WARNING
- DO NOT LET YOUR PHONE REBOOT, OR POWER OFF UNTIL I TELL YOU THAT IS WHAT YOU NEED TO DO.
If you do, I am not sure what shape your phone will be in. - This should go without saying, but you MUST have your bootloader unlocked (check OEM UNLOCK in developer options AND fastboot oem unlock). If you don't, you will probably brick your phone.
- If you use this on any model G6 besides the H872, you will be stuck in a bootloop, and you will not be able to fix it since you will have wiped out download mode!
- This is safe if no mistakes are made (typos, missing a step, etc). However, if you do mess up, the risk is high that you lose download mode at best, or brick your phone at worst.
- If you deviate from this procedure, and think: "I can just skip a step, or I can do this on my own Linux install". Don't complain if you brick your phone.
PREREQUISITES:
- You must have a version of laf that has the COPY opcode.
Since none of the firmware available for the H872 has the COPY opcode, we have to use the H918 laf partition.
Grab the H918 10p KDZ: link to 10p KDZ - You need to be on 11g or above. Be aware, once you are on 11g+ you cannot downgrade to any versions prior to 11g due to anti-rollback.
You will need a copy of the KDZ that your phone is on. If you are not currently on 11g, upgrade before continuing.
For 11g : Link to 11g KDZ
For 11h : Link to 11h KDZ
For 20a : Link to 20a KDZ - We are going to flash this using the patched LG UP. There may be one that was patched specifically for the G6 -- don't use it,
it has NOT been tested. Grab the one for the V20: link
It MUST be installed in: C
rogram Files (x86)LG ElectronicsLGUP
You can't just unzip it anywhere and run it, it will not find the model file. - You need the H872 Unofficial 3.2.3 TWRP by @Eliminator74. 3.2.3 is included in the repo so that you know that you have the exact version.
If you decide to use any other version, you will brick your phone because the commands below are for this exact version! - You need to grab FWUL (version 2.7 or later) and burn it to a USB stick: link
Even if you have Linux, and you think you can install the dependencies, don't. I know this works from FWUL. - If you are rooting on 20a, you will need a Micro-SD card. Copy the TWRP 3.2.3 image and the latest Magisk zip to the SD card.
WARNING: Only applies if rooting while on 20a
Minor Encryption-related issues have occurred while testing 20a. If your data partition is encrypted, TWRP will NOT be able to decrypt it. Because of this, you will have to perform a wipe and format of your Data partition. Be sure to backup all data on your device prior to continuing by copying important files to an external SD card or using LG Mobile Switch to back it up.
PROCEDURE PART 1: Getting a working LAF onto your phone
By far this is the most dangerous part of this procedure.
- Boot to download mode
- In LG UP, choose partition DL.
- Pick the H918 10p KDZ
- Click start / ok
- When you will be given a list of partitions to flash, only check laf
- Click start / ok
- You will get a warning about additional modified partitions -- ignore it, and click OK.
- As a safety feature, LG UP will start flashing those modified partitions after laf completes flashing.
After the flash is initiated, pay close attention to the "step" and as soon as it changes from laf to another partition, PULL THE USB CABLE!
If you let it completely flash the H918 KDZ, your phone WILL reboot, and you WILL have a brick that can't be fixed.
You need to pay attention, but you also don't need to be sitting on pins and needles. You have quite a bit of time to pull the cable since system is one of the partitions that is flashed - Click OK and it will start flashing.
- Once laf is flashed, and you have pulled the USB cable, you can click exit, and then re-open LG UP.
- Choose partition DL again, and this time pick the H872 KDZ for the version your phone was on prior to flashing 10p (11g, 11h, or 20a)
- Select all partitions except laf. If you forget to uncheck laf, you will have to do this all over again.
- When it completes, it will reboot your phone.
- Go back into download mode. This time you will be running the H918 laf, and we can continue with PART 2
PROCEDURE PART 2: Installing TWRP
- Boot from your FWUL USB stick.
- Put your phone into download mode. With the phone powered off, hold vol up and plug in the USB cable. You do not need to touch the power button -- the phone will power on and enter download mode.
This will NOT look like normal download mode on the phone. All you will get is small box that says: "Download mode" -- this is normal. You will also not have ANY indication on the PHONE that it is being flashed. - Once booted, login. The password is: linux
- Double click the LG folder that is on the desktop
- Double click on LG LAF (runningnak3d) icon and you will be at a terminal prompt.
The following are the commands that you enter into that terminal. You can copy / paste them if you like.
Code:
git pull
git checkout h872-miscwrte
./step1.shat least flashing TWRP to the recovery partition. There is no button combination to get into laf (download mode), so if you only have TWRP on laf, then you will need a USB cable to get into recovery.
OPTIONAL:
If you don't know what to do with TWRP, and you just want to run rooted stock 11g, 11h or 20a, this is for you....
First boot into TWRP - with the phone off, hold vol up and plug in the USB cable.
PROCEDURE PART 3: Rooting and cleanup
Now that you are in TWRP:
Nougat (11g, 11h Users)
- ./step2.sh
Oreo (20a) Users
- Once in TWRP, click the “Wipe” button.
- Choose Advanced Wipe and select the Dalvik, Data and Cache options and Wipe. Do not reboot the phone.
- Go back to the main menu or main wipe screen
- Select “Format Data” and complete the format.
- Go back to the main menu and choose Install, and then Install Image.
- Flash the TWRP 3.2.3 image from external_sd to the RECOVERY partition. DO NOT Reboot to System.
- Go back to the main screen and attempt to reboot to Recovery.
- If you are able to reboot to recovery without any issues, you should now Install the Magisk zip from external_sd.
- After flashing Magisk, you may now reboot to system and Oreo should boot to the initial Android Setup screen.
- After booting to Oreo, make sure you enable installations from Unknown Sources in your Android Settings and install the latest Magisk Manager.
If Oreo boots to an "Encryption Unsuccessful" screen, you will need to format the Data partition again. Tap the reset button and it should boot to Recovery. Perform another wipe of cache/data/dalvik and go back to the Wipe screen and Format Data. Reboot system and you should boot to Oreo Normally.
To Restore Download Mode
20a - Flash @Eliminator74's Bootstock with LAF image using TWRP
11g - Flash @weakNPCdotCom's StockLAF image using TWRP
CREDITS:
- @KAsp3rd -- he risked his phone to make this happen. There were no guarantees that the H918 laf would boot and function.
- Lekensteyn -- His base work on the G2 / G3 gave me a GREAT headstart!
- @steadfasterX - He added some real nice features, great guy to bounce ideas off, and just testing crazy ideas because he wasn't afraid to brick his phone Also, for FWUL
- tuxuser - Helping with my lacking in Python
- @smitel - His original reverse engineering of LG UP. Great inspiration!
- @weakNPCdotCom - Testing/Help with H87220a (Oreo)
-- Brian
XDA:DevDB Information
lafsploit - H872, Tool/Utility for the T-Mobile LG G6
Contributors
runningnak3d, KAsp3rd, weakNPCdotCom
Source Code: http://gitlab.com/runningnak3d/lglaf
Version Information
Status: Testing
Created 2018-04-09
Last Updated 2018-10-09
Last edited:
