Rooting the ls997 (oreo) - request

[Samted69]

Is there any progress or hopes on rooting the ls997 running Oreo?
My device was unlocked for any carrier but after the Oreo update it has been relocked and I can't seem to find a way around it.
Rooting seems to be my best bet now. Plus I need to delete some super annoying Sprint apps.

 

[Mysticblaze347]

Is there any progress or hopes on rooting the ls997 running Oreo?
My device was unlocked for any carrier but after the Oreo update it has been relocked and I can't seem to find a way around it.
Rooting seems to be my best bet now. Plus I need to delete some super annoying Sprint apps.

I would say if you mean official Oreo, than no.

Anything after ZV7 atm is not rootable. Especially Oreo. Nougat might still have a chance. But Oreo is the nail in the coffin, if not the final nail. I personally am rooted on ZV7 and I can't even find an Oreo based ROM to run and try for LS997. Sprint's Kdz lockdown is my guess.

Carrier unlocked is sadly not going to allow root either unless somehow able to fully swap internal thoughts and memories of phone with another carrier. Even if able, it a slim chance if any.

 

[zeusofyork]

I would say if you mean official Oreo, than no.

Anything after ZV7 atm is not rootable. Especially Oreo. Nougat might still have a chance. But Oreo is the nail in the coffin, if not the final nail. I personally am rooted on ZV7 and I can't even find an Oreo based ROM to run and try for LS997. Sprint's Kdz lockdown is my guess.

Carrier unlocked is sadly not going to allow root either unless somehow able to fully swap internal thoughts and memories of phone with another carrier. Even if able, it a slim chance if any.

You ever find anywhere else with a zv7? The one you linked got snatched up...?. I gotta make a dump for i95swervin and maybe he'll make a version of Alpha Oreo for LS997. I might be responsible for your lack of an Oreo ROM ?

---------- Post added at 12:03 PM ---------- Previous post was at 11:52 AM ----------

I would say if you mean official Oreo, than no.

Anything after ZV7 atm is not rootable. Especially Oreo. Nougat might still have a chance. But Oreo is the nail in the coffin, if not the final nail. I personally am rooted on ZV7 and I can't even find an Oreo based ROM to run and try for LS997. Sprint's Kdz lockdown is my guess.

Carrier unlocked is sadly not going to allow root either unless somehow able to fully swap internal thoughts and memories of phone with another carrier. Even if able, it a slim chance if any.

We should start a bounty thread???

 

[cnjax]

You ever find anywhere else with a zv7? The one you linked got snatched up...?. I gotta make a dump for i95swervin and maybe he'll make a version of Alpha Oreo for LS997. I might be responsible for your lack of an Oreo ROM ?

---------- Post added at 12:03 PM ---------- Previous post was at 11:52 AM ----------


We should start a bounty thread???

A bounty thread would be useless, most of the devs have moved on and runningnak3d has already stated root for 997 is a lost cause. If root is very important to you, then you should move onto another device

Sent from my LG-H910 using XDA Labs

 

[Mysticblaze347]

You ever find anywhere else with a zv7? The one you linked got snatched up.... I gotta make a dump for i95swervin and maybe he'll make a version of Alpha Oreo for LS997. I might be responsible for your lack of an Oreo ROM ?

---------- Post added at 12:03 PM ---------- Previous post was at 11:52 AM ----------


We should start a bounty thread???

I would be down for a bounty thread, but I think it would be pointless as well.

As for the ZV7... That sucks. I wish I had another link but I do not atm and can't say when. If I see something I will let you know asap. Very rare now adays.

I also have a ZV7 dump I think on my laptop if need be from before I rooted.

ZVD rootable would be absolutely epic, I still have hope for someday as for my backup phones.

 

[C D]

You ever find anywhere else with a zv7? The one you linked got snatched up.... I gotta make a dump for i95swervin and maybe he'll make a version of Alpha Oreo for LS997. I might be responsible for your lack of an Oreo ROM

The eBay store of the seller who previously sold several LS997 ZV7's can be found here. He periodically relisted the Sprint LG V20 on there over the last couple of months (I bought two ZV7's on two separate occasions), so there's a slim chance that he could still have another ZV7 left among those that he sells. You could contact the seller to check.

 

[runningnak3d]

As I have stated in another thread, I have a procedure that I am confident will work, but it will require significant development time to get kexec working.

The procedure would not be easy (if you think lafsploit is hard to do .. you haven't seen anything yet). Also, it would be a tethered root .. meaning you would need a PC every time your phone is powered off. If you just needed to restart the OS, that could be done without a PC, but a cold boot would need a PC to enter some commands via a shell.

If all of that sounds like something you are willing to deal with, then start a bounty thread and I will try to get an exact estimate on the amount of dev hours I would have to put into writing the code.

If you Google "kexec loading a kernel from a kernel" you will get an idea of the amount of work I would have to put in.

By using kexec, we would use a validated kernel (one that passes dm-verity) to load another kernel with dm-verity disabled. Since the first kernel already passed the checks .. the second kernel would be loaded without the full boot process, and therefore aboot wouldn't verify it.

EDIT: Oh yeah, you would also need an SD card in your phone with a partition to hold kexec, the kernels, and TWRP. You could use the rest of the SD card for the OS, and the partition wouldn't need to be very big .. but just throwing that out there.

-- Brian

 

[Mysticblaze347]

As I have stated in another thread, I have a procedure that I am confident will work, but it will require significant development time to get kexec working.

The procedure would not be easy (if you think lafsploit is hard to do .. you haven't seen anything yet). Also, it would be a tethered root .. meaning you would need a PC every time your phone is powered off. If you just needed to restart the OS, that could be done without a PC, but a cold boot would need a PC to enter some commands via a shell.

If all of that sounds like something you are willing to deal with, then start a bounty thread and I will try to get an exact estimate on the amount of dev hours I would have to put into writing the code.


If you Google "kexec loading a kernel from a kernel" you will get an idea of the amount of work I would have to put in.

By using kexec, we would use a validated kernel (one that passes dm-verity) to load another kernel with dm-verity disabled. Since the first kernel already passed the checks .. the second kernel would be loaded without the full boot process, and therefore aboot wouldn't verify it.

EDIT: Oh yeah, you would also need an SD card in your phone with a partition to hold kexec, the kernels, and TWRP. You could use the rest of the SD card for the OS, and the partition wouldn't need to be very big .. but just throwing that out there.

-- Brian

I never looked into lafsploit because I don't have an H918. Just ls997..one rooted ZV7, and two ZVD's (backups). However...that method would seem a lil tedious, but doable. If only way...

I was wondering if it is even possible or easier to do and full on 100% phone clone. Turn one of the ZVD's into the rooted ZV7. That would be a true game changer and way faster.

If this was not intended at me I apologise. However, just a thought.

 

[runningnak3d]

Once ARB has been incremented you can't roll back to any version that has a lower ARB. Even if you replaced the NAND, you would still only be able to use ZV8 or later since ARB is incremented inside the CPU. So, you can always replace the CPU AND the NAND

-- Brian

 

[Mysticblaze347]

Once ARB has been incremented you can't roll back to any version that has a lower ARB. Even if you replaced the NAND, you would still only be able to use ZV8 or later since ARB is incremented inside the CPU. So, you can always replace the CPU AND the NAND

-- Brian

Oh yeah, I forgot about it being baked in the CPU..damn it.
Reminds me of PS3 and nand flasher crap. Damn all the lock down. Oh well. At least I have a replacable battery .

 

[Mysticblaze347]

Sad year so far

My beloved fully rooted ls997 died with a sudden rpm crash that was unfixable ?. Cant find a different one for the life of me. Anyway, I am now on ls997 oreo with temp root. Its nice, but very limited. I miss my full root.

I noticed that I have oem unlocked which is supposed to unlock bootloader or allow. But this supposed arb screws it up. How I have no idea. Its all rom related so it absolutely makes no damn sense. Why have oem unlocked if we cant do anything?

So oreo full root with arb?...

Would a stock Oreo dump allow for kdz extraction to make a rooted/ rootable rom?

Just a question and be cool if so. Long shot I know.

Especially with a not yet known arb bootloader