[ROOT] DirtySanta comes for the H990
- Thread starter emdroidle
- Start date
-
- Tags
- bootloader dirtysanta h990 root v20
I think this has been answered in the past. The crucial part is that Win Defender nowadays is powerful enough to detect the intend dirtysanta has for the bootloader; while of course lacking the context to recognize that this is intendet and wanted.
lenigma1too
Senior Member
Doniedogawa is completely right.
Nearly ALL root solutions 8nvolve using an exploit, that later down the road gets patched and uploaded to a kind of Centeral registry that most, if not all antivirus programs eventually get updated sources from.
That inevitably returns a false positive for us modders, Dev's, and root aficionados.
Unless it's a 0day exploit, and you don't have that specific exploit added to your "allowed to run" exceptions list, they pretty much Always return a trojan found flag.
If ur running Windows antivirus, you need to disable BOTH real time analysing and further down the list, disable protected folder access 8f your using this dirty Santa root solution.
Just remember to turn it back on when finished rooting
And if you're really worried, you can:
* disconnect your computer from the internet,
* turn off your antivirus and protected folder access,
* run the root solution
* then run a scan on your computer before reconnecting to the internet.
That way all your worries will be put to sleep before any information can be sent back and forth over the internet if you still have concerns
I personally have used this root solution on three different phones, and it works flawlessly, even though there's a LOT of steps! Lol!
Thanks for the explanation. I finally got it to work with the assistance!Doniedogawa is completely right.
Nearly ALL root solutions 8nvolve using an exploit, that later down the road gets patched and uploaded to a kind of Centeral registry that most, if not all antivirus programs eventually get updated sources from.
That inevitably returns a false positive for us modders, Dev's, and root aficionados.
Unless it's a 0day exploit, and you don't have that specific exploit added to your "allowed to run" exceptions list, they pretty much Always return a trojan found flag.
If ur running Windows antivirus, you need to disable BOTH real time analysing and further down the list, disable protected folder access 8f your using this dirty Santa root solution.
Just remember to turn it back on when finished rooting
And if you're really worried, you can:
* disconnect your computer from the internet,
* turn off your antivirus and protected folder access,
* run the root solution
* then run a scan on your computer before reconnecting to the internet.
That way all your worries will be put to sleep before any information can be sent back and forth over the internet if you still have concerns
I personally have used this root solution on three different phones, and it works flawlessly, even though there's a LOT of steps! Lol!
lenigma1too
Senior Member
Technically, it's a 4 or 5 year old exploit, that falls under the general moniker "Trojan".
It triggered a trojan virus detection, correct?
BUT, it's an exploit being used for a very specific reason - which virus checkers simply cannot differentiate between.
Many exploits can be used for malicious purposes, but that's just not the nature of the beast, by and large, here at XDA Forums!
As far as any antivirus software that I know about is concerned, they are very simple minded " If it walks like a duck, and quacks like a duck, it can only be a virus duck!"
analogy.To gain elevated privileges, AKA root, an exploit is needed, either in the OS, or even deeper - firmware (about the time when the first of the Sony Z series launched, nearly all the root solutions for Sony smartphones where a firmware exploit.
I believe the thank you goes to 2 XDA OG's Doomlord & Androxyde <- & he STILL maintains the flashtool.net site!
Sony patched that exploit when lollipop made its debuted!), & unless, as I said in the last long winded message, it's like an 0day exploit - a previously unknown exploit, or one without a known patch - antivirus will always trigger a false positive.
A couple points in closing.
First is XDA and its users, but I believe mostly the Dev's & XDA employ, do a remarkable job cleaning out all the actual malicious links and software, as well as pay for use software.
I think I've been an active member here close to 8 years, rooted DOZENS of phones, tinkered with a lot of scripts, mods & custom ROMs, and have yet to come across an actual malicious virus with ANY linked downloads.
Nothing is perfect, of course, but I think it's safe to say it's a safe bet you will never come across one ... Specially on a thread so heavily used as Dirty Santa.
If something was amiss, it would have been excised and patched properly years ago I'm positive.
XDA truly is a community of like minded, right to repair/mod/update/upgrade folks that 9nkybwant to share their knowledge, and many want to better their knowledge in one manner or another.
I hope this shine some light on how rooting works, and why known exploits nearly exclusively pop false positives.
Any other questions, don't hesitate, ok?
Most of us are rather friendly... If not long winded
I promise you, with any credibility I've earned here over the years, this is a safe exploit, and not a malicious chunk of code, hungry for data or cash
Ive used this very method of achieving
root a few times...3? Possibly 4x.
It takes a while, but it works!
He'll, I never thought my DS990 would EVER gain root, untill this Dev dropped the Dirty Santa flavor a month after all the other most popular V20 varieties already had theirs!
Hats off to @emdroidle !!
Cheers!
lenigma1too
Senior Member
I have a LG v20 h990ds. with an Android version 7.0 security patch level November 1, 2016.
I just can't get the bootloader to open.
After step 16. I have a red triangle: your system is no longer safe reboot...
I somehow got it to boot again but I can't get into the normal fastboot anymore.
How can I fix this?
I just can't get the bootloader to open.
After step 16. I have a red triangle: your system is no longer safe reboot...
I somehow got it to boot again but I can't get into the normal fastboot anymore.
How can I fix this?
Everything worked for h990n.
Two things confused me during install.
runing step 16
before accassing lineage recovery or TWRP loads common LG recovery and offers delete all user data.
This also confuses and creates impression TWRP or lineage recovery is not installed.
Two things confused me during install.
runing step 16
but this reboots to normal boot. It is broken after applying patch. Screen is completely purple. And I couldn't figure out that it is normal install is broken but not recovery boot.
before accassing lineage recovery or TWRP loads common LG recovery and offers delete all user data.
This also confuses and creates impression TWRP or lineage recovery is not installed.
Last edited:
Similar threads
- Poll
- Poll
Top Liked Posts
-
There are no posts matching your filters.
-
112Took a while to work things out, but DirtySanta has been successfully extended to international versions of the LGE V20.
While I have tried to ensure this works for anyone, this may fail. I also do not provide any warranty! The result of a failure could include voiding of warranty and hardware damage. This is also one of the most complicated rooting procedures due to SE Linux, we've been unable to simplify things.
Be careful! Many of these commands have a high probability of resulting in a brick if mistyped. Be prepared to have your V20 out of commission for a day or two while you ask questions about the state your phone has ended up in.
Also Don't Panic! If something starts going wrong, stop. Better to have your daily driver out of commission for 24 hours, than have it out of commission permanently.
As of this time there are some sporadic reports of problems. Some people have camera trouble. If a cause can be identified these will definitely get fixed ASAP. Work is well under way, experimental fixes for this are out.
As preparation, I would like folks to be familiar with LGUP/LGBridge and how to use them. Using LGUP is also how to get back to stock. On the H990DS Bluetooth is implemented via kernel module and the kernel module has to be loaded off /system, therefore there is no choice but to write to /system.
Beware: Once past14 LGUP will recognize your device as a US996. Do not flash a US996 KDZ file! Doing so will brick you. See below for instructions on going back to stock.
Devices
- H990DS (dual-SIM): Known working
- H990N (dual-SIM): Known working
- H990 (single-SIM): Known working
- H990* (other): ALPHA reports of success needed.
v0.2.4 includes patches for all of the recently discovered kernel issues. The kernel Bluetooth patch is included, but the are also userspace patches for a portion of "BlueBorne". The "Broadpwn" vulnerability has also been patched. Yet more 802.11 patches have been added over v0.2.3a, unfortunately the fix for the KRACK attack is in the userspace program "wpa_supplicant" not the kernel.
Alternative instructions:
By @ahlok_hk here
Rooting and full bootloader unlock for the H990 versions of the LGE V20:
- Ensure you have a backup plan: https://forum.xda-developers.com/v20/how-to/restore-v20-to-100-stock-bricked-devices-t3524903
- Backup your phone data. LG Bridge/LG Backup is pretty reliable, but I strongly advise backing up everything onto a desktop/laptop computer. If you backup to SD card, the SD card must not be encrypted! (failures will destroy the key and the data)
- Go to Settings -> General -> About phone -> Software info -> Android security patch level; if your phone is on an update after December 31, use LGUP to "refurbish" to an earlier firmware release (this will do a factory reset).
- Ensure you have ADB/Fastboot files installed and working: https://forum.xda-developers.com/showthread.php?t=2588979
This also requires developer mode -> USB debugging to be enabled.
- Ensure you have all relevant files prepared:
Installed backup plan.
Installed Terminal Emulator on device.
Downloaded DirtySanta's files and copied them to ADB directory.
Downloaded files, Put kernel and SU implementation (Magisk.zip and
SuperSU.zip work) into SD card; and TWRP into ADB directory.
Note: It may be necessary to temporarily disable anti-virus/anti-malware programs when unpacking the original DirtySanta. At least one has detected `dirtycow`/CVE-2016-5195 as malware (it can in fact act in that role).
- Using dirtysanta's steps: Run "RUNMEFIRST.bat" <-- Do not close.
- Run "step1.bat" <-- Wait until you can type something again.
- Type "run-as con" <-- If you get unknown package error, means your latest security patch patched it out; go back to step 3. LGUP should be able to downgrade you to an earlier firmware update.
- Type "chmod 0777 /storage/emulated/0/*"
- Open Terminal Emulator, Type "id"
- Look for something containing "untrusted_app". If not found, Start all over again. If found, continue.
- Type "applypatch /system/bin/atd /storage/emulated/0/dirtysanta" into Terminal Emulator
- Wait for RUNMEFIRST.bat console to prompt you to run step2.bat.
- Run "step2.bat"
- Save copies (put them somewhere safe where you'll remember them) of the files "abootbackup.img" and "bootbackup.img", which "step2.bat" saves in its directory, the latter is crucial in returning to stock.
- At a command prompt run the following commands, but make sure to wait at least 30 seconds between each. Do not skimp on that delay as otherwise the likelihood is this will fail (this is the most unreliable step in this process); waiting longer than 30 seconds is fine.
Of all steps this is by far the most unreliable! If you have problems at the end, most likely you'll need to get back to the bootloader (hold power-UP and then insert USB cable) and repeat this step.Code:fastboot flash recovery twrp-3.0.2-1-h990.img fastboot flash recovery twrp-3.0.2-1-h990.img fastboot reboot
- Boot in to TWRP.
Press and hold volume DOWN; press and hold power until the LG logo comes up, then briefly release power (0.5-1.0sec) and then hold power again. If you fail to get this right the first time, you will likely need to pull the battery out and start from power off.
You will then be prompted "Delete all user data (including LG and carrier apps) and reset all settings?"
Select "Yes" twice, and as long as TWRP installation was successful you'll get into TWRP and NO RESET will be done.
Inside TWRP flash "h990-kernel.zip" and then flash SU implementation (Magisk.zip or
SuperSU.zip). At this point the process should be complete. There won't be static on boot, you'll have root and nothing else should have changed.
If your phone's userdata got locked, there may be a need to wipe cache and data to regain access.
During all subsequent boots a red triangle with a warning about your device being corrupt will show up. The only method to remove that would be to get my kernel signed by LGE and I'm rather doubtful that will ever happen. Only thing we can do is to call it a badge of honor.
There is now a tool for writing KDZ files to phones. This is recommended in order to get up to date on security patches.
Going back to stock:
As with those whole rooting procedure, this is hazardous. Be careful, go slow and don't rush things.
Method 1a: (TWRP, strongly preferred!)
- Boot into TWRP (DOWN + Power with a brief release during LG logo).
- Copy the file "abootbackup.img" from your archive to your phone (adb push abootbackup.img /). This is the file you should have saved from step 15 above.
- Run `adb shell` and type (or copy&paste) the following commands:
Code:dd if=abootbackup.img of=/dev/block/bootdevice/by-name/aboot sync sleep 30 sync - Get into Download mode. Power off phone from TWRP. Press and hold UP, then power phone on (no need to hold power).
- Load the appropriate KDZ file onto your phone via LGUP.
Method 1b: (TWRP, with file from another source)
This is simply a tweak of the above resulting from recalling there is a backup of aboot already on the phone itself.
- Boot into TWRP (DOWN + Power with a brief release during LG logo).
- Run `adb shell` and type (or copy&paste) the following commands:
Code:dd if=/dev/block/bootdevice/by-name/abootback of=/dev/block/bootdevice/by-name/aboot sync sleep 30 sync - Get into Download mode. Power off phone from TWRP. Press and hold UP, then power phone on (no need to hold power).
- Load the appropriate KDZ file onto your phone via LGUP.
Method 2: (fastboot)
Danger! This method is not recommended, except as an emergency fallback. Writes done via `fastboot flash` have be demonstrated to unreliable. This works if TWRP is unavailable, but avoid if possible.
Rescue from going back to stock problems:
Apparently it is possible to enable extra features in LGUP, documented in this thread. If you're forced to use approach back to stock approach v2, here is a method to rescue you. This may even have the potential to function as an alternative DirtySanta installation approach. This even works as a full back to stock method by itself! Thanks to @Prowler_gr for sharing!
Technical discussion
If you're not planning to build your own kernel and aren't curious about how things work, no need to read these long details.
Thanks and warning:
This is near certain to void your warranty. While care has been taken to reduce the chance of producing a brick, there are no guarantees.
Thanks to:
@me2151 the original DirtySanta bootloader, crucial for this to work
@thubble for figuring out the last bit of the modem fix and (successful) guinea pig #2
@exadeci (successful) guinea pig #1
@Xenogenics helping others, posting some reasonable instructions
@USA-RedDragon for making everyone aware of LineageOS's source tree
A copy of the source tree used for building these is here. Two small hacks are used during the actual build process, this is an exact copy of what is built.
News:
v0.2.2: The kernel portion of BlueBorne is patched. Unfortunately there is apparently a userspace portion as well. Broadpwn (Wifi vulnerability) is patched.
v0.2.3: Adding the driver for the S5K2P7 camera sensor, seems LGE needs to work on their updates since they're required to release source for this updated driver, but haven't. This fixes the camera focus issue observed on some devices.
v0.2.3a: The internal fix-h990-cmdline utility was adjusted due to the quirk with single-SIM devices. This should make the dual-SIM menus disappear from single-SIM devices.
v0.2.4: Yet more 802.11 patches have been added (KRACK is in wpa_supplicant on /system, not the kernel). A tentative fix for the video recording issue has been found. There are distinct downsides to the fix, but at least something working is available
H990* Generic Kernel v0.2.4:
MD5: 5c37b2fa01417874fa6e4456a333792d
SHA1: 79033bad078991180b6f308c99527ef4cd6e1379
SHA512: c2167602edd93e7bab76e7e89093e2ebb1670163ccb812ec327b03d98931c57566a3ab565e81ca4b7de142771f22e6723f291df0c5cad82982a24d5da18b5011
H990* Generic Kernel v0.2.3a:
MD5: b9cd4c750e9bc8627d07243f7e4c3c82
SHA1: e16f348e11e765651564922823b9e38f27c41976
SHA512: 1965bec516d6b886aa283b24906a6bec1c3e8a9b39f1efd5f57c00eaa222940d3cc2420cee83712f47c17e0b397ab1b1d7254c5c43d40ca016e06630206f5505
H990* Generic Kernel v0.2.3:
MD5: fb32e04ec9f5f2fd21bf226db722947c
SHA1: e7ab1533106e0d11075e21b097629be307123879
SHA512: 0c58586c1a8a678d644912d2dd64d970cd0614a8c85bfaae787d1970b16bd03306bd3189f9b07ace80d0f9f9072fc7b6efbd4556da0b09d4ad205922b35aedd9
H990* Generic Kernel v0.2.2:
MD5: f85de33a3354973920b6ffc7baeb7d62
SHA1: 2a9dd897fd44efa13be0f4d2e17ef90ba896b399
SHA512: 3f4e8110b68ae58b38f3abc50d3633df9b45bf4a68120e37ea3934e78b659514d20a2ddbe2d35a30a23b9ed6285c47cacacd43676da82d678201e79748e57c8b
H990* Generic Kernel v0.2.1:
MD5: d08807bc5f3e14fbbcbadbf7013988d0
SHA1: 3b1871c974fe06a6125a47200dc0e35b12a20abc
SHA512: 6d84c27f5752b1313157bbebb917683ce37384032b3d72afc15fa3679839da325a1fdb0824aca28dda2d95161d0e4a0ec343e4e1f35fd0b3700e156d4d60f03f
Alternative kernel builds:
I'm carefully releasing source of my kernel builds (above) and others are welcome to build kernels modified to their preferences. They can also target any kernel issues they find and fix.
@jahlex has the "D.O.T.S." kernel here. This is built from stock LGE and targets camera issues. Due to being closer to LGE's source it may well provide some better hardware support.
@Leicxan has successfully built a werewolf derived kernel, here. For a number of people this works better.26
Btw, @emdroidle I noticed the phone connect to the cellular network is fater than before, with your latest modem code.
Edit: 20171026
1. My unofficial Werewolf kernel download from here
2. My self-build kernel, just test on my H990N, and I don't use extand-sdcard, so can't test the exfat module, and I don't have much time for maintenance it, even this phone is not my daily use one. I build this kernel is just for my hobbit. Someone report they get a kernel crash after the lg logo appear.
Be careful before you flash it!
Download Link
Here
Source Code: https://github.com/guaibao1101/h990x-msm-3.18
Thanks to emdroidle mention me in OP25OK guys, I think I got it. Working on my H990DS root and focus working with s5k2p7 sensor.
This is nothing more than the v0.2 kernel of emdroidle + s5k2p7 drivers.
Need some beta testers here, just use this kernel instead of emdroidle's.
EDIT : updated v0.2b with texfat
EDIT 2 : updated v0.2d with cam & power drivers from LS99717Hi guys,
Here is a modified version of @emdroidle's 0.2.3a updated with all cam drivers from stock v10g. iI fixes video freeze issue.
===> h990-kernel-0.2.3b-jahlex.zip (14.33 MB)
EDIT : and a brand new kernel I built based on v10g stock sources. Currently running on my H990DS. Need some beta testers here.
===> LGH990-stock-jahlex-0.1.zip (14.15 MB)17Hi,
Without big hope, I requested LGE, a while ago, to release the last sources for H990 and H990DS... and they just did. http://opensource.lge.com/osSch/list?types=ALL&search=H990
What I was thinking about camera drivers is confirmed. See attached screenshot.
@emdroidle : hope it will help in solving the remaining issues.
I will try to have a look on my side if I find some time (difficult at the moment).
