If you are not an H918, H830, or US996 (Unlocked, NOT US Cellular) user, kindly leave this thread, this will not do anything for your device, exchange it if you're so desperate. Thank you.
Note for US996: It's probably easier for you guys just to flash TWRP the normal way and pull your battery then do the factory reset dance to get in!
Team Win Recovery Project 3.0.2-1
Alright, so you guys have probably heard about me working on this project for a week now. Sorry it's been taking so long, there's been so many variables and hurdles to go through!
I don't own the device myself, so it was all done over TeamViewer thanks to @slayerh4x
who stayed around in the #twrp channel on freenode to assist with their devices.
This will allow you to install TWRP and flash SuperSU!
Step 1: Unlocking your bootloader
You will need to unlock your bootloader first. For this you'll probably need LG's drivers.
You will also need adb and fastboot. You can download them in a portable small form factor here:
Start by turning on developer options in Settings -> About device -> Software info -> Build number
. (tap 7 times until it's enabled)
Now navigate to Settings -> Developer options -> OEM unlock
. (turn it on)
Don't ever turn OEM unlock or Developer options off when using a custom ROM or recovery. This could lose to loss of all your data.
For your computer to see ADB, you will need to put the phone in PTP mode (for transferring images)
. I don't know why this is, a misconfiguration in LG's kernel gadget drivers maybe?
Extract adb and fastboot to a folder on your PC.
Type adb start-server
and make sure to check the notification on your phone to accept debugging authorization.
You can reboot into fastboot mode with adb reboot bootloader
If it fails to authorize or show the notification on your phone, you may need to try other USB ports.
H918/H830 users only:
To unlock your bootloader, use fastboot oem unlock
once the phone boots into fastboot mode.
Warning: This step will wipe all your data and factory reset your phone!
You can check the status of your bootloader lock with the fastboot getvar all
ex. (bootloader) unlocked:yes
You should now boot back into your phone (fastboot reboot
You will probably need to complete the Android setup wizard at this point to get access to ADB again.
US996 users only:
To unlock your bootloader, follow the unlock instructions on LG's site (I can't really help you there):
Once you're finished with unlocking your bootloader, continue on to step 2.
Step 2: Running recowvery
You can find the recowvery binaries (you need to download all of these) at:
You're now ready to follow the recowvery installation instructions.
See here: https://github.com/jcadduono/android_external_dirtycow#running (running section)
Bonus: There's also a full write up on that page on how recowvery works if you're into that kind of stuff.
Step 3: Flashing TWRP & Rooting
: There is currently no decryption support, just the same as the LG G5, I'm running into the exact same scenario (unable to start rpmb device).
Due to this, I have disabled hardware decryption in this build to keep it stable. If you wish to have your data work in TWRP, you will need to disable decryption.
If you're coming from the Note 7 or S7, this will be a familiar scenario for you.
Once you've got your permissive shell in adb, you will have access to your partitions via dd.
You should transfer TWRP to your internal storage (name in twrp.img) using MTP, you can also just use adb push. (mentioned here)
Download TWRP: (official builds, V20 is waiting for TWRP 3.1.0 for twrp.me download)
This step requires that you've used dirtycow to replace /system/bin/run-as with recowvery-run-as. If you've rebooted since doing that, you will need to go back and do that again.
adb push twrp-3.0.2-x-xxxx.img /sdcard/twrp.img
$ run-as exec dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
"<wait for it to complete>"
$ reboot recovery
You should be inside TWRP now. It will ask you if you want to enable system modifications. You should swipe yes, otherwise your OS will replace TWRP on next boot.
Flash the latest zip from https://build.nethunter.com/android-tools/no-verity-opt-encrypt/
to turn off forced encryption at boot and allow you to boot a modified system. If you're flashing SuperSU.zip, it will also do this for you so this won't be necessary.
Warning: If you don't flash either no-verity-opt-encrypt or SuperSU, you will probably end up in a horrifying never-ending boot loop of "corruption"!
Latest SuperSU: https://download.chainfire.eu/supersu
To disable encryption after flashing SuperSU or the no-verity-opt-encrypt zip, you must use the [Format Data]
button on the Wipe page in TWRP. No other options will work.
Back up all your internal storage and apps data that you can to your PC. You can use Titanium Backup with SuperSU before doing this step if you like.
Warning: Using [Format Data] will wipe all your apps and data (including internal storage) off the phone, giving you the out-of-the-box experience of a new phone!
Once this is done, you should be able to backup/restore/use any function of TWRP without any issues.
Flashed SuperSU? You're done! Boot up (it will reboot a few times) and set up your SuperSU Manager to your liking and give this post a thanks!
Step 4: Have fun!
I know a few people have mentioned donating, there is a button right on this post under my username.
Sorry, I don't keep a list as I prefer to keep people's information confidential, but if you do send any money my way, you can request that I mention you at the bottom of this post with any details.
I ask that people please not attach files in this thread, everything required is mentioned in this post, and should be stable in its present state. Thank you.