[GUIDE] Unlock your LG V40 via 9008 mode (Every Variant except T-Mobile)

Search This thread

min41rpa

New member
Apr 16, 2021
3
0
Please help!
My phone now stuck at the fastboot
It shows PRODUCT_Name - LM-V4059N and when I tried to boot the rom, the yellow triangle appears.
 
Last edited:

AsItLies

Senior Member
Nov 4, 2009
981
426
tucson
Please help!
My phone now stuck at the fastboot
It shows PRODUCT_Name - LM-V4059N and when I tried to boot the rom, the yellow triangle appears.

It sounds like your device switched slots? Or maybe you flashed to both slots and are trying to boot the phone with the eng abl flashed?

It's important to realize, as the guide says, the eng abl is Oreo. It will not boot any other OS but Oreo. It's only to be used to unlock the BL and then flash the original abl back, so the phone can boot.

cheers
 

min41rpa

New member
Apr 16, 2021
3
0
It sounds like your device switched slots? Or maybe you flashed to both slots and are trying to boot the phone with the eng abl flashed?

It's important to realize, as the guide says, the eng abl is Oreo. It will not boot any other OS but Oreo. It's only to be used to unlock the BL and then flash the original abl back, so the phone can boot.

cheers
I flashed in slot a, at fastboot it shows slot a active too. I'm already flashed back to Pie abl and it stucks at fastboot, 1 more thing, when i use the code flash oem unlock the second time, cmd shows FAILED (remote: unknow command)
 

AsItLies

Senior Member
Nov 4, 2009
981
426
tucson
I flashed in slot a, at fastboot it shows slot a active too. I'm already flashed back to Pie abl and it stucks at fastboot, 1 more thing, when i use the code flash oem unlock the second time, cmd shows FAILED (remote: unknow command)

sounds like kind of a mess. Which model is your phone originally? Vzw? att? Kor?

So if yer flashed back to original pie abl... how do u still have fastboot? are you getting to the fastboot screen using pwr+vol up? You're getting to fastboot just by booting phone?

and, the command to unlock bootloader isn't 'fastboot flash ...' it's just 'fastboot oem unlock'. The command 'flash' is for flashing a partition. The 'oem unlock' doesn't flash anything.

cheers
 

min41rpa

New member
Apr 16, 2021
3
0
sounds like kind of a mess. Which model is your phone originally? Vzw? att? Kor?

So if yer flashed back to original pie abl... how do u still have fastboot? are you getting to the fastboot screen using pwr+vol up? You're getting to fastboot just by booting phone?

and, the command to unlock bootloader isn't 'fastboot flash ...' it's just 'fastboot oem unlock'. The command 'flash' is for flashing a partition. The 'oem unlock' doesn't flash anything.

cheers
My model is Korea KT V409N, sorry for my typing mistake sir :(
I'm already flash back to pie by kdz and the bootloader was unlocked but I can't access to fastboot by cmd nor button.
Gosh, this phone so hard to install twrp :(
Any solution for this? Thanks, have a great day.
 

AsItLies

Senior Member
Nov 4, 2009
981
426
tucson
My model is Korea KT V409N, sorry for my typing mistake sir :(
I'm already flash back to pie by kdz and the bootloader was unlocked but I can't access to fastboot by cmd nor button.
Gosh, this phone so hard to install twrp :(
Any solution for this? Thanks, have a great day.

Is it korean open? as in KOR? Or is it KTF? I think that's korean carrier specific...

anyway, this guide shows how to flash the v35 eng abl so that you'll have fastboot. The v35 eng abl is Oreo, the phone won't boot with it installed, unless the OS is Oreo.

Did you follow this guide and unlock the bootloader? I ask because if u did, you'd know how to get fastboot, but it doesn't sound like you do?

There's another way to get a 'watered down' version of fastboot, by nuking the laf partition (that's needed to use lgup though). But the korean versions (at least the Open version), the fastboot you get (nuked laf) is very minimal, it does almost nothing.

There's another guide showing twrp, check that out also.
 

anh102w

Member
Jan 2, 2016
27
1
hà nội
sure this is it.

remember, flash this with qfil or fastboot to the current boot slot. After flashing, go immediately to recovery, don't boot phone.

1) if it asks for password just cancel
2) format (not wipe) data
3) reboot recovery
4) flash magisk
5) flash dmverity

should be all set then.
So sorry, I'm a bit nervous. Replace this file here, right?
1618900831263.png
 

anh102w

Member
Jan 2, 2016
27
1
hà nội
sure this is it.

remember, flash this with qfil or fastboot to the current boot slot. After flashing, go immediately to recovery, don't boot phone.

1) if it asks for password just cancel
2) format (not wipe) data
3) reboot recovery
4) flash magisk
5) flash dmverity

should be all set then.
I'm sorry, but I stuck in Fastboot, even after flashing boot_a, then reboot to recovery mode, then factory reset. It cannot boot into twrp.
 

anh102w

Member
Jan 2, 2016
27
1
hà nội
sure this is it.

remember, flash this with qfil or fastboot to the current boot slot. After flashing, go immediately to recovery, don't boot phone.

1) if it asks for password just cancel
2) format (not wipe) data
3) reboot recovery
4) flash magisk
5) flash dmverity

should be all set then.
Ah, after all, I can go into TWRP by flashing boot_b and reboot recovery. Thanks a lot!!!!!
 

athoti

Member
Sep 25, 2018
22
4
My phone is LM-V405UA software version V405UAg. I followed the steps and bootloader shows unlocked but I can't flash TWRP. My error is 'Cannot flash this partition in unlocked state' Of all the steps, I missed "fastboot flash frp path/to/frp" but went straight to "fastboot oem unlock" and it did unlock it, shows it in fastboot. I also couldn't "fastboot flash abl_a path/to/ablpiestock.img" so flashed it via QFIL -> abl_a. Would someone know what could possibly be the issue? I've gone back and forth between reflashing V35engineering, deleting laf_a and laf_b, rewriting them (thanks to someone who provided them here) etc. but nothing works. My goal is LineageOS. Many thanks!
 

AsItLies

Senior Member
Nov 4, 2009
981
426
tucson
My phone is LM-V405UA software version V405UAg. I followed the steps and bootloader shows unlocked but I can't flash TWRP. My error is 'Cannot flash this partition in unlocked state' Of all the steps, I missed "fastboot flash frp path/to/frp" but went straight to "fastboot oem unlock" and it did unlock it, shows it in fastboot. I also couldn't "fastboot flash abl_a path/to/ablpiestock.img" so flashed it via QFIL -> abl_a. Would someone know what could possibly be the issue? I've gone back and forth between reflashing V35engineering, deleting laf_a and laf_b, rewriting them (thanks to someone who provided them here) etc. but nothing works. My goal is LineageOS. Many thanks!

Sounds like there's some confusion re fastboot.

There are 2 ways to get fastboot on the device. 1 way results in full blown fastboot (v35 eng abl - can unlock bootloader), but it's Oreo based. The other way is to 'erase laf' partition, but it's a watered down version of fastboot (can't unlock bootloader).

And the 'frp partition' flashing is only needed if you're on Verizon, as the instructions say. If you're not on Verizon, then you simply go to developer options and enable 'OEM unock' (Verizon doesn't have that option).

Depending on the version of Android, the newer ones, which you *probably* have, you don't flash twrp anymore, you have to have your specific boot partition with twrp injected into it (then you flash that specific boot partition).

And lastly, your software version is something like Korean Open 30f, or maybe US OPEN 20e, or maybe AT&T 30d, etc etc. You have to know the exact info for anyone to be able to help.

cheers
 

athoti

Member
Sep 25, 2018
22
4
And lastly, your software version is something like Korean Open 30f, or maybe US OPEN 20e, or maybe AT&T 30d, etc etc. You have to know the exact info for anyone to be able to help.
Thank-you much for helping out!

I don't know, software version says V405U20g and it starts with a splashing Sprint sign... Kernel 4.9.112. The phone I bought "new" off ebay.

Depending on the version of Android, the newer ones, which you *probably* have, you don't flash twrp anymore, you have to have your specific boot partition with twrp injected into it (then you flash that specific boot partition).
How do I do this?
 

AsItLies

Senior Member
Nov 4, 2009
981
426
tucson
Thank-you much for helping out!

I don't know, software version says V405U20g and it starts with a splashing Sprint sign... Kernel 4.9.112. The phone I bought "new" off ebay.


How do I do this?

So you're on Sprint 20g, which is Android Pie. First (and always) you need to use qfil to backup any partitions you plan on modifying. You say 'someone here provided laf backup' that you used to restore, but that's a prob because Sprint doesn't make their kdz available and I've not seen any backups for the Sprint firmware... so what laf backup did you use?

And, as I explained, there are 2 versions of fastboot; 1) v35 eng abl and 2) laf nuked (watered down) version of fastboot.

I've no experience with the Sprint (watered down) version of (laf nuked) fastboot, but it seems to be like other mfg versions, in that it won't flash a partition. So, you have to use the v35 eng abl fastboot to do that.

Unfortunately, the v35 eng abl won't 'boot' a partition unless it's Oreo. You'll have to use qfil and save your boot partition (a or b), and post it here. I'll inject twrp into it for you and post it back, then use qfil to put it back.

cheers
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Could you give me the file of 409N 30f?
    sure this is it.

    remember, flash this with qfil or fastboot to the current boot slot. After flashing, go immediately to recovery, don't boot phone.

    1) if it asks for password just cancel
    2) format (not wipe) data
    3) reboot recovery
    4) flash magisk
    5) flash dmverity

    should be all set then.
  • 44
    This Guide will explain how to unlock your LG V40 (Every variant except T-Mobile)

    Unlock Prerequisites:
    Make sure you have "Enable OEM Unlock" enabled in developer options, along with adb debugging. Very important. You'll be stuck with the red triangle otherwise. If you don't have the "Enable OEM Unlock" option in developer options, you'll have to flash frp with the v35 engineering bootloader. The frp image will be provided in the attachments section.

    QPST Download:
    It turns out the reason QFIL is failing is because it's missing quite a bit of stuff. I'm providing the zip to QPST (It's actually required) to install. QPST includes QFIL. My fault, I'm all over the place with this... Here it is (GDrive): QPST

    Booting into EDL:
    Note: This can be done while booted!

    1. Plug in your Phone to your PC

    2. Press and hold Power and Volume Down

    3. As soon as your screen blanks, rapidly start pressing volume up.

    4. If you've successfully booted into EDL, your screen will be completely blank and the device manager will show (Under COM Ports): Qualcomm HS-USB QDLoader 9008

    nQeN45t.png


    Using QFIL to Unlock Your Bootloader
    QPST should be installed, and your in 9008 plugged into your PC.

    Setting up QFIL:
    1. Launch QFIL and set your storage type to UFS. This is located at the bottom right corner of the window The LG V40 has UFS storage. The leaked loader is a loader for LG SD845 UFS devices. If you try to send the loader with your storage set to emmc, it will NOT work. By default, it is set to emmc.

    9jvV3rv.png


    2. Select the port. Click select port and select the one that says "Qualcomm HS-USB QDLoader 9008 (COM #)" That is your phone. After it is highlighted, press OK.

    3. Under select programmer, click browse, find the loader and select it.

    4. Your screen should now look like this (Minus the Flat Build Stuff, that is for total unbrick purposes):

    DmnzGBy.png


    QFIL is now all setup and ready for flashing.

    Flashing the Engineering Bootloader

    1. In the upper left hand corner of the Window, click on Tools > Partition Manager from the drop down menu

    smxXCkP.png


    2. When the Partition Manager window comes up, find "abl_a" > click on it > right click and select Manage Partition Data.

    AzuFXMm.png


    3. When the "Raw Data Manager" window comes up, there are four options to choose from (I'll tell you what each of them does):

    • Erase: Wipes the specified partition clean
    • Read Data...: Backs up the partition. It will tell you where it saved it in the log output in the main window
    • Load Image: Flashes a .img file of your choice to the specified partition
    • Close: Brings you back to the Partition Manager

    LKG7Wkg.png


    You'll be using the load image function to flash the V35 Engineering bootloader to your device.

    4. Click load image then select the V35 engineering bootloader. It will flash the image to your device.

    Unlocking Your Device:

    Now that the V35 Engineering Bootloader has been flashed to your device:

    1. Press and hold the Power and Volume Down buttons until your device reboots out of 9008. When you hear the disconnect sound, immediately hold volume down (only volume down) to enter fastboot right away (this is required for both methods, my apologies).

    2. When you've entered fastboot, execute this command:
    Code:
    fastboot oem unlock
    Userdata will be wiped as a security measure as with all android devices.

    3. While you're still in the v35 engineering bootloader flash back the stock pie bootloader (If originally on pie firmware) with:
    Code:
    fastboot flash abl_a path/to/ablpiestock.img

    The V35 Engineering bootloader is OREO only. Some people have managed to boot with this on pie firmware. But generally, you WON'T be able to boot with this flashed if you're on PIE firmware. If you're on Oreo firmware, you can leave this flashed


    4. For devices without the "Enable OEM Unlock" option, you'll need to flash frp! You can do so with (While still in V35 Bootloader):

    Code:
    fastboot flash frp path/to/frp

    4a. Reboot right back into fastboot (hold volume down after rebooting) and run:
    Code:
    fastboot oem unlock

    The reason you can't unlock your T-Mobile device is because no other bootloader/firmware will work with T-Mobile devices. Only T-Mobile firmware will work on it. If you're looking for root, avoid V405TA (T-Mobile) phones. Any other model will work for this.
    5
    Incorrectly referred to EDL than Download mode

    HI all, I just wanted to share my experience of this that may give some extra help for others going through this. But first, I'd not have got anywhere if it wasn't for a bunch of you on here, so many thanks to @Xsavi, @Ainz_Ooal_Gown, @DLS123, @LameMonster82 and many others! And I may as well pre-thank @SGCMarkus as his threads are coming soon enough...

    Ok, so my initial goal was to get root on my LG V40...

    I started with an LM-V405EBW V20a-IND-XX, so that meant I was not able to unlock the bootloader using the official LG method - I've got to admit, I liked the LG V40 phone, and it was a good price, and I thought it had developer support... I missed that it was only for one market (come on LG, please do better!)

    Anyway, challenge was set! All I really wanted was to have root... I naïvely thought a combination of @Ainz_Ooal_Gown's LGUP Guide and some KDZ tweaking from @DLS123 would get me there; however, I was about to run in to two snags: CrossDL errors and Chain of Trust issues

    So my first thought was: could I perhaps flash an EU image onto the phone and also get a bunch of security upgrades too! So I downloaded the latest one, V20e-LAO-COM. Then following @Ainz_Ooal_Gown's guide I evenutally ran into the CrossDL "Error 0x6004 OPEN_ESA_DS > OPEN_EU_DS". From searching around the only way I could force this was to use the LGUP_Cmd.exe from the LGUP v1.15 Developer version. And this worked perfectly, even though there were rumours around that such an indiscriminate flashing could be very dangerous and brick my phone - so beware and be careful!

    Ok, so now I learnt that IMEI and OEM Device-ID are a more integral part of the phone, and this flash has only brought me useful security fixes that my previous would not have - so that's good. However, I am a long way from root as my reading around this informed me that unless I could break the QCom Chain of Trust (eg. unlock the bootloader, etc.) then I was not going to get a phone that would boot up, certainly patching the boot in a KDZ image was not going to work. I saw that I could have this done remotely with those who owned an Octopusbox by hooking up via some websites or the V40 Telegram group - sadly both felt a little like giving up, and I couldn't afford one of the boxes so...

    Then I found this, @Xsavi's, guide. I ended up using the latest QPST from QPSTtool.com. I probably didn't need it, however I was getting many "Download Fail:Sahara Fail:QSaharaServer Fail:process fail" errors. I was unable to get the QFIL tool to download the partitions in the Partition Manager part of QFIL. When it works it should be very quick, but when it doesn't it will stall for a while, output some logs, and then that error (similar to the output here, although they are doing something different).
    Using the latest version of QPST seemed to fix this with the one given in this thread. But then it too started failing with the same error. So, from more reading, I started to get a feel that timing and maybe environment was important. In terms of timing, as soon as you put the phone into 9008 Mode* you need to as quickly as possible load up the Partition Manager, and in terms of environment, a freshly restarted phone put into this mode... possibly similar for the QPST tooling too... I didn't manage to repeat this to be sure.
    (* yes - 9008 Mode is a black screen, doesn't boot, doesn't seem to be on, hold <power>+<vol down> to reboot out of it. You also need to have the cable plugged it to go into this mode it seemed. And you have to be very quick once you turn the power off, pressing the <vol up> button to go into it too. You will know you got it as the phone will not turn back on, and in Windows Device Manager you will see the Qualcomm HS-USB QDLoader 9008 come up)

    I did a few things different from this guide that I'll cover here: I took a backup for the abl_a/abl_b and laf_a/laf_b partitions using QFIL. When you look at a partition you have an option to Read it too. I used this to make backups. I then used the V35 image to unlock the bootloader of the V40! (yes! success!) I then restored the abl_a I took a backup of. When I rebooted I was presented with a fastboot that was now not looking for unlocks, it wanted me to flash things. So I put the phone into Download mode, and then using LGUP I restored the V20e-LAO-COM KDZ. After a few reboots, a reset, and some processing time the LG V40 is now up and running and importantly with the bootloader still unlocked! And everything seems to be working so far...

    I realise looking back I could have cut out the CrossDL issues as everything would have been erased in the bootloader unlock. Oh and all of this was done via Windows 8.1 VM in VirtualBox: you can both download IMGs from Microsoft's site, then another part will give you the Product Keys. Anyway, hope that helps others a little bit through this too - next is to finally try out @DLS123's Magisk tutorial and I should be done, until some LineageOS desire sets in.

    Thanks again everyone! Looking forward to what can be done in this space now for this phone: 9008 Mode is amazing (and terrifying) for its scope!
    5
    Awesome! You guys are brilliant!
    So do we expect a kickstart in development (like the V30's dev scene) now that an unlock is available for everybody?

    And one last question: does this mean that we can unlock a (network) locked phone this way? I know that the usual answer is 'no', but from what I've seen around here, there's something called 'cross-flashing' of US unlocked firmware. Perhaps that means an unlock?
    If not, do online unlock services work? (I do not want any names - I just want to know whether any service at all works).

    I do apologize if my questions are stupid - it's only that with the overwhelming amount of (sometimes contradictory) posts here, I just want to make sure I'm doing everything correctly! :laugh:

    Your questions aren't stupid. :)

    Unfortunately, you can't sim unlock using this method. I'm hoping this will kickstart development for this device also, I already have a few ROMs made I have yet to release to XDA. Any 3rd party online unlock services are scams. Nowadays, everything is done server side when it comes to SIM unlocking your phone.

    No problem dude! If you have any other questions, feel free to reach out to me. I'm super active in the V40 telegram group. I'm becoming more active here too (I need to. LoL).
    3
    @Xsavi This is Awesome! I might get a V40 later in the year
    Btw a small point, the title says: Unlock your LG V40 (Via 9008) Root ONLY for T-Mobile variants.
    while guide says: his Guide will explain how to unlock your LG V40 (Every variant except T-Mobile)
    Title probably needs to be corrected :p

    Title and guide has been corrected. Thank you for the much needed suggestion!
    2
    Also getting a Download Fail, but mine reads "Download Fail:Sahara Fail:QSaharaServer Fail:process fail". My port is showing as Qualcomm HS-USB QDLoader 9008 (COM7). I was sure to try to update the driver in device manager, and am prompted that "The best drivers for your device are already installed".

    The culprit is QFIL being by itself instead of being installed with QPST.
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone