Incorrectly referred to EDL than Download mode
HI all, I just wanted to share my experience of this that may give some extra help for others going through this. But first, I'd not have got anywhere if it wasn't for a bunch of you on here, so many thanks to
@Xsavi,
@Ainz_Ooal_Gown,
@DLS123,
@LameMonster82 and many others! And I may as well pre-thank
@SGCMarkus as his threads are coming soon enough...
Ok, so my initial goal was to get root on my LG V40...
I started with an LM-V405EBW V20a-IND-XX, so that meant I was not able to
unlock the bootloader using the official LG method - I've got to admit, I liked the LG V40 phone, and it was a good price, and I thought it had developer support... I missed that it was only for one market (come on LG, please do better!)
Anyway, challenge was set! All I really wanted was to have root... I naïvely thought a combination of
@Ainz_Ooal_Gown's
LGUP Guide and some
KDZ tweaking from
@DLS123 would get me there; however, I was about to run in to two snags:
CrossDL errors and
Chain of Trust issues
So my first thought was: could I perhaps flash an EU image onto the phone and also get a bunch of security upgrades too! So
I downloaded the latest one, V20e-LAO-COM. Then following
@Ainz_Ooal_Gown's guide I evenutally ran into the
CrossDL "Error 0x6004 OPEN_ESA_DS > OPEN_EU_DS". From searching around
the only way I could force this was to use the LGUP_Cmd.exe from the
LGUP v1.15 Developer version. And this worked perfectly, even though there were rumours around that such an indiscriminate flashing could be very dangerous and brick my phone - so beware and be careful!
Ok, so now I learnt that
IMEI and OEM Device-ID are a more integral part of the phone, and this flash has only brought me useful security fixes that my previous would not have - so that's good. However, I am a long way from root as
my reading around this informed me that unless I could break the QCom Chain of Trust (eg. unlock the bootloader, etc.) then I was not going to get a phone that would boot up, certainly patching the boot in a KDZ image was not going to work. I saw that I could have this done remotely with those who owned an
Octopusbox by hooking up via
some websites or the V40 Telegram group - sadly both felt a little like giving up, and I couldn't afford one of the boxes so...
Then I found this,
@Xsavi's, guide. I ended up using
the latest QPST from QPSTtool.com. I probably didn't
need it, however I was getting many "
Download Fail:Sahara Fail:QSaharaServer Fail
rocess fail" errors. I was unable to get the QFIL tool to download the partitions in the Partition Manager part of QFIL. When it works it should be very quick, but when it doesn't it will stall for a while, output some logs, and then that error (
similar to the output here, although they are doing something different).
Using the latest version of QPST seemed to fix this with the one given in this thread. But then it too started failing with the same error. So, from more reading, I started to get a feel that
timing and maybe
environment was important. In terms of timing, as soon as you put the phone into 9008 Mode* you need to as quickly as possible load up the Partition Manager, and in terms of environment, a freshly restarted phone put into this mode... possibly similar for the QPST tooling too... I didn't manage to repeat this to be sure.
(* yes - 9008 Mode is a black screen, doesn't boot, doesn't seem to be on, hold <power>+<vol down> to reboot out of it. You also need to have the cable plugged it to go into this mode it seemed. And you have to be very quick once you turn the power off, pressing the <vol up> button to go into it too. You will know you got it as the phone will not turn back on, and in Windows Device Manager you will see the
Qualcomm HS-USB QDLoader 9008 come up)
I did a few things different from this guide that I'll cover here: I took a backup for the
abl_a/abl_b and
laf_a/laf_b partitions using QFIL. When you look at a partition you have an option to Read it too. I used this to make backups. I then used the V35 image to unlock the bootloader of the V40! (yes! success!) I then restored the
abl_a I took a backup of. When I rebooted I was presented with a fastboot that was now not looking for unlocks, it wanted me to flash things. So I put the phone into Download mode, and then using LGUP I restored the V20e-LAO-COM KDZ. After a few reboots, a reset, and some processing time the LG V40 is now up and running and importantly with the bootloader still unlocked! And everything seems to be working so far...
I realise looking back I could have cut out the CrossDL issues as everything would have been erased in the bootloader unlock. Oh and all of this was done via Windows 8.1 VM in VirtualBox: you can both download IMGs from Microsoft's site, then another part will give you the Product Keys. Anyway, hope that helps others a little bit through this too - next is to finally try out
@DLS123's
Magisk tutorial and I should be done, until some LineageOS desire sets in.
Thanks again everyone! Looking forward to what can be done in this space now for this phone: 9008 Mode is amazing (and terrifying) for its scope!
