[ROOT] HOWTO: AT&T H910 up to v20g (FULLY TESTED)

Search This thread

baugen55

Member
Oct 17, 2022
38
3
seems to me the OP might take the trouble to update broken links but all the files needed are still available it seems.
 
Last edited:

baugen55

Member
Oct 17, 2022
38
3
.. and hopefully it is the same archive/does the same thing.. (referring to the OS package, the big file. but after you get twrp maybe you can do something else like Lineage os?
 

baugen55

Member
Oct 17, 2022
38
3
OP: Download the v10r firmware + boot + system here: link that link is dead.
And the one I provided seems to have partition dumps but not firmware. So it seems another 910 version must be used and an archive found. OR not.. I'm a complete newbie but kdz files only work in LGUP don't they..
 
Last edited:

baugen55

Member
Oct 17, 2022
38
3
I almost bricked my phone by a silly mistake (was doing other things also): step3.bat pointed at a US996 twrp file that was not on the sd card. Got as far as getting 915 on my 910 ATT phone but wrong/messed up boot sector - quite close to bricking it probably. No other way forward now than 910 twrp file, and then i don't know, would like to go straight for Lineage 18. I find the ATT bloat annoying, would rather have US996 but LGUP now sees the phone as unknown.
 

leaforte

New member
Apr 23, 2014
2
1
LG V20
Moto G Stylus
This worked great for me to root my H910 ATT. It was even locked by LG to ATT because I messed up the ten chances to enter pin and got it permanently locked. But that didn't matter with this. The trouble I was having was that defender on my computer was not allowing the dirty Santa file to download, but was letting the root package download without it but wasn't notifying me. So I tried over and over and kept hitting road blocks and not getting results I was supposed to. Once I figured out the problem, and assured my files were all in the correct directory, everything went exactly as it was supposed to. Thank you.
 

juanlopera

Member
Feb 8, 2009
49
10
Many thanks for this guide, i follow it and works well... Sadly after that i lost Network signal, No GSM, SMS text or LTE...Wifi, NFC, Bluetooth works well (i use phone outside USA, bought it unlocked in Ebay ending 2021, works well here in my country, and when root it look itself), any clue or how could recover to SIM unlock state?, i backup all partitions in LGUP but i cannot find how to use, any help its really apreciatted, many thanks!
 

Darnrain1

Senior Member
Jan 2, 2018
936
305
USA
Many thanks for this guide, i follow it and works well... Sadly after that i lost Network signal, No GSM, SMS text or LTE...Wifi, NFC, Bluetooth works well (i use phone outside USA, bought it unlocked in Ebay ending 2021, works well here in my country, and when root it look itself), any clue or how could recover to SIM unlock state?, i backup all partitions in LGUP but i cannot find how to use, any help its really apreciatted, many thanks!

Sounds like you just need to restore your EFS to get LTE working again.

Manually reinstall your EFS on the Lgv20.
You need to find your Original DUMP of the rom your Lgv20 phone was on, before you downgraded your firmware for rooting.
Note: COM6 is what ever com port you were using at the time.

With the phone powered off, hold the down vol and plug in usb to computer.

fastboot flash fsg fsg_COM6 fastboot flash misc misc_COM6 fastboot flash modemst1 modemst1_COM6 fastboot flash modemst2 modemst2_COM6 fastboot reboot
 

juanlopera

Member
Feb 8, 2009
49
10
Sounds like you just need to restore your EFS to get LTE working again.

Manually reinstall your EFS on the Lgv20.
You need to find your Original DUMP of the rom your Lgv20 phone was on, before you downgraded your firmware for rooting.
Note: COM6 is what ever com port you were using at the time.

With the phone powered off, hold the down vol and plug in usb to computer.

fastboot flash fsg fsg_COM6 fastboot flash misc misc_COM6 fastboot flash modemst1 modemst1_COM6 fastboot flash modemst2 modemst2_COM6 fastboot reboot

Update: Sadly, remain locked, fastboot all commands without any wrong output, but at restart, remain locked (tried with two different operator sim cards), maybe i'm a no lucky man, at least could leave it for spare parts, 'cause its a second V20 (i love this phone, have another but Dual Sim), maybe look for a ATT's unlock service, but well... i prefer a rooted phone to play with it... again Many thx to @Darnrain1 for the kind support and great mods too, also to all V20 Supporters in this forum... greetings from Colombia!

1675353349192.png


Many Thanks for your kindly and clear response, i'll try tomorrow when back to my home, and touch you about results... i hope also test your LemonDrop Mod when we have my phone running... again many thx for your help, and greetings from Medellín Colombia!
 

Attachments

  • 1675352591989.png
    1675352591989.png
    101.4 KB · Views: 8
  • 1675352612990.png
    1675352612990.png
    101.4 KB · Views: 9
Last edited:
  • Like
Reactions: Darnrain1

gkhaller

New member
Feb 11, 2023
1
0
Greetings all,

I'm stuck. I'm reading through the whole thread for answers but if any of you heros know the solution, I'd be happy to buy you a couple coffees for your trouble.

I've been following along with the youtube video tutorial above
I started with H91010I
I did make a full backup.
I got as far as using LGUP to push H91510e_00_VTR_CA_OP_1205.kdz.
Followed every step perfectly. No weirdness to report.

After the install completed, phone rebooted, LG startup screen and.... nothing. It sits on the LG startup screen indefinitely.

Does anyone know how I can progress or roll back?
I've got the backup files, but not sure how to get them back on there.
 

Gammazero

New member
Feb 15, 2023
1
0
Wanted to double check before I gave up. Am I correct based on the [L] at the end of my software version that I can not root my phone or am I mistaken? I know I'm super late to the party so thanks in advance for any response.
 

Attachments

  • 326543214_743271777121079_8025763446472921657_n.jpg
    326543214_743271777121079_8025763446472921657_n.jpg
    111.9 KB · Views: 21

Darnrain1

Senior Member
Jan 2, 2018
936
305
USA
  • Like
Reactions: Charcaroth

Catena70

Member
Sep 28, 2014
19
1
54
Brindisi
FAQ:

Q1
: If I revert to stock will AT&T know that I rooted my phone?
A1: Nope. Unlike Samsung phones (at least older ones, I don't know about current ones), there is no KNOX style indicator that shows how many times a phone has been flashed.

Q2: Do we have to flash ALL of the H915 firmware, that seems like a waste?
A2: You would be correct -- it is a waste, but I am going to need more time to test and make sure that only the XBL and ABOOT need to be flashed AND that doesn't break trusted boot. As I have stated, the H910 and H915 have the same PBL. I ran my phone with the H915 XBL, with the rest of the firmware being H910 and I don't have a brick -- but I did it manually and not though LG UP. When I feel like wiping my phone again, I will test this.

Q3: Can any other variants be rooted with this method?
A3: Maybe. I was able to get the patched LG UP to recognize a KDZ that I modified, and it let me flash. My next step is to completely roll my own KDZ. If that works, then ANY LG phone will be rootable simply by flashing a KDZ.
A3: YES! It turns out that the LS997 is able to use the VS995 KDZ. I have written up a post on the procedure.

Q4: If that works, and you can roll your own KDZ, can you get around ARB?
A4: I believe so. Now that we have the ability to take a dump of an unmodified / stock / out of the box phone, we could dump the XBL (this is what updates ARB), and package that up with an older ABOOT. I am mainly talking about H918s here, since all other V20s work with the engineering ABOOT. But it will also apply if AT&T ever increments ARB on the H910.
Nope, there is no getting around ARB. Once a particular ARB version is blown into your QFPROM, you *MUST* use a boot stack that has that ARB version, and that is basically the entire firmware except for boot, recovery, laf and system.

Q5: Will the AM&FM Radio still work
A5: Yes.

Q6: Why are my boot times longer after rooting?
A6: In order to unlock the bootloader, an engineering aboot had to be used, and a lot of additional data is generated on boot.

Q7: Can I return my phone to stock?
A7: This was addressed in the post above, but I will address it again. Yes. For the link, see the post above.
Good evening, I'm trying to root my LG V20 H910.
I'm not clear where it says:
Wait until you get a prompt back then type (or copy / paste):
Codes:
run-as with
chmod 0777 /storage/emulated/0/*

I wonder how it should be typed in the prompt:
1. All merged into one line?
2. Two separate commands?
3. Typed in other ways… ?

Thanks to anyone who can give me a hand. Greetings
 

dextructor

Senior Member
Aug 21, 2007
331
120
I'm trying to root my LG V20 H910
Well I don't have the H910, but usually almost all DirtySanta exploits are the same (or similar enough).

I'll assume that you have successfully downgraded your H910 to an exploitable H915 v10e KDZ as per instructions on the OP, the drivers, folders and everything else are ready to go, including the copied necessary files to the SDCard

According to this video starting at 28:10 you should type this (run-as with
chmod 0777 /storage/emulated/0/*) on the cmd running STEP1.bat, but I didn't did this step. I used this other video as a visual guide at 4:30 with the files for my H990 and everything worked as expected.

So I hope that you take time to watch both videos, because they explained very well the process that was made by our members here on XDA, take notes, follow everything and you'll have your H910 unlocked very soon.
 

Catena70

Member
Sep 28, 2014
19
1
54
Brindisi
Well I don't have the H910, but usually almost all DirtySanta exploits are the same (or similar enough).

I'll assume that you have successfully downgraded your H910 to an exploitable H915 v10e KDZ as per instructions on the OP, the drivers, folders and everything else are ready to go, including the copied necessary files to the SDCard

According to this video starting at 28:10 you should type this (run-as with
chmod 0777 /storage/emulated/0/*) on the cmd running STEP1.bat, but I didn't did this step. I used this other video as a visual guide at 4:30 with the files for my H990 and everything worked as expected.

So I hope that you take time to watch both videos, because they explained very well the process that was made by our members here on XDA, take notes, follow everything and you'll have your H910 unlocked very soon.
Thanks a lot for the answer.
I am recovering the necessary files from different sites as the some links on the site
https://xdaforums.com/t/root-howto-at-t-h910-up-to-v20g-fully-tested.3664500 /
are no longer active.
In particular I miss:

1. The modified DirtySanta root package (I have one recovered from the site
https://xdaforums.com/t/ls997-vs995-h910-f800l-dirtysanta-bootloader-unlock-and-root-guide.3519410/
but I don't know if it works)

2. The v10r firmware + boot + system: H910_10R_FULL_STOCK.ZIP

Can you help me download them?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 86
    ***WARNING***
    This is ONLY for the H910. If you flash H915 firmware on an H918 -- you WILL brick it.​

    If you are currently on Oreo, you can root your phone, but you CAN NOT keep Oreo - for now. This will downgrade you back to Nougat, which is rootable.

    I know this is a long post, but this is also a complicated root procedure. Please read the ENTIRE post before starting.
    Also, if you run into a problem, please use the search thread box to see if your problem has already been addressed. It will save having to ask the same questions over and over.

    If you want to restore to stock v10q after rooting, you can use this: link.

    Standard disclaimer: There are no guarantees in life. No part of this should brick your phone, but if it does somehow, that is on you.

    This should work on any H910 version, up to v20g, that is no longer rootable by DirtySanta (IE: dirtycow has been patched). It has been tested on 10m to 20g

    • Make sure that you have an SD card that has at least 8 gigs of free space. It CAN NOT be formatted FAT, or FAT32. It needs to be exFat or ext4, otherwise the zip won't fit (2 gig file limit on FAT and FAT32).
    • Make sure you have a working adb environment. I use Linux so hopefully this is a good resource. If not, you will have to Google this yourself: link.
    • Make sure that you have a working WiFi connection. Part of this process involves installing a terminal emulator. Since the phone will have no signal at that time, you use WiFi, or you can side load.
    • Download the H915 v10e KDZ: H91510e_00_VTR_CA_OP_1205.kdz.
      - WARNING: Do not use any newer H915 firmware, as they all have dirtycow patched (v10p, v10q), and I do not know if they increment ARB.
      - If they do increment ARB, then you will be stuck with a phone that can't be rooted, and you can't fix the modem! You have been warned.
    • Download the patched LG UP from this thread: link.
    • Make sure you install it in C:\Program Files (x86)\LG Electronics\LGUP or it will either read the wrong model file (if you had a previous installation of LG UP), or it will not be able to find the model file at all.
    • Put your phone into download mode (power off / hold vol. up / plug in USB cable)
    • Use LG UP to dump your phone. When you run it, there will be additional radio buttons.
      - Pick the one that says DUMP and click Start. You will be asked what partitions to dump, click the "select all" checkbox, and then you can uncheck userdata.
      - This is an OPTIONAL but HIGHLY recommended step. It is a good idea to have a full backup of your phone, but with this new procedure, this is no longer needed.
    • When it is finished, click the PARTITION DL radio button, pick the H915 v10e KDZ that you downloaded above, and click start. Make sure all partitions are checked.
    • Once it is complete, your phone should reboot into a nice new (old) Freedom Mobile ROM (complete the setup), and you may not have signal.
      - If you are on AT&T I understand that you will, but T-Mobile does not. Either way, this is normal.
    • Before continuing, make sure that you enable developer mode, and enable USB debugging. Also, make sure that your PC is authorized (plug the phone in and touch always allow, and then OK).
    • Also go ahead and download a terminal emulator -- NOT Termux. I recommend good old "Terminal Emulator for Andorid" -- the first thing that pops up if you search for "terminal"
    • Download this modified (by modified, I mean it contains all the extras needed to make this work) DirtySanta root package: link.
      - Extract this somewhere that you can run adb and fastboot from.
      - Check the SHA hash: 88a3a0f90c66a486807da3e69e9fb0a08c779efe
    • Download the v10r firmware + boot + system here: link (sorry - no time to dump and package 10v)
      - Check the SHA hash: 5451146030393e490dcfba3558b620badefe75cd
      - This includes v1.0 of the mk2000 kernel
    • Copy the zip, to your SD card, and insert it in the phone.
      - Alternatively, you can use adb to push the zip to your phone while in TWRP. This is NOT supported.
      - I switched to having people flash from SD card because too many people were having problems with adb.
      - If you want, try it, if it doesn't work, don't ask for help -- use the SD card method!
    Open two command windows. In each one change to the directory that you extracted the root package.

    In the first one execute:
    Code:
    adb logcat -s dirtysanta

    Then in the second one execute:
    Code:
    STEP1.BAT

    Wait till you get a prompt back then type (or copy / paste):
    Code:
    run-as con
    chmod 0777 /storage/emulated/0/*

    Now open up your terminal emulator on your phone and type:
    Code:
    applypatch /system/bin/atd /storage/emulated/0/dirtysanta

    Watch the window that has logcat running. When it says to run step 2, execute:
    Code:
    STEP2.BAT

    Once fastboot comes up -- it will be a really small red font that says, FASTBOOT MODE. Once that is up, execute:
    Code:
    STEP3.BAT
    This is flashing TWRP and the WW 2.0 kernel onto your phone. The phone will reboot once they are flashed.
    When it reboots, you will get a very nasty looking warning about the fact that your phone has been compromised and will not boot.
    This is due to running the engineering aboot and is normal -- don't panic your phone will boot. You will see this every time the phone reboots.

    At this point, you have H915v10e and TWRP. You can now boot into TWRP so that we can flash the H910 firmware back onto the phone:
    If you have re-enabled developer mode, and enabled USB debugging, and have your phone connected, you can execute the following in a command window:
    Code:
    adb reboot recovery

    Otherwise just pull the battery, put the battery back in, hold vol down + power till the LG logo appears. Release power, and then immediately press and hold it again until you get to a screen that asks if you want to factory reset your phone. Say yes twice and it will take you into TWRP. If the phone had the stock recovery, it would do a factory reset -- however, since you now have TWRP, that is what you are taken to instead. This is a key combination that is embedded into the bootloader that tells it to execute recovery - in this case TWRP. Hope that clears up some confusion as to why you get a screen asking you to factory reset your phone...

    Now that you are in TWRP you need to do a couple of things:

    • Format data. Wipe -> Format data. It will ask you to type "yes". If you don't do this, you will be prompted to enter a passcode, and will have 30 tries. If that happens, just boot back to TWRP and do this step again.
    • Wipe cache / dalvik cache
    • Flash the zip. Choose "Install" and browse to your SD card, and select the h910-10r.zip file. When complete hit the home button.
    • Now, format data again for good measure....

    Once the second format completes you can reboot your phone, and it will be just like you got it fresh off the factory floor, except it will have TWRP.
    No part of the H915 firmware is left on the phone. The only things that are not 100% stock v10r firmware are ABOOT (it is the US996 engineering aboot that is unlocked. It also gives the nasty warning on boot), BOOT (it is the 10q kernel with a few patches added by @askermk2000 - KCAL, Adreno idler, etc), and of course RECOVERY (TWRP).

    It takes a little while for the first boot -- be patient. It should NOT take longer than 10 minutes. If it does, something went wrong. Boot back to TWRP and try flashing the 10r zip again.

    Now that you have a phone with TWRP, feel free to download whatever root method you would like (SuperSU or Magisk).



    Old, unsupported ROMs will NOT work with the 10p, 10q or 10r firmware.
    If you want to run NATF or WETA (or any old, unsupported ROM that you find floating around these forums) you will need to flash the older 10m firmware: here.
    SHA: 1007dedb6e935b0bea1e25f28e39ccb8e69f9694
    This is JUST the firmware! It has no kernel, or system. You MUST flash a 10m or earlier ROM or your phone will not boot. If you forget, you can always boot back to TWRP and try again.
    The newer kernel should work, but I have not tested it with the older firmware. If it doesn't grab the WW2.0 kernel, it works fine with 10m.


    For the latest kernel, please visit @askermk2000's thread: here

    Do NOT flash firmware for the H918 -- it will brick your phone. Firmware for the other models won't work, but they won't brick your phone.

    Feel free to ask away if any of this doesn't make sense. I really hope that isn't the case now :)

    Most of all -- have fun. That is what this is supposed to be about!


    Again, If you want to restore to stock v10q, you can use this: link.

    Serious credits go out to:
    @me2151 for DirtySanta. Please visit his original thread and hit the thanks button.
    @smitel for Reversing LG UP and figuring out how unlock lab mode. No partition dl, no root on the new firmware. Again, hit the thanks button.
    @Prowler_gr for patching LG UP for the V20 not to mention finding that thread. I never go into the G5 forums, so I would have never seen it. AGAIN -- hit that thanks button.
    @USA-RedDragon for his Werewolf kernel. I know I sure like not having static on boot. Most people get the ability to hit thanks 6 or 7 times a day -- be sure to use up one more.
    @askermk2000 For the new 10q kernel. Dude doesn't even have a V20 and jumped in to help out.

    Seriously, these guys are the real devs, and the ones that have left the V20 scene are missed...

    -- Brian
    8
    FAQ:

    Q1: If I revert to stock will AT&T know that I rooted my phone?
    A1: Nope. Unlike Samsung phones (at least older ones, I don't know about current ones), there is no KNOX style indicator that shows how many times a phone has been flashed.

    Q2: Do we have to flash ALL of the H915 firmware, that seems like a waste?
    A2: You would be correct -- it is a waste, but I am going to need more time to test and make sure that only the XBL and ABOOT need to be flashed AND that doesn't break trusted boot. As I have stated, the H910 and H915 have the same PBL. I ran my phone with the H915 XBL, with the rest of the firmware being H910 and I don't have a brick -- but I did it manually and not though LG UP. When I feel like wiping my phone again, I will test this.

    Q3: Can any other variants be rooted with this method?
    A3: Maybe. I was able to get the patched LG UP to recognize a KDZ that I modified, and it let me flash. My next step is to completely roll my own KDZ. If that works, then ANY LG phone will be rootable simply by flashing a KDZ.
    A3: YES! It turns out that the LS997 is able to use the VS995 KDZ. I have written up a post on the procedure.

    Q4: If that works, and you can roll your own KDZ, can you get around ARB?
    A4: I believe so. Now that we have the ability to take a dump of an unmodified / stock / out of the box phone, we could dump the XBL (this is what updates ARB), and package that up with an older ABOOT. I am mainly talking about H918s here, since all other V20s work with the engineering ABOOT. But it will also apply if AT&T ever increments ARB on the H910.
    Nope, there is no getting around ARB. Once a particular ARB version is blown into your QFPROM, you *MUST* use a boot stack that has that ARB version, and that is basically the entire firmware except for boot, recovery, laf and system.

    Q5: Will the AM&FM Radio still work
    A5: Yes.

    Q6: Why are my boot times longer after rooting?
    A6: In order to unlock the bootloader, an engineering aboot had to be used, and a lot of additional data is generated on boot.

    Q7: Can I return my phone to stock?
    A7: This was addressed in the post above, but I will address it again. Yes. For the link, see the post above.
    5
    Jerry SQ to the rescure, follow these steps to fix signal and data (h910 only):
    1 Dowload US99610f.kdz and F800K10e.kdz firmware, LGUP with patch in the first post
    2 KDZ F800K10e.kdz, partition dl, tick select all, wait for it to boot into rom, install TWRP with dirtysanta steps, boot into TWRP, then select reboot, select bootloader (or using adb, your choice, but the bootloader need to be unlocked)
    3 type these codes in booloader
    fastboot erase modemst1
    fastboot erase modemst2
    4 wait till it done, don't rebooted the phone yet, instead, pull the batterry out, get back to TWRP by hardware button
    5 format your rom, reboot back to TWRP, wipe Cache, System, internall storage, then poweroff the phone
    6 get in dowload mode, KDZ US996 firmware, partition dl, tick select all, boot into rom, if it stuck somewhere, factory reset might do the trick
    7 when it boot up, it will get bootloop after you get in the setup screen (i don't know it'll happen to you, but for me it'll bootloop)
    8 pull battery out, get in dowload mode, KDZ F800K firmware, partition dl, TICK MANUALLY EVERY THING EXEPT BOOT, MODEM, ABOOT, ABOOTBAK
    9 when it done, you will have signal, data mobile again, if you like, you can use F800K firmware or you can follow dirtysanta steps and install any rom you like
    5
    @runningnak3d could you update the link from DirtySanta root package?

    all the root files for this thread are in my AFH (in my signature) the root package is here >> https://androidfilehost.com/?fid=1322778262903990218
    4
    Kernel with some features

    Ok :)

    This one is a bit more experimental. I've looked at some patches from Werewolf and D.O.T.S Kernel, and picked a few compatible ones that looked rather straight forward without risk of complications.

    So we have:
    KCAL - the one that started it all.
    Adreno Idler - Battery savings.
    Disable software CRC checking of SD Card - More performance.
    Remove temperature polling - Battery savings.
    Reduce DSI status check - Battery savings.
    Fixed USB erratic behavior with some chargers.
    Static Screen fixed.
    RCTD removed.

    ^^Let's hope it works :) Would welcome feedback.
    If it works nicely I'll make one for H918 as well.

    --removed-- Look here!