Help each other: firehose and eng bootloader publicly available

Search This thread

maxpatri9

Member
Nov 19, 2017
18
1
Hash validity is important, and I understand that QFIL doesn't like it.
On the other hand, its functionality does work. As seen above, and as witnessed by myself, it does work.

The signature was not for LG, it was for ZTE. Qualcomm's signature for the other company is not to be completely ignored.
The ZTE firehose, if attestation can be worked around, is full and well capable of flashing our device's bootloader.

Medusa Pro was used by the original person. This is our present issue. We are working on it and the original XDA post will be expanded as soon as we have this working.
I appreciate the concern, but instilling fear in people that this is guaranteed to brick their device or that it's completely unsupported is really not helpful whatsoever.

Thank you.

Welcome to Medusa Pro Software version 2.2.1.

Started.

Reader #0: Alcor Micro USB Smart Card Reader 0

Reader #1: Alcor Micro USB Smart Card Reader 1



Model Settings:

Interface : USB

Loading custom loader C:/Users/maximo espinal/Desktop/DriverBootandFirehose/prog_ufs_firehose_sdm8250_ddr.elf file...

Core : Custom Loader UFS

Loader : prog_ufs_firehose_sdm8250_ddr.elf



Connecting...

Sending loader... Failed.

Connect unsuccessful.

i need for frp i have one with google lock
 

j1505243

Senior Member
Jan 2, 2016
487
487
Masovia
Google Nexus 5
LG G2 Mini
Sorry to break it to all of you, but, I really hope it's not a troll, but a misunderstanding in how EDL and firehoses actually work. As said by a guy in this topic – yes, a different OEM firehose can work, but with a big catch. The device needs to be unfused. Not "un" as in reversing the irreversible process done to the chip at the factory, it needs to be *never* fused.

When this can occur?
1. When device is a prototype (obviously).
2. When OEM is a nice guy or doesn't care about fusing.
3. When you swap your chip to a clean one or former owner done that with your unit.

As you see, the chances of owning such a lucky unit by mistake are pretty slim, as LG is a big OEM and V60 is a pretty fresh device, along with its SoC.

Bonus? Same rule applies to running abl signed by non-matching key.

To give you guys a tiny benefit of doubt, you may believe that somehow maybe the firehose is signed with LG key and the ZTE strings are just crap to make it less obvious by the person who created it. I didn't bother to compare the signature of XBL and this firehose by myself. Or maybe it was attempted to be used by the person who unlocked that device to trick you into believing that this firehose mattered in the process? Or even wilder assumption – a PBL exploit that made it swallow a firehose signed with a wrong key...

All I can say to mortals: abandon all hope. You'll be lucky if this post isn't an attempt of scamming you after figuring "a secret" that somehow "will make it work" and "can't be shared publicly". And absolutely exceptionally lucky if someone in possession of LG private key used it with broken strings (assuming that's possible) or even better – that there's a critical PBL flaw that lets you load any firehose. If it turns out that OP's friend owns an unfused unit, be happy for him.

the-x-files-i-want-to-believe-i30592.jpg
 

haise.zero

Senior Member
Oct 6, 2017
58
86
Pacific Northwest
LG V60 ThinQ
To give you guys a tiny benefit of doubt, you may believe that somehow maybe the firehose is signed with LG key and the ZTE strings are just crap to make it less obvious by the person who created it. I didn't bother to compare the signature of XBL and this firehose by myself. Or maybe it was attempted to be used by the person who unlocked that device to trick you into believing that this firehose mattered in the process? Or even wilder assumption – a PBL exploit that made it swallow a firehose signed with a wrong key...

All I can say to mortals: abandon all hope. You'll be lucky if this post isn't an attempt of scamming you after figuring "a secret" that somehow "will make it work" and "can't be shared publicly". And absolutely exceptionally lucky if someone in possession of LG private key used it with broken strings (assuming that's possible) or even better – that there's a critical PBL flaw that lets you load any firehose. If it turns out that OP's friend owns an unfused unit, be happy for him.


I'm not sure where you got this whole "can't be shared publicly" ordeal or anything about this somehow being a scam. Thank you for elaborating, despite the fact you did it with a taste of disdain. If you'd like to be optimistic for once, I'd ask you to take a look at this situation for yourself, and come into the server to ask more details about a scenario you're clearly not actually familiar with at the moment but rather making assumptions about.

Advice would be more than welcomed as would speculation or suggestions. It seems rude to fire shots at a thread and mislabel it in order to warp the perception of it to be somehow malicious or otherwise deceitful or "a scam." Those who have actually been in the server for more than a few minutes or at all, even, would know that I've lead this project with compassion and hope, with no goal whatsoever of getting something out of people and I would certainly never go so far as to "scam" people by purposefully creating a false positive thread.

Regardless of any personal notes, thank you for the information about how these things tend to work. I hope that it will assist in providing some sort of solution for people in the long run.
 
  • Like
Reactions: Karol75

xterminater07

Senior Member
Dec 4, 2010
1,576
476
When do you expect to release? Mods and admins, could we have a monitor on this thread so that if it is a troll post, go ahead and close it?
 
  • Like
Reactions: haise.zero

haise.zero

Senior Member
Oct 6, 2017
58
86
Pacific Northwest
LG V60 ThinQ
When do you expect to release? Mods and admins, could we have a monitor on this thread so that if it is a troll post, go ahead and close it?
I would really appreciate that it's monitored and closed would likely be the best course of action.
For the time being, no release (please see the original post that was edited earlier). However, I'm hoping that the community can pull things together and begin their research. Definitely not a troll post - which leads me to the next quote here


You keep mentioning a discord server... What's the link? I'd love to come by.
We'd love to have you. I'm not going to be as active as I usually am for a while, but it's nice for more people to come in, and I'd love for you to see the progress everyone's making.
https://discord.gg/2HpaTtxUPF

Apologies, too, by the way - didn't get a notification here from your message.
 
  • Like
Reactions: TheLoonyRebel

j1505243

Senior Member
Jan 2, 2016
487
487
Masovia
Google Nexus 5
LG G2 Mini
I'm not sure where you got this whole "can't be shared publicly" ordeal or anything about this somehow being a scam. Thank you for elaborating, despite the fact you did it with a taste of disdain. If you'd like to be optimistic for once, I'd ask you to take a look at this situation for yourself, and come into the server to ask more details about a scenario you're clearly not actually familiar with at the moment but rather making assumptions about.

Advice would be more than welcomed as would speculation or suggestions. It seems rude to fire shots at a thread and mislabel it in order to warp the perception of it to be somehow malicious or otherwise deceitful or "a scam." Those who have actually been in the server for more than a few minutes or at all, even, would know that I've lead this project with compassion and hope, with no goal whatsoever of getting something out of people and I would certainly never go so far as to "scam" people by purposefully creating a false positive thread.

Regardless of any personal notes, thank you for the information about how these things tend to work. I hope that it will assist in providing some sort of solution for people in the long run.
The fact that I listed all of the possibilities is only because I want to be completely precise. This isn't about "tending to work". Assuming that the guy with unlocked unit actually has one and that it actually happened through firehose with non-matching hash (signature), that means his specific unit is unfused, so either a preprod or clean chip-swapped. This is the only explanation to be accepted by anyone who held more than one random Qualcomm SoC proto. Rest of the explanations that I listed are not happening until proven otherwise. I feel bad for you if you were hoping to provide an unlock solution to people by seeing that a dude done the banal work of flashing an unfused device obtained from a sketchy source (that absolutely most of the times is China). You may find it out easily if you want. Protip: the characteristics that I listed and bootloader screen or getvar. I'm sorry if you're doing it all in good faith unaware.
 

Moto G.

New member
Sep 12, 2016
2
0
Luhansk
Welcome to Medusa Pro Software version 2.2.1.

Started.

Reader #0: Alcor Micro USB Smart Card Reader 0

Reader #1: Alcor Micro USB Smart Card Reader 1



Model Settings:

Interface : USB

Loading custom loader C:/Users/maximo espinal/Desktop/DriverBootandFirehose/prog_ufs_firehose_sdm8250_ddr.elf file...

Core : Custom Loader UFS

Loader : prog_ufs_firehose_sdm8250_ddr.elf



Connecting...

Sending loader... Failed.

Connect unsuccessful.

i need for frp i have one with google lock

This FIREHOSE is from ZTE, it will never work on the original LG V60. It does not matter if you use MEDUSA, OCTOPLUS or QFIL, the phone decides whether to download this file or not (the phone decides, not the software!!! Remember this).

For the phone to accept the file, you need 2 prerequisites:

1) Correct DEVICE ID

2) Public hash



If any of these do not match, the phone will never accept the FIREHOSE. You guys have been fooled, I can prove it on telegram (I rarely come here).

I have the original and working FIREHOSE, its hash is totally different, inside it is "General LGE attestation", its hash and ID is the same as the phone asks for.



You can use QlmCpuInfo utility to make sure that this file will never be accepted by the phone, using medusa or tesla cybertrac

Translated with www.DeepL.com/Translator (free version)
 

motogvasyag

Senior Member
Apr 4, 2017
58
80
25
The masters have had it for a long time, but it is in the closed access. I have it, and for a very long time (don't believe me? I'm the person who gave people FIREHOSE on LG V50/V50s/G8/G8x/G8s.

why don't they unload it? it has a very high value, masters are willing to pay $1000 to get this file. So don't naively expect it to be unloaded soon, it will probably leak in a year or sooner.
 
  • Haha
Reactions: Mr.PvT

motogvasyag

Senior Member
Apr 4, 2017
58
80
25
Sorry, I don't visit XDA that often and I logged into the wrong account (the old one, I don't know how to delete it)
 
  • Haha
Reactions: Mr.PvT

j1505243

Senior Member
Jan 2, 2016
487
487
Masovia
Google Nexus 5
LG G2 Mini
The masters have had it for a long time, but it is in the closed access. I have it, and for a very long time (don't believe me? I'm the person who gave people FIREHOSE on LG V50/V50s/G8/G8x/G8s.

why don't they unload it? it has a very high value, masters are willing to pay $1000 to get this file. So don't naively expect it to be unloaded soon, it will probably leak in a year or sooner.
So you're paying that for the useless feeling of exclusivity or hoping that nobody will sniff the packets sent through USB when cashing on it?
 

motogvasyag

Senior Member
Apr 4, 2017
58
80
25
So you're paying that for the useless feeling of exclusivity or hoping that nobody will sniff the packets sent through USB when cashing on it?
I'm not going to sell or unload anywhere else, let someone else do it. I am using this file for myself. By the way, it is impossible for me to merge a file through a sniffer, I use an encrypted file and an anti-sniffer, and most importantly, I never share a file))
 
  • Haha
Reactions: Mr.PvT

j1505243

Senior Member
Jan 2, 2016
487
487
Masovia
Google Nexus 5
LG G2 Mini
I'm not going to sell or unload anywhere else, let someone else do it. I am using this file for myself. By the way, it is impossible for me to merge a file through a sniffer, I use an encrypted file and an anti-sniffer, and most importantly, I never share a file))
Amazing ego dude xD Thankfully I don't touch devices that have to rely on leaks and my last LG was G2. Enjoy your normie prod phone.
 

JigsawMobile

Senior Member
Jan 28, 2019
95
29
LG V60 ThinQ
The masters have had it for a long time, but it is in the closed access. I have it, and for a very long time (don't believe me? I'm the person who gave people FIREHOSE on LG V50/V50s/G8/G8x/G8s.

why don't they unload it? it has a very high value, masters are willing to pay $1000 to get this file. So don't naively expect it to be unloaded soon, it will probably leak in a year or sooner.
i would still pay if someone could unlock my bootloader, i don't need a firehouse file, i just want to root my LG v60.

Do you have a prove that someone can unlock my device, and can you prove that you have rooted v60 ?
 

ps3hacker3

Senior Member
Apr 15, 2013
542
134
To much childish drama coming from numerous people in here, I will be sticking to our discord server posted above for any and all progress made on this procedure in the OP. I'll happily take a ban for a bunch of children calling each other "liars" when there is literally nothing to gain by lying about a firehose/eng boot/rooted v60.

You want to talk to me about my rooted phone you contact me there, the name is Th3-Hunter333. I don't want your money, this isn't some scam....... I'm literally here to help YOU get root as well. I paid to have it done to my phone from MY pocket. The files acquired here were captured on my desktop during the process.

LOL, dude I got my phone three days after release day here in America at the AT&T store..... I'm not lucky enough to get an "Unfused" device magically, this place has changed over the years that's for certain.

Congratulations, you got your wish. Our project organizer has left the scene for a while.

Peace & Love,
Th3-Hunter333
 
Last edited:

Hinkl

Member
Jun 26, 2021
6
0
哈希成熟很重要,我知道 QFIL 不喜欢它。
相反,它的功能确实有效。如上所见,我所见证的那样,它确实有效。

签名不是给 LG 的,是给中兴的。 对另一家公司的目标是什么。
中兴通讯消防,如果可以解决认证问题,是完整的并且能够很好地改革我们设备的引导加载。

Medusa Pro 是原人用的。这是我们目前的问题。我们正在努力,让我们开始工作,原来的 XDA 帖子将被扩展。
我很欣赏这种关怀,但让人们担心这会让他们的设备变砖或完全不受支持,这真的没有任何帮助。

谢谢

Thank you to everyone for patiently waiting - I know these forums have been dark and getting darker. I really hope that this will help bring some life back into the LG Forums; you guys deserve it.


Sorry about this, guys.

Not long ago, @ps3hacker3 and I got our hands on a firehose programmer for the Kona, and the engineering bootloader for the V60.

I created the post as I was under the assumption that we had a working method to provide the ability to unlock the device and root it. Over time as I looked more and more into it, a prevalent issue arose: Sahara refuses to communicate with us when trying to open the partition manager from QFIL.
The original process used on ps3hacker3's LMV600AM model utilized Medusa Pro, but as far as I can tell, I can't help but feel like I'm still missing a piece of this puzzle. Perhaps it's as simple as a setting configuration, and perhaps it's as complex as an entire other part of this process that I'm missing.
Nonetheless, I can leave you with two things.
A) The firehose, one way or another, despite what anybody says or doubts about it, worked on ps3hacker3's phone. Screenshots as proof are available deeper into the thread.
B) The engineering bootloader worked just as well.

I apologize for thinking that I'd gotten you halfway there, and for prematurely creating a thread that posed answers without being able to follow through on the process. In acknowledgement of the time and amount of workload and stress this project and the Stylo 6 projects have taken up in my life, I don't feel that I have the capacity to continue leading any of these projects anymore.

I would still take everything that anyone in this thread, seemingly right or wrong, said with a grain of salt and do your own research and ask people your own questions before concluding anything. It's nothing personal to do with anybody, it's just the best advice that I can give you based off of the situation. I didn't learn anything by taking everybody's word for it. Even if you're wrong at first, or the first hundred times, just keep doubting and testing theories. Keep wondering. Nobody knows everything and even well-established concepts may not be fully fleshed out, especially in the world of consumers and developers attempting to use software and files from OEMs and other manufacturers that is meant to remain unbeknownst to us. There's a lot I don't know, and a lot everyone doesn't know.

Thank you for being here with me on this journey.
I hope that the files can still make themselves useful - I have full confidence that they do.
Regardless, someone I would feel more comfortable not naming due to a recently closed thread was using them to unlock phones for high prices for people. Skipping over the drama, I just wanted to make them available for everybody. I suppose I've done my part, so please take this into your hands and give it all you've got.
The original post contents are in a dropdown below. I advise you to not blindly follow through with all of it.

It's up to you guys now - do your best.
Stay hopeful, and question everything. All the time.
Haise




NOTE:
Apparently, I overlooked a detail as I didn't think it was necessary. QPST was not used here, but rather a patched Medusa that can be found here.
The way this worked was complicated and I overlooked the fact we do not have a patched Medusa.
QPST is apparently unsuccessful at the moment.
I am working on a fix for this.
If anyone has any success with a specific QFIL or QPST version then please be sure to let us know so that I can update the post.
We have the files - hardest part is over. Now we just have to be able to use them.

Apologies to everybody who ran into troubles.
I am testing on the T-Mobile variant as soon as we're able to.

It's over.




Enter 9008:
  • Qualcomm USB 9008 drivers should be installed prior to this operation. These can be retrieved below, inside the archive along with the necessary files.
  • Your phone must be plugged into the computer prior to the rest of the process.
  • With your phone on, hold volume down and power. After about ten seconds, continue to hold power and volume down, while also spamming volume up. This works much better if your device is powered on and your screen is on, as a bar will show up on the bottom and you can initiate the volume up spamming as soon as the bar drains to empty.
  • As soon as the screen turns black, let go of all of the buttons. The device should appear in 9008 mode in the Device Manager.

I'm going to be honest, guys - I've been working on the Stylo 6 since January and the V60 from some random point a few months ago. From here my memory's foggy, I'm tired, and you guys are smart, so if someone needs help, then help each other, okay?

Generally speaking you can use QPST or another piece of software that can interact with Qualcomm devices in 9008 mode the patched Medusa from the link at the top of the post to flash the engineering bootloader. You will use the firehose attached below along with the eng boot for this.
I don't know why it is that Medusa is required. It is unfortunate.

之前的V40线是几乎相同的,有很多之前的支持和回答问题的,绝大多数的时间,可以适应当前模型和文件。它们还涵盖了我没有涉及的许多潜在问题,强烈建议您查看该线程。


善待。要有耐心。要有礼貌。分享。


享受。
海色
[/剧透]



[人力资源][/人力资源]

特别感谢 @ps3hacker3 参与我的 Discord 服务器并在最后一秒与我一起设法获取文件。
在这里向他和他的合作伙伴捐款:PayPal.me
Thank you for the tutorial.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 10
    Thank you to everyone for patiently waiting - I know these forums have been dark and getting darker. I really hope that this will help bring some life back into the LG Forums; you guys deserve it.


    Sorry about this, guys.

    Not long ago, @ps3hacker3 and I got our hands on a firehose programmer for the Kona, and the engineering bootloader for the V60.

    I created the post as I was under the assumption that we had a working method to provide the ability to unlock the device and root it. Over time as I looked more and more into it, a prevalent issue arose: Sahara refuses to communicate with us when trying to open the partition manager from QFIL.
    The original process used on ps3hacker3's LMV600AM model utilized Medusa Pro, but as far as I can tell, I can't help but feel like I'm still missing a piece of this puzzle. Perhaps it's as simple as a setting configuration, and perhaps it's as complex as an entire other part of this process that I'm missing.
    Nonetheless, I can leave you with two things.
    A) The firehose, one way or another, despite what anybody says or doubts about it, worked on ps3hacker3's phone. Screenshots as proof are available deeper into the thread.
    B) The engineering bootloader worked just as well.

    I apologize for thinking that I'd gotten you halfway there, and for prematurely creating a thread that posed answers without being able to follow through on the process. In acknowledgement of the time and amount of workload and stress this project and the Stylo 6 projects have taken up in my life, I don't feel that I have the capacity to continue leading any of these projects anymore.

    I would still take everything that anyone in this thread, seemingly right or wrong, said with a grain of salt and do your own research and ask people your own questions before concluding anything. It's nothing personal to do with anybody, it's just the best advice that I can give you based off of the situation. I didn't learn anything by taking everybody's word for it. Even if you're wrong at first, or the first hundred times, just keep doubting and testing theories. Keep wondering. Nobody knows everything and even well-established concepts may not be fully fleshed out, especially in the world of consumers and developers attempting to use software and files from OEMs and other manufacturers that is meant to remain unbeknownst to us. There's a lot I don't know, and a lot everyone doesn't know.

    Thank you for being here with me on this journey.
    I hope that the files can still make themselves useful - I have full confidence that they do.
    Regardless, someone I would feel more comfortable not naming due to a recently closed thread was using them to unlock phones for high prices for people. Skipping over the drama, I just wanted to make them available for everybody. I suppose I've done my part, so please take this into your hands and give it all you've got.
    The original post contents are in a dropdown below. I advise you to not blindly follow through with all of it.

    It's up to you guys now - do your best.
    Stay hopeful, and question everything. All the time.
    Haise




    NOTE:
    Apparently, I overlooked a detail as I didn't think it was necessary. QPST was not used here, but rather a patched Medusa that can be found here.
    The way this worked was complicated and I overlooked the fact we do not have a patched Medusa.
    QPST is apparently unsuccessful at the moment.
    I am working on a fix for this.
    If anyone has any success with a specific QFIL or QPST version then please be sure to let us know so that I can update the post.
    We have the files - hardest part is over. Now we just have to be able to use them.

    Apologies to everybody who ran into troubles.
    I am testing on the T-Mobile variant as soon as we're able to.

    It's over.




    Enter 9008:
    • Qualcomm USB 9008 drivers should be installed prior to this operation. These can be retrieved below, inside the archive along with the necessary files.
    • Your phone must be plugged into the computer prior to the rest of the process.
    • With your phone on, hold volume down and power. After about ten seconds, continue to hold power and volume down, while also spamming volume up. This works much better if your device is powered on and your screen is on, as a bar will show up on the bottom and you can initiate the volume up spamming as soon as the bar drains to empty.
    • As soon as the screen turns black, let go of all of the buttons. The device should appear in 9008 mode in the Device Manager.

    I'm going to be honest, guys - I've been working on the Stylo 6 since January and the V60 from some random point a few months ago. From here my memory's foggy, I'm tired, and you guys are smart, so if someone needs help, then help each other, okay?

    Generally speaking you can use QPST or another piece of software that can interact with Qualcomm devices in 9008 mode the patched Medusa from the link at the top of the post to flash the engineering bootloader. You will use the firehose attached below along with the eng boot for this.
    I don't know why it is that Medusa is required. It is unfortunate.

    The previous V40 thread is practically identical and has a lot of prior support and questions answered that, the vast majority of the time, can be adapted to the current model and files. They also cover many potential problems that I did not, and it is strongly recommended that you review that thread.


    Be kind. Be patient. Be courteous. Share.


    And enjoy.
    Haise





    Special thanks to @ps3hacker3 for participating in my Discord server and working with me last second on managing to obtain the files.
    Donate to him and his partner here: PayPal.me
    4
    For devices that have replaced the CPU, the firehose signature is not verified. You can view it through *#546368#*model#-SVC Menu-MID Info-IMPL
    Thank you very much for your reminder, my website is no longer operating.
    This further solidifies my theory, luckily enough. It doesn't pass attestation, but it does function correctly.
    So... that's it.
    Working on getting the firehose to work tonight. I do know that it does indeed function because we have someone who has an unlocked bootloader because of it. 😉
    It may not officially support the V60 due to it being designed for ZTE, but it does functionally support it. Perhaps it's because this is the Kona processor, which is the prototype version of the processor. Either way, it functionally supports it, and the obstacle of getting around attestation is much less daunting to me than not having the files we need or knowing how to unlock the device.
    4
    This is the firehose file of ZTE phone,not support LG phones.
    CN = QCT Attestation CA O = QUALCOMM OU = General ztemt attestation L = San Diego S = CA C = USView attachment 5347163
    Except that it did.
    So... say what you will. I genuinely witnessed this file get used. Speculate about the details with someone else. I'm not here to debate. I'm here to provide.

    Next time consider asking some questions instead of pointing a finger and implying that I'm wrong because of some information you have without actually elaborating.
    I wouldn't be here if it didn't actually work.

    <3

    EDIT:
    Hey, also, your port 8888 is open, and thus so is your site login.
    Also, your site is really broken.
    Best of luck :)
    4
    I'm not sure. I have the TMO and I'll be trying I'm a little while. I'll update the post to let everyone know so be sure to keep an eye on it
    Thanks for all the hard work!
    3
    It's my understanding people are having trouble with QPST.
    We used a patched Medusa and it seems unfortunately that it was necessary. I'll be updating the post shortly. :)