[GUIDE] Official LG G6 Bootloader Unlock (Currently supported: EU H870, USA US997)

Search This thread
By:
Advanced…
Honkette1738

Honkette1738

Senior Member
Nov 18, 2021
79
14
Google Nexus 4
Samsung Galaxy Ace II
Last edited:
  • Like
Reactions: 7GanDaLF7 and crexcrex
W

WojtekCC

Member
Dec 12, 2020
48
17
I have an idea!

We should be able to obtain (temporary) root by exploits (maybe this?: CVE : 2019-2107), and install twrp from OS.
I have done that on android 4.2? or 4.4
But i have no clue how to do that on android 7,8 or 9.

Because the only thing we need is TWRP on recovery partition.
 
Honkette1738

Honkette1738

Senior Member
Nov 18, 2021
79
14
Google Nexus 4
Samsung Galaxy Ace II
WojtekCC said:
We unlock bootloader to install TWRP by "fastboot flash recovery(?) (something)"
AND after that install (most often) Magisk.

When we obtain root by some exploit or something, we should be able to install twrp without need to unlock BL
Click to expand...
Click to collapse
Interesting, I'm not sure how it could be pulled off, because i'm not skilled with that sort of thing. Maybe you should try, you did say you had experience
 
A

AlexSmitterson

New member
Apr 19, 2017
3
0
Samsung Galaxy Tab 2
Sony Xperia Z2 Tablet
there is even a change.org petition (5 years old) to give out keys, but we're still on square one
I am sure many people would really appreciate if we get a workaround at least - so, WojtekCC, if you could test the suggested approach it would be awesome !
WojtekCC said:
We unlock bootloader to install TWRP by "fastboot flash recovery(?) (something)"
AND after that install (most often) Magisk.

When we obtain root by some exploit or something, we should be able to install twrp without need to unlock BL
Click to expand...
Click to collapse
 
W

WojtekCC

Member
Dec 12, 2020
48
17
Honkette1738 said:
On my G6 the Android security patch level is May 1, 2019. That should mean 2019-2107 should work since it was found in ~July 2019, right?
Click to expand...
Click to collapse
Probably, there is only one way to find out.

Man_tzagk said:
How did you do it? Do you have a link to the video/software you used ?
Cause the inplmentation would be the same, the only thing that would change would be the files used!
Click to expand...
Click to collapse
I dont think it even counts because I used farmaroot for some oldish phone.

I would test it myself but i have to sell few things and maybe buy some lg phone from some marketplace.
 
M

Man_tzagk

Member
Mar 26, 2017
25
5
Athens
WojtekCC said:
Probably, there is only one way to find out.


I dont think it even counts because I used farmaroot for some oldish phone.

I would test it myself but i have to sell few things and maybe buy some lg phone from some marketplace.
Click to expand...
Click to collapse
Hmm. Farmaroot doesn't seem to be open source. It did support some older lg devices but i don't think the security was in any way the same. It does use a video exploit and maybe by unpacking it and editing the source video and payload we could boot into twrp, or more unlikely, install magisk.
 
crexcrex

crexcrex

Member
Jul 8, 2022
13
5
Nemunas river basin
masterchapter said:
hi, any news...?
Click to expand...
Click to collapse
Hi, sorry for late reply, today I sat down to play around with the provided unlock.bin. Little progress yet. So far I've noticed these things:
  • The data takes up 543 bytes, the rest are zeroes
  • File begins with
    Code: 
    0x000000: 0x9e 0x15 0xb7 0x8d 0x6b 0xd3 0x7e 0x2d 0x01 0x00 ....k.~-..
0x00000a: 0x00 0x00 0x02 0x00 0x00 0x00 0x00 0x01 0x00 0x00 ..........
  • There is a 12 byte long sequence of `0x00` which begins at `0x114` and ends at `0x11f`. Maybe that's a separator between IMEI/Device ID?
I've only tested 2 unlock.bin's, and seeing these features shared across both files, I'm pretty certain that these attributes are present in all unlock.bin files for LG G6 (not sure if files vary from variant to variant eg. H870, US997, etc.)

The idea that the file contains Device ID and IMEI is purely my speculation, and LG could've had another means of dishing out unlock.bin's; HOWEVER, there are clearly two regions in the file separated by a 12 byte `0x00` string, suggesting that IMEI/Device ID are stored here. I choose to believe this for now and see if I can decode that data.
 
  • Like
Reactions: Propellastic and ze7zez
T

tracid1987

Senior Member
Mar 11, 2021
104
20
many people are still upgrading their custom ROMs, maybe it would be useful to ask them for their unlock.bins and other data? They arent reading this here because their bootloader is unlocked but we might ask them in the custom ROM section...
 
You must log in or register to reply here.

Similar threads

J
Google Camera HDR+ (V4.0) ported to SD820/821 and works with G6
Replies
2K
Views
626K
M
markomil
A
list of LG G6 Stock firmware
Replies
420
Views
181K
Akira_Kitsune
Akira_Kitsune
1
LG G6 Moisture Detection Fix!!
Replies
60
Views
129K
B
badcrcs
mauronofrio
[TOOL][G6] TOOL ALL IN ONE (Drivers|Unlock|TWRP|Factory Image|Stock Recovery)
Replies
108
Views
111K
R
rndmcmx
D
LG G6 Android Oreo update will arrive in Europe by the end of June / Good Bye my G6
Replies
380
Views
92K
R
RisingNoob

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 76
    autoprime
    autoprime
    gnl5y9m.jpg
    The LG G6 H870 for the European market and the USA carrier-free US997 can now be officially unlocked through LG's developer unlock program.
    Your H870 is from outside Europe? You have a H871/2/3/etc or H870K/DS/etc? That's not a European H870, won't work. Your US997 tied to a carrier? Won't work.

    Please read the FAQ and use the thread search feature before asking questions.

    This thread is a work in progress and actively being updated.

    LG Developer Unlock Site Here

    Prerequisites:
    • European LG G6 H870 or USA carrier-free US997
    • Computer w/ADB & Fastboot. ADB/Fastboot for Windows here. ADB/Fastboot for Linux/OS X here.
    • Basic knowledge of ADB, Fastboot and Windows command prompt or Linux/OS X terminal.
    • Device IMEI. This 15-digit code can be found on your box, the settings menu or by dialing *#06#
    • LG developer account -- sign up for free by clicking the "Start Unlocking the Bootloader" button at the bottom of the LG site HERE.


    Directions:
    LG's official bootloader unlock directions can be found here but I've still rewritten the steps out below while revising some things and also adding steps for TWRP and root.

    1. Enable USB-Debugging on your phone. USB-Debugging is required for the adb commands to work. To enable USB-Debugging, go to Settings >> About phone >> Software info and tap Build number until it says you are now a developer. Return to the previous screen, select Developer Options and enable USB-Debugging (this option may be greyed out if you have your USB cable plugged into your phone).

    2. Enable OEM unlock on your phone. To enable OEM unlock, go to Settings >> Developer options and toggle/turn on Enable OEM Unlock.

    3. Open CommandPrompt or Terminal and enter the following ADB command to reboot into the bootloader:
    Code: 
    adb reboot bootloader
    If ADB is not detecting your device try switching your phone's USB mode from Charging to MTP or PTP. If using Windows please make sure you've installed LG's USB drivers. You can download them HERE.

    Alternatively, you may be able to boot into fastboot without ADB by powering off the phone then power the phone on while holding Volume UP (USB cable will need to be removed otherwise it may boot into LG Download Mode)

    4. Once in the bootloader, use the following fastboot command to obtain Device ID:
    Code: 
    fastboot oem device-id
    Fastboot command will return a string. This is the Device ID which is needed to generate your unique unlock key.
    Example :
    Code: 
    $ fastboot oem device-id
(bootloader)-----------------------------------------------------------------
(bootloader) Device-ID
(bootloader) CD58B679A38D6B613ED518F37A05E013
(bootloader) F93190BD558261DBBC5584E8EF8789B1
(bootloader)-----------------------------------------------------------------

    To generate your unlock key, you will need to paste together the 2 lines of output into one continuous string without "(bootloader)" or spaces. In the example above, the Device ID would be:

    CD58B679A38D6B613ED518F37A05E013F93190BD558261DBBC5584E8EF8789B1

    5. Copy Device ID and IMEI into the LG Developers Bootloader Unlock site and hit the confirm button. In a few moments the unlock.bin will be emailed to you. Download unlock.bin to computer.

    6. While the phone is still in fastboot enter the following command to unlock the bootloader:
    This will unlock your bootloader AND factory reset your device wiping all data!
    You can use the LG Backup app or LG Bridge to backup and restore your data before unlocking the bootloader.
    Code: 
    fastboot flash unlock unlock.bin

    7. You can now reboot the phone and boot into your bootloader unlocked device! Enter:
    Code: 
    fastboot reboot

    8. Want TWRP or root?
    For TWRP you will need to download the TWRP H870 image. Current unofficial TWRP build is available HERE. (thanks to @Rashed97)
    For root you will need to download either SuperSU or Magisk and then flash either of the zips using TWRP.

    Reboot back into the bootloader
    Code: 
    adb reboot bootloader
    (you'll have to first re-enable USB debugging since data was wiped after the bootloader unlock)

    or power off again.. unplug the USB cable then power on the phone while holding Volume UP.

    9. Flash TWRP:
    Code: 
    fastboot flash recovery twrp.img

    After flashing TWRP unplug the USB cable and power off the phone (hold volume down + power button).. continue holding until phone reboots...
    As soon as you see the LG logo on the screen.. let go of the power button then quickly press it again (never letting go of volume down).
    Keep holding until you see the Factory Reset screen. Click thru the factory reset screens using the volume buttons to move up/down and power button to select. Choose "Yes" twice until it boots into TWRP. Despite what the screen says it won't actually factory reset/wipe your data... as long as you've installed TWRP. If stock recovery is installed it WILL wipe data.

    For TWRP to "stick" you must 1st boot into TWRP and not boot back into Android until after doing one of the following...

    10. Now you can flash your root zip of choice.

    Feel free to back up first.. but otherwise.. time to install SuperSU/Magisk. Reboot into system when finished.

    Have fun and be careful.


    FAQ:
    Q: I have an H870 but it is not a European H870... can I unlock the bootloader?
    A: No, this official unlock program is ONLY for the H870 model for countries in Europe just like LG did for the LG G4 and G5.
    But... for about a 10 day span G4 devices from SE Asia worked with the official site and users received unlock.bin files.. despite that variant never showing up on the supported list. So you never know what can happen until you try and submit your device-id/IMEI into the LG Developer Bootloader Unlock site. :good:

    Q: Will more devices be added?
    A: Impossible to say what will happen in the future.. we must wait and see. The LG G5 bootloader unlock program was originally only open to the European H850 but months later the H840 G5SE and the USA RS988 G5 were added to the program.

    Q: I can't get my phone to show up with ADB or Fastboot, watdo?
    A: Make sure ADB/Fastboot is properly setup for your OS... udev rules setup in Linux.. LG USB drivers installed for Windows... OS X/MacOS just works. Also, confirm USB debugging is enabled.
    ADB still not working?... try changing the phones USB modes.. from maybe charging to MTP.. or MTP to PTP.

    Q: What happens to warranty if I unlock or root?
    A: YMMV I suppose. The official LG site claims that warranty is void if damage is caused by the unlock. On the T-Mobile G6 there is now a bootloader unlock counter. I will assume this counter is also on the H870/US997, so it will be hard to hide the fact that you unlocked the bootloader. Please share any unlocked bootloader LG G6 warranty replacement stories in this thread.

    Q: Can I re-lock the bootloader?
    It IS possible to re-lock the bootloader with the the command: fastboot oem lock
    You'll have to boot back into the bootloader (adb reboot bootloader) to issue the fastboot command.
    Re-locking the bootloader WILL wipe data just like the unlock process. Use LG Backup app/LG Bridge or another backup method first if you want your data.
    Flashing a KDZ in LGUP or LG Bridge will NOT relock the bootloader.

    DO NOT re-lock the bootloader if you have a modified boot/system img... restore them to stock first or you will not be able to boot into android after the lock and need to flash a KDZ in download mode.

    Q: So many words... yudodat?
    A: Here is a video on how to unlock the G4... up until the 6minute mark it is step-by-step 100% the same as G6. Only slight difference is when you get to the TWRP/root steps. https://www.youtube.com/watch?v=O64GfQORCaE
    Click to expand...
    Click to collapse

    y u quote OP?

    Follow me on twitter for future updates on LG-related things - twitter.com/@utoprime

    Find this thread helpful? Hit the Thanks button!
    Feeling extra generous? Consider donating to me.
    View
    9
    N
    nima0003
    I'm building TWRP for you guys right now
    View
    9
    autoprime
    autoprime
    @Rashed97 has put together some new TWRP images that have data mounting and data decryption working.

    downloads.codefi.re/rashed/g6/

    It is recommended to now use these TWRP builds until they are officially available on TWRP.me
    View
    5
    M
    markfm
    Thanks autoprime, keeping an eye out for us G6 owners in the rootless wasteland ☺

    (As a VS988 owner I know I'm really stuck in purgatory, but can always hope ? It was time to finally upgrade from my G3 - you did awesome work on that phone, hugely appreciated by many.)

    Donated.
    View
    5
    L
    lmiked
    cortez.i said:
    was really hyped to see this thread, only to discover that the model i won in a raffle is the (Amazon sourced) 64GB, H870! device arrives today and i suspect it's probably the H870DS...
    Click to expand...
    Click to collapse
    You probably won't be able to unlock the Bootloader unfortunately...

    I'm starting a petition to LG to enable Bootloader on all LG Smartphones, so we can get thousands of signatures from all models/variants owners!!

    Sent from my LG-H870 using Tapatalk
    View

New posts