[GUIDE] Unlock your LG V40 via 9008 mode (Every Variant except T-Mobile)

Search This thread

R800x_user

Senior Member
Oct 20, 2013
430
179
East Palo Alto
Nexus 7
Nexus 7 (2013)
Hey y'all I'll be real and admit to my laziness but my v40 is a paperweight and it does go into 9008 mode still. I need to reflash bootloader and laf partitions. I no longer have access to my backups since my HDD gave out on my desktop. Does anyone have these files readily available or even a kdz with a kdz extractor
 

Jitteryheart87

New member
Mar 6, 2021
4
1
LG V40
Hey y'all I'll be real and admit to my laziness but my v40 is a paperweight and it does go into 9008 mode still. I need to reflash bootloader and laf partitions. I no longer have access to my backups since my HDD gave out on my desktop. Does anyone have these files readily available or even a kdz with a kdz extractor
i think i do ...if its in this file that im trying to attach
 

Attachments

  • donate LG.zip
    58.6 MB · Views: 19
Last edited:
  • Like
Reactions: R800x_user

skytale1

Member
Dec 4, 2015
15
0
Has anyone managed to relock the bootloader without original abl_a image? Using the same procedure with command fastboot oem lock ot fastboot flashing lock doesn't work. Is the way to relock the bootloader? I want to sell the phone and I don't want bootloader to be unlocked.
 

AsItLies

Senior Member
Nov 4, 2009
1,700
620
tucson
Samsung Galaxy S10
Has anyone managed to relock the bootloader without original abl_a image? Using the same procedure with command fastboot oem lock ot fastboot flashing lock doesn't work. Is the way to relock the bootloader? I want to sell the phone and I don't want bootloader to be unlocked.

The key I've found is to be 100% stock, before attempting to relock. That means yes, you have to use the engineering abl to relock, so that you have fastboot. But after relocking, use fastboot to flash the original abl back. That should work.

If you don't have the original abl, get the kdz and extract it. If you don't have that kdz another with the same android version might work.

good luck
 

skytale1

Member
Dec 4, 2015
15
0
The key I've found is to be 100% stock, before attempting to relock. That means yes, you have to use the engineering abl to relock, so that you have fastboot. But after relocking, use fastboot to flash the original abl back. That should work.

If you don't have the original abl, get the kdz and extract it. If you don't have that kdz another with the same android version might work.

good luck
I've used engineering V35 image to have fastboot, tried fastboot oem lock command but it gives error, it says that bootloader is already locked while on the phone status is unlocked.
 

AsItLies

Senior Member
Nov 4, 2009
1,700
620
tucson
Samsung Galaxy S10
I've used engineering V35 image to have fastboot, tried fastboot oem lock command but it gives error, it says that bootloader is already locked while on the phone status is unlocked.
Well, that's not really enough to go by. It does work, it can lock and unlock the bootloader, way too many people have done it to doubt that.

All I can tell you, from such a lack of information, is that to lock the bootloader, the device has to be 100% stock. That's why many who have locked the bootloader will first flash a brand new stock rom, make absolutely no changes to it, then use qfil and flash the eng abl, go directly to fastboot from qfil, lock the bootloader with fastboot, then use fastboot to flash the stock abl back.

Some don't realize but the bootloader can't lock unless it's 100% stock. That's kind of the point, of having a locked bootloader, it says to the rest of the system "I'm 100% stock", so if it's not stock, it shouldn't be able to lock the boot loader.
 

skytale1

Member
Dec 4, 2015
15
0
Well, that's not really enough to go by. It does work, it can lock and unlock the bootloader, way too many people have done it to doubt that.

All I can tell you, from such a lack of information, is that to lock the bootloader, the device has to be 100% stock. That's why many who have locked the bootloader will first flash a brand new stock rom, make absolutely no changes to it, then use qfil and flash the eng abl, go directly to fastboot from qfil, lock the bootloader with fastboot, then use fastboot to flash the stock abl back.

Some don't realize but the bootloader can't lock unless it's 100% stock. That's kind of the point, of having a locked bootloader, it says to the rest of the system "I'm 100% stock", so if it's not stock, it shouldn't be able to lock the boot loader.
The software was 100% stock. The same I used to unlock the bootloader. V405UA020g_00_USC_US_OP_0424.kdz and I can't lock bootloader. "fastboot oem lock" command says that the bootloader is already locked, but in reality it isn't. That's it.
 

AsItLies

Senior Member
Nov 4, 2009
1,700
620
tucson
Samsung Galaxy S10
The software was 100% stock. The same I used to unlock the bootloader. V405UA020g_00_USC_US_OP_0424.kdz and I can't lock bootloader. "fastboot oem lock" command says that the bootloader is already locked, but in reality it isn't. That's it.
okay, that's progress in understanding the situation. When you boot the device, does the (I think it's yellow?) screen display saying the device is unsafe because bootloader is unlocked, display?

Because if you don't get that screen upon boot, the bootloader isn't unlocked.
 

skytale1

Member
Dec 4, 2015
15
0
okay, that's progress in understanding the situation. When you boot the device, does the (I think it's yellow?) screen display saying the device is unsafe because bootloader is unlocked, display?

Because if you don't get that screen upon boot, the bootloader isn't unlocked.
Yes, there is a still warning screen that software could not be checked for corruption because bootloader is unlocked. Also in developer options OEM Unlocking is greyed out and says that bootloader is unlocked.
 

AsItLies

Senior Member
Nov 4, 2009
1,700
620
tucson
Samsung Galaxy S10
Yes, there is a still warning screen that software could not be checked for corruption because bootloader is unlocked. Also in developer options OEM Unlocking is greyed out and says that bootloader is unlocked.
Okay then, there's no doubt, it's unlocked.

You say the device is completely back to stock, and you used the engineering abl to try to unlock right? Try to find what fastboot says about the bootloader; get to fastboot and type 'fastboot getvar all'

it will tell you what state fastboot thinks the bootloader is, locked or unlocked. Not sure how that will help, but in that output, it should definitely say it's unlocked, as it obviously is.
 

CryztalBT

Member
May 5, 2015
5
0
Hey guys,

I hope you can help me with my V40. I did everything step by step as explained, but I can't get past bootloader mode. I installed every driver as said, the V40 got recognized as "QDLoader 9008" just as it says, storage is set to ufs, the prog_ufs_firehose_Sdm845_lge.elf is selected, I loaded the v35eng.img onto the abl_a and everything just seemed to work fine. I installed the new drivers onto the "Android" device in the device manager, so now it gets recognized as "Android Bootloader Interface" under "Kedacom USB Device". Even the whole messages in the process window says the same things as in the following video (which is doing the same thing as you here):

But when I press power + vol down until the "device lost" sound in windows starts and then press vol down, my bootloader is a whole different one than his (and yours, probably):
20221112_081544.jpg


And when I try to set the command "fastboot oem unlock", it says:

FAILED (remote: unknown command)
finished. total time: 0.002s

Under fastboot devices, my device says:

LMV405EBW80f37c1d

The phone is still bootable fortunately though. My Android version is 10, with security update from 1. December 2020. Software version "V30e-EUR-xx", Kernel 4.9.193. Model is LM-V405EBW. Would've tried the official LG dev unlock, but that one's terminated.

EDIT: Might it be that it's because I'm running on Android 10? In that case, I opened a thread of what I did afterwards:


Edit: Found out myself. Not only abl_a.bin needs to be flashed via QFIL, but abl_b as well. When in fastboot mode, also just flash both backup .bins to the device and then restart.
 
Last edited:

mi123

Member
Jul 24, 2007
5
0
4. For devices without the "Enable OEM Unlock" option, you'll need to flash frp! You can do so with (While still in V35 Bootloader):​

Code:
fastboot flash frp path/to/frp

I cant do that
Still the same reason :(

writing 'frp'...
FAILED (remote: Flashing is not allowed in Lock State)


I've V35 Siganture 256G after not succesfull upgrade to GA9 with only fastboot menu ...

Thanx for any help
 

chairsz

Senior Member
Aug 31, 2011
228
28
Darkside
im stuck on this step i get failed each time.
running a stock android 8.1 verizon variant, download mode still shows locked with slot a active
2. When you've entered fastboot, execute this command:


Code:

fastboot oem unlock

Userdata will be wiped as a security measure as with all android devices.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 52
    This Guide will explain how to unlock your LG V40 (Every variant except T-Mobile)

    Unlock Prerequisites:
    Make sure you have "Enable OEM Unlock" enabled in developer options, along with adb debugging. Very important. You'll be stuck with the red triangle otherwise. If you don't have the "Enable OEM Unlock" option in developer options, you'll have to flash frp with the v35 engineering bootloader. The frp image will be provided in the attachments section.

    QPST Download:
    It turns out the reason QFIL is failing is because it's missing quite a bit of stuff. I'm providing the zip to QPST (It's actually required) to install. QPST includes QFIL. My fault, I'm all over the place with this... Here it is (GDrive): QPST

    Booting into EDL:
    Note: This can be done while booted!

    1. Plug in your Phone to your PC

    2. Press and hold Power and Volume Down

    3. As soon as your screen blanks, rapidly start pressing volume up.

    4. If you've successfully booted into EDL, your screen will be completely blank and the device manager will show (Under COM Ports): Qualcomm HS-USB QDLoader 9008

    nQeN45t.png


    Using QFIL to Unlock Your Bootloader
    QPST should be installed, and your in 9008 plugged into your PC.

    Setting up QFIL:
    1. Launch QFIL and set your storage type to UFS. This is located at the bottom right corner of the window The LG V40 has UFS storage. The leaked loader is a loader for LG SD845 UFS devices. If you try to send the loader with your storage set to emmc, it will NOT work. By default, it is set to emmc.

    9jvV3rv.png


    2. Select the port. Click select port and select the one that says "Qualcomm HS-USB QDLoader 9008 (COM #)" That is your phone. After it is highlighted, press OK.

    3. Under select programmer, click browse, find the loader and select it.

    4. Your screen should now look like this (Minus the Flat Build Stuff, that is for total unbrick purposes):

    DmnzGBy.png


    QFIL is now all setup and ready for flashing.

    Flashing the Engineering Bootloader

    1. In the upper left hand corner of the Window, click on Tools > Partition Manager from the drop down menu

    smxXCkP.png


    2. When the Partition Manager window comes up, find "abl_a" > click on it > right click and select Manage Partition Data.

    AzuFXMm.png


    3. When the "Raw Data Manager" window comes up, there are four options to choose from (I'll tell you what each of them does):

    • Erase: Wipes the specified partition clean
    • Read Data...: Backs up the partition. It will tell you where it saved it in the log output in the main window
    • Load Image: Flashes a .img file of your choice to the specified partition
    • Close: Brings you back to the Partition Manager

    LKG7Wkg.png


    You'll be using the load image function to flash the V35 Engineering bootloader to your device.

    4. Click load image then select the V35 engineering bootloader. It will flash the image to your device.

    Unlocking Your Device:

    Now that the V35 Engineering Bootloader has been flashed to your device:

    1. Press and hold the Power and Volume Down buttons until your device reboots out of 9008. When you hear the disconnect sound, immediately hold volume down (only volume down) to enter fastboot right away (this is required for both methods, my apologies).

    2. When you've entered fastboot, execute this command:
    Code:
    fastboot oem unlock
    Userdata will be wiped as a security measure as with all android devices.

    3. While you're still in the v35 engineering bootloader flash back the stock pie bootloader (If originally on pie firmware) with:
    Code:
    fastboot flash abl_a path/to/ablpiestock.img

    The V35 Engineering bootloader is OREO only. Some people have managed to boot with this on pie firmware. But generally, you WON'T be able to boot with this flashed if you're on PIE firmware. If you're on Oreo firmware, you can leave this flashed


    4. For devices without the "Enable OEM Unlock" option, you'll need to flash frp! You can do so with (While still in V35 Bootloader):

    Code:
    fastboot flash frp path/to/frp

    4a. Reboot right back into fastboot (hold volume down after rebooting) and run:
    Code:
    fastboot oem unlock

    The reason you can't unlock your T-Mobile device is because no other bootloader/firmware will work with T-Mobile devices. Only T-Mobile firmware will work on it. If you're looking for root, avoid V405TA (T-Mobile) phones. Any other model will work for this.
    5
    Incorrectly referred to EDL than Download mode

    HI all, I just wanted to share my experience of this that may give some extra help for others going through this. But first, I'd not have got anywhere if it wasn't for a bunch of you on here, so many thanks to @Xsavi, @Ainz_Ooal_Gown, @DLS123, @LameMonster82 and many others! And I may as well pre-thank @SGCMarkus as his threads are coming soon enough...

    Ok, so my initial goal was to get root on my LG V40...

    I started with an LM-V405EBW V20a-IND-XX, so that meant I was not able to unlock the bootloader using the official LG method - I've got to admit, I liked the LG V40 phone, and it was a good price, and I thought it had developer support... I missed that it was only for one market (come on LG, please do better!)

    Anyway, challenge was set! All I really wanted was to have root... I naïvely thought a combination of @Ainz_Ooal_Gown's LGUP Guide and some KDZ tweaking from @DLS123 would get me there; however, I was about to run in to two snags: CrossDL errors and Chain of Trust issues

    So my first thought was: could I perhaps flash an EU image onto the phone and also get a bunch of security upgrades too! So I downloaded the latest one, V20e-LAO-COM. Then following @Ainz_Ooal_Gown's guide I evenutally ran into the CrossDL "Error 0x6004 OPEN_ESA_DS > OPEN_EU_DS". From searching around the only way I could force this was to use the LGUP_Cmd.exe from the LGUP v1.15 Developer version. And this worked perfectly, even though there were rumours around that such an indiscriminate flashing could be very dangerous and brick my phone - so beware and be careful!

    Ok, so now I learnt that IMEI and OEM Device-ID are a more integral part of the phone, and this flash has only brought me useful security fixes that my previous would not have - so that's good. However, I am a long way from root as my reading around this informed me that unless I could break the QCom Chain of Trust (eg. unlock the bootloader, etc.) then I was not going to get a phone that would boot up, certainly patching the boot in a KDZ image was not going to work. I saw that I could have this done remotely with those who owned an Octopusbox by hooking up via some websites or the V40 Telegram group - sadly both felt a little like giving up, and I couldn't afford one of the boxes so...

    Then I found this, @Xsavi's, guide. I ended up using the latest QPST from QPSTtool.com. I probably didn't need it, however I was getting many "Download Fail:Sahara Fail:QSaharaServer Fail:process fail" errors. I was unable to get the QFIL tool to download the partitions in the Partition Manager part of QFIL. When it works it should be very quick, but when it doesn't it will stall for a while, output some logs, and then that error (similar to the output here, although they are doing something different).
    Using the latest version of QPST seemed to fix this with the one given in this thread. But then it too started failing with the same error. So, from more reading, I started to get a feel that timing and maybe environment was important. In terms of timing, as soon as you put the phone into 9008 Mode* you need to as quickly as possible load up the Partition Manager, and in terms of environment, a freshly restarted phone put into this mode... possibly similar for the QPST tooling too... I didn't manage to repeat this to be sure.
    (* yes - 9008 Mode is a black screen, doesn't boot, doesn't seem to be on, hold <power>+<vol down> to reboot out of it. You also need to have the cable plugged it to go into this mode it seemed. And you have to be very quick once you turn the power off, pressing the <vol up> button to go into it too. You will know you got it as the phone will not turn back on, and in Windows Device Manager you will see the Qualcomm HS-USB QDLoader 9008 come up)

    I did a few things different from this guide that I'll cover here: I took a backup for the abl_a/abl_b and laf_a/laf_b partitions using QFIL. When you look at a partition you have an option to Read it too. I used this to make backups. I then used the V35 image to unlock the bootloader of the V40! (yes! success!) I then restored the abl_a I took a backup of. When I rebooted I was presented with a fastboot that was now not looking for unlocks, it wanted me to flash things. So I put the phone into Download mode, and then using LGUP I restored the V20e-LAO-COM KDZ. After a few reboots, a reset, and some processing time the LG V40 is now up and running and importantly with the bootloader still unlocked! And everything seems to be working so far...

    I realise looking back I could have cut out the CrossDL issues as everything would have been erased in the bootloader unlock. Oh and all of this was done via Windows 8.1 VM in VirtualBox: you can both download IMGs from Microsoft's site, then another part will give you the Product Keys. Anyway, hope that helps others a little bit through this too - next is to finally try out @DLS123's Magisk tutorial and I should be done, until some LineageOS desire sets in.

    Thanks again everyone! Looking forward to what can be done in this space now for this phone: 9008 Mode is amazing (and terrifying) for its scope!
    5
    Awesome! You guys are brilliant!
    So do we expect a kickstart in development (like the V30's dev scene) now that an unlock is available for everybody?

    And one last question: does this mean that we can unlock a (network) locked phone this way? I know that the usual answer is 'no', but from what I've seen around here, there's something called 'cross-flashing' of US unlocked firmware. Perhaps that means an unlock?
    If not, do online unlock services work? (I do not want any names - I just want to know whether any service at all works).

    I do apologize if my questions are stupid - it's only that with the overwhelming amount of (sometimes contradictory) posts here, I just want to make sure I'm doing everything correctly! :laugh:

    Your questions aren't stupid. :)

    Unfortunately, you can't sim unlock using this method. I'm hoping this will kickstart development for this device also, I already have a few ROMs made I have yet to release to XDA. Any 3rd party online unlock services are scams. Nowadays, everything is done server side when it comes to SIM unlocking your phone.

    No problem dude! If you have any other questions, feel free to reach out to me. I'm super active in the V40 telegram group. I'm becoming more active here too (I need to. LoL).
    3
    @Xsavi This is Awesome! I might get a V40 later in the year
    Btw a small point, the title says: Unlock your LG V40 (Via 9008) Root ONLY for T-Mobile variants.
    while guide says: his Guide will explain how to unlock your LG V40 (Every variant except T-Mobile)
    Title probably needs to be corrected :p

    Title and guide has been corrected. Thank you for the much needed suggestion!
    3
    Also getting a Download Fail, but mine reads "Download Fail:Sahara Fail:QSaharaServer Fail:process fail". My port is showing as Qualcomm HS-USB QDLoader 9008 (COM7). I was sure to try to update the driver in device manager, and am prompted that "The best drivers for your device are already installed".