that the OPID checked during boot is just /OP/totc.cfg, which is a just a one line .cfg file containing something like "SPR_US." So, we can just flash most of the relevant partitions that get updated in OTAs from a different kdz, including system, vendor, boot (although using dragonfly or metaphysics kernel is better), and product. There are a bunch of other partitions like the abls and xbls that will stay the same during a major android update release, are probably the same across variants, and are generally just safer to leave be. For the OP partition, we can flash it, and since TWRP still works even when you face OPID mismatch when trying to boot into system, we can just replace the totc.cfg in the new /OP with one we saved from the original one. All that said, here are the steps to do all that after you choose a variant to crossflash to. Beware that on the korean v50, after crossflashing, changing NT code appears to be necessary for networks to work, which can only be done when IMPL = 0. This might apply to the Korean g8 as well or other models, but I think all US models should be fine (just don't crossflash to the korean variant). A prerequisite of the guide is also to have backups of your partitions, so you can just flash them back if you run into any unfixable issues.

    Prerequisites:

    - Have a backup of all the partitions that will be altered / flashed in this guide (system, product, vendor, boot, and most importantly, OP)

    - Have a working TWRP where you can mount OP configs and successfully see /OP/totc.cfg

    - This will wipe your data along with your internal storage, so make sure to backup what you need

    - Have the disable dm verity force encrypt twrp zip, which is included in either of the bl unlock guides

    - Half optional: have metaphysics or dragonfly kernel as your boot img so that you don't end up using an old stock boot img on a newer software version and potentially not boot

    - At least half a brain


    1. Go to /OP/totc.cfg either in a root file manager or in TWRP and copy it to your computer, sdcard, or wherever will survive an internal storage wipe

    2. Go on lg-firmwares and download your desired kdz. I would use either the latest Open Canada or Open US one. Just because canada might be on 20h and OPEN US is on 20c, that doesn't mean OPEN US is really that far behind in updates, it just received less in total, so it could have arrived at the same security patch as Open Canada while having a much lower version number. If you live in the US, just go with OPEN US (same goes for Canada), and if you live elsewhere maybe go with the Canadian kdz

    3. https://github.com/steadfasterX/kdztools READ the documentation

    4. Use the documentation to figure out how to extract the system, vendor, and product partitions from your downloaded kdz and do so!

    5. https://bbs.lge.fun/thread-75.htm Use this guide to extract the OP partition from your kdz. This is by far the hardest part because kdztools can't do it correctly on its own.

    6. Transfer all the partitions to your phone: system, vendor, product, OP

    7. Flash all those partitions in TWRP

    8. Hold down vol- + power until you reboot from within TWRP, and keep holding that key combination until you get back into TWRP again

    9. Format data in TWRP

    10. Mount OP configs, go to /OP in TWRP's file manager, and delete totc.cfg

    11. Transfer your saved totc.cfg (from your original OP partition), to your internal storage, and then copy that to /OP again using TWRP's file manager

    12. Flash the disable dm verity force encrypt zip

    13. Done
    3
    I can't help those with issues creating the OP partition, although one would have to think others have tried to do that / had probs / posted results. There must be help for that in some threads somewhere...

    I used the OP partition (from us 20c) in this thread, and was able to accomplish what I needed with a lot less effort then doing this 'crossflashing' (thnx Cloud Man).

    So, what I needed? Really only wanted volte and vowifi to work with my mint mobile sim. My sprint phone with a10 20f continuously tried to connect to 'carrier services' (it couldn't, I'm not on sprint), and vowifi or volte didn't work with other carrier even though it was sim unlocked.

    A simple fix was to use twrp and flash only the OP partition (as described in this thread), then also restore the original totc.cfg (also as described in this thread).

    Edit 11/8/21: Note: You don't need to flash the totc.cfg if you have a sprint device and flashing the us Open OP provide here, it already has the totc changed to sprint.

    That's it, didn't flash any of the other partitions (did try that way initially but got boot loop). So now my sprint device is basically indistinguishable from a US Open device. No sprint bloat, no more constantly trying to 'configure carrier services', and vowifi and volte work.

    cheers
    1
    LG implemented a hardware lock, where you have an OPID (operator ID, such as sprint), and a value of either 1 or 0 for IMPL.
    as far as I discovered, there is no HW lock but it seems it is about sth like a serial number (maybe device id) which is later checked by software and determines the original opid of the device. you can check device id by the query "at%deviceid" in modem while port check is enabled.
    however, erasing some partitions will hinder sw to check and inspect opid. In Open_ca 20 you can erase modem (not modemst) and it fails to check and determine the original opid so it lets device to get flashed by any kdz, although later it is needed to modify opid in op partition.
    1
    You see, extracting the OP partition is beyond me, so i would have to wait for an expert like you to do it
    If any one still having trouble extracting OP partition from A11-A12 kdz, use this guide for extracting the kdz with a python script:


    Extracted OP partition will be roughly 1200Mb.

    For Open EU A12 you'll need to open it up in Hex Editor and delete everything starting from this offset: 2BC00000

    For other firmware the offset may differ. You can locate the end of data, by looking for this string: AVBf, then counting 64 bytes from the letter "A" (41 hex)