[ROOT] HOWTO: AT&T H910 up to v20g (FULLY TESTED)

Search This thread

runningnak3d

Recognized Developer
Nov 10, 2010
2,649
7,222
Largo
***WARNING***
This is ONLY for the H910. If you flash H915 firmware on an H918 -- you WILL brick it.​

If you are currently on Oreo, you can root your phone, but you CAN NOT keep Oreo - for now. This will downgrade you back to Nougat, which is rootable.

I know this is a long post, but this is also a complicated root procedure. Please read the ENTIRE post before starting.
Also, if you run into a problem, please use the search thread box to see if your problem has already been addressed. It will save having to ask the same questions over and over.

If you want to restore to stock v10q after rooting, you can use this: link.

Standard disclaimer: There are no guarantees in life. No part of this should brick your phone, but if it does somehow, that is on you.

This should work on any H910 version, up to v20g, that is no longer rootable by DirtySanta (IE: dirtycow has been patched). It has been tested on 10m to 20g

  • Make sure that you have an SD card that has at least 8 gigs of free space. It CAN NOT be formatted FAT, or FAT32. It needs to be exFat or ext4, otherwise the zip won't fit (2 gig file limit on FAT and FAT32).
  • Make sure you have a working adb environment. I use Linux so hopefully this is a good resource. If not, you will have to Google this yourself: link.
  • Make sure that you have a working WiFi connection. Part of this process involves installing a terminal emulator. Since the phone will have no signal at that time, you use WiFi, or you can side load.
  • Download the H915 v10e KDZ: H91510e_00_VTR_CA_OP_1205.kdz.
    - WARNING: Do not use any newer H915 firmware, as they all have dirtycow patched (v10p, v10q), and I do not know if they increment ARB.
    - If they do increment ARB, then you will be stuck with a phone that can't be rooted, and you can't fix the modem! You have been warned.
  • Download the patched LG UP from this thread: link.
  • Make sure you install it in C:\Program Files (x86)\LG Electronics\LGUP or it will either read the wrong model file (if you had a previous installation of LG UP), or it will not be able to find the model file at all.
  • Put your phone into download mode (power off / hold vol. up / plug in USB cable)
  • Use LG UP to dump your phone. When you run it, there will be additional radio buttons.
    - Pick the one that says DUMP and click Start. You will be asked what partitions to dump, click the "select all" checkbox, and then you can uncheck userdata.
    - This is an OPTIONAL but HIGHLY recommended step. It is a good idea to have a full backup of your phone, but with this new procedure, this is no longer needed.
  • When it is finished, click the PARTITION DL radio button, pick the H915 v10e KDZ that you downloaded above, and click start. Make sure all partitions are checked.
  • Once it is complete, your phone should reboot into a nice new (old) Freedom Mobile ROM (complete the setup), and you may not have signal.
    - If you are on AT&T I understand that you will, but T-Mobile does not. Either way, this is normal.
  • Before continuing, make sure that you enable developer mode, and enable USB debugging. Also, make sure that your PC is authorized (plug the phone in and touch always allow, and then OK).
  • Also go ahead and download a terminal emulator -- NOT Termux. I recommend good old "Terminal Emulator for Andorid" -- the first thing that pops up if you search for "terminal"
  • Download this modified (by modified, I mean it contains all the extras needed to make this work) DirtySanta root package: link.
    - Extract this somewhere that you can run adb and fastboot from.
    - Check the SHA hash: 88a3a0f90c66a486807da3e69e9fb0a08c779efe
  • Download the v10r firmware + boot + system here: link (sorry - no time to dump and package 10v)
    - Check the SHA hash: 5451146030393e490dcfba3558b620badefe75cd
    - This includes v1.0 of the mk2000 kernel
  • Copy the zip, to your SD card, and insert it in the phone.
    - Alternatively, you can use adb to push the zip to your phone while in TWRP. This is NOT supported.
    - I switched to having people flash from SD card because too many people were having problems with adb.
    - If you want, try it, if it doesn't work, don't ask for help -- use the SD card method!
Open two command windows. In each one change to the directory that you extracted the root package.

In the first one execute:
Code:
adb logcat -s dirtysanta

Then in the second one execute:
Code:
STEP1.BAT

Wait till you get a prompt back then type (or copy / paste):
Code:
run-as con
chmod 0777 /storage/emulated/0/*

Now open up your terminal emulator on your phone and type:
Code:
applypatch /system/bin/atd /storage/emulated/0/dirtysanta

Watch the window that has logcat running. When it says to run step 2, execute:
Code:
STEP2.BAT

Once fastboot comes up -- it will be a really small red font that says, FASTBOOT MODE. Once that is up, execute:
Code:
STEP3.BAT
This is flashing TWRP and the WW 2.0 kernel onto your phone. The phone will reboot once they are flashed.
When it reboots, you will get a very nasty looking warning about the fact that your phone has been compromised and will not boot.
This is due to running the engineering aboot and is normal -- don't panic your phone will boot. You will see this every time the phone reboots.

At this point, you have H915v10e and TWRP. You can now boot into TWRP so that we can flash the H910 firmware back onto the phone:
If you have re-enabled developer mode, and enabled USB debugging, and have your phone connected, you can execute the following in a command window:
Code:
adb reboot recovery

Otherwise just pull the battery, put the battery back in, hold vol down + power till the LG logo appears. Release power, and then immediately press and hold it again until you get to a screen that asks if you want to factory reset your phone. Say yes twice and it will take you into TWRP. If the phone had the stock recovery, it would do a factory reset -- however, since you now have TWRP, that is what you are taken to instead. This is a key combination that is embedded into the bootloader that tells it to execute recovery - in this case TWRP. Hope that clears up some confusion as to why you get a screen asking you to factory reset your phone...

Now that you are in TWRP you need to do a couple of things:

  • Format data. Wipe -> Format data. It will ask you to type "yes". If you don't do this, you will be prompted to enter a passcode, and will have 30 tries. If that happens, just boot back to TWRP and do this step again.
  • Wipe cache / dalvik cache
  • Flash the zip. Choose "Install" and browse to your SD card, and select the h910-10r.zip file. When complete hit the home button.
  • Now, format data again for good measure....

Once the second format completes you can reboot your phone, and it will be just like you got it fresh off the factory floor, except it will have TWRP.
No part of the H915 firmware is left on the phone. The only things that are not 100% stock v10r firmware are ABOOT (it is the US996 engineering aboot that is unlocked. It also gives the nasty warning on boot), BOOT (it is the 10q kernel with a few patches added by @askermk2000 - KCAL, Adreno idler, etc), and of course RECOVERY (TWRP).

It takes a little while for the first boot -- be patient. It should NOT take longer than 10 minutes. If it does, something went wrong. Boot back to TWRP and try flashing the 10r zip again.

Now that you have a phone with TWRP, feel free to download whatever root method you would like (SuperSU or Magisk).



Old, unsupported ROMs will NOT work with the 10p, 10q or 10r firmware.
If you want to run NATF or WETA (or any old, unsupported ROM that you find floating around these forums) you will need to flash the older 10m firmware: here.
SHA: 1007dedb6e935b0bea1e25f28e39ccb8e69f9694
This is JUST the firmware! It has no kernel, or system. You MUST flash a 10m or earlier ROM or your phone will not boot. If you forget, you can always boot back to TWRP and try again.
The newer kernel should work, but I have not tested it with the older firmware. If it doesn't grab the WW2.0 kernel, it works fine with 10m.


For the latest kernel, please visit @askermk2000's thread: here

Do NOT flash firmware for the H918 -- it will brick your phone. Firmware for the other models won't work, but they won't brick your phone.

Feel free to ask away if any of this doesn't make sense. I really hope that isn't the case now :)

Most of all -- have fun. That is what this is supposed to be about!


Again, If you want to restore to stock v10q, you can use this: link.

Serious credits go out to:
@me2151 for DirtySanta. Please visit his original thread and hit the thanks button.
@smitel for Reversing LG UP and figuring out how unlock lab mode. No partition dl, no root on the new firmware. Again, hit the thanks button.
@Prowler_gr for patching LG UP for the V20 not to mention finding that thread. I never go into the G5 forums, so I would have never seen it. AGAIN -- hit that thanks button.
@USA-RedDragon for his Werewolf kernel. I know I sure like not having static on boot. Most people get the ability to hit thanks 6 or 7 times a day -- be sure to use up one more.
@askermk2000 For the new 10q kernel. Dude doesn't even have a V20 and jumped in to help out.

Seriously, these guys are the real devs, and the ones that have left the V20 scene are missed...

-- Brian
 
Last edited:

runningnak3d

Recognized Developer
Nov 10, 2010
2,649
7,222
Largo
FAQ:

Q1: If I revert to stock will AT&T know that I rooted my phone?
A1: Nope. Unlike Samsung phones (at least older ones, I don't know about current ones), there is no KNOX style indicator that shows how many times a phone has been flashed.

Q2: Do we have to flash ALL of the H915 firmware, that seems like a waste?
A2: You would be correct -- it is a waste, but I am going to need more time to test and make sure that only the XBL and ABOOT need to be flashed AND that doesn't break trusted boot. As I have stated, the H910 and H915 have the same PBL. I ran my phone with the H915 XBL, with the rest of the firmware being H910 and I don't have a brick -- but I did it manually and not though LG UP. When I feel like wiping my phone again, I will test this.

Q3: Can any other variants be rooted with this method?
A3: Maybe. I was able to get the patched LG UP to recognize a KDZ that I modified, and it let me flash. My next step is to completely roll my own KDZ. If that works, then ANY LG phone will be rootable simply by flashing a KDZ.
A3: YES! It turns out that the LS997 is able to use the VS995 KDZ. I have written up a post on the procedure.

Q4: If that works, and you can roll your own KDZ, can you get around ARB?
A4: I believe so. Now that we have the ability to take a dump of an unmodified / stock / out of the box phone, we could dump the XBL (this is what updates ARB), and package that up with an older ABOOT. I am mainly talking about H918s here, since all other V20s work with the engineering ABOOT. But it will also apply if AT&T ever increments ARB on the H910.
Nope, there is no getting around ARB. Once a particular ARB version is blown into your QFPROM, you *MUST* use a boot stack that has that ARB version, and that is basically the entire firmware except for boot, recovery, laf and system.

Q5: Will the AM&FM Radio still work
A5: Yes.

Q6: Why are my boot times longer after rooting?
A6: In order to unlock the bootloader, an engineering aboot had to be used, and a lot of additional data is generated on boot.

Q7: Can I return my phone to stock?
A7: This was addressed in the post above, but I will address it again. Yes. For the link, see the post above.
 
Last edited:

ps3hacker3

Senior Member
Apr 15, 2013
542
136
I am Definitely missing something here, I cant for the life of me get the h915 firmware to flash using lgup

It just states kdz file is invalid.
H910 -> h915

Confirmed im attempting to use the patched lgup as well
 

runningnak3d

Recognized Developer
Nov 10, 2010
2,649
7,222
Largo
It is definitely not reading the modified model file. You must have had another version installed. You need to uninstall / delete any other model dll files you have installed.
 
  • Like
Reactions: Sadistic_Loser

ps3hacker3

Senior Member
Apr 15, 2013
542
136
It would appear that i dont have lgup installed correctly (not at all in this case) to begin with

Let me do a little digging to figure out lgup.

Not entirely sure how i did a full dump with it not even installed but alright

---------- Post added at 09:10 PM ---------- Previous post was at 08:51 PM ----------

Just to confirm for 100% sure that we are supposed to be ticking the upgrade option and not the option for partition dl that is mentioned in the patched lgup thread correct?

I simply cannot get passed invalid kdz and have confirmed numerous times now that there is only one dll in the lgup folder

Path to the lgup exe that i have replaced with the above patched executable from the other thread
C:\Program Files (x86)\LG Electronics\LGUP\LGUP.exe

Path to the dll folder that i placed there as well along with a LOG folder directly above it
C:\Program Files (x86)\LG Electronics\LGUP\model\common\LGUP_common.dll

The log folder consists of a folder by this name here LG-H910 (my current device)

There is nothing else in the model folder at all except for the two mentions above

If lgup is somehow reading from another directory outside of where i launched the exe, I have zero clue as i have searched lgup to no availability.
 

runningnak3d

Recognized Developer
Nov 10, 2010
2,649
7,222
Largo
And that is why I wanted to write this up as I did it :)

You are correct. Choose partition dl, and make sure all partitions are selected.

After that, the rest of the instructions should be correct.
 
  • Like
Reactions: Saad Luqman

ps3hacker3

Senior Member
Apr 15, 2013
542
136
And that is why I wanted to write this up as I did it :)

You are correct. Choose partition dl, and make sure all partitions are selected.

After that, the rest of the instructions should be correct.

I have ran out of time tonight to muck around with it but have definitely rendered it bootlooping currently (stuck at second lg logo is more accurate)

Not entirely sure what i did wrong, was able to get into twrp a couple times as well trying to continue the steps
 

runningnak3d

Recognized Developer
Nov 10, 2010
2,649
7,222
Largo
Since you have TWRP installed, you can fix whatever is wrong.

Unfortunately, whatever you did wrong was within the DirtySanta root procedure, and that would have gone wrong even with H910 firmware with the Dec. 2016 sec patch.

You are going to have to provide some more details.
 

ps3hacker3

Senior Member
Apr 15, 2013
542
136
It booted successfully after the h915 flash and I made it all the way up to step three before it was bricked under the dirty Santa method and have been attempting to recover it since.. I can't get lg up to recognize it any longer as of now

---------- Post added at 01:37 PM ---------- Previous post was at 01:27 PM ----------

Scratch that somehow i got it booted, I was stuffing around it twrp and flashed the natf with a factory reset and it is now static booting which I'll have to fix once I grab that kernel
 

jreed3786

Senior Member
Sep 28, 2008
886
248
44
Rockford, IL
WARNING: This is ONLY for H910. If you flash H915 firmware on an H918 -- you WILL brick it. I am not sure about other variants, but cross flashing firmware is HIGHLY risky. I only found out this was safe because I got myself in a situation where I had nothing to lose, so I tried it.

Since I have had quite a few people ask me via PM for the procedure, I figured it was time to make a post. I really wanted to wait till I got my H910 back from LG so I could type this up as I do it again (yes this has been tested) to make sure that I don't miss a step. I am 99% sure that I didn't, but even if I did, the worst that is going to happen is that you get an error or have to start again.

Standard disclaimer -- there are no guarantees in life. No part of this should brick your phone, but if it does somehow, that is on you.

This should work on any version that is no longer rootable by DirtySanta (IE: dirtycow has been patched), but it has only been tested on v10m (Sec. patch April 2017).

The H910 and H915 have the same PBL (Primary Boot Loader), so it is safe to flash H915 firmware on H910 hardware.

  • Make sure you have a working adb environment. I use Linux so hopefully this is a good resource. If not, you will have to Google this yourself: link.
  • Download the H915 v10e KDZ: H91510e_00_VTR_CA_OP_1205.kdz. WARNING: Do not use any newer H915 firmware, as they all have dirtycow patched (v10p, v10q), and I do not know if they increment ARB. If they do increment ARB, then you will be stuck with a phone that can't be rooted, and you can't fix the modem! You have been warned.
  • Download the patched LG UP from this thread: link.
  • Make sure you install it in C:\Program Files (x86)\LG Electronics\LGUP or it will either read the wrong model file (if you had a previous installation of LG UP), or it will not be able to find the model file at all.
  • Put your phone into download mode (power off / hold vol. up / plug in USB cable)
  • Use LG UP to dump your phone. When you run it, there will be additional radio buttons. Pick the one that says DUMP and click Start.
  • When it is finished, click the PARTITION DL radio button, pick the H915 v10e KDZ that you downloaded above, and click start. Make sure all partitions are selected.
  • Once it is complete, your phone should reboot into a nice new (old) Freedom Mobile ROM, and you will have no signal. This is normal.
  • You are now safe to root your phone following the standard DirtySanta procedure: link. You can ignore the part where it says that you can't go back to stock. As soon as my phone comes back from LG, I will be posting a zip that you can flash that will completely return you to stock v10m.

OK, so now you are rooted, and have TWRP. Now I am guessing you would like to actually be able to use your phone to make calls / send texts / surf porn read XDA, so you need a working modem...

The following you will do from a command prompt:

  • adb reboot recovery
  • adb push X:\path\modem_COMYY /sdcard/
Where X:\path is the path that you saved the dump from your phone, and YY is the COM port number. For example, if Windows detected your phone as COM11, then the file will be named: modem_COM11

  • adb shell
  • cd /sdcard
  • dd if=modem_COMYY of=/dev/block/bootdevice/by-name/modem
  • exit
  • adb reboot

When your phone reboots you should have a rooted H910 with Freedom Mobile v10e ROM and phone / data functional.
At this point, you are free to flash any ROM that is for the H910. I use NATF, but some prefer WETA. I am not including links since you should really go find a ROM you like yourself.

As I stated at the beginning of this post, my phone is in the shop and I don't have a full dump of v10m. When it gets back, I will make a zip that will flash all the pertinent partitions with our v10m firmware so that we have nice, updated phones. I will also post a zip that will flash ALL the v10m partitions and take you back to exactly where you are now in case you want to return to stock for some reason.

Feel free to ask away if any of this doesn't make sense

-- Brian

GOD BLESS YOU! I needed this today! Will try later!
 

ps3hacker3

Senior Member
Apr 15, 2013
542
136
Passing along an update of progress, currently still having trouble with this.

Current status is it is static screen booting currently.

I also have no signal and your steps for flashing the modem work just fine to what it appears to from the commands lines (everything goes through correctly) but upon booting shortly after i am greeted with a blue screen saying subsystem crash : modem

Yes i did use the dumps from the very first step and they appeared to have flashed back correctly.

Lgup will not recognize the phone from everything i have tried to recover it at this time either

Edit: when it comes to the step where you have to type this here below
dd if=modem_COM5 of=/dev/block/bootdevice/by-name/modem

Is the portion from this line where it states "by-name" correct?
Com5 is correct as that is the name of my file when i pulled it from the device
 
Last edited:

jreed3786

Senior Member
Sep 28, 2008
886
248
44
Rockford, IL
Stuck on step 5 of Dirty Santa on an H910. Went back and redid steps 3-5 and it's still just sitting on LG logo. Any ideas???? I know I followed the instructions verbatim!!
 

daw41

Senior Member
May 16, 2014
626
188
Stuck on step 5 of Dirty Santa on an H910. Went back and redid steps 3-5 and it's still just sitting on LG logo. Any ideas???? I know I followed the instructions verbatim!!
Have you tried this
It has come to my attention that some users have encountered abnormally long first boot time(over 20 minutes before first time setup)
To resolve this issue:
Boot into bootloader by pulling the battery and reinserting it and holding VOL- and phugging in the phone. then typing:
Code:
fastboot flash boot bootbackup.img
fastboot reboot

Sent from my LG-H910 using Tapatalk
 

ps3hacker3

Senior Member
Apr 15, 2013
542
136
Is there a method to getting back to full stock 10m on the h910 for now until i can get this sorted out.

Ive tried flashing the backed up modem i have multiple times at this point and cannot get signal back after following this method here to the letter.

I do have access to twrp but cannot get access to lgup at all no matter whether it is in fastboot mode/recovery/usb debugging/etc etc etc
 
  • Like
Reactions: jreed3786

Jerry SQ

Senior Member
Jan 12, 2015
56
19
Sir, i accdientally KDZ my H910 to F800K. I managed to make the call, mess function again by flashing US996 modem file but now my phone can't connect to any mobile network when data switch on. I mean i can call and receive call from other people, send and receive mess too. Could you kindly teach me how to fix this???? I can KDZ to US996 rom but it end up in bootloop (i can get into the rom, but after a few second it will reboot itself). In US996 rom, my phone functioning normal, no problem at all, but the bootloop happen so, sir. Help me, please
 

daw41

Senior Member
May 16, 2014
626
188
SURE have. This is for the Verizon variant. I have AT&T. No such path found. I too, just need the modem to work. I tried a few workarounds...

SO, either a fix for the bootloop on the LG logo, or a flashable H910 modem so I can use my phone.
So if you're at step 5 you should have TWRP manually reboot into TWRP and Flash a ROM like natf or weta should fix your issue

Sent from my LG-H910 using Tapatalk
 

Jerry SQ

Senior Member
Jan 12, 2015
56
19
Yes sir...it should, but I still get error about modem, even when flashing WETA and rebooting. Any easier way to flash the H910 modem?

Sir, i can make the phone call and mess work again but the mobile data i nowhere to be found. At least you can make phone call and send text. You can try by flashing US996 modem file, the signal will come back but without 4g,3g or whatsoever.
 

jreed3786

Senior Member
Sep 28, 2008
886
248
44
Rockford, IL
Sir, i can make the phone call and mess work again but the mobile data i nowhere to be found. At least you can make phone call and send text. You can try by flashing US996 modem file, the signal will come back but without 4g,3g or whatsoever.

There's no way to flash or find an H910 modem file? Why is this? Just wondering.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 86
    ***WARNING***
    This is ONLY for the H910. If you flash H915 firmware on an H918 -- you WILL brick it.​

    If you are currently on Oreo, you can root your phone, but you CAN NOT keep Oreo - for now. This will downgrade you back to Nougat, which is rootable.

    I know this is a long post, but this is also a complicated root procedure. Please read the ENTIRE post before starting.
    Also, if you run into a problem, please use the search thread box to see if your problem has already been addressed. It will save having to ask the same questions over and over.

    If you want to restore to stock v10q after rooting, you can use this: link.

    Standard disclaimer: There are no guarantees in life. No part of this should brick your phone, but if it does somehow, that is on you.

    This should work on any H910 version, up to v20g, that is no longer rootable by DirtySanta (IE: dirtycow has been patched). It has been tested on 10m to 20g

    • Make sure that you have an SD card that has at least 8 gigs of free space. It CAN NOT be formatted FAT, or FAT32. It needs to be exFat or ext4, otherwise the zip won't fit (2 gig file limit on FAT and FAT32).
    • Make sure you have a working adb environment. I use Linux so hopefully this is a good resource. If not, you will have to Google this yourself: link.
    • Make sure that you have a working WiFi connection. Part of this process involves installing a terminal emulator. Since the phone will have no signal at that time, you use WiFi, or you can side load.
    • Download the H915 v10e KDZ: H91510e_00_VTR_CA_OP_1205.kdz.
      - WARNING: Do not use any newer H915 firmware, as they all have dirtycow patched (v10p, v10q), and I do not know if they increment ARB.
      - If they do increment ARB, then you will be stuck with a phone that can't be rooted, and you can't fix the modem! You have been warned.
    • Download the patched LG UP from this thread: link.
    • Make sure you install it in C:\Program Files (x86)\LG Electronics\LGUP or it will either read the wrong model file (if you had a previous installation of LG UP), or it will not be able to find the model file at all.
    • Put your phone into download mode (power off / hold vol. up / plug in USB cable)
    • Use LG UP to dump your phone. When you run it, there will be additional radio buttons.
      - Pick the one that says DUMP and click Start. You will be asked what partitions to dump, click the "select all" checkbox, and then you can uncheck userdata.
      - This is an OPTIONAL but HIGHLY recommended step. It is a good idea to have a full backup of your phone, but with this new procedure, this is no longer needed.
    • When it is finished, click the PARTITION DL radio button, pick the H915 v10e KDZ that you downloaded above, and click start. Make sure all partitions are checked.
    • Once it is complete, your phone should reboot into a nice new (old) Freedom Mobile ROM (complete the setup), and you may not have signal.
      - If you are on AT&T I understand that you will, but T-Mobile does not. Either way, this is normal.
    • Before continuing, make sure that you enable developer mode, and enable USB debugging. Also, make sure that your PC is authorized (plug the phone in and touch always allow, and then OK).
    • Also go ahead and download a terminal emulator -- NOT Termux. I recommend good old "Terminal Emulator for Andorid" -- the first thing that pops up if you search for "terminal"
    • Download this modified (by modified, I mean it contains all the extras needed to make this work) DirtySanta root package: link.
      - Extract this somewhere that you can run adb and fastboot from.
      - Check the SHA hash: 88a3a0f90c66a486807da3e69e9fb0a08c779efe
    • Download the v10r firmware + boot + system here: link (sorry - no time to dump and package 10v)
      - Check the SHA hash: 5451146030393e490dcfba3558b620badefe75cd
      - This includes v1.0 of the mk2000 kernel
    • Copy the zip, to your SD card, and insert it in the phone.
      - Alternatively, you can use adb to push the zip to your phone while in TWRP. This is NOT supported.
      - I switched to having people flash from SD card because too many people were having problems with adb.
      - If you want, try it, if it doesn't work, don't ask for help -- use the SD card method!
    Open two command windows. In each one change to the directory that you extracted the root package.

    In the first one execute:
    Code:
    adb logcat -s dirtysanta

    Then in the second one execute:
    Code:
    STEP1.BAT

    Wait till you get a prompt back then type (or copy / paste):
    Code:
    run-as con
    chmod 0777 /storage/emulated/0/*

    Now open up your terminal emulator on your phone and type:
    Code:
    applypatch /system/bin/atd /storage/emulated/0/dirtysanta

    Watch the window that has logcat running. When it says to run step 2, execute:
    Code:
    STEP2.BAT

    Once fastboot comes up -- it will be a really small red font that says, FASTBOOT MODE. Once that is up, execute:
    Code:
    STEP3.BAT
    This is flashing TWRP and the WW 2.0 kernel onto your phone. The phone will reboot once they are flashed.
    When it reboots, you will get a very nasty looking warning about the fact that your phone has been compromised and will not boot.
    This is due to running the engineering aboot and is normal -- don't panic your phone will boot. You will see this every time the phone reboots.

    At this point, you have H915v10e and TWRP. You can now boot into TWRP so that we can flash the H910 firmware back onto the phone:
    If you have re-enabled developer mode, and enabled USB debugging, and have your phone connected, you can execute the following in a command window:
    Code:
    adb reboot recovery

    Otherwise just pull the battery, put the battery back in, hold vol down + power till the LG logo appears. Release power, and then immediately press and hold it again until you get to a screen that asks if you want to factory reset your phone. Say yes twice and it will take you into TWRP. If the phone had the stock recovery, it would do a factory reset -- however, since you now have TWRP, that is what you are taken to instead. This is a key combination that is embedded into the bootloader that tells it to execute recovery - in this case TWRP. Hope that clears up some confusion as to why you get a screen asking you to factory reset your phone...

    Now that you are in TWRP you need to do a couple of things:

    • Format data. Wipe -> Format data. It will ask you to type "yes". If you don't do this, you will be prompted to enter a passcode, and will have 30 tries. If that happens, just boot back to TWRP and do this step again.
    • Wipe cache / dalvik cache
    • Flash the zip. Choose "Install" and browse to your SD card, and select the h910-10r.zip file. When complete hit the home button.
    • Now, format data again for good measure....

    Once the second format completes you can reboot your phone, and it will be just like you got it fresh off the factory floor, except it will have TWRP.
    No part of the H915 firmware is left on the phone. The only things that are not 100% stock v10r firmware are ABOOT (it is the US996 engineering aboot that is unlocked. It also gives the nasty warning on boot), BOOT (it is the 10q kernel with a few patches added by @askermk2000 - KCAL, Adreno idler, etc), and of course RECOVERY (TWRP).

    It takes a little while for the first boot -- be patient. It should NOT take longer than 10 minutes. If it does, something went wrong. Boot back to TWRP and try flashing the 10r zip again.

    Now that you have a phone with TWRP, feel free to download whatever root method you would like (SuperSU or Magisk).



    Old, unsupported ROMs will NOT work with the 10p, 10q or 10r firmware.
    If you want to run NATF or WETA (or any old, unsupported ROM that you find floating around these forums) you will need to flash the older 10m firmware: here.
    SHA: 1007dedb6e935b0bea1e25f28e39ccb8e69f9694
    This is JUST the firmware! It has no kernel, or system. You MUST flash a 10m or earlier ROM or your phone will not boot. If you forget, you can always boot back to TWRP and try again.
    The newer kernel should work, but I have not tested it with the older firmware. If it doesn't grab the WW2.0 kernel, it works fine with 10m.


    For the latest kernel, please visit @askermk2000's thread: here

    Do NOT flash firmware for the H918 -- it will brick your phone. Firmware for the other models won't work, but they won't brick your phone.

    Feel free to ask away if any of this doesn't make sense. I really hope that isn't the case now :)

    Most of all -- have fun. That is what this is supposed to be about!


    Again, If you want to restore to stock v10q, you can use this: link.

    Serious credits go out to:
    @me2151 for DirtySanta. Please visit his original thread and hit the thanks button.
    @smitel for Reversing LG UP and figuring out how unlock lab mode. No partition dl, no root on the new firmware. Again, hit the thanks button.
    @Prowler_gr for patching LG UP for the V20 not to mention finding that thread. I never go into the G5 forums, so I would have never seen it. AGAIN -- hit that thanks button.
    @USA-RedDragon for his Werewolf kernel. I know I sure like not having static on boot. Most people get the ability to hit thanks 6 or 7 times a day -- be sure to use up one more.
    @askermk2000 For the new 10q kernel. Dude doesn't even have a V20 and jumped in to help out.

    Seriously, these guys are the real devs, and the ones that have left the V20 scene are missed...

    -- Brian
    8
    FAQ:

    Q1: If I revert to stock will AT&T know that I rooted my phone?
    A1: Nope. Unlike Samsung phones (at least older ones, I don't know about current ones), there is no KNOX style indicator that shows how many times a phone has been flashed.

    Q2: Do we have to flash ALL of the H915 firmware, that seems like a waste?
    A2: You would be correct -- it is a waste, but I am going to need more time to test and make sure that only the XBL and ABOOT need to be flashed AND that doesn't break trusted boot. As I have stated, the H910 and H915 have the same PBL. I ran my phone with the H915 XBL, with the rest of the firmware being H910 and I don't have a brick -- but I did it manually and not though LG UP. When I feel like wiping my phone again, I will test this.

    Q3: Can any other variants be rooted with this method?
    A3: Maybe. I was able to get the patched LG UP to recognize a KDZ that I modified, and it let me flash. My next step is to completely roll my own KDZ. If that works, then ANY LG phone will be rootable simply by flashing a KDZ.
    A3: YES! It turns out that the LS997 is able to use the VS995 KDZ. I have written up a post on the procedure.

    Q4: If that works, and you can roll your own KDZ, can you get around ARB?
    A4: I believe so. Now that we have the ability to take a dump of an unmodified / stock / out of the box phone, we could dump the XBL (this is what updates ARB), and package that up with an older ABOOT. I am mainly talking about H918s here, since all other V20s work with the engineering ABOOT. But it will also apply if AT&T ever increments ARB on the H910.
    Nope, there is no getting around ARB. Once a particular ARB version is blown into your QFPROM, you *MUST* use a boot stack that has that ARB version, and that is basically the entire firmware except for boot, recovery, laf and system.

    Q5: Will the AM&FM Radio still work
    A5: Yes.

    Q6: Why are my boot times longer after rooting?
    A6: In order to unlock the bootloader, an engineering aboot had to be used, and a lot of additional data is generated on boot.

    Q7: Can I return my phone to stock?
    A7: This was addressed in the post above, but I will address it again. Yes. For the link, see the post above.
    5
    Jerry SQ to the rescure, follow these steps to fix signal and data (h910 only):
    1 Dowload US99610f.kdz and F800K10e.kdz firmware, LGUP with patch in the first post
    2 KDZ F800K10e.kdz, partition dl, tick select all, wait for it to boot into rom, install TWRP with dirtysanta steps, boot into TWRP, then select reboot, select bootloader (or using adb, your choice, but the bootloader need to be unlocked)
    3 type these codes in booloader
    fastboot erase modemst1
    fastboot erase modemst2
    4 wait till it done, don't rebooted the phone yet, instead, pull the batterry out, get back to TWRP by hardware button
    5 format your rom, reboot back to TWRP, wipe Cache, System, internall storage, then poweroff the phone
    6 get in dowload mode, KDZ US996 firmware, partition dl, tick select all, boot into rom, if it stuck somewhere, factory reset might do the trick
    7 when it boot up, it will get bootloop after you get in the setup screen (i don't know it'll happen to you, but for me it'll bootloop)
    8 pull battery out, get in dowload mode, KDZ F800K firmware, partition dl, TICK MANUALLY EVERY THING EXEPT BOOT, MODEM, ABOOT, ABOOTBAK
    9 when it done, you will have signal, data mobile again, if you like, you can use F800K firmware or you can follow dirtysanta steps and install any rom you like
    5
    @runningnak3d could you update the link from DirtySanta root package?

    all the root files for this thread are in my AFH (in my signature) the root package is here >> https://androidfilehost.com/?fid=1322778262903990218
    4
    Kernel with some features

    Ok :)

    This one is a bit more experimental. I've looked at some patches from Werewolf and D.O.T.S Kernel, and picked a few compatible ones that looked rather straight forward without risk of complications.

    So we have:
    KCAL - the one that started it all.
    Adreno Idler - Battery savings.
    Disable software CRC checking of SD Card - More performance.
    Remove temperature polling - Battery savings.
    Reduce DSI status check - Battery savings.
    Fixed USB erratic behavior with some chargers.
    Static Screen fixed.
    RCTD removed.

    ^^Let's hope it works :) Would welcome feedback.
    If it works nicely I'll make one for H918 as well.

    --removed-- Look here!