Working on root for Nougat

Search This thread

chin'ah.girl

Member
Sep 10, 2017
36
12
A distant valley...
I was able to follow the instructions for modifying LGUP and the dll by smitel, the program functions as it should and appears as the developer version.

I tried downgrading to v20e .kdz and it immediately gave an anti-rollback error code. Then I tried the more recent 20l .kdz and it started flashing just fine until about 22% when it was working with the system folder and brought up a x2000 error code. I was able to fix the phone with LG Bridge. Is there something more that needs to be done to LGUP and the dll file to complete the downgrade than what was provided in the guide?
 

chin'ah.girl

Member
Sep 10, 2017
36
12
A distant valley...
@chin'ah.girl Did you have all partitions selected, or just boot and system?

-- Brian

I thought I selected everything but perhaps that was the problem. Now whenever I try to boot into recovery through ADB it gives me a dead Android symbol with "no command" message and it doesn't respond to any button combinations and eventually the phone boots up normally. I tried flashing a stock recovery image through fastboot but it gives me a failed remote unknown command.
 

runningnak3d

Recognized Developer
Nov 10, 2010
2,649
7,183
Largo
OK -- it failed because it tried to write to a partition that doesn't exist anymore.
Try a couple of things. None of these will brick your phone so bad that you can't get into download mode:
Using the 20L KDZ...

1 - Use partition download, only select: sbl1, aboot, laf, boot, system

Actually if you want to be safe, I need a list of the partitions in the KDZ and a list from your phone (adb shell / ls -l /dev/block/bootdevice/by-name).
However, if you like to live on the edge, sbl1, aboot, laf are the only 3 partitions that you MUST have to get download mode.
Also, the good news is that if you brick your phone (9008 mode) then the v10 is easy to fix.

-- Brian
 

chin'ah.girl

Member
Sep 10, 2017
36
12
A distant valley...
OK -- it failed because it tried to write to a partition that doesn't exist anymore.
Try a couple of things. None of these will brick your phone so bad that you can't get into download mode:
Using the 20L KDZ...

1 - Use partition download, only select: sbl1, aboot, laf, boot, system

Actually if you want to be safe, I need a list of the partitions in the KDZ and a list from your phone (adb shell / ls -l /dev/block/bootdevice/by-name).
However, if you like to live on the edge, sbl1, aboot, laf are the only 3 partitions that you MUST have to get download mode.
Also, the good news is that if you brick your phone (9008 mode) then the v10 is easy to fix.

-- Brian

I tried using the partition dl option in LGUP and it didn't let me select anything. It simply started flashing the kdz file and eventually just failed the flash. I tried using LG Bridge to recover again but it seems like something really messed up this time, as now the phone won't go past the LG logo screen. I was able to get to the factory reset screen but now all the phone does is show the erasing screen for a few seconds, flickers, then repeats. I left the phone on all night in case it was just taking a long time to format, but it seems like the phone no longer has files to create an OS at all now.
 

runningnak3d

Recognized Developer
Nov 10, 2010
2,649
7,183
Largo
You can't get back into download mode? If you have the LG logo, you should have download mode -- unless somehow it wiped out your LAF partition. If it wiped out LAF, and you have no custom recovery, this is one of those cases where you are screwed. No LAF means no download mode, and if you have no TWRP, then you have no way to fix your phone since the fastboot commands are disabled.

Let me know, and I will try and help you. If you chose partition dl, it SHOULD have popped up a box that lets you select which partitions to flash.

Also, you can still boot from SD card -- so you have hope of fixing your phone.

-- Brian
 

chin'ah.girl

Member
Sep 10, 2017
36
12
A distant valley...
You can't get back into download mode? If you have the LG logo, you should have download mode -- unless somehow it wiped out your LAF partition. If it wiped out LAF, and you have no custom recovery, this is one of those cases where you are screwed. No LAF means no download mode, and if you have no TWRP, then you have no way to fix your phone since the fastboot commands are disabled.

Let me know, and I will try and help you. If you chose partition dl, it SHOULD have popped up a box that lets you select which partitions to flash.

Also, you can still boot from SD card -- so you have hope of fixing your phone.

-- Brian

I'm assuming that the LAF partition is gone then, because I can't get into download mode, all I can do is get to the factory reset screen.
 

runningnak3d

Recognized Developer
Nov 10, 2010
2,649
7,183
Largo
OK. Since you were on Nougat, you are going to have to find someone on here that will be nice enough to give you a dump of their phone so you can boot from SD card. I can elaborate, but the quick and dirty is:

Have them:
* adb reboot recovery
* adb pull /dev/block/mmcblk0
* zip that up
This will contain information that is personal / unique to their phone, so you will have to find someone that trusts you.

You then burn that onto an sd card using any image writing program (I use dd in Linux). Pop that sd card in your phone, and you will be able to get into download mode.

You don't need a full dump, but without having a v10 in front of me, that is the best I can do for you.

-- Brian
 

chin'ah.girl

Member
Sep 10, 2017
36
12
A distant valley...
OK. Since you were on Nougat, you are going to have to find someone on here that will be nice enough to give you a dump of their phone so you can boot from SD card. I can elaborate, but the quick and dirty is:

Have them:
* adb reboot recovery
* adb pull /dev/block/mmcblk0
* zip that up
This will contain information that is personal / unique to their phone, so you will have to find someone that trusts you.

You then burn that onto an sd card using any image writing program (I use dd in Linux). Pop that sd card in your phone, and you will be able to get into download mode.

You don't need a full dump, but without having a v10 in front of me, that is the best I can do for you.

-- Brian

Well the good news is that I was able to get the phone working JUST now so thankfully we don't have to do that! I discovered I could still use fastboot but most of the commands weren't working, so I decided to try relocking the bootloader to see if that would force anything to happen, and it cleared out the userdata/cache! The erasing screen appeared for a second and the device booted as normal. I guess the reset from LG Bridge got hung up on something after the install?

Download mode works too...but now LGUP is giving a COM error when I put it into download mode, and using Uppercut simply tells me that I need to install the dll file. I haven't changed anything from when I first modified LGUP/the dll. It's the most recent version of the dll file too. Should I try reverting to the original dll files to see if anything changes?

UPDATE: Somehow the common.dll was changed. I put it back in the folder and re-edited it. It appears in LGUP in download correctly. Now before I do anything should I simply be able to use the refurbish option to downgrade or use the partition dl option?
 
Last edited:

runningnak3d

Recognized Developer
Nov 10, 2010
2,649
7,183
Largo
@chin'ah.girl Yea, when you run uppercut, it modifies the dll, so yea -- you will have to copy it back if you ever have to use uppercut. You can't use uppercut with the patched LG UP.

OK -- so you are in download mode, and all is good. Use partition dl to download just sbl1, aboot, boot, system, laf

IF that flashes OK, then you will have most of the MM boot loader (but none of the MM firmware), the MM boot, system and laf. The reason you want to flash laf is in case MM and N have different RSA keys. Don't want to end up in 9008 mode -- then you WILL have to use an sd card.

It should boot *crosses fingers* but your phone won't work. At that point though, you will be able to use dirtycow to root. Once you have root, you can flash TWRP, and then fire up LG UP with the Nougat KDZ and flash all partitions EXCEPT recovery. That will leave you with a Nougat phone and TWRP. At that point, just flash an SU and have fun.

Let me know how it goes.

-- Brian
 

chin'ah.girl

Member
Sep 10, 2017
36
12
A distant valley...
@chin'ah.girl Yea, when you run uppercut, it modifies the dll, so yea -- you will have to copy it back if you ever have to use uppercut. You can't use uppercut with the patched LG UP.

OK -- so you are in download mode, and all is good. Use partition dl to download just sbl1, aboot, boot, system, laf

IF that flashes OK, then you will have most of the MM boot loader (but none of the MM firmware), the MM boot, system and laf. The reason you want to flash laf is in case MM and N have different RSA keys. Don't want to end up in 9008 mode -- then you WILL have to use an sd card.

It should boot *crosses fingers* but your phone won't work. At that point though, you will be able to use dirtycow to root. Once you have root, you can flash TWRP, and then fire up LG UP with the Nougat KDZ and flash all partitions EXCEPT recovery. That will leave you with a Nougat phone and TWRP. At that point, just flash an SU and have fun.

Let me know how it goes.

-- Brian

Not sure what the problem is but when I use the partition dl option it doesn't give me an option to choose what to flash, it simply starts flashing and once it gets around the 20% mark it gives the x2000 error. I used the dump option just to make sure that other functions were possible and it successfully dumped the modem files and such, so that works. Should the phone transition from "download mode" to "firmware update" before I flash anything?

UPDATE: I tried experimenting to see how the partition dl option is supposed to work and I keep getting a similar problem for the guy in the LG v20 thread. I load the kdz file first, then I pick the option, it starts to run then crashes at 9%. I tried making a system.img with an extractor but it still didn't give me an option to choose which partitions to flash like I see in someone's screenshot, it just flashed the entire phone. I realized the common.dll was out of date and I updated it and it actually did manage to fully flash the system.img file but all it did was soft brick the phone; still no option to select partitions though.
 
Last edited:

chin'ah.girl

Member
Sep 10, 2017
36
12
A distant valley...
Nevermind about all that! It seems the out of date common.dll from the old LGUP.zip was the problem. I am now able to select partitions after I switched over to the kdz from the img file. I can't believe it was something that stupidly simple.

...Here's to hoping that everything flashes accordingly...

UPDATE: I selected the partitions you chose, and it doesn't get past sbl1. It brings up error: 0x2bc, invalid command response code x8000121. Some people say this is because the bootloader isn't unlocked, but mine is. Any ideas on how to proceed?
 
Last edited:

jmatic

Senior Member
Oct 9, 2010
117
2
Dallas, TX
Nevermind about all that! It seems the out of date common.dll from the old LGUP.zip was the problem. I am now able to select partitions after I switched over to the kdz from the img file. I can't believe it was something that stupidly simple.

...Here's to hoping that everything flashes accordingly...

UPDATE: I selected the partitions you chose, and it doesn't get past sbl1. It brings up error: 0x2bc, invalid command response code x8000121. Some people say this is because the bootloader isn't unlocked, but mine is. Any ideas on how to proceed?

Which version of LGUP are you using to be able to select the partitions to flash. And also are you using uppercut? If so do you have any links for those version you are using?
Do you know of any way to flash boot.img while on Nougat with the new bootloader? Bootloader is unlocked does not flash anything. Anyway to flash boot.img with LGUP?
 

chin'ah.girl

Member
Sep 10, 2017
36
12
A distant valley...
Which version of LGUP are you using to be able to select the partitions to flash. And also are you using uppercut? If so do you have any links for those version you are using?
Do you know of any way to flash boot.img while on Nougat with the new bootloader? Bootloader is unlocked does not flash anything. Anyway to flash boot.img with LGUP?

Like smitel's guide suggests, I'm using store version 1.14 and using HxD to edit the executable and the dll files. You can't flash partitions with the regular store versions so that is the reason for the editing the code to change it to developer version. There's tons of different LGUP.zip's floating around on xda, but I found out the best website to get the latest LGUP and dll's is from here. Also don't use Uppercut with the edited LGUP as Uppercut messes with the dll's and removes the dll that you need to make this work, also found this out the hard way.

As far as flashing the boot, that's where I'm currently stuck. runningnak3d's suggestion was to flash specific partitions so as not to fully brick the device to the point where we wouldn't be able to use the dirty cow exploit, but for me this method only ended up giving me the aforementioned error and I'm currently waiting on suggestions to successfully flash the bootloader/downgrade to v20l and researching other possible options.
 
Last edited:
  • Like
Reactions: Sleepy_Augie

Gabriel51

Senior Member
May 10, 2008
1,643
324
xda Texas
I get this error when trying to install TWRP;
"remote unknown command"
I found this on the web; lg has locked the fastboot commands. Until we have root you can't flash recovery.
Well sh***********************...
 

ctheanh

Member
Aug 9, 2007
33
14
Root for H910 Nougat

Like smitel's guide suggests, I'm using store version 1.14 and using HxD to edit the executable and the dll files. You can't flash partitions with the regular store versions so that is the reason for the editing the code to change it to developer version. There's tons of different LGUP.zip's floating around on xda, but I found out the best website to get the latest LGUP and dll's is from here. Also don't use Uppercut with the edited LGUP as Uppercut messes with the dll's and removes the dll that you need to make this work, also found this out the hard way.

As far as flashing the boot, that's where I'm currently stuck. runningnak3d's suggestion was to flash specific partitions so as not to fully brick the device to the point where we wouldn't be able to use the dirty cow exploit, but for me this method only ended up giving me the aforementioned error and I'm currently waiting on suggestions to successfully flash the bootloader/downgrade to v20l and researching other possible options.

So.. I am a newbee of LG machine.

Can you upload your modified LGUP?

I have the same problem with all of you here, the machine accidentally upgraded by OTA to Nougat - My MM H901 was rooted(systemless) and without TWRP.
So now, my H901 is not-rooted Nougat with unlocked bootloader.

I used QFIL on Lenovo machine before and I hope it can work with LG V10 also.

Maybe I misunderstand something - With unlocked bootloader, I can not boot to EDL mode? So if I lock the bootloader, Can I boot to EDL?
Can we use QFIL to flash all partitions of MM ?
Sorry , I don't know If LGUP can do everything like QFIL.
 
  • Like
Reactions: WonDerDaVe

chin'ah.girl

Member
Sep 10, 2017
36
12
A distant valley...
So.. I am a newbee of LG machine.

Can you upload your modified LGUP?

I have the same problem with all of you here, the machine accidentally upgraded by OTA to Nougat - My MM H901 was rooted(systemless) and without TWRP.
So now, my H901 is not-rooted Nougat with unlocked bootloader.

I used QFIL on Lenovo machine before and I hope it can work with LG V10 also.

Maybe I misunderstand something - With unlocked bootloader, I can not boot to EDL mode? So if I lock the bootloader, Can I boot to EDL?
Can we use QFIL to flash all partitions of MM ?
Sorry , I don't know If LGUP can do everything like QFIL.

I no longer have the modified LGUP, after wasting 2 days on trying to replicate downgrade procedures that worked on other LG models I deleted it from my computer as it doesn't work for the v10 the same way; at least not for me. However if you would like to try it for yourself follow smitel's guide at this thread.

As far as EDL/9008 mode are concerned they have been disabled in adb and fastboot on the Nougat ROM. runningnak3d was originally trying to get into EDL mode at the beginning of this thread by intentionally bricking his device through either improper flashing or the testpoint method. However he fried his motherboard and has since given up on that method since it wouldn't be worth the risk for other users to replicate. So it's safe to say that method is not an option.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 7
    I haven't disappeared -- I am working on a way to root Nougat for people that took the OTA or flashed the KDZ.

    I need someone that has done that to do a test.

    Need to see if the Nougat ROM still has EDL. If someone could try:

    adb reboot EDL

    and then hook your phone up to a Windows box and see if it shows up as 9008 HS-USB qdloader. This will not brick your phone, but this IS the mode that bricked phones go into.

    Once you have checked, you can pull your battery, and your phone will reboot.

    Once I know for certain that aboot on Nougat still has EDL, I can keep going.

    -- Brian
    5
    If it is 6.0, then you can just unlock your boot loader, and use fastboot to flash TWRP. If you are on 6.0.1, then there is a thread on how to use dirtycow.

    If this phone had more devs I would be glad to do personal help, but I can't do that since there is so much else to do.

    To everyone else, I trust the OTA Nougat root method, but I am doing two things:

    1 - getting the size of the image down. It was unweildy at 64gig.
    2 - making SURE I don't include any partitions that contain sensitive data. For example, the EFS partition has my IMEI. Don't want that out there. But the image has to boot.

    The image that was posted to debrick 9008 issues was simple, only needed to get into download mode. This is a little more complicated, but it is coming.
    4
    Even though I gave up on the V10 (couldn't get a decent board, and I'm not buying another one) root is coming soon for Nougat on the H901 -- in a round about way. While I won't be able to test it, it should be completely safe.

    I (or maybe someone will beat me to it) need to patch LG UP for this device. See this thread, and be sure to thank @smitel.

    Once we have a patched LG UP, then it is a breeze to roll back. I just tested this with a V20 by not only rolling back, but flashing another variant -- had a modem issue and bricked my phone, but that wasn't related :)

    Once you are back on MM v20L, just use dirtycow, and viola, root. Flash the Nougat zips, and Nougat with root.

    -- Brian
    3
    Well, I found a method that works, but it is risky -- requires a leap of faith, and bricking your phone.

    The basics are:

    * Put your phone into download mode
    * Start flashing the Nougat KDZ
    * At 15% -- pull the USB cable. Yep, you read that right.
    * Download the image that I will post once I am sure this procedure is at least a LITTLE safer.
    * Write image to SD card
    * Pull battery
    * Insert SD card
    * reinsert battery
    * Watch phone boot into Marshmallow
    * adb reboot recovery
    * Flash the zip that I will be posting along with the SDcard image.

    I am REAL hesitant to post the files needed to do this, because I would feel awful if someones phone bricked, and stayed bricked.
    I have tested this myself, and it works. However, the fact that there are people having power issues, while others aren't. Some people are having performance problems, while others aren't -- really makes me leery.
    There seem to be too many variations of hardware out there. What works for me, may not work for someone else.

    I am going to do some more testing tonight (never deliberately bricked my phone so many times in one day :) ), and I will decide tomorrow.

    The good news is -- it IS possible to root if you took the OTA / flashed the KDZ / used LG Bridge / etc....
    2
    @jass65 Once you are booted from the SD card, you can flash whatever you want. I will have to pull the partitions out of the MM KDZ, but I can make you a zip that will get you back to stock MM with TWRP -- you would just need to root then.

    Getting to EDL is the key, it doesn't matter what method that you use. You can either use my "deliberately brick your phone" method, or the testpin method.

    I will see how my evening goes. Hopefully I will have something for you tomorrow. I definitely have more time now that I know at least ONE method works.

    -- Brian
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone