I playing around for those owning a bootloader LOCKED device
Examples: H812, H818, H815 non-international etc.
Why? Well I want to figure out a method to play around with an incredible hack to boot TWRP permanently without actually installing it in the recovery partition (this requires LL and will not work for MM.).
... and then? We will see. If that works I can maybe do the same for efidroid .. and If that works..? well booting any ROM would be possible.
Please continue here:
https://forum.xda-developers.com/g4/development/locked-twrpinfish-locked-g4-devices-t3573048
Previous OP:
But don't get too excited dude! I just try and error here and even if all that works some day it will take a LOT of time to accomplish!
go ahead and get excited 
Here are the pre-requirements you have to met if I say IF I can get this working some day:
Those above are hard facts so it may never work with MM. That also means if MM can get fully rooted by SuperSU and you can use "setenforce 0" the method should work there as well.
If you can not meet ALL of the above 2 requirements lay down and cry. For the others: calm down it will take time to accomplish!
You can test requirement 2 (disable SELinux) by:
adb shell
su
setenforce 0
getenforce
-> you should see "Permissive" as a result. If you see "Enforcing" or error messages post them. Maybe we can help you.
While doing all this I digged into the world of Android exploits (Dirty cow and PoCs like Vikiroot etc) and SELinux in LL and MM. I begin to like SELinux because it does it's job well but that means it makes it impossible to get full root on MM atm.
setenforce sets the SELinux mode. SELinux is NOT the same then having root!
You can have root permissions but SELinux can still block everything you try as root! That's why it is that hard to get MM rooted. I can get the user root in MM without a problem but you can just do nothing more then before because SELinux will block. You have to find an exploit to disable/workaround SELinux first. Nothing around there and I tried many things - even while using the really really great download mode shell (https://github.com/Lekensteyn/lglaf)
The state of my hack (2017-03-14)
Confirmed to work devices ( as of 2017-03-14)
Previous questions (just here for those who wanted to know how that all started):
-
Examples: H812, H818, H815 non-international etc.
Why? Well I want to figure out a method to play around with an incredible hack to boot TWRP permanently without actually installing it in the recovery partition (this requires LL and will not work for MM.).
... and then? We will see. If that works I can maybe do the same for efidroid .. and If that works..? well booting any ROM would be possible.
Please continue here:
https://forum.xda-developers.com/g4/development/locked-twrpinfish-locked-g4-devices-t3573048
Previous OP:
Here are the pre-requirements you have to met if I say IF I can get this working some day:
- you have to be rooted by SuperSU >= 2.76 !! (atm this means you have to install LL and u may need to upgrade with FlashFire or similar to this version!)
- you have to be able to disable SELinux in your booted Android (which should when you have a full rooted device)
Those above are hard facts so it may never work with MM. That also means if MM can get fully rooted by SuperSU and you can use "setenforce 0" the method should work there as well.
If you can not meet ALL of the above 2 requirements lay down and cry. For the others: calm down it will take time to accomplish!
You can test requirement 2 (disable SELinux) by:
adb shell
su
setenforce 0
getenforce
-> you should see "Permissive" as a result. If you see "Enforcing" or error messages post them. Maybe we can help you.
While doing all this I digged into the world of Android exploits (Dirty cow and PoCs like Vikiroot etc) and SELinux in LL and MM. I begin to like SELinux because it does it's job well but that means it makes it impossible to get full root on MM atm.
setenforce sets the SELinux mode. SELinux is NOT the same then having root!
You can have root permissions but SELinux can still block everything you try as root! That's why it is that hard to get MM rooted. I can get the user root in MM without a problem but you can just do nothing more then before because SELinux will block. You have to find an exploit to disable/workaround SELinux first. Nothing around there and I tried many things - even while using the really really great download mode shell (https://github.com/Lekensteyn/lglaf)
The state of my hack (2017-03-14)
- FULL takeover/hijack of boot -> DONE (the modifications required are not voiding the Android boot signing chain!)
- replace RAM disk -> DONE
- boot own RAM disk (TWRP!) -> DONE (atm TWRP 2.8.7-0)
- Upgrade bundled TWRP to latest version -> WIP (build compatible with LL required)
- Prepare public release -> WIP (do not ask for ETA's!)
- boot efidroid instead of TWRP -> WIP (build ok but not booting)
Confirmed to work devices ( as of 2017-03-14)
- H815 International - unlocked (Thanks @steadfasterX yea its mine and i have no locked device to test with That's why i needed ur help. but i test without touching the boot chain so its similar to locked devices.)
- LS991 Sprint - locked (Thanks @TheMadScientist420)
- H815T - locked (Thanks @the_naxhoo)
Previous questions (just here for those who wanted to know how that all started):
I have 3 simple questions first:
regarding Q1: how to access fastboot?
regarding Q2: Determine your Android version
regarding Q3: boot TWRP within fastboot
Will that harm you device? No as long as you follow the steps thoroughly
Note: if you use Windows and want to avoid any LG driver issues and do not want install adb, fastboot etc just download and boot FWUL
Please give me feedback by copy the following snippet and fill in accordingly to your results
Don't quote the whole above post just use the following:
- Do you have fastboot mode available on your device?
- What is your Android version?
- Are you able to boot up TWRP with fastboot?
regarding Q1: how to access fastboot?
Usually you can boot into fastboot mode with the adb command from your PC:
adb reboot bootloader
There are also several apps in the play store doing the same from within your device.
Does not work?
Please try to enable OEM unlock in the developer options.
.. and NO THIS WILL NOT UNLOCK your device!! It is just a pre-requirement if the vendor would support unlocking but it may enable fastboot on some devices (just guessing here).
Still does not work?
Try the hardware key method:
adb reboot bootloader
There are also several apps in the play store doing the same from within your device.
Does not work?
Please try to enable OEM unlock in the developer options.
.. and NO THIS WILL NOT UNLOCK your device!! It is just a pre-requirement if the vendor would support unlocking but it may enable fastboot on some devices (just guessing here).
Still does not work?
Try the hardware key method:
- You first have to shut down your Android smartphone – turn it off completely, so either press power key once and select “power off”, or press and hold the power button for a few seconds.
- After doing so, press and hold (at the same time) the Power and Volume Up keys (keep pressing the buttons for about 6 or 7 seconds).
- Plug in the USB cable for your smartphone and establish a connection between your device and your computer.
- Release the keys when the download mode is being displayed.
regarding Q2: Determine your Android version
Finding your version is explained e.g. here: http://www.wikihow.com/Check-What-Android-Version-You-Have
regarding Q3: boot TWRP within fastboot
Will that harm you device? No as long as you follow the steps thoroughly
Note: if you use Windows and want to avoid any LG driver issues and do not want install adb, fastboot etc just download and boot FWUL
- Optional: Download and boot FWUL
- download TWRP (yes even if it NOT matching your exact model! It doesn't harm anything because this is just a temporary boot)
- rename the downloaded image file to "twrp.img"
- boot into fastboot mode and connect USB cable if not already done
- execute:
fastboot boot twrp.img
(on FWUL it is: sudo fastboot boot twrp.img) - Do a full backup now
- catch the recovery.log (see FAQ #4A)
- STOP HERE.
Do not try to install anything!
Restoring? Dunno atm. Well it SHOULD work... because you restore a STOCK signed ROM.. so.. You're free to try BUT do this ONLY if you know how to restore a soft bricked device!!!!!!!!!
Installing root on MM/custom ROMS/Kernels: NO! It will definitively soft brick your device.
Please give me feedback by copy the following snippet and fill in accordingly to your results
Don't quote the whole above post just use the following:
device: exact model (e.g. H818N, H815 SEA, ..)
fastboot: available (please tell me which method used!) / not available (please tell me which method tried!)
Android version: 5.1.1/6.0.0/6.0.1/x.x.x
boot TWRP: error (attach a screenshot of the error message!) / success (attach recovery.log - FAQ #4A)
-
Last edited:
