[LS997|VS995|H910|F800L] DirtySanta Bootloader unlock and Root guide

Search This thread
Dec 3, 2020
32
1
No output from DirtySanta in Logcat. Only this. Why?! Can't reboot into fastboot mode either. Is there another root method? LAF? Edit the KDZ?:

Code:
01-01 14:57:46.922  7114  7117 I exploit : [*] /proc/self/mem 1367343104 1048576
01-01 14:57:46.922  7114  7114 I exploit : [*] exploited 0x7c997b7000=10102464c457f
 
Dec 3, 2020
32
1
Jesus:
The aboot.img replaces the boot image on the phone. This is part of the rooting. It's an altered bootloader that is part of the rooting. However, it often seems to leave people with a static screen.
 

wayase8080

Member
Feb 27, 2021
30
5
For some reason the step3.sh had a miss-typed boot1.img on the 16th line and I'm a retard and didn't notice it. Now my phone has the same static screen that many have encountered in this thread already whenever I shut it down completely or restart it, I also can't use adb nor fastboot from my computer, because the phone keeps connecting and disconnecting. And I also can't copy the files manually from the phone because I don't have root privileges. "id" in the terminal emulator still shows "untrusted app". Any help would be very much appreciated.
 
Dec 3, 2020
32
1
For some reason the step3.sh had a miss-typed boot1.img on the 16th line and I'm a retard and didn't notice it. Now my phone has the same static screen that many have encountered in this thread already whenever I shut it down completely or restart it, I also can't use adb nor fastboot from my computer, because the phone keeps connecting and disconnecting. And I also can't copy the files manually from the phone because I don't have root privileges. "id" in the terminal emulator still shows "untrusted app". Any help would be very much appreciated.

Try covering the light sensor and report back.

I can't get into fastboot. I think aboot.img is copied and I have a root prompt via run-as con but the new boot.img isn't actually being applied to the boot partition. It would be good to know for sure if it's being applied. No info about this in logcat. Just ....etc..exploited.

I've been trying to get this working for a year now with 3 phones. It's quite annoying.
 

wayase8080

Member
Feb 27, 2021
30
5
Try covering the light sensor and report back.

I can't get into fastboot. I think aboot.img is copied and I have a root prompt via run-as con but the new boot.img isn't actually being applied to the boot partition. It would be good to know for sure if it's being applied. No info about this in logcat. Just ....etc..exploited.

I've been trying to get this working for a year now with 3 phones. It's quite annoying.

I'm glad this thread is still active. I managed to get that particular problem working yesterday, but ran into some more problems along the road. First, I tried to flash Magisk and then SuperSU with both running in the same error as: https://forum.xda-developers.com/attachments/img_20210120_010234-jpg.5192927/
So I tried to flash a Rom to it without root privileges, since it should theoretically work as the boot loader is already unlocked, but that didn't work as expected... Right now I'm stuck where the phone has English warning message instead of the Korean one, but it vibrates all the time and doesn't boot anywhere, all you can see is a very dim circle that smoothly flashes on and off every 2-3 seconds. When I try to "Chicken dance" into TWRP (Vol -, then Power for 2s and Power again.) It takes me to the White screen to erase stuff, and then (I'm assuming the same) circle appears, but this time it is pulsating in and out with small colorful waves around it and a bottom text saying "Erasing", after that the same thing happens... dim circle that smoothly flashes on and off every 2-3 seconds. I tried to leave it on for at least 35-40 minutes with no change. I'll try to flash TWRP from Download mode and see if that helps anything, or is even possible and report back, I still have hope that it is fixable.
 

wayase8080

Member
Feb 27, 2021
30
5
Alright, I think I "fixed" it. I flashed TWRP in Download mode, first the old version mentioned in The guide, but that one couldn't flash Lineage with either an Error 7 or Could not find META-INF/com/google/android/update-binary when I deleted the assert lines. Then I installed the 3.3... version for US996, and "successfully" installed Lineage, but got a Kernel crash at the boot-up, I think installing a different kernel will fix it, but I'm not sure if I need root access or not to do that, I'm also not sure which one to install, but I think I'll go with the Gamma Kernel.
 

wayase8080

Member
Feb 27, 2021
30
5
Well, I tried version 15, 16, 17 of LineageOS, with either a gamma kernel, or the ezv2020 kernel, none of which solved the problem. I'll keep looking for any potential solutions, but for now I'm requesting help here, it would be very much appreciated. I'm also not sure if I unlocked the boot loader properly, but in the boot loader it says that it is "unlocked: yes", but whenever I power the device on, I get the red triangle warning, even though in the original guide in this thread it said it's normal, I heard somewhere that it should show a yellow/orange triangle instead.
 

Attachments

  • kernel_crash.jpg
    kernel_crash.jpg
    59.5 KB · Views: 26

wayase8080

Member
Feb 27, 2021
30
5
Alright, after a bunch of kernel modifying and re-compiling, I've got it solved... I think. I played with a bunch of modem.imgs and while none of them helped, flashing and re flashing different modified kernels did, right now I've settled on "gamma-kernel-SS-2018-09-13-us996" with custom band modifiers, and successfully booted into Lineage 17.1 for 996, but the phone is far from ideal right now. The camera, 5GHz wifi, flashlight, DAC, proximity sensor, fingerprint sensor, and a bunch of other things do not work, the phone isn't even able to play a HVEC encoded 720p video file. But I believe it is fixable and not relevant to this thread. So thank you, DontReuseUsernames, for the tip of covering the light sensor and temporarily fixing the Static screen, without that I might not have gotten where I am now. And thanks to everyone in this thread for putting so much work into this exploit.
 
  • Like
Reactions: DontReuseUsernames

wayase8080

Member
Feb 27, 2021
30
5
When I download the v20-root.zip file, it's identified as a trojan by my browser and Windows antivirus- https://www.androidfilehost.com/?fid=457095661767122821

Anyone know where I can find a good copy?
First of all, using Windows and such browser are the probably the bigger issues, but whatever. I read through the first ~120 pages of this thread and I haven't seen anyone with the same problem, so it is most likely not a Trojan, furthermore, the only files that you are executing are the step (in your case) .bat executables, which you can freely inspect and modify for yourself and only contain a collection of adb and fastboot commands for your convenience. I would just try different mirrors on androidfilehost, since it is still possible that you have downloaded a corrupted copy, until you find one that isn't identified as a "Trojan", but at the end of the day it might just be miss-identified as a virus. Here is a mediafire link to the unzipped files, be sure to check the .bat executables regardless, since you never know and there was a miss-spelled 'boot1.img' in one of the .sh scripts and it softbricked my bootloader.
 

wayase8080

Member
Feb 27, 2021
30
5
No output from DirtySanta in Logcat. Only this. Why?! Can't reboot into fastboot mode either. Is there another root method? LAF? Edit the KDZ?:

Code:
01-01 14:57:46.922  7114  7117 I exploit : [*] /proc/self/mem 1367343104 1048576
01-01 14:57:46.922  7114  7114 I exploit : [*] exploited 0x7c997b7000=10102464c457f
Sorry for unintentionally ignoring your post until now, but if it is of any help: I encountered the same issue, where logcat gave no output, neither through adb, nor on the terminal emulator on the phone itself apart from the same lines you posted, I've tried looking at the logfile manually, but to no avail. I still proceeded regardless since I've regained the shell prompt and terminal output showed a successful exploit... and from what I can tell, it turned out fine. My best guess would be that maybe the command is deprecated for something newer, similar to 'fastboot flash' being replaced by 'fastboot flash:raw', or the command being updated and no longer showing the desired lines such as 'dirty santa', but the guess itself is a very wild one.
 

vinhnbvn

New member
Sep 16, 2019
1
0
You can help me
I always come across this screen after running command 'fastboot flash boot bootbackup.img'
i use lg v20 f800L korean Uplus android 7 nougat version 10e
thank you very much
 

jailedmike

Senior Member
May 2, 2018
60
4
Moto E 2015
LG V20
Sorry for unintentionally ignoring your post until now, but if it is of any help: I encountered the same issue, where logcat gave no output, neither through adb, nor on the terminal emulator on the phone itself apart from the same lines you posted, I've tried looking at the logfile manually, but to no avail. I still proceeded regardless since I've regained the shell prompt and terminal output showed a successful exploit... and from what I can tell, it turned out fine. My best guess would be that maybe the command is deprecated for something newer, similar to 'fastboot flash' being replaced by 'fastboot flash:raw', or the command being updated and no longer showing the desired lines such as 'dirty santa', but the guess itself is a very wild one.
Because this root method sucks compared to the newer one... Vortell has looked it many times
 

wayase8080

Member
Feb 27, 2021
30
5
You can help me
I always come across this screen after running command 'fastboot flash boot bootbackup.img'
i use lg v20 f800L korean Uplus android 7 nougat version 10e
thank you very much
The static screen is apparently a consequence of flashing boot1.img when unlocking the bootloader, I myself don't know how to fix it permanently, but I think there should be some answers in this thread. A temporary solution is holding your finger against the proximity sensor and pressing the power off button to lock it and then press it again to power it on.
 

xxseva44

Senior Member
  • May 16, 2019
    188
    54
    Canada
    The static screen is apparently a consequence of flashing boot1.img when unlocking the bootloader, I myself don't know how to fix it permanently, but I think there should be some answers in this thread. A temporary solution is holding your finger against the proximity sensor and pressing the power off button to lock it and then press it again to power it on.
    dirty santa breaks something related to the second screen, solution is to flash a kernel that has that issue patched, vs995 has said patch, although if your not on a us996 variant (vs995, h910, h915, us996) DO NOT FLASH a vs995 kernel
     
    • Like
    Reactions: virginwidow

    ElMudshark

    Member
    Apr 29, 2018
    20
    3
    Upstate NY
    10gjiht.jpg

    This method will, when completed, will provide you with root and an unlocked bootloader, with fastboot available. It is a somewhat involved process, but the majority of the process has been simplified as much as possible.

    WARNING!!!!This replaces your current bootloader with a debug bootloader. If you attempt to lock this bootloader you may brick your device.
    Currently AT&T(H910) and Sprint(LS997) cannot return to stock because no KDZ files are available.

    Disclaimer:
    Once your phone is unlocked, it will no longer be covered by LG warranty @me2151.
    As we cannot guarantee the proper operation of our hardware with custom software, we are not able to maintain the full scope of warranty for your device after you have unlocked the bootloader.
    Because of that we have a responsibility to let you know that defects which may result from, or were caused by custom device-software may not be covered by LG warranty @me2151.

    LG @me2151 can no longer guarantee the full functionality of your device after you unlock the bootloader. Unlocking your device may cause unexpected side effects that may include but are not limited to the following:
    ***Your device may stop working.
    ***Certain features and functionalities may be disabled.*
    ***Your device may become unsafe to the point of causing you harm.
    ***Your device becomes physically damaged due to overheating.
    ***The behavior of your device may be altered.
    ***Some content on your device may no longer be accessible or playable due to invalid DRM keys.*
    ***All your user data, settings, and accounts may disappear. (Therefore, we recommend that*you*backup all your data).
    ** -*Software updates delivered via LG FOTA (Firmware Over the Air) or Web Download services may not work on your device anymore.
    LG @me2151 will not be responsible for the damages caused by any*custom software being flashed to your phone.

    Known Issues:
    AM&FM Radio no longer works
    Boot time higher
    No way to revert to stock(LS997/H910)
    Possible overdose of root awesomeness!
    Maybe more. Let us know!

    Links:
    - v20-root.zip
    - TWRP
    - Terminal Emulator
    - Newest SuperSU(SuperSU v2.78 SR5 or greater is needed)
    -Stock LS997 rom. for Sprint users only. (Fix's numerous problems)



    Pre-requisites:
    - ADB and fastboot setup and Installed
    - Terminal Emulator installed onto the phone.
    - The above links downloaded and SuperSU placed on the SD Card.

    Working Devices:
    - Verizon (VS995)
    - Sprint (LS997)
    - ATT (H910)
    - Korean(F800L)
    Note: International Variants (E.g.H990DS) May get supported in the future, but are currently being worked on at the moment. If you attempt to use this method on Unsupported Devices(any V20 not listed in working devices) then you are in uncharted territory. It will almost definitely brick your device. YOU HAVE BEEN WARNED!!!!

    This will tutorial will be broken up into 2 sections, during the second section the instructions will differ depending on the variant of the phone you are using.


    - Unlocking the Bootloader:

    1) Copy all the files from inside the "Required Files" (Inside the unzipped "v20-root" folder) and paste it into your active ADB directory. Then copy and paste twrp-3.0.2-1-us996.img to your active ADB directory.

    2) If you currently don't have Terminal Emulator then go and download and install now.

    3) Plug your device into the computer and verify ADB is working. Then;

    On Windows, double-click "RUNMEFIRST.bat, DO NOT CLOSE THE LOG WINDOW THAT OPENS, then double-click "Step1.bat"

    On Linux/MacOS ("#" Signifies a comment below)
    Code:
    ./RUNMEFIRST.sh
    # OR
    bash ./RUNMEFIRST.sh
    Open a Separate Terminal next to the RUNMEFIRST terminal, then type:
    Code:
    ./Step1.sh
    # OR
    bash ./Step1.sh
    When you run The sh or Bat files there will be a Permission denied error on 2 files: Flatland and Flatland64. This is normal and nothing to worry about.
    3.5) Wait for a shell prompt, then type (or copy):
    Code:
    run-as con
    chmod 0777 /storage/emulated/0/*

    4) Open Up Terminal Emulator
    Type:
    Code:
    id
    Check if context is "Untrusted_app"
    t8WSPZw.png

    If "Untrusted_app" is displayed, Continue:
    Type into Terminal Emulator:
    Code:
    applypatch /system/bin/atd /storage/emulated/0/dirtysanta

    If it doesn't show up as "Untrusted_app", repeat the above steps from Number 1

    5) Watch the RUNMEFIRST dialog for when it tells you to run Step2. Then;

    On Windows, double-click "Step2.bat"

    On Linux/MacOS, type:
    Code:
    ./Step2.sh
    # OR
    Bash ./Step2.sh

    Once step 2 is completed, you'll be in bootloader, procced to "Flashing TWRP" section to continue.

    Note/Warning: Verizon Users Vibrator will be constantly going off, until the whole process is complete (Past Android Setup Wizard).


    - Flashing TWRP and Fixing Varient Issues:
    1) Run Step3, so TWRP can be flashed and a working boot.img flashed (Fix's screen problem) by;

    On Windows, double-click "Step3.bat"

    On Linux/MacOS, type:
    Code:
    ./Step3.sh
    # OR
    Bash ./Step3.sh
    ******Sidenote******
    If you get message saying <waiting for device> on Step3.bat then you do not have the fastboot drivers installed(you may have the program but not the drivers).
    To fix: Go to your device manager while the device is connected in fasboot and right click the item that says Android and select update drivers. Then select from internet. and let it install the drivers then try step3.bat again.
    *************
    2) After you're rebooted, and back at the main lockscreen, type;
    Code:
    adb reboot recovery

    Your device will reboot to an LG screen. Keep checking adb devices for your device.
    Then type:
    Code:
    adb reboot recovery
    ***********
    Device should display a red triangle and say corrupt, then it will boot into TWRP.

    3)Once in TWRP, Press Cancel on the password prompt and then swipe to allow system modifications.
    Note:If you wish to make a back up now, you MUST save it to your SD card, and you cannot backup the data partition.
    After the backup is complete, return to the main menu and hit wipe then select ?Format Data?, and follow the instructions there.

    4) Steps below will differ, depending on what model you have, choose the correct model and follow its method.
    - Verizon(VS995) and ATT(H910):​
    4.1) Flash SuperSU.zip
    4.2) Go back to Main-menu > Wipe > [Format Data] > Type ?Yes?​
    4.3) Go back to Wipe > Advanced > Check Dalvik, Data and Cache > Slide to wipe​
    4.4) Go back to Main-menu > Reboot > System​
    - Sprint(LS997):​
    4.1) Go to Wipe > Advanced > Check Dalvik, System, Data and Cache > Slide to wipe​
    4.2) Go back to Wipe > [Format Data] > Type ?Yes?​
    4.3) Go back to Main menu > Install > LS997 Stock Rom then Flash SuperSU.zip
    4.4) Go back to Main-menu > Reboot > System(you will get static on boot. this is normal)​
    4.5) Sprint users are Done at this point. You do not need anything else. Everything will work except static on boot.​
    Note:Any following Instructions are for all devices again.

    5) During reboot you will get a Red Triangle with a "!" inside, this is normal (First boot after flashing SuperSu will show the Red triangle twice.Wait for system to boot (this will take awhile). It may appear like the system has frozen but it has not. JUST WAIT!
    *****VERIZON USERS******
    It has come to my attention that some users have encountered abnormally long first boot time(over 20 minutes before first time setup)
    To resolve this issue:
    Boot into bootloader by pulling the battery and reinserting it and holding VOL- and phugging in the phone. then typing:
    Code:
    fastboot flash boot bootbackup.img
    fastboot reboot
    **************
    *****ALL USERS*****
    If you encounter a "Secure Boot" Password then booting the first time you did not Format data properly.
    To reiterate: To properly decrypt the device you need to boot into TWRP and go to WIPE->FORMAT DATA and you will be prompted to type "yes" to format and decrypt.
    **************
    Once you are booted and have proceeded through the setup wizard, re-enable Android Debugging (ADB) if not already enabled.
    Type:
    Code:
    adb reboot bootloader

    6) Once inside bootloader, Type:
    Code:
    fastboot flash boot bootbackup.img
    When it says finished, Type:
    Code:
    fastboot reboot
    The device will boot back into system.

    WARNING:This is a required step for non sprint users, it prevents background crashes and fix's battery drain. If you do NOT follow this then the device will have bad battery life, be laggy and crashes will occur regularly.

    7) Once full booted back into android, Type;
    Code:
    adb reboot recovery

    8) Once TWRP loads, Then;
    - Flash SuperSU.zip
    - Go back to Wipe > Advanced > Check Dalvik and Cache > Slide to wipe
    - Go back to Main-menu > Reboot > System

    You now should have a rooted LG v20, download your favorite root checker app and verify root.
    Note:For a root app to work, it will have to support Systemless root.


    Contributers/Developers:
    @me2151(General)
    @glitschi667(General)
    @EMSpilot(Debug device) #3
    @elliwigy(Ideas and testing) #5
    @Matt07211(Formatting this awesome guide and helping out with general stuffs)#4
    @1619415(Awesome Santa Pic at the top!)#8
    How do I meet the pre-requisite:
    - ADB and fastboot setup and Installed?
    Thanks,
    Noob, can't ya tell?
     

    virginwidow

    Senior Member
    Mar 6, 2013
    162
    15
    Knoxvegas TN
    Moto X Pure
    LG V20
    on a us996 variant (vs995, h910, h915, us996) DO NOT FLASH a vs995 kernel
    Before I toss another C-note into the fire (they may yet still be a way to revive the US996 ( I hozed, for lack of a clear & valid Man-Page) -

    You're saying the variants listed ^^ are essentially the same hardware with different firmware?

    It's cheaper to order the board off Ail-Express and have shop replace it (My hands are too far gone for micro-surgury now)

    Right now I've got a US996 that fastboot / adb "see" but can't DO anything with... LGUP, uppercut are saying "No Recognized Device"

    Any thot's Please?

    locked bootloader.jpg
     

    dornz

    Senior Member
    Feb 19, 2013
    522
    93
    Before I toss another C-note into the fire (they may yet still be a way to revive the US996 ( I hozed, for lack of a clear & valid Man-Page) -

    You're saying the variants listed ^^ are essentially the same hardware with different firmware?

    It's cheaper to order the board off Ail-Express and have shop replace it (My hands are too far gone for micro-surgury now)

    Right now I've got a US996 that fastboot / adb "see" but can't DO anything with... LGUP, uppercut are saying "No Recognized Device"

    Any thot's Please?

    View attachment 5309517
    Dont own this device anymore (excellent phone) but when you open LGup do it as administrator (run as adminstrator) if that does not work? Try lg flashtool 2014 it was the only one that ever let me flash devices back to stock, Devices: H910, F800l,
    Good luck with it
     
    • Like
    Reactions: virginwidow

    Top Liked Posts

    • There are no posts matching your filters.
    • 1
      Before I toss another C-note into the fire (they may yet still be a way to revive the US996 ( I hozed, for lack of a clear & valid Man-Page) -

      You're saying the variants listed ^^ are essentially the same hardware with different firmware?

      It's cheaper to order the board off Ail-Express and have shop replace it (My hands are too far gone for micro-surgury now)

      Right now I've got a US996 that fastboot / adb "see" but can't DO anything with... LGUP, uppercut are saying "No Recognized Device"

      Any thot's Please?

      View attachment 5309517
      Dont own this device anymore (excellent phone) but when you open LGup do it as administrator (run as adminstrator) if that does not work? Try lg flashtool 2014 it was the only one that ever let me flash devices back to stock, Devices: H910, F800l,
      Good luck with it
      1
      First of all, using Windows and such browser are the probably the bigger issues, but whatever. I read through the first ~120 pages of this thread and I haven't seen anyone with the same problem, so it is most likely not a Trojan, furthermore, the only files that you are executing are the step (in your case) .bat executables, which you can freely inspect and modify for yourself and only contain a collection of adb and fastboot commands for your convenience. I would just try different mirrors on androidfilehost, since it is still possible that you have downloaded a corrupted copy, until you find one that isn't identified as a "Trojan", but at the end of the day it might just be miss-identified as a virus. Here is a mediafire link to the unzipped files, be sure to check the .bat executables regardless, since you never know and there was a miss-spelled 'boot1.img' in one of the .sh scripts and it softbricked my bootloader.
      Yes by definition it's a trojan. A 0day one. That's how we get root access. Thier is a cve and everything. It's just one that we have the source code for. That means we know it's not doing anything later what we want it to.
    • 176
      10gjiht.jpg

      This method will, when completed, will provide you with root and an unlocked bootloader, with fastboot available. It is a somewhat involved process, but the majority of the process has been simplified as much as possible.

      WARNING!!!!This replaces your current bootloader with a debug bootloader. If you attempt to lock this bootloader you may brick your device.
      Currently AT&T(H910) and Sprint(LS997) cannot return to stock because no KDZ files are available.

      Disclaimer:
      Once your phone is unlocked, it will no longer be covered by LG warranty @me2151.
      As we cannot guarantee the proper operation of our hardware with custom software, we are not able to maintain the full scope of warranty for your device after you have unlocked the bootloader.
      Because of that we have a responsibility to let you know that defects which may result from, or were caused by custom device-software may not be covered by LG warranty @me2151.

      LG @me2151 can no longer guarantee the full functionality of your device after you unlock the bootloader. Unlocking your device may cause unexpected side effects that may include but are not limited to the following:
      ***Your device may stop working.
      ***Certain features and functionalities may be disabled.*
      ***Your device may become unsafe to the point of causing you harm.
      ***Your device becomes physically damaged due to overheating.
      ***The behavior of your device may be altered.
      ***Some content on your device may no longer be accessible or playable due to invalid DRM keys.*
      ***All your user data, settings, and accounts may disappear. (Therefore, we recommend that*you*backup all your data).
      ** -*Software updates delivered via LG FOTA (Firmware Over the Air) or Web Download services may not work on your device anymore.
      LG @me2151 will not be responsible for the damages caused by any*custom software being flashed to your phone.

      Known Issues:
      AM&FM Radio no longer works
      Boot time higher
      No way to revert to stock(LS997/H910)
      Possible overdose of root awesomeness!
      Maybe more. Let us know!

      Links:
      - v20-root.zip
      - TWRP
      - Terminal Emulator
      - Newest SuperSU(SuperSU v2.78 SR5 or greater is needed)
      -Stock LS997 rom. for Sprint users only. (Fix's numerous problems)



      Pre-requisites:
      - ADB and fastboot setup and Installed
      - Terminal Emulator installed onto the phone.
      - The above links downloaded and SuperSU placed on the SD Card.

      Working Devices:
      - Verizon (VS995)
      - Sprint (LS997)
      - ATT (H910)
      - Korean(F800L)
      Note: International Variants (E.g.H990DS) May get supported in the future, but are currently being worked on at the moment. If you attempt to use this method on Unsupported Devices(any V20 not listed in working devices) then you are in uncharted territory. It will almost definitely brick your device. YOU HAVE BEEN WARNED!!!!

      This will tutorial will be broken up into 2 sections, during the second section the instructions will differ depending on the variant of the phone you are using.


      - Unlocking the Bootloader:

      1) Copy all the files from inside the "Required Files" (Inside the unzipped "v20-root" folder) and paste it into your active ADB directory. Then copy and paste twrp-3.0.2-1-us996.img to your active ADB directory.

      2) If you currently don't have Terminal Emulator then go and download and install now.

      3) Plug your device into the computer and verify ADB is working. Then;

      On Windows, double-click "RUNMEFIRST.bat, DO NOT CLOSE THE LOG WINDOW THAT OPENS, then double-click "Step1.bat"

      On Linux/MacOS ("#" Signifies a comment below)
      Code:
      ./RUNMEFIRST.sh
      # OR
      bash ./RUNMEFIRST.sh
      Open a Separate Terminal next to the RUNMEFIRST terminal, then type:
      Code:
      ./Step1.sh
      # OR
      bash ./Step1.sh
      When you run The sh or Bat files there will be a Permission denied error on 2 files: Flatland and Flatland64. This is normal and nothing to worry about.
      3.5) Wait for a shell prompt, then type (or copy):
      Code:
      run-as con
      chmod 0777 /storage/emulated/0/*

      4) Open Up Terminal Emulator
      Type:
      Code:
      id
      Check if context is "Untrusted_app"
      t8WSPZw.png

      If "Untrusted_app" is displayed, Continue:
      Type into Terminal Emulator:
      Code:
      applypatch /system/bin/atd /storage/emulated/0/dirtysanta

      If it doesn't show up as "Untrusted_app", repeat the above steps from Number 1

      5) Watch the RUNMEFIRST dialog for when it tells you to run Step2. Then;

      On Windows, double-click "Step2.bat"

      On Linux/MacOS, type:
      Code:
      ./Step2.sh
      # OR
      Bash ./Step2.sh

      Once step 2 is completed, you'll be in bootloader, procced to "Flashing TWRP" section to continue.

      Note/Warning: Verizon Users Vibrator will be constantly going off, until the whole process is complete (Past Android Setup Wizard).


      - Flashing TWRP and Fixing Varient Issues:
      1) Run Step3, so TWRP can be flashed and a working boot.img flashed (Fix's screen problem) by;

      On Windows, double-click "Step3.bat"

      On Linux/MacOS, type:
      Code:
      ./Step3.sh
      # OR
      Bash ./Step3.sh
      ******Sidenote******
      If you get message saying <waiting for device> on Step3.bat then you do not have the fastboot drivers installed(you may have the program but not the drivers).
      To fix: Go to your device manager while the device is connected in fasboot and right click the item that says Android and select update drivers. Then select from internet. and let it install the drivers then try step3.bat again.
      *************
      2) After you're rebooted, and back at the main lockscreen, type;
      Code:
      adb reboot recovery

      Your device will reboot to an LG screen. Keep checking adb devices for your device.
      Then type:
      Code:
      adb reboot recovery
      ***********
      Device should display a red triangle and say corrupt, then it will boot into TWRP.

      3)Once in TWRP, Press Cancel on the password prompt and then swipe to allow system modifications.
      Note:If you wish to make a back up now, you MUST save it to your SD card, and you cannot backup the data partition.
      After the backup is complete, return to the main menu and hit wipe then select ?Format Data?, and follow the instructions there.

      4) Steps below will differ, depending on what model you have, choose the correct model and follow its method.

      - Verizon(VS995) and ATT(H910):
      4.1) Flash SuperSU.zip
      4.2) Go back to Main-menu > Wipe > [Format Data] > Type ?Yes?
      4.3) Go back to Wipe > Advanced > Check Dalvik, Data and Cache > Slide to wipe
      4.4) Go back to Main-menu > Reboot > System

      - Sprint(LS997):
      4.1) Go to Wipe > Advanced > Check Dalvik, System, Data and Cache > Slide to wipe
      4.2) Go back to Wipe > [Format Data] > Type ?Yes?
      4.3) Go back to Main menu > Install > LS997 Stock Rom then Flash SuperSU.zip
      4.4) Go back to Main-menu > Reboot > System(you will get static on boot. this is normal)
      4.5) Sprint users are Done at this point. You do not need anything else. Everything will work except static on boot.
      Note:Any following Instructions are for all devices again.

      5) During reboot you will get a Red Triangle with a "!" inside, this is normal (First boot after flashing SuperSu will show the Red triangle twice.Wait for system to boot (this will take awhile). It may appear like the system has frozen but it has not. JUST WAIT!
      *****VERIZON USERS******
      It has come to my attention that some users have encountered abnormally long first boot time(over 20 minutes before first time setup)
      To resolve this issue:
      Boot into bootloader by pulling the battery and reinserting it and holding VOL- and phugging in the phone. then typing:
      Code:
      fastboot flash boot bootbackup.img
      fastboot reboot
      **************
      *****ALL USERS*****
      If you encounter a "Secure Boot" Password then booting the first time you did not Format data properly.
      To reiterate: To properly decrypt the device you need to boot into TWRP and go to WIPE->FORMAT DATA and you will be prompted to type "yes" to format and decrypt.
      **************
      Once you are booted and have proceeded through the setup wizard, re-enable Android Debugging (ADB) if not already enabled.
      Type:
      Code:
      adb reboot bootloader

      6) Once inside bootloader, Type:
      Code:
      fastboot flash boot bootbackup.img
      When it says finished, Type:
      Code:
      fastboot reboot
      The device will boot back into system.

      WARNING:This is a required step for non sprint users, it prevents background crashes and fix's battery drain. If you do NOT follow this then the device will have bad battery life, be laggy and crashes will occur regularly.

      7) Once full booted back into android, Type;
      Code:
      adb reboot recovery

      8) Once TWRP loads, Then;
      - Flash SuperSU.zip
      - Go back to Wipe > Advanced > Check Dalvik and Cache > Slide to wipe
      - Go back to Main-menu > Reboot > System

      You now should have a rooted LG v20, download your favorite root checker app and verify root.
      Note:For a root app to work, it will have to support Systemless root.


      Contributers/Developers:
      @me2151(General)
      @glitschi667(General)
      @EMSpilot(Debug device) #3
      @elliwigy(Ideas and testing) #5
      @Matt07211(Formatting this awesome guide and helping out with general stuffs)#4
      @1619415(Awesome Santa Pic at the top!)#8
      60
      Alright guys. Its time for some fixes!!!
      For our known issues:
      Comfort view, youtube, boot time and possibly radio.
      All fixed by flashing the AT&T H918 Konverged Kernel.

      Keep in mind this is a temporary fix until I get a full custom kernel made for our devices(or at least a way to make the screen work out of box that we can use on other kernel sources).

      To use this kernel on our phones you need to download the zip, Place on sd card, reboot to twrp, install the zip, wipe dalvik/cache then reboot.
      You WILL GET STATIC ON EVERY REBOOT!
      After the phone is booted put the screen to sleep by pressing the power button and cover your proximity sensor(so your 2nd screen turns off) then turn your screen back on. Your screen will work until reboot. If you reboot you will have the static again. Just follow the steps I just listed above to get the screen working again.
      --------
      Other Updates.
      I believe I have finally found a way to revert sprint devices sprint devices to unrooted stock. I will be testing the method on my phone in the next couple days.

      WooHoo!!!! I bricked attempting to revert!

      So heres an update for you guys. Reverting has been confirmed possible using KDZ files for your specific models. Confirmed working for KDZs are H915, VS995 and some others. I do Have a new v20. I am going to pull the stock sprint files tomorrow and see what I can do about making that work.
      39
      Nicely done Guys.

      @me2151(General)
      @glitschi667(General)
      @elliwigy(Ideas and testing)
      @Matt07211(Formatting this awesome guide and helping out with general stuffs)
      @1619415(Awesome Santa Pic at the top!)

      I am extremely happy that the V20 User Debug I invested in worked out!

      Enjoy everyone!!

      Cheers
      18
      It looks like quite a few people are getting confused about the steps they need to take, so I wrote up the steps I took to get my device rooted. @me2151 - if you want to add it to the OP, feel free to do so! I'm not trying to take anything away from the original instructions, but I decided to just type up the steps I took to try and make things easier for people.

      These instructions are for Windows users and are specific to the Sprint model (LS997). Others can follow them if they want, up to the point where I refer them back to the OP for other variants' instructions:

      1. Download and install ADB and fastboot and add them to your path (see here for instructions) then reboot the PC so the changes go into effect (and to refresh your system, because it is Windows after all ;))
      2. Download and install the LG USB drivers (do not connect the phone to the PC until after this is done!!)
      3. Download all of the files from the OP and put them somewhere easy, for the purposes of this tutorial, I will use C:\android
      4. Extract the contents of v20-root.zip to the base of your working directory but do not extract the other zip's!
      5. Install a terminal emulator onto your phone from the Play Store (see the OP for a great one to use).
      6. If you haven't already, enable Developer Mode on the phone (search to figure out how) and make sure that USB debugging is enabled.
      7. Reboot your phone for safe measure!
      8. After the phone is rebooted, connect it to the PC and wait for the drivers to finish installing...
      9. IMPORTANT: Browse to your phone via Windows Explorer, open the EXTERNAL SD Card and copy both LS997-deODEXd-signed.zip and SuperSU.zip to it.
      10. Open a command prompt as Administrator (this may not be needed, but UAC can be weird in Windows so I recommend it anyway) and navigate to C:\android
      11. From C:\android, type: adb devices and make sure it sees your device. If it does, then proceed. If not, then start over!!
      12. From C:\android, type: RUNMEFIRST.bat and press Enter. This will open another command prompt window. Don't close this window and just move it to the side.
      13. From C:\android, type: Step1.bat and press Enter. (You will see two "Operation not permitted messages. Just ignore them and continue.)
      14. After Step1.bat has finished, go to your phone and open Terminal Emulator...
      15. From the elsa:/$ prompt, type: id from your phone's keyboard and press Enter.
        *** Look for the words "untrusted_app" in the output. If you see them, them proceed. If not, start over from step 11!!
      16. From the elsa:/$ prompt, type: applypatch /system/bin/atd /storage/emulated/0/dirtysanta and press Enter.
        *** Watch the other command prompt window that opened from the earlier step. It will eventually tell you to run Step2.bat.
      17. From C:\android, type: Step2.bat and press Enter. If everything goes well, your phone will reboot into bootloader (it will look tiny).
      18. From C:\android, type: Step3.bat and press Enter. If everything goes well, your phone will reboot back into the system. Don't unlock the phone...
      19. From C:\android, type: adb reboot recovery and press Enter. If everything goes well, your phone will reboot to TWRP.
        *** You will see a message saying your phone is corrupt. Ignore this and DO NOT TOUCH THE DEVICE!! Also, it takes time for TWRP to load so be patient!!
      20. If everything goes well, your phone will eventually boot to TWRP (yaay!). Press Cancel on the password screen, then swipe to modify the system files.
      21. I recommend performing a backup at this point. If you don't know how to perform a backup in TWRP, then Google search is your friend! :)
        If you are running anything other than the Sprint model, STOP here and go back to the OP for your specific instructions!! If you are on Sprint, the continue:
      22. Go to Wipe > Advanced and put checks in the following: Dalvik, System, Data, Internal and Cache and then slide to Wipe. Repeat these steps three times!!
      23. Go back to the main menu, then Wipe > Format Data, type yes and press Enter. Do this three times as well!!
      24. Go back to the main menu, then Reboot > Reboot Recovery and reboot the device back to recovery again.
      25. Go to Install > locate the LS997-deODEXd-signed.zip you added to your External SD card earlier and flash it. Then flash SuperSU.zip the same way...
      26. Once both files have been successfully flashed, click Wipe Cache/Dalvik and then Reboot System
      27. If everything goes well, your phone will reboot.
        *** It takes a good 10-15 minutes for it to boot. It may appear to be frozen, but it's not!! Just let it boot!!!
      28. After the phone has booted, go through the setup process until you are back to the home screen...
      29. From C:\android, type: adb reboot bootloader and press Enter. This will boot the device back to the bootloader screen
      30. From C:\android, type: fastboot flash boot boot2.img and press Enter. Wait for it to say finished.
      31. From C:\android, type: fastboot reboot and press Enter. This will reboot the device. Wait for it to finish loading...
      32. From C:\android, type: adb reboot recovery and press Enter. This will reboot the device back to recovery. Again, this takes a long time!
      33. Once you are in recovery, re-flash SuperSU.zip again. When it's complete, click Wipe Dalvik/Cache and then click Reboot System.
      34. Wait for the phone to boot up. It will take another 10-15 minutes or so....
      If everything goes well, once the phone has finished booting, you will be fully rooted and ready to rock and roll!!
      15
      According to me2151's post that he is moving on to an Axon 7, I was hoping other developers might step in to continue the project.

      i Bought an Axon 7. That doesnt mean im leaving you guys. I got my replacement v20 today so ill be back in the game. I am going to attempt an alternate method of providing root but it WILL be much more involved than this current one. but if it work the it should work on dirtycow patched devices.

      Word of warning: Any sprint user who is on a version higher than ZV3 then DirtySanta will not work as they patched it.
    Our Apps
    Get our official app!
    The best way to access XDA on your phone
    Nav Gestures
    Add swipe gestures to any Android
    One Handed Mode
    Eases uses one hand with your phone