[Tutorial] Crossflash, Bypass OPID Mismatched Error

Search This thread

PHANX0M

Senior Member
Jun 6, 2015
87
7
Sony Xperia Z5 Premium
LG G8
Tashakor bro.
One final question. What motivates you to do all this? I can't imagine...
Also for anyone in my situation reading all these who wanna flash something to the AT&T LMG820UM while using AT&T, do LMG820QM OPEN_US NOT LMG820UM OPEN_CA! The open US one will work perfectly, while the open CA one will not make calls, allegedly!!!!!
 
Last edited:

arksid

Member
Sep 9, 2022
9
0
Using QFIL, create a backup of abl, xbl and xbl_config of both a and b sides and then flash attached files. abl_eng to abl, xbl_eng to xbl and xbl_config_eng to xbl_config. Like backing up, flash both sides (a and b).
Restart phone while it is connected to USB port and you are holding Vol-. It will get into Fastboot.
When you are finished with Fastboot, use the backup files and flash them back using Fastboot commands. Fastboot flash abl_a abl_a_bak.bin and...
Hello, just tried to use this on my lg g8 and now i'm stuck in fastboot mode. The phone keeps on looping anytime a do a selection, say: recovery mode it powers of and then goes back to fastboot menu. Also it changed my product name to LM-V500, is there a way out of this?
 

arksid

Member
Sep 9, 2022
9
0
i wanted to get into recovery mode
I had just flashed the phone with android 11 and wanted to lock the bootloader coz i needed some features that were unavailable while the phone is unlocked. The phone was running smoothly on android 11 OPEN_CA and had no problem.
But after following the steps to access receovery mode, i haven't been able to get out of fastboot menu, moreover i wasn't even able to access recovery mode
 

netmsm

Senior Member
Oct 3, 2010
475
212
Esfahan
I had just flashed the phone with android 11 and wanted to lock the bootloader coz i needed some features that were unavailable while the phone is unlocked. The phone was running smoothly on android 11 OPEN_CA and had no problem.
But after following the steps to access receovery mode, i haven't been able to get out of fastboot menu, moreover i wasn't even able to access recovery mode
It seems that some partitions are messed up. Try to use backups and restore these partitions on both A and B sides: abl, xbl, xbl_config and boot.
 

PHANX0M

Senior Member
Jun 6, 2015
87
7
Sony Xperia Z5 Premium
LG G8
In our culture one who knows about something is obligated and concomitantly obliging to share it with those who don't know.

In our culture one who knows about something is obligated and concomitantly obliging to share it with those who don't know.
Sounds good to me! Maybe I'll be doing this on here one day.
But also.... Is there anyway to secure my phone while having unlocked bootloader? Is it true that anyone can flash TWRP or smnth and just bypass the lockscreen w/ that?? And I assume I can't relock the bootloader with a custom ROM on LG G8 THINQ.
 

netmsm

Senior Member
Oct 3, 2010
475
212
Esfahan
Sounds good to me! Maybe I'll be doing this on here one day.
But also.... Is there anyway to secure my phone while having unlocked bootloader? Is it true that anyone can flash TWRP or smnth and just bypass the lockscreen w/ that?? And I assume I can't relock the bootloader with a custom ROM on LG G8 THINQ.
Glad to hear that ^_^
For the first question I'm afraid to say no.
I haven't heard of such a possibility that the lock-screen can be broken this easily especially on recent releases of Android. By the way, you can do a factory reset remotely it's one of Google's features.
Re-lock and the phone won't boot up if it isn't bricked.
 

PHANX0M

Senior Member
Jun 6, 2015
87
7
Sony Xperia Z5 Premium
LG G8
Glad to hear that ^_^
For the first question I'm afraid to say no.
I haven't heard of such a possibility that the lock-screen can be broken this easily especially on recent releases of Android. By the way, you can do a factory reset remotely it's one of Google's features.
Re-lock and the phone won't boot up if it isn't bricked.
But does having it unlocked make it easier for someone to get unauthorized access into my handset and it's contents? What would they have to do to do that?
Would they be able to get in when bootloader's locked?
 

arksid

Member
Sep 9, 2022
9
0
It seems that some partitions are messed up. Try to use backups and restore these partitions on both A and B sides: abl, xbl, xbl_config and boot.
Sorry for the many replies, i managed to restore the partitions files and the phone is up and running, thanks for the help, i'm at peace now, thank you again
 

netmsm

Senior Member
Oct 3, 2010
475
212
Esfahan
But does having it unlocked make it easier for someone to get unauthorized access into my handset and it's contents? What would they have to do to do that?
Would they be able to get in when bootloader's locked?
Yes, it'd be easier.
I don't know, actually I don't have knowledge in this sort of things. As far as I remember, in older versions of Android it was possible to remove lock-screen pin or pattern through custom recovery. But now with improved security those hacks are not working. Maybe some new methods have been invented which I'm not aware of.
A locked bootloader guarantees security.
 

netmsm

Senior Member
Oct 3, 2010
475
212
Esfahan
how do i get into EDL mode while the phone is off?
managed to enter EDL mode but i can't make the difference between the backed up files of abl, xbl, xbl_config and boot
What happens if i just reflash the device with the steps you've provided in the beginning of this thread, will this problem be gone?
Sorry for the many replies, i managed to restore the partitions files and the phone is up and running, thanks for the help, i'm at peace now, thank you again
Great (y)
 

PHANX0M

Senior Member
Jun 6, 2015
87
7
Sony Xperia Z5 Premium
LG G8
Yes, it'd be easier.
I don't know, actually I don't have knowledge in this sort of things. As far as I remember, in older versions of Android it was possible to remove lock-screen pin or pattern through custom recovery. But now with improved security those hacks are not working. Maybe some new methods have been invented which I'm not aware of.
A locked bootloader guarantees security.
Gr8
Do those improved security patches go for Lineage OS too?
And when I flash Lineage OS to this ( https://www.getdroidtips.com/lineage-os-18-1-lg-g8-thinq/ )
Will there be anyway for me to install microG instead of GApps or I can't b/c Lineage OS doesn't support sigspoofing?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    First off, big THANKS to the OP (netmsm) and other people who contributed to this thread and made this guide very clear and useful!

    So, after perusing this thread for a long time, trying to understand the ins and outs of the process and any possible snafus, I decided to take the plunge after the Open_CA A12 (40a) got released recently, and to flash it onto my G8 originally from US Cellular. The crossflash went smoothly with no issues at all. A nice surprise was that the BL remained unlocked - I was prepared to go through the whole unlocking process again before rooting, but didn't have to. I got the empty S/N (easy fix), and the infamous NT-Code error. This is where I got stuck for a while. I tried fixing it by editing the cust_path_mapping.cfg file as suggested in the thread. The problem is that I couldn't save the changes in that stupid file by using ANY root explorer/editor! :mad: Tried half a dozen different apps with no luck at all. BTW, anyone has any ideas what I may have been doing wrong?? Yes, I am properly rooted with Magisk.

    Anyway... Everything worked fine on the phone, but that lame error was really getting under my skin - I could have ignored it, but I hated not being able to get rid of it. So... After more reading, I came across some info on hex-editing the FTM partition (in a totally unrelated topic). The NT-Code in FTM binary is stored at the offset 00014000. My error message was referring to the code "FFFFFF,85". The original cust_path_mapping.cfg file (which I couldn't edit) had a line referring to "FFFFFF,82". So, having all backups available, I decided, just for the heck of it, to change the last digits of the NT-Code in the FTM partition to match the "82" listed in the file. What could go wrong? I can always restore a backup... After flashing the edited FTM in QFIL, rebooted the phone, and - bingo! The NT-Code error was gone, and the phone was still fully functional. This was my happy face after spending a good hour and a half trying to get rid of it, and finally succeeding: 😁

    Cheers, and thanks again for all the info!
    2
    Hi. Can you please send a link to the tutorial how to edit the FTM partition?
    This is the thread I found: https://forum.xda-developers.com/t/getting-access-to-recovery-combination-ftm-mod.4220523/

    Note that these steps were described for a different phone and a different issue, and CAN'T be blindly applied here! It just gave me an idea of what could possibly be done. I know nothing about this other than what's described there, and won't be able to answer any questions if things get messed up. Please use this info at your own risk. And have a backup. And a backup of a backup, just in case.
    2
    First off, big THANKS to the OP (netmsm) and other people who contributed to this thread and made this guide very clear and useful!

    So, after perusing this thread for a long time, trying to understand the ins and outs of the process and any possible snafus, I decided to take the plunge after the Open_CA A12 (40a) got released recently, and to flash it onto my G8 originally from US Cellular. The crossflash went smoothly with no issues at all. A nice surprise was that the BL remained unlocked - I was prepared to go through the whole unlocking process again before rooting, but didn't have to. I got the empty S/N (easy fix), and the infamous NT-Code error. This is where I got stuck for a while. I tried fixing it by editing the cust_path_mapping.cfg file as suggested in the thread. The problem is that I couldn't save the changes in that stupid file by using ANY root explorer/editor! :mad: Tried half a dozen different apps with no luck at all. BTW, anyone has any ideas what I may have been doing wrong?? Yes, I am properly rooted with Magisk.

    Anyway... Everything worked fine on the phone, but that lame error was really getting under my skin - I could have ignored it, but I hated not being able to get rid of it. So... After more reading, I came across some info on hex-editing the FTM partition (in a totally unrelated topic). The NT-Code in FTM binary is stored at the offset 00014000. My error message was referring to the code "FFFFFF,85". The original cust_path_mapping.cfg file (which I couldn't edit) had a line referring to "FFFFFF,82". So, having all backups available, I decided, just for the heck of it, to change the last digits of the NT-Code in the FTM partition to match the "82" listed in the file. What could go wrong? I can always restore a backup... After flashing the edited FTM in QFIL, rebooted the phone, and - bingo! The NT-Code error was gone, and the phone was still fully functional. This was my happy face after spending a good hour and a half trying to get rid of it, and finally succeeding: 😁

    Cheers, and thanks again for all the info!
    Thanks, netmsm and kt-froggy for the guides.
    I figured out how to remove the NT code error without root.
    You will first need a file manager that can access the root directory.
    I personally used "Solid Explorer File Manager" to access the cust_path_mapping.cfg file to read the NT-Code that came with the firmware.
    You can use the Solid Explorer File Manager to access the root directory by going to settings then scrolling down and checking the box "show root storage". You will now be able to access the root storage.
    You can access the cust_path_mapping.cfg by going to root/system/product/OP. Then open the file and note the code. Mine was FFFFFF,82=/product/OP.
    Create a backup of the FTM partition the open the FTM file with HxD app. (Make sure you have a copy of the FTM file in case something goes wrong)
    Go to line 00014000 and edit the line. depending on the phone, edit the first 2 sets of numbers/letters with 3 characters separated by a comma. ("FFF,FFF), then the last set of numbers/letters with 2 characters to match the code in the cust_path_mapping.cfg file.
    (Mine was
    "2","310,120,FFFFFFFF,FFFFFFFF,FF","312,530,FFFFFFFF,FFFFFFFF,FF" and I changed to
    "2","FFF,FFF,FFFFFFFF,FFFFFFFF,82","FFF,FFF,FFFFFFFF,FFFFFFFF,82") because I was getting NT code error
    310120, 312530 ; FF, FF

    Note:
    1. The line could span from 00014000 to 00014040 like mine. Each line is separated with "". I had 2 lines and had to change both lines. You can have only 1 line
    2. Make sure you don't delete the line but just select the content and overwrite it with new text. deleting might affect other lines below with content. ( I deleted some lines and my phone factory reset)


    After that just save the FTM and load it to your phone using QFIL and the error will be gone.

    I've only tested it on my LG G8, OPEN CA firmware so I'm not sure if it will work on others.
    1
    Im getting error 0x6004

    I tried Edit: I backed up and erased these partitions in addition: boot_a, boot_b, vendor_a, vendor_b, product_a, product_b and it seemed to work afterwards. this too still didnt work

    what I had happened to me, I unlocked the bootloader first then I got twrp with magisk running then I wanted to upgrade to 12 and now I can;t do it

    by mistake I also flashed verizon kdz on it too, since mine is sprint, please help
    I do not understand what your problem is, sorry.
    1
    I bought this LG v50 and it is a Sprint phone I use the guide to root and unlock the bootloader for the TWRP and magisk while running on Android 11

    On telegram I found Android 13 running rom I was told to upgrade to Android 12 and then flash the rom because it will not work with Android 11

    I found your post and I was trying to cross flash from Android 11 to 12 using your method but I could not do it because I was getting that 0x60004 error about on your same post people suggest if I erase boot vendor product partition as well that I will not come I try that too and it didn't work I was still getting that same error I try different LG up

    Someone told me on the telegram group just flash Android 12 kdz on it since I could not cross flash from 11:00 to 12:00 using your method

    Without realizing that I had Sprint I used Verizon Android 12 kdz using LG up

    Now when I try to boot up it just flashed lgv 50 logo and goes into the boot loop

    I can still go into edl mode also I can go to download mode and I try to use unbrick guide to flash those files manually and after doing that phone does the same thing it would not boot just goes to the boot loop

    So this is the situation I'm in
    1. Make a backup of LUN5 partitions.
    2. Restore original FTM; If it still does not boot properly then you have to try another different KDZ.
  • 46
    Hi there ;)
    Thanks to all other guys here who have made helpful development to tame this beautiful =)

    To crossflash models other than LG G8 please read post 3.
    Before asking any question please read the troubleshooting section at the bottom of the page.
    If you still need some specific help I would appreciate if you bring it up just in the thread instead of sending direct messages.


    LG has made things difficult in flashing custom and even stock roms by this new OPID thing! It prevents us from crossflashing but we have been able to use TWRP and change the system and some other partitions to have a different rom. We had to make some changes into OP partition using HxD editor.
    But now, through this tutorial, we're able to flash any rom without the need to change OPID in OP partition. Also, there is no need to root or unlock boot-loader.
    I was successful to do this on some G8 (LMG820UM) but I AM NOT RESPONSIBLE FOR ANY HARM TO YOUR PHONE!

    By continuing to read the following instructions you are actually accepting the risk.


    IMPORTANT!
    first, MAKE A FULL BACKUP OF ALL PARTITIONS; and I mean it!!!
    at least, for your sake, make a backup of "modemst1, modemst2, fsg, fsc, ftm" partitions, for emergency.


    Requirements
    QPST and Qualcomm USB Driver (get)
    LGE SM8150 Firehose (get)
    LGUP 1.16.0.3 (get)
    LGUP_Common.dll (get)
    UI_Config.lgl (get)
    LG Mobile Driver 4.4.2 (get)


    Preparation
    1. Install QPST and Qualcomm USB Driver.
    2. Install LGUP.
    3. Find the folder named "model" in the installation directory of LGUP, then Create a folder named "common" in the "model" folder.
    4. Move "LGUP_Common.dll" and "UI_Config.lgl" into "common" folder. Change the attribute of "UI_Config.lgl" to read only.
    5. Install LG Mobile Driver 4.4.2.


    Steps
    A)
    1. Open QFIL.
    2. Change "Storage Type" to UFS.
    3. Select "Flat Build".
    4. Browse for "LGE SM8150 Firehose" and pick it.
    5. Now, connect the phone to PC and boot into EDL mode.
    6. Open "Select Port" and select the phone, press OK.
    7. In "Tools" open the "Partition Manager".

    B)
    !!!BE CAREFUL TO DO EXACTLY AS THE INSTRUCTIONS SAY OR YOU WILL BRICK THE PHONE!!!
    1. Make a backup of and erase these 7 partitions: FTM, Modem_A, Modem_B, SID_A, SID_B, OP_A, OP_B.
    1.1. You have to left-click on a partition then right-click on it and select "Manage Partition Data".
    1.2. In the pop-up window, you have 4 choices: I. Erase (to erase data on the partition), II. Read Data (to dump or back up the partition), III. Load Image (to restore the partition), IV. Close (to close the window).
    1.3. First dump/back up the partition by choosing "Read Data" then Erase it.
    2. Close the "Partition Manager" window.
    3. Wait for 5 seconds then press Vol- and Power until it restarts.
    3.1. Immediately after rebooting, Release the Vol- and Power buttons and press Vol+ to get into Download Mode.
    Note: Do not let the phone to begin to boot! If it begins to boot, it may regenerate the SID and FTM partitions data and so you need to redo the whole step B.

    C)
    1. Open LGUP.
    2. Pick your favorite KDZ.
    3. Select "PARTITION DL".
    4. Press Start. And a pop-up window will appear. In this window you can select which partitions to be flashed.
    5. Here, uncheck these partitions: SID_A and SID_B. It will make it able to bypass the OPID Mismatched Error.
    6. If you are in Sprint or other platforms you will get the message whether to change the model or not. Of course you know what to do =)

    after completing the process it will boot up in some minutes and before starting the customization it will do one restart. just be patient.


    ERRORS, QUESTIONS, TROUBLESHOOTING
    1. Can I crossflash V50, V60, G8X or other LG devices using this method?
    I did it on V50. Maybe it'll work on your devices maybe won't. There's one way to find out; make backup and give it a try.
    2. SN is gone, zero, etc.
    Restore your original FTM.
    3. I can't get into recovery.
    Restore the original FTM.
    4. I got NT-Code error.
    It's been discussed many time in the thread and some solutions have been presented (such as this one, thanks to @animo214 and this, thanks to @kt-Froggy as well as this one, thanks to @StvOchi ). However, you can ignore it if the phone got network.
    Note: You need to disable verity on the phone in advance otherwise changes in cust_path_mapping.cfg won't be saved.
    5. IMEI is lost, zero, null etc.
    Restore LUN5 partitions. If you have no backup it should be repaired using Octopus box. Go to 16.
    6. I got "permanently locked" error.
    This is because of IMPL lock and you have to restore LUN5 partitions. In case of having no backup you should use Octopus box.
    7. All partitions are deleted accidentally.
    Follow this instructions.
    8. I need to get into PDM mode.
    Unzip and restore the attached PDM to FTM partition. Remember, you need to restore your FTM to get into OS.
    9. Can I use another phone's LUN5 backup?
    NO.
    10. Can I use another phone's FTM backup?
    Yes. All partitions can be restored from another phone's backup except LUN5 partitions.
    11. My phone is stuck in boot-loop.
    Restore the original FTM and if it doesn't help redo the whole crossflash process and use a different KDZ this time.
    12. Which KDZ is the best (for any matter of use)?
    I do not know.
    13. Can I crossflash from any source variant to Korean variant or vice versa?
    Yes it is possible but you may get error on opening stock camera application because of hardware differences. There are some methods to solve the issue which you can search and find them.
    14. Can I downgrade using this method?
    Yes.
    15. I erased partitions (ftm, op_a, op_b, modem_a, modem_b, sid_a, sid_b) but it still does not let me to crossflash.
    Redo the whole process and this time make backup of and erase these partitions too, on both sides A and B: vendor, product, system, userdata and boot.
    16. How can I write IMEI?
    A) Dump the modem_a and create a copy of it. Then open it in UltraIso and remove IMEIPROT files from image folder. Save and restore it in place of modem_a and modem_b partitions.
    B) Make backup of FTM and then flash or restore the PDM file (attached) into your ftm partition. Restart the phone; you'll get into PDM mode.
    C) Open Tutty (attached). Select "Serial" in protocol and the proper port of your phone's modem driver. Click open. To test if you have selected the proper port number type "at" and hit enter it should respond"ok". Type the code at%imei=# (replace # with your IMEI) and hit enter. It doesn't matter you get "error" or "ok" after that, just check if IMEI is written via this code at%imei=?. If IMEI is written so you'll have the right MEID and ESN too.
    D) Restore the original ftm and modem_a in place of modem_a and modem_b. Restart the phone.
    I've already tested this method on V30, V50 and G8. Remember, if the phone has IMPL lock it'll throw "perm. locked" error even if you have written the IMEI.
    17. I have lost GPT files of my LG G8, G8X, G8S, V50, etc. and Qfil partition manager does not show anything in the list.
    You need to flash GPT files to your device with fh_loader (see this, part C). For that matter use KDZ_Tools to Extract DZ from a KDZ of your device. Then extract the DZ using -c at the end of extracting command. For example: unkdz -f FILE_NAME.kdz -c. It will extract all files besides all GPTs.
    18. Which are the LUN5 partitions?
    SM8150 has 7 physical partitions known as LUNs which are numbered from 0 to 6. Each LUN is split into several partitions. In Qfil Partition Manager you can see all partitions except those of LUN3 and LUN6 which are hidden. The number of LUNs are shown under the first column named LUN. Therefore, all partitions in front of number 5 are LUN5 partitions.
    5
    Hey good for you, so the Open a11 must be the Kor version right? Either way, could u do a big favor and try to get to recovery? Of course don't erase anything, but just verify you can get to the recovery screen?

    thnx!

    So, we just got this sorted. Thanks to SGMarkus as he mentioned it's the ftm partition that controls recovery access and fastboot access. So, with the newly flashed kdz, as it is, you can't even get to fasboot although u flashed the eng abl to it.

    But! Restore your old ftm, after flashing, and then you'll get access to both recovery and ability to get to fastboot after flashing eng abl.

    cheers!
    4
    alright, G8x Sprint succesfully crossflashed to OPEN CA :cowboy:
    3
    Some pictures of flashing my LMG820UM, unlocked from Sprint, into OPEN_CA 20j. In normal mode you cannot flash SPR_US to OPEN_CA which is shown in the pictures. But using this thread instruction it allows to flash, even it asks to change the model from SPR_US to OPEN_CA :D
    Until performing the instructions, it shows the "id: 2(SPR_US)" on the Download Mode screen, but after that it cannot recognize the phone model id and shows "id: 0()" :D
    Have fun ^_^
    3
    Thank you vary much @netmsm and @AsltLies , you are life savers =)

    I don't know how and what's wrong before, but by following the steps again I can flash with Open Canada firmware now.

    Here's my Screen Shots.

    Great, very cool. Suggestions though, u might want to mod that pic with your imei in it, people do actually try to steal those sometimes :(

    Also, like me, you lost your s/n. Easy to fix that with a hex editor, assuming you have the s/n recorded somewhere. Extract the current ftm partition and at offset 12000 is where you start putting in the s/n. Flash it back and it will show up again.

    cheers