# [ROM][GUIDE] LG Optimus Zone 3 (LG VS425PP) Stock 5.1.1 Firmware & Restoration



## MotoJunkie01 (Dec 8, 2016)

LG OPTIMUS ZONE 3 - UNBRICKING GUIDE AND 5.1.1 FACTORY FIRMWARE 

     This guide has two main objectives: (1) for those with a bricked device who want to restore to the latest factory firmware image; and (2) those who need .kdz Stock 5.1.1 Factory Firmware files.

*1. UNBRICKING THE LGVS425PP:*
     The Verizon LGVS425PP comes, pre-installed on the device, a Windows compatible LG Software Upgrade and Repair utility. When connected via micro USB cable, your device will connect to your PC as an installer and, if you look in your PC directory, you will see an installation directory for the Verizon LG utility. Inside that directory is an .exe file that will install the upgrade/repair utility on your PC. When launched, the utility will auto detect your device, determine if a firmware update is available, and give you an option to repair your device. The repair option will backup your existing userdata (depending on the level of damage to the firmware), download the most recent firmware build for your device, and flash your device to complete stock condition. 
     Of course, there are those who bricked their devices before being able to install the Verizon LG Upgrade/Repair utility on their PCs. And this utility appears difficult to locate for download on the internet. So, below is a download link for the utility:
*DOWNLOAD LINK*
https://drive.google.com/drive/folders/0B1Sfod4HWfk2elpGQ3JEbzF4Q0E?usp=sharing

     The Verizon LG utility should install the correct USB mobile drivers on your PC. But just in case any driver issues arise, download and install the following LG United Mobile Driver package:
*DOWNLOAD LINK*
https://drive.google.com/file/d/0B1Sfod4HWfk2RHY2c29mTWg1Rkk/view?usp=sharing

     Once the utility is launched, make sure your PC is connected to the internet, put your device in download mode by holding +Volume while connecting your micro USB cable for your PC connection. The utility will then detect your device. Select the REPAIR option and follow the on-screen instructions.

*2. STOCK  5.1.1 FACTORY FIRMWARE*
     The following link is for four software versions of stock 5.1.1 Factory Firmware .kdz files for the Optimus Zone 3: VS425PP2, VS425PP4, VS425PP7 & VS425PP8. Also in the link is the LG United Mobile Driver, the LG-UP flashing tool, and the LG-UP .DLL for the VS425PP. Use these tools at your own risk. I am not responsible for bricked or inoperable devices.  I want to thank each and every member in this thread who has tested and reported their findings and issues. That narrows it down greatly. And thanks guys for your patience. 
     As to rooting the Zone 3, several recent advancements have been achieved and full root access is now possible. Thanks to @Astr4y4L, a comprehensive root package is available for download. http://astrayalslanding.dynu.net:88/Android_Development/ Click on this link and scroll down the the bottom and click the projects link. His package includes precise instructions and alI the files you will  need to root this phone. I am currently drafting a concise tutorial for downgrading this phone. Instructions for downgrading  can be found within this  thread, albeit somewhat scattered. I will update the OP accordingly as further progress is made. Guys, please be sure to thank @Astr4y4L for his unceasing hard work and development on this device. If you like his work and benefit from it, donations are always nice, even if just a couple bucks. 

*DOWNLOAD LINK*
https://drive.google.com/drive/folders/0B1Sfod4HWfk2MUwxNk1oeXJCZEE?usp=sharing


----------



## Metalchic (Dec 8, 2016)

I was attempting to test this on a phone i purchased just yesterday. The about phone section identifies this phone as a vs425pp but under the battery it's identified as a VS425*L*PP.

The drivers install successfully. The LGUP and LGUP .dll install fine. But when i start LGUP i get an error saying that it can't load the model. looks like i can't attach a picture probably because i'm new but i do have screencaps. I've tried it on my laptop where i do most of my android stuff and on my desktop, same problem on both. According to the LG Mobile Support Tool this one has VS245PP5 installed. 

LGUP will start without the phone connected telling me there is no compatible handset attached and then show me a com window. But when i connect the phone it throws the same error and exits.


----------



## wperdigon (Dec 9, 2016)

I must be the biggest idiot, because I cannot figure out how to get into download mode - I power off the device, then while holding the power and volume up key I plug in the usb cord from the Computer. I get the buzzing on the phone, the Verizon logo comes up, and i'm on the home screen. What am I doing wrong?

---------- Post added at 12:55 AM ---------- Previous post was at 12:51 AM ----------

never mind, I got it - it's the volume down and power, not volume up -

---------- Post added at 01:00 AM ---------- Previous post was at 12:55 AM ----------

ok, apparently, that's the restore function, not the download mode - I can't seem to figure out the combo of buttons for the download mode - as above, I go volume up and power then when it vibrates I plug it in?? any suggestions??


----------



## MotoJunkie01 (Dec 9, 2016)

wperdigon said:


> I must be the biggest idiot, because I cannot figure out how to get into download mode - I power off the device, then while holding the power and volume up key I plug in the usb cord from the Computer. I get the buzzing on the phone, the Verizon logo comes up, and i'm on the home screen. What am I doing wrong?
> 
> ---------- Post added at 12:55 AM ---------- Previous post was at 12:51 AM ----------
> 
> ...

Click to collapse



I just hold volume up and keep it help while connecting the micro USB


----------



## MotoJunkie01 (Dec 9, 2016)

Metalchic said:


> I was attempting to test this on a phone i purchased just yesterday. The about phone section identifies this phone as a vs425pp but under the battery it's identified as a VS425LPP.
> 
> The drivers install successfully. The LGUP and LGUP .dll install fine. But when i start LGUP i get an error saying that it can't load the model. looks like i can't attach a picture probably because i'm new but i do have screencaps. I've tried it on my laptop where i do most of my android stuff and on my desktop, same problem on both. According to the LG Mobile Support Tool this one has VS245PP5 installed.
> 
> LGUP will start without the phone connected telling me there is no compatible handset attached and then show me a com window. But when i connect the phone it throws the same error and exits.

Click to collapse



With your device connected go to Device Manager. Look under Portable Devices, Ports and Com's, etc and look for LGE notations of your device. If you see a yellow question mark by any of the LGE notations, your issue is drivers.


----------



## Metalchic (Dec 9, 2016)

MotoJunkie01 said:


> With your device connected go to Device Manager. Look under Portable Devices, Ports and Com's, etc and look for LGE notations of your device. If you see a yellow question mark by any of the LGE notations, your issue is drivers.

Click to collapse



i have a 
Modems > LGE Mobile for VZW USB Modem - Operational
Ports (COM & LPT )> LGE Mobile for VZW USB Serial Port (COM4) - Operational
Portable Devices > LGE Android MTP Device - Code 10 device cannot start

I initially had the 4.1.1 drivers installed from the LG Mobile Support Tool. After uninstalling those and installing the 4.0.4 version from this thread i still have Code 10 error on LGE Android MTP Device.


----------



## MotoJunkie01 (Dec 9, 2016)

Metalchic said:


> i have a
> Modems > LGE Mobile for VZW USB Modem - Operational
> Ports (COM & LPT )> LGE Mobile for VZW USB Serial Port (COM4) - Operational
> Portable Devices > LGE Android MTP Device - Code 10 device cannot start
> ...

Click to collapse



Ok I have seen that MTP Device error before. It is not uncommon. Search the forums for a driver resolution. Off top of my head I cannot recall, but I do know there are threads on it.


----------



## Metalchic (Dec 9, 2016)

MotoJunkie01 said:


> Ok I have seen that MTP Device error before. It is not uncommon. Search the forums for a driver resolution. Off top of my head I cannot recall, but I do know there are threads on it.

Click to collapse



The initial solution was to reinstall the drivers, did not work.
Second solution discovered in reference to samsung devices was to delete a registry key called UpperFilters from the WPD section. Did not work.
The third solution i've found involves downloading the Android SDK and installing it.

This last one seems sort of like a nuclear option. But i'm running out of ideas. the MTP and PTP transfer modes install and start correctly when the device is booted normally but when booted into download mode it just goes code 10. I'm working on the third option now but it will take a while to download.


----------



## MotoJunkie01 (Dec 9, 2016)

Metalchic said:


> The initial solution was to reinstall the drivers, did not work.
> Second solution discovered in reference to samsung devices was to delete a registry key called UpperFilters from the WPD section. Did not work.
> The third solution i've found involves downloading the Android SDK and installing it.
> 
> This last one seems sort of like a nuclear option. But i'm running out of ideas. the MTP and PTP transfer modes install and start correctly when the device is booted normally but when booted into download mode it just goes code 10. I'm working on the third option now but it will take a while to download.

Click to collapse



Yes that SDK is a bulk of a download and installation. But may be your fix. Very odd I agree


----------



## Metalchic (Dec 9, 2016)

MotoJunkie01 said:


> Yes that SDK is a bulk of a download and installation. But may be your fix. Very odd I agree

Click to collapse



It didn't work. Still code 10. I tried on a third computer, an old Dell laptop running Windows XP. It gave a strange error Code 28 saying something about an invalid service section of the INF. But i think this may be a red herring and actually be caused by Windows Media Player 11 not being installed. I'll have to setup an installation of Windows 7 to try that.

Edit: looks like i'm going to have to give up trying to fix the code 10 error because NONE of the information from google is relevant to this. All the information is for the phone being started normally and being unable to access the MTP file transfer through normal working operation. None of it relates to this "download mode" that LG has implemented. I wish this were easy like my Galaxy Nexus was back in the day.


----------



## MotoJunkie01 (Dec 9, 2016)

Metalchic said:


> It didn't work. Still code 10. I tried on a third computer, an old Dell laptop running Windows XP. It gave a strange error Code 28 saying something about an invalid service section of the INF. But i think this may be a red herring and actually be caused by Windows Media Player 11 not being installed. I'll have to setup an installation of Windows 7 to try that.

Click to collapse



OK. Let me know..


----------



## MotoJunkie01 (Dec 9, 2016)

Metalchic said:


> It didn't work. Still code 10. I tried on a third computer, an old Dell laptop running Windows XP. It gave a strange error Code 28 saying something about an invalid service section of the INF. But i think this may be a red herring and actually be caused by Windows Media Player 11 not being installed. I'll have to setup an installation of Windows 7 to try that.
> 
> Edit: looks like i'm going to have to give up trying to fix the code 10 error because NONE of the information from google is relevant to this. All the information is for the phone being started normally and being unable to access the MTP file transfer through normal working operation. None of it relates to this "download mode" that LG has implemented. I wish this were easy like my Galaxy Nexus was back in the day.

Click to collapse



Yeah tell me about it. The good ol' Nexus days were much simpler. I'm like you....I think its a Red Herring of some sort you are dealing with. Something so obvious and so simple that it is hiding behind a thin wall.
I'm searching right now trying to help too.


----------



## roscoemctavish (Dec 9, 2016)

Hi MotoJunkie01,
I appreciate you putting together this guide but I have to say that I no further along than everyone else here.  Similar to Metalchic I received the "can't load model" error from LGUP.  Googling around i found that I was missing the LGUP_common.dll file.  Found that and LGUP opened fine and found my device.  Tried to flash VS425PP2 kdz got to about 9% and received "Secure device, But Unsecure image" error.  And that's as far as i got.  

As far as the LG Android MTP driver goes i also receive the code 10 cannot start error but only when the phone is in download mode.  Otherwise the driver loads fine when the phone is "booted".  I dont know jack about rooting phones and have never done it before.  I had this one lying around and thought I'd try it.  Hopefully all this helps to narrow down the issue.


----------



## MotoJunkie01 (Dec 9, 2016)

roscoemctavish said:


> Hi MotoJunkie01,
> I appreciate you putting together this guide but I have to say that I no further along than everyone else here. Similar to Metalchic I received the "can't load model" error from LGUP. Googling around i found that I was missing the LGUP_common.dll file. Found that and LGUP opened fine and found my device. Tried to flash VS425PP2 kdz got to about 9% and received "Secure device, But Unsecure image" error. And that's as far as i got.
> 
> As far as the LG Android MTP driver goes i also receive the code 10 cannot start error but only when the phone is in download mode. Otherwise the driver loads fine when the phone is "booted". I dont know jack about rooting phones and have never done it before. I had this one lying around and thought I'd try it. Hopefully all this helps to narrow down the issue.

Click to collapse



Thanks for pointing out the common .dll file. I will edit that in my thread for download. I am not sure on the MTP error. I have two of these Zone 3s lying around and neither gives any type of error on MTP. Almost certainly sounds like a driver related issue though. Im going to uninstall drivers and everything on my end, do factory resets, and reinstall everything and walk back through the process from scratch. See if I can pinpoint the issue.


----------



## Metalchic (Dec 9, 2016)

MotoJunkie01 said:


> Thanks for pointing out the common .dll file. I will edit that in my thread for download. I am not sure on the MTP error. I have two of these Zone 3s lying around and neither gives any type of error on MTP. Almost certainly sounds like a driver related issue though. Im going to uninstall drivers and everything on my end, do factory resets, and reinstall everything and walk back through the process from scratch. See if I can pinpoint the issue.

Click to collapse



like roscoemctavish i was able to grab the LGUP_common.dll file and put it into ..\LG Electronics\LGUP\model\common and then LGUP started detecting my phone. It only takes the kdz file type under the Upgrade selection. But like roscoemctavish i ran into the 'unsecured image secured device' error. Still code 10 on the MTP driver but i don't think it's related to this. Maybe though.


----------



## MotoJunkie01 (Dec 9, 2016)

Metalchic said:


> like roscoemctavish i was able to grab the LGUP_common.dll file and put it into ..\LG Electronics\LGUP\model\common and then LGUP started detecting my phone. It only takes the kdz file type under the Upgrade selection. But like roscoemctavish i ran into the 'unsecured image secured device' error. Still code 10 on the MTP driver but i don't think it's related to this. Maybe though.

Click to collapse



So in your instance, did the .kdz file flash for you with no issue or did it stop at some point?


----------



## Metalchic (Dec 9, 2016)

MotoJunkie01 said:


> So in your instance, did the .kdz file flash for you with no issue or did it stop at some point?

Click to collapse



stopped at 9% with the "Secure device, But Unsecure image" error the other guy was having.


----------



## MotoJunkie01 (Dec 9, 2016)

Metalchic said:


> stopped at 9% with the "Secure device, But Unsecure image" error the other guy was having.

Click to collapse



OK. So both you guys having the stop at 9% please try this. Rename the VS425PP2 file to the filename VS425PP6. Then flash the .kdz.


----------



## MotoJunkie01 (Dec 9, 2016)

For now I'm editing the thread down to unbricking via the Verizon LG utility and I'll give links to the .kdz files. It's back to the drawing board guys. I'm very sorry. Please know that I am working hard on it.


----------



## roscoemctavish (Dec 9, 2016)

MotoJunkie01 said:


> For now I'm editing the thread down to unbricking via the Verizon LG utility and I'll give links to the .kdz files. It's back to the drawing board guys. I'm very sorry. Please know that I am working hard on it.

Click to collapse



No worries man and I appreciate just having this as a potential option.  If it matters I have tried to root my phone with Kingoroot.  Of course it fails but the software status has changed to "modified".  Current software version is VS425PP5.  

I did try changing the filename "VS425PP2_02_ARB00.kdz" to "VS425PP6.kdz" and flashing with the same result (Stops at 9% with unsecure image error).  There is a log file in the "\LGUP\model\common\LOG" folder which when opened in notepad produces unreadable text.  Let me know if I can provide anything else.
Thanks!


----------



## MotoJunkie01 (Dec 9, 2016)

roscoemctavish said:


> No worries man and I appreciate just having this as a potential option. If it matters I have tried to root my phone with Kingoroot. Of course it fails but the software status has changed to "modified". Current software version is VS425PP5.
> 
> I did try changing the filename "VS425PP2_02_ARB00.kdz" to "VS425PP6.kdz" and flashing with the same result (Stops at 9% with unsecure image error). There is a log file in the "\LGUP\model\common\LOG" folder which when opened in notepad produces unreadable text. Let me know if I can provide anything else.
> Thanks!

Click to collapse



You're a damn good tester. For sure. Very detailed and methodical. I appreciate your work. There is the option of flashing the Zone 3 with LG K4 firmware since they are the exact same phone. I'm looking into that now. I never had a problem with the "downgrading" method I posted because my Zone 3s have always kept VS425PP2. So mine wasn't actually "downgrading" Anyway if you can -- and I can confirm it has been done -- help me look into this K4 idea. Thanks much....
Hey if it is not much trouble, could you link the common .dll needed for the LG-UP flash tool. I am at work and cannot access my stuff. Thanks. I will include it in the OP ASAP.


----------



## Metalchic (Dec 9, 2016)

MotoJunkie01 said:


> For now I'm editing the thread down to unbricking via the Verizon LG utility and I'll give links to the .kdz files. It's back to the drawing board guys. I'm very sorry. Please know that I am working hard on it.

Click to collapse



I think what is happening here is that both our devices came with VS425PP5 installed from the factory. I hope you are able to get it figured out. And I will be here to test it again if you discover anything. There's no need to apologize, this phone is still pretty new so it makes sense that we don't know much about it yet. Especially since LG seems to be actively fighting against breaking into it.


----------



## MotoJunkie01 (Dec 9, 2016)

Metalchic said:


> I think what is happening here is that both our devices came with VS425PP5 installed from the factory. I hope you are able to get it figured out. And I will be here to test it again if you discover anything. There's no need to apologize, this phone is still pretty new so it makes sense that we don't know much about it yet. Especially since LG seems to be actively fighting against breaking into it.

Click to collapse



No mine actually both came with VS425PP2 and both are fully rooted. My problem with the tutorial is that I couldn't actually confirm the "downgrading" theory because mine was already VS425PP2.


----------



## MotoJunkie01 (Dec 9, 2016)

MotoJunkie01 said:


> No mine actually both came with VS425PP2 and both are fully rooted. My problem with the tutorial is that I couldn't actually confirm the "downgrading" theory because mine was already VS425PP2.

Click to collapse



In the other thread you will notice that I actually provided links to my fully rooted VS425PP2 /system, /boot and /recovery dumps. They are fastboot flashable images. So if booting into fastboot was an option, my prerooted ROM could actually be flashed to other devices.
    Here is the thread. http://forum.xda-developers.com/android/general/lg-optimus-zone-3-lgvs425pp-stock-t3319566/page10
See Page 3


----------



## MotoJunkie01 (Dec 9, 2016)

Metalchic said:


> I think what is happening here is that both our devices came with VS425PP5 installed from the factory. I hope you are able to get it figured out. And I will be here to test it again if you discover anything. There's no need to apologize, this phone is still pretty new so it makes sense that we don't know much about it yet. Especially since LG seems to be actively fighting against breaking into it.

Click to collapse



I would like for you to look into my pre-rooted factory VS425PP2 images on the above  link. If we can get into fastboot mode, the puzzle may be solved.


----------



## roscoemctavish (Dec 9, 2016)

MotoJunkie01 said:


> You're a damn good tester. For sure. Very detailed and methodical. I appreciate your work. There is the option of flashing the Zone 3 with LG K4 firmware since they are the exact same phone. I'm looking into that now. I never had a problem with the "downgrading" method I posted because my Zone 3s have always kept VS425PP2. So mine wasn't actually "downgrading" Anyway if you can -- and I can confirm it has been done -- help me look into this K4 idea. Thanks much....
> Hey if it is not much trouble, could you link the common .dll needed for the LG-UP flash tool. I am at work and cannot access my stuff. Thanks. I will include it in the OP ASAP.

Click to collapse



I just googled around and found it.  Don't know if it is the right one or not but seemed to get past the model not found error initially.  I cant post links because my account is too new.  Found a common dll file on adroidesage dot com about upgrading a LG v10 to marshmallow.  IDK maybe that's the problem.


----------



## Metalchic (Dec 9, 2016)

MotoJunkie01 said:


> No mine actually both came with VS425PP2 and both are fully rooted. My problem with the tutorial is that I couldn't actually confirm the "downgrading" theory because mine was already VS425PP2.

Click to collapse



no i mean mine and roscoemctavish's phones came with VS425PP5 or something. Mine did not come with VS425PP2 it game with 5. Considering that the tool starts to do something it might be worth looking into. Maybe interrupting the process or picking apart what it's flashing app LGUP is doing might be able to trick the phone into fastboot mode. Or maybe it's just fastboot that responds to a custom set of commands.

Edit: looking at theLGUP application i'm thinking that it might actually be an emulated serial device.


----------



## MotoJunkie01 (Dec 9, 2016)

Metalchic said:


> no i mean mine and roscoemctavish's phones came with VS425PP5 or something. Mine did not come with VS425PP2 it game with 5. Considering that the tool starts to do something it might be worth looking into. Maybe interrupting the process or picking apart what it's flashing app LGUP is doing might be able to trick the phone into fastboot mode. Or maybe it's just fastboot that responds to a custom set of commands.
> 
> Edit: looking at theLGUP application i'm thinking that it might actually be an emulated serial device.

Click to collapse



Oh OK. Good work man. We are going to figure this thing out. Also, a known workaround to get into fastboot on LG devices is to nuke the /laf partition. During bootup when /aboot can't find /laf, it forces boot into fastboot. But without root, nuking /laf may not be feasible.


----------



## wperdigon (Dec 12, 2016)

any updates on this?


----------



## MotoJunkie01 (Dec 12, 2016)

wperdigon said:


> any updates on this?

Click to collapse



Maybe so. Was speaking today with the owner of a couple of  LG Optimus G series devices. Using LG-UP he has been able to successfully upgrade and downgrade the .kdz firmwares for that device. In turn he is showing me a few of the rudimentary principles of downgrading firmware on LG devices.


----------



## tromal (Dec 12, 2016)

Hi,

For those who still have root, have you unlocked the phone? were you able to use it with another carrier? like the Moto E last year

Thanks


----------



## MotoJunkie01 (Dec 12, 2016)

Yes. GSM unlock is still holding via root. This device is GSM unlockable in much the same way as the Lg Tribute 5, with replacement node.db and node-journal.db files in /root/carrier/app, and the standard "SPR" edit in build.prop. I'm still running the old LGVS425PP2. 

 Sent from my Galaxy Note 5 using XDA Labs.


----------



## wperdigon (Dec 12, 2016)

MotoJunkie01 said:


> Maybe so. Was speaking today with the owner of a couple of  LG Optimus G series devices. Using LG-UP he has been able to successfully upgrade and downgrade the .kdz firmwares for that device. In turn he is showing me a few of the rudimentary principles of downgrading firmware on LG devices.

Click to collapse



excellent! so glad to hear this =)


----------



## tromal (Dec 13, 2016)

MotoJunkie01 said:


> Yes. GSM unlock is still holding via root. This device is GSM unlockable in much the same way as the Lg Tribute 5, with replacement node.db and node-journal.db files in /root/carrier/app, and the standard "SPR" edit in build.prop. I'm still running the old LGVS425PP2.
> 
> Sent from my Galaxy Note 5 using XDA Labs.

Click to collapse



Great ! thanks
Hope will soon be able to downgrade it


----------



## iHelp101 (Dec 16, 2016)

I found a way to downgrade. Keep in mind doing this is risky. I used KDZ extractor (XDA thread linked below) on the PP2 KDZ. I extracted the DZ and DLL file. I replaced the DLL just in case with the one from the KDZ (Program Files(x86)/LG Electronics/LGUP/model/VS425PP). I opened LGUP and changed the BIN file to the DZ previously extracted. After that it made it past the initial 9%, flashed modem, etc. It will reboot the device at 80%. This is where I had issues and why I warned you earlier.

For me it would boot, factory reset, reboot, screen would flash, and repeat. This occurred about 10 tens until finally arriving at the Verizon logo and fully booting. I don't know if it was a one time bug with my device or if downgrading can have issues. After fully booting I verified I was on VS425PP2 and was able to root the device. Again, do this at your own risk. In theory if you mess anything up you can boot back to download mode, but would have to update to VS425PP6 (Unless someone has the VS425PP5 KDZ). 

http://forum.xda-developers.com/showthread.php?t=2600575


----------



## MotoJunkie01 (Dec 16, 2016)

iHelp101 said:


> I found a way to downgrade. Keep in mind doing this is risky. I used KDZ extractor (XDA thread linked below) on the PP2 KDZ. I extracted the DZ and DLL file. I replaced the DLL just in case with the one from the KDZ (Program Files(x86)/LG Electronics/LGUP/model/VS425PP). I opened LGUP and changed the BIN file to the DZ previously extracted. After that it made it past the initial 9%, flashed modem, etc. It will reboot the device at 80%. This is where I had issues and why I warned you earlier.
> 
> For me it would boot, factory reset, reboot, screen would flash, and repeat. This occurred about 10 tens until finally arriving at the Verizon logo and fully booting. I don't know if it was a one time bug with my device or if downgrading can have issues. After fully booting I verified I was on VS425PP2 and was able to root the device. Again, do this at your own risk. In theory if you mess anything up you can boot back to download mode, but would have to update to VS425PP6 (Unless someone has the VS425PP5 KDZ).
> 
> http://forum.xda-developers.com/showthread.php?t=2600575

Click to collapse



Great work!!


----------



## Merazomo (Dec 16, 2016)

iHelp101 said:


> I found a way to downgrade. Keep in mind doing this is risky. I used KDZ extractor (XDA thread linked below) on the PP2 KDZ. I extracted the DZ and DLL file. I replaced the DLL just in case with the one from the KDZ (Program Files(x86)/LG Electronics/LGUP/model/VS425PP). I opened LGUP and changed the BIN file to the DZ previously extracted. After that it made it past the initial 9%, flashed modem, etc. It will reboot the device at 80%. This is where I had issues and why I warned you earlier.
> 
> For me it would boot, factory reset, reboot, screen would flash, and repeat. This occurred about 10 tens until finally arriving at the Verizon logo and fully booting. I don't know if it was a one time bug with my device or if downgrading can have issues. After fully booting I verified I was on VS425PP2 and was able to root the device. Again, do this at your own risk. In theory if you mess anything up you can boot back to download mode, but would have to update to VS425PP6 (Unless someone has the VS425PP5 KDZ).
> 
> http://forum.xda-developers.com/showthread.php?t=2600575

Click to collapse



I was able to downgrade as well, but my VS425PP5 doesn't like VS425PP2 at all. The phone just keeps bootlooping after every restart. Eventually it boots up, but not after bootlooping 10 to 20 times. VS425PP6 and VS425PP4 boot up just fine without any problems. Other than the boot problem, VS425PP2 seems to be working just fine up until the time I try to root it, then it goes crazy again. I was going to try to flash that "LG Optimus Zone 3 (VS425pp) 5.1.1 Stock ROM, Rooted, Debloated, and injected with BusyBox & SuperSU binaries" image, but every time I boot into fastboot, the bootloop gets me out of fastboot and keeps on bootlooping.


----------



## xeduran (Dec 16, 2016)

I was able to downgrade as well, but my phone's screen was completely corrupt.  It was a white screen with black horizontal lines.  The touch screen was still responsive, but I could not see anything.  Does the dll matter?  If so, I am not sure I used the correct one in the correct path.  I was able to get my phone back up and running by flashing VS425PP6 (phone shipped with VS425PP5), but PP2 gave me the corrupt screen issue.  It had multiple reboots as well, but finally settled down.  Major issue was not having a screen to see what I was doing.


----------



## Merazomo (Dec 16, 2016)

iHelp101 said:


> I found a way to downgrade. Keep in mind doing this is risky. I used KDZ extractor (XDA thread linked below) on the PP2 KDZ. I extracted the DZ and DLL file. I replaced the DLL just in case with the one from the KDZ (Program Files(x86)/LG Electronics/LGUP/model/VS425PP). I opened LGUP and changed the BIN file to the DZ previously extracted. After that it made it past the initial 9%, flashed modem, etc. It will reboot the device at 80%. This is where I had issues and why I warned you earlier.
> 
> For me it would boot, factory reset, reboot, screen would flash, and repeat. This occurred about 10 tens until finally arriving at the Verizon logo and fully booting. I don't know if it was a one time bug with my device or if downgrading can have issues. After fully booting I verified I was on VS425PP2 and was able to root the device. Again, do this at your own risk. In theory if you mess anything up you can boot back to download mode, but would have to update to VS425PP6 (Unless someone has the VS425PP5 KDZ).
> 
> http://forum.xda-developers.com/showthread.php?t=2600575

Click to collapse



If it's not too much trouble, which is the method you used to root the device? Was it KingRoot? I used the newer version of KingRoot, and it shuts off the phone on the third-step, triggering the bootloop. Thanks.


----------



## iHelp101 (Dec 16, 2016)

Merazomo said:


> If it's not too much trouble, which is the method you used to root the device? Was it KingRoot? I used the newer version of KingRoot, and it shuts off the phone on the third-step, triggering the bootloop. Thanks.

Click to collapse



I used Kingroot 4.5 from APKMirror. I did originally have the flashing screen issue that would result in a reboot as I said in my post. But it only happened that one time. I have rebooted my device multiple times to make sure and I never get in this bootloop anymore. I am not sure exactly why it is working for me. It is the main reason I gave a disclaimer since the initial bootloop/flashing screen issue scared me.


----------



## xeduran (Dec 16, 2016)

iHelp101 said:


> I used Kingroot 4.5 from APKMirror. I did originally have the flashing screen issue that would result in a reboot as I said in my post. But it only happened that one time. I have rebooted my device multiple times to make sure and I never get in this bootloop anymore. I am not sure exactly why it is working for me. It is the main reason I gave a disclaimer since the initial bootloop/flashing screen issue scared me.

Click to collapse



When you say you replaced the dll file, did you take the dll file from the extracted kdz file and use that in the common folder for lgup?


----------



## iHelp101 (Dec 16, 2016)

xeduran said:


> When you say you replaced the dll file, did you take the dll file from the extracted kdz file and use that in the common folder for lgup?

Click to collapse



Correct, they are probably the same DLL files. However, I did it just in case. I put the DDL file from the KDZ file in the model/VS425PP/ folder. I has to rename it to match the original name.

---------- Post added at 07:34 PM ---------- Previous post was at 07:17 PM ----------




xeduran said:


> I was able to downgrade as well, but my phone's screen was completely corrupt.  It was a white screen with black horizontal lines.  The touch screen was still responsive, but I could not see anything.  Does the dll matter?  If so, I am not sure I used the correct one in the correct path.  I was able to get my phone back up and running by flashing VS425PP6 (phone shipped with VS425PP5), but PP2 gave me the corrupt screen issue.  It had multiple reboots as well, but finally settled down.  Major issue was not having a screen to see what I was doing.

Click to collapse



Interesting, maybe LG is making revisions that require VS425PP5+. That would be my best guess. I am assuming a batch of devices still allow downgrading (Like mine), but others may have been updated to prevent downgrading or something. I linked an example image below from an S3 that has a display issue that sounds similar. Is this what it is looking like?

http://android.stackexchange.com/questions/105388/my-galaxy-s3-has-a-white-screen-with-grey-lines


----------



## xeduran (Dec 16, 2016)

iHelp101 said:


> Correct, they are probably the same DLL files. However, I did it just in case. I put the DDL file from the KDZ file in the model/VS425PP/ folder. I has to rename it to match the original name.
> 
> ---------- Post added at 07:34 PM ---------- Previous post was at 07:17 PM ----------
> 
> ...

Click to collapse



Yes very similar to that.  As if the drivers for the screen or different.  Touch still works, I just cannot see what I am doing.


----------



## iHelp101 (Dec 16, 2016)

xeduran said:


> Yes very similar to that.  As if the drivers for the screen or different.  Touch still works, I just cannot see what I am doing.

Click to collapse



It could be they made a hardware/firmware revision that makes the display require a newer driver included in VS425PP5+. That seems like a possibility. I wish I had an answer that would allow you to downgrade, but it seems like Verizon and LG really want to lock down these devices.  Sorry for any false hope.


----------



## xeduran (Dec 16, 2016)

iHelp101 said:


> It could be they made a hardware/firmware revision that makes the display require a newer driver included in VS425PP5+. That seems like a possibility. I wish I had an answer that would allow you to downgrade, but it seems like Verizon and LG really want to lock down these devices.  Sorry for any false hope.

Click to collapse



No need to apologize, it was worth a try.  Thanks for your help anyway.


----------



## klaiiii (Dec 16, 2016)

xeduran said:


> No need to apologize, it was worth a try.  Thanks for your help anyway.

Click to collapse





iHelp101 said:


> It could be they made a hardware/firmware revision that makes the display require a newer driver included in VS425PP5+. That seems like a possibility. I wish I had an answer that would allow you to downgrade, but it seems like Verizon and LG really want to lock down these devices.  Sorry for any false hope.

Click to collapse



Would it be possible to extract the drivers from a later build to the previous VS425PP2 build? That may solve the screen and the instability issue?


----------



## iHelp101 (Dec 16, 2016)

klaiiii said:


> Would it be possible to extract the drivers from a later build to the previous VS425PP2 build? That may solve the screen and the instability issue?

Click to collapse



If the driver theory is correct it would be part of the kernel. Fastboot mode is likely the answer to all the issues. LG devices to my knowledge requires the LAF partition to be "nuked" to boot fastboot usually.


----------



## brad49201 (Dec 16, 2016)

*Unlock*

Is there a way to just unlock the provider so I can use another sim card? Change nothing else, just leave it stock. Right now all I can use is data, sort of. 

Thank you.


----------



## Merazomo (Dec 16, 2016)

I've tried just about everything in my power to root the phone, but nothing is working. I'm sure the Firmware is tied up in some way, to the hardware of the phone as far as security. That's why downgrading and upgrading is not really a problem; at least in my case. The real problem is that all KingRoot versions either don't work, or it fake roots the phone. It says that root has been applied, but all the apps that require root, still ask for root. At least I was able to downgrade from VS425PP5 to VS425PP4, which is a lot smoother and less laggy. So it was well worth it.


----------



## wperdigon (Dec 17, 2016)

forgive me, i don't know what any of this DLL and what not means - is there a simple way to explain it to noobs like myself what this all means and how we can get our devices with the right software to be able to root? i really would appreciate it =) thank you


----------



## xeduran (Dec 17, 2016)

So I tried the downgrade with a second phone I had.  That one did not have the corrupt screen issue.  It did bootloop for quite a while before finally booting all the way in.  I was able to finally root.  My phone did reboot quite a few times in the process, but in the end it worked.  I am going to return the phone that had the corrupt screen issue and see if I can get another one.  From my experience with the second phone, the downgrade process may take multiple attempts and a lot of patience.  It seems it might depend on the phone as well, still don't know why my first phone had the screen issue.


----------



## Merazomo (Dec 17, 2016)

xeduran said:


> So I tried the downgrade with a second phone I had.  That one did not have the corrupt screen issue.  It did bootloop for quite a while before finally booting all the way in.  I was able to finally root.  My phone did reboot quite a few times in the process, but in the end it worked.  I am going to return the phone that had the corrupt screen issue and see if I can get another one.  From my experience with the second phone, the downgrade process may take multiple attempts and a lot of patience.  It seems it might depend on the phone as well, still don't know why my first phone had the screen issue.

Click to collapse



My efforts to root have been in vain up until now. Did you root the phone with firmware version VS425PP2? If so, which KingRoot version did you use? I've probably tried most KingRoot versions since 4.5.0, and nothing has worked. Thanks.


----------



## klaiiii (Dec 17, 2016)

xeduran said:


> So I tried the downgrade with a second phone I had.  That one did not have the corrupt screen issue.  It did bootloop for quite a while before finally booting all the way in.  I was able to finally root.  My phone did reboot quite a few times in the process, but in the end it worked.  I am going to return the phone that had the corrupt screen issue and see if I can get another one.  From my experience with the second phone, the downgrade process may take multiple attempts and a lot of patience.  It seems it might depend on the phone as well, still don't know why my first phone had the screen issue.

Click to collapse



Do those two phones have drastically different IMEI? Could we assume that phones with the same batch have closer IMEI number, and the bad batch has larger IMEI number? (or do they simply assign IMEI by random?)


----------



## xeduran (Dec 17, 2016)

klaiiii said:


> Do those two phones have drastically different IMEI? Could we assume that phones with the same batch have closer IMEI number, and the bad batch has larger IMEI number? (or do they simply assign IMEI by random?)

Click to collapse



The last six digitis are the only difference.  I might have just gotten a 'bad" phone just by chance.  I am going to return it today and see if I can get another.

---------- Post added at 09:08 AM ---------- Previous post was at 09:05 AM ----------




Merazomo said:


> My efforts to root have been in vain up until now. Did you root the phone with firmware version VS425PP2? If so, which KingRoot version did you use? I've probably tried most KingRoot versions since 4.5.0, and nothing has worked. Thanks.

Click to collapse



I used the latest version of Kingroot v5.  I downgraded to VS425PP2.  This is what I did in order.  Flashed PP2 and tried to root, was rebooting a whole lot.  Flashed PP4 and tried to root, did not work.  Flashed back to PP2 again and tried to root, this time it worked.  I was also able to flash the kdz file without extracting it.  To do this I replaced the dll in the common folder of LGUP with the one from the kdz, that allowed me to flash the kdz files directly with no problem (using refurbish instead of upgrade).


----------



## Merazomo (Dec 17, 2016)

xeduran said:


> I used the latest version of Kingroot v5.  I downgraded to VS425PP2.  This is what I did in order.  Flashed PP2 and tried to root, was rebooting a whole lot.  Flashed PP4 and tried to root, did not work.  Flashed back to PP2 again and tried to root, this time it worked.  I was also able to flash the kdz file without extracting it.  To do this I replaced the dll in the common folder of LGUP with the one from the kdz, that allowed me to flash the kdz files directly with no problem (using refurbish instead of upgrade).

Click to collapse



Thank you for the info. Your method does seem to allow KingRoot v4.5.0 to root my device; KingRoot v5 didn't work for me. When I rooted my Alcatel Ideal, I was able to use Super-Sume v6.4 to replace KingRoot with SuperSU. I decided to do the same, and it actually worked. Version 6.4 installs an older SuperSU, but at least I was able to get rid of the KingRoot bloatware, while still remaining rooted. 

Now for the negative part to my Super-Sume method. The phone got stuck a few times on the Verizon splash screen when rebooting, plus the annoying bootloop, but eventually went through. This time though, the screen went black, capacitive buttons show up and work, notification bar works, etc. but the home screen is black. The phone is still recognized by my computer, so it should be no problem restoring it; It's definitely a step in the right direction, but nowhere close to where everyone wants it too be. 

For a second there, I had a fully rooted phone with SuperSU instead of KingRoot; after reboot though, everything completely changed.


----------



## xeduran (Dec 17, 2016)

Merazomo said:


> Thank you for the info. Your method does seem to allow KingRoot v4.5.0 to root my device; KingRoot v5 didn't work for me. When I rooted my Alcatel Ideal, I was able to use Super-Sume v6.4 to replace KingRoot with SuperSU. I decided to do the same, and it actually worked. Version 6.4 installs an older SuperSU, but at least I was able to get rid of the KingRoot bloatware, while still remaining rooted.
> 
> Now for the negative part to my Super-Sume method. The phone got stuck a few times on the Verizon splash screen when rebooting, plus the annoying bootloop, but eventually went through. This time though, the screen went black, capacitive buttons show up and work, notification bar works, etc. but the home screen is black. The phone is still recognized by my computer, so it should be no problem restoring it; It's definitely a step in the right direction, but nowhere close to where everyone wants it too be.
> 
> For a second there, I had a fully rooted phone with SuperSU instead of KingRoot; after reboot though, everything completely changed.

Click to collapse



I just kept KingRoot and did not attempt to replace it. For my purposes the extra bloat is not much of an issue.


----------



## Merazomo (Dec 17, 2016)

xeduran said:


> I just kept KingRoot and did not attempt to replace it. For my purposes the extra bloat is not much of an issue.

Click to collapse



It's really not an issue for me either; however, it's the preferred method for most. I was able to restore the phone pretty easily too after that. I tried the same steps however with VS425PP4 and VS425PP6, and KingRoot won't let me root it this time. So I guess VS425PP2 is where the magic is at. I won't use my phone rooted since that intermittent bootloop I'm getting makes the phone very unreliable. If it shuts down on me, and I need to use it in a pinch, it might take me a while to get it boot. If that bootloop only happens in some phones, then this an Official root man. Nice job.


----------



## SnakeLake (Dec 17, 2016)

I have 20 of these phones, 17 with VS425PP5 and 3 with VS425PP4 from the factory. 

PP4 (2) -> PP2. Successful downgrade and root, both with bootlooping symptom. The number of bootloops varies each time.  I made slightly different changes before downgrading on both but the result was the same. I rooted both with the KingRoot 5.0.1 apk and confirmed it persisted between reboots.

PP5 (1) -> PP2. Unsuccessful downgrade with display issue as mentioned in this thread. I also had to flash PP6 to successfully recover it. 

I'd like to try moving to PP4 from PP5 to continue attempting to move them down to PP2. Maybe I can narrow down the display issue, or confirm it. 

Does anyone have a link to stock PP4 or instructions to extract it from device? I have seen it mentioned here but am unable to find it. Thanks for all the contributions so far.


----------



## xeduran (Dec 17, 2016)

SnakeLake said:


> I have 20 of these phones, 17 with VS425PP5 and 3 with VS425PP4 from the factory.
> 
> PP4 (2) -> PP2. Successful downgrade and root, both with bootlooping symptom. The number of bootloops varies each time.  I made slightly different changes before downgrading on both but the result was the same. I rooted both with the KingRoot 5.0.1 apk and confirmed it persisted between reboots.
> 
> ...

Click to collapse



You can get the PP4 kdz from http://lg-firmwares.com/lg-vs425pp-firmwares/.  If you are having the display issue, I doubt it will do you any good.  It didn't help me with my PP5.  My other PP5 worked fine, so I guess some of them work fine while others do not.  I just exchanged mine at the store and ended up with a PP4.  Was able to root that one as well.

The downgrade process seems to work just fine.  KingRoot works and sticks as well as long as you can get back to PP2 without the display issue, even with a PP5 phone.  The bootlooping will happen and as you said can vary drastically each time. The PP4 phone I downgraded bootlooped for about 10 minutes before it finally booted.  

If you are using the phone as your daily driver, downgrading is most likely not the solution for you.  In a pinch, I doubt you want to wait up to 10 minutes or more to get your phone back up and running.

---------- Post added at 06:29 PM ---------- Previous post was at 06:21 PM ----------




Merazomo said:


> It's really not an issue for me either; however, it's the preferred method for most. I was able to restore the phone pretty easily too after that. I tried the same steps however with VS425PP4 and VS425PP6, and KingRoot won't let me root it this time. So I guess VS425PP2 is where the magic is at. I won't use my phone rooted since that intermittent bootloop I'm getting makes the phone very unreliable. If it shuts down on me, and I need to use it in a pinch, it might take me a while to get it boot. If that bootloop only happens in some phones, then this an Official root man. Nice job.

Click to collapse



I am not getting an intermittent bootloop after the phone is fully booted.  I get it during the booting process and got it while trying to root.  But after rooting and booting the phone, no issues.  Of course if I reboot the phone I have to wait through the bootloops to get back running.   I agree though that this is not a daily driver solution for most.  Having to wait through bootloops every time you restart can be quite annoying, especially if this is your main phone.  

Good news is this can be used as a temporary solution for those who really need root until root is released for later firmware versions.  Unless you have the display issue.


----------



## SnakeLake (Dec 18, 2016)

xeduran said:


> You can get the PP4 kdz from "can't quote links yet".  If you are having the display issue, I doubt it will do you any good.  It didn't help me with my PP5.  My other PP5 worked fine, so I guess some of them work fine while others do not.  I just exchanged mine at the store and ended up with a PP4.  Was able to root that one as well.
> 
> The downgrade process seems to work just fine.  KingRoot works and sticks as well as long as you can get back to PP2 without the display issue, even with a PP5 phone.  The bootlooping will happen and as you said can vary drastically each time. The PP4 phone I downgraded bootlooped for about 10 minutes before it finally booted.
> 
> ...

Click to collapse



Thanks for the link. I think I noticed a correlation with the phones I have. The serial numbers for the PP5 phones I have been able to downgrade without display issues begin with 610CQXXXXXXXXX and all my PP4  phones begin with 610CQXXXXXXXXX. The PP5 phones that I get the display issue on begin with 611CQXXXXXXXXX. Does your downgradable PP5 begin with 610CQXXXXXXXXX or earlier by chance?


----------



## Merazomo (Dec 18, 2016)

SnakeLake said:


> Thanks for the link. I think I noticed a correlation with the phones I have. The serial numbers for the PP5 phones I have been able to downgrade without display issues begin with 610CQXXXXXXXXX and all my PP4  phones begin with 610CQXXXXXXXXX. The PP5 phones that I get the display issue on begin with 611CQXXXXXXXXX. Does your downgradable PP5 begin with 610CQXXXXXXXXX or earlier by chance?

Click to collapse



My downgradable LGVS425PP5 starts with 610CQXXXXXXXXX; it doesn't have display issues.


----------



## MotoJunkie01 (Dec 18, 2016)

Another idea. In a previous thread for this device, I outlined a short guide on my 5.1.1 Rooted, Debloated, and BusyBox injected Stock ROM (Vs425PP2. ) For those with all the issues getting VS425PP2 to stick after downgrade, another option is to root install Flashfire, and flash my more stable version of Stock VS425PP2. At the time, I dumped all partitions from a Rooted, Debloated & BusyBox ready ROM. It is not downgraded, but completely stock VS425PP2 which has never been upgraded to a more recent build. Now that someone has finally figured out how to downgrade to a point of being able to root, I will find the link for my stock 5.1.1 VS425PP2 partition dump. Thanks much to @help101 for his hard work in unraveling the mystery of the .kdz downgrade. Genius ideas. Again, you guys that have downgraded to VS425PP2 from a newer build, once you get root access, flash my stock rooted VS425PP2 for a more stable build than the downgraded stock version. 

VS425PP2 Stock 5.1.1 Boot Image:
https://drive.google.com/file/d/0ByS9qDHT607jQk93QWt3dklYbXM/view?usp=drivesdk

vS 425PP2 Stock 5.1.1 Recovery Image;
https://drive.google.com/file/d/0ByS9qDHT607jS3VnZDM2VG0zeEU/view

VS425PP2 Stock 5.1.1 System Image: 
https://drive.google.com/file/d/0ByS9qDHT607jcktYdndjNzlfWUU/view

     The following "image" files are not in fact images, but compressed format type files. The /system partition is fastboot flashable. It may also be flashed to your VS425PP using FlashFire by @Chainfire. Alternatively, an app called Partition Backup & Restore is likewise a viable option. The easiest way is to install Flashfire, make a backup of your boot, recovery and system partitions and save the files to external storage. Then, replace your backup files with my boot, recovery and system files and opt to a Restore option from FlashFire. The app will flash your device with my boot, recovery and system partitions in full. I haven't tried, but using the EverRoot option in Flashfire will very possibly allow rooting of newer builds.


----------



## wperdigon (Dec 18, 2016)

does anyone have a simplified walkthrough for how to root using your guys methods?


----------



## MotoJunkie01 (Dec 18, 2016)

wperdigon said:


> does anyone have a simplified walkthrough for how to root using your guys methods?

Click to collapse



You make a good point. With @help101's approval, I will update the OP to include the downgrading method he discovered. s well as an option to flash my stable rooted 5.1.1 VS425PP2 ROM. I think getting all methods to date for rooting, condensing down, and updating/cleaning up the OP will be the simplest way to do an updated tutorial.


----------



## MotoJunkie01 (Dec 18, 2016)

Who is going to compile twrp guys? Come on, I don't even this l we are dealing with a locked bootloafer here @help101, when you get a moment, I'd like  for us both to work on the OP


----------



## Merazomo (Dec 18, 2016)

wperdigon said:


> does anyone have a simplified walkthrough for how to root using your guys methods?

Click to collapse



I've been downgrading and upgrading my VS425PP5 phone for a few days now, and I still can't root my phones with certainty. Eventually I get it done, but not without issues each time. Now I can't get my VS425PP5 downgraded to VS425PP2 to root LOL. I'm using the same files I used to downgrade and root as last time, but now I can't get it to root. I'm gonna write everything down until I can root it at will without any issues.


----------



## Merazomo (Dec 19, 2016)

MotoJunkie01 said:


> Another idea. In a previous thread for this device, I outlined a short guide on my 5.1.1 Rooted, Debloated, and BusyBox injected Stock ROM (Vs425PP2. ) For those with all the issues getting VS425PP2 to stick after downgrade, another option is to root install Flashfire, and flash my more stable version of Stock VS425PP2. At the time, I dumped all partitions from a Rooted, Debloated & BusyBox ready ROM. It is not downgraded, but completely stock VS425PP2 which has never been upgraded to a more recent build. Now that someone has finally figured out how to downgrade to a point of being able to root, I will find the link for my stock 5.1.1 VS425PP2 partition dump. Thanks much to @help101 for his hard work in unraveling the mystery of the .kdz downgrade. Genius ideas. Again, you guys that have downgraded to VS425PP2 from a newer build, once you get root access, flash my stock rooted VS425PP2 for a more stable build than the downgraded stock version.
> 
> VS425PP2 Stock 5.1.1 Boot Image:
> https://drive.google.com/file/d/0ByS9qDHT607jQk93QWt3dklYbXM/view?usp=drivesdk
> ...

Click to collapse



Could you please be a little more specific. I managed to do exactly just that, but the backup of the boot - recovery - system partitions, where saved in a single folder on my MicroSD card. The folder has these files: boot.lz4, boot.md5, recovery.lz4, recovery.md5, system.0002.md5, system.0002.tlz4, system.md5, system.tlz4, twrp.lst, twrp, twrp-busybox, twrp-lz4c. Yours are only 3 zip files. I will include the screenshot in an attachment.

**UPDATE** After researching everything a little more. I learned that these partitions are called Fastboot backups correct? Can FlashFire even restore Fastboot partition backups? From all the information I'm gathering, at some point I'm going to have to put the phone in Fastboot mode, and this phone just doesn't go into Fastboot mode; I've tried it many times.  Second time around I tried to backup the boot - recovery - system partitions as Fastboot backups to the MicroSD card, instead of normal backups like the first time; the phone just rebooted without backing anything up. The first time, at least I could see a black screen with white text flashing some files.

Another thing. The firmware in my phone is very easily corrupted, so I have to do all the steps one by one without any errors whatsoever, or the phone will get stuck at boot up, and I have to start from scratch. At this point, all I need to do is find a way to replace my so very corrupted partitions with yours, and hope that it makes the phone stable.

HERE ARE THE STEPS I TAKE:
1. Upgrade to VS425PP4 on Refurbished with LGUP - Everything goes smoothly, no reboots at startup
2. Downgrade to VS425PP2 on Refurbished with LGUP - Can reboot 1 to 100 times at startup, finally boots up
3. Install KingRoot v4.5.0 - Can reboot 1 to 100 times during the process, 6 out of 10 times it roots my phone, the other 4 it corrupts the firmware
4. Install Super-Sume v6.4 - 7 out 10 times it removes KingRoot and installs SuperSu with root, the other 3 times it corrupts the firmware
5. Install FlashFire v0.53 - installation always works, was able to backup onto MicroSD as normal backup but not as Fastboot backup
6. Dead end, don't know how to replace the stable partitions with mine.


----------



## klaiiii (Dec 19, 2016)

MotoJunkie01 said:


> You make a good point. With @help101's approval, I will update the OP to include the downgrading method he discovered. s well as an option to flash my stable rooted 5.1.1 VS425PP2 ROM. I think getting all methods to date for rooting, condensing down, and updating/cleaning up the OP will be the simplest way to do an updated tutorial.

Click to collapse





MotoJunkie01 said:


> Who is going to compile twrp guys? Come on, I don't even this l we are dealing with a locked bootloafer here @help101, when you get a moment, I'd like  for us both to work on the OP

Click to collapse



Did the system tag the wrong user?


----------



## Merazomo (Dec 19, 2016)

MotoJunkie01 said:


> Another idea. In a previous thread for this device, I outlined a short guide on my 5.1.1 Rooted, Debloated, and BusyBox injected Stock ROM (Vs425PP2. ) For those with all the issues getting VS425PP2 to stick after downgrade, another option is to root install Flashfire, and flash my more stable version of Stock VS425PP2. At the time, I dumped all partitions from a Rooted, Debloated & BusyBox ready ROM. It is not downgraded, but completely stock VS425PP2 which has never been upgraded to a more recent build. Now that someone has finally figured out how to downgrade to a point of being able to root, I will find the link for my stock 5.1.1 VS425PP2 partition dump. Thanks much to @help101 for his hard work in unraveling the mystery of the .kdz downgrade. Genius ideas. Again, you guys that have downgraded to VS425PP2 from a newer build, once you get root access, flash my stock rooted VS425PP2 for a more stable build than the downgraded stock version.
> 
> VS425PP2 Stock 5.1.1 Boot Image:
> https://drive.google.com/file/d/0ByS9qDHT607jQk93QWt3dklYbXM/view?usp=drivesdk
> ...

Click to collapse



Never mind. I managed to flash the boot, recovery and system partitions from the Rooted, Debloated ROM. I used the Partition Backup & Restore App though; it was a lot easier. The bootloop at startup still persists, so it's probably never going to change. I know the three partitions where replaced, because if I do I factory reset, it restores to the Rooted, Debloated ROM.


----------



## MotoJunkie01 (Dec 19, 2016)

We can probably fix the bootloop. In addition to the /boot, /system & /recovery partitions, I have partition dumps from VS425PP2 for all 26 firmware partitions, including /aboot, /laf, /rpm, and /sbl1. My guess is the bootloop is caused by either /aboot, /rpm, or the secondary bootloader /sbl1. You know how that works, on LG or virtually any brand, try downgrading primary, secondary or application bootloader, and normal bootup gets extremely buggy.
Edit: @help101, if you have time, perhaps this idea would be worth exploring: while technically "downgrading" the ROM Build to VS425PP2, is there a way -- when decompiling the .kdz itself -- to allow for the more current /laf, /rpm, and sbl1 partitions, while still allowing the OS Build itself to downgrade? This may well fix the bootlooping issue. And if not, hey its a minor price to pay for now to finally have a universal rooting method for the Zone 3.


----------



## wperdigon (Dec 23, 2016)

motojunkie, any luck with progress on this platform? thanks -


----------



## MotoJunkie01 (Dec 24, 2016)

wperdigon said:


> motojunkie, any luck with progress on this platform? thanks -

Click to collapse



Yes definitely progress. My goal is to iron out all bugs present in the downgraded OS, and allow for a normally functioning 5.1.1 Stock ROM. I am nearly there. I'm working on display drivers now.


----------



## wperdigon (Dec 29, 2016)

merry Christmas - any updates?


----------



## OhMattyO (Dec 29, 2016)

MotoJunkie01 said:


> Yes definitely progress. My goal is to iron out all bugs present in the downgraded OS, and allow for a normally functioning 5.1.1 Stock ROM. I am nearly there. I'm working on display drivers now.

Click to collapse



Awesome, glad to hear there is some progress! Is there anything I (or anyone else for that matter) can do to help you in this process, testing or otherwise?


----------



## MotoJunkie01 (Jan 2, 2017)

OhMattyO said:


> Awesome, glad to hear there is some progress! Is there anything I (or anyone else for that matter) can do to help you in this process, testing or otherwise?

Click to collapse



What build are you running on your Zone 3?


----------



## OhMattyO (Jan 2, 2017)

MotoJunkie01 said:


> What build are you running on your Zone 3?

Click to collapse



I have a few Zone 3's running the VS425PP5 build.


----------



## MotoJunkie01 (Jan 2, 2017)

OhMattyO said:


> I have a few Zone 3's running the VS425PP5 build.

Click to collapse



Do you have at least one on the PP4 Build?


----------



## OhMattyO (Jan 2, 2017)

MotoJunkie01 said:


> Do you have at least one on the PP4 Build?

Click to collapse



Unfortunately I do not believe so, I picked them up all at the same time at Best Buy and they all appear to be identical.


----------



## MotoJunkie01 (Jan 4, 2017)

I have one idea that would provide a universal root method for all 5.1.1 Builds for the Zone 3. Force the device into fastboot mode and flash my rooted, debloated stock ROM via fastboot commands. From what I can tell, the bootloader isn't locked on the VS425PP, but somebody correct me if I'm wrong.


----------



## OhMattyO (Jan 5, 2017)

MotoJunkie01 said:


> I have one idea that would provide a universal root method for all 5.1.1 Builds for the Zone 3. Force the device into fastboot mode and flash my rooted, debloated stock ROM via fastboot commands. From what I can tell, the bootloader isn't locked on the VS425PP, but somebody correct me if I'm wrong.

Click to collapse



From what I have read, the bootloader is not locked. So I'd say give it a shot. Let me know if you want anyone to test on a PP5 build, or if there is anything else I could help with.


----------



## MotoJunkie01 (Jan 5, 2017)

OhMattyO said:


> From what I have read, the bootloader is not locked. So I'd say give it a shot. Let me know if you want anyone to test on a PP5 build, or if there is anything else I could help with.

Click to collapse



OK. Thanks


----------



## wperdigon (Jan 7, 2017)

i'm still waiting for a glimmer of hope for rooting these devices I have =)


----------



## MotoJunkie01 (Jan 7, 2017)

wperdigon said:


> i'm still waiting for a glimmer of hope for rooting these devices I have =)

Click to collapse



Did you try the downgrade method outlined earlier in the thread?


----------



## wperdigon (Jan 7, 2017)

MotoJunkie01 said:


> Did you try the downgrade method outlined earlier in the thread?

Click to collapse



no i didn't try to downgrade, i don't know how to boot unlock - i will reread the thread and see what i'm missing, it's a long one so i missed it - i thought you were going to make a simplified version of whats going on mid way through the thread - i must have missed the updates


----------



## MotoJunkie01 (Jan 7, 2017)

wperdigon said:


> no i didn't try to downgrade, i don't know how to boot unlock - i will reread the thread and see what i'm missing, it's a long one so i missed it - i thought you were going to make a simplified version of whats going on mid way through the thread - i must have missed the updates

Click to collapse



Simplified would be great, but LG's partition mapping and structure make it extremely difficult to do a lot when it comes to downgrading. I have a very simplified method for rooting, but its putting the phone into fastboot mode without bricking it that's proving to be tough.


----------



## wperdigon (Jan 7, 2017)

i a moron, i can't figure this out. ugh, i hate being phone stupid.


----------



## bitwhale (Jan 8, 2017)

Hello, thank you for this thread, I appreciate it, it's literally the only one of it's type that I can find and I'm pleasantly surprised that its not all that old. I am having some issues, first let me explain what happened:

I have 2 lg optimus zone 3 verizon that I have rooted. I used kingroot & bought supersume pro to switch over to supersu, I downloaded kingroot 4.8.1 as instructed in the directions, rebooted after rooting, downloaded supersu & supersume, rebooted again, ran supersume & all went well. It opened supersu after wards and said something about needing to update my SU Binaries before continuing and gave me two options, normal, or TMCP (i believe). I did a little research and it seemed to be general consensus that TMCP was the better option, so i clicked it. It said "Ok we will try to update" and then about 30 seconds later my phone auto-rebooted & wouldn't boot past the logo screen (what I believe is referred to as a "boot loop" even though nothing seems to be looping, just frozen in place). 

I've read a bit, it seems like it's definitely the SU Binaries, I wish I knew how to fix this. I have tried all of the normal, hard reset by volume+ & power, didn't work, and then I found this thread.

For the first option: I downloaded the software repair assistant as well as the lg united drivers provided, I opened the  repair assistant and plugged in the phone while holding volume+ so it goes into download mode. The assistant recognizes the phone, checks device data, tries to backup but fails, says it will need to wipe everything, i click ok, it downloads for about 35 minutes, all is good, then we get to the stage "repair" and it gets stuck at 20%. It hasn't moved since for over 1 hour. Not sure what to do, I'm quite afraid to unplug the device at this point though I'm pretty sure nothings changed as it seems like its stuck at the same point as when I try to boot up. 

I am going to leave it overnight, but what should I do when I wake up in the AM? If I unplug it during the "repairing" phase, is it going to make the situation worse? What should I do?

Ok, for the second option (i tried it earlier before i got the first version to work): I download all of the files in the link provided and installed them. I open LGUP and put my phone into DL mode. It recogizes my phone, I select it and click ok and then I get the error: "LGUP can't load the model[C:\Program Files\LG Electronics\LGUP\model\com". I went into device manager and checked for my drivers, it does show I have issues. My LGE Android MTP Device says "This device can not start (code 10)" {operation failed} the requested operation was unsuccessful. I went ahead and clicked into it and clicked 'Update driver" but it says I already have the driver which is most up to date. 

I have got into the file explorer to the LG\model folder and there is a VS425 driver there, with the dll inside. I notice tht there is no "com" folder. I've tried pasting it directly to the model folder, leaving it in the vs425 folder & creating a com folder and pasting it there, none of which seems to work, i always get the same error. How do I fix it?

Thank you, hope you are well, happy new years.

PS: If you can get my phones back up and working, I will tip you $10 in bitcoin, lol  I want them working that badly... I've been battling this for days now.


----------



## Merazomo (Jan 8, 2017)

bitwhale said:


> Hello, thank you for this thread, I appreciate it, it's literally the only one of it's type that I can find and I'm pleasantly surprised that its not all that old. I am having some issues, first let me explain what happened:
> 
> I have 2 lg optimus zone 3 verizon that I have rooted. I used kingroot & bought supersume pro to switch over to supersu, I downloaded kingroot 4.8.1 as instructed in the directions, rebooted after rooting, downloaded supersu & supersume, rebooted again, ran supersume & all went well. It opened supersu after wards and said something about needing to update my SU Binaries before continuing and gave me two options, normal, or TMCP (i believe). I did a little research and it seemed to be general consensus that TMCP was the better option, so i clicked it. It said "Ok we will try to update" and then about 30 seconds later my phone auto-rebooted & wouldn't boot past the logo screen (what I believe is referred to as a "boot loop" even though nothing seems to be looping, just frozen in place).
> 
> ...

Click to collapse



Either way, I believe your device is bricked. You won't be able to stay rooted, but you might be able to salvage the phone and get it back in working order.

To make it work I went here: http://lg-firmwares.com/lg-vs425pp-firmwares/
-downloaded VS425PP6_00_1114_ARB00.kdz
-used WindowsLGFirmwareExtract-1.2.5.0-Release.zip to extract just the LGUP_common.dll file
-pasted the LGUP_common.dll into C:\Program Files (x86)\LG Electronics\LGUP\model\common
-if you decide to update the phone to VS425PP6, you can use my attached LGUP_common.dll file

Again: This is where the LGUP_common.dll file should go; at least on my computer: C:\Program Files (x86)\LG Electronics\LGUP\model\common
-That file got rid of all the errors I was getting when restoring the phone; at least in my case.


----------



## bitwhale (Jan 8, 2017)

Merazomo said:


> Either way, I believe your device is bricked. You won't be able to stay rooted, but you might be able to salvage the phone and get it back in working order.
> 
> To make it work I went here: *Link redacted*
> -downloaded VS425PP6_00_1114_ARB00.kdz
> ...

Click to collapse



Thank you man, i appreciate it. When i go into "about phone software info" it says it's VS425PP1. Is this going to effect me upgrading? I don't care what I am running as long as I can salvage the phone really.

Thanks for your time!

Edit: No Sh#t brother, it worked!!!!! thank you!!!!!! I kept trying "com" it needed the folder "common" which it didnt say in the error message: "LGUP can't load the model[C:\Program Files (x86)\LG Electronics\model\com". Ok, i am going to perceed to step two. Thank you!! So I will make sure to do all of the updates for pp6, correct?

---------- Post added at 10:26 AM ---------- Previous post was at 09:57 AM ----------




bitwhale said:


> Thank you man, i appreciate it. When i go into "about phone software info" it says it's VS425PP1. Is this going to effect me upgrading? I don't care what I am running as long as I can salvage the phone really.
> 
> Thanks for your time!
> 
> Edit: No Sh#t brother, it worked!!!!! thank you!!!!!! I kept trying "com" it needed the folder "common" which it didnt say in the error message: "LGUP can't load the model[C:\Program Files (x86)\LG Electronics\model\com". Ok, i am going to perceed to step two. Thank you!! So I will make sure to do all of the updates for pp6, correct?

Click to collapse



Wow, it worked, it all seems so simple now after battling for days! Dude thank you so much, thank you thank you thank you.

Next question: Is it possible to set up SuperSU on this model of phone without bricking it again? Anyone have a link to a simple guide I can trust (there is many out there but I am afraid to use them with this model of phone).

Whats your BTC address dude, I owe you.

EDIT: Oo, maybe this is what you mean by unrooted, when i try to use Kingroot for this it will not allow it, says build is unavailable. How do I root this phone? I am trying a manual SuperSU install now but TWRP doesn't have an option for vs425pp, man this phone! lol.


----------



## Merazomo (Jan 8, 2017)

bitwhale said:


> Thank you man, i appreciate it. When i go into "about phone software info" it says it's VS425PP1. Is this going to effect me upgrading? I don't care what I am running as long as I can salvage the phone really.
> 
> Thanks for your time!
> 
> ...

Click to collapse



Don't worry about it man, just pay it forward 

I made the same mistake once, and ruined my perfectly rooted device. I had no other option but to upgrade. At this time, there's no way of rooting the newer versions, but they're working on it as we speak. I've sort of made a Guinea Pig out of my phone to test new ways of rooting it with whatever files are shared on this thread. I've bricked it many times since the first time, and I've always been able to recover the phone by just flashing the .kdz firmwares from the link I gave you, extracting just the LGUP_common.dll file from the version I want to update or downgrade to, pasting it in C:\Program Files (x86)\LG Electronics\LGUP\model\common, etc. Just remember that the LGUP_common.dll file has to be renamed as such to work; when it is first extracted, the name is a little different. The VS425PP2_02_ARB00.kdz version is rootable, but it creates a bootloop at startup, which can take up to 10 minutes to go past the splash screen; very unreliable at this time.


----------



## bitwhale (Jan 8, 2017)

Merazomo said:


> Don't worry about it man, just pay it forward
> 
> I made the same mistake once, and ruined my perfectly rooted device. I had no other option but to upgrade. At this time, there's no way of rooting the newer versions, but they're working on it as we speak. I've sort of made a Guinea Pig out of my phone to test new ways of rooting it with whatever files are shared on this thread. I've bricked it many times since the first time, and I've always been able to recover the phone by just flashing the .kdz firmwares from the link I gave you, extracting just the LGUP_common.dll file from the version I want to update or downgrade to, pasting it in C:\Program Files (x86)\LG Electronics\LGUP\model\common, etc. Just remember that the LGUP_common.dll file has to be renamed as such to work; when it is first extracted, the name is a little different. The VS425PP2_02_ARB00.kdz version is rootable, but it creates a bootloop at startup, which can take up to 10 minutes to go past the splash screen; very unreliable at this time.

Click to collapse



Got ya, ok thanks man, i seriously appreciate it. I definitely will pay it forward, I can;t tell you how happy I am just to know I'm not 40 bucks down the drain! haha! You made my night. Take care man,


----------



## bitwhale (Jan 8, 2017)

bitwhale said:


> Got ya, ok thanks man, i seriously appreciate it. I definitely will pay it forward, I can;t tell you how happy I am just to know I'm not 40 bucks down the drain! haha! You made my night. Take care man,

Click to collapse



PS - Just to help out anyone else that is in the same situation. After I flashed back to pp2, I rooted with the newest version of Kingroot with no issues & no boot looping. I know KR isn't optimal, I really want to use SuperSU, but until I can figure it out, this will have to do!

Again, thank you for the amazing help. I really appreciate it, I gave them a 20% chance of coming bck to life, what a noob I am.


----------



## bitwhale (Jan 10, 2017)

DISCLAIMER: I can only confirm this works on a pp1 phone (as this is what my phones originally ran), I can also confirm that pp5 has graphics issues that will cause a bootloop as stated previously, we are still in need of a workaround here.

New update, I figured out how to get SuperSU me to work on a zone 3. I'm sure this process is a mix of truth & superstition, I literally tried so many things though and this is the only combo that would work for me (out of 3 of 3 phones).

I flashed my phones to pp6, then back to pp2 (the phones that i upgraded directly from pp1 to pp2 would not work for what ever reason and would freeze during root, have no clue how this is possible it's probs superstition but it worked for me).

Once my phone was back to pp2 firmware, reset factory settings & factory data reset. Once it reboots, go through the set up process.

Afterwards, Go to "about phone" then "software info" and then tap "build number" 7-8 times to turn on dev mode. go back 2 times and enter developer options and check "USB Debugging". This is important incase you brick your phone some how during this process, though I didn;t happen to me once i figured this out. 

Go to google store & go to settings, TURN OFF AUTO UPDATE APPS VERY IMPORTANT, now search for  "supersume pro" but do not install, instead expand the description & look  for a xda forum link to KingRoot version 4.8.1. Navigate to the link and click download. Go to "storage > downloads" and click kingroot & install. It will ask you to change your settings, click settings and change "download unknown applications" so you can download apk's outside of the google play store, then it will automatically go back and start the install. If you get a message saying something like "this could be dangerous" click more and click "install anyway". 

After kingroot downloads, reboot your phone. Once it's rebooted, open kingroot and root your phone. I've had this step mess up on me, but worse case scenario, you reboot and try again and it typically goes for it. After flashing from pp6 to pp2 though for what ever reason rooting seemed to work always the first/second time, knock on wood.

After rooting, go download root checker, super su, & supersume pro ($3.99), once they are all downloaded, reboot your phone once again.

After reboot, open root checker and verify that you have root access. Once verified, start supersume pro and look above the blue button for writing to verify that it is  running 'kingroot 4.8.1" and not kingroot 4.9.2 (if it is running 4.9.2 you didn't turn off auto update fast enough and kingroot snuck in an update on you, supersume will freeze on 4.9.2 and you will need to start over from step 1 to remove root and retry). If it says kingroot 4.8.1, click the big blue button & wait for the "grant root access" screen to pop up so you can accept. After this, supersume pro will reboot and open again for stage two.

Wait 10 seconds after it reopens until all of the "validating liscense" notifications disappear and then click the blue button again. At this point, be patient, wait for another "grant root access" screen, if this pops up, you are home free, if it doesn't pop up & the app freezes for over 2 minutes, then sadly we need to restart the process & kingroot was removed during supersume stage 1 so we will have to start again from the point of installing kingroot 4.8.1. I found that if it takes longer than  2 minutes to pop up, it probably isn't coming haha, but this was again only when i was trying to update a phone that was flashed from pp1 to pp2, these problems seemed to disappear for what ever really odd reason when I downgrade from pp6 back to pp2.

After supersume pro finishes, it will open supersu automatically. click "new user" and it will take you to a page where it says "how to update your binaries". Click the home screen and reopen supersu, a screen will now pop up saying "would you like to update your binaries?" click ok and then you will be presented with two options. Click "Normal", DO NOT CLICK TWRP IT WILL BRICK YOUR PHONE, only click the normal option.

Now at this point it will say "installing update plz wait" give it around 3-5 minutes, then it will either say one of two things:

congrats you have updated your binaries, please reboot 

-or-

There is a conflicting version of supersu, would you like to remove it? click yes - Now, this never works, it never finishes uninstalling, wait 5 minutes, go smoke a cig or something, come back, then reboot your phone.

When you log back in, you will notice that you have supersu binaries, root, and no more king root. I R VICTORIOUS!

That was quite the tech puzzle, I literally worked at it for days, I hope i've helped at least one person, plz let me know if I need to clarify anything I know it sounds weird lol very detailed and probably superstition creeps in every now and then, but I literally tried every simplified option without flashing from pp6 to pp2 and nothing would work, maybe one of you can explain why this would actually make a diff, from my understanding flashing from pp6 to pp2 wouldn't leave any residual pp6 settings/calibrations correct?

Anyways, take care, talk soon!  Thanks for the help ladies & gents.

PS I paid it forward!!


----------



## tromal (Jan 10, 2017)

@bitwhale

Can you please explain (step by step) how did you downgrade from PP6 to PP2, I didn't really understand how to do it from the previous posts, my english is rather limited.

Thanks


----------



## bitwhale (Jan 10, 2017)

tromal said:


> @bitwhale
> 
> Can you please explain (step by step) how did you downgrade from PP6 to PP2, I didn't really understand how to do it from the previous posts, my english is rather limited.
> 
> Thanks

Click to collapse



Yes I just woke up, let me get a cup of coffee and I'll do better than I did last night.

---------- Post added at 03:59 PM ---------- Previous post was at 03:45 PM ----------

OK,
 download LGUP from the net, now go to http://lg-firmwares.com/lg-vs425pp-firmwares/ & download both pp6 & pp2:

VS425PP6_00_1114_ARB00.kdz
VS425PP2_02_ARB00.kdz

Once you have the files, turn off your bricked phone, plug in the power cord into your computer, hold volume+ button while putting the powercord into the phone & hold it until "download" mode pops up. After your phone is in download mode, click & open LGUP.

If you get the error from LGUP "Can't find the model", then you will need to download the LGUP_common.dll file. I am going to try to attach it here once again, but since I'm a noob no clue if it'd actually work. If I can't attach it, all urls + the lgup_common.dll file can be located on page 9 of this thread in Merazomo's post.

After downloading the LGUP_common, open your file explorer on your computer and nagivate to Drive C > program files (or program files (x86)) > LG Electronics > LGUP > model >

Now, when you open the model folder, if there is not a folder named 'common' create one. open the common folder, and paste the LGUP_common.dll inside of it.

Now close lgup and reopen, it will now work. Once it opens up, you will see your phone connected, it will stay com# + standby, at the botton you will see i think it's called "bin" but I'm honestly not sure, it's the 2 rows underneath the rows where your phones pop up. Click the explorer button (it's on the same line, on the right hand side, you have to hover over the line). 

Find the pp6 firmware, select it, click the button "Upgrade" above, then click the button at the bottom right to flash it. Now boot down phone again, power to download mode,  repeat the above steps but for pp2 instead of pp6, flash to pp2 using the pp2 file, boot up your phone, & do another factory reset + factory settings reset.

Now at this point you are ready go to to the next steps where i say "set up your phone, then turn on developer mode by clicking on build nunber 7-8 times". 

You are right on track with the guide above after this point. 

Hopefully I've helped, have fun tinkering!! Looking forward to hear if it works out,

Clay

Also, I just wanted to say thanks to the dev of supersume for spending the time with me through email to try to figure this stuff out.


----------



## tromal (Jan 10, 2017)

@bitwhale

Thanks man, it's cristal clear. I'll give it a try as soon as I get a chance


----------



## bitwhale (Jan 10, 2017)

Good luck man take your time, look forward to hearing back from ya.


----------



## wperdigon (Jan 11, 2017)

bitwhale said:


> Yes I just woke up, let me get a cup of coffee and I'll do better than I did last night.
> 
> ---------- Post added at 03:59 PM ---------- Previous post was at 03:45 PM ----------
> 
> ...

Click to collapse



Whale - Awesome write up - the file being placed in the location was able to take me to another step, but help me out - i'm missing something, and I can't figure this out - 

when I get LGUP to show the phone, what am I missing here - see the photo below


----------



## wperdigon (Jan 11, 2017)

bitwhale - i followed your write up and I was able to figure out that in the common folder I needed to place the 2 files, vs425pp6 and the vs425pp2 files - I had a completely working device with version 5 on it. I did the Upgrade selection to version 2, and now the device just sits in a reboot cycle with the screen going light black to dark black - doesn't show any letter, doesn't show anything, just restarting over and over again - 

what suggestions do you have for me? i don't know what I did wrong here, is there a way to fix this? 

Thanks


----------



## bitwhale (Jan 11, 2017)

wperdigon said:


> bitwhale - i followed your write up and I was able to figure out that in the common folder I needed to place the 2 files, vs425pp6 and the vs425pp2 files - I had a completely working device with version 5 on it. I did the Upgrade selection to version 2, and now the device just sits in a reboot cycle with the screen going light black to dark black - doesn't show any letter, doesn't show anything, just restarting over and over again -
> 
> what suggestions do you have for me? i don't know what I did wrong here, is there a way to fix this?
> 
> Thanks

Click to collapse



Hey man sorry it took me a while to get back to you. Hmm that is weird, I am quite confused though. With this part "I was able to figure out that in the common folder I needed to place the 2 files, vs425pp6 and the vs425pp2 files".

Did you put the full apk files or just the common.dll files?

I didn't write up how to pull the common.dll files out of the apk files is why I ask. The only file that should need to be in the "common" folder is the common.dll that I attached above (alternatively, you can also get the same file from Merazmo's post on page 9, it's called "LGUP_common.dll and is attached to both posts). If you'd like, feel free to add me on skype and I'll try my best ot help get you set up. Clay.taxpayer

I'll be watching this thread hopefully I can get a response to you in a timely manner. Sorry you are having troubles.


----------



## wperdigon (Jan 11, 2017)

your awesome man, thats for sure - so i was reading through the thread and it looked like I was experiencing the boot looping issues others were describing in earlier post - i had tried multiple times to get the phone to "downgrade" from the process of pp5 to pp2 - i didn't have any success with that, so what I did was place the pp6 in the folder and select that, it took a couple of attempts but looks like I did an upgrade from pp5 with the screen bootlooping to pp6 with the phone actually working. now i'm i'm the process of trying to downgrade from 6 to 2 - i will let you know

---------- Post added at 11:34 PM ---------- Previous post was at 11:25 PM ----------

it looks like i'm back to the boot looping.....but now the lgup is reading version 2 - i can't explain it, i don't have a screen but I supposedly have version two on the phone...i swear, they couldn't make this easy could they


----------



## Cubcadetlover (Jan 11, 2017)

wperdigon said:


> bitwhale - i followed your write up and I was able to figure out that in the common folder I needed to place the 2 files, vs425pp6 and the vs425pp2 files - I had a completely working device with version 5 on it. I did the Upgrade selection to version 2, and now the device just sits in a reboot cycle with the screen going light black to dark black - doesn't show any letter, doesn't show anything, just restarting over and over again -
> 
> what suggestions do you have for me? i don't know what I did wrong here, is there a way to fix this?
> 
> Thanks

Click to collapse



I have the same issue with my V5 devices. When I flashed them back to V6 (from V2) of the software it fixed it... If you read earlier in the thread, it looks like they changed something with the internal graphics or graphics driver although its the same phone model. For now we are stuck.

On my V4 with V2 software, it just does the boot loop but at least the screen works.


----------



## bitwhale (Jan 11, 2017)

Cubcadetlover said:


> I have the same issue with my V5 devices. When I flashed them back to V6 (from V2) of the software it fixed it... If you read earlier in the thread, it looks like they changed something with the internal graphics or graphics driver although its the same phone model. For now we are stuck.
> 
> On my V4 with V2 software, it just does the boot loop but at least the screen works.

Click to collapse



Ah ok, this might be the answer tbh, we are trying ot battle this through on skype as we speak. I thank you for the input as it gives me a bit more insight on what is happening here. I will put a disclaimer in my posts to note this as well, sorry if I caused any trouble at all!


----------



## wperdigon (Jan 12, 2017)

well, we were able to figure out that if you go from v5 up to v6 and then down to v2, it works - so many many many thanks to whale for helping me - super awesome for sure!


----------



## Cubcadetlover (Jan 12, 2017)

wperdigon said:


> well, we were able to figure out that if you go from v5 up to v6 and then down to v2, it works - so many many many thanks to whale for helping me - super awesome for sure!

Click to collapse



Thats great... Did you originally start out with a V5 model? If so, I will need to try it.


----------



## bitwhale (Jan 12, 2017)

Hello gents, just a quick update, wperdigon & I are currently battling out the issues of pp5 trying to downgrade to pp2. We've got one phone to downgrade and root successfully, but it's touchy and I'm not sure we can duplicate it yet. We will know more tomorrow, I'll keep ya posted! Have a great night.

---------- Post added at 05:25 AM ---------- Previous post was at 05:23 AM ----------




Cubcadetlover said:


> Thats great... Did you originally start out with a V5 model? If so, I will need to try it.

Click to collapse



Yes, he started with PP5, we upgraded to PP6, fac setting wipe/data wipe, then downgrade to pp2 fac setting wipe/data wipe. It's very touchy, if you don't do a single step in order you might not be able to do it again, so my recommendation is to wait till tomorrow until we can get you a more definitive answer as to whether this was a fluke or if it's something that can be duplicated. (You only need to wait if your phone has never been flashed before, if you have already flashed it to pp2 in the past, you can't do any harm by trying, If your phone has never been flashed below pp5 though, wait until we can give you a better answer..)

One thing we did notice is, on the phone he flashed from the original pp5 to pp2 firmware (without going to pp6 first) no matter what will bootloop, you can reflash to pp6 & get it working again, but it will always bootloop on pp2 even if you go to pp6 first then back to pp2... yet the phones that were flashed from their original pp5 to pp6, then back to pp2 had a better chance of successfully booting & rooting without any type of bootloop.

So from what I can tell, if you have already tried to flash your pp5 device to pp2, this probably won't work anymore. It's only the brand new pp5's that have never been flashed before that we seem to have success with, for what ever reason.

Also, we've only rooted with Kingo/King root so far, though I am confident that if you can get your phone to root on pp2 you can pull off the supersume BS. It just takes alot of blood, sweat, and tears! haha

None the less, we are going to continue our zone 3 hack session tomorrow when he gets home from work. I am sure we will be trying both new phones out of the box as well as the old phone we can't get past load up screen. If we can figure out a workaround for either of these, this thread will be the first to know!!

We'll keep ya posted man! Talk tomorrow.


----------



## OhMattyO (Jan 12, 2017)

bitwhale said:


> Hello gents, just a quick update, wperdigon & I are currently battling out the issues of pp5 trying to downgrade to pp2. We've got one phone to downgrade and root successfully, but it's touchy and I'm not sure we can duplicate it yet. We will know more tomorrow, I'll keep ya posted! Have a great night.
> 
> ---------- Post added at 05:25 AM ---------- Previous post was at 05:23 AM ----------
> 
> ...

Click to collapse



Good luck gents, and thanks for all the time and effort you guys are putting into it! I have 5 factory PP5s in box at home, so when I get back there (sometime this weekend), if you guys need more help or fresh devices to keep testing on, let me know; I'll join in on the fun. Otherwise, if you guys end up finding a general solution, I'll put it to work on the phones I have this weekend anyways.

Thanks again guys, looking forward to following your progress here!


----------



## bitwhale (Jan 12, 2017)

OhMattyO said:


> Good luck gents, and thanks for all the time and effort you guys are putting into it! I have 5 factory PP5s in box at home, so when I get back there (sometime this weekend), if you guys need more help or fresh devices to keep testing on, let me know; I'll join in on the fun. Otherwise, if you guys end up finding a general solution, I'll put it to work on the phones I have this weekend anyways.
> 
> Thanks again guys, looking forward to following your progress here!

Click to collapse



Sounds good man, I appreciate the offer. We will definitely let you know if anything developes or if we are in need of a 3rd tester.  The good news so far is that we have yet to hard brick a phone haha, at least you can always bring them back to life. Anyways, have a great night, talk more tomorrow!


----------



## Cubcadetlover (Jan 12, 2017)

bitwhale said:


> Sounds good man, I appreciate the offer. We will definitely let you know if anything developes or if we are in need of a 3rd tester.  The good news so far is that we have yet to hard brick a phone haha, at least you can always bring them back to life. Anyways, have a great night, talk more tomorrow!

Click to collapse



Yep, we will let you play... If you need testing, I have a couple V5 devices as well to play with.


----------



## bitwhale (Jan 14, 2017)

Hello Gents, just a quick update,

Wperdigon has tried 4 phones so far and it's very hit or miss, he says that even the phones he's got rooted are still having screen issues which has to be due to that graphics driver issue. I wasn't aware of these issues until the phones ran for a few days so we could see their flukes. We are currently messing with pp4, we'll let you know what we find.

In the mean time, I recommend no one with a pp4+ phone to try to root unless you don't mind experimenting. We will keep our ear to the ground for a work around, this isn't the end!

Clay


----------



## jondoe17 (Feb 2, 2017)

Im this exact phone right now vs425pp 5.1 Verizon LG. 
Q1-Is there no bootloader?
Q2- root access? 
Q3- why is it that it seems like Im limited to my use. Should I trash this phone due to the restrictions forcing this LG to not have true control


----------



## MotoJunkie01 (Feb 4, 2017)

jondoe17 said:


> Im this exact phone right now vs425pp 5.1 Verizon LG.
> Q1-Is there no bootloader?
> Q2- root access?
> Q3- why is it that it seems like Im limited to my use. Should I trash this phone due to the restrictions forcing this LG to not have true control

Click to collapse



There is a bootloader which is apparently not locked. If you are referring to entering fastboot mode, it is possible but you risk a brick attempting it. The /laf partition must be quashed, so that when /aboot searches for a kernel and finds none, the device is forced into fastboot mode. Root is very easy to perform if you have the VS425PP or VS425PP2 Build of Android 5.1.1. Builds subsequent to the first two can be rooted by the downgrade method posted earlier in this thread. Also, with root, GSM capabilities can be attained. In sum, unless you have one of the first two initial builds, this device requires a lot of patience and some work to root. See earlier in the thread on downgrading methods and @bitwhale's excellent outline on installing the SuperSU binaries.


----------



## bates47130 (Mar 14, 2017)

hey guys ... first off thanks to XDA for this forum and all the members for their support... now great to see the progress made on this model. I got mine about six months ago and have been waiting for some development. it has a low serial number 606VTCLxxxxxxx and H/W Rev 1.0 so I'm hoping this will help when trying to downgrade but ... I messed up and allowed it to update and now my build number is LMY47V and software version is  VS425PP7 and I have not seen any post on anyone working with v7 ... So does anyone know if v7 can be downgraded and also my software status sais "Modified" altho  I have never been successful at rooting this device and have never tried to downgrade it and when I did try to root my software version was v1 ... so what does the "modified" mean and affect besides the obvious...lol ...thank you all


----------



## MotoJunkie01 (Mar 14, 2017)

bates47130 said:


> hey guys ... first off thanks to XDA for this forum and all the members for their support... now great to see the progress made on this model. I got mine about six months ago and have been waiting for some development. it has a low serial number 606VTCLxxxxxxx and H/W Rev 1.0 so I'm hoping this will help when trying to downgrade but ... I messed up and allowed it to update and now my build number is LMY47V and software version is VS425PP7 and I have not seen any post on anyone working with v7 ... So does anyone know if v7 can be downgraded and also my software status sais "Modified" altho I have never been successful at rooting this device and have never tried to downgrade it and when I did try to root my software version was v1 ... so what does the "modified" mean and affect besides the obvious...lol ...thank you all

Click to collapse



Appreciate the info on the v7 build update. I was not yet aware of the update and, as of now, don't know if downgrading is possible. I can tell you the "modified* status you are seeing is normal if you attempted to root, whether successful or not. LG is notorious for the /rct partition (root checking tool) installed on their devices. Once root is attempted, a q-fuse is blown and the /rct partition is prompted to denote a " modified" status.


----------



## bitwhale (Mar 25, 2017)

Just popping back around to see what progress we've made, these phones can be such a pain.

I have a feel this thread is going to get a fresh boost of activity due to the LG Opt 3 deals currently going on at wally world. I bought 2 myself, hopefully the pp7 so we can start messing with them too.

Talk to ya in a few days once I receive them. This should be fun...


----------



## MotoJunkie01 (Apr 9, 2017)

bitwhale said:


> Just popping back around to see what progress we've made, these phones can be such a pain.
> 
> I have a feel this thread is going to get a fresh boost of activity due to the LG Opt 3 deals currently going on at wally world. I bought 2 myself, hopefully the pp7 so we can start messing with them too.
> 
> Talk to ya in a few days once I receive them. This should be fun...

Click to collapse



Hopefully you can get a couple that have been stocked up in a warehouse or storeroom for a year or so, making it effortless to achieve full root. However, I love your spirit. You're welcoming the PP7 Build -- time for war.  Haha 
Keep us updated on your new devices. Thanks


----------



## The_Cheddar (Apr 12, 2017)

MotoJunkie01 said:


> LG OPTIMUS ZONE 3 - UNBRICKING GUIDE AND 5.1.1 FACTORY FIRMWARE
> 
> *     This guide has two main objectives: (1) for those with a bricked device who want to restore to the latest factory firmware image; and (2) those who need .kdz Stock 5.1.1 Factory Firmware files.
> 
> ...

Click to collapse


*
The links seem to direct me to an error webpage, is there any possibility of posting new links or to PM me the direct links? Thanks in advance!*


----------



## MotoJunkie01 (Apr 12, 2017)

The_Cheddar said:


> The links seem to direct me to an error webpage, is there any possibility of posting new links or to PM me the direct links? Thanks in advance!

Click to collapse



Yes. You are correct. The Google account to which those files were stored was recently compromised in terms of security. As such I no longer have the account or access to my Google Drive files. But I do have backups of the majority of my files. I know for certain that I have two stock firmware packages for the Zone 3 (in .kdz format), and I also have the Verizon Software Upgrade/Repair Utility. I'll get the files uploaded to my new Google account later today and provide an updated link. Thanks


----------



## The_Cheddar (Apr 12, 2017)

MotoJunkie01 said:


> Yes. You are correct. The Google account to which those files were stored was recently compromised in terms of security. As such I no longer have the account or access to my Google Drive files. But I do have backups of the majority of my files. I know for certain that I have two stock firmware packages for the Zone 3 (in .kdz format), and I also have the Verizon Software Upgrade/Repair Utility. I'll get the files uploaded to my new Google account later today and provide an updated link. Thanks

Click to collapse



Wow, thanks a million for the rapid response and your awesomely proactive attitude on this, this kinda **** makes my day!


----------



## MotoJunkie01 (Apr 13, 2017)

The_Cheddar said:


> Wow, thanks a million for the rapid response and your awesomely proactive attitude on this, this kinda **** makes my day!

Click to collapse



I'll be off work soon and be able to get those files for you


----------



## MotoJunkie01 (Apr 13, 2017)

The_Cheddar said:


> Wow, thanks a million for the rapid response and your awesomely proactive attitude on this, this kinda **** makes my day!

Click to collapse



Which files do you need specifically?


----------



## The_Cheddar (Apr 13, 2017)

MotoJunkie01 said:


> Which files do you need specifically?

Click to collapse



Well, I managed to accomplish the unbricking process I was previously stuck on with an excess of hair pulling and some good ol' fashioned determination and I no longer need most of what I was originally looking for. With that being said, however, I would greatly appreciate it if I could still get my hands on the pre-rooted stock recovery with the SU Binaries if you still have it. I keep encountering bootloop after replacing KingUser binaries with SU via Super-SUme, and to tell the truth, I have basically zero interest in troubleshooting any further. With all this hair pulling, it feels like I started today as Cousin It, at this point I'm resembling Uncle Fester so believe me when I say it would be a godsend if you are still able and willing to provide that file! Once again, thanks in advance.


----------



## MotoJunkie01 (Apr 13, 2017)

The_Cheddar said:


> Well, I managed to accomplish the unbricking process I was previously stuck on with an excess of hair pulling and some good ol' fashioned determination and I no longer need most of what I was originally looking for. With that being said, however, I would greatly appreciate it if I could still get my hands on the pre-rooted stock recovery with the SU Binaries if you still have it. I keep encountering bootloop after replacing KingUser binaries with SU via Super-SUme, and to tell the truth, I have basically zero interest in troubleshooting any further. With all this hair pulling, it feels like I started today as Cousin It, at this point I'm resembling Uncle Fester so believe me when I say it would be a godsend if you are still able and willing to provide that file! Once again, thanks in advance.

Click to collapse



   The only files I have are pure stock firmwares, in the form of .kdz files. The pre-rooted ROM that I had was Build #VS425PP2, and it was rooted via the /system partition. I have never had a "pre-rooted stock recovery" as you referenced above. In any event I am not able to recover the pre-rooted ROM that I dumped at the time of that post. I have only full stock firmware packages (.kdz) of VS426PP2 & VS425PP6, if either of those would be any help.


----------



## ResistanceIsFutile (Apr 19, 2017)

*Relaying A Message from MotoJunkie01*

*
Relaying A Message from MotoJunkie01

I apologize for not being in closer contact. I have some pressing issues going on and, coupled with work, man I've been tied up something awful. I'm going to need to drop off XDA for a month or better to get my personal issues attended to. I need a huge favor from you. 
My little threads I have started, if you could go on and explain I'll be gone for a month or so. I'd appreciate it.
I've Not enough time to even do that.*
_*So if anyone needs a reply I'd figure sometime in July, and I hope you all will understand and allow this time for MotoJunkie01 to attend to his personal matters. Signed: ResistanceIsFutile*_


----------



## MotoJunkie01 (Apr 24, 2017)

Here is an updated link (as an alternative to the broken link in the OP) for the  Stock 5.1.1 Firmware package for the LG Optimus Zone 3, Build No. VS425PP2. A more recent Build, VS425PP6, will be added to this download folder as well. I have included an LG flashing utility (LG-UP) v1.14.3, the LG Mobile Driver package v4.0.4, and the LG-UP Windows Installer Package (MSI) for the VS425PP. 
PLEASE NOTE: I have no information regarding the effectiveness of attempting to downgrade to VS425PP2 from the current VS425PP7 build.  Successful downgrading was discussed previously in this thread, as well as another thread for this device. I can confirm through my own experience, that VS425PP2 can be fully rooted using the KingRoot one-click APK. SuperSU-ME Pro may then be used to remove the Chinese superuser binaries and replace them with the more preferred SuperSU binaries. 
Flash this firmware at your own risk. If you brick your device I'll laugh and call you bad words behind your back. And then, yes, I will nevertheless make an attempt to help you recover your device. 

DOWNLOAD LINK:
https://drive.google.com/folderview?id=0B7-zQU1VihD3eEt2alRQVE42em8


----------



## MotoJunkie01 (Apr 25, 2017)

Download link updated:  Stock Android 5.1.1 (VS425PP6) has been added in the Download Link.


----------



## ekym (May 17, 2017)

MotoJunkie01 said:


> Download link updated:  Stock Android 5.1.1 (VS425PP6) has been added in the Download Link.

Click to collapse



Just wanted to say thanks to MotoJunkie01 and everyone else who has been contributing, for all the great reading in the two threads about this cheap little phone. I enjoyed reading them both the past couple of days. I would love to get root on this device and I have yet to try the downgrade option but I might give it a try later tonight. 

Was sorta holding out in hopes it would become easier if I waited patiently, just to ask the question has there been any more development in the past month that I should read about before I try this? the LGS425PP ?


----------



## MotoJunkie01 (May 21, 2017)

I just picked up a new Zone 3 today at a local dollar store for a few bucks. My device has the most recent firmware, VS425PP7 installed. I will be actively working on this device again as far as seeking root methods. Also, I will refresh the link for the LG/Verizon Software Update & Repair Utility this weekend. 

 Sent from my XT1526 using XDA Forums Pro.


----------



## Nat82k14 (May 21, 2017)

I would like to Thank a few Members, I got my zone 3 rooted from downgrading to vs425pp2. Motojunkie01 and matt4787 now what is some of the stuff I could possibly delete thanks in advance. I should also mention I used kingoroot pc version


----------



## MotoJunkie01 (May 22, 2017)

Nat82k14 said:


> I would like to Thank a few Members, I got my zone 3 rooted from downgrading to vs425pp2. Motojunkie01 and matt4787 now what is some of the stuff I could possibly delete thanks in advance. I should also mention I used kingoroot pc version

Click to collapse



Out of curiosity, what version did you downgrade from? The latest vs425pp7? If you are speaking of debloating, simply do this. Use Aptoide to download an app called System App Manager. The icon is a lime green colored round gear. This root app allows you to backup your system apps before deleting. It also allows you to convert system apps to user apps and vise versa. You can safely delete pretty well all of the Google bloat as well as most of Verizon's preinstalled crapware. I would avoid tampering with the Setup Wizard and the LG provisioning apps. 
To assist other members, please take a few moments to post details on your method of downgrading, the version you downgraded from, any difficulties you encountered, etc. If you downgraded from pp7 to pp2 with no great difficulty, details of your method can be used for an updated thread on this device. Thank you for sharing.


----------



## MotoJunkie01 (May 22, 2017)

@iHelp101, do you still actively mess with this device? If the latest firmware (vs425pp7) can be downgraded (by your method) without any serious hitches, we should draft a new thread on a universal root method for this device. Let me know what you think. Thanks.


----------



## Sharky007 (May 23, 2017)

I got root access with downgrade from vs425pp7 to vs425pp2 then kingroot apk using this method!!  Thank you!  So far there is a slight problem with a boot loop during every startup.  I counted 4 times it tries before a successful boot.

EDIT: stuck in bootloop after a couple of restarts.


----------



## MotoJunkie01 (May 23, 2017)

Thanks.  I'm actively downgrading my device to vs425pp2 as well. My guess is that the boot loop is caused from the /rct partition. (LG's filesystem based "Root Checker Tool" that checks not only for the SU daemon in the OS, but also monitors for any type of partition index/filesystem alterations which fall outside of "norma"l methods. Downgrading probably triggers /rct, which in turn trips a q-fuse and reports to SELinux that Software Status is "Modified".  For whatever reason, this seems to make the OS buggy in certain regards, including boot up & Display DPI. Just a guess though, I may be way off base there. But, the fact remains that this device doesn't do well after a firmware downgrade -- or at least after certain types of downgrades. Should we be able to get this downgrading to go smoother, a universal root method will result. We are so close. 

 Sent from my Lenovo TB3-850F using XDA Forums Pro.


----------



## Nat82k14 (May 23, 2017)

MotoJunkie01 said:


> Out of curiosity, what version did you downgrade from? The latest vs425pp7? If you are speaking of debloating, simply do this. Use Aptoide to download an app called System App Manager. The icon is a lime green colored round gear. This root app allows you to backup your system apps before deleting. It also allows you to convert system apps to user apps and vise versa. You can safely delete pretty well all of the Google bloat as well as most of Verizon's preinstalled crapware. I would avoid tampering with the Setup Wizard and the LG provisioning apps.
> To assist other members, please take a few moments to post details on your method of downgrading, the version you downgraded from, any difficulties you encountered, etc. If you downgraded from pp7 to pp2 with no great difficulty, details of your method can be used for an updated thread on this device. Thank you for sharing.

Click to collapse



I actually started with vs425pp8, I used the lgup app, and flashed pp2 using the upgrade on lgup. From there after everything booted up I started kingoroot pc version. Everything went ok until it rebooted into download mode saying firmware update! I removed the battery with kingoroot still up on my laptop and turned the phone back on then plugged it back in and continued to let kingoroot do it's thing .  It finished and said my phone was rooted and installed battery saver and superuser I will make a folder and upload it later today on everything I used and hopefully it will help some of you fellow lg vs425pp users.:good:


----------



## MotoJunkie01 (May 23, 2017)

Cool. On the vs425pp8 build, what is the Android Security Patch Level?

 Sent from my Lenovo TB3-850F using XDA Forums Pro.


----------



## Nat82k14 (May 23, 2017)

MotoJunkie01 said:


> Cool. On the vs425pp8 build, what is the Android Security Patch Level?
> 
> Sent from my Lenovo TB3-850F using XDA Forums Pro.

Click to collapse



The security patch level was up at  3-30-2017

I also will be doing some tinkering around with the lgup app and seeing what I can get into as far as building off pp2 build


----------



## MotoJunkie01 (May 23, 2017)

Good idea. I'm doing the same.


----------



## Nat82k14 (May 24, 2017)

Messing around on the pp2 I was able to use the refurbish on the LGUP and set up my vs425pp as a new device and got down to roughly 120 process/apps in the phone not including the few I put into it.


----------



## ekym (May 25, 2017)

I'll add my two cents since I learned allot from this thread.  None of mine have had any other software version other then 425P5. 
10 units total, 6 rooted, 4 will not.  (I don't think it's so much that they won't root, it's that they wont run 425P2)

Serial numbers that began with 610XXXXXXX and 702CXXXXXX  ran 425P2 and I was able to root them with kingroot.
Serial numbers that began with 611CXXXXXX and 701CXXXXXX are the phones that would not run 425P2, I have 2 of each.

Of the one's I have tried the 610CXXXXXX  batch are  the best, they only boot loop 1 or 3 times when restarted, kingroot and supersu-pro worked perfectly. I don't know if it's supersu-pro that stabilizes them a little or not, just an observation. (I have 2 of these) 

The phone's from the 702CXXXXXX batch (this is what I get if I buy one today) will run 425P2 and root with kingroot, but then kingroot can't be removed with supersu-pro, they typically boot loop 6 to 10 times when restarted with only kingroot on them. (I have 4 of these) 

Any time I have run into an issue where the phone would not run 425P2, I have been able to put 425P6 on and the phone is fine, just no root. 

This is really such a nice cheap phone when rooted, it is a shame that we have the boot loop and that not all can be rooted. 
I don'''t know if any of this information is useful or not, feel free to let me know if anything needs testing or if you have any addition questions.


----------



## Nat82k14 (May 25, 2017)

ekym said:


> I'll add my two cents since I learned allot from this thread.  None of mine have had any other software version other then 425P5.
> 10 units total, 6 rooted, 4 will not.  (I don't think it's so much that they won't root, it's that they wont run 425P2)
> 
> Serial numbers that began with 610XXXXXXX and 702CXXXXXX  ran 425P2 and I was able to root them with kingroot.
> ...

Click to collapse



Just curious did you try to root the phones through LGUP and try running upgrade option with pp2 firmware ?


----------



## ekym (May 25, 2017)

Nat82k14 said:


> Just curious did you try to root the phones through LGUP and try running upgrade option with pp2 firmware ?

Click to collapse



I have always only used LGUP from the default "Refurbish" I did not know there were any other options.


----------



## Nat82k14 (May 25, 2017)

ekym said:


> I have always only used LGUP from the default "Refurbish" I did not know there were any other options.

Click to collapse




On my process list I have the following.

Also* I typed up a small tut on what I did to get root on my phone


----------



## Nat82k14 (May 25, 2017)

I'm going to share everything I used, assuming everybody has the firmware already. If it's needed I have pp2,https://drive.google.com/open?id=0Bz-oxekCesZeSS1UYVVQWkhxeVk I hope this helps fellow lg vs425pp users


----------



## Sharky007 (May 25, 2017)

---------- Post added at 10:51 PM ---------- Previous post was at 10:43 PM ----------

Looking through some threads found a hidden menu apk that has a lot of stuff that might help  later on maybe someone will find more use out of it..  Check out the thread https://forum.xda-developers.com/v20/help/lg-v20-cdma-to-lte-gsm-switch-via-t3602409.


----------



## Sharky007 (May 27, 2017)

Can someone please post a link to a recovery.img please the other link is dead!


----------



## MotoJunkie01 (May 28, 2017)

Sharky007 said:


> Can someone please post a link to a recovery.img please the other link is dead!

Click to collapse



Yeah I just requested stock boot & recovery images on the other thread too. Modem & radio firmware files would be nice too.


----------



## vordhosbn (Jun 5, 2017)

My serial number starts with 612. Can't flash vs425pp2 or downgrade protection on lgup kicks in! made my screen go all black and white bars. so i flashed it with VS425PP6 and it still works just fine... but.... no root 

when i have more time maybe i will try hex editing the pp2 firmware to make it look newer so downgrade protection wont kick in?


----------



## Nat82k14 (Jun 5, 2017)

Well for a cheap phone the lg optimus zone 3 has held up in not one but two toilet dips hahaha


----------



## Astr4y4L (Jun 5, 2017)

can anyone please help me get an .img file for the radio/modem from the pp4


----------



## Astr4y4L (Jun 5, 2017)

*pp7*

ok so i have the pp7 version and im able to downgrade to pp2 and root. (with bootloops) but for some reason when i go to pp2 i loose the 4glte and infact all connectivity except wifi and i assume bluetooth (not concerned with bluetooth) at top of screen shows the signal bars with a little ( x ) in front....

HOWEVER upon upgradeing to pp4 i get 4g lte and such but no root...

id like to use flashfire to try to flash the radio from pp4 while staying on pp2....
any suggestions?

edit--- also noticed on lockscreen message says ( Service Disabled )
and watching logcat at boot something about moving airplane_is_on from settings > to settings_global
@motojunkie   how do i go about killing the /laf ?  i have also a lg k120 spree which seems identical except for ram... and i cant get the aio cricket firmware.kdz to flash it.. (stuck in boot) i flashed the wrong recovery on it


----------



## MotoJunkie01 (Jun 6, 2017)

Astr4y4L said:


> ok so i have the pp7 version and im able to downgrade to pp2 and root. (with bootloops) but for some reason when i go to pp2 i loose the 4glte and infact all connectivity except wifi and i assume bluetooth (not concerned with bluetooth) at top of screen shows the signal bars with a little ( x ) in front....
> 
> HOWEVER upon upgradeing to pp4 i get 4g lte and such but no root...
> 
> ...

Click to collapse



Here's a thread on nuking /laf. This was a common workaround to forcing fastboot mode, dating back to the LG G2. 
https://forum.xda-developers.com/showthread.php?t=2708466


----------



## Astr4y4L (Jun 6, 2017)

*@motojunkie*

awsome thanks, im checking it out,,,, also found the .kdz for  lg k120 but its wrong version lgup wont flash it...
any way to trick it into flashing it ?

---------- Post added at 01:36 AM ---------- Previous post was at 01:23 AM ----------




MotoJunkie01 said:


> Here's a thread on nuking /laf. This was a common workaround to forcing fastboot mode, dating back to the LG G2.
> https://forum.xda-developers.com/showthread.php?t=2708466

Click to collapse


 @motojunki
just looking at the thread you sent... seems im stuck with the stupid lg-k120 because i killed the recovery so its stuck at secure-boot error.... any way to kill that sucker from download mode? it wont boot to recovery or the /os  ?

and iff i kill /laf  would there be a way to restore it?


----------



## MotoJunkie01 (Jun 6, 2017)

Astr4y4L said:


> awsome thanks, im checking it out,,,, also found the .kdz for lg k120 but its wrong version lgup wont flash it...
> any way to trick it into flashing it ?
> 
> ---------- Post added at 01:36 AM ---------- Previous post was at 01:23 AM ----------
> ...

Click to collapse



/laf basically is your Download Mode, so that's a good question. Is your bootloader unlocked?


----------



## Astr4y4L (Jun 6, 2017)

@motojunki
i think on the vs425pp it is but the k120b i dont know it says secure boot error, bla,bla,bla...

question ...how come the verizon is setting its self to cdma only?
i found some krap in build.prop like "phone airplane on=1" or some krap. i erased it but nothing changes?

---------- Post added at 06:30 AM ---------- Previous post was at 05:50 AM ----------

[/COLOR @motojunki
any way to kill /laf with a pin mod or short circut something on the board?
or what about editing the .kdz to cheat the lgup tool?
im running rhel 7, and have windows 10 on other workstation.
are there any other tools for interfaceing with "download-mode" ?


----------



## MotoJunkie01 (Jun 6, 2017)

Astr4y4L said:


> @motojunki
> i think on the vs425pp it is but the k120b i dont know it says secure boot error, bla,bla,bla...
> 
> question ...how come the verizon is setting its self to cdma only?
> ...

Click to collapse



On the earlier builds, VS425PP1 & PP2, I recall enabling GSM/WCDMA & actually testing T-Mobile & AT&T. Did you read over my directions on that? As I recall, build.prop edits and removal of certain Verizon system apps will enable global capabilities. I would have to refresh my memory, but it is actually outlined in one of these Zone 3 threads. I'm also not certain as to whether the actual firmware build is relevant to global mode. (On the Moto E LTE xt1528, for example, which can be used on any GSM carrier on stock 5.0.2 firmware, Verizon patched -- or at least attempted to patch -- GSM capabilities of the device in subsequent 5.1 builds.) Anyway, good questions you raise. I'll try to take a look into this again when spare time permits.


----------



## Astr4y4L (Jun 6, 2017)

@motojunki

that would be awsome ! i really like the vs425pp when rooted but getting the network signal lte and such is very important or i have basically a micro tablet. it picks up signal on pp4 just fine......

is there any way you could link me to a copy of build.prop with the correct settings and edits ? i can easily just replace the whole damn file...


----------



## Astr4y4L (Jun 7, 2017)

Been fooling with the lglaf.py scripts all day.
Didn't get far. Did accomplish communication between the phone and python. Don't have a clue about  the commands or proper syntax to use it . @motojunki
I installed. The hiddenmenu.apk  and fooling with it I set my other mobile number as an emergency number and guess what. ....
I suddenly got full bars and it rang . but then I was redirected to an operator to place a calling card or collect call.
All the while the screen looked all scary like it really was calling 911.
Anyway this means something is somehow disabling my radio for regular services.
I can't figure it out ... 

If anyone can make the flashfire backup of relevant partitions I'd  like to try that route 
Anyone. ....little help please?
Thanks


----------



## Nat82k14 (Jun 7, 2017)

Astr4y4L said:


> Been fooling with the lglaf.py scripts all day.
> Didn't get far. Did accomplish communication between the phone and python. Don't have a clue about  the commands or proper syntax to use it . @motojunki
> I installed. The hiddenmenu.apk  and fooling with it I set my other mobile number as an emergency number and guess what. ....
> I suddenly got full bars and it rang . but then I was redirected to an operator to place a calling card or collect call.
> ...

Click to collapse



I can try and get those started, and try and have those up later today.


----------



## Astr4y4L (Jun 7, 2017)

Nat82k14 said:


> I can try and get those started, and try and have those up later today.

Click to collapse



Thanks so much that would be exellent
Maby if i flash those ill get signal again ...


----------



## Nat82k14 (Jun 7, 2017)

Astr4y4L said:


> Thanks so much that would be exellent
> Maby if i flash those ill get signal again ...

Click to collapse



I went from pp8 to pp2 on update from lgup, then after it finished I used the refurbish feature booted it up and have a full signal


----------



## MotoJunkie01 (Jun 7, 2017)

Astr4y4L said:


> Been fooling with the lglaf.py scripts all day.
> Didn't get far. Did accomplish communication between the phone and python. Don't have a clue about the commands or proper syntax to use it . @motojunki
> I installed. The hiddenmenu.apk and fooling with it I set my other mobile number as an emergency number and guess what. ....
> I suddenly got full bars and it rang . but then I was redirected to an operator to place a calling card or collect call.
> ...

Click to collapse



I don't get much time for Android these days. Too many hours working right now cuts my free time to very little. Its good to see this thread continue to grow and to see all the newer members coming in as well. Hopefully I'll have time to break out my Zone 3 again before long to continue where left off.


----------



## Astr4y4L (Jun 7, 2017)

Nat82k14 said:


> I went from pp8 to pp2 on update from lgup, then after it finished I used the refurbish feature booted it up and have a full signal

Click to collapse



awsome ,ill try to "refurbish" to pp8, then "upgrade" to pp2 , then refurbish again? i gotta find pp8 and download it again.....

note have xposed working fairly well.....


----------



## Astr4y4L (Jun 7, 2017)

MotoJunkie01 said:


> I don't get much time for Android these days. Too many hours working right now cuts my free time to very little. Its good to see this thread continue to grow and to see all the newer members coming in as well. Hopefully I'll have time to break out my Zone 3 again before long to continue where left off.

Click to collapse



yes i understand. it stinks when you have a passion for something and someone or something (ie. work) gets in the way.
but we gotta live right. somebody gotta pay the bills right.

and since theres others with the device , and i can flash back to stock..... i will persistantly try to crack&hack this device untill/unless I accidentally tell it to be a toaster (like the lg spree k120 i killed) lol!

---------- Post added at 08:43 PM ---------- Previous post was at 07:58 PM ----------

ok so im upgradeing to pp8. then im going to try to go back to pp2 and see if i get signal....
at 26% and counting...
hope it dont trip some kind a  no roll back in update

---------- Post added at 08:57 PM ---------- Previous post was at 08:43 PM ----------

we have boot on pp8

---------- Post added at 09:03 PM ---------- Previous post was at 08:57 PM ----------

does anyone have idea how to hex edet .kdz file... id like to change the identifier of the version....

anyways i have full signal now....how to keep that upon downgrade

---------- Post added at 09:36 PM ---------- Previous post was at 09:03 PM ----------

now "refurbish" to pp2 39%

---------- Post added at 10:12 PM ---------- Previous post was at 09:36 PM ----------

no signal ..... i cant figure this out......
............................................................................................................Banging my head............................................................................

back to square 1 ......

@ Nat82k14
any luck on those flashfire files? and is this from a working device?  that gets signal?
this could be my only hope for haveing signal

---------- Post added at 10:21 PM ---------- Previous post was at 10:12 PM ----------

update this time its telling me This sim card is not from verizon Wireless...

---------- Post added at 10:27 PM ---------- Previous post was at 10:21 PM ----------

any body know the security patch date for the pp4 ? im haveing vision of cow ... a dirty stinkin cow .

---------- Post added at 10:31 PM ---------- Previous post was at 10:27 PM ----------

any body know the security patch date for the pp4 ? im haveing vision of cow ... a dirty stinkin cow .

---------- Post added at 11:18 PM ---------- Previous post was at 10:31 PM ----------

heres a sample from logcat
############################################################################################
V/KeyguardUpdateMonitor( 2713): *** register callback for [email protected]
V/KeyguardUpdateMonitor( 2713): *** unregister callback for null
D/CarrierText( 2713): onRefreshCarrierInfo()
D/KeyguardUpdateMonitor( 2713): getSimStateForSlotId() slotId - 0
D/KeyguardUpdateMonitor( 2713): getSimStateForSlotId() return simState - UNKNOWN
D/CarrierText( 2713): simState: UNKNOWN,  carrierText: No service.
D/FingerprintProtector( 3753): No SW version info
W/Settings( 2713): Setting airplane_mode_on has moved from android.provider.Settings.System to android.provider.Settings.Global, returning read-only value.
D/CarrierText( 2713): allSimsMissing - true
D/CarrierText( 2713): onSimStateChanged() subId: -1,  slotId: -1,  simState: UNKNOWN
D/KeyguardUpdateMonitor( 2713): getSimStateForSlotId() slotId - 0
D/KeyguardUpdateMonitor( 2713): getSimStateForSlotId() return simState - UNKNOWN
D/CarrierText( 2713): simState: UNKNOWN,  carrierText: No service.
W/Settings( 2713): Setting airplane_mode_on has moved from android.provider.Settings.System to android.provider.Settings.Global, returning read-only value.
D/CarrierText( 2713): allSimsMissing - true
I/PhoneWindow( 3461): [setNavigationBarColor] color=0x ffffffff
I/[LGHome]EVENT( 3461): [LauncherModel.java:369:startLoader()]startLoader isLaunching=true
I/[LGHome]Launcher.Model( 3461): [LauncherModel.java:387:startLoader()]mManagedProfileRunnables clared.
I/[LGHome]EVENT( 3461): [LoaderTask.java:164:run()]try reloadDefaultWorkspace!
I/[LGHome]EVENT( 3461): onStart
W/ActivityManager(  879): Unable to start service Intent { act=com.lge.appbox.commonservice.update cmp=com.lge.appbox.client/com.lge.appbox.service.AppBoxCommonService (has extras) } U=0: not found
I/[LGHome]EVENT( 3461): onResume
I/ThermalEngine(  415): Sensor:xo_therm:43000 mC
I/[LGHome]LGActivityUtil( 3461): [LGActivityUtil.java:206:notifyToWeatherWidget()]broadcast to weather widget, intent: com.lge.launcher2.RESUME
I/[LGHome]EVENT( 3461): onResume end
I/Activity( 3461): Activity.onPostResume() called 
I/ViewRootImpl( 3461): CPU Rendering VSync enable = true
D/SplitWindow(  879): check instance of lgWin Window{14bc93b9 u0 com.lge.launcher2/com.lge.launcher2.Launcher}
V/WindowManager(  879): Based on layer: Adding window Window{14bc93b9 u0 com.lge.launcher2/com.lge.launcher2.Launcher} at 0 of 8
I/[LGHome]EVENT( 3461): [LauncherModel.java:213nReceive()]onReceive intent android.intent.action.CONFIGURATION_CHANGED
I/[LGHome]EVENT( 3461): [LauncherModel.java:230nReceive()]Configuration Changed: {1.0 310mcc4mnc en_US ldltr sw320dp w320dp h496dp 240dpi nrml port finger -keyb/v/h -nav/h s.8fontTypeIndex0 defclr=0xff000000}
I/[LGHome]EVENT( 3461): [LauncherModel.java:235nReceive()]Previous Configuration: {1.0 ?mcc?mnc en_US ldltr sw320dp w320dp h496dp 240dpi nrml port finger -keyb/v/h -nav/h s.7fontTypeIndex0 defclr=0xff000000}
I/Device  ( 3808): BUILD Country: US
I/Device  ( 3808): BUILD Operator: VZW
E/Device  ( 3808): unknown operator code=VZW
E/Device  ( 3808): unknown ext operator code=VZW
I/Device  ( 3808): BUILD Ext Operator: NONE
W/art     ( 3604): Verification of void cyf.OnActionReceived(android.content.Intent, android.content.Context) took 222.500ms
E/ConfigUtils( 3808): ConfigUtils - unknown sim operator code=UNKNOWN
D/WallpaperManager( 3461): suggestDesiredDimensions(960, 854) by package(com.lge.launcher2)
W/ContentService(  879): Observer [email protected] is already registered.
E/USB_UICC(  393): Timeout! No signal received. Retry num = 20
D/WifiServerServiceExt(  879): Enter updateSimState(), State = NOT_READY
I/WifiServiceInternal(  879): mReceivedUSimReceiver : true
W/ContentService(  879): Observer [email protected] is already registered.
I/WifiServiceInternal(  879): onReceive1 ACTION_SIM_STATE_CHANGED stateExtra : NOT_READY
I/VT_SoundManager( 3808): VT_SoundManager - Create SoundManager
D/LGActivationService( 3373): LGActivationBroadcastReceiver : android.intent.action.SIM_STATE_CHANGED
D/OTASIMStateManager( 3373): OTASIMStateManager create!
D/OTASIMStateManager( 3373): onSIMStateChange : NOT_READY
D/GpsLocationProvider(  879): receive broadcast intent, action: android.intent.action.SIM_STATE_CHANGED
D/GpsLocationProvider(  879): received SIM realted action: 
#############################################################################################

this line in particular interests me,
W/Settings( 2713): Setting airplane_mode_on has moved from android.provider.Settings.System to android.provider.Settings.Global, returning read-only value.
because if i can spoof the other data and reverse this , i should be on track to ....something?


----------



## Nat82k14 (Jun 8, 2017)

Not as of yet! I got stuck on a boot loop but I'm still pucking away.


----------



## Nat82k14 (Jun 8, 2017)

I'm going to have to go and get an SD Card. Hopefully my SD slot isn't shot due to a few toilet trips!


----------



## Astr4y4L (Jun 9, 2017)

*Dirtycow works on pp4*

Limited context....
Selinux enforcing.....
But i got root shell on pp4...  useing the dirtycow run-as trick.
This is my idea.... combine code from vikiroot/github and @jcadduono recowvery from the v20 project...
Create a method to pull boot img and patch it . Then dirtycow the install_recovery.sh to install our own recovery. Except its not... its our patched boot that boots system with selinux permissive .then we root and use flashfire to flash our patched boot
To /boot and our stock recovery_backup to /recovery ...
At that point we could be permissive on every boot and install/inject su forperm root.
but ill need help. Theres a learning curve. and im self taught...
Any one want to research this?  @motojunki
Do u know any good programmers? 
maby we could use python.py scripts...


----------



## Astr4y4L (Jun 10, 2017)

@ Nat82k14
so how did it go with /Toilet_SD  ?

and is anyone else actively working on this device?
im researching the "Exploit Database" [google it] and trying to understand the last few android security patches im running under {patch level 2016-08-01}
and they patched some things that are listed as possibilities for (privilege escalation) and remote code execution.....
oh and i can replace the content of ANY file using dirtycow. but its only persistant untill reboot.... still havent gotten to the SElinux thing yet....  man what a pain !

anybody comfortable with python?


----------



## Sharky007 (Jun 11, 2017)

I tired dirty cow https://github.com/timwr/CVE-2016-5195 and kept getting an error. 

make root
ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./Android.mk APP_ABI=armeabi-v7a APP_PLATFORM=android-22
make[1]: Entering directory `/home/timothy/Downloads/new'
[armeabi-v7a] Install        : dirtycow => libs/armeabi-v7a/dirtycow
[armeabi-v7a] Install        : run-as => libs/armeabi-v7a/run-as
make[1]: Leaving directory `/home/timothy/Downloads/new'
adb push libs/armeabi-v7a/dirtycow /data/local/tmp/dcow
412 KB/s (17880 bytes in 0.042s)
adb shell 'chmod 777 /data/local/tmp/dcow'
adb shell 'chmod 777 /data/local/tmp/dcow'
adb push libs/armeabi-v7a/run-as /data/local/tmp/run-as
307 KB/s (13784 bytes in 0.043s)
adb shell '/data/local/tmp/dcow /data/local/tmp/run-as /system/bin/run-as'
WARNING: linker: /data/local/tmp/dcow: unused DT entry: type 0x6ffffffe arg 0x828
WARNING: linker: /data/local/tmp/dcow: unused DT entry: type 0x6fffffff arg 0x1
dcow /data/local/tmp/run-as /system/bin/run-as
warning: new file size (13784) and destination file size (9444) differ

corruption?

[*] size 13784
[*] mmap 0xb6ea2000
[*] currently 0xb6ea2000=464c457f
[*] using ptrace method
[*] madvise = 0xb6ea2000 13784
/data/local/tmp/dcow: ptrace(PTRACE_POKETEXT): I/O error
/data/local/tmp/dcow: ptrace(PTRACE_POKETEXT): I/O error
/data/local/tmp/dcow: ptrace(PTRACE_POKETEXT): I/O error
/data/local/tmp/dcow: ptrace(PTRACE_POKETEXT): I/O error
/data/local/tmp/dcow: ptrace(PTRACE_POKETEXT): I/O error
^Cmake: *** [root] Interrupt


----------



## Astr4y4L (Jun 11, 2017)

Sharky007 said:


> I tired dirty cow https://github.com/timwr/CVE-2016-5195 and kept getting an error.
> 
> make root
> ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./Android.mk APP_ABI=armeabi-v7a APP_PLATFORM=android-22
> ...

Click to collapse





ok problem is simple you used wrong tool...
i used dirtyc0w temporary root shell tool, Edited And Repacked By Vineeth Penugonda , XDA Member Name: @vineethp97
see https://forum.xda-developers.com/android/software-hacking/root-tool-dirtycow-apk-adb-t3525120
download root_tool adb version no luck with the .apk
also are you useing linux or windows?
dirtycow exploit binary files need to be compiled on linux that has not been patched .
i had no luck on windows at all
this is a tool {pre-compiled} that will run on windows but was very easy to work with in linux...
i downloaded the zip.
unzip
cd into root_tool,
use text editor to open "run.sh"
and in terminal from "root_tool" directory
chmod 777 -R  *
and then run each line of the code in run.sh one by one 
and at the end you get very limited root shell through "run-as con"
but heres my favorite part after this operation you will have "/data/local/tmp/dirtycow"
which you can use again to dirtycow other files than just the run-as...
the {]https://github.com/timwr/CVE-2016-5195}  version is harder to get to work no luck with it but
feel free to try what i've suggested and see what results you get.
id love to collaborate with some motivated Dev/programer/android hacker to get root past version pp2...
pp2 isn't good for me so far, cant get radio-baseband working on pp2.

hey does anyone got a better download link for pp2 maby "Mega"  or "dropbox" im afraid maby i keep getting a bad version of pp2.
can anybody link me to confirmed working firmware pp2?

Thanks
Astr4y4L


----------



## Nat82k14 (Jun 11, 2017)

I can give me a few minutes. As for the images some were requesting, this phone does not like root flash fire! it keeps scripting then reeboots and gets stuck on the verizon boot.


----------



## Astr4y4L (Jun 11, 2017)

Nat82k14 said:


> I can give me a few minutes. As for the images some were requesting, this phone does not like root flash fire! it keeps scripting then reeboots and gets stuck on the verizon boot.

Click to collapse



Very unfortunate....
We need a way to extract firmware and edit then repack to either .Tot or .kdz and also some way to force lgup to flash it...

@Nat82k14
Is this pp2 working on your device and getting cellular signal?
And is your device activated on verizons network?

My device has never been activated. Wondering if that matters...


----------



## Nat82k14 (Jun 11, 2017)

Astr4y4L said:


> Very unfortunate....
> We need a way to extract firmware and edit then repack to either .Tot or .kdz and also some way to force lgup to flash it...
> 
> @Nat82k14
> ...

Click to collapse



That could be a possibility. My phone's sim is active, and I have signal. It may not be high at the moment but I'm inside so it might affect the device.


----------



## Astr4y4L (Jun 11, 2017)

Nat82k14 said:


> That could be a possibility. My phone's sim is active, and I have signal. It may not be high at the moment but I'm inside so it might affect the device.

Click to collapse



Right.....
I dont have an active sim for verizon.
I have cricket and one on tmobile government subsity .
Iv tried the sim hack by @motojunki 
But evidently im missing some important step

---------- Post added at 07:48 PM ---------- Previous post was at 07:45 PM ----------




Nat82k14 said:


> That could be a possibility. My phone's sim is active, and I have signal. It may not be high at the moment but I'm inside so it might affect the device.

Click to collapse



Right.....
I dont have an active sim for verizon.
I have cricket and one on tmobile government subsity .
Iv tried the sim hack by @motojunki 
But evidently im missing some important step

---------- Post added at 07:53 PM ---------- Previous post was at 07:48 PM ----------

Still... want to make sure iv got 100% working firmware. 
So thanks in advance for the better link Nat


----------



## Nat82k14 (Jun 11, 2017)

I found a droid explorer but nothing really promising yet


----------



## Astr4y4L (Jun 11, 2017)

Nat82k14 said:


> I found a droid explorer but nothing really promising yet

Click to collapse



Whats droid explorer?

Has anyone tried lg_extractor ?

---------- Post added at 08:29 PM ---------- Previous post was at 08:13 PM ----------

Attention All

if anyone has the pp3 version or can find a link anywhere to the pp3 firmware i want to see if kingroot can do its thing to it...
anyone with pp3 please link also


----------



## Nat82k14 (Jun 11, 2017)

Basically it shows all the files in the phone and uses android sdk tools in the program

---------- Post added at 09:32 PM ---------- Previous post was at 09:28 PM ----------

Believe I ran across that program, it only extracts your personal data like sms, call longs, app data.


----------



## Nat82k14 (Jun 12, 2017)

Here's the like for pp2 https://drive.google.com/open?id=0Bz-oxekCesZeWmw1R1lvb2Y3ZWc


----------



## Astr4y4L (Jun 12, 2017)

does any one know if I make build.prop edits and then run "data/factory reset" will the edits to build.prop be lost or saved since its in /system   ???


----------



## Nat82k14 (Jun 12, 2017)

Astr4y4L said:


> does any one know if I make build.prop edits and then run "data/factory reset" will the edits to build.prop be lost or saved since its in /system ???

Click to collapse



Astray4l were you able to use the link I put up ?


----------



## Astr4y4L (Jun 12, 2017)

just got back to it hold on im on it now

---------- Post added at 04:26 AM ---------- Previous post was at 04:25 AM ----------

[/COLOR @Nat82k14
yes in fact im downloading now thanks very much 

---------- Post added at 05:01 AM ---------- Previous post was at 04:26 AM ----------




Astr4y4L said:


> just got back to it hold on im on it now
> 
> ---------- Post added at 04:26 AM ---------- Previous post was at 04:25 AM ----------
> 
> ...

Click to collapse




@Nat82k14
have you heard of anyone with a copy of the pp3 version?

---------- Post added at 05:49 AM ---------- Previous post was at 05:01 AM ----------

wowzers its going to take 37+ minutes to unzip with 7zip on my windows machine.....
fun times ... hey thanks for the file , im going to check it out tomarow.


----------



## Nat82k14 (Jun 12, 2017)

Astr4y4L said:


> just got back to it hold on im on it now
> 
> ---------- Post added at 04:26 AM ---------- Previous post was at 04:25 AM ----------
> 
> ...

Click to collapse





No I can't say that I have. But let me get back to my laptop and I'll send you a message.


----------



## Astr4y4L (Jun 12, 2017)

@motojunki01
can you please help me get the carrier-lock bullkrap bypassed... its giving me hell !

thanks,
Astr4y4L


----------



## Nat82k14 (Jun 12, 2017)

Everyone using PP2 have your SD card reading?

---------- Post added at 02:52 PM ---------- Previous post was at 02:14 PM ----------

Sorry  Astr4y4L, only seen PP2 and PP4-PP8. But no PP3

Nevermind on the SD card I confirmed the toilet killed the SD slot lol oh well phone still works


----------



## Astr4y4L (Jun 13, 2017)

OOOOOPPPPSSSS!!!!!!!
well i tried to change the apn settings but couldnt so i replaced build.prop with the one from cricket spree.{same hardware} so it changed some things then i accidentally deleated system settings app...
on reboot i ended up with stuck on verizon red screen ...
then i somehow got to {recovery} but factory reset was the wrong option as now it doesnt respond to adb ...
and cant flash back on lgup becuse lgup thinks phone is a spree now....
tried on a whim to flash spree.kdz but it quits at 4% saying wrong file...
i guess i need to figure out how to modify lgup so as to not check files just flash and brick be damned....

well any suggestions ?


----------



## Nat82k14 (Jun 13, 2017)

Astr4y4L said:


> OOOOOPPPPSSSS!!!!!!!
> well i tried to change the apn settings but couldnt so i replaced build.prop with the one from cricket spree.{same hardware} so it changed some things then i accidentally deleated system settings app...
> on reboot i ended up with stuck on verizon red screen ...
> then i somehow got to {recovery} but factory reset was the wrong option as now it doesnt respond to adb ...
> ...

Click to collapse



Do you have the upgrade and repair app on your computer?  Maybe you can try the repair assistant.


----------



## Astr4y4L (Jun 13, 2017)

Can you link

---------- Post added at 06:27 AM ---------- Previous post was at 05:44 AM ----------

going to try tomarrow with , "Uppercut tool" by xda member @autoprime . if none of the above works im going to try to disassemble "lgup" modify / edit resources and recompile it...
wish me luck i'll need it .


----------



## Adventurerre (Jun 13, 2017)

I'm going to have to go and get an SD Card.


----------



## Nat82k14 (Jun 13, 2017)

https://drive.google.com/open?id=0Bz-oxekCesZeNG53Y01iVENXUm8 Here's the LG Mobile support tool.


----------



## Astr4y4L (Jun 14, 2017)

UPDATE:
IS IT DEAD ?
Signs point to paperweight.....
Im at A loss


----------



## Astr4y4L (Jun 14, 2017)

another UPDATE :
lg support tool recognizes as vs425pp.. but also see's k120b firmware...
all tries to update fail...
so i found in options something called update-recovery or some such...
with phone connected it does nothing but once started unplug phone quickly and get error box "cant detect phone enter info ( i chose lookup by imie number )" and it started downloading what i hope to be firmware for vs425pp its still downloading at 9% says two steps to go after download finishes... looks like a phone emoji with an arrow " download-mode flash device ?" is next and finnally a clipboard with a checkmark " finish-checklist?" 
Any ways  its all connected and doing stuff  "mysterious stuff"
eta= 1:54:15
so ill post back if this works-out if not ill update that its dead and maby try to open it to access the board maby i can improvise a jtag connection or something ... maby use a strong magnetic field to compleatly wipe the eeprom of something... 
Man.... in over my head and still scratching it .....
Astr4y4L


----------



## Sharky007 (Jun 15, 2017)

Astr4y4L said:


> another UPDATE :
> lg support tool recognizes as vs425pp.. but also see's k12b firmware...
> all tries to update fail...
> so i found in options something called update-recovery or some such...
> ...

Click to collapse



Any update I'm curious...   I heard of short test for other devices similar maybe this has one but any further than that and I'm lost.  A search for some other threads for info might be of some use!


----------



## Astr4y4L (Jun 15, 2017)

*UPDATE*



Sharky007 said:


> Any update I'm curious...   I heard of short test for other devices similar maybe this has one but any further than that and I'm lost.  A search for some other threads for info might be of some use!

Click to collapse



 well after a long battle and lots of dropped connections it seems my Windows 10 is too corrupted at this point to even use so this morning I'm reinstalling Windows and then I'll reinstall the software repair tool and I think I may have a chance

---------- Post added at 02:37 PM ---------- Previous post was at 02:36 PM ----------

By the way does anybody know any Surefire root methods for mtk devices I have a really obscure China phone that I've been trying to crack forever if anyone could point me to a thread for that I'd really appreciate it too thanks
Astr4y4L


----------



## Nat82k14 (Jun 15, 2017)

Why didn't you just change the capability of the program to Windows 7 or less?


----------



## Astr4y4L (Jun 15, 2017)

running under win7 compatability....
to much malware in my sandbox....
something escaped and destroyed my windows installation   but reinstalled win 10 .... now if I can just get the stupid drivers installed again...... @MotoJunkie01 linked them in OP but all links lead to 404
and its giving me the blues...
Astr4y4L


----------



## Nat82k14 (Jun 15, 2017)

Astr4y4L said:


> running under win7 compatability....
> to much malware in my sandbox....
> something escaped and destroyed my windows installation   but reinstalled win 10 .... now if I can just get the stupid drivers installed again...... @MotoJunkie01 linked them in OP but all links lead to 404
> and its giving me the blues...
> Astr4y4L

Click to collapse



What Driver's exactly do you need ?


----------



## Astr4y4L (Jun 15, 2017)

WOOOHOOOO!!!!!!!!!!!!!!!!
Looks like the problem is if you install "lg-bridge and lg -airdrop" or what ever, the programs clash and support tool gives error...
but was able to use those to get drivers installed then removed the lg-blablabla and now support tool is working in win7 compatability mode flawlessly 
remember reading that people were having problems with this tool... maby that bit helps.
anyways , back at it with a stable connection fresh windows and such, currently at 23% and counting .
yesterdays attempt was on dualboot laptop win10/parrot sec OS and AMD hardware 3-4 gigs of ram, today I popped a different h-drive in my RHEL-server and installed windows10 with 6 gigs ram and Intel hardware,
now at 29% much faster !!!!
well guys & gals wish me luck 
Astr4y4L

---------- Post added at 04:19 PM ---------- Previous post was at 04:15 PM ----------

38% and counting


----------



## Nat82k14 (Jun 15, 2017)

Good Luck! Astr4y4L glad to see you have sorted out a few of the issues.


----------



## Astr4y4L (Jun 15, 2017)

55%

---------- Post added at 04:28 PM ---------- Previous post was at 04:26 PM ----------




Nat82k14 said:


> Good Luck! Astr4y4L glad to see you have sorted out a few of the issues.

Click to collapse



yes and thanks.
also on a side note if this works , it may also work for my bricked k120 spree {same hardware} that I accidentally flashed the wrong recovery on 

60%

---------- Post added at 04:36 PM ---------- Previous post was at 04:28 PM ----------

78%
ETA=9 minutes

---------- Post added at 04:51 PM ---------- Previous post was at 04:36 PM ----------

well 47 minutes in I had a "connectivity change and now I start over AAAAAAAAHHHHHHHH!!!!!!!

---------- Post added at 05:31 PM ---------- Previous post was at 04:51 PM ----------

Ok restarted using my neighbors bandwidth (highspeed over cable) thanks neighbor ! 
4g connection was being lame....
Now at 40 % 6 minutes left....
Also setting network as (metered connection) i guess stops onedrive and winupdate from hogging the bandwidth..
So moveing along nicely again 
Attempt 5 ?
Hell i cant remember anyways 4 minutes left
Please... please..... please work...

---------- Post added at 06:06 PM ---------- Previous post was at 05:31 PM ----------

ok it keeps downloading 1173.13mb  then going to some sort of error message looks like an ip addreass followed by a bunch of  question marks,
may be ftp error, IDK.
 2 minutes till we see if it does it again...

---------- Post added at 06:11 PM ---------- Previous post was at 06:06 PM ----------

wonder where this tool puts the data that its downloading?
too bad there isn't functionality to use .kdz files we already have with this tool...
as is if it errors you'll eat up your [data-plan] in a few tries....
thanks again neighbors with cox cable wifi !     
well ****...
heres the  error again
just shows 
[011.700.147.062.092]??? ???? ??? ? ? ????
and that's it ,
unplug phone plug back in.....
nothing changes...
any ideas ?

---------- Post added at 07:04 PM ---------- Previous post was at 06:11 PM ----------

so heres the problem..... according to log file
it seems it messes up at extraction...
can any one help with this ?
here is the log....
###############################################################
12:29:57 : Start Date : 2017-06-15 12:29:57
12:29:57 : -------- QM_Version mode ---------
12:29:57 : ***** Check Tool Version *****
12:29:57 : Tool version : 1.8.8.0
12:29:57 : UpgradeDLL version : 2.2.6.0
12:29:57 : Current Dir : C:\ProgramData\LGMOBILEAX\B2C_Client
12:29:57 : LGE USB Driver Version : 
12:29:57 : Android PDLV Version : 
12:29:57 : Android NDLV Version : 
12:29:57 : ******************************************
12:29:57 : [C:\ProgramData\LGMOBILEAX\Phone] Try to delete folder
12:29:57 : RemoveDirectory1 Error(2):C:\ProgramData\LGMOBILEAX\Phone
12:29:57 : Failed DeleteAllDir(C:\ProgramData\LGMOBILEAX\Phone\)
12:29:57 : SetEmerModeAT()
12:29:57 : *****CheckOS Start********
12:29:57 : Microsoft_Windows7_Professional_
12:29:57 : *****CheckPCSyncPrograms Start*****
12:29:57 : *****Enter Sleep*****
12:30:02 : *****Leave Sleep*****
12:30:02 : PCSyncPrograms Not Found - OK and ready to upgrade
12:30:02 : Verifying phone connection...
12:30:02 : dwWaitResetTime(40000 ms)
12:30:03 : _IsConnectedPhone Call
12:30:03 : _IsConnectedPhone(0)
12:30:03 : 0 - NotConnected.
12:30:03 : 1 - Normal connect success
12:30:03 : 2 - Emergency connect success
12:30:05 : _IsConnectedPhone Call
12:30:05 : _IsConnectedPhone(0)
12:30:05 : 0 - NotConnected.
12:30:05 : 1 - Normal connect success
12:30:05 : 2 - Emergency connect success
12:30:06 : _IsConnectedPhone Call
12:30:06 : _IsConnectedPhone(0)
12:30:06 : 0 - NotConnected.
12:30:06 : 1 - Normal connect success
12:30:06 : 2 - Emergency connect success
12:30:06 : The USB cable is not connected with the phone.
Connect the phone and wait until the USB port is connected. Then, press the 'Retry' button.
12:30:11 : _IsConnectedPhone Call
12:30:11 : _IsConnectedPhone(0)
12:30:11 : 0 - NotConnected.
12:30:11 : 1 - Normal connect success
12:30:11 : 2 - Emergency connect success
12:30:11 : The USB cable is not connected with the phone.
Connect the phone and wait until the USB port is connected. Then, press the 'Retry' button.
12:30:14 : _IsConnectedPhone Call
12:30:25 : _IsConnectedPhone(2)
12:30:25 : 0 - NotConnected.
12:30:25 : 1 - Normal connect success
12:30:25 : 2 - Emergency connect success
12:30:25 : Phone Mode(2)
12:30:25 : *****GetPhoneType Start*****
12:30:25 : Phone Type : CDMA_2CHIP
12:30:25 : *****GetPhoneBinaryVersion Start*****
12:30:25 : Phone Bin Version : K12010E_00
12:30:25 : *****Get ESN / IMEI / MEID Start*****
12:30:25 : ESN/IMEI/MEID : 352990089284265
12:30:26 : Check Backup and Restore model
12:30:26 : Skip Backup and Restore - Emergency mode 
12:30:26 : Phone type Compare start
12:30:26 : *****CheckPCSyncPrograms Start*****
12:30:26 : *****Enter Sleep*****
12:30:31 : *****Leave Sleep*****
12:30:32 : PCSyncPrograms Not Found - OK and ready to upgrade
12:30:33 : ****************CheckAndDownload********************
12:30:33 : >>csFilename: VS425PP7_01.kdz&e=1497590993&h=dbe3fea86d2dce965a6a5e8cbee60990
12:30:33 : Version : VS425PP7_01
12:30:33 : !!*****OpenURL Start*****!!
12:30:33 : [C:\ProgramData\LGMOBILEAX\Phone] Try to delete folder
12:30:33 : RemoveDirectory1 Error(2):C:\ProgramData\LGMOBILEAX\Phone
12:30:33 : ==================LJH log1 ====================
12:30:33 : !!*****OpenURL Start*****!!
12:30:33 : >>csTargetURL: http://pkg03.lime.gdms.lge.com/dn/d...1497590993&h=dbe3fea86d2dce965a6a5e8cbee60990
12:30:34 : ÆÄÀÏ »ý¼º ÁöÁ¡
12:30:34 : >>csFilename: VS425PP7_01.kdz&e=1497590993&h=dbe3fea86d2dce965a6a5e8cbee60990
12:30:34 : >>strHttpDownFolder: C:\ProgramData\LGMOBILEAX\Phone\
12:30:34 : CreateFile : C:\ProgramData\LGMOBILEAX\Phone\VS425PP7_01.kdz&e=1497590993&h=dbe3fea86d2dce965a6a5e8cbee60990
12:30:34 : =============HEADER : Range:bytes=0-=====================
12:30:34 : !!*****OpenURL Start*****!!
12:30:34 : *****DownLoad Start***** (Size:1230118259)
12:43:14 : InternetQueryDataAvailable Error(12002)
12:43:14 : Error occurred while downloading phone software file.
12:43:14 : When using wireless or local network traffic full can cause this problem
12:43:14 : Please check Internet connect status.
12:43:14 : =============TAIL : 1152383982=====================
12:43:14 : Receive Size (1152383982/1230118259)
12:54:04 : [C:\ProgramData\LGMOBILEAX\Phone] Try to delete folder
12:54:04 : RemoveDirectory1 Error(145):C:\ProgramData\LGMOBILEAX\Phone
12:54:04 : ==================LJH log1 ====================
12:54:04 : !!*****OpenURL Start*****!!
12:54:04 : >>csTargetURL: http://pkg03.lime.gdms.lge.com/dn/d...1497590993&h=dbe3fea86d2dce965a6a5e8cbee60990
12:54:05 : ÆÄÀÏ »ý¼º ÁöÁ¡
12:54:05 : >>csFilename: VS425PP7_01.kdz&e=1497590993&h=dbe3fea86d2dce965a6a5e8cbee60990
12:54:05 : >>strHttpDownFolder: C:\ProgramData\LGMOBILEAX\Phone\
12:54:05 : CreateFile : C:\ProgramData\LGMOBILEAX\Phone\VS425PP7_01.kdz&e=1497590993&h=dbe3fea86d2dce965a6a5e8cbee60990
12:54:05 : =============HEADER : Range:bytes=1152383982-=====================
12:54:05 : !!*****OpenURL Start*****!!
12:54:05 : *****DownLoad Start***** (Size:1230118259)
12:54:52 : Receive OK 1230118259/1230118259
12:54:52 : =============TAIL : 1230118259=====================
12:54:52 : Receive Size (1230118259/1230118259)
12:54:52 : *****CheckWebDownError Start*****
12:54:52 : File Error check OK
12:54:52 : ******Extract Start C:\ProgramData\LGMOBILEAX\Phone\VS425PP7_01.kdz&e=1497590993&h=dbe3fea86d2dce965a6a5e8cbee60990*****
12:54:52 : Model Dll Dir(C:\ProgramData\LGMOBILEAX\Phone\)
12:54:52 : ExtractInfo Error(2)
12:54:52 : Extract cab file error.
12:54:52 : [C:\ProgramData\LGMOBILEAX\Phone] Try to delete folder
12:54:53 : !pUpgrade->StartProcessing ... PostMsg STEP_TYPE_ENV_ERROR
12:54:53 : CLGMobileHttp Class ¼Ò¸ê½ÃÀÛ.
12:54:53 : CLGMobileHttp Class ¼Ò¸ê...
12:54:53 : Page_Error ºÎºÐÀÔ´Ï´Ù
12:54:53 : OnStepMsg STEP_TYPE_ENV_ERROR delete m_pLGCyonUpdate
#################################################################
and in the last few lines is the problem and I don't know what to do at this point...
do I actually need to run this on a win 7 machine ?
I need help figuring this out....
somebody please look at log and see if you can make sence of this...
seems something about a .cab file I think....
I don't know...
WTF?


----------



## Nat82k14 (Jun 15, 2017)

Curiosity peeking! Anybody looking into the 6.0 Marsh-mellow rom ?


----------



## Astr4y4L (Jun 15, 2017)

and again same problem...
any way to use some other tool?
maby lg flashtool?
this is driving me nutz


----------



## Nat82k14 (Jun 15, 2017)

Astr4y4L said:


> and again same problem...
> any way to use some other tool?
> maby lg flashtool?
> this is driving me nutz

Click to collapse



Possible if you can actually get lg flash tool to work


----------



## Astr4y4L (Jun 15, 2017)

Nat82k14 said:


> Possible if you can actually get lg flash tool to work

Click to collapse



I need that model/com/dll thingy and cant find the link again...
frustration
banging head on monitor 
kicking things 
AHHHH!!!!
ok back to digging.....
can u point me to it plz?
Astr4y4L

AHHH nevermind uppercut works

---------- Post added at 09:03 PM ---------- Previous post was at 08:39 PM ----------

still cant flash....

---------- Post added at 09:35 PM ---------- Previous post was at 09:03 PM ----------

well ****....
looking again like a paperweight...
still problem with support tool
who can patch lgup to bypass the file check? @autoprime @ieatacid @MotoJunkie01
if we could patch this to bypass the check for .kdz version and just go straight to flash file, It could be a   game-changer for many of us...
SOME WOULD BE WILLING TO DONATE FOR THIS I'M SURE.....
I PERSONALLY WOULD PUT $10.00 IN THE POT I KNOW ITS NOT MUCH BUT OTHERS WOULD FOLLOW SUIT...
ALSO,  I want to contribute in some way.... I used PEexplorer to decompile it but it wont let me edit unless I buy the [full version] of the program....
NOTE: I followed the decompiled strings and believe I found the 3 lines that need to be removed , however as I mentioned in earlier post, my worms escaped their sandbox and ate my other windows machine....
so I'm back to start....
somebody please help me figure this out...
or anyway to delete /build.prop from the Download-mode?

---------- Post added at 09:36 PM ---------- Previous post was at 09:35 PM ----------

well ****....
looking again like a paperweight...
still problem with support tool
who can patch lgup to bypass the file check? @autoprime @ieatacid @MotoJunkie01
if we could patch this to bypass the check for .kdz version and just go straight to flash file, It could be a   game-changer for many of us...
SOME WOULD BE WILLING TO DONATE FOR THIS I'M SURE.....
I PERSONALLY WOULD PUT $10.00 IN THE POT I KNOW ITS NOT MUCH BUT OTHERS WOULD FOLLOW SUIT...
ALSO,  I want to contribute in some way.... I used PEexplorer to decompile it but it wont let me edit unless I buy the [full version] of the program....
NOTE: I followed the decompiled strings and believe I found the 3 lines that need to be removed , however as I mentioned in earlier post, my worms escaped their sandbox and ate my other windows machine....
so I'm back to start....
somebody please help me figure this out...
or anyway to delete /build.prop from the Download-mode?

---------- Post added at 09:38 PM ---------- Previous post was at 09:36 PM ----------

plz excuse double post ...stupid button


----------



## Astr4y4L (Jun 15, 2017)

ok well it sucks and wont finish so I created the folder [Phone} that it creates and took ownership of the .kdz as it was downloading... flagged it as read only, removed all other users {system ,administrators, etc.} and owned the file ... this time when it finished downloading I was able to snatch the file.
but....
still no closer to repairing the firmware...
help me @autoprime @ieatacid
somebody please help me patch lg-up !


----------



## Nat82k14 (Jun 15, 2017)

Astr4y4L said:


> ok well it sucks and wont finish so I created the folder [Phone} that it creates and took ownership of the .kdz as it was downloading... flagged it as read only, removed all other users {system ,administrators, etc.} and owned the file ... this time when it finished downloading I was able to snatch the file.
> but....
> still no closer to repairing the firmware...
> help me @autoprime @ieatacid
> somebody please help me patch lg-up !

Click to collapse



Well I'm running into a sh*t load of problems not having an sd card. Seems this phone can survive water, but will short out the SD card spot. I'm trying to run alternate method's without an SD Card. It's been a pain in the rear hahaha.


----------



## Astr4y4L (Jun 16, 2017)

Nat82k14 said:


> Well I'm running into a sh*t load of problems not having an sd card. Seems this phone can survive water, but will short out the SD card spot. I'm trying to run alternate method's without an SD Card. It's been a pain in the rear hahaha.

Click to collapse



 I guess I really messed up
Cant delete or replace build.prop 
So anyone want a fancy $20 paper weight

---------- Post added at 12:25 AM ---------- Previous post was at 12:17 AM ----------

Really ought to get a nexis 
Then i can mod it to my hearts content
Casualties so far....
Vs425pp7 ...
Lg spree...
Rca tablet
Hp tablet
 Samsung gs3
Wow paper weights pileing up.....


----------



## Nat82k14 (Jun 17, 2017)

I went back to official pp8, I'll tinker around with this phone more when I get a new one that has a working SD card slot.


----------



## Sharky007 (Jun 18, 2017)

Cant get fastboot commands to show after I zero'd the laf partition. I did make a backup of laf luckily.

---------- Post added at 09:58 PM ---------- Previous post was at 09:52 PM ----------

any ideas to the screen issue after getting to pp2 was thinking of trying to go through the setup with talkback on another device


----------



## Sharky007 (Jun 19, 2017)

I think I may have answered my own question,  I pulled the boot.img and found that in a particular early boot init. it is missing the lcd density setting for our particular chipset 8909.  Can someone take a look at the boot.img to direct me further.

---------- Post added at 12:42 AM ---------- Previous post was at 12:36 AM ----------
The file I'm looking at is the init.qcom.early_boot.sh
http://s000.tinyupload.com/index.php?file_id=78439289237275364818


----------



## Astr4y4L (Jun 19, 2017)

Im gonna take a look at it ... in process of rebuilding my windows machine as an android development platform...
Might be a minute


----------



## Sharky007 (Jun 19, 2017)

update I'm not sure what happen but I now get fastboot mode everytime without laf nuke by removing battery and holding left down button and plugging in,  but useless as we have no drivers


----------



## Astr4y4L (Jun 19, 2017)

No drivers for fast boot?
Or for fastboot proto in fone ?


----------



## Sharky007 (Jun 19, 2017)

When in fast boot i get a driver error in device manager...  Unknown USB Device (device descriptor request failed)


----------



## Astr4y4L (Jun 19, 2017)

Sharky007 said:


> When in fast boot i get a driver error in device manager...  Unknown USB Device (device descriptor request failed)

Click to collapse



@ Sharky007 
OK ...  in "device-manager" tells me your trying to use fastboot with windows....
have you tried fastboot commands from a linux box ?   "Ubuntu maby " 
i've had lots of issues with drivers and such in windows... but i boot up any of my linux machines an boom device detected 99% of the time....
i hope for your success because if you can get fastboot working i may have another ally to rescue my currently frizzled device... no stinking way for me to fix build.prop and no adb access means i might have a glimmer of hope with fastboot ..


----------



## Nat82k14 (Jun 19, 2017)

Astr4y4L said:


> @ Sharky007
> OK ...  in "device-manager" tells me your trying to use fastboot with windows....
> have you tried fastboot commands from a linux box ?   "Ubuntu maby "
> i've had lots of issues with drivers and such in windows... but i boot up any of my linux machines an boom device detected 99% of the time....
> i hope for your success because if you can get fastboot working i may have another ally to rescue my currently frizzled device... no stinking way for me to fix build.prop and no adb access means i might have a glimmer of hope with fastboot ..

Click to collapse



This phone doesn't like anything with the fastboot commands. It actually does better with adb sideload, Also having this phone rooted and pulled out a lot of bloatware apps I'd recommend using Root Booster, by dominik nozka. Very useful tool!


----------



## Astr4y4L (Jun 19, 2017)

ok found something new to try....
Verizon Wireless Software upgrade assistant Tool. downloaded from (mylgphones) <a href="http://www.mylgphones.com/verizon-wireless-software-upgrade-assistant-tool-lg-g2.html">(Here's the link i found</a>
anyways it said it has to erase my device to repair it....
im like... Kool !!!
now if it works is another story...

---------- Post added at 04:57 PM ---------- Previous post was at 04:51 PM ----------

i guess no hypertext markups allowed in forum ?


----------



## Nat82k14 (Jun 19, 2017)

It might be powershell on my laptop that doesn't like the fastboot commands but I doubt it lol


----------



## Sharky007 (Jun 19, 2017)

Found a useful thread on another forum that is an emergency firmware tool for factory reset protection dont have time to give it a go but it might work.  http://forum.gsmhosting.com/vbb/f453/lg-vs425pp-frp-reset-z3x-box-finally-working-solution-2159293/


----------



## Astr4y4L (Jun 19, 2017)

Sharky007 said:


> Found a useful thread on another forum that is an emergency firmware tool for factory reset protection dont have time to give it a go but it might work.  http://forum.gsmhosting.com/vbb/f453/lg-vs425pp-frp-reset-z3x-box-finally-working-solution-2159293/

Click to collapse



Awesome i'm looking right now...
I've successfully deconstructed the .kdz into .dz on windows then chunked those /dzextracted/files 
into a "system.image" fired up virtual machine (Kali-Linux) and copied system.image to desktop in "guest" ..
opened terminal   ([email protected]:~# dd if=system.image of=system.img) the result is a .img file that i open and then cancel in "DiskMounter" wich then gives me an icon on the desktop such as a mounted usb-drive ...
guess what its a 2.2Gb file/system containing the files and folders and everythings there ...
im thinking its a little progress. Now what to do with it...
first thing was use the black death triangle icon thingy labled "fota_error_popup_icon.png" as my desktop wallpaper : )
any ideas?

---------- Post added at 09:49 PM ---------- Previous post was at 09:19 PM ----------

@ Sharky007 
Man... 
im not sure what to do with this info you linked to here....the frp reset thing  on gsm or whatever...
how the hell can i get this "Z3X BOX 2-3G TOOL VER 9.29 "CURRENT VER" software ?
as far as I know  these things cost money... big money sometimes...
i only paid $20 for this phone so , i can't logically spend more than $20 to fix it or i may as well buy a new one.


----------



## Sharky007 (Jun 19, 2017)

Astr4y4L said:


> Awesome i'm looking right now...
> I've successfully deconstructed the .kdz into .dz on windows then chunked those /dzextracted/files
> into a "system.image" fired up virtual machine (Kali-Linux) and copied system.image to desktop in "guest" ..
> opened terminal   ([email protected]:~# dd if=system.image of=system.img) the result is a .img file that i open and then cancel in "DiskMounter" wich then gives me an icon on the desktop such as a mounted usb-drive ...
> ...

Click to collapse



true is does cost and doesnt really help as far as I know it just helps reset  password protection...
I believe since it has drivers to download mode i believe that it could be of some use not sure a lot about it.


----------



## Astr4y4L (Jun 20, 2017)

Well...
Verizon Wireless Software upgrade assistant Tool gets stuck at 20%....
and I even left it plugged up all night while I slept.
I did figure out that LGUP if I choose FOTA_UPDATE option it lets me flash a zip file without checking anything.... on a whim I chose "kernel-nethunter-generic-armhf-3.15.4-20170211-0304" which I had from another project ...
anyhow it read the file pushed it to device and then the bricked fone flipped to recovery and tried to update....
Wrong Update.zip so I just ended up with the "Dead Android " at the end....
but does anyone knoe maby how to make an Update.zip that could be flashed by regular recovery to repair build.prop ?????????????
If I could do that I'd have a working device again... if I can change build.prop back to stock I can reflash with LGUP and Be working again

---------- Post added at 06:16 PM ---------- Previous post was at 06:14 PM ----------

somebody somewhere please help me with getting update.zip


----------



## Astr4y4L (Jun 21, 2017)

@Motojunki01

sorry to bother you I Know youre busy and all ,
But I was wondering if you would know anyone who could do the OTA_update on this device and snatch the downloaded file before it has a chance to reboot to update and thus destroy the file ???
I Believe I Can Restore My device with a copy of the signed update.zip from the ota.
please Help...
This Surely Qualifies as A Big-Brick...
and this is the only source i can find for un-bricking this device ...
even on Google all roads lead here ... Congrats by the way for gaining top results on google 
Thanks ,
Astr4y4L


----------



## Nat82k14 (Jun 23, 2017)

Just curious if any fellow vs425pp users got the fastboot working and how ?


----------



## Sharky007 (Jul 1, 2017)

I finally got it working.  After you zero the laf partition.  You can access it after trying to get into download mode via volume up and insert usb cable.  Then with the correct drivers on windows it will say ADB Interface at the top.  I had to uninstall one driver that had kedacom usb device first.


Edit: The current driver I have finds the phone but wont flash anything.


----------



## Sharky007 (Jul 1, 2017)

I compiled custom recovery but everytime I try to flash with dd command.  The stock recovery keeps coming back.


----------



## Astr4y4L (Jul 7, 2017)

Sharky007 said:


> I compiled custom recovery but everytime I try to flash with dd command.  The stock recovery keeps coming back.

Click to collapse



check for a way to disable "recovery-from-boot.p" or the like.
i believe i read that its  pascal code but has something to do with reflashing the recovery on boot if it doesnt match stock...
just a shot in the dark...














'


----------



## MotoJunkie01 (Jul 8, 2017)

Sounds like a lot of progress is being made on development for this device. If nothing else, a great list of DOs and DON'Ts is being compiled;  sometimes, unfortunately, at the cost of somebody's device. I've been out of commission health wise,  but it's nice to look at this thread and see it's growth and the continued interest in development for the Zone 3. I hope to be able to contribute soon.


----------



## Astr4y4L (Jul 8, 2017)

MotoJunkie01 said:


> Sounds like a lot of progress is being made on development for this device. If nothing else, a great list of DOs and DON'Ts is being compiled;  sometimes, unfortunately, at the cost of somebody's device. I've been out of commission health wise,  but it's nice to look at this thread and see it's growth and the continued interest in development for the Zone 3. I hope to be able to contribute soon.

Click to collapse



Thats great,
i have went and bought another one ....

---------- Post added at 07:36 PM ---------- Previous post was at 07:35 PM ----------

hopefully i'll ever get time to work on this...
i've wondered about a bootstrap recovery such as SafeStrap...
it's a lot of work though.


----------



## Astr4y4L (Jul 9, 2017)

tried to flash brndnew device to p2 ,
Bootloops etc. Then it doesn't recognize the Sim card.. Forked out $50 to activate and eveverything but p2 doesn't work for me


----------



## MotoJunkie01 (Jul 9, 2017)

Astr4y4L said:


> tried to flash brndnew device to p2 ,
> Bootloops etc. Then it doesn't recognize the Sim card.. Forked out $50 to activate and eveverything but p2 doesn't work for me

Click to collapse



That's the oddity with this particular device. Some users have been able to successfully downgrade/root this device with no hitch, while others have encountered an insurmountable obstacle with the procedure.


----------



## Astr4y4L (Jul 10, 2017)

MotoJunkie01 said:


> That's the oddity with this particular device. Some users have been able to successfully downgrade/root this device with no hitch, while others have encountered an insurmountable obstacle with the procedure.

Click to collapse



Yep unless until we can fix the bootloop and use flashfire or find a way to patch the driver @sharki was using for fast boot its a jam...


----------



## Astr4y4L (Jul 12, 2017)

Sharky007 said:


> I compiled custom recovery but everytime I try to flash with dd command.  The stock recovery keeps coming back.

Click to collapse



I just remembered this and that you compiled recovery ...
with the issue copying it useing DD and fastboot not working the best i was wondering if this may be of help(https://github.com/jcadduono/android_external_dirtycow)
check out the read me...
maby you can use the same basic technique to flash your rocovery to device...
just an idea.


----------



## Astr4y4L (Jul 13, 2017)

well, I got it going on pp2 again rooted, supersu, xposed, luckypatcher,etc.
but problem is i dont get network connectivity at all. i can use wifi just fine but no network...
trying to find a way to bypass it


----------



## MotoJunkie01 (Jul 13, 2017)

Astr4y4L said:


> well, I got it going on pp2 again rooted, supersu, xposed, luckypatcher,etc.
> but problem is i dont get network connectivity at all. i can use wifi just fine but no network...
> trying to find a way to bypass it

Click to collapse



Perhaps install Partition Backup & Restore app by Wanam and try reflashing your modem & radio firmware (/modem, /fsg, /ssd).


----------



## jazzdglass (Jul 13, 2017)

I'm on pp5. Can I get GSM band working?


----------



## Sharky007 (Jul 14, 2017)

I was looking through aboot strings and found this line which leads me to believe the bootloader is probably locked but I cant get any commands to work still.
Need wipe userdata. Do 'fastboot oem unlock-go'


----------



## Astr4y4L (Jul 14, 2017)

MotoJunkie01 said:


> Perhaps install Partition Backup & Restore app by Wanam and try reflashing your modem & radio firmware (/modem, /fsg, /ssd).

Click to collapse



OMG thanks for that tid-bit...
useing python I was able to get that system.img so i'll try to extract those partitions from pp7  and flash them one at a time with this method to rooted pp2.
we shall see. it'll take me probably couple days ,busy now, but i'll let you know what happens....


----------



## MotoJunkie01 (Jul 14, 2017)

Astr4y4L said:


> OMG thanks for that tid-bit...
> useing python I was able to get that system.img so i'll try to extract those partitions from pp7 and flash them one at a time with this method to rooted pp2.
> we shall see. it'll take me probably couple days ,busy now, but i'll let you know what happens....

Click to collapse



Please do. And thanks for the update.


----------



## Astr4y4L (Jul 14, 2017)

MotoJunkie01 said:


> Perhaps install Partition Backup & Restore app by Wanam and try reflashing your modem & radio firmware (/modem, /fsg, /ssd).

Click to collapse



what is /fsg and /ssd ?
im trying to extract it from pp7.kdz i got the /modem but it says /fsg is <empty>
and I dont see /ssd in the list of extracted files?

ok found /ssd its also empty....
maby if I flash /modem....

---------- Post added at 06:36 PM ---------- Previous post was at 05:50 PM ----------

so what are the "PRL/ERI WRITE" and "PHONESETTING" options on LGuP for ?
does anyone else Know ? I haven't seen this on here any other time i flashed with this.... I'm scratching my head...


----------



## MotoJunkie01 (Jul 14, 2017)

Astr4y4L said:


> what is /fsg and /ssd ?
> im trying to extract it from pp7.kdz i got the /modem but it says /fsg is <empty>
> and I dont see /ssd in the list of extracted files?
> 
> ...

Click to collapse



I'm not too familiar with the bells & whistles of the LG UP flashing utility. There is also LG Flash Tool 2014, which is an effective alternate to LG UP. Disregard /ssd. After checking I determined that /ssd is a radio partition used mostly on Motorola partition tables. On the Zone 3, /modem & /fsg are your primary radio firmware partitions. 
I would recommend using an on-device flashing app such as Partition Backup & Restore by Wanam (available free on Play Store) or Flashfire by @Chainfire, to flash your radio firmware partitions.


----------



## Astr4y4L (Jul 15, 2017)

MotoJunkie01 said:


> I'm not too familiar with the bells & whistles of the LG UP flashing utility. There is also LG Flash Tool 2014, which is an effective alternate to LG UP. Disregard /ssd. After checking I determined that /ssd is a radio partition used mostly on Motorola partition tables. On the Zone 3, /modem & /fsg are your primary radio firmware partitions.
> I would recommend using an on-device flashing app such as Partition Backup & Restore by Wanam (available free on Play Store) or Flashfire by @Chainfire, to flash your radio firmware partitions.

Click to collapse



UPDATE:
"Houston We Have Lift Off !!!!" 
Special thanks to @MotoJunkie01 And everyone Here !!!
I Now  Have successful Root Xposed and " Drumroll Please " all connectivity!!!
OK and Heres a TREAT....
Maby... after what i've just done I have No BootLoop on last 2 boots.....
so i'll let it ride a day or two then see if it bootloops again if not i'll be back with instructions.
Thanks you all
Astr4y4L


----------



## MotoJunkie01 (Jul 15, 2017)

Astr4y4L said:


> UPDATE:
> "Houston We Have Lift Off !!!!"
> Special thanks to @MotoJunkie01 And everyone Here !!!
> I Now Have successful Root Xposed and " Drumroll Please " all connectivity!!!
> ...

Click to collapse



Glad you worked it out. You've made great progress towards a universal root method. If you have time and wouldn't mind, please outline your method and steps in detail. That would help other members perhaps downgrade & root their Zone 3s.
Ah, sorry. I just read your entire post where you stated you would list instructions. Thanks


----------



## Astr4y4L (Jul 15, 2017)

MotoJunkie01 said:


> Glad you worked it out. You've made great progress towards a universal root method. If you have time and wouldn't mind, please outline your method and steps in detail. That would help other members perhaps downgrade & root their Zone 3s.
> Ah, sorry. I just read your entire post where you stated you would list instructions. Thanks

Click to collapse



Sir, or Ma'am... sry don't know but would you have a place to host some files for this?
I can send you the .img files I used and the process step by step....
can I get recognition if this indeed confirms working?
i'd like to be recognized as contributor.... 
and it would be great to get some help with some new ideas for xposed mods root apps etc. for this device.


----------



## MotoJunkie01 (Jul 15, 2017)

Astr4y4L said:


> Sir, or Ma'am... sry don't know but would you have a place to host some files for this?
> I can send you the .img files I used and the process step by step....
> can I get recognition if this indeed confirms working?
> i'd like to be recognized as contributor....
> and it would be great to get some help with some new ideas for xposed mods root apps etc. for this device.

Click to collapse



Recognized Contributor is a Title awarded by XDA Moderators. You may PM one of the many Moderators in the XDA Community and apply for such a Title. But I believe you must first attain Senior Member status.  The best way I've found to host file downloads is to upload the files to Google Drive, get a sharable link, then post the link in your thread.


----------



## Astr4y4L (Jul 15, 2017)

MotoJunkie01 said:


> Recognized Contributor is a Title awarded by XDA Moderators. You may PM one of the many Moderators in the XDA Community and apply for such a Title. The best way I've found to host file downloads is to upload the files to Google Drive, get a sharable link, then post the link in your thread.

Click to collapse



awsome , i'm going to test drive this for a bit... don't want anyone bricking thair $20
zone3 from bad instructions... by the way can you help with the GSM sim card hack, I'd love to be able to use ATT, Tmobile, Etc. also


----------



## MotoJunkie01 (Jul 15, 2017)

Astr4y4L said:


> awsome , i'm going to test drive this for a bit... don't want anyone bricking thair $20
> zone3 from bad instructions... by the way can you help with the GSM sim card hack, I'd love to be able to use ATT, Tmobile, Etc. also

Click to collapse



Yes. I'll get you some build prop mods and system app tweaks that will enable GSM network support. I done it on one of my early Zone 3s.


----------



## Astr4y4L (Jul 15, 2017)

MotoJunkie01 said:


> Yes. I'll get you some build prop mods and system app tweaks that will enable GSM network support. I done it on one of my early Zone 3s.

Click to collapse



OK SO HERE IT IS AS PROMISED.....
these are the files I've created from python and the tools i've used to get this to work .
i did most of this on windows except for i used Kali-linux to create the .img files
i am hosting this temp. on my AWS so lets try to keep bandwidth and traffic down till we got something better...
and i want to create an app to streamline and automate this process.
here's the link

(http://www.astrayalslanding.dynu.net:88/Zone3_Root/zone3_root.zip)

Open the "READ_ME"enclosed in the .zip for instructions

also i don't want to sound like a duche.... i reread my post last night and decided to push this to you and i'll work on an app for it also. and then if i get recognized as a contrib or dev then good if not...
i'll keep doing what i do and hope for enough "thanks" to get recognition....
recognition is only important because i want to be taken seriously as a dev...
untill then i'll just retain my self proclaimed title "Astr4y4L, TheHackster"

but if you'll help me with the gsm unlocking build.props etc i'll help you any way i can too 
thanks for everything guys,
Astr4Y4L
ps..  can't wait to see twrp or Safestrap for this...
I really want to put Nethunter on this device.

Pss. @Sharky007
can i get some info on your custom recovery ? i really need a working twrp.
got to be twrp too for my purposes...

---------- Post added at 07:25 PM ---------- Previous post was at 06:57 PM ----------

Update: Confirmed 100% working on my device!!!!!!
Need testers.... see post above.
Everything needed is provided in this thread and the missing piece is in zip i've linked ubove.
I'm excited to see if this is only for the Vs425lpp7 or if it works with these files for all variants
Any brave souls out there ?


----------



## Astr4y4L (Jul 15, 2017)

Furtherul update...
Flashfire now partially supported...
!
On second thought bad idea so far they're not playing nice together maybe I have something misconfigured I ended up on a hung boot but pulling the battery putting them back in and rebooting it rebooted with no boot loops....


----------



## MotoJunkie01 (Jul 15, 2017)

Astr4y4L said:


> Furtherul update...
> Flashfire now partially supported...
> !
> On second thought bad idea so far they're not playing nice together maybe I have something misconfigured I ended up on a hung boot but pulling the battery putting them back in and rebooting it rebooted with no boot loops....

Click to collapse



If you're rooted using the latest SuperSU (v2 82), try also setting SELinux to permissive mode in lieu of enforcing. Then you should have no adverse issues with Flashfire. But, be super cautious flashing /rpm (primary bootloader), /aboot (application bootloader), sbl1 (secondary bootloader),or any other bootloader dependent partition. Hard bricks occur easily tampering with those.


----------



## Astr4y4L (Jul 15, 2017)

MotoJunkie01 said:


> If you're rooted using the latest SuperSU (v2 82), try also setting SELinux to permissive mode in lieu of enforcing. Then you should have no adverse issues with Flashfire. But, be super cautious flashing /rpm (primary bootloader), /aboot (application bootloader), sbl1 (secondary bootloader),or any other bootloader dependent partition. Hard bricks occur easily tampering with those.

Click to collapse



Awsome... forgot all about selinux....
How hard would it be to make an init. Script to set permissive on boot?


----------



## MotoJunkie01 (Jul 15, 2017)

Astr4y4L said:


> Awsome... forgot all about selinux....
> How hard would it be to make an init. Script to set permissive on boot?

Click to collapse



Not hard at all. Install Kernel Adiutor-Mod. (I used Aptoide to download it.) It has an option to set SELinux to permissive on boot, and if the stock Kernel supports it, init'd script are an option also.


----------



## Astr4y4L (Jul 16, 2017)

MotoJunkie01 said:


> Not hard at all. Install Kernel Adiutor-Mod. (I used Aptoide to download it.) It has an option to set SELinux to permissive on boot, and if the stock Kernel supports it, init'd script are an option also.

Click to collapse



i guess the stock Kernel has no init.d support.... 
but the set on boot permissive option works...
but...
now what...???
i need to be able to patch kernel for nethunter...
and either custom recovery or functional flashfire...
tring to run flashfire backup now...

---------- Post added at 01:18 AM ---------- Previous post was at 01:16 AM ----------




Astr4y4L said:


> i guess the stock Kernel has no init.d support....
> but the set on boot permissive option works...
> but...
> now what...???
> ...

Click to collapse



also how to disable the verizon "installer" on connecting usb?
well flashfire did something and now looks like its hung on red screen again

---------- Post added at 01:49 AM ---------- Previous post was at 01:18 AM ----------

well no luck on flashfire yet...can anyone else get this working?


----------



## Astr4y4L (Jul 16, 2017)

Gravitybox- lp
Worked pretty good for themeing .
Dont touch radio stuff... had to reflash reroot and the whole process again because of it.
Get titainium backup i recomend pro...
And back things up when they work.
Confirmed rooted a second time around
With this method

---------- Post added at 10:51 AM ---------- Previous post was at 10:43 AM ----------

@MotoJunkie01
How about those edits and gsm build.prop things?


----------



## MotoJunkie01 (Jul 16, 2017)

Astr4y4L said:


> Gravitybox- lp
> Worked pretty good for themeing .
> Dont touch radio stuff... had to reflash reroot and the whole process again because of it.
> Get titainium backup i recomend pro...
> ...

Click to collapse



I'm traveling for work at the moment. When I get settled back at home this week I'll fix you up with those.


----------



## Astr4y4L (Jul 16, 2017)

MotoJunkie01 said:


> I'm traveling for work at the moment. When I get settled back at home this week I'll fix you up with those.

Click to collapse



Awsome... thanks4 that.
 I have to wonder if anyone else has noticed that we have this accomplished I wonder if anyone else has tried this on their device yet I have a fully functional Xposed Framework I'm pretty much completely same doubt with custom Boot and shutdown animations the whole nine yards completely thinned out status bar navigation lock screens everything. Does anyone out there have any good idea how we might can change the stock kernel or patch the stock kernel on this device?


----------



## MotoJunkie01 (Jul 16, 2017)

Cygwin with @dsixda's Android Kitchen provides utilities and options to unpack, modify & repack stock boot images, whereas the stock Kernel can be modified to an unsecured boot image with init'd support. The task can be quite tedious, but with some patience and your level of Android knowledge you shouldn't have a problem. 
Here is a thread you may want to check out. 
https://forum.xda-developers.com/showthread.php?t=1849473


----------



## Astr4y4L (Jul 17, 2017)

MotoJunkie01 said:


> Cygwin with @dsixda's Android Kitchen provides utilities and options to unpack, modify & repack stock boot images, whereas the stock Kernel can be modified to an unsecured boot image with init'd support. The task can be quite tedious, but with some patience and your level of Android knowledge you shouldn't have a problem.
> Here is a thread you may want to check out.
> https://forum.xda-developers.com/showthread.php?t=1849473

Click to collapse



thanks i'll look at it when i get time


----------



## Astr4y4L (Jul 19, 2017)

in case anyone else gets annoied at the verizon installer on usb/pc connection i found a way to disable that.
should work without root {don't know...I AM ROOT!!!} but heres what i found and works on my device 

Go to the stock dialer, type "##3328873". It'll prompt for the service code. Type "000000". You'll see a menu with a few options.
 Uncheck the "Tool Launcher enable" option.
reboot, and vola' no more autorun B.S
Thankyou Reddit !!!
also if anyone interested I can dump partitions now!!!

so anyone else got stable root yet, no bootloop?


----------



## Astr4y4L (Jul 19, 2017)

wooo hooo!!!!!!!!!!!
after making a lot of changes i now have a mostly working kali-nethunter on my device!!!
yeah!!!
now to modify the stock kernel and ramdisk for init.d and usb-otg support....
and then if i can figure out how to patch or replace the wifi drivers to support monitor-mode and packet-injection i'll have a gogo gadget spy-phone just like in the movies !    if not, patching the kernel for usb-otg would let us use usb wifi adapters such as the ralink and atheros chipsets that do support those features. And for a whopping $20 
{well $40 for me since i killed the first one good}
anyways, if anyone wants to help work on a custom rom for this device speak up and i can get you the raw dumped partitions in .img format and i believe that if we do so we can use the same method that  i used to flash the radio-firmware to get the partitions to the device... and well, if one of them is a modified or custom recovery we could just flash .zips after the initial process...
anybody want to step up


----------



## MotoJunkie01 (Jul 19, 2017)

Astr4y4L said:


> in case anyone else gets annoied at the verizon installer on usb/pc connection i found a way to disable that.
> should work without root {don't know...I AM ROOT!!!} but heres what i found and works on my device
> 
> Go to the stock dialer, type "##3328873". It'll prompt for the service code. Type "000000". You'll see a menu with a few options.
> ...

Click to collapse



Nice work. Thank you for sharing.


----------



## MotoJunkie01 (Jul 19, 2017)

Astr4y4L said:


> wooo hooo!!!!!!!!!!!
> after making a lot of changes i now have a mostly working kali-nethunter on my device!!!
> yeah!!!
> now to modify the stock kernel and ramdisk for init.d and usb-otg support....
> ...

Click to collapse



I'm developing for the Moto G (3rd Gen) and the Alcatel Ideal (4060A) at the moment but would love to start back development on this device. I should have a replacement device today or tomorrow. (Mine was stolen a couple of months ago). And I'll be settled back home from work in a couple days as well. First, we need a ported, rebased TWRP for this phone which will successfully install on the /recovery partition. Any word on TWRP?


----------



## Astr4y4L (Jul 20, 2017)

MotoJunkie01 said:


> I'm developing for the Moto G (3rd Gen) and the Alcatel Ideal (4060A) at the moment but would love to start back development on this device. I should have a replacement device today or tomorrow. (Mine was stolen a couple of months ago). And I'll be settled back home from work in a couple days as well. First, we need a ported, rebased TWRP for this phone which will successfully install on the /recovery partition. Any word on TWRP?

Click to collapse



Well right now my hd isn't big enough to download the source.
On my other drive 1.5 terabyte. I have complete aosp source but the Rhel 7.2 os there got so corrupted from my (wormz) that its going to have to be reformatted and i don't do that yet. I plan to use computer-forensics software to dig out some things i don't want to loose first.
haven't fooled with that yet...(headache)
But.... thats what i get for playing with malware....
Ofcourse how else will i learn how it works unless i collect things to take apart... @Sharky007 mentiond that he compiled a recovery yet didnt mention a flavor....
I need that file...
Might be able to help get it working....



Also.

ATTENTION ALL
OTHER LINK TO ROOT PACKAGE IS DEAD (new server config) 
NEW LINK TO (ROOT/ NO-BOOTLOOP)

(http://astrayalslanding.dynu.net:88/Android_Development/)

Scroll to bottom of page click on [ALL ANDROID PROJECTS]  and then there is the list.
Zone3_Root.zip
Instructions and needed files are in zip.
Post here for questions/support and I'll kindly help soon as i can.

also when I get the time i'll try to give details on the method I've used to install Nethunter on this device...
Oh and FYI 
Rom toolbox works great with this device and even the options to install custom boot animations worked out of box, once stable root is aquired..
----SPOILER ALERT---
and if you use anything to move (apps2sd)  DO NOT USE THE (apps2sd_9.*.*) BY VICKY WHATEVER HER NAME IS !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
once it installed it took over my phone with so many add activities I couldn't believe it!
AND THEN....THE FUN BEGINS...
All of a sudden things weren't working , force closes across across the board... screen started jumping,Jiggin and Jiveing. then all of a sudden apps start opening with out my input...
and it started deleating things and moveing app icons around on my screen, the phone opens and starts dialing numbers... the camra pops open then switches view to selfie mode and snapped my picture! I'm like WOOOOOAAAA...
LOOKED EXACTLY LIKE THE THINGS I'VE DONE IN TESTING WITH METASPLOIT.....
SO... for anyone else who blunders into this particular trap...
open the back coverplate of phone remove battery,
count to 10 mississippies replace battery,
hold and continue to hold down Volume key + Power keys through boot process...
after about 4-5 seconds you'll see the crap factory recovery wrapper
on this menu select wipe cache 
the phone will quickly flash the recovering android and continue to boot.
HURRY UP AND PULL BATTERY AGAIN BEFORE BOOT COMPLETES !!!!!!
NOW HOLD DOWN BOTH VOL-UP AND VOL-DOWN THROUGH BOOT CYCLE...
this starts your phone in safe mode. and now you can uninstall app.
then reboot and wipe cache again,and let boot complete.
and then with root bowser go through and clean up the folders and .db files it left scattered all over the root fs.
and if you need the functionality this app is supposed to provide ,download Folder Mount.apk from the devs thread here on xda
i guess google play considers apps like this with full screen takeover add actions and silent installs (acceptable add activity)
I call it a VIRUS !!!!
so be warned....
alternately  you can install that app and manually patch it with Lucky_Patcher...
I needed the (recreate mount script ) function....
anyhow happy rooting, modding, and themeing your zone3.
Astr4y4L


----------



## MotoJunkie01 (Jul 20, 2017)

Astr4y4L said:


> Well right now my hd isn't big enough to download the source.
> On my other drive 1.5 terabyte. I have complete aosp source but the Rhel 7.2 os there got so corrupted from my (wormz) that its going to have to be reformatted and i don't do that yet. I plan to use computer-forensics software to dig out some things i don't want to loose first.
> haven't fooled with that yet...(headache)
> But.... thats what i get for playing with malware....
> ...

Click to collapse



Wow, you've had quite an adventure it sounds. Glad to hear you're still making headway.


----------



## Sharky007 (Jul 20, 2017)

Sorry haven't had much time for a while now I did compile a recovery.  Although I haven't got to test it.  It is cwm sorry for that,but it is just a few different steps for twrp. I should be able to get you twrp real soon.  If you do want to try cwm the link is https://ufile.io/8y8hz.  Just make sure to backup because I didn't test.


----------



## Astr4y4L (Jul 20, 2017)

Sharky007 said:


> Sorry haven't had much time for a while now I did compile a recovery.  Although I haven't got to test it.  It is cwm sorry for that,but it is just a few different steps for twrp. I should be able to get you twrp real soon.  If you do want to try cwm the link is https://ufile.io/8y8hz.  Just make sure to backup because I didn't test.

Click to collapse



that's awsome! Thanks! Will download now .
Is it ok if i add this to my projects repo (with warning and credit to you ofcourse) ?

---------- Post added at 04:45 AM ---------- Previous post was at 04:30 AM ----------

@Sharky007
This file is about 6mb smaller than the recovery that i dumped from device.
Wonder if i need to worry about dm varity?
If all goes wrong guess i can just flash back and start over....maby i'll make titainium backup so i can just reroot and restore.... save a LOT of time.
Can't wait for twrp.plz tell me how i can be of assistance.
Will test your cwm soon ill let ya know how it goes.


----------



## Astr4y4L (Jul 20, 2017)

Astr4y4L said:


> that's awsome! Thanks! Will download now .
> Is it ok if i add this to my projects repo (with warning and credit to you ofcourse) ?
> 
> ---------- Post added at 04:45 AM ---------- Previous post was at 04:30 AM ----------
> ...

Click to collapse



Well I tried tHe cwm recovery and when I rebooted to recovery I just got the system recovery wrapper...
I moved recovery-from-boot. P to recovery-from-boot. P.bak and install-recovery.sh to install-recovery.sh.bak then I used the partition restore tool to restore the cwm image to the recovery partition everything went okay but I still just get the stupid stock system recovery wrapper I think we will have to figure out where that is located and move it and try again it's just too bad that this doesn't work too good with the old Android kitchen.
Hmmmmm....
Scratching head.......


----------



## Sharky007 (Jul 20, 2017)

Ya same issue I checked the hash and after do command sometimes it works but I always get the stock recovery coming up


----------



## MotoJunkie01 (Jul 20, 2017)

This may be occurring for the same reason that most LG devices won't boot into fastboot -- LG's notorious /laf partition. If the /laf partition gets zeroed, this device will successfully respond to adb reboot bootloader, and boot into fastboot mode. From there, we could force the custom recovery to the /recovery partition by fastboot flash recovery [recovery filename].img. This method was used back in the days of the LG G3 to force fastboot mode and flash custom recovery. Just a thought.
Because /laf enables the device to enter download mode, a dump of /laf should first be made in order to reflash /laf in the event download mode is ever needed.


----------



## Astr4y4L (Jul 20, 2017)

MotoJunkie01 said:


> This may be occurring for the same reason that most LG devices won't boot into fastboot -- LG's notorious /laf partition. If the /laf partition gets zeroed, this device will successfully respond to adb reboot bootloader, and boot into fastboot mode. From there, we could force the custom recovery to the /recovery partition by fastboot flash recovery [recovery filename].img. This method was used back in the days of the LG G3 to force fastboot mode and flash custom recovery. Just a thought.
> Because /laf enables the device to enter download mode, a dump of /laf should first be made in order to reflash /laf in the event download mode is ever needed.

Click to collapse



Right on...
I can dump the /laf if needed.
wish i could find a way to get my other (first) phone up running again so i'd have another test device.
This is my dailydriver...

---------- Post added at 09:39 PM ---------- Previous post was at 09:36 PM ----------

@sharky007
Did you ever have any luck with the /laf thing?
Was it driver issue or bootloops the problem?


----------



## MotoJunkie01 (Jul 20, 2017)

I bought a replacement Zone 3 today. Came with VS425PP8 out of the box. I'll try to nuke /laf on mine after I downgrade/root it, since I did get it for a test device. No need in anybody risking their daily driver.


----------



## Astr4y4L (Jul 21, 2017)

MotoJunkie01 said:


> I bought a replacement Zone 3 today. Came with VS425PP8 out of the box. I'll try to nuke /laf on mine after I downgrade/root it, since I did get it for a test device. No need in anybody risking their daily driver.

Click to collapse



after you downgrade to pp2 grab the files I linked to and it has the .img files you need to flash after root so as to stop the bootloops. it's basicly the stock pp7 modem firmware.
and let us know how goes it


----------



## MotoJunkie01 (Jul 21, 2017)

Astr4y4L said:


> after you downgrade to pp2 grab the files I linked to and it has the .img files you need to flash after root so as to stop the bootloops. it's basicly the stock pp7 modem firmware.
> and let us know how goes it

Click to collapse



I appreciate that. I will keep you updated.


----------



## Astr4y4L (Jul 21, 2017)

MotoJunkie01 said:


> I appreciate that. I will keep you updated.

Click to collapse



Just an educated guess but they changed the modem somewhere between pp2 and PP4  and that's why my device would not work and had no connectivity on pp2 yet I flash pp4 and had connectivity but could not root and looking at the pp8 changelog it seems to me just to be a minor security update so I'm guessing that the same files will work for PP8 also...
Its so awsome to be getting somewhere with all this!
Myself I've already gotten my device completely themed out and I've got to work on Kali nethunter
And for now this is my new favorite toy still can't wait to see team win recovery project ported for this device.
 also can anyone tell me how I can go about posting screenshots to this thread so that I can show everyone what my device looks like now really cool to be able to screen record and show the software version and the phone model and then show how I've got it themed out and everything maybe even show the box that I bought it in. Just to prove to any of the naysayers out there that we got this working.


----------



## Astr4y4L (Jul 21, 2017)

POSSIBLE INTERESTING INFO ABOUT KERNEL...
Kernel command line: sched_enable_hmp=1 console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 user_debug=31 msm_r                   tb.filter=0x3F ehci-hcd.park=3 androidboot.bootdevice=7824900.sdhci lpm_levels.sleep_disabled=1 earlyprintk andro                   idboot.hardware=e1q lge.uart=disable lge.rev=rev_10 lge.battid=SW3800_VC0 lge.bootreason=0xd maxcpus androidboot.                   mode kswitch androidboot.fota androidboot.fota_reboot lge.touchModule=TERITARY_MODULE vmalloc=400m gpt model.name                   =MSM8909 bootcable.type=NO_INIT androidboot.ddr_size=1610612736 fakebattery=disable lge.bootreasoncode=0xd52be5b8                    lge.hreset=off androidboot.dlcomplete=0 androidboot.recovery=false androidboot.emmc=true androidboot.serialno=VS                   425PP16fb34d1 lge.signed_image=true androidboot.baseband=msm mdss_mdp3.panel=1:dsi:0:qcom,mdss_dsi_tcl_ili9806e_f                   wvga_video_panel:1:none


AND I BELIEVE THIS IS WHERE WE ENABLE INIT.D AND SUCH...


----------



## abense (Jul 21, 2017)

i got one on pp8 what should i do


----------



## Astr4y4L (Jul 21, 2017)

abense said:


> i got one on pp8 what should i do

Click to collapse



kind of a vague question....
What are you trying to accomplish?
Root?
If u want root follow thread to flash pp2 and download the  zone3_root zip that i linked to in earlier post unzip open README follow instructions and have root.
Dont forget to thank @motojunki01  and myself with the thankyou button.


----------



## abense (Jul 21, 2017)

is there a way to get pp2 stable with root?


----------



## Astr4y4L (Jul 21, 2017)

abense said:


> is there a way to get pp2 stable with root?

Click to collapse



Yes follow the instructions ..
I have stable root.

---------- Post added at 06:07 PM ---------- Previous post was at 05:51 PM ----------




abense said:


> is there a way to get pp2 stable with root?

Click to collapse



flash to pp2 download zip file from here
(http://astrayalslanding.dynu.net:88/Android_Development/)
Open zip. open readme that i included.
Follow instructions precicely.
All needed tools and .img files included in .zip
And enjoy root like i am.
Dont forget the thanks button. And if you're really happy with it donations help to fund my work.
Enjoy
Astr4y4L


----------



## Astr4y4L (Jul 23, 2017)

just added a .rar archive containing aboot boot factory laf recovery and system images in raw .img format obtained in the same fashion as the modem images I provided to stop the bootloops ...
maby someone can use this to fix our recovery
(http://astrayalslanding.dynu.net:88/Android_Development/Projects/stock_.img(pp2).rar)
hope this helps


----------



## MotoJunkie01 (Jul 23, 2017)

Astr4y4L said:


> just added a .rar archive containing aboot boot factory laf recovery and system images in raw .img format obtained in the same fashion as the modem images I provided to stop the bootloops ...
> maby someone can use this to fix our recovery
> (http://astrayalslanding.dynu.net:88/Android_Development/Projects/stock_.img(pp2).rar)
> hope this helps

Click to collapse



I am working on it. I ported TWRP from an LG device with the same board platform, same stock OS, and a near duplicate partition index. Like you guys I am now working on making TWRP overwrite stock recovery


----------



## Astr4y4L (Jul 23, 2017)

MotoJunkie01 said:


> I am working on it. I ported TWRP from an LG device with the same board platform, same stock OS, and a near duplicate partition index. Like you guys I am now working on making TWRP overwrite stock recovery

Click to collapse



wondering if we can use this

(https://github.com/jcadduono/android_external_dirtycow)

its called recowvery i've played with it on other devices...
we'd have to change a few lins of code perhaps .....


----------



## MotoJunkie01 (Jul 23, 2017)

Astr4y4L said:


> wondering if we can use this
> 
> (https://github.com/jcadduono/android_external_dirtycow)
> 
> ...

Click to collapse



I'll look at it. I've never used it before. Is it open source?


----------



## Astr4y4L (Jul 24, 2017)

MotoJunkie01 said:


> I'll look at it. I've never used it before. Is it open source?

Click to collapse



Far as i can tell


----------



## MotoJunkie01 (Jul 24, 2017)

Astr4y4L said:


> Far as i can tell

Click to collapse



Thanks for the link and the info @Astr4y4L. I like what I'm seeing. From all I've been able to gather, this device ships with an unlocked bootloader. Nonetheless, some unseen force seems to be guarding the confines of the /recovery partition as though it was Ft Knox. This dirty cow methodology seems to be geared for such devices as the Zone 3, forcing custom recovery to be written to the /recovery partition. I'm going attempt to create an updater-script which can be flashed from Flashfire, that uses this dirty cow strategy of flashing /recovery. I'll keep you updated.


----------



## MotoJunkie01 (Jul 24, 2017)

Astr4y4L said:


> Just an educated guess but they changed the modem somewhere between pp2 and PP4 and that's why my device would not work and had no connectivity on pp2 yet I flash pp4 and had connectivity but could not root and looking at the pp8 changelog it seems to me just to be a minor security update so I'm guessing that the same files will work for PP8 also...
> Its so awsome to be getting somewhere with all this!
> Myself I've already gotten my device completely themed out and I've got to work on Kali nethunter
> And for now this is my new favorite toy still can't wait to see team win recovery project ported for this device.
> also can anyone tell me how I can go about posting screenshots to this thread so that I can show everyone what my device looks like now really cool to be able to screen record and show the software version and the phone model and then show how I've got it themed out and everything maybe even show the box that I bought it in. Just to prove to any of the naysayers out there that we got this working.

Click to collapse



The best way to post your screenshots (I'd personally love to see your themes/setup) is to log into xda-developers.com from your PC browser. There are options to post images, embedded links, & other advanced options not available via the mobile app.


----------



## MotoJunkie01 (Jul 24, 2017)

I'm also going to fix the broken links in the OP for the downloads.


----------



## Astr4y4L (Jul 25, 2017)

Heres something neat
TIME SAVER.... 
After having updateing supersu and installing su to /system from within app
I had to do a factory reset .  Afterwards i still had root and supersu all working had to reinstall busybox but xposed framework was even still intact.
So i recomend installing supersu to system asap.


----------



## MotoJunkie01 (Jul 25, 2017)

Astr4y4L said:


> Heres something neat
> TIME SAVER....
> After having updateing supersu and installing su to /system from within app
> I had to do a factory reset . Afterwards i still had root and supersu all working had to reinstall busybox but xposed framework was even still intact.
> So i recomend installing supersu to system asap.

Click to collapse



I'm a step closer to getting custom recovery to overwrite stock recovery. It is simply going to require that the stock boot image be modified to an unsecured boot image. I've dumped the stock boot image and now using a Windows based tool to decompile it. Once unsecured mods are made, I'll recompile, reflash, then hopefully, custom recovery can be flashed to /recovery.


----------



## Astr4y4L (Jul 25, 2017)

Can anyone Please Link to The PP5 firmware.kdz 
i want to make pp5 specific flash files.

---------- Post added at 11:11 PM ---------- Previous post was at 11:09 PM ----------




MotoJunkie01 said:


> I'm a step closer to getting custom recovery to overwrite stock recovery. It is simply going to require that the stock boot image be modified to an unsecured boot image. I've dumped the stock boot image and now using a Windows based tool to decompile it. Once unsecured mods are made, I'll recompile, reflash, then hopefully, custom recovery can be flashed to /recovery.

Click to collapse



Awsome work
please link to your modified /boot when available
Thanks


----------



## MotoJunkie01 (Jul 25, 2017)

Astr4y4L said:


> Can anyone Please Link to The PP5 firmware.kdz
> i want to make pp5 specific flash files.
> 
> ---------- Post added at 11:11 PM ---------- Previous post was at 11:09 PM ----------
> ...

Click to collapse



I definitely will


----------



## MotoJunkie01 (Jul 25, 2017)

@Astr4y4L I will look through my archives and see if I have VS425PP5.kdz firmware. I know I have PP6 but unsure about PP5.


----------



## Astr4y4L (Jul 25, 2017)

MotoJunkie01 said:


> @Astr4y4L I will look through my archives and see if I have VS425PP5.kdz firmware. I know I have PP6 but unsure about PP5.

Click to collapse



wonder how different pp5 is ??
I remember SomeOne Haveing Display Issues or something...
and i'm downloading pp6 now....
really would like to have pp5 specifically for pp5 phones just incase i need to extract drivers or something


----------



## MotoJunkie01 (Jul 26, 2017)

Astr4y4L said:


> wonder how different pp5 is ??
> I remember SomeOne Haveing Display Issues or something...
> and i'm downloading pp6 now....
> really would like to have pp5 specifically for pp5 phones just incase i need to extract drivers or something

Click to collapse



I checked and PP2, PP6 & PP7 are the only kdz packages I have.


----------



## Astr4y4L (Jul 26, 2017)

MotoJunkie01 said:


> I checked and PP2, PP5 & PP7 are the only kdz packages I have.

Click to collapse



Great you have it! 
Please link pp5 soon as you have a chance
Much appriciated as i cant find it


----------



## MotoJunkie01 (Jul 26, 2017)

Astr4y4L said:


> Great you have it!
> Please link pp5 soon as you have a chance
> Much appriciated as i cant find it

Click to collapse



No. I have 2, 6 & 7


----------



## Astr4y4L (Jul 26, 2017)

MotoJunkie01 said:


> No. I have 2, 6 & 7

Click to collapse



Oops....
Ok well perhaps it wont be an issue...
Downloading pp6 now...
Question while you are fixing the /boot would it be difficult to also enable init.d and usb-otg in kernel command-line ? i believe its all there in the ramdisk
Or Zlimage
?


----------



## MotoJunkie01 (Jul 26, 2017)

Astr4y4L said:


> Oops....
> Ok well perhaps it wont be an issue...
> Downloading pp6 now...
> Question while you are fixing the /boot would it be difficult to also enable init.d and usb-otg in kernel command-line ? i believe its all there in the ramdisk
> ...

Click to collapse



I'll add init.d.  If OTG support is possible I'll add it as well.


----------



## MotoJunkie01 (Jul 27, 2017)

Insecured stock boot image for LG VS425PP (Zone 3). This image has a modified ramdisk with insecure boot support. It does not have init.d or any other mods. I will post an image with more mods at a later time.
https://drive.google.com/file/d/0B1Sfod4HWfk2NlRYZ1VST0ZjNXM/view?usp=drivesdk


----------



## Astr4y4L (Jul 27, 2017)

MotoJunkie01 said:


> Unsecured stock boot image for LG VS425PP (Zone 3). This image has a modified ramdisk with unsecured boot support. It does not have init.d or any other mods. I will post an image with more mods at a later time.
> https://drive.google.com/file/d/0B1Sfod4HWfk2NlRYZ1VST0ZjNXM/view?usp=drivesdk

Click to collapse



Awsome


----------



## MotoJunkie01 (Jul 27, 2017)

Astr4y4L said:


> Awsome

Click to collapse



I haven't tried to flash custom recovery with insecured boot yet. You wanna test @Astr4y4L?


----------



## Astr4y4L (Jul 27, 2017)

MotoJunkie01 said:


> I haven't tried to flash custom recovery with insecured boot yet. You wanna test @Astr4y4L?

Click to collapse



Yes.
Ive just flashed your /boot
Do you have a /recovery


----------



## MotoJunkie01 (Jul 27, 2017)

Astr4y4L said:


> Yes.
> Ive just flashed your /boot
> Do you have a /recovery

Click to collapse



Not that I would chance flashing. Try the CWM recovery referenced earlier in the thread. There's a link posted for it. I'm still compiling my TWRP. The insecure boot image will permit "adb shell" even if /system is unmountable. This gives us some more flexibility. I just hope a custom recovery will now flash to /recovery.


----------



## Astr4y4L (Jul 27, 2017)

MotoJunkie01 said:


> Not that I would chance flashing. Try the CWM recovery referenced earlier in the thread. There's a link posted for it. I'm still compiling my TWRP. The insecure boot image will permit "adb shell" even if /system is unmountable. This gives us some more flexibility. I just hope a custom recovery will now flash to /recovery.

Click to collapse



Just tried useing same method as for / modem
But its not willing to be that simple.
Will look into it more tomarrow
My pc just died......


----------



## MotoJunkie01 (Jul 27, 2017)

Astr4y4L said:


> Just tried useing same method as for / modem
> But its not willing to be that simple.
> Will look into it more tomarrow
> My pc just died......

Click to collapse



Another thought: we could use LG UP to flash the /boot & recovery partitions (and the working modem partitions) by extracting the kdz firmware package, replacing boot with insecured boot, replace recovery with custom recovery, and replace modem, fsg & ssd, etc, with the radio firmware from vs425pp7. After replacing the files, the package could be recompiled to kdz and flashed via LG UP. We would effectively have a firmware package with no boot loops, full telephony functionality, insecure boot support, and custom recovery. It's only a theory but worth a try. Also, if /laf was replaced with [empty file].bin, fastboot mode is possible, because we would basically be nuking the /laf partition.


----------



## Astr4y4L (Jul 28, 2017)

MotoJunkie01 said:


> Another thought: we could use LG UP to flash the /boot & recovery partitions (and the working modem partitions) by extracting the kdz firmware package, replacing boot with insecured boot, replace recovery with custom recovery, and replace modem, fsg & ssd, etc, with the radio firmware from vs425pp7. After replacing the files, the package could be recompiled to kdz and flashed via LG UP. We would effectively have a firmware package with no boot loops, full telephony functionality, insecure boot support, and custom recovery. It's only a theory but worth a try. Also, if /laf was replaced with [empty file].bin, fastboot mode is possible, because we would basically be nuking the /laf partition.

Click to collapse



Ok. Sounds great. My PC with Python environment kraped last night.
Will take time to get the setup working again.
But I have most of what we would need in zips and rar over at amazon.
Bad news on top of bad news is we need to revisit the /boot because I had a feeling , and tried to use dd  to write to the partitions to see if the partitions app was really changeling anything and from root terminal on device ,then fired
reboot recovery
And on boot got
SECURE BOOT ERROR 1008
So, I had to start all over Again but I'm getting quicker at rooting.

But yep secure boot......,
Don't remember that before. ...
The things that make you go hmmmmm.....


----------



## MotoJunkie01 (Jul 28, 2017)

This device is strange to say the least. I have a member on another thread wanting to downgrade and root from PP5. I'm going to link him your workup package on the procedure. Then back to the drawing board for me.


----------



## Crashoverride1993 (Jul 28, 2017)

MotoJunkie01 said:


> This device is strange to say the least. I have a member on another thread wanting to downgrade and root from PP5. I'm going to link him your workup package on the procedure. Then back to the drawing board for me.

Click to collapse




Ok Moto junkie linked me here but how do I downgrade and on another thread I read something about some graphical glitches too is that solved or solvable yet?


----------



## Astr4y4L (Jul 28, 2017)

Crashoverride1993 said:


> Ok Moto junkie linked me here but how do I downgrade and on another thread I read something about some graphical glitches too is that solved or solvable yet?

Click to collapse



Ok. Go get lgup , get the stock vs425pp2.kdz
Use lgup to flash to version2 
Bootloops are expected. Wait for it to finally boot.
Complete the first "activation" setup crap
Go to my site at
(http://astrayalslanding.dynu.net:88/Android_Development/)
Scroll to the bottom and click on (All android projects "click here" )
Download the zip file from the list there...
Named ( Zone3_root.zip ) 
Extract to desktop 
Inside you will find a file called
(Read Me) it is a rich text document
Open that and follow the instructions precisely
All files needed are included in zip.
Also use the kingroot version I included, 
Its the easiest to replace with supersu
Also there is a folder (mrw) 
That's what replaces kingroot with supersu.
In mrw is a shell script.... Root.sh
I never get it to work right as a script. ..
Open it as a textile. Run each command from adb shell or 
On device in terminal emulator. 
After replacing kingroot use the partitionbackup.app to restore the images in PartitionsBackups folder to work their corresponding partitions...
Reboot. 
Enjoy stable root.
As for graphical issues anything that you encounter is easier to fix/workaround when you have root without Bootloops. 
If you need help ask on this thread and myself or someone will help,

@Motojunki01  
I really wish I could get my hands on pp5
But just thinking...
Once we make  the firmware package you suggested,
What's to stop us from just adding root to pp7 /system whilst I have it seperated and just flashing that. I can mount pp7 /system.img in my linuxbox as rw and change anything we want....
Problem is its not to hard to extract from .kdz then you get some dll an installer and a .dz file, the dz we extract with python and get a bunch of image chunks.
Using python I assembled the chunks to an .image file,
Wrong format so I then use dd if=bla,bla.image of=bla,bla.img
And end up with system.img etc. 
But we have to different method to re-chunk then we use python to reassemble chunks to .dz. Then add dll and installer etc and once again
Python compress that back to .kdz
My issue is I can successfully disassemble. Kdz
But haven't had success in reassembly...
Hmmmm.
Help me figure that out and we are there


----------



## Astr4y4L (Jul 28, 2017)

@Crashoverride1993
So, how did it go?


----------



## Astr4y4L (Jul 29, 2017)

MotoJunkie01 said:


> This device is strange to say the least. I have a member on another thread wanting to downgrade and root from PP5. I'm going to link him your workup package on the procedure. Then back to the drawing board for me.

Click to collapse



Im not sure why I didn't think about this but...
"
Also, I tried installing a non-lokified custom boot image to the laf partition, it still fails with a secure booting error, so aboot checks the laf partition for a signing key :/ but yay, fastboot!"
This is from jackpotclavin on thread about nuking laf....
I bet aboot is our problem...


----------



## Crashoverride1993 (Jul 29, 2017)

Astr4y4L said:


> @Crashoverride1993
> So, how did it go?

Click to collapse




I was having trouble figuring out where to download the older version two stock firmware from.

The vs425pp2.kdz


----------



## MotoJunkie01 (Jul 29, 2017)

Astr4y4L said:


> Im not sure why I didn't think about this but...
> "
> Also, I tried installing a non-lokified custom boot image to the laf partition, it still fails with a secure booting error, so aboot checks the laf partition for a signing key :/ but yay, fastboot!"
> This is from jackpotclavin on thread about nuking laf....
> I bet aboot is our problem...

Click to collapse



Yeah /aboot has to be the culprit.


----------



## Astr4y4L (Jul 29, 2017)

Crashoverride1993 said:


> I was having trouble figuring out where to download the older version two stock firmware from.
> 
> The vs425pp2.kdz

Click to collapse



I used google because when I got here, something bad had happened to Motojunki01 's googledrive links.
Ended up getting it from  ( https://lg-firmwares.com/lg-vs425pp-firmwares/ )
And the files all have the letters ARBOO in them like this
Vs425PP2_02_ARBOO.kdz.      the first one on that list and i recommend grab pp6 also as if something bad could happen.
That way you can get close to pp5. If you go back 
Alternatively you could grab pp7.  From LG Optimus. Verizon sites
To have a way out of brick state if u mess up


----------



## MotoJunkie01 (Jul 29, 2017)

Astr4y4L said:


> I used google because when I got here, something bad had happened to Motojunki01 's googledrive links.
> Ended up getting it from ( https://lg-firmwares.com/lg-vs425pp-firmwares/ )
> And the files all have the letters ARBOO in them like this
> Vs425PP2_02_ARBOO.kdz. the first one on that list and i recommend grab pp6 also as if something bad could happen.
> ...

Click to collapse



I'm planning on updating the links in the OP so thanks so much for finding a source for this firmware. I'll upload and repair the broken links.


----------



## Astr4y4L (Jul 30, 2017)

MotoJunkie01 said:


> I'm planning on updating the links in the OP so thanks so much for finding a source for this firmware. I'll upload and repair the broken links.

Click to collapse



Do you have any knowledge of /aboot?


----------



## MotoJunkie01 (Jul 30, 2017)

Astr4y4L said:


> Do you have any knowledge of /aboot?

Click to collapse



I have a decent understanding of its function. As application bootloader on an LG device, /aboot searches for a kernel upon boot up, which it finds in /laf, then proceeds with boot.img. This is exactly  why fastboot mode is typically inaccessible. If you nuke /laf, /aboot finds no kernel and thus fastboot mode is force booted.
I also know that /aboot is an extremely easy partition with which to hard brick a device beyond repairability. We must use great caution in this area of the device. I'm trying to work a bypass out with regard to /laf and /aboot.


----------



## Astr4y4L (Jul 30, 2017)

MotoJunkie01 said:


> I have a decent understanding of its function. As application bootloader on an LG device, /aboot searches for a kernel upon boot up, which it finds in /laf, then proceeds with boot.img. This is exactly  why fastboot mode is typically inaccessible. If you nuke /laf, /aboot finds no kernel and thus fastboot mode is force booted.

Click to collapse



I'm not sure if any of this applies here but concerning aboot check this out
( http://newandroidbook.com/Articles/aboot.html )
I think its saying if I replace or remove parts of aboot.
If certain file sizes match up it equals the sign key
And that's how and where we break the secure boot chain of trust...
I'm kinda busy and my development machines are out dince the server died.
But if any one wants to try I can link up stock aboot for reverse engineering purposes


----------



## MotoJunkie01 (Jul 30, 2017)

Astr4y4L said:


> I'm not sure if any of this applies here but concerning aboot check this out
> ( http://newandroidbook.com/Articles/aboot.html )
> I think its saying if I replace or remove parts of aboot.
> If certain file sizes match up it equals the sign key
> ...

Click to collapse



You and I have the exact same analysis it looks like. We can try this as well. The /aboot secure boot error is being returned, I think, because /aboot identifies that the stock boot image has been modified to insecure. An alternative way around this may be to set boot as insecure from the OS (a root file explorer can set default.prop ro.boot.secure=0). Then once recovery is flashed, return ro.boot.secure from 0 to 1. Then reboot. In theory the secure boot error should not occur. I'm out of town for work again and can't try this theory.


----------



## Astr4y4L (Jul 30, 2017)

MotoJunkie01 said:


> You and I have the exact same analysis it looks like. We can try this as well. The /aboot secure boot error is being returned, I think, because /aboot identifies that the stock boot image has been modified to insecure. An alternative way around this may be to set boot as insecure from the OS (a root file explorer can set default.prop ro.boot.secure=0). Then once recovery is flashed, return ro.boot.secure from 0 to 1. Then reboot. In theory the secure boot error should not occur. I'm out of town for work again and can't try this theory.

Click to collapse



I will when I get set up for lgup and all again
Might take a few days...
I really want to take aboot apart to see what can change


----------



## Astr4y4L (Jul 30, 2017)

@MotoJunki01
Have a look at this....
L)ittle (K)ernel based Android bootloader
First of all thanks to Travis Geiselbrecht, Brian Swetland and Dima Zavin for the initial work on (L)ittle (K)ernel project and open-sourcing the work on kernel.org <http://kernel.org>.

Our current version of Android apps processor bootloader is based on this LK work and the Android team at Qualcomm Innovation Center, Inc (QuIC) has added and opensourced features to the project.

We currently support variety of Qualcomm chipsets, including MSM7X25, MSM7X27, MSM7X30 and QSD8X50.  The bootloader does the basic task of hardware initialization, reading the Linux kernel & ramdisk from nand device and loading it up to RAM, setting up initial registers and command line arguments for Linux kernel and jumps to the kernel.

In context of support for Qualcomm chipsets and Android, the bootloader currently supports:

* Variety of nand devices for bootup

* USB driver to enable upgrading images over usb during development

* Keypad driver to enable developers enter 'fastboot' mode for image upgrades

* Display driver for debugging and splash screen

* Enable Android recovery image and image upgrades

Here is a list of FAQs that we get from OEMs to customize the bootloader for their projects:
Anyways. It seems the whole bootloader is opensourced or at least aboot is.
See whole story
(https://www.codeaurora.org/blogs/little-kernel-based-android-bootloader)

---------- Post added at 08:36 PM ---------- Previous post was at 08:33 PM ----------

Maby we can put together our own...
From source.
Byebye secureboot

---------- Post added at 08:44 PM ---------- Previous post was at 08:36 PM ----------

Ooooooo ¡!!!!!!!!!!
Found it 
("Q2) How do I disable 'fastboot' for my commercial device?

A2) Personally, I would like to see commercial devices leave 'fastboot' enabled.  It goes in the spirit of Android Open Source Project where end users and developers have access to the source code to allow them to modify it and upgrade their device over usb using 'fastboot'.  However, if OEMs or network providers want to lock down 'fastboot' it can be done by disabling the keypad and usb driver in bootloader.  This can be customized in the following files:

lk/app/aboot/fastboot.c

lk/app/aboot/aboot.c
")
So it can all be fixed if we compile it our selves.
Oem sabotage of fastboot is a shameful practice.


----------



## MotoJunkie01 (Jul 30, 2017)

Astr4y4L said:


> @MotoJunki01
> Have a look at this....
> L)ittle (K)ernel based Android bootloader
> First of all thanks to Travis Geiselbrecht, Brian Swetland and Dima Zavin for the initial work on (L)ittle (K)ernel project and open-sourcing the work on kernel.org <http://kernel.org>.
> ...

Click to collapse



This sounds right on point as to what we are trying to accomplish. I'll definitely be looking at this closely when I get home tonight. Great find @Astr4y4L. Things are looking better by the day.


----------



## Astr4y4L (Jul 30, 2017)

And I been reading aboot this too regarding custom kernels... I think with changes it shoulld work too
(https://forum.xda-developers.com/showthread.php?t=1538580)

---------- Post added at 10:22 PM ---------- Previous post was at 10:00 PM ----------




MotoJunkie01 said:


> This sounds right on point as to what we are trying to accomplish. I'll definitely be looking at this closely when I get home tonight. Great find @Astr4y4L. Things are looking better by the day.

Click to collapse



We need to reverse engineer aboot.c and fastboot.c to removethe patch that blocks the drivers from working.
Then....
Then we own the device

---------- Post added at 10:47 PM ---------- Previous post was at 10:22 PM ----------




Astr4y4L said:


> And I been reading aboot this too regarding custom kernels... I think with changes it shoulld work too
> (https://forum.xda-developers.com/showthread.php?t=1538580)
> 
> ---------- Post added at 10:22 PM ---------- Previous post was at 10:00 PM ----------
> ...

Click to collapse



I'm having a pc hardware crisis ....
Wish I had another amazon ec2 instance to work from....
Edit:
My wife gifted me with another aws...  awwww.  
Now waiting for the services to get setup.
I'm going to do nothing but development for this there. So it'll make a great repository for our work....
Also thinking about our code changes could be synchronized by github...
Anyone want to help set that up?


----------



## Astr4y4L (Jul 31, 2017)

ok 
we have a github now...
(https://github.com/astrayal/ZONE_3_root/)


----------



## MotoJunkie01 (Jul 31, 2017)

Astr4y4L said:


> ok
> we have a github now...
> (https://github.com/astrayal/ZONE_3_root/)

Click to collapse



Wow. Impressive developments for our Zone 3s. Guys please be sure to thank @Astr4y4L for his hard work on this device. We are finally making some headway.


----------



## MotoJunkie01 (Jul 31, 2017)

I'm am uploading several software versions of stock 5.1.1 for the vs425pp (pp2, pp4, pp6, pp7, pp8), and will update the broken links in downloads section later this evening. I'll also renew the link for the Verizon LG Software Upgrade Utility.


----------



## Astr4y4L (Jul 31, 2017)

MotoJunkie01 said:


> I'm am uploading several software versions of stock 5.1.1 for the vs425pp (pp2, pp4, pp6, pp7, pp8), and will update the broken links in downloads section later this evening. I'll also renew the link for the Verizon LG Software Upgrade Utility.

Click to collapse



Kool.... still waiting for amazon to get thair stuff together.
Then I'm going to devote my new aws instance solely to reverse engineering /aboot (lk)


----------



## Astr4y4L (Aug 1, 2017)

Ya know it would be awesome to get something like Multi-Rom working on the vs425pp.
I was playing with the notion of trying to port Ubuntu-Touch


----------



## MotoJunkie01 (Aug 1, 2017)

Thread has been revised. All broken links fixed in the OP.


----------



## Astr4y4L (Aug 1, 2017)

MotoJunkie01 said:


> Thread has been revised. All broken links fixed in the OP.

Click to collapse



Awesome my new supercharged amazon compiler is ready....
now I need to find Sources for our particular flavor of /aboot
ive been reading about this "Qcom Board Support Package (for msm8909)"
"CAF Open Source (for msm8909)"  and quote "We can compile our own bootloader with this. LITTLE KERNEL."
form thread here{ https://forum.xda-developers.com/de...sm8909-service-rom-source-qpst-t3544178/page3 }
now obviously this won't be the same exact procedure for our device but...
we do have msm8909 cpu and so ARCH and Platform related things should remain similar .
if anyone has any source for any of these things please point me to it and i'll begin .
I have only about 20GB of space on the Aws server so I don't want to use compleate android ndk source. etc.
any suggestions,


----------



## MotoJunkie01 (Aug 1, 2017)

Astr4y4L said:


> Awesome my new supercharged amazon compiler is ready....
> now I need to find Sources for our particular flavor of /aboot
> ive been reading about this "Qcom Board Support Package (for msm8909)"
> "CAF Open Source (for msm8909)" and quote "We can compile our own bootloader with this. LITTLE KERNEL."
> ...

Click to collapse



I have a feeling we are near to having fastboot & custom recovery. Great work @Astr4y4L


----------



## Astr4y4L (Aug 1, 2017)

MotoJunkie01 said:


> I have a feeling we are near to having fastboot & custom recovery. Great work @Astr4y4L

Click to collapse



some infobase to start from obtained through python script ./parse-aboot.py

aboot image aboot.img, len=2097152
aboot header:
----------------------------------------
magic:             0x464c457f
version:           0x00010101
NULL:              0x00000000
ImgBase:           0x00000000
ImgSize:           0x00280002 (2621442)
CodeSize:          0x00000001 (1)
ImgBaseCodeSize:   0x8f600000
SigSize:           0x00000034 (52)
CodeSigOffset:     0x00000000
Certs size:        0x05000002 (83886082)

Unrecognized format, magic=0x464c457f

and so thats where im at and what i'll be working on.
i'm kind of busy with Real-Life so won't have as much time but good news is i've got a setup so that i can log-in from my phone and run anything on the server so i can work here and there when-ever i have time...
could really use some pointers / tips on where to go from here.
i think  decompile /aboot and study it from our device as source then when i figure out where and how to get the source for Little-Kernel we compile our own and inject the modules and drivers etc from our decompiled /aboot to make our new-aboot work on our particular hardware...
believe it or not i've never attempted this before so i'm open for suggestions.
thanks 
Astr4y4L


----------



## Astr4y4L (Aug 2, 2017)

@MotoJunkie01

here's what I've put together so far 
( http://18.220.133.114/android/ )
I amnot sure what program to de-compile with. I'm trying to set up (readare2) prob ably misspelled that. In a hurry but. If you or anyone wants to look at this and post advise or idea's ...
Inside lk is the whole open source part...
We need to take apart aboot to get the hardware specific partsand I believe by injecting that into lk's folder structure we can issue make and have our very own .
With out the lockdown krap.


----------



## SquaredDev (Aug 2, 2017)

Hi guys. I am suprised to see so much information on this device! 
My device came with the 5, but I tried to flash it to version 2 and 4... currently on version 6.
My issue: When I use the LGUP to install version 2 or 4, I get the white screen and black lines.. it seems semi responsive because it somehow boots into "blind person mode" and wants me to drag my finger across the screen. I really need a temproot solution just long enough to install an app to /system. But cannot seem to find a root for 6/7/8.. I have tried all those versions.. but when I downgrade to 2 or 4, it's like a display driver issue or something. Is there something I can do?


----------



## MotoJunkie01 (Aug 2, 2017)

Astr4y4L said:


> @motojunki01
> 
> here's what I've put together so far
> ( http://18.220.133.114/android/ )
> ...

Click to collapse



I'm very impressed with your work, and your dedication to this device. I will give you due credit in the OP.


----------



## Astr4y4L (Aug 2, 2017)

SquaredDev said:


> Hi guys. I am suprised to see so much information on this device!
> My device came with the 5, but I tried to flash it to version 2 and 4... currently on version 6.
> My issue: When I use the LGUP to install version 2 or 4, I get the white screen and black lines.. it seems semi responsive because it somehow boots into "blind person mode" and wants me to drag my finger across the screen. I really need a temproot solution just long enough to install an app to /system. But cannot seem to find a root for 6/7/8.. I have tried all those versions.. but when I downgrade to 2 or 4, it's like a display driver issue or something. Is there something I can do?

Click to collapse



Version 6 is running on your device no problems?
I would recomend flashing a .tot with the pp2 system image and all other partitions images from pp6.


----------



## SquaredDev (Aug 2, 2017)

Astr4y4L said:


> Version 6 is running on your device no problems?
> I would recomend flashing a .tot with the pp2 system image and all other partitions images from pp6.

Click to collapse



Good deal, thanks for responding. Soon as i figure out what a .tot is and how to add it to the pp6 kdz i will try it out. If this works, I will be donating  30 bux to ya soon as i get paid


----------



## Astr4y4L (Aug 2, 2017)

SquaredDev said:


> Good deal, thanks for responding. Soon as i figure out what a .tot is and how to add it to the pp6 kdz i will try it out. If this works, I will be donating  30 bux to ya soon as i get paid

Click to collapse



a .tot is  the same thing as the .kdz
it is a package of firmware images packed into an archive...
a zip file is a good comparison its just a special archive format if you google and look around on xda there are various examples of how to prepare a .tot for lg flash tool... thats where you'd start then you'd have to extract the firmware out of the stock .kdz versions pp6 and pp2 to get your mix and match then .tot it all together and zap it through lgup


----------



## SquaredDev (Aug 2, 2017)

Astr4y4L said:


> a .tot is  the same thing as the .kdz
> it is a package of firmware images packed into an archive...
> a zip file is a good comparison its just a special archive format if you google and look around on xda there are various examples of how to prepare a .tot for lg flash tool... thats where you'd start then you'd have to extract the firmware out of the stock .kdz versions pp6 and pp2 to get your mix and match then .tot it all together and zap it through lgup

Click to collapse



Alrighty, thanks for sending me in the right direction  I have since tried LGExtract and a few others i have found on the thread but can't seem to get them to read. I keep getting "not a valid kdz or tot file". I downloaded them all from the OP.  But I shall keep at it. I gotta try to finish this before tomorrow night because I leave out on thursday.


----------



## SquaredDev (Aug 3, 2017)

Astr4y4L said:


> a .tot is  the same thing as the .kdz
> it is a package of firmware images packed into an archive...
> a zip file is a good comparison its just a special archive format if you google and look around on xda there are various examples of how to prepare a .tot for lg flash tool... thats where you'd start then you'd have to extract the firmware out of the stock .kdz versions pp6 and pp2 to get your mix and match then .tot it all together and zap it through lgup

Click to collapse


 @Astr4y4L I really appreciate the help! But I think I am just gonna tap out. I can't figure out how to add the recovery.img to the kdz for version 6. I was able to get the images from version 2 but not version 6. Thanks again for pointing me in the right direction, I just think this is beyond my skill level right now. 
And @MotoJunkie01 Thanks to you as well for this awesome thread. You guys are awesome!


----------



## Astr4y4L (Aug 3, 2017)

@MotoJunkie01

REQUESTING GENERAL ADVISORY .....
FOR NOW NOT COMPATIBLE WITH VS425PP5
HARDWARE.....
untill I have time to try to compile a pp5 specific package for root


----------



## MotoJunkie01 (Aug 3, 2017)

Astr4y4L said:


> @MotoJunkie01
> 
> REQUESTING GENERAL ADVISORY .....
> FOR NOW NOT COMPATIBLE WITH VS425PP5
> ...

Click to collapse



Ok. Thank you for the update and warning. Do you think I should update the OP with this info?


----------



## Astr4y4L (Aug 3, 2017)

MotoJunkie01 said:


> Ok. Thank you for the update and warning. Do you think I should update the OP with this info?

Click to collapse



I would recommend it. The unbricking works for pp5 since we can flash it to pp7/pp8. But rooting pp5 not recommended untill we put together a .tot or .kdz
What bums is I don't have a pp5 test device...
Later when I get time I'm going to look at lgup flashable .tot files. And I wonder if I can mount pp7 /system.img and inject root and busybox etc. Then flash that ...
If I can figure out the pp7 system-root injection and dd rooted pp7 system over to my device if it all works...
We could then put that into a .tot for lgup and have universal root...
Should I work towards the pp5 stability problems or should I move on with /aboot ?

Also on your google drive withthe .kdz files....
Please rename them pp2.kdz ,pp4.kdz, pp7.kdz
Respectively as its not going to matter to lgup. And will be much less confusing when browsing from mobile decices.
It would also be nice to do a role-call to see who has used what on what device and does it work....
Who else has successfully rooted thair device and what model did they start with....


----------



## MotoJunkie01 (Aug 3, 2017)

Astr4y4L said:


> I would recommend it. The unbricking works for pp5 since we can flash it to pp7/pp8. But rooting pp5 not recommended untill we put together a .tot or .kdz
> What bums is I don't have a pp5 test device...
> Later when I get time I'm going to look at lgup flashable .tot files. And I wonder if I can mount pp7 /system.img and inject root and busybox etc. Then flash that ...
> If I can figure out the pp7 system-root injection and dd rooted pp7 system over to my device if it all works...
> ...

Click to collapse



I'll make the necessary revisions to the thread today, as well as your recommendations on the kdz filename changes to simplify searches.


----------



## MotoJunkie01 (Aug 3, 2017)

@Astr4y4L, I would like to add the link to your root package in the OP. Of course, I'll ask your permission before doing so. Let me know if that's ok. I'm revising the thread some now.
I would like to take the time and summarize/better organize the downgrading procedure for this device. The instructions are here but sort of scattered. Your root package is very clear and concise. However, it may benefit us to outline the downgrading method as well.


----------



## Astr4y4L (Aug 3, 2017)

MotoJunkie01 said:


> @Astr4y4L, I would like to add the link to your root package in the OP. Of course, I'll ask your permission before doing so. Let me know if that's ok. I'm revising the thread some now.
> I would like to take the time and summarize/better organize the downgrading procedure for this device. The instructions are here but sort of scattered. Your root package is very clear and concise. However, it may benefit us to outline the downgrading method as well.

Click to collapse



By all means.. 
I would give them the link to my development page wich always links to my projects as I use a lot of mosh net type connections.
Heres the "document-root" link for finished work.
( http://astrayalslanding.dynu.net:88/Android_Development/ )
Just scroll down and hit the project link

Ill also update that page with a link to the work-in-progress server with the ip address -link.
It'll keep things pretty and in 1 place


----------



## MotoJunkie01 (Aug 3, 2017)

Astr4y4L said:


> By all means..
> I would give them the link to my development page wich always links to my projects as I use a lot of mosh net type connections.
> Heres the "document-root" link for finished work.
> ( http://astrayalslanding.dynu.net:88/Android_Development/ )
> ...

Click to collapse



I've changed the filenames in the download link per your recommendations. (PP2, PP4, PP7, PP8). And I've added your link in the OP and have given you due credit for your awesome work .


----------



## Astr4y4L (Aug 3, 2017)

MotoJunkie01 said:


> I've changed the filenames in the download link per your recommendations. (PP2, PP4, PP7, PP8). And I've added your link in the OP and have given you due credit for your awesome work .

Click to collapse



Wow ! Thanks for that.
I plan to continue this endeavor until we get to the point where we can develop our very own rom.
It might never happen or I may make a breakthrough tomarrow.. we never know...
I really believe the aboot is absolutely necessary for that.


----------



## MotoJunkie01 (Aug 3, 2017)

Astr4y4L said:


> Wow ! Thanks for that.
> I plan to continue this endeavor until we get to the point where we can develop our very own rom.
> It might never happen or I may make a breakthrough tomarrow.. we never know...
> I really believe the aboot is absolutely necessary for that.

Click to collapse



You have broken a lot of ground in a little amount of time. I do believe we have it narrowed down to /aboot. The sooner we get custom recovery to successfully flash, the sooner we have 100% flexibility with this phone. I am free for the next couple days, so I am going to work with you on this.


----------



## Astr4y4L (Aug 3, 2017)

MotoJunkie01 said:


> You have broken a lot of ground in a little amount of time. I do believe we have it narrowed down to /aboot. The sooner we get custom recovery to successfully flash, the sooner we have 100% flexibility with this phone. I am free for the next couple days, so I am going to work with you on this.

Click to collapse



I need a good commandline decompiler for ubuntu 16


----------



## MotoJunkie01 (Aug 3, 2017)

Astr4y4L said:


> I need a good commandline decompiler for ubuntu 16

Click to collapse



I'll see what I can find on the torrent sources. Do you have a specific decompiler I can search for?


----------



## Astr4y4L (Aug 3, 2017)

MotoJunkie01 said:


> I'll see what I can find on the torrent sources. Do you have a specific decompiler I can search for?

Click to collapse



no particular preference as long as it doesn't require patching the program to bypass license checks because firstly thats a pain and secondly i'd like to stay open sourced across the board.
i'm used to kali linux which comes with good software but I chose ubuntu on aws because its free... I have turned aws-ubuntu into kali before but it ended up with unstable system...
we need absolute stability for things to recompile correctly .
I guess anything that can handle arm bianary files should work...
i'm going to pull /aboot to /sd_card/aboot from my device 
so as to start with out the .img file conversions i performed originally and thats what i'll use for the input to the decompiler....
and we have little-kernal source now just missing the OEM stuff....
so ....
decompile /aboot = OEM blobs for build....
we just "fix" what we want and "brunch" it somewhere...
then i am personally awaiting your new TWRP ...
I Had fun with nethunter playing around but stumbled upon something for the LG Nexus 5 that I am Dieing to try to convert to this platform...
A.O.P.P
but i'll need to be able to have patched kernel and Twrp.
so you see i'm in it for the long run.
let me know if you need anything for what we work on.
Astr4y4L


----------



## Astr4y4L (Aug 3, 2017)

I am trying to breakdown Aboot for decompilation
dd if=aboot of=aboot.no.header bs=40 skip=1
outputs aboot.no.header but when I try to split that 
split -b 1 aboot.no.header
It seems to lock-up everything for a bit then finishes without error.....
But....
ls from that directory now locksup the pc...
And I made it browsable by html and it locks up every webbrowser I try to load it with (local and remotely)  so...
The things that make ya say "Hmmmmm......"
Not sure what's going on in there...


----------



## SquaredDev (Aug 3, 2017)

Astr4y4L said:


> I would recommend it. The unbricking works for pp5 since we can flash it to pp7/pp8. But rooting pp5 not recommended untill we put together a .tot or .kdz
> What bums is I don't have a pp5 test device...
> Later when I get time I'm going to look at lgup flashable .tot files. And I wonder if I can mount pp7 /system.img and inject root and busybox etc. Then flash that ...
> If I can figure out the pp7 system-root injection and dd rooted pp7 system over to my device if it all works...
> ...

Click to collapse



Roll call. I have a LG zone 3 running pp6 right now stable. I have ran pp7 and pp8 stable. Phone was originally pp5 but then flashed it down originally. I have tried pp4 and pp2 but when it restarts after lgup is done the screen goes white with black lines so I had to update to 6 afterwards. Not using device for service, just a WiFi toy so never activated with Verizon.  Cannot root because of pp6+ limitation I apparently have. 
Rootethods tried: kingroot and kingroot both with apk and pc. There is a pp8 that I have but I think it is just a security patch with Android. 
My main goal is to reach a temproot status or full root


----------



## MotoJunkie01 (Aug 3, 2017)

SquaredDev said:


> Roll call. I have a LG zone 3 running pp6 right now stable. I have ran pp7 and pp8 stable. Phone was originally pp5 but then flashed it down originally. I have tried pp4 and pp2 but when it restarts after lgup is done the screen goes white with black lines so I had to update to 6 afterwards. Not using device for service, just a WiFi toy so never activated with Verizon. Cannot root because of pp6+ limitation I apparently have.
> Rootethods tried: kingroot and kingroot both with apk and pc. There is a pp8 that I have but I think it is just a security patch with Android.
> My main goal is to reach a temproot status or full root

Click to collapse



Have you updated to the current PP8, and then downgraded to PP2?


----------



## SquaredDev (Aug 4, 2017)

MotoJunkie01 said:


> Have you updated to the current PP8, and then downgraded to PP2?

Click to collapse



Yes, to no avail. Same screen issue.


----------



## Astr4y4L (Aug 4, 2017)

building an arm toolchain now...

---------- Post added at 12:34 AM ---------- Previous post was at 12:18 AM ----------

@Motojunki01

Do u feel adventurous?
Wondering what would happen if we flashed the aboot from g2 varient?
Linux identified this hardware as a g2 variety even though we both know its more a K4

---------- Post added at 01:10 AM ---------- Previous post was at 12:34 AM ----------

well I just loaded aboot into this....
( http://www.onlinedisassembler.com/ )
and it is currently "processing the file"
everybody hope this thing can break it down for us.....
could save muuuuuuch time !!!!


----------



## SquaredDev (Aug 4, 2017)

Astr4y4L said:


> building an arm toolchain now...
> 
> ---------- Post added at 12:34 AM ---------- Previous post was at 12:18 AM ----------
> 
> ...

Click to collapse



I'm hoping!!! And man, we really appreciate this effort and will be donating soon as I can... I promise.

---------- Post added at 01:08 AM ---------- Previous post was at 01:06 AM ----------

@Astr4y4L I am willing to flash any thing you come up with as a test dummy. I have no problem if my phone bricks since I have a pixel for daily driver.


----------



## MotoJunkie01 (Aug 4, 2017)

SquaredDev said:


> I'm hoping!!! And man, we really appreciate this effort and will be donating soon as I can... I promise.
> 
> ---------- Post added at 01:08 AM ---------- Previous post was at 01:06 AM ----------
> @Astr4y4L I am willing to flash any thing you come up with as a test dummy. I have no problem if my phone bricks since I have a pixel for daily driver.

Click to collapse


@Astr4y4L, I feel you are close to a breakthrough. I can confirm myself that LG Optimus Zone 3, LG K4, LG Spree LTE, and LG Rebel LTE are essentially the same device. Great thinking! By the way, I own a Rebel if it would be of any use firmware or partition wise. I'd wager that your G2 theory is dead on point.


----------



## Astr4y4L (Aug 4, 2017)

MotoJunkie01 said:


> @Astr4y4L, I feel you are close to a breakthrough. I can confirm myself that LG Optimus Zone 3, LG K4, LG Spree LTE, and LG Rebel LTE are essentially the same device. Great thinking! By the way, I own a Rebel if it would be of any use firmware or partition wise. I'd wager that your G2 theory is dead on point.

Click to collapse



I'm done for the day...
But would love to see about the aboot exchange theory ...
U feel like pulling aboot from your rebel and flashing it to your zone3 ? don't forget to grab abootbak also...
I'm so stinking currious but this is my daily driver....
Also here's an indication of potential ...
 I modified an old version of "wpa wps tester app" and it successfully cracked two different routers from my zone3
So that was a fun exploration for educational purposes

More tomarrow
Also paypal seems to be down alday here...
weird. 


Astr4y4L

---------- Post added at 04:55 AM ---------- Previous post was at 04:53 AM ----------

@SquaredDev
I will soon be looking for pp5 package testers...
I will let u know soon as I get something together
Thanks


----------



## SquaredDev (Aug 4, 2017)

[/COLOR]@SquaredDev
I will soon be looking for pp5 package testers...
I will let u know soon as I get something together
Thanks[/QUOTE]

Alrighty  Just let me know!


----------



## Astr4y4L (Aug 4, 2017)

@MotoJunkie01

I am not having any luck trying to decompile aboot.... think my machines are too limited in ram....
tried online decompiler but has upload max-limit = 256KB 
aboot = 2MB
so.....
if anyone can help figure out how to pull apart aboot we will be able to move foward ...
untill then i'm going to focus on injecting root into pp7 system and getting it all wrapped up in .kdz or .tot
that way our brothers with the pp5 can join the Rooted catagory...
please post any advise or suggestions you may have...


----------



## MotoJunkie01 (Aug 4, 2017)

Astr4y4L said:


> @MotoJunkie01
> 
> I am not having any luck trying to decompile aboot.... think my machines are too limited in ram....
> tried online decompiler but has upload max-limit = 256KB
> ...

Click to collapse



I've not had a lot of experience dealing with bootloader partitions. I definitely think you're on the right path here. If /aboot gets cracked I think we are home free. My goal today is to research modifying/decompiling /aboot. I'll report back to you soon as I find anything useful. I'll also check my torrent sources for a more suitable decompiler. I love your idea on a pre-rooted PP7 in kdz format as well. Our PP5 brothers will be ecstatic.


----------



## SquaredDev (Aug 4, 2017)

MotoJunkie01 said:


> I've not had a lot of experience dealing with bootloader partitions. I definitely think you're on the right path here. If /aboot gets cracked I think we are home free. My goal today is to research modifying/decompiling /aboot. I'll report back to you soon as I find anything useful. I'll also check my torrent sources for a more suitable decompiler. I love your idea on a pre-rooted PP7 in kdz format as well. Our PP5 brothers will be ecstatic.

Click to collapse



I am hyped! I will be willing to flash test anything with my orignally pp5 hardware!


----------



## Astr4y4L (Aug 4, 2017)

Ok. after 4 hours of downloads and ftp transfer. I'm about to tear apart pp7
Like I did before to get the modem.img etc..
Only this time I'll try to put it right back together without changes and see if someone...
( @SquaredDev ) can flash that with lgup giving them a stock unmodified pp7.
If that is successful I think I'll be able to make pre-rooted pp7.
First is pull it apart and put it back together.
If that works I'll seperate /system from pp7.kdz and inject root then repack to kdz...
So wish me luck and no network interruptions


----------



## SquaredDev (Aug 4, 2017)

Astr4y4L said:


> Ok. after 4 hours of downloads and ftp transfer. I'm about to tear apart pp7
> Like I did before to get the modem.img etc..
> Only this time I'll try to put it right back together without changes and see if someone...
> ( @SquaredDev ) can flash that with lgup giving them a stock unmodified pp7.
> ...

Click to collapse



Good Luck! I will gladly try to flash! I am actually experimenting with a way to inject a recovery into LGUP while it is updating the device. GOOD LUCK AND NO NETWORK INTERRUPTIONS!


----------



## MotoJunkie01 (Aug 4, 2017)

Astr4y4L said:


> Ok. after 4 hours of downloads and ftp transfer. I'm about to tear apart pp7
> Like I did before to get the modem.img etc..
> Only this time I'll try to put it right back together without changes and see if someone...
> ( @SquaredDev ) can flash that with lgup giving them a stock unmodified pp7.
> ...

Click to collapse



Godspeed to you. This would be a huge leap of progress for PP5 members, as well as all other members with a Zone 3. My concern on the decompiled kdz is that /system is compiled of a series of fragmented LG UP flashable .bin files. I assume that a Zone 3 running PP7 would need to dump a system.img, convert the image over to the LG UP dependent bin files, place the files accordingly in the kdz structure, recompile kdz, and flash via LG UP. Am I on the right path with that?


----------



## Astr4y4L (Aug 5, 2017)

MotoJunkie01 said:


> Godspeed to you. This would be a huge leap of progress for PP5 members, as well as all other members with a Zone 3. My concern on the decompiled kdz is that /system is compiled of a series of fragmented LG UP flashable .bin files. I assume that a Zone 3 running PP7 would need to dump a system.img, convert the image over to the LG UP dependent bin files, place the files accordingly in the kdz structure, recompile kdz, and flash via LG UP. Am I on the right path with that?

Click to collapse



pretty close... i'm useing python to dump the chunks from the .dz found in the .kdz then it puts the chunks together into system.img or whatever partition im working on ...
dd if=system.image of=system.img
mount -o loop /mnt/tmp   /blablabla/whatever_directory/system.img

and then i con modify whatever i want but only 28MB free space to work in...
then umount /mnt/tmp
dd if=system.img of=system.image

"The next step would be reconstructing the file.  There are three steps, turning
the files into chunks, merging them together into a DZ file, and then merging
everything back into a KDZ file.  The first step has some quirks."
strategy is to make use of ext2simg
from the Android image utilities
so...
image2chunks --ext4 dzextracted/system.image
mkdz -f kdzextracted/VS425PP7_01.dz -m
then
mkkdz -f VS425PP7_01.kdz -m
then...
hopefully profit...
working on injection for pp7 system image now...

@MotoJunkie01

heres something I found going through the files i found inside pp7's /system/bin

[  #!/system/bin/sh
if ! applypatch -c EMMC:/dev/block/bootdevice/by-name/recovery:10715136:91eb5525caf26e363b5b5bd98cde67a25327fd27; then
  applypatch -b /system/etc/recovery-resource.dat EMMC:/dev/block/bootdevice/by-name/boot:10217472:a2ba73246be874babe265e35b364ff0b11437013 EMMC:/dev/block/bootdevice/by-name/recovery 91eb5525caf26e363b5b5bd98cde67a25327fd27 10715136 a2ba73246be874babe265e35b364ff0b11437013:/system/recovery-from-boot.p && log -t recovery "Installing new recovery image: succeeded" || log -t recovery "Installing new recovery image: failed"
else
  log -t recovery "Recovery image already installed"
fi
]
so looking at this might give you ideas for the recovery situation...
but i'm putting together a pre-rooted pp7 system.img
and then i'll try to re-KDZ it...
God I hope this works!!!


----------



## MotoJunkie01 (Aug 5, 2017)

Astr4y4L said:


> pretty close... i'm useing python to dump the chunks from the .dz found in the .kdz then it puts the chunks together into system.img or whatever partition im working on ...
> dd if=system.image of=system.img
> mount -o loop /mnt/tmp /blablabla/whatever_directory/system.img
> 
> ...

Click to collapse



Wow great find. I see the log stated first "installing new recovery image succeeded" and then "installing new recovery image failed". I'm trying to decipher the reason it succeeded then failed. But my thought is /aboot interceded. 
Ok I see your conversion method on decompiling, modifying, and recompiling kdz. Makes perfect sense but I see your dilemma with a 28mb limitation. I have a Python based program in mind for you. Getting the link now.


----------



## MotoJunkie01 (Aug 5, 2017)

@Astr4y4L, take a look at this thread. It's not exactly on topic with what we are developing, but it deals with Qualcomm QPST emergency flashing Moto devices which are hard bricked. The software used to compile and flash the firmware files is Python27 based. There are links for the software files.
https://www.google.com/amp/s/forum....ini-maxx-ultra-root-pogress-100-t3071609/amp/
To clarify, it's actually a rooting thread. But in order to root with this method, the device must intentionally be hard bricked and completely unresponsive. I know. Crazy right? You'll see what I mean.


----------



## Astr4y4L (Aug 5, 2017)

UPDATE:
................................................................................................................................................................................................................................................................................................................
[email protected]:/var/www/html/android/kdztools# python mkdz.py -f kdzextracted/VS425PP7_01.dz -m
[!] chunk system_754760.bin overlaps!
....................................................................................................................................................................................................................................................................................
WELL ALRIGHTY THEN !!!!
I'm getting somewhere ! 
I know the above error seems silly to be exited about but I read It as {    HELP !!! I Don't fit right anymore ! Trim My Friends Till I Fit In !!!  }

---------- Post added at 01:08 AM ---------- Previous post was at 01:04 AM ----------

Well ...
a good breaking point so I'm going to log off and take a break ...
all the work I'm speaking about is publicly browsable at (http://18.220.133.114)
just dig in and if anything catches your eye speak up

---------- Post added at 01:36 AM ---------- Previous post was at 01:08 AM ----------




MotoJunkie01 said:


> Wow great find. I see the log stated first "installing new recovery image succeeded" and then "installing new recovery image failed". I'm trying to decipher the reason it succeeded then failed. But my thought is /aboot interceded.
> Ok I see your conversion method on decompiling, modifying, and recompiling kdz. Makes perfect sense but I see your dilemma with a 28mb limitation. I have a Python based program in mind for you. Getting the link now.

Click to collapse



sorry look closer it's a shell script I found inside the fresh pp7 located at /system/bin/install-recovery.sh
Or some such...
But I think with root access we may be able to exploit this to cause the phone to "accidentally" install our modified recovery instead of stock recovery..
Ofcourse we would have to zero out our /recovery and hide our modded one in /data/local/tmp or something

---------- Post added at 01:44 AM ---------- Previous post was at 01:36 AM ----------

@Motojunki01
Check this out http://18.220.133.114/android/kdztools/dzextracted/


----------



## MotoJunkie01 (Aug 5, 2017)

Astr4y4L said:


> UPDATE:
> ................................................................................................................................................................................................................................................................................................................
> [email protected]:/var/www/html/android/kdztools# python mkdz.py -f kdzextracted/VS425PP7_01.dz -m
> [!] chunk system_754760.bin overlaps!
> ...

Click to collapse



That looks like a kdz ready to compile. Is that your compiled PP7? I can't look closely right now. Driving. Is it ready?


----------



## Astr4y4L (Aug 5, 2017)

MotoJunkie01 said:


> That looks like a kdz ready to compile. Is that your compiled PP7? I can't look closely right now. Driving. Is it ready?

Click to collapse



All thats left is figure out how to trim the chunks
So that I can chunk the modified system.image and not have the end system chunk overlapping the beginning chunk of the following partition


----------



## MotoJunkie01 (Aug 5, 2017)

Astr4y4L said:


> All thats left is figure out how to trim the chunks
> So that I can chunk the modified system.image and not have the end system chunk overlapping the beginning chunk of the following partition

Click to collapse



I see exactly what you mean. Check out this thread. 
https://forum.xda-developers.com/showthread.php?t=2179431


----------



## Astr4y4L (Aug 5, 2017)

MotoJunkie01 said:


> I see exactly what you mean. Check out this thread.
> https://forum.xda-developers.com/showthread.php?t=2179431

Click to collapse



I think alot of that would apply... gonna browse the whole thread but the tools they are using are for windows and I'm running on ubuntu 16 lts


----------



## MotoJunkie01 (Aug 5, 2017)

Astr4y4L said:


> I think alot of that would apply... gonna browse the whole thread but the tools they are using are for windows and I'm running on ubuntu 16 lts

Click to collapse



Ahhh. I see. I'll see what I can find for Linux.


----------



## Astr4y4L (Aug 5, 2017)

@MotoJunkie01


[  #!/system/bin/sh
if ! applypatch -c EMMC:/dev/block/bootdevice/by-name/recovery:10715136:91eb5525caf26e363b5b5bd98cde67a25327fd27; then
  applypatch -b /system/etc/recovery-resource.dat EMMC:/dev/block/bootdevice/by-name/boot:10217472:a2ba73246be874babe265e35b364ff0b11437013 EMMC:/dev/block/bootdevice/by-name/recovery 91eb5525caf26e363b5b5bd98cde67a25327fd27 10715136 a2ba73246be874babe265e35b364ff0b11437013:/system/recovery-from-boot.p && log -t recovery "Installing new recovery image: succeeded" || log -t recovery "Installing new recovery image: failed"
else
  log -t recovery "Recovery image already installed"
fi
]

So looking at this again this morning. Wonder if that's the hash for recovery and hash for boot right there....


----------



## MotoJunkie01 (Aug 5, 2017)

Astr4y4L said:


> @MotoJunkie01
> 
> 
> [ #!/system/bin/sh
> ...

Click to collapse



Yes it seems to be.


----------



## SquaredDev (Aug 5, 2017)

I thought I would try to flash the LG K4 firmware to the LG Zone 3... it kept giving me an error, so there was my train of thought broken for today.


----------



## MotoJunkie01 (Aug 5, 2017)

SquaredDev said:


> I thought I would try to flash the LG K4 firmware to the LG Zone 3... it kept giving me an error, so there was my train of thought broken for today.

Click to collapse



Did you try editing the build.prop and applying the K4 identifiers? We may can fool LG UP into seeing the Zone 3 as a K4, since the two devices are technically the same anyway.


----------



## SquaredDev (Aug 5, 2017)

MotoJunkie01 said:


> Did you try editing the build.prop and applying the K4 identifiers? We may can fool LG UP into seeing the Zone 3 as a K4, since the two devices are technically the same anyway.

Click to collapse



I didn't. I can't figure out how to change anything in the kdz. And cannot root because of pp5 hardware, so i don't know how to edit it


----------



## MotoJunkie01 (Aug 6, 2017)

SquaredDev said:


> I didn't. I can't figure out how to change anything in the kdz. And cannot root because of pp5 hardware, so i don't know how to edit it

Click to collapse



Oh ok. Yes I had forgotten you couldn't achieve any type of root.


----------



## SquaredDev (Aug 6, 2017)

So, just goofing around with LGUP... I would install pp2 and get the screen glitch.. so I would start flashing it to pp6 but right after it flashed modem and /laf.. i would unplug it before it would start to flash the recovery and system images... i would then restart the phone and the screen glitch would stop and i would have the normal LG logo... BUT, it would boot to the LG logo twice and then throw itself back into download mode. I think the problem going this route is I may not be able to disconnect at the right time and it starts to flash just a hair of the recovery or something... OR it has some kind of check at the end of the flashing procedure to see if the flash completed successfully or not.


----------



## Astr4y4L (Aug 6, 2017)

SquaredDev said:


> So, just goofing around with LGUP... I would install pp2 and get the screen glitch.. so I would start flashing it to pp6 but right after it flashed modem and /laf.. i would unplug it before it would start to flash the recovery and system images... i would then restart the phone and the screen glitch would stop and i would have the normal LG logo... BUT, it would boot to the LG logo twice and then throw itself back into download mode. I think the problem going this route is I may not be able to disconnect at the right time and it starts to flash just a hair of the recovery or something... OR it has some kind of check at the end of the flashing procedure to see if the flash completed successfully or not.

Click to collapse



Ok what if I make a kdz containing only the system partition from pp2...
Anybody want to see if stupid lgup can flash it????


----------



## SquaredDev (Aug 6, 2017)

Astr4y4L said:


> Ok what if I make a kdz containing only the system partition from pp2...
> Anybody want to see if stupid lgup can flash it????

Click to collapse



I will flash it 

---------- Post added at 01:55 AM ---------- Previous post was at 01:54 AM ----------

But I think it needs something in it to tell lgup that it is the correct device


----------



## Astr4y4L (Aug 6, 2017)

SquaredDev said:


> I will flash it
> 
> ---------- Post added at 01:55 AM ---------- Previous post was at 01:54 AM ----------
> 
> But I think it needs something in it to tell lgup that it is the correct device

Click to collapse



Actually working on it as we speak
got Two ideas ....
will be back in a bit...


----------



## Astr4y4L (Aug 6, 2017)

@MotoJunkie01

i found this...

[ https://forum.xda-developers.com/showthread.php?t=2483250&page=5 ]
lastpost...
[ " I merged system.img (2206203904B) with SystemMerger.py but it's larger than my original system dump which is 2147483648B size...
The difference is 58720256B which is exactly 56MB.
As on the end of merged system.img are ony zeroes I truncated merged file to size of original system dump as that is the size of my system partition. Bigger than that won't fit...
Merged system.img is still readable after truncation... " ]

I think this is how i trim new system to fit....
also some good tools for Windows Users.
@SquaredDev
I am slowly downloading pp2 again and going to try two things .....
idea 1 (System_Only_PP2.kdz)
and
idea 2 (PP7_Without_System.kdz)
if either of those will flash through lgup you'll be joining Club_Root !


----------



## SquaredDev (Aug 6, 2017)

Astr4y4L said:


> @MotoJunkie01
> 
> i found this...
> 
> ...

Click to collapse



Awesome! I may not admit to it, but I have been refreshing this forum quite a bit today. (Every break I get, I drive a semi) I have been playing around with python a bit today as well while waiting at a shipper.. going to learn the language


----------



## Astr4y4L (Aug 6, 2017)

@SquaredDev @MotoJunkie01

Try this in LgUP its a kdz containing only the system parts and the GPT wrapped up with the dll files and such that were there to begin with 
direct download link ( http://18.220.133.114/android/Astr4y4L_VS425PP2_02.kdz )
im done for today.
please post any results here and i'll check back in the morning.
Astr4y4L


----------



## SquaredDev (Aug 6, 2017)

Astr4y4L said:


> @SquaredDev @MotoJunkie01
> 
> Try this in LgUP its a kdz containing only the system parts and the GPT wrapped up with the dll files and such that were there to begin with
> direct download link ( http://18.220.133.114/android/Astr4y4L_VS425PP2_02.kdz )
> ...

Click to collapse



These were the results.. the first error is trying via the refurbish and upgrade option. The second is from the FOTA option. Test subject was a fresh flash to pp6 and then tried the kdz you created.


----------



## Astr4y4L (Aug 6, 2017)

SquaredDev said:


> These were the results.. the first error is trying via the refurbish and upgrade option. The second is from the FOTA option. Test subject was a fresh flash to pp6 and then tried the kdz you created.

Click to collapse



Ok I got another idea from the errors ...

---------- Post added at 08:04 AM ---------- Previous post was at 07:45 AM ----------




SquaredDev said:


> These were the results.. the first error is trying via the refurbish and upgrade option. The second is from the FOTA option. Test subject was a fresh flash to pp6 and then tried the kdz you created.

Click to collapse


 @SquaredDev

Ok try this out same setup except I compiled the last one with a new name... so download first this kdz
( http://18.220.133.114/android/kdztools/VS425PP2_02.kdz )
Then id like you to download this...
( http://astrayalslanding.dynu.net:88/Android_Development/Projects/UPPERCUT_1.0.0.0.zip )
And unzip that and run the upputcut.exe inside as an admin.
This will rule out problems with the dlls
What this does is bypass the dlls for lgup allowing any lg phone to connect . Uppercut is not my work but I use it and it starts lgup for me and connects everything.
So grab the kdz then use uppercut . It will automagically start lgup for you then try refurbish and such as usual.
Plz post results. Thanks.
Astr4y4L


----------



## MotoJunkie01 (Aug 6, 2017)

@Astr4y4L sorry I'm so late chiming in. I'll download the files today and try too.


----------



## Astr4y4L (Aug 6, 2017)

Well I wonder how it went...
Are the files I'm making doing anything?
If they're no good let me know so I can reclaim space to work in...
If they are good I'll move them to main project page for everyone else to use...
Just let me know .... @MotoJunkie01
Did you happen to figure out anything on aboot? Did you try the one from the rebel?


----------



## SquaredDev (Aug 6, 2017)

Astr4y4L said:


> Ok I got another idea from the errors ...
> 
> ---------- Post added at 08:04 AM ---------- Previous post was at 07:45 AM ----------
> 
> ...

Click to collapse



I am getting KDZ file is invalid, now


----------



## MotoJunkie01 (Aug 6, 2017)

Astr4y4L said:


> Well I wonder how it went...
> Are the files I'm making doing anything?
> If they're no good let me know so I can reclaim space to work in...
> If they are good I'll move them to main project page for everyone else to use...
> ...

Click to collapse



I'm currently trying to achieve root or temp root on my Rebel, which has proven to be very difficult. The typical one-click root applications have not hit upon an exploit. I'm trying the old dirty cow in hopes temp root will occur so that I can dump the partitions. 
On the firmware package you created, I just arrived at work and when I get a few moments, I'll use LG UP & try flashing it. 
Thanks as always @Astr4y4L for your endless hard work and contributions.


----------



## SquaredDev (Aug 6, 2017)

@Astr4y4L Is there anything I can be doing to help you? I have no problem test flashing, but was wondering if there is anything extra I can be helping with that isn't complicated for a noob?


----------



## Astr4y4L (Aug 6, 2017)

SquaredDev said:


> I am getting KDZ file is invalid, now

Click to collapse



Awsome.... wonder if u can use kdz to tot windows tools to convert this to a .tot file?
we could then use LG flashtool instaed of lgup.
Wich would be great because this seems like a checksum error...
Well... back to the drawing board...
Ill be thinking about a way around this problem ..
But honestly. Buy the pp7 or pp8 from familydollar
It's $20 I fried my first one trying to figure out the ZONE3_root.zip I made....
But still I hate that I can't fnd a way to do pp5...
I will be thinking...

---------- Post added at 07:18 PM ---------- Previous post was at 07:12 PM ----------




MotoJunkie01 said:


> I'm currently trying to achieve root or temp root on my Rebel, which has proven to be very difficult. The typical one-click root applications have not hit upon an exploit. I'm trying the old dirty cow in hopes temp root will occur so that I can dump the partitions.
> On the firmware package you created, I just arrived at work and when I get a few moments, I'll use LG UP & try flashing it.
> Thanks as always @Astr4y4L for your endless hard work and contributions.

Click to collapse



Can u find a source to download the .kdz firmware for the rebel?  I can easily take kdz apart to get working partition .img files as demonstrated with the vs425

---------- Post added at 07:30 PM ---------- Previous post was at 07:18 PM ----------




SquaredDev said:


> @Astr4y4L Is there anything I can be doing to help you? I have no problem test flashing, but was wondering if there is anything extra I can be helping with that isn't complicated for a noob?

Click to collapse



Let me see.... I really wish u had the pp7 device...
Mine is my daily so I get tired of flashing back and forth..
But outside of that if you want to research. Tot files, how to make ? Kdz how to convert to tot. ? And lgflashtool...how does that work and does it need specially crafted libraries to connect to com port on our phones?
My windows machine along with all my prievious work are shot for now I'm running linux exclusively but many of the tools made out there are for windows ..
We need a less strict flahing tool or maby use ollidbg to modify lgup so it doesn't do sanity checks....


----------



## MotoJunkie01 (Aug 6, 2017)

Astr4y4L said:


> Awsome.... wonder if u can use kdz to tot windows tools to convert this to a .tot file?
> we could then use LG flashtool instaed of lgup.
> Wich would be great because this seems like a checksum error...
> Well... back to the drawing board...
> ...

Click to collapse



I'll look for the Rebel firmware. If I can get at least temp root (the bootloader on the Rebel is locked), I can dump all partitions and upload them. There is a Windows tool I think that can convert raw partition images to kdz (and maybe TOT???)
Also, the LG Spree LTE is supposedly the same phone as the Zone 3, Rebel and K4.


----------



## Astr4y4L (Aug 7, 2017)

MotoJunkie01 said:


> I'll look for the Rebel firmware. If I can get at least temp root (the bootloader on the Rebel is locked), I can dump all partitions and upload them. There is a Windows tool I think that can convert raw partition images to kdz (and maybe TOT???)
> Also, the LG Spree LTE is supposedly the same phone as the Zone 3, Rebel and K4.

Click to collapse



Ok it just hit me.....
Instead of.  PP7 no system or pp2 system only....
Why not pp7 replace system chunks with pp2 system chunks then make kdz..... maby it'll fool lgup

---------- Post added at 02:48 AM ---------- Previous post was at 02:45 AM ----------

Gotta work in the morning so I don't have time tonight but...
COMEING SOON...
PP7_WITH_pp2-system.kdz @SquaredDev
This means u.....

---------- Post added at 02:48 AM ---------- Previous post was at 02:48 AM ----------

Gotta work in the morning so I don't have time tonight but...
COMEING SOON...
PP7_WITH_pp2-system.kdz @SquaredDev
This means u.....


----------



## SquaredDev (Aug 7, 2017)

That's awesome! I have been looking at ollyddb and trying things as well. Really cool program!


----------



## Astr4y4L (Aug 7, 2017)

SquaredDev said:


> That's awesome! I have been looking at ollyddb and trying things as well. Really cool program!

Click to collapse



Yea. If u get good at that u can basically cheat at anything (windows)
I will fire up the server again tomorrow and make this new idea on kdz


----------



## SquaredDev (Aug 7, 2017)

Astr4y4L said:


> Yea. If u get good at that u can basically cheat at anything (windows)
> I will fire up the server again tomorrow and make this new idea on kdz

Click to collapse



Sounds like a plan! I got a lot of shag runs tomorrow afternoon with the truck, so i may not be around much past noon but will get to it soon as I can!


----------



## Astr4y4L (Aug 7, 2017)

SquaredDev said:


> Sounds like a plan! I got a lot of shag runs tomorrow afternoon with the truck, so i may not be around much past noon but will get to it soon as I can!

Click to collapse



here it is i took pp7 and replaced system parts with pp2 and just wrapped it back up....
wanna give it a shot ?
i'll check back later to find out how it go's...

NEW KDZ
( http://18.220.133.114/android/new_kdz/VS425PP7_01.kdz )
MODIFIED KDZ PP7 WITH PP2 SYSTEM FLASH AT YOUR OWN RISK...
but I ReeeeeAly hope it works ! 
Astr4y4L


----------



## SquaredDev (Aug 7, 2017)

Giving me the same error.. saying invalid kdz on upgrade/refurbish but FOTA is giving me the error code from previous post. I thought I may have broken the program but it still flashes the unmodded kdz files.


----------



## Astr4y4L (Aug 7, 2017)

SquaredDev said:


> Giving me the same error.. saying invalid kdz on upgrade/refurbish but FOTA is giving me the error code from previous post. I thought I may have broken the program but it still flashes the unmodded kdz files.

Click to collapse



Ahhhhh! PP5 the bane of zone3 rooting....
Well without a way to see the screen after downgrade ...
No way to root it that I can think.. now if they haven't changed the kernel even pp5 should be susceptible to dirtycow but its very involved and quite complicated to get root through dirtycow methods ....
The $20 price tag makes this my favorite device for now.
I can just buy another one if I kill it...
But ill still be thinking..
There may be a way to dirtycow it to trick it into flashing or UPDATING its. Self to pp2...
There was a thing for lg v20 that did basically that to the recovery...
We'd have to write our own code or heavily modify someone else's ....
@MotoJunkie01
Any luck with dirty cow?


----------



## Astr4y4L (Aug 8, 2017)

well if anyone needs stock .img files for any partition in pp7 
get it here
( http://18.220.133.114/android/PP7_all-partitions_stock_img-format/ )
maby someone can find something to exploit in pp7 now that all partitions are available in mountable .img files


----------



## MotoJunkie01 (Aug 8, 2017)

Astr4y4L said:


> Ahhhhh! PP5 the bane of zone3 rooting....
> Well without a way to see the screen after downgrade ...
> No way to root it that I can think.. now if they haven't changed the kernel even pp5 should be susceptible to dirtycow but its very involved and quite complicated to get root through dirtycow methods ....
> The $20 price tag makes this my favorite device for now.
> ...

Click to collapse



No. Dirty cow won't exploit it for even temp root. It's one of the tightest Lollipop ROMs I've ever ran across.


----------



## Astr4y4L (Aug 8, 2017)

MotoJunkie01 said:


> No. Dirty cow won't exploit it for even temp root. It's one of the tightest Lollipop ROMs I've ever ran across.

Click to collapse



think I may be on to something with aboot, but don't got time to chase it right now...


----------



## Astr4y4L (Aug 8, 2017)

Astr4y4L said:


> think I may be on to something with aboot, but don't got time to chase it right now...

Click to collapse



@MotoJunkie01

about dirtycow did you try this 
( http://www.mediafire.com/file/r3i900n7jb2zfoo/EXPLOIT_ADB.rar)
password = nox 
this was from thread ( https://forum.xda-developers.com/android/software-hacking/root-tool-dirtycow-apk-adb-t3525120 )
it probably won't work out of box as written for our device but the exploits can be used to dirtycow other files... i don't know what that means to pp5 but for those of us with root this could be a back door to twrp like with the v20
we would have to write our own script to set selinux to permissive and then flash our twrp that we place in /data/local/tmp/  
       find one of the scripts in the rom that runs in the init context and hijack the process useing dirtycow to replace said "script.sh" in the memory and cause the event that triggers "script.sh"  to be executed which would flash our recovery..... maby...
dirtycow its self will not give us a real root shell because of selinux but it is a tool we could implement to achieve root or custom recovery in a round-about way...
also I found ( raw_resources.img ) and ( raw_resourcesbak.img )
in the firmware and looking through the shell scripts in boot and in system i'm fairly convinced the problem with the unsecured boot is located in aboot also the problem with fastboot is there and of course thats because it points to laf
but I now think the issues with recovery may have something to do with these two partitions i found. also noticed (spare1) and (spare2) and would think they would be extra space but it contains data so what the heck are they hideing in there ?


----------



## MotoJunkie01 (Aug 8, 2017)

I've had great luck with DirtyCow in the past, with various devices & tablets. I'll try the script you sent and see if the exploit will take. Thanks for your research and your help.


----------



## Astr4y4L (Aug 8, 2017)

MotoJunkie01 said:


> I've had great luck with DirtyCow in the past, with various devices & tablets. I'll try the script you sent and see if the exploit will take. Thanks for your research and your help.

Click to collapse



I just really eant to see that twrp u r working on
And want to help any way I can.
I stumbled across some imgtool that did "something " to aboot.img but I haven't had time to figure it out yet....
Still maby we find out what's inside /rawresorces or whatever it was called.
Maby that's where it pulls the img from when it rewrites our recovery ...
Wonder what happened with everyone else?
Did that guy figure out anything on his cwm ? Or /laf ?


----------



## MotoJunkie01 (Aug 8, 2017)

We simply need to "nuke" /laf and there is a possibility of accessing fastboot. It has been done on many LG devices. /laf is your device's Download Mode for recovery, so of course there is a chance of bricking a device beyond repair. I'm about to the point of chancing it. 
On TWRP, as soon as I have it rebased (I'm also developing on Lenovo Tab 3, Moto G3, and Alcatel Ideal right now), I'll link you a copy of it. Won't be long I promise.


----------



## Astr4y4L (Aug 8, 2017)

MotoJunkie01 said:


> We simply need to "nuke" /laf and there is a possibility of accessing fastboot. It has been done on many LG devices. /laf is your device's Download Mode for recovery, so of course there is a chance of bricking a device beyond repair. I'm about to the point of chancing it.
> On TWRP, as soon as I have it rebased (I'm also developing on Lenovo Tab 3, Moto G3, and Alcatel Ideal right now), I'll link you a copy of it. Won't be long I promise.

Click to collapse



Awsome... ill try it too...
I'm taking a break from cracking this. I am in the middle of remodeling my house.... 
But I am going to leave everything as it is on the servers so you have all my work right there...
I'm sure ill get back to it again soon. But I was thinking of making another sudo account and letting you log in if u want to continue what we are doing with littlekernel and aboot etc.


----------



## Astr4y4L (Aug 8, 2017)

@MotoJunkie01

hey check your PM 's I just sent you a message containing the login for the development-server


----------



## MotoJunkie01 (Aug 9, 2017)

Astr4y4L said:


> @MotoJunkie01
> 
> hey check your PM 's I just sent you a message containing the login for the development-server

Click to collapse



Thanks @Astr4y4L. Just saw this. Been working 16 hour days. Been crazy.


----------



## Astr4y4L (Aug 9, 2017)

MotoJunkie01 said:


> Thanks @Astr4y4L. Just saw this. Been working 16 hour days. Been crazy.

Click to collapse



Still having issues with the gsm mod... trying a few things but can't find your OP on the topic ...


----------



## MotoJunkie01 (Aug 9, 2017)

Astr4y4L said:


> Still having issues with the gsm mod... trying a few things but can't find your OP on the topic ...

Click to collapse



I didn't do an OP. Its on Page 3 of one of the Zone 3 threads.


----------



## Astr4y4L (Aug 9, 2017)

MotoJunkie01 said:


> I didn't do an OP. Its on Page 3 of one of the Zone 3 threads.

Click to collapse



Thanks again I Just found it !
and I made the .prop edits and moved  the vzw stuff i could find but can't even locate VzwPhoneService.apk.

heres my /system/app folder content

######################################

[email protected]:/system/app # ls -a
BrowserProviderProxy
CaptivePortalLogin
CertInstaller
Chrome
CloudPrint
ConfigUpdater
DocumentsUI
Drive
DrmService
FaceLock
GCUV
Gmail2
GnssAirTest
GnssLogCat
GnssPosTest
GnssTest
GoogleCalendarSyncAdapter
GoogleContactsSyncAdapter
GoogleTTS
HTMLViewer
Hangouts
HotspotProvision
IPsecService_LG
KeyChain
LGATCMDService
LGBluetooth4
LGBluetoothSetting
LGDMWebViewer
LGDivXDRM
LGDrm
LGEIME
LGEIME_THEME_BLACK3
LGEasySettings
LGFOTA
LGHome_Theme_Optimus
LGLockScreenSettings_2
LGLockScreenSettings_Provider
LGPartnerBookmarksProvider
LGStartupEula
LGStk
LGTouchControlAreas
LGVZWAppStartupwizard
LGVZWHelp
LGVZWStartupwizard
LGWeather
LGWeatherService
LGWeatherTheme
LG_LITE_ADDONS_SINGLE_APK_bin
LLKAgent
LicenseProvider
Maps
Music2
PacProcessor
PackageInstaller
Photos
PrintSpooler
TimeService
UnifiedEULA
UserDictionaryProvider
VZWAPNLib
VerizonHiddenMenu
Videos
VpnClient_LG
VzWSMSFilter
WebViewGoogle
YouTube
atfwd
com.lge.shutdownmonitor
elt_test
qcrilmsgtunnel
servicemenu
talkback
[email protected]:/system/app #

####################################
and here's my /system/priv-app
####################################

[email protected]:/system/priv-app # ls -a
AndroidForWork
AppRecovery
BackupAssistantPlus
BackupRestoreConfirmation
CNEService
DefaultContainerService
FontServer
FusedLocation
GmsCore
GoogleBackupTransport
GoogleFeedback
GoogleLoginService
GoogleOneTimeInitializer
GooglePartnerSetup
GoogleServicesFramework
HomeSelector
Ims
InCalAgent
InputDevices
LGActivation
LGAlarmClock
LGBackup
LGCMAS
LGCalculator
LGCalendar
LGCalendarProvider
LGCameraApp
LGContacts
LGContactsProvider
LGDMSClient
LGDownloadProvider
LGDownloadProviderUi
LGEasyHome
LGEmail
LGExchange
LGExternalStorageProvider
LGFileManager
LGGallery
LGHome
LGInCallUI
LGLiveWallpapersPicker
LGMapUI
LGMediaProvider
LGMusic
LGMusicWidget
LGNetworkSettings
LGPCSuite
LGPrivacylock
LGQMemoplus
LGSettings
LGSettingsAccessibility
LGSettingsProvider
LGSystemServer
LGSystemUI
LGSystemUI_Provider
LGTasksProvider
LGTeleService
LGTelecom
LGThinkFreeViewer
LGUSMms
LGUSTelephonyProvider
LGVideo
LGVoiceCommand
LGVoiceCommandService
LGVoiceRecorder
LGWifiSettings
ManagedProvisioning
MmsService
MyVerizon
Phonesky
ProxyHandler
SSO_P3
SetupWizard
SharedStorageBackup
Shell
VZMessages
VZNavigator
VZWAPNService
VZWAVS
Velvet
VpnDialogs
WallpaperCropper
WapService
appdirectedsmspermission
com.customermobile.preload.vzw
com.qualcomm.location
qospermission
securesettingspermission
ssopermission
vzwapnpermission
[email protected]:/system/priv-app # 

#####################################
and I just don't know.
 maby some of what i'm looking to disable is'nt on the device?
I put the sim from my wifes cricket sm-j120az into the vs425pp and it showed the network and even LTE 

but it wouldn't let me actually connect to anything.. no data, no voice...
but showed network signal bars and everything...
that was before I made the rest of the .prop edits ...
I just disabled these 
###################################
[email protected]:/system/priv-app # pm list packages -d
package:com.android.LGSetupWizard
package:com.verizon.vzwavs
package:com.verizon.permissions.vzwappapn
package:com.lge.helpcenter
package:com.vzw.hss.myverizon
package:com.lge.AppSetupWizard
package:com.lge.lgdmwebviewer4vzw
package:com.verizon.permissions.securesettings
package:com.vzw.apnservice
package:com.google.android.setupwizard
package:com.lge.eula
package:com.lge.gcuv
package:com.vznavigator.Generic
package:com.lge.thinkfreeviewer
package:com.customermobile.preload.vzw
package:com.android.providers.partnerbookmarks
package:com.motricity.verizon.ssodownloadable
package:com.lge.easyhome
package:com.lge.lgfota.permission
package:com.lge.VerizonHiddenMenu
package:com.lge.eulaprovider
package:com.lge.lgsetupwizard.eula
package:com.verizon.permissions.qos
package:com.verizon.permissions.sso
package:com.verizon.messaging.vzmsgs
package:com.verizon.llkagent
package:com.verizon.permissions.appdirectedsms
[email protected]:/system/priv-app # 
###################################
using the [pm disable <package-name>]
 method...
but seems verizon "typical" has omited every apn except the VZW stuff . so I'm trying to figure out the correct content to add to [apns-conf.xml]
to get it all connected..

about to reboot and try the other sim again...
will let ya know how it go's in a few...

---------- Post added at 04:29 PM ---------- Previous post was at 03:58 PM ----------

WELL.... STILL NO DICE .
I get network bars but no connectivity.... which sounds stupid to me ...
I think it may be that i've simply got to get the apn setting right ... it shows LTE and good strong signal yet when i try google it says i'm not connected to the internet....
and when i try to make a phone call i get something about network not reachable...
cricket -is- att so att settings should work... i'm going to try pulling apns-conf.xml from my wifes cricket phone and try exchangeing that file with the verizon one... 
will let ya know what it does in a bit...


----------



## MotoJunkie01 (Aug 9, 2017)

Astr4y4L said:


> Thanks again I Just found it !
> and I made the .prop edits and moved the vzw stuff i could find but can't even locate VzwPhoneService.apk.
> 
> heres my /system/app folder content
> ...

Click to collapse



Find apns-config.xml if you need to further edit APN settings.


----------



## Astr4y4L (Aug 9, 2017)

@MotoJunkie01
Ok I have limited success.  after adding the internet APN settings from my wife's Samsung to this device I have been able to get LTE connectivity for internet but I still cannot make a voice call... guessing that's due to the phone looking to use 1x network for voice and I'm not sure how to remedy that .
Any ideas?


----------



## Astr4y4L (Aug 10, 2017)

does anyone know anything about VoLTE and how I may add the functionality to this phone if not present?
apparently thats the issue ....


----------



## MotoJunkie01 (Aug 10, 2017)

Astr4y4L said:


> does anyone know anything about VoLTE and how I may add the functionality to this phone if not present?
> apparently thats the issue ....

Click to collapse



I can get you a flashable zip that may implement VoLTE framework.
I have a zip for Moto G3 to install Volte Framework. I'll modify it to the msm8909 specs and link it to you


----------



## Astr4y4L (Aug 10, 2017)

MotoJunkie01 said:


> I can get you a flashable zip that may implement VoLTE framework.
> I have a zip for Moto G3 to install Volte Framework. I'll modify it to the msm8909 specs and link it to you

Click to collapse



Kool .if / when I get that all figured out i might make a tut. on the topic... But probably be a day or two since I KILLED ANOTHER ONE last night....

messed-up build.prop again somehow and on boot got blank screen tried to flash back with LGUP and lg up says it is UNKNOWN device now....
tried to factory reset hopeing it may revert....
Nope.... SO theres another brick in the wall ...
after that it doesn't show up in "adb devices"  so yep...

ATTENTION ZONE 3 USER !!!!
DO NOT EDIT BUILD.PROP AND CHANGE ANYTHING THAT IS A IDENTIFIER OR YOU WILL HAVE A BRICK ON YOUR HANDS AND LGUP WON'T WORK...

But with the $20 price tag it's nearly impossible for me to resist going out and getting another one... especially since the sim's active from the one i just killed and
I JUST PAID the BILL 
so reckon i'm out of the race for a day or two...
and the next thing I want to work on is reverse engeneering LGUP to bypass sanity checks and just flash a stinking file..
no more protecting the user from his stupid actions just flash the damn file...
so yep that would give me three more working phones...
Happy Hacking
Astr4y4L


----------



## Astr4y4L (Aug 10, 2017)

Alright... back in buisness.went and got a replacement this morning already rooted it and fixed bootloops so i'll be back to trying to network mod this one after a bit...
New one is pp8 version... there was only 2 phones left on the shelf and looked at the box closely and saw a pp8 and  a pp5...
I bought the pp8.
If i had more money id get the pp5 just for experimentation purposes....
But anyhow. Soon as i get the network stuff figured out ill post a tut...


----------



## jazzdglass (Aug 10, 2017)

Astr4y4L said:


> Alright... back in buisness.went and got a replacement this morning already rooted it and fixed bootloops so i'll be back to trying to network mod this one after a bit...
> New one is pp8 version... there was only 2 phones left on the shelf and looked at the box closely and saw a pp8 and  a pp5...
> I bought the pp8.
> If i had more money id get the pp5 just for experimentation purposes....
> But anyhow. Soon as i get the network stuff figured out ill post a tut...

Click to collapse




I appreciate your efforts in this little device. 
I'm on pp5. How do I go to pp8 so we can be on the same page with you through the process? 
I got this $8 off ebay. Didn't know it was cdma phone then. I'm highly hopeful I can get GSM working seeing your input. Thanks once again


----------



## TMcTestface (Aug 11, 2017)

Hi all,

Thanks for all the information in this thread and others, it's been extremely helpful to understand the rooting process. Just picked up a Zone 3 today for the sole purpose of rooting and doing some app RE (software version is PP8, as others have noted), and when running the VZW Update agent in an attempt to downgrade, I run into an error message that says "Device authentication failed: please check your device whether it has valid IMEI" (grammar errors not my own). Naturally I assume this means the device must be registered with a data or phone plan, which I don't feel like getting, as I'll not need it. I might be able to just patch the Windows update agent binary if the IMEI isn't critical to the update process (I can't imagine it would be, it's just flashing an image), but I wanted to reach out here and see if there was anything that could be done to "activate" the device without paying for a plan, or otherwise get around the error. Googling the error message turns up nothing as well, so I don't know if anyone else has run into this issue.

Thanks all for the help!


----------



## MotoJunkie01 (Aug 11, 2017)

jazzdglass said:


> I appreciate your efforts in this little device.
> I'm on pp5. How do I go to pp8 so we can be on the same page with you through the process?
> I got this $8 off ebay. Didn't know it was cdma phone then. I'm highly hopeful I can get GSM working seeing your input. Thanks once again

Click to collapse



This is a CDMA/GSM device. For example, the LG Rebel LTE, which is the exact same device as the Zone 3, uses the GSM networks as primary. Upgrading from PP5 to PP8 has been shown to cause video driver issues for some yet to determine  reason. @Astr4y4L can explain this a bit clearer than I.


----------



## Astr4y4L (Aug 11, 2017)

jazzdglass said:


> I appreciate your efforts in this little device.
> I'm on pp5. How do I go to pp8 so we can be on the same page with you through the process?
> I got this $8 off ebay. Didn't know it was cdma phone then. I'm highly hopeful I can get GSM working seeing your input. Thanks once again

Click to collapse



Only problem is some pp5 have display issue once downgradeing to pp2
All u can do is try to upgrade to pp8 useing lgup then soon as it reboots pull the battery before system boots go back to download mode and  flash pp2 with lgup and use the (upgrade) option in lgup and if it boots up without going all black and white bars u r ok...
you will expect bootloops on flashing pp2 but if u dont get the Display issue phone will eventually boot up then you will have to download my rootpackage and follow instructions to root and fix bootloops then you will be good to go ...
Working on the gsm thing just dont have much time so i get in a hurry...
Sometimes thats a bad thing... this is the third one i've bought because of that...


----------



## Astr4y4L (Aug 11, 2017)

TMcTestface said:


> Hi all,
> 
> Thanks for all the information in this thread and others, it's been extremely helpful to understand the rooting process. Just picked up a Zone 3 today for the sole purpose of rooting and doing some app RE (software version is PP8, as others have noted), and when running the VZW Update agent in an attempt to downgrade, I run into an error message that says "Device authentication failed: please check your device whether it has valid IMEI" (grammar errors not my own). Naturally I assume this means the device must be registered with a data or phone plan, which I don't feel like getting, as I'll not need it. I might be able to just patch the Windows update agent binary if the IMEI isn't critical to the update process (I can't imagine it would be, it's just flashing an image), but I wanted to reach out here and see if there was anything that could be done to "activate" the device without paying for a plan, or otherwise get around the error. Googling the error message turns up nothing as well, so I don't know if anyone else has run into this issue.
> 
> Thanks all for the help!

Click to collapse



Use lgup not verizon update uninstall that shizz and grab lgup from post 1 of this thread


----------



## Astr4y4L (Aug 11, 2017)

TMcTestface said:


> Hi all,
> 
> Thanks for all the information in this thread and others, it's been extremely helpful to understand the rooting process. Just picked up a Zone 3 today for the sole purpose of rooting and doing some app RE (software version is PP8, as others have noted), and when running the VZW Update agent in an attempt to downgrade, I run into an error message that says "Device authentication failed: please check your device whether it has valid IMEI" (grammar errors not my own). Naturally I assume this means the device must be registered with a data or phone plan, which I don't feel like getting, as I'll not need it. I might be able to just patch the Windows update agent binary if the IMEI isn't critical to the update process (I can't imagine it would be, it's just flashing an image), but I wanted to reach out here and see if there was anything that could be done to "activate" the device without paying for a plan, or otherwise get around the error. Googling the error message turns up nothing as well, so I don't know if anyone else has run into this issue.
> 
> Thanks all for the help!

Click to collapse



Just reread your post...
If u know how to patch a windows bianary i could really use some help. as iv said before i need lgup patched to either skip file check/version check or somehow return the same values no matter what... (so it just flash the file... dont check version or phone model )
If we do that  a rooted pp7 or pp8 or even pp5 would be posible...


----------



## Astr4y4L (Aug 11, 2017)

Well darn...
I can't get the new to work like the one i killed tried all the edits i can remember but no connectivity on other sim


----------



## jazzdglass (Aug 12, 2017)

Astr4y4L said:


> Well darn...
> I can't get the new to work like the one i killed tried all the edits i can remember but no connectivity on other sim

Click to collapse



I feel with root it should be easier. If one can enable USSD code on the phone and then proceed to dial *#*#4636#*#* - this will bring up the phone info tool and in it one can choose network mode. Most verizon phones disable USSD code. There is an app on playstore that brings that phone info page but it doesn't work on my zone 3 vs425pp5. You can try on pp8. 
Here is the app https://play.google.com/store/apps/details?id=com.tapbase.LTEswitcher

Also see this video where someone used USSD code to open the phone info page https://m.youtube.com/watch?v=s-7R6I8IPQ0

If this were a Samsung phone, I could easily use phone info app by vndnguyen on playstore to enter engineering mode and select bands manually (with root).


----------



## jazzdglass (Aug 12, 2017)

Astr4y4L said:


> Only problem is some pp5 have display issue once downgradeing to pp2
> All u can do is try to upgrade to pp8 useing lgup then soon as it reboots pull the battery before system boots go back to download mode and  flash pp2 with lgup and use the (upgrade) option in lgup and if it boots up without going all black and white bars u r ok...
> you will expect bootloops on flashing pp2 but if u dont get the Display issue phone will eventually boot up then you will have to download my rootpackage and follow instructions to root and fix bootloops then you will be good to go ...
> Working on the gsm thing just dont have much time so i get in a hurry...
> Sometimes thats a bad thing... this is the third one i've bought because of that...

Click to collapse



Just tried this. I pulled battery after flashing pp8 and tried to boot on verizon screen. Now flashed pp2 and everything seems working. Phone seems slower though. Takes a while for apps to open


----------



## Astr4y4L (Aug 12, 2017)

jazzdglass said:


> Just tried this. I pulled battery after flashing pp8 and tried to boot on verizon screen. Now flashed pp2 and everything seems working. Phone seems slower though. Takes a while for apps to open

Click to collapse



Kool it worked  mine seems to be a lot quicker and more responsive just by flashing xposed and i use gravitybox and usually  tweak the colors and stuff.. stay away from changeing android identifiers otherwize you'll end up stuck if anything gos wrong

---------- Post added at 12:51 PM ---------- Previous post was at 12:20 PM ----------

The reason i recomend the xposed installer included in my root package is it will write directly to system so you dont have to have recovery to flash. After that it reboots the first time and triggers it to re-odex or (android is optamizing apps) or whatever and it does all 163 apps which takes a little while but it runs so much better after that.
Also be careful working with build.prop or any .prop and if u use gravitybox stay away from radio or telephony stuff.
And do i remember right ? You started at pp5 ?
If so maby we have a general method for the pp5 to take the downgrade...
@MotoJunkie01
Did u see this


----------



## jazzdglass (Aug 12, 2017)

Astr4y4L said:


> Kool it worked  mine seems to be a lot quicker and more responsive just by flashing xposed and i use gravitybox and usually  tweak the colors and stuff.. stay away from changeing android identifiers otherwize you'll end up stuck if anything gos wrong
> 
> ---------- Post added at 12:51 PM ---------- Previous post was at 12:20 PM ----------
> 
> ...

Click to collapse




I cleared cache and did factory wipe. Now it runs normal. Yes I think the downgrade went well.  This was all I did-

 I installed LGUP, then installed LGUP vs425pp. (this might be elementary but for someone like me flashing an LG for the 1st time I initially installed just LGUP and had trouble for the app recognizing my phone), then I went into download mode by holding down volume up and connecting USB cable to phone and pc. Launched LGUP, selected my phone, chosed upgrade, selected pp8 and flashing started. Phone stared to reboot at 95% and once verizon red boot image showed I pulled out battery. Then retried the whole flashing but now selected pp2. One may have to do factory data wipe in recovery to get things smooth. And don't forget to remove your Google account. As I spent 2hrs to remove frp lock even my Google denied my email and password saying it was wrong. Lol

I don't think I can afford staying away from meddling with GSM stuffs. This phone is almost useless to me without the GSM working.


----------



## Astr4y4L (Aug 12, 2017)

jazzdglass said:


> I cleared cache and did factory wipe. Now it runs normal. Yes I think the downgrade went well.  This was all I did-
> 
> I installed LGUP, then installed LGUP vs425pp. (this might be elementary but for someone like me flashing an LG for the 1st time I initially installed just LGUP and had trouble for the app recognizing my phone), then I went into download mode by holding down volume up and connecting USB cable to phone and pc. Launched LGUP, selected my phone, chosed upgrade, selected pp8 and flashing started. Phone stared to reboot at 95% and once verizon red boot image showed I pulled out battery. Then retried the whole flashing but now selected pp2. One may have to do factory data wipe in recovery to get things smooth. And don't forget to remove your Google account. As I spent 2hrs to remove frp lock even my Google denied my email and password saying it was wrong. Lol
> 
> I don't think I can afford staying away from meddling with GSM stuffs. This phone is almost useless to me without the GSM working.

Click to collapse



Awsome  then we can figure it out together.. compare notes.. etc. My goal is to use both my wifes Cricket sim and a sim from government subsity called assistwireless which is on tmobil band


----------



## jazzdglass (Aug 12, 2017)

Astr4y4L said:


> Awsome  then we can figure it out together.. compare notes.. etc. My goal is to use both my wifes Cricket sim and a sim from government subsity called assistwireless which is on tmobil band

Click to collapse



I'm begining to think this phone might be strictly cdma only. Although I seriously wish I was wrong. This is because with the app shortcut Master lite, I was able to access the Phone activity where I was able to select GSM only, WCDMA only, then toggled airplane mode for both and still no service. I did manual network search and it returns an error. I tried automatic and it went on and on searching but always ends giving errors too. If this phone had gsm bands its supposed to pick signal here... I saw the activity VerizonHidden messages, but this didn't open saying I don't have permission bla bla... Maybe you could try the app.


----------



## Astr4y4L (Aug 12, 2017)

jazzdglass said:


> I'm begining to think this phone might be strictly cdma only. Although I seriously wish I was wrong. This is because with the app shortcut Master lite, I was able to access the Phone activity where I was able to select GSM only, WCDMA only, then toggled airplane mode for both and still no service. I did manual network search and it returns an error. I tried automatic and it went on and on searching but always ends giving errors too. If this phone had gsm bands its supposed to pick signal here... I saw the activity VerizonHidden messages, but this didn't open saying I don't have permission bla bla... Maybe you could try the app.

Click to collapse



Is from the playstore ?


----------



## jazzdglass (Aug 12, 2017)

Astr4y4L said:


> Is from the playstore ?

Click to collapse



Yea. Use this instead 

https://play.google.com/store/apps/details?id=com.sika524.android.quickshortcut


----------



## jazzdglass (Aug 13, 2017)

Astr4y4L said:


> Awsome  then we can figure it out together.. compare notes.. etc. My goal is to use both my wifes Cricket sim and a sim from government subsity called assistwireless which is on tmobil band

Click to collapse



I finally made it into the hidden menu... I used this apk and the code through terminal emulator which can all be found here 

https://forum.xda-developers.com/verizon-lg-g3/general/mod-unlock-verizon-hidden-menu-t2822925

But whenever I click the GSM network it force closes saying unfortunately has stopped bla bla bla... Annoying isn't it? 
Perhaps there is another version of hiddenmenu? Also there is still verizon hidden menu app deep in the framework I still can't open but saw it through shortcut Master app.. So I'm still hopeful


----------



## Astr4y4L (Aug 13, 2017)

jazzdglass said:


> I finally made it into the hidden menu... I used this apk and the code through terminal emulator which can all be found here
> 
> https://forum.xda-developers.com/verizon-lg-g3/general/mod-unlock-verizon-hidden-menu-t2822925
> 
> ...

Click to collapse



Have u tried sqlite editor? If u know the location of the functions u r after open the database with editor and manually change values....
Works for me...


----------



## MotoJunkie01 (Aug 13, 2017)

jazzdglass said:


> I'm begining to think this phone might be strictly cdma only. Although I seriously wish I was wrong. This is because with the app shortcut Master lite, I was able to access the Phone activity where I was able to select GSM only, WCDMA only, then toggled airplane mode for both and still no service. I did manual network search and it returns an error. I tried automatic and it went on and on searching but always ends giving errors too. If this phone had gsm bands its supposed to pick signal here... I saw the activity VerizonHidden messages, but this didn't open saying I don't have permission bla bla... Maybe you could try the app.

Click to collapse



Look at it this way: the phone is 4G/LTE capable. Although the Zone 3 primarily uses CDMA,  LTE, in and of itself is not a CDMA technology. Thus, technically speaking, any phone capable of accessing the LTE bands is GSM capable as well. LTE is, and always has been, a GSM technology standard. The UICC (SIM card) in a CDMA device is present for one reason only -- as a platform for 4G/LTE network access. Around a year ago when I first got my Zone 3, I modded the build.prop, the telephony configuration and telephony system apps, and used it successfully on AT&T & T-Mobile (with edits to the APNs of course). On T-Mobile I was never able to enable MMS, but voice, SMS, and data worked fine. When I get the time (I am constantly traveling this time of year) I will re-write a comprehensive guide on the mods for GSM use. You may rest assured the Zone 3 is GSM capable.
I am in hopes, that in a month or two, myself and @Astr4y4L will have broken through the /aboot puzzle and have TWRP, a universal rooting tutorial for all Zone 3 firmware "variants," and a flashable GSM enabling mod.
LG reports that the specs for this device include the following bands:
LTE 2 / 4 / 5 / 13
WCDMA 1 / 2 / 5
CDMA 850 / 1900
GSM 850 / 900 / 1800 / 1900


----------



## Astr4y4L (Aug 13, 2017)

jazzdglass said:


> I finally made it into the hidden menu... I used this apk and the code through terminal emulator which can all be found here
> 
> https://forum.xda-developers.com/verizon-lg-g3/general/mod-unlock-verizon-hidden-menu-t2822925
> 
> ...

Click to collapse



I can confirm having a working data connection with cricket simcard on my last device... but i was experimenting on pipeing the voice over that connection when i killed it...
I can't figure out how i got it working at all again...
Some combination of framework + build.prop + pm disable tweaks...
Like some elusive voodoo...
I cant even get it to see the network now...


----------



## jazzdglass (Aug 13, 2017)

MotoJunkie01 said:


> Look at it this way: the phone is 4G/LTE capable. Although the Zone 3 primarily uses CDMA,  LTE, in and of itself is not a CDMA technology. Thus, technically speaking, any phone capable of accessing the LTE bands is GSM capable as well. LTE is, and always has been, a GSM technology standard. The UICC (SIM card) in a CDMA device is present for one reason only -- as a platform for 4G/LTE network access. Around a year ago when I first got my Zone 3, I modded the build.prop, the telephony configuration and telephony system apps, and used it successfully on AT&T & T-Mobile (with edits to the APNs of course). On T-Mobile I was never able to enable MMS, but voice, SMS, and data worked fine. When I get the time (I am constantly traveling this time of year) I will re-write a comprehensive guide on the mods for GSM use. You may rest assured the Zone 3 is GSM capable.
> I am in hopes, that in a month or two, myself and @Astr4y4L will have broken through the /aboot puzzle and have TWRP, a universal rooting tutorial for all Zone 3 firmware "variants," and a flashable GSM enabling mod.
> LG reports that the specs for this device include the following bands:
> LTE 2 / 4 / 5 / 13
> ...

Click to collapse






Astr4y4L said:


> I can confirm having a working data connection with cricket simcard on my last device... but i was experimenting on pipeing the voice over that connection when i killed it...
> I can't figure out how i got it working at all again...
> Some combination of framework + build.prop + pm disable tweaks...
> Like some elusive voodoo...
> I cant even get it to see the network now...

Click to collapse




I saw this via Google 

http://www.internauta37.altervista.org/en/patch-fully-enable-gsm-cdma-global-phones-android

There's a zip to flash the patch but I can't since I have no custom rom. I tried flashfire but it wouldn't work with king root. Rashr doesn't seem to be capable of flashing zip saw only option to flash recovery and kernel. 

Challenge right now is how to replace king root with super su? I'm on pp2 rooted with latest king root. 

I also tried to manually edit build.prop line that sets default network to GSM, but that still didn't bring service.


----------



## Astr4y4L (Aug 13, 2017)

jazzdglass said:


> I saw this via Google
> 
> http://www.internauta37.altervista.org/en/patch-fully-enable-gsm-cdma-global-phones-android
> 
> ...

Click to collapse



Re replace kingroot
Use my zip package linked to in firsts post
File called mrw
Just read the read me its all in there

---------- Post added at 04:11 PM ---------- Previous post was at 03:58 PM ----------

here's the files
http://astrayalslanding.dynu.net:88/Android_Development/Projects/zone3_root.zip

---------- Post added at 04:16 PM ---------- Previous post was at 04:11 PM ----------

@MotoJunkie01
I havent gotten anywhere yet on aboot...
I seems to be an issue of stripping the header then splitting the image and thats where iv been stuck


----------



## MotoJunkie01 (Aug 13, 2017)

Astr4y4L said:


> Re replace kingroot
> Use my zip package linked to in firsts post
> File called mrw
> Just read the read me its all in there
> ...

Click to collapse



You're ahead of me brother. I have free time this week. I'm going to help all I can.


----------



## Astr4y4L (Aug 14, 2017)

Found this 
http://www.jetbrains.com/decompiler/download/download-thanks.html?platform=windowsWeb
But i dont have a windows conputer to run it on....

---------- Post added at 07:40 PM ---------- Previous post was at 07:39 PM ----------

Wonder if we can modify lgup or even aboot.bin with it?


----------



## MotoJunkie01 (Aug 14, 2017)

Astr4y4L said:


> Found this
> http://www.jetbrains.com/decompiler/download/download-thanks.html?platform=windowsWeb
> But i dont have a windows conputer to run it on....
> 
> ...

Click to collapse



I'll give it a try and see.  Thanks


----------



## Astr4y4L (Aug 15, 2017)

Proof of gsm
/system/etc/rssi.xml
##########################
<?xml version="1.0" encoding="utf-8"?>

<RSSI>
	<!-- RSSI Level Start-->
	<item name="levelNum">5</item>
	<!-- RSSI Level END-->

	<!-- LTE Start-->
	<!-- mLteRsrp, mLteRssnr, mLteSignalStrength, mLteRsrq -->
	<item name="mLteRsrp">4,-85,-95,-105,-115</item>
	<item name="mLteRssnr">4,130,45,10,-30</item>
	<item name="mLteSignalStrength"></item>
	<item name="mLteRsrq"></item>
	<item name="mLteRsrpOffset">4,-91,-101,-111,-115</item>
        <!-- LTE END-->

	<!-- CDMA & EVDO Start-->
	<!-- cdmaDbm, cdmaEcio, evdoDbm, evdoSnr -->
	<item name="cdmaDbm">4,-75,-85,-95,-99</item>
	<item name="cdmaEcio">4,-90,-110,-130,-150</item>
	<item name="evdoDbm">4,-65,-75,-90,-105</item>
	<item name="evdoSnr">4,7,5,3,1</item>
	<!-- CDMA & EVDO END-->

	<!-- GSM Start-->
	<!-- asu_gsm, asu_umts, aus_etc -->
        <item name="gsmDbm">4,-85,-94,-98,-103</item>
        <item name="umtsDbm">4,-57,-72,-88,-101</item>	
	<!--item name="asu_etc">4,6,4,2,1</item-->
	<!-- GSM END-->
</RSSI>

---------- Post added at 10:12 PM ---------- Previous post was at 09:26 PM ----------

@MotoJunkie01

Is this the sister phone?
http://www.gsm-specs.com/lg-rebel-2-lte/


----------



## MotoJunkie01 (Aug 15, 2017)

Astr4y4L said:


> Proof of gsm
> /system/etc/rssi.xml
> ##########################
> <?xml version="1.0" encoding="utf-8"?>
> ...

Click to collapse



Yes. The LG Rebel LTE, Rebel II, LG K4, LG Optimus Zone 3, and the LG Spree LTE, from everything I can tell, are essentially the same device. Interestingly, LG's OEM specs of the Zone 3 list it as a GSM Quad Band device: 850/900  1800/1900. Quad Band, of course, makes the device technically compatible with all GSM networks in the world.


----------



## Astr4y4L (Aug 15, 2017)

MotoJunkie01 said:


> Yes. The LG Rebel LTE, Rebel II, LG K4, LG Optimus Zone 3, and the LG Spree LTE, from everything I can tell, are essentially the same device. Interestingly, LG's OEM specs of the Zone 3 list it as a GSM Quad Band device: 850/900  1800/1900. Quad Band, of course, makes the device technically compatible with all GSM networks in the world.

Click to collapse



What we need is firmware from one of these so i can pull all the system apps settings and bianarys out to see what we can frankinstien together


----------



## MotoJunkie01 (Aug 15, 2017)

Astr4y4L said:


> What we need is firmware from one of these so i can pull all the system apps settings and bianarys out to see what we can frankinstien together

Click to collapse



Frankenstein may just well work. The K4 -- to the best of my knowledge -- has had some major development such as TWRP & custom ROMage. I'll search right now for a kdz or TOT package for the K4 (which is primarily GSM also).


----------



## MotoJunkie01 (Aug 15, 2017)

Astr4y4L said:


> What we need is firmware from one of these so i can pull all the system apps settings and bianarys out to see what we can frankinstien together

Click to collapse



Check this out. It may help to decompile. A pre-rooted stock ROM for the K4. Lollipop 5.1.1
https://forum.xda-developers.com/android/general/rom-lg-k4-k120e-prerooted-stock-rom-t3545353
Well maybe not. I just noticed this particular K4 variant has a MediaTek board platform. Here is a stock firmware link for the K4 synonymous to the Zone 3. 
https://lg-roms.com/official-firmware/LG K4-LGVS425PP/VS425PP7_01_0125_ARB00/


----------



## Astr4y4L (Aug 15, 2017)

So does anyone wanna tell me what all these network configuration files in 
/system/etc/lgodm/
Are for and how to read them 
I believe these actually may control our actual network (LTE or CDMA or GSM)
i know everyone would like to install a magical app to tweak these settings but im thinking more along the lines of a package containing resource files and a shell script that does the job...

---------- Post added at 03:40 PM ---------- Previous post was at 03:09 PM ----------




MotoJunkie01 said:


> Check this out. It may help to decompile. A pre-rooted stock ROM for the K4. Lollipop 5.1.1
> https://forum.xda-developers.com/android/general/rom-lg-k4-k120e-prerooted-stock-rom-t3545353
> Well maybe not. I just noticed this particular K4 variant has a MediaTek board platform. Here is a stock firmware link for the K4 synonymous to the Zone 3.
> https://lg-roms.com/official-firmware/LG K4-LGVS425PP/VS425PP7_01_0125_ARB00/

Click to collapse



tried the bottom link all i get when i download is a 404  error page

---------- Post added at 03:43 PM ---------- Previous post was at 03:40 PM ----------




Astr4y4L said:


> So does anyone wanna tell me what all these network configuration files in
> /system/etc/lgodm/
> Are for and how to read them
> I believe these actually may control our actual network (LTE or CDMA or GSM)
> ...

Click to collapse





also looking at th file name that i tried to download it looks like the same as vs425pp7 that .we have down to the arboo thing in the file name...
are we sure this is not just the same file we have ?

---------- Post added at 03:49 PM ---------- Previous post was at 03:43 PM ----------

looking at the other link looks like your right (smartphone flash tool = mediatek board[mtk])

too bad we cant make spflashtool work with qualcom so we could just nuke our boards and cook whatever rom we want....
stupid msm ....
of course spflashtool helped me destroy my rca tablet (voyager 2)

---------- Post added at 04:31 PM ---------- Previous post was at 03:49 PM ----------

Well now.... what about this marshmallow update for k4 im downloading from lg software server right now ... im gonna see if it'll be compatable with our hardware...
Maby itll flash...
If so i'll start working on a way to root that too...


----------



## Astr4y4L (Aug 16, 2017)

check out what happened when i run strings on lgup installer
http://18.220.133.114/stuff/lgup-msi-strings.txt
i think if we modify a dll we can bypass model and version checks


----------



## Astr4y4L (Aug 16, 2017)

almost had marshmallow now i got a brick....
did lgup refurbish to pp2 pulled battery on boot screen {android optimizeing apps}
then tried to use lgup FOTA upgrade option to "VS42525A_01_0217_ARB00.kdz" which should be the marshmallow update for k4 verizon....
i got to 99% and my stinking p.o.s pc glitched and i got stuck in downloadmode tried to just pull battery and reboot but nothing black dead screen no response to hardware buttons but i have hope because linux sees it as 
##############################

──╼ $lsusb
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 006 Device 002: ID 046d:c52b Logitech, Inc. Unifying Receiver
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 003: ID 0bda:0158 Realtek Semiconductor Corp. USB 2.0 multicard reader
Bus 001 Device 002: ID 5986:0137 Acer, Inc 
Bus 001 Device 005: ID 05c6:9008 Qualcomm, Inc. Gobi Wireless Modem (QDL mode)
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
################################
as a {Qualcomm, Inc. Gobi Wireless Modem (QDL mode)}
so its stuck in a low download-mode. 
@MotoJunkie01
i'm trying to figure out the guts now check this out
( https://forum.xda-developers.com/showthread.php?t=2086142 )
i think this could be our ticket if i can make it work...


----------



## MotoJunkie01 (Aug 16, 2017)

Astr4y4L said:


> almost had marshmallow now i got a brick....
> did lgup refurbish to pp2 pulled battery on boot screen {android optimizeing apps}
> then tried to use lgup FOTA upgrade option to "VS42525A_01_0217_ARB00.kdz" which should be the marshmallow update for k4 verizon....
> i got to 99% and my stinking p.o.s pc glitched and i got stuck in downloadmode tried to just pull battery and reboot but nothing black dead screen no response to hardware buttons but i have hope because linux sees it as
> ...

Click to collapse



Dammit I hate to hear that. Have you tried LG Flash Tool 2014 or any other flashing utilities to see if your device gets recognized? Qualcomm's QPST Emergency Flash Mode can also be used in your situation (in theory and proof of concept anyway).


----------



## Astr4y4L (Aug 16, 2017)

Ok so short story....
I am bricked bigtime... 
So I am out of a device to continue development unless anyone wants to donate devices...
The marshmallow update may very well work for someone who doesnt care if they get a brick
Its at 
http://18.220.133.114/android/testing/VS42525A_01_0217_ARB00.kdz
If any one wants to try...
I kinda wanna cry....
Pc glitched its an old amd laptop p.o.s
I was at 99% WTF!!!!
Anyhow ill be fooling with lgup trying to bypass security checks and modle version checks to get any one of my other bricks going....
Wish me luck and somebody pm me to say u wanna send 15 of these devices for the Zone3 frankinstine project . This is getting expensive for a guy like me...

---------- Post added at 01:12 AM ---------- Previous post was at 01:07 AM ----------






MotoJunkie01 said:


> Dammit I hate to hear that. Have you tried LG Flash Tool 2014 or any other flashing utilities to see if your device gets recognized? Qualcomm's QPST Emergency Flash Mode can also be used in your situation (in theory and proof of concept anyway).

Click to collapse



I am looking at somethings just like that send me ANY info u find...


----------



## MotoJunkie01 (Aug 16, 2017)

Astr4y4L said:


> Ok so short story....
> I am bricked bigtime...
> So I am out of a device to continue development unless anyone wants to donate devices...
> The marshmallow update may very well work for someone who doesnt care if they get a brick
> ...

Click to collapse



Here is a thread on rooting a particular Moto device by first intentionally hard bricking the device and then using Qualcomm's QPST emergency mode to revive the device and flash it with rootable firmware. While this thread focuses on Moto devices, the substance is geared toward any hard bricked device with a Qualcomm board platform. Since the Zone 3 packs a Snapdragon 210, it is possible to revive it using this Python27 based script and the corresponding QPST flashing utility. 
https://forum.xda-developers.com/droid-ultra/general/droid-mini-maxx-ultra-root-pogress-100-t3071609


----------



## Astr4y4L (Aug 16, 2017)

MotoJunkie01 said:


> Here is a thread on rooting a particular Moto device by first intentionally hard bricking the device and then using Qualcomm's QPST emergency mode to revive the device and flash it with rootable firmware. While this thread focuses on Moto devices, the substance is geared toward any hard bricked device with a Qualcomm board platform. Since the Zone 3 packs a Snapdragon 210, it is possible to revive it using this Python27 based script and the corresponding QPST flashing utility.
> https://forum.xda-developers.com/droid-ultra/general/droid-mini-maxx-ultra-root-pogress-100-t3071609

Click to collapse



Im going to have to check into this more tomarrow.
But it does look promising  from here...
Maby this will become the next breakthrough...
Im going to format a new hdd for windows to work on only this and lgup modifications


----------



## MotoJunkie01 (Aug 16, 2017)

Astr4y4L said:


> Im going to have to check into this more tomarrow.
> But it does look promising from here...
> Maby this will become the next breakthrough...
> Im going to format a new hdd for windows to work on only this and lgup modifications

Click to collapse



Cool. Yeah I've got a 500GB HDD for my HP laptop with nothing but firmware packages and ROMs for my various devices. Mainly budget devices but a couple of flagships also.


----------



## Astr4y4L (Aug 16, 2017)

;





MotoJunkie01 said:


> Cool. Yeah I've got a 500GB HDD for my HP laptop with nothing but firmware packages and ROMs for my various devices. Mainly budget devices but a couple of flagships also.

Click to collapse



i wonder if anyone else can try to flash the marshmallow update of dooom...  
Really think it would be cool if it will take and what would that look like... @SquaredDev maby


----------



## jazzdglass (Aug 16, 2017)

Astr4y4L said:


> ;
> i wonder if anyone else can try to flash the marshmallow update of dooom...
> Really think it would be cool if it will take and what would that look like...
> @SquaredDev maby

Click to collapse



Sorry about your brick 




MotoJunkie01 said:


> Cool. Yeah I've got a 500GB HDD for my HP laptop with nothing but firmware packages and ROMs for my various devices. Mainly budget devices but a couple of flagships also.

Click to collapse



Have you simply tried to flash this gsm patch? 

http://www.internauta37.altervista.org/en/patch-fully-enable-gsm-cdma-global-phones-android


----------



## Astr4y4L (Aug 16, 2017)

Yep it changes identifiers in build prop that evidently are needed for lg up to work....
If you mess up after those edits u will have a brick too


----------



## MotoJunkie01 (Aug 16, 2017)

Astr4y4L said:


> Yep it changes identifiers in build prop that evidently are needed for lg up to work....
> If you mess up after those edits u will have a brick too

Click to collapse



Yes most certainly. @Astr4y4L, have you had any luck recovering your brick? If you can't get it recovered, I will work on having you a device donated for your continued development.


----------



## Astr4y4L (Aug 17, 2017)

MotoJunkie01 said:


> Yes most certainly. @Astr4y4L, have you had any luck recovering your brick? If you can't get it recovered, I will work on having you a device donated for your continued development.

Click to collapse



Bro, that would be awsome and very kind 
As for the brick... nope its probably junk...
Though i have found a form of communication between device and pc its still a primative thing full of guess work and trial & error but i will continue telling it to be a phone even to the point of placeng it flat on the desk and screaming at it 
(Your a phone act LIKE IT!!!!)
LOL.
BUT YES A DONATION DEVICE WOULD HAVE ME BACK UP AND RUNNING AGAIN..
found resourcehacker for windows and trying all day to jack&crack LGuP
Yes bro. Pm me and I'll give u a mailing address for the donation device.
And a million thanks for anyone willing to do that!


----------



## MotoJunkie01 (Aug 17, 2017)

Astr4y4L said:


> Bro, that would be awsome and very kind
> As for the brick... nope its probably junk...
> Though i have found a form of communication between device and pc its still a primative thing full of guess work and trial & error but i will continue telling it to be a phone even to the point of placeng it flat on the desk and screaming at it
> (Your a phone act LIKE IT!!!!)
> ...

Click to collapse



Tell you what, I have two spare devices: I have an extra  Zone 3 and an extra LG Rebel LTE. PM me with your name and address information and I'll get whichever device you want mailed out by tomorrow during business hours. Oh, and if you want the Zone 3, let me know which firmware package you prefer on it.


----------



## Astr4y4L (Aug 17, 2017)

MotoJunkie01 said:


> Tell you what, I have two spare devices: I have an extra  Zone 3 and an extra LG Rebel LTE. PM me with your name and address information and I'll get whichever device you want mailed out by tomorrow during business hours. Oh, and if you want the Zone 3, let me know which firmware package you prefer on it.

Click to collapse



pp7 would be great had best work from that one...
Guess it dont matter i'll just root it anyhow...
but AWSOME !!!!!!

ATTENTION XDA I OWE 1 MILLION THANKS TO MOTOJUNKI01 FOR HIS AWESOME GENEROSITY IN DONATING A NEW ZONE3 FOR DEVELOPMENT!!!!

---------- Post added at 07:53 PM ---------- Previous post was at 07:51 PM ----------




MotoJunkie01 said:


> Tell you what, I have two spare devices: I have an extra  Zone 3 and an extra LG Rebel LTE. PM me with your name and address information and I'll get whichever device you want mailed out by tomorrow during business hours. Oh, and if you want the Zone 3, let me know which firmware package you prefer on it.

Click to collapse



Just sent the pm with the mailing info..
Plz let me know u got it...
Thanks,
Astr4y4L


----------



## MotoJunkie01 (Aug 17, 2017)

Astr4y4L said:


> pp7 would be great had best work from that one...
> Guess it dont matter i'll just root it anyhow...
> but AWSOME !!!!!!
> 
> ...

Click to collapse



Got it friend. I'll mail your Zone 3 around noon tomorrow and PM you the tracking confirmation. Thanks again for your hard work and contributions. Do you need the OEM charger also? I have the original box, user guide, etc. I'm including you an 8GB external micro- SD pre-installed and formatted as well. It may come in handy on your work.


----------



## Astr4y4L (Aug 17, 2017)

MotoJunkie01 said:


> Got it friend. I'll mail your Zone 3 around noon tomorrow and PM you the tracking confirmation. Thanks again for your hard work and contributions. Do you need the OEM charger also? I have the original box, user guide, etc. I'm including you an 8GB external micro- SD pre-installed and formatted as well. It may come in handy on your work.

Click to collapse



Dude u are awsome! Thats the best news all day as far as that gos...
Im on this pos obamma phone on a krappy wifi connection that i managed to hack out of my wifes cricket galaxy amp 2..
Needless to say i had too crack her new phone...so yep 
But the chargers and such are not needed and ive got cords from the latest bricks so ...
If u wanna cut the postage cost take everything out and just send the phone and the box.
Thanks again for supporting your Dev's
And anything good that comes from my work you have first dibbs


----------



## MotoJunkie01 (Aug 17, 2017)

Astr4y4L said:


> Dude u are awsome! Thats the best news all day as far as that gos...
> Im on this pos obamma phone on a krappy wifi connection that i managed to hack out of my wifes cricket galaxy amp 2..
> Needless to say i had too crack her new phone...so yep
> But the chargers and such are not needed and ive got cords from the latest bricks so ...
> ...

Click to collapse



That's generous but I don't want your money....I just want your work. Haha. Seriously though, your development is plenty enough for me and I wish I could give more. I know devs work hard. I'm trying to become one myself. It's tough & time consuming.


----------



## Astr4y4L (Aug 17, 2017)

MotoJunkie01 said:


> That's generous but I don't want your money....I just want your work. Haha. Seriously though, your development is plenty enough for me and I wish I could give more. I know devs work hard. I'm trying to become one myself. It's tough & time consuming.

Click to collapse



Just keep digging at it. Thats how i got started...
its a hobby mostly for me this zone3 stuff is the very first work iv released to the public most of my other stuff is custom stuff for particular situations and educational purposes of course
And lots of tools for breaking things down


----------



## MotoJunkie01 (Aug 17, 2017)

Astr4y4L said:


> Just keep digging at it. Thats how i got started...
> its a hobby mostly for me this zone3 stuff is the very first work iv released to the public most of my other stuff is custom stuff for particular situations and educational purposes of course
> And lots of tools for breaking things down

Click to collapse



You're good at getting on the inside of things. Great reverse engineering. I just compiled a new custom ROM for the Alcatel Ideal (4060A). Posting it tonight. I have you all ready. I restored the phone using Verizon's Upgrade/Repair utility. It is wiped and fresh with VS425PP8. I made sure FRP wasn't enabled. It is charged & ready to ship to you.


----------



## Astr4y4L (Aug 17, 2017)

MotoJunkie01 said:


> You're good at getting on the inside of things. Great reverse engineering. I just compiled a new custom ROM for the Alcatel Ideal (4060A). Posting it tonight. I have you all ready. I restored the phone using Verizon's Upgrade/Repair utility. It is wiped and fresh with VS425PP8. I made sure FRP wasn't enabled. It is charged & ready to ship to you.

Click to collapse



Awesome ill be looking foward to that...
I been studying the way lgup and such work and its not unlike how mediatek uses a rom with a scatterfile and spflashtool
And i think after enough time and effort i may stumble upon a way to make lgup flash anyfile.kdz to anydevice on com port
Then we would have a heck of a tool...


----------



## Astr4y4L (Aug 17, 2017)

MotoJunkie01 said:


> You're good at getting on the inside of things. Great reverse engineering. I just compiled a new custom ROM for the Alcatel Ideal (4060A). Posting it tonight. I have you all ready. I restored the phone using Verizon's Upgrade/Repair utility. It is wiped and fresh with VS425PP8. I made sure FRP wasn't enabled. It is charged & ready to ship to you.

Click to collapse



Your rom for idael... is that an att device?
I think Tru Wireless is actually giveing those out for obamaphones....


----------



## Astr4y4L (Aug 17, 2017)

Well just got off work. Had to do a bit of welding today.
Gonna cool down and then fire up my pc and start taking apart lgup again... gotta find the function calls we're looking for and put a break there to skip  to next function... seems like it uses .dll files which turnsout are just small single function sometimes multiple function snippits of code that other programs use for particular functions.
In my head it works kinda like how we have busybox multifunction bin. Dumdum.apk needs to move a file or data so it calls a function call to busybox.bin to accomplish the task yet Joe User
Has no idea whats going on behind the curtain he just knows his favorite app Dumdum.apk just updated and now it has new tricks...
Well i figure this works like that and so if i can figure out the function calls we just put a line break there and it skips to the next thing its supposed to do...
But without the source code with the notes and such its a lot of taking this and that apart and following the code backwards then fowards to trace what calls what...
It seems difficult but turns out its kinda kool if u figure it out...
and i just love to take things apart to see how they work..
So yea , im on it !!! we'll see how she go's.....


----------



## Astr4y4L (Aug 18, 2017)

@MotoJunkie01

Hey bro ya know those dll files... the ones in the .kdz files such as pp7.kdz that we load to lgup... well those .dll files i was examining one from that marshmallow update i tried to flash and it's full of binary code but has discripters and configuration options set in what looks like plain english and i think by modifying the dlls contained in the .kdz we may be able to really overcome some hurdles... i'm going to post some of this raw output that i'm speaking on in the post following this one you gotta see this stuff !!!

---------- Post added at 06:35 PM ---------- Previous post was at 06:04 PM ----------

(at the beginning there was)


����^G^@^@^A^C^@^@^@^F^@^@^@^V^@^@^@x^N^@^@��^Q^@^@^@^@^@^Y^@^@^@�^C^@^@__TEXT^$
^@^@^@^@^@^@^@^@^@^@^@^@^@^@�
^@^@^@^@^@^G^@^@^@^E^@^@^@^K^@^@^@^@^@^@^@__text^@^@^@^@^@^@^@^@^@^@__TEXT^@^@^$
^@^@^@^@^@^@�^@^@^@^@^@^@^@�
^@^@^@^@^@^@p^@^@^@^@^@^@^G^@^@^@^C^@^@^@^R^@^@^@^@^@^@^@__nl_symbol_ptr^@__DAT$
^@^@^@^@^@^P^@^@^@^@^@^@^@^@�
^@^C^@^@^@^@^@^@^@^@^@^@^@^F^@^@^@�^@^@^@^@^@^@^@^@^@^@^@__got^@^@^@^@^@^@^@^@^$
^@^@^@^@^@@^A^@^@^@^@^@^@^P�
^@^C^@^@^@^@^@^@^@^@^@^@^@^F^@^@^@�^@^@^@^@^@^@^@^@^@^@^@__la_symbol_ptr^@__DAT$
^@^@^@^@^@�^G^@^@^@^@^@^@P�
^@^C^@^@^@^@^@^@^@^@^@^@^@^G^@^@^@'^A^@^@^@^@^@^@^@^@^@^@__mod_init_func^@__DAT$
^@^@^@^@^@^X^B^@^@^@^@^@^@8�
^@^C^@^@^@^@^@^@^@^@^@^@^@      ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@__const^@^@^@^@^@$
^@^@^@^@^@X^]^@^@^@^@^@^@P�
^@^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@__cfstring^@^@^@^@^@^$
^@^@^@^@^@�^A^@^@^@^@^@^@��
^@^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@__objc_classlist__DAT$
^@^@^@^@^@^H^@^@^@^@^@^@^@(�
^@^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^P^@^@^@^@^@^@^@^@^@^@^@^@__objc_nlclslist__DAT$

^@^@^@^@^@^H^@^@^@^@^@^@^@(�
^@^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^P^@^@^@^@^@^@^@^@^@^@^@^@__objc_nlclslist__DAT$
^@^@^@^@^@^H^@^@^@^@^@^@^@0�
^@^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^P^@^@^@^@^@^@^@^@^@^@^@^@__objc_protolist__DAT$
^@^@^@^@^@^P^@^@^@^@^@^@^@8�
^@^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@__objc_imageinfo__DAT$
^@^@^@^@^@^H^@^@^@^@^@^@^@H�
^@^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@__objc_const^@^@^@^@_$
^@^@^@^@^@�^A^@^@^@^@^@^@P�
^@^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@__objc_selrefs^@^@__D$
^@^@^@^@^@^X^A^@^@^@^@^@^@@�
^@^C^@^@^@^@^@^@^@^@^@^@^@^E^@^@^P^@^@^@^@^@^@^@^@^@^@^@^@__objc_protorefs__DAT$
^@^@^@^@^@^P^@^@^@^@^@^@^@X�
^@^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@__objc_classrefs__DAT$
^@^@^@^@^@^X^@^@^@^@^@^@^@h�
^@^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^P^@^@^@^@^@^@^@^@^@^@^@^@__objc_data^@^@^@^@^@$
^@^@^@^@^@�^@^@^@^@^@^@^@��
^@^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@__data^@^@^@^@^@^@^@^$
^@^@^@^@^@@;^@^@^@^@^@^@ �
^@^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@__data^@^@^@^@^@^@^@^$
^@^@^@^@^@@;^@^@^@^@^@^@ �
^@^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@__bss^@^@^@^@^@^@^@^@$
^@^@^@^@^@�S^@^@^@^@^@^@^@^@^@^@^D^@^@^@^@^@^@^@^@^@^@^@^A^@^@^@^@^@^@^@^@^@^@^$
^@^@^@^A^@/Users/deokhwanjung/Desktop/common_DLL/base_dll/Project/MacOS/Derived$
^@^@^K
^@^L^@^@^@`^@^@^@^X^@^@^@^B^@^@^@       ^A��^@^@^A^@/System/Library/Frameworks/$
^@H�^GH�^Ek}
^@H��^XfH^On�f^Op�D�^O^?G^XH�[email protected]^@^@^@^@H�G8^@^@^@^@H�w0H�WHH�F^HH�G^H]�UH��H�^E$
^@H�^GH�^E!}
^@H��^XfH^On�f^Op�D�^O^?G^XH�[email protected]^@^@^@^@H�G8^@^@^@^@H�w0H�WHH�F^HH�G^H]�UH��SH��$
^@H�^C�e^@^@^@H�C H�x�H;=�|
^@u^XH�C^XH�x�H;=�|
^@u H��^X[]ù�����^O�H���^?�H�u���.^G^@�Ϲ�����^O�H���^?�H�u���.^G^@��UH��]�����U$
^@^O��^@^@^@H�E�H�x�H;=�{
^@^O��^@^@^@H�C0H�{@H�@^H���^X^@^@���^X^@^@�^F�^A^@H�^CH�@ H���Є�t:H�^CH�@0H���$
^@1�H���g.^G^@�^F^A^@^@�^A^@^@^@�..^G^@�^@^@H�5`{
^@1�H���D.^G^@��^@^@^@I�ƃ�^A^O��^@^@^@L���^G.^G^@D�0H�C0H�8H�^U|5^H^@�^C^@^@^@1$
^@t^W������^O�H���^?    H�u���,^G^@H�E�H�x�H;=9z

(and then more code and then notable is this at about 20% into it...)

^@^@^A*^D^@^@B^A^@^@^^^H^@^@^Al^E^@^@�^B^@^@^@^@^@^@^@j^H^@^@^S^@^@^@�^K^@^@^@}$
^A^@^@^E^@^@^@B^A^@^@^@^O^A^@^@G^@^@^@^@^@^@^@^@^A^@^@^@^@^@���^@^Ch^@^@^@^@�^@$
^E^@^@^@n^A^@^@^W^@^@^@^Y^E^@^@^@�^A^@^@^W^@^@^@(^E^@^@^@�^A^@^@^W^@^@^@7^E^@^@$
^@%d is set less than 0 in Setting.xml.
^@CEFS::SetEFSReadPacketSize()
^@CEFS::SetEFSWritePacketSize()
^@CEFS::SetEFSReadPacketSize()
^@CEFS::SetEFSWritePacketSize()
^@EFS_BACKUP^@EFS backup file path not set.
 Please check.
^@EFS backup 'OMF_UNDER_MAX_RETRY_COUNT'  or 'OMF_OK'
^@CEFS::EFSBackUp() fail
^@EFS_RESTORE^@%s not exist. Cannot restore efs backup files.
^@CEFS::EFSRestore() fail
^@Fail reading nv item, ENUM : %ld
^@COM%d_%I64X^@COM%d_%08X^@\Backup\^@CEFS::SetBackupDirPath()
^@EFS Backup Direcotry not set. Please check.
^@\Backup.omf^@CEFS::SetEFSBackupFilePath()
^@There's no 'EFS_DUMP' info in XML.^@CEFS::GetEFSDumpFileList()
^@/eri/eri.bin^@%d^@_COM^@
Verify Eri Error, File Not Match
^@Verify Eri Success, File Match
^@CEFS::VerifyEri()
^@\^@EFS Dump^@Failed! CMasterBin::EFSDumpProcess() %d/n^@GetEFSDumpInfo armType= %d, subSysIDValue =%d, strDumpFilePath = %s
^@basic_string::substr^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@.TOT^@.DZ^@.KDZ^@.BIN^@.XML^@Unknown image type %s
^@Can't get tot file path^@[Model Name] Binary(%s), Target(%s)
^@-FACTORY^@FACTORY image only support CHIPERASEDL or BOARDDL
^@OP^@CACHE^@MISC^@FTM^@fota^@rct^@%s - ErrorCode:%d
^@_func_FeatureQuery @nOt support yet
^@AT%DLOAD^@Device mode not defined
^@Waiting device for 15sec^@%s Partition is not exist
^@[*KeepPartition] This %s partition should be kept
^@[FormatPartition] %s is already formatted
^@[FormatPartition] %s is already downloaded
^@Skip read %s partition  %d Kbytes
^@==============Start Direct Download==============
^@Direct^@%s  [%d/%d] DL skip by PLUS
^@%s^@OP_T^@Download Skip %s partition
^@Start Write "%s" partition
^@BMTPOOL^@Finish Write %s partition

^@Unknown erase type
^@FAT^@Write Error(Erase Partition)
^@Write Error(MAX_ROM_RETRY)
^@%s , wrong size for sparse header^@_spraseImage_ReadImageHeader^@%s , wrong magic for sparse header^@magic         : 0x%x
^@major_version : 0x%x
^@minor_version : 0x%x
^@file_hdr_sz   : %d
^@chunk_hdr_sz  : %d
^@blk_sz        : %u
^@total_blks    : %u
^@total_chunks  : %u
^@%s , sparse header is longer than expected^@%s , wrong max packet length^@Flashing^@%s, wrong chunk header size
^@_spraseImage_WriteChunkData^@Empty Sectors : 0x%08X
^@%s, Bogus chunk size for chunk type Raw
^@%s, chunk_data_sz is not 0
^@%s, Unknown Chunk Type
^@rb^@%s unexpected error
^@_func_DownloadSparseImage^@Erase %s partition
^@    - WriteZero1 : %d:%s (0x%08X ~ 0x%08X)
^@    - WriteZero2 : %d:%s (0x%08X ~ 0x%08X)
^@Erase successfully
^@What is this status? grp size = %d, size = %d  firstlba = %d
^@%s is signed
^@%s is NOT signed
^@%s unknown or old version
^@found %s Partition for secure image check
^@isValidateSecureImage Device is a qfused. However, binary file is unauthenticated !!!- appsbl
^@isValidateSecureImage Device is a qfused. However, binary file is unauthenticated!!! - signature size
^@MSM8226^@MSM8939^@MSM8916^@MSM8992^@MSM8994^@MSM8996^@MSM8909^@MSM8952^@aboot^@sbl1^@tz^@rpm^@Buffer size is too small
^@CBasicFlash::isValidateSecureImage Device is a qfused. However, binary file is unauthenticated !!!
^@ERROR opening %s file
^@%d - %s
^@31 OEM_ID^@CBasicFlash::isValidateSecureImage image file is unauthenticated !!!
^@PRELOADER^@MBR^@EBR1^@LAF^@pgpt^@sgpt^@PrimaryGPT^@SecondaryGPT^@^@^@^@^@^@=== Sparse Image Header ===^@^@^@^@^@Can't write imag$
^@Ecc for 2nd set of 128 bytes = %ld
^@Ecc for 3rd set of 128 bytes = %ld
^@Ecc for 4th set of 128 bytes = %ld
^@%02X ^@^@^@^@^@^@^@^@^@^@^@
16 byte spare area in NAND page containing ECC
information for the 512 data page should be:^@[Warning] Duplicated Packet Response
^@PackAll^@zlib^@PackAll : %4.1fs
^@Excluded %s
^@%s_%u.bin^@%s Compressed %lu -> %lu
^@%s Md5 : %s
^@1.2.5^@Compress_zlib^@/Users/deokhwanjung/Desktop/common_DLL/base_dll/Source/SWImage/KDZExtract/DzParserTot.cpp^@ret != Z_STREAM$
^@ProgressBar ^@Progress sleep for %d %d %d
^@r^@ ^G^H^L
^M      ^K^@%s%c%c%c%c^@        ^K
^@LG-^@LG_^@LG^@basic_string::at^@NV_READ^@{^@}^@"^@ ^@0x^@%x^@-^@byte^@Str^@Type^@uint8Type^@booleanType^@byteType^@uint1Type^@ui$
^@GptPartitionTableHeader size : %lu
^@GptPartitionEntry       size : %lu
^@Invalid Signature : %c%c%c%c%c%c%c%c
^@Invalid Revision : 0x%08X
^@Invalid HeaderSize : 0x%08X
^@Invalid PartitionNum : 0x%08X
^@Invalid PartitionSize : 0x%08X
^@- 0x%08llX ~ 0x%08llX : %u : %s
^@^@^@^@Could not open %s
^@Opend %s
^@Could not fsetpos %llu
^@^@^@^@^@^@Could not read ProtectiveMBR^@^@^@^@Read ProtectiveMBR^@^@^@^@^@^@^@^@^@^@^@^@^@^@Cound not read Partition Table Heade$
^@D802^@D805^@\ROMCOPYLESS^@BIN File^@SCR File^@PRL(NAM1)^@PRL(NAM2)^@ERI File^@INI File^@TESTSCRIPT^@TOT File(Output)^@PB File^@2$
^@VRZ^@SPR^@ACG^@RLC^@USC^@TRF^@BST^@ATT^@EU^@RGS^@TMO^@SKT^@KT^@LGU^@GLB^@VMU^@VZW^@H810^@H950^@H900^@K370^@H901^@VS^@VN^@VK^@LS^$
^@Unknown type %s use default setting 0x%x
^@mt6582^@[mt6582] memory_id : %s MBR start = %d BMTPOOL : 0x%x
^@[%s] memory_id : %s BMTPOOL : 0x%x
^@[%s] memory_id : %s BMTPOOL : 0x%x
^@SDDL information empty
^@------------PLUS Status----------
^@percent = %d
^@model = %s
^@swversion = %s
^@filename = %s
^@TOT file name is not same %s  to %s
^@nCrcOfTot = 0x%x
^@CRC of TOT is not same
^@PLUS part_status = %s
^@MSM^@BackupGPT^@MT^@GH14^@          cnt = %d  Response time=%dms(Avg=%dms, peak=%dms)  Speed (cur=%2.1fMB/s  ovrl=%2.1fMB/s)   O$
^@Create Dz File : %s
^@w+b^@Cannot create %s
^@Open Dz File : %s
^@Cannot open %s^@Model     : %s
^@SwVersion : %s
^@BuildTime : %04d-%02d-%02d %02d:%02d:%02d
^@Total Files : %d
^@Invalid Dz Magic : 0x%08X <> 0x%08X
^@      %s:%s(%u)
^@LoadFileHeader Fail nErrorCode = %d
^@%04d-%02d-%02d %02d:%02d:%02d^@_OpenPart : %s(%u)
^@_OpenPart Fail  nErrorCode= %d
^@invalid request size
^@zlib uncompress failed
^@Size mismatch, may be different payload size with device
^@[ERROR] avail_in is zero
^@[ERROR] Cannot create folder(%d) : %s
^@DzSetCurrentDirectory : %s
^@UnPackAll^@UnPackAll : %4.1f
^@%s
^@      Verifing
^@      Verified
^@wb^@fopen : %s
^@      Decompressing
^@      Unknown Compress Algorithm : %s
^@      Decompressed
^@      Hash of file   : %s
^@      Hash of header : %s
^@      Not exist md5 hash in header
^@Decompress_zlib^@/Users/deokhwanjung/Desktop/common_DLL/base_dll/Source/SWImage/KDZExtract/DzParser.cpp^@%02X%02X%02X%02X%02X%02$
^@[DzParser] DzHash not exist
^@[DzParser] Update DzHash : %s
^@[DzParser] Verify DzHash : %s
^@MODE^@SPC^@NV_WRITE^@PRINT^@HS_LOCK^@KEY^@PEEK^@POKE^@EFS^@WAIT^@FACTORY^@EFS_DELETE^@EFS_DELETEFOLDER^@EFS_READFILE^@EFS_WRITEF$
^@CParser::LineSeparator Error
^@CParser::LineSeparator Fail
^@COMMAND^@WRITE^@CParser::SCRParser Error
^@[WRITE_NV]^@[READ_NV]^@=^@CParser::INIParser Error
^@CParser::NVMetadataParser Fail
^@
Can't parse the line:%s
^@CParser::NVMetadataLineParser Error
^@PackAll : %4.1f
^@%s Compressed %i64d -> %i64d
^@/Users/deokhwanjung/Desktop/common_DLL/base_dll/Source/SWImage/KDZExtract/DzParserFile.cpp^@SetRetryCount^@SetWaitingTime^@The t$
We will set the EFS2 Version as EFS Type.^@Failed to execute the %s function
^@CEFSCom::_preCheck
If you want to use any functions in EFS Component, please execute Initailize() first
^@CEFSCom::_preCheck
The %s function is supported by only EFS2
^@CEFSCom::CheckSlashInPath() : Path is NULL
^@%s(%d)
^@/Users/deokhwanjung/Desktop/common_DLL/base_dll/Source/Process/EFS/EFSManager/EFSCom.cpp^@/^@CEFSCom::%s is failed
^@-> The reason : %s
^@ReadFile^@Unexpected Error occurred!^@ReadFile, %d
^@WriteFile^@WriteFile, %d
^@RemoveFile^@RemoveFile, %d
^@RemoveDirectory^@RemoveDirectory, %d
^@CompareFileCRC^@SetListNotToReadWrite^@SetListNotToReadWrite, %d
^@GetProgressCntReadingFile^@GetProgressCntReadingFile, %d
^@GetProgressCntWritingFile^@GetProgressCntWritingFile, %d
^@GetProgressCntReadingDir^@GetProgressCntWritingDir^@GetProgressCntWritingDir, %d
^@CastEFSVersion^@CastEFSVersion, %d
^@CreateDirectory^@CreateDirectory, %d
^@ReadDirectory^@ReadDirectory, %d
^@WriteDirectory^@WriteDirectory, %d
^@GetEFSFileSize^@GetFileSize^@GetFileSize, %d
^@ReleaseEFSRestriction^@ReleaseEFSRestriction, %d
^@SetWDCNVItemEnum^@GetDirectorySize^@RemoveOnlyFiles^@RemoveOnlyFiles, %d
^@MakeMergedFile^@WriteMergedFile^@WriteMergedFile, %d
^@SetEFSReadWritePacketSize^@* EFSReadPacketSize: %d, EFSWritePacketSize : %d
^@GetEFSReadWritePacketSize^@GetPgCntDumpingEFS^@GetPgCntDumpingEFS, %d
^@PrepFactImageDump Fail
^@PrepFactImageDump^@StartFactImageDump^@EndFactImageDump @nOt Support this command %s
^@_sendEFSDumpPacket^@_sendEFSDumpPacket, %d
^@GetProgressCntForBackup^@GetProgressCntForBackup, %d
^@GenerateRestrictionKeyValue^@GetEFSFileInfoList^@GetEFSFileInfoList, %d
^@CreateEFSDumpFile^@CreateEFSDumpFile, %d
^@SetExceptDir^@SetExceptDir, %d
^@InitExceptList^@basic_string::erase^@_prepareAfterDload download^@Can't set the flash info by binary file[%s]
^@TOT link is OK[%s]
^@XML link is OK[%s]
^@CNandImage::CreatePartitionedMasterbin() Fail!!
@cflash::CreatePartitionedTot() Fail!!
^@CreatePartitionedTot^@Image file with header^@CNandImage::MakePagesIncludeECC() Fail!!
^@There's no file to write !!
^@%s Fail!!
^@MakeEFSDumpBinIncludeECC^@CNandImage::MakeEFSDumpBinIncludeECC() Fail!!
^@CNandImage::MakeEFSDumpBinIncludeECC
^@Each Partition Start Block must be an Even Number
^@CNandImage::GetECC() [CHIPSET_UNKNOWN]!!
^@EFS used block size in the Partition Table(%d) is smaller than EFS dump file size(%d)!!
^@.MBN^@%s Fail !!
^@OutputPartitionTableFile^@%s Fail !!nData != fread
^@There's no SMT table for output!!
^@Start Download Partition:Start Addr: 0x%x
@cflash_NAND::SendPartitionInitialize() Fail!!
^@Finish Write
^@Downloading complete
^@0:CALBACKUP^@0IDBACKUP^@=====================================================
^@*** Downloading %s(%d rd) partition!
^@CNandImage::WriteMBN_byPartitionTable() Fail(1st)!!
^@Writing (Partition Number: %d) Fail!!
^@Start.... retry WriteNANDImageByBlock
^@CNandImage::WriteMBN_byPartitionTable() Fail(2nd)!!
^@End..... retry WriteNANDImageByBlock
^@Actual File Size: 0x%X @cflash_NAND::SetSMTFlashInfo() Fail!!
^@0:EFS2^@w^@CLogXML: Error opening file "%s".
^@<?xml version="1.0" encoding="ISO-8859-1" ?>^@<REFLASH>^@<UNIT>^@</UNIT>^@</REFLASH>^@CLogXML: Error closing file "%s".
^@<Date>%Y-%m-%d</Date>^@<Time>%%H:%%M:%%S.%03i</Time>^@%Y%m%d^@%%H%%M%%S^@<TIMESTAMP>%s%s</TIMESTAMP>^@
^@  ^@<%s>%s</%s>^@CLogXML: Could not write to file "%s".
^@Error^@
 ====================== TOT partition information ==========================
^@+===+=================+=========+
^@|idx| Partition Name  |Start sector |  Size   |  img file name     |  mount path |
^@+===+=================+=========+
^@grow^@flashinfo^@|%3d| %-16s|%10d (%7dKB)| %-20s| %-13s |^@%s %s
^@[Q] WDL update bootloader
^@[Q] Warning, WDL update
^@CHIP ERASE FAIL!!!^@CHIP ERASE OK.^@Partition(s) changed %s
^@Factory do not permit partition change^@FFFFFFFFFFF-FFFFFFFFFFF-FFFFFFFFFFF-FFFFFFFFFFF-F^@.tot^@.kdz^@SWFV of connected device $
^@SWFV of selected tot     : %s
^@LGFlashTool^@CUST partition skip
^@CUST^@Fixed area partition skip
^@action mode is %d
^@write MISC SWFV  %s
^@CUPSS MODE!!
^@ENCRYPT^@CUPSS exception partition (download) %s
^@Tot Download^@Can't cross download between UserDebug and User image
^@★★ ERROR REASON : %s
^@chipset : %s
^@QFUSE Status Check FAIL!!!
^@It is a secure device, But the image is not a secured image.
^@Software Update Failed^@Your device didn't update successfully. Use the Verizon Software Repair Assistant on a computer to repai$
@antirollback Check FAIL!!!
@anti Rollback Check PASS. @anti Rollback Status ≠ E.
^@Can't get LAF protocol version
^@  - BytesOfSector            : %d
^@  - UserPartitionSectors     : %d(0x%08X), %dMB
^@  - IsLanDownload            : %d
^@Failed to read GPT
^@Failed to open GPT
^@[_func_LoadGptFromTarget_UFS] Failed to Open LUN
^@[_func_LoadGptFromTarget_UFS] Failed to read GPT
^@[_func_LoadGptFromTarget_UFS] Failed to open GPT
^@UHS^@usb speed is high speed.
^@usb speed is not high speed!!
^@laf prop  skip_readwrite = %d
^@SEC^@CARRIER^@apdp^@msadp^@NVDATA^@SYSTEM^@USERDATA^@%s.restore^@Can't create %s partition name : %s
^@Can't create %s partition
^@Can't write  %s partition
^@  - Reading %s : 0x%08X
^@ * Set AP factory reset property = %d
^@ * Set CP factory reset property = %d
^@ * Set qem_reset= %d
^@ * Set qem_reset= %d
^@ * Set AP factory_reset= %d
^@/data/downloaddata^@IDT_Download^@ErrorType : 0x%X
^@size = %lld   %lld
^@/dev/block/mmcblk0boot0^@/sys/block/mmcblk0boot0/force_ro^@open failed %s partition
^@%s size = %d    %s available size = %d   (1sector = %d).  copy to min value

^@Cannot laf_open %s
^@IDT Download^@Cannot open %s
^@mismatch nReadBytes : %d, dwWriteSize : %d
^@Read RAW completed
^@tot^@mt^@preloader^@Retry Download %d time(s)
^@[LAF Bin Send]
^@[LAF Bin Send Finis]
^@/data/idt.cfg^@MD5 checksum error
^@Binary is not authorized
^@idt download status : %x
^@[LAF IDT START]
^@Send IDTINFO
^@pos : %d, lastPos : %d
^@Flashing Image..^@Checking Image..^@Verifying image..^@==============Start Indirect Download==============
^@doing^@Sending Image^@[LAF IDT END]
^@totalMBSize : %d, internal : %d, external : %d
^@register Erase %6s : Addr %64x count %64x
^@ps | grep lafd^@root^@ls -l /proc/%d/fd^@ -> /data/downloaddata^@[DownloadFile] %s -> %s
^@Failed to open %s file
^@LAF_ERROR_FAILED^@LAF_ERROR_INVALID_PARAMETER^@LAF_ERROR_INVALID_HANDLE^@LAF_ERROR_DEVICE_NOT_SUPPORTED^@LAF_ERROR_TIMEOUT^@LAF_$
^@limits^@Skip erase partition [%s]
^@Cannot laf_close LUN%d
^@Cannot laf_open LUN%d
^@Check image secured @nOt Secure Image %s
^@Fail to open %s
^@read fail : read(%d), BUF(%d)
^@isValidateSecureImage Device is a qfused.
^@Success TOT Header antirollback version[%d] >= device version[%d].
^@Fail TOT Header antirollback version[%d] <= device version[%d].
^@SW_ID^@TOT antirollback version is same or bigger than device version.
^@TOT antirollback version is smaller than device version.
^@Build : %s^@userdebug^@UD^@user^@U @nOt Match the Build type - Device[%s], Binary[%s]
^@mt6592^@USRDATA^@Can't load partition information in Device
^@Can't load partition information in TOT %s
^@Can't load partition information from TOT file %s
^@BMTPOOL not exist error in %s
^@Can't load partition information from device
^@BMTPool read failed
^@0^@1^@_func_mtk_BootWrite^@[%s] Start!
^@_func_EraseBootImage_For_mtk^@LAF_SwitchActivePart set to %c
^@Failed to write  %s
^@_func_set_boot_lock^@_func_DownloadBootImage_For_mtk^@flashinfo partition erase skip!
^@Erase Partition name : %s, sector addr : 0x%X, size(sector count) : 0x%X
^@Erase command failed
^@Partition erase Success
^@umount %s^@Error : %s umount error
^@mount -o remount,ro %s^@Error : %s remount error
^@%s Unmount Success.
^@umount /data^@Fail umount /data. try to read only remount
^@mount -o remount,ro /data^@umount userdata success.
^@Only Support factory upgrade mode!
^@Fail Write file name!
^@Mode change^@Find Partition %s
^@laf^@factory^@Switch TargetSector laf to factory
^@Skip %s partition
^@Skip Partition Download %s
^@ [%s] partition Check OK
^@ [%s] CRC32 Mismatch partition : phone 0x%X, tot 0x%X
^@msm8992^@rpmbak^@sdi^@sdibak^@tzbak^@abootbak^@hyp^@hypbak^@pmic^@raw_resources^@raw_resourcesbak^@Failed SwapPTE
^@Failed Write SGPT
^@Failed Write PGPT
^@Failed Open laf
^@Can't GPT part


----------



## Astr4y4L (Aug 18, 2017)

..


----------



## Astr4y4L (Aug 18, 2017)

and  theres pages more....


^@==============Start Boot Download==============
^@/dev/block/sda^@/dev/block/sdb^@/dev/block/sdc^@/dev/block/sdd^@/dev/block/sde^@/dev/block/sdf^@/dev/block/sdg^@/dev/block/sdh^@$
^@OSU^@LGFTM_OSU_STATUS is MR
^@fail to set LGFTM_OSU_STATUS
^@result of OS check : Device(%c-%s), Binary(%c-%s)
^@result of op support : %d
^@chnage buyercode : %s
^@preloader_muse6582_y70_l.bin^@MISC2^@ftm.img^@UBOOT^@lk.bin^@laf.img^@BOOTIMG^@boot.img^@BOOT^@RECOVERY^@recovery.img @sEC_RO @s$
^@%s  %s to %s
^@%s %s %s
^@Can't find %s filename partition^@, ^@changed list %s
^@CNVSManager::Initialize() Fail
^@NVMETADATA^@CNVSManager::_loadNVMetadata() Fail
@nv_SEC_CODE_I^@CNVSManager::InitializeSPC() Fail
@nv_MEID_I^@CNVSManager::InitializeMEID() Fail
@nv_ESN_I^@CNVSManager::InitializeESN() Fail
@nv_UE_IMEI_I^@CNVSManager::InitializeIMEI() Fail
^@CSN initialized
@serial initialized
^@CSN initialized
@serial initialized
^@NV Backup^@CNVSManager::ReadNVItemProc() Fail
^@ALL^@[TRACE]CNVSManager::Read MetaData %d CurNam %d
^@ReadNVItem Fail.
^@Can't get the NVMetadata information of %s[%d]
@success to read NV(name:%s[%d], nam: %d
^@NV Restore^@CNVSManager::WriteNVItemProc Fail
^@CNVSManager::WriteNVItem Fail.
^@WriteDirtyNVItem Count : %d
^@CNVSManager::WriteDirtyNVItem() Fail
@nv_write NV_GPS1_LOCK_I {0}^@CMasterBin::WriteExtraNVItems()^@Verify No ActiveItems Success
^@CMasterBin::VerifyInactiveActiveItems()^@Verify ExtraSetting Items Error^@Verify ExtraSetting Items Success
^@CMasterBin::VerifyExtraSettingItems()^@Error in ReadNV^@%s/../LGUserCSTool_log.txt^@[Searched Devices : %d]
^@      0x%08X - %s(%d) : %s
^@No Device
^@GPS^@LGE Wireless USB Serial01 Device^@Modem^@CDMA^@LGE^@Mobile^@MCCI^@Android DIAG^@USB^@%s%s;^@lgusbfd^@lgusbserial^@can't fin$
^@AT^@OK^@ok^@AT Mode^@Unknown OneCmd version %d
^@Can't open port %d @nv_UE_IMEI_I^@CNVSManager::InitializeIMEI() Fail
^@CSN initialized
@serial initialized
^@NV Backup^@CNVSManager::ReadNVItemProc() Fail
^@ALL^@[TRACE]CNVSManager::Read MetaData %d CurNam %d
^@ReadNVItem Fail.
^@Can't get the NVMetadata information of %s[%d]
@success to read NV(name:%s[%d], nam: %d
^@NV Restore^@CNVSManager::WriteNVItemProc Fail
^@CNVSManager::WriteNVItem Fail.
^@NV Restore^@CNVSManager::WriteNVItemProc Fail
^@CNVSManager::WriteNVItem Fail.
^@WriteDirtyNVItem Count : %d
^@CNVSManager::WriteDirtyNVItem() Fail
@nv_write NV_GPS1_LOCK_I {0}^@CMasterBin::WriteExtraNVItems()^@Verify No ActiveItems Success
^@CMasterBin::VerifyInactiveActiveItems()^@Verify ExtraSetting Items Error^@Verify ExtraSetting Items Success
^@CMasterBin::VerifyExtraSettingItems()^@Error in ReadNV^@%s/../LGUserCSTool_log.txt^@[Searched Devices : %d]
^@      0x%08X - %s(%d) : %s
^@No Device
^@GPS^@LGE Wireless USB Serial01 Device^@Modem^@CDMA^@LGE^@Mobile^@MCCI^@Android DIAG^@USB^@%s%s;^@lgusbfd^@lgusbserial^@can't fin$
^@AT^@OK^@ok^@AT Mode^@Unknown OneCmd version %d
^@Can't open port %d
^@Cannot decide device boot mode. set Unknown Mode
^@Can't unlock SPC
^@Intput file[%s] is empty
^@The file[%s] is not appropriate for this model[%s]
^@Invalid binary!
Please check compatibility between binary and phone.
^@It's 'Downgrade.
^@It's 'Downgrade.
'^@ZV @sA^@Z^@T^@V^@%s%s^@000000000000000^@%s\LG_%s_%s.XML^@C:^@ESN^@RESULT^@PASS^@FAIL @sOFTWARE_NAME^@LGUP @sOFTWARE_VER^@OEM_NA$
^@CBaseModule::BackupToCalPartition() nXBackUpStatus=%d
^@X-Backup: backup
^@X-Backup backup failed!!
^@CBaseModule::RestoreFromCalPartition() nXBackUpStatus=%d
^@X-Backup: restore
^@X-Backup restore failed!!
^@X-Backup: erase
^@X-Backup erase failed!!
^@FBOOT CHECK^@Find LAF! Do DeviceReset to normal boot.^@Boot Complete is success[%d seconds elapsed].
^@%dth trial[%d seconds elapsed].
^@Boot Complete Command is not supported. Just wait for %d seconds.
^@CCommonModule::WaitForBootComplete().
^@FR Status is %d
^@Factory reset status is %d
^@FRST Flag = %d [ NG ].^@PRL Write^@CCommonModule:RLWrite()^@CCommonModule::_writePRLFile
Failed to open the file, %s
^@_writePRLFile^@PRL Read^@CCommonModule::_readPRLFile
Failed to open the file, %s
^@Warning! ReadPRLFile() → ReadPRLPkt() : the size of prl file is 0
^@Error! ReadPRLFile() → ReadPRLPkt() : PRL Stat is invalid
^@ERI Write^@Fail to open %s
%s
^@Fail to ERIWriteSubProcess nEriFileSize = %d
^@Fail to ERIWrite()
^@CCommonModule::ERIWrite()
^@ERI Read^@The eri data[size=
] is not valid
^@CNVSManager::SetExtraBackupNV() Error
@sendscrambledPassword Failed
^@pim/call_hist_nv.dat^@PE004^@NV read ENUM: %ld fail. PRLVersion : %s
@set Testmode^@Test Script Mode Set Command Failed
^@Manual Mode On Command Failed
@sP Factory Reset Error
^@FP Factory Reset Error @cscriptParser::SendFactoryReset() failed!!
^@250-0-26 Failed^@android version is %s^@android version is NULL^@Test Script Mode Set Command Failed^@Rebooting... [%d sec]^@Reb$
^@Unknown^@AT%SWV^@AT%SWFV^@AT%INFO^@AT%IMEI @sW version : %s
@sWFV : %s
^@PID : %s
^@Excute AI Init()...
^@AI Init()... FAIL!!
^@ROM_^@BIN_^@DZ_^@Modem Factory Reset Fail.
^@Modem Factory reset complete
^@AP Factory Reset Fail.
@skip 250-50-3.
@smartPhone Factory Reset complete. Waiting for User Activication.
^@User Activation Complete.
^@Not support SmartPhone Factory reset command.
@smartPhone Factory reset command fail.
^@PopupMsgBox nRet = %d
^@VK815^@LockQUSBCmd Fail
^@AT%RESTART @sWV @sWFV^@INFO^@IMEI^@Power Off^@AT%POWEROFF^@Boot Complete Status: %d
^@AT%FBOOT^@AT%FRSTSTATUS^@AT%FRSTSTATUS Command Error
^@Factory Reset Status = %d.
^@AT%%FRSTSTATUS=%d^@AT%%FRSTSTATUS Command Error
^@FR Status is not 3
^@Factory reset status is %d (not 3)
^@read fail FR Status
@status 3
@set preSelfDStart
^@PSELFDE=%d @set ThermalEngineOFF
^@THERMALENGINE=1 @set QFuseEnable
^@EFUSEENABLE^@Get Call History from handset  %s %d
^@CExtraCmd::GetCallHistory fail
^@Can't read "%s" file from phone !!
^@End of getting Call History
^@Not support factory resetBad command or parameter 0x%x 0x%x
^@FAIL Invalid Service Programming Code. Can't  nv_read/write NV Item
^@FAIL DIAG_BAD_PARM_F :: Unable read authentication key NV Item
^@FAIL DIAG_BAD_PARM_F :: Invalid parameter Response
^@Unknown command code %d
^@NV Enumeration number mismatch : Request %d, Response %d
@success > %s
^@FAIL > %s
@sRDDIDInit Command Failed
^@CExtraCmd::SRDDIDInitOperator()
^@CCommonModule::ExtraPRLOperator
Failed to open the file, %s
^@ExtraPRLOperator Command Failed
^@ERROR occured in CCommonCmd:STDownloadEntry()
^@ Can't get Boot Complete Status
^@ Can't upgrade FOTA
^@ Can't change DLOAD Mode
^@Request completed okay @successfully done^@Unrecognizable command field^@The NVM is full^@Command failed, reason other than NVM $
^@Feature Query : ERROR_NO_RESPONSE
^@  - Protocol Version      : %d
^@  - Stream Download       : %d
^@  - Battery Level         : %dmV
^@  - Max Packet Length     : %d
^@  - Read Sectors          : %d
^@[Emmc_Finalize]
^@Emmc_Finalize : ERROR_NO_RESPONSE
^@[ERROR] invalid frame check sequence.
^@[ERROR] destination address is invalid.
^@[ERROR] operation length is invalid.
^@[ERROR] packet was too short for this cmd.
^@[ERROR] packet was too long for my buffer.
^@[ERROR] packet command code was unknown.
^@[ERROR] operation did not succeed.
^@[ERROR] intelligent ID code was wrong.
^@[ERROR] programming voltage out of spec
^@[ERROR] memory dump not permitted
^@[ERROR] invalid address for a memory read
^@[ERROR] readback verify did not match
^@[ERROR] not permitted without unlock
^@[ERROR] invalid security code
^@[ERROR] Not enough packet list
^@[ERROR] Nvidia Error
^@[ERROR] Nak Error : %d
^@    ErrValue(0x%08X)
^@    ErrStatus(0x%08X)
^@    First(0x%08X)
^@    Second(0x%08X)
^@[ERROR] Invalid Response : 0x%02X
^@[ERROR] Invalid Response
^@[WriteSector-%d] : 0x%08X ~ 0x%08X
^@WriteSector : ERROR_NO_RESPONSE
^@Cmd_EmmcWriteSector^@[WriteStream-%d] : 0x%08X ~ 0x%08X
^@WriteStream : ERROR_NO_RESPONSE
^@Cmd_EmmcWriteStream^@[EraseSector] : 0x%08x ~ 0x%08x
^@EraseSector : ERROR_NO_RESPONSE
^@_cmd_EmmcEraseSector^@### You chose chip erase option. All partition will be formatted
^@ChipErase failed
^@[SetWebDownloadFlag]
@setWebDownloadFlag : ERROR_NO_RESPONSE
^@Cmd_SetWebDownloadFlag^@[ReadStream] : 0x%08X ~ 0x%08X
^@[ReadStream] : ERROR_NO_RESPONSE
^@Cmd_EmmcReadStream^@[MemDebugQuery]
^@MemDebugQuery : ERROR_NO_RESPONSE
^@[CMD_TestMode] : %d-%d-%d
^@CMD_TestMode ERROR_NO_RESPONSE
^@    MODEL:%s
^@    IMEI:%s
^@    PID:%s
^@    SWV:%s
^@    SWOV:%s
@    SWV:%s
^@    SWOV:%s
^@    %s
^@%d-%d-%d : Exception^@%d-%d-%d : NOK^@%d-%d-%d : N/A^@%d-%d-%d : Invalid State^@No error^@Failed to open file^@Error parsing Ele$
Error : ^@%s Item's nOffset= %d byte,  %d(th) bit
^@Offset size=%d^@|^@

         Default=%s, ValueList=%s^@^@^@^@^@lgusb^@IOSerialBSDClient^@IOSerialBSDClientType^@IOSerialStream^@IOServiceGetMatchingSe$
^@IOService^@IOCalloutDevice^@IOTTYBaseName^@^@^@^@^@^@^@^@^@idVendor^@idProduct^@locationID^@GetIORegistryIntegerEntry^@/Users/de$
^@rmdir errno : %d(%s)
^@chdir errno : %d(%s)
^@getcwd errno : %d(%s)
^@[IsExist] Invalid argument : NULL
^@CurrentDirectory : %s
^@File not found : %s, %d, %s
^@DzGetFileLength nErrorCode = %d
^@[ERROR] DzRemoveFile : %d(%s)
^@[ERROR] DzRenameFile : %d(%s)
^@[ERROR] No input file name

---------- Post added at 06:41 PM ---------- Previous post was at 06:41 PM ----------

and  theres pages more....


^@==============Start Boot Download==============
^@/dev/block/sda^@/dev/block/sdb^@/dev/block/sdc^@/dev/block/sdd^@/dev/block/sde^@/dev/block/sdf^@/dev/block/sdg^@/dev/block/sdh^@$
^@OSU^@LGFTM_OSU_STATUS is MR
^@fail to set LGFTM_OSU_STATUS
^@result of OS check : Device(%c-%s), Binary(%c-%s)
^@result of op support : %d
^@chnage buyercode : %s
^@preloader_muse6582_y70_l.bin^@MISC2^@ftm.img^@UBOOT^@lk.bin^@laf.img^@BOOTIMG^@boot.img^@BOOT^@RECOVERY^@recovery.img @sEC_RO @s$
^@%s  %s to %s
^@%s %s %s
^@Can't find %s filename partition^@, ^@changed list %s
^@CNVSManager::Initialize() Fail
^@NVMETADATA^@CNVSManager::_loadNVMetadata() Fail
@nv_SEC_CODE_I^@CNVSManager::InitializeSPC() Fail
@nv_MEID_I^@CNVSManager::InitializeMEID() Fail
@nv_ESN_I^@CNVSManager::InitializeESN() Fail
@nv_UE_IMEI_I^@CNVSManager::InitializeIMEI() Fail
^@CSN initialized
@serial initialized
^@CSN initialized
@serial initialized
^@NV Backup^@CNVSManager::ReadNVItemProc() Fail
^@ALL^@[TRACE]CNVSManager::Read MetaData %d CurNam %d
^@ReadNVItem Fail.
^@Can't get the NVMetadata information of %s[%d]
@success to read NV(name:%s[%d], nam: %d
^@NV Restore^@CNVSManager::WriteNVItemProc Fail
^@CNVSManager::WriteNVItem Fail.
^@WriteDirtyNVItem Count : %d
^@CNVSManager::WriteDirtyNVItem() Fail
@nv_write NV_GPS1_LOCK_I {0}^@CMasterBin::WriteExtraNVItems()^@Verify No ActiveItems Success
^@CMasterBin::VerifyInactiveActiveItems()^@Verify ExtraSetting Items Error^@Verify ExtraSetting Items Success
^@CMasterBin::VerifyExtraSettingItems()^@Error in ReadNV^@%s/../LGUserCSTool_log.txt^@[Searched Devices : %d]
^@      0x%08X - %s(%d) : %s
^@No Device
^@GPS^@LGE Wireless USB Serial01 Device^@Modem^@CDMA^@LGE^@Mobile^@MCCI^@Android DIAG^@USB^@%s%s;^@lgusbfd^@lgusbserial^@can't fin$
^@AT^@OK^@ok^@AT Mode^@Unknown OneCmd version %d
^@Can't open port %d @nv_UE_IMEI_I^@CNVSManager::InitializeIMEI() Fail
^@CSN initialized
@serial initialized
^@NV Backup^@CNVSManager::ReadNVItemProc() Fail
^@ALL^@[TRACE]CNVSManager::Read MetaData %d CurNam %d
^@ReadNVItem Fail.
^@Can't get the NVMetadata information of %s[%d]
@success to read NV(name:%s[%d], nam: %d
^@NV Restore^@CNVSManager::WriteNVItemProc Fail
^@CNVSManager::WriteNVItem Fail.
^@NV Restore^@CNVSManager::WriteNVItemProc Fail
^@CNVSManager::WriteNVItem Fail.
^@WriteDirtyNVItem Count : %d
^@CNVSManager::WriteDirtyNVItem() Fail
@nv_write NV_GPS1_LOCK_I {0}^@CMasterBin::WriteExtraNVItems()^@Verify No ActiveItems Success
^@CMasterBin::VerifyInactiveActiveItems()^@Verify ExtraSetting Items Error^@Verify ExtraSetting Items Success
^@CMasterBin::VerifyExtraSettingItems()^@Error in ReadNV^@%s/../LGUserCSTool_log.txt^@[Searched Devices : %d]
^@      0x%08X - %s(%d) : %s
^@No Device
^@GPS^@LGE Wireless USB Serial01 Device^@Modem^@CDMA^@LGE^@Mobile^@MCCI^@Android DIAG^@USB^@%s%s;^@lgusbfd^@lgusbserial^@can't fin$
^@AT^@OK^@ok^@AT Mode^@Unknown OneCmd version %d
^@Can't open port %d
^@Cannot decide device boot mode. set Unknown Mode
^@Can't unlock SPC
^@Intput file[%s] is empty
^@The file[%s] is not appropriate for this model[%s]
^@Invalid binary!
Please check compatibility between binary and phone.
^@It's 'Downgrade.
^@It's 'Downgrade.
'^@ZV @sA^@Z^@T^@V^@%s%s^@000000000000000^@%s\LG_%s_%s.XML^@C:^@ESN^@RESULT^@PASS^@FAIL @sOFTWARE_NAME^@LGUP @sOFTWARE_VER^@OEM_NA$
^@CBaseModule::BackupToCalPartition() nXBackUpStatus=%d
^@X-Backup: backup
^@X-Backup backup failed!!
^@CBaseModule::RestoreFromCalPartition() nXBackUpStatus=%d
^@X-Backup: restore
^@X-Backup restore failed!!
^@X-Backup: erase
^@X-Backup erase failed!!
^@FBOOT CHECK^@Find LAF! Do DeviceReset to normal boot.^@Boot Complete is success[%d seconds elapsed].
^@%dth trial[%d seconds elapsed].
^@Boot Complete Command is not supported. Just wait for %d seconds.
^@CCommonModule::WaitForBootComplete().
^@FR Status is %d
^@Factory reset status is %d
^@FRST Flag = %d [ NG ].^@PRL Write^@CCommonModule:RLWrite()^@CCommonModule::_writePRLFile
Failed to open the file, %s
^@_writePRLFile^@PRL Read^@CCommonModule::_readPRLFile
Failed to open the file, %s
^@Warning! ReadPRLFile() → ReadPRLPkt() : the size of prl file is 0
^@Error! ReadPRLFile() → ReadPRLPkt() : PRL Stat is invalid
^@ERI Write^@Fail to open %s
%s
^@Fail to ERIWriteSubProcess nEriFileSize = %d
^@Fail to ERIWrite()
^@CCommonModule::ERIWrite()
^@ERI Read^@The eri data[size=%ud] is not valid
^@CNVSManager::SetExtraBackupNV() Error
@sendscrambledPassword Failed
^@pim/call_hist_nv.dat^@PE004^@NV read ENUM: %ld fail. PRLVersion : %s
@set Testmode^@Test Script Mode Set Command Failed
^@Manual Mode On Command Failed
@sP Factory Reset Error
^@FP Factory Reset Error @cscriptParser::SendFactoryReset() failed!!
^@250-0-26 Failed^@android version is %s^@android version is NULL^@Test Script Mode Set Command Failed^@Rebooting... [%d sec]^@Reb$
^@Unknown^@AT%SWV^@AT%SWFV^@AT%INFO^@AT%IMEI @sW version : %s
@sWFV : %s
^@PID : %s
^@Excute AI Init()...
^@AI Init()... FAIL!!
^@ROM_^@BIN_^@DZ_^@Modem Factory Reset Fail.
^@Modem Factory reset complete
^@AP Factory Reset Fail.
@skip 250-50-3.
@smartPhone Factory Reset complete. Waiting for User Activication.
^@User Activation Complete.
^@Not support SmartPhone Factory reset command.
@smartPhone Factory reset command fail.
^@PopupMsgBox nRet = %d
^@VK815^@LockQUSBCmd Fail
^@AT%RESTART @sWV @sWFV^@INFO^@IMEI^@Power Off^@AT%POWEROFF^@Boot Complete Status: %d
^@AT%FBOOT^@AT%FRSTSTATUS^@AT%FRSTSTATUS Command Error
^@Factory Reset Status = %d.
^@AT%%FRSTSTATUS=%d^@AT%%FRSTSTATUS Command Error
^@FR Status is not 3
^@Factory reset status is %d (not 3)
^@read fail FR Status
@status 3
@set preSelfDStart
^@PSELFDE=%d @set ThermalEngineOFF
^@THERMALENGINE=1 @set QFuseEnable
^@EFUSEENABLE^@Get Call History from handset  %s %d
^@CExtraCmd::GetCallHistory fail
^@Can't read "%s" file from phone !!
^@End of getting Call History
^@Not support factory resetBad command or parameter 0x%x 0x%x
^@FAIL Invalid Service Programming Code. Can't  nv_read/write NV Item
^@FAIL DIAG_BAD_PARM_F :: Unable read authentication key NV Item
^@FAIL DIAG_BAD_PARM_F :: Invalid parameter Response
^@Unknown command code %d
^@NV Enumeration number mismatch : Request %d, Response %d
@success > %s
^@FAIL > %s
@sRDDIDInit Command Failed
^@CExtraCmd::SRDDIDInitOperator()
^@CCommonModule::ExtraPRLOperator
Failed to open the file, %s
^@ExtraPRLOperator Command Failed
^@ERROR occured in CCommonCmd:STDownloadEntry()
^@ Can't get Boot Complete Status
^@ Can't upgrade FOTA
^@ Can't change DLOAD Mode
^@Request completed okay @successfully done^@Unrecognizable command field^@The NVM is full^@Command failed, reason other than NVM $
^@Feature Query : ERROR_NO_RESPONSE
^@  - Protocol Version      : %d
^@  - Stream Download       : %d
^@  - Battery Level         : %dmV
^@  - Max Packet Length     : %d
^@  - Read Sectors          : %d
^@[Emmc_Finalize]
^@Emmc_Finalize : ERROR_NO_RESPONSE
^@[ERROR] invalid frame check sequence.
^@[ERROR] destination address is invalid.
^@[ERROR] operation length is invalid.
^@[ERROR] packet was too short for this cmd.
^@[ERROR] packet was too long for my buffer.
^@[ERROR] packet command code was unknown.
^@[ERROR] operation did not succeed.
^@[ERROR] intelligent ID code was wrong.
^@[ERROR] programming voltage out of spec
^@[ERROR] memory dump not permitted
^@[ERROR] invalid address for a memory read
^@[ERROR] readback verify did not match
^@[ERROR] not permitted without unlock
^@[ERROR] invalid security code
^@[ERROR] Not enough packet list
^@[ERROR] Nvidia Error
^@[ERROR] Nak Error : %d
^@    ErrValue(0x%08X)
^@    ErrStatus(0x%08X)
^@    First(0x%08X)
^@    Second(0x%08X)
^@[ERROR] Invalid Response : 0x%02X
^@[ERROR] Invalid Response
^@[WriteSector-%d] : 0x%08X ~ 0x%08X
^@WriteSector : ERROR_NO_RESPONSE
^@Cmd_EmmcWriteSector^@[WriteStream-%d] : 0x%08X ~ 0x%08X
^@WriteStream : ERROR_NO_RESPONSE
^@Cmd_EmmcWriteStream^@[EraseSector] : 0x%08x ~ 0x%08x
^@EraseSector : ERROR_NO_RESPONSE
^@_cmd_EmmcEraseSector^@### You chose chip erase option. All partition will be formatted
^@ChipErase failed
^@[SetWebDownloadFlag]
@setWebDownloadFlag : ERROR_NO_RESPONSE
^@Cmd_SetWebDownloadFlag^@[ReadStream] : 0x%08X ~ 0x%08X
^@[ReadStream] : ERROR_NO_RESPONSE
^@Cmd_EmmcReadStream^@[MemDebugQuery]
^@MemDebugQuery : ERROR_NO_RESPONSE
^@[CMD_TestMode] : %d-%d-%d
^@CMD_TestMode ERROR_NO_RESPONSE
^@    MODEL:%s
^@    IMEI:%s
^@    PID:%s
^@    SWV:%s
^@    SWOV:%s
@    SWV:%s
^@    SWOV:%s
^@    %s
^@%d-%d-%d : Exception^@%d-%d-%d : NOK^@%d-%d-%d : N/A^@%d-%d-%d : Invalid State^@No error^@Failed to open file^@Error parsing Ele$
Error : ^@%s Item's nOffset= %d byte,  %d(th) bit
^@Offset size=%d^@|^@

         Default=%s, ValueList=%s^@^@^@^@^@lgusb^@IOSerialBSDClient^@IOSerialBSDClientType^@IOSerialStream^@IOServiceGetMatchingSe$
^@IOService^@IOCalloutDevice^@IOTTYBaseName^@^@^@^@^@^@^@^@^@idVendor^@idProduct^@locationID^@GetIORegistryIntegerEntry^@/Users/de$
^@rmdir errno : %d(%s)
^@chdir errno : %d(%s)
^@getcwd errno : %d(%s)
^@[IsExist] Invalid argument : NULL
^@CurrentDirectory : %s
^@File not found : %s, %d, %s
^@DzGetFileLength nErrorCode = %d
^@[ERROR] DzRemoveFile : %d(%s)
^@[ERROR] DzRenameFile : %d(%s)
^@[ERROR] No input file name


----------



## Astr4y4L (Aug 18, 2017)

*Deleated-multiple-post*

..


----------



## Astr4y4L (Aug 18, 2017)

but yes there is some very interesting info in this file....
and when we get it all assimilated i believe we can drive our LGuP from inside the .kdz file we flash...
of course there are going to be more roadblocks but we will smash through that krap like a sherman tank and end up with a way to outright flash custom roms on q-fused devices and all...
i mean the OEM Key is in these .dll files somewhere too...
woo thats a lot of data...
head hurts now and i'm going to take a break ... i don't know if it will let me but i'm going to try to (select all + copy + paste) the rest of the info on my next post so all who are secretly scowling about our no rom situation can browse it and read it thairselves maby someone will notice something i haven't yet or get an idea i haven't tried yet....
wooohooo progress !!!! 
sorry all about this next post its gonna be a long one...
Astr4y4L


----------



## MotoJunkie01 (Aug 18, 2017)

@Astr4y4L sorry I didn't get your device in the mail today. Been laid up with a migraine. Just now moving around a little. Better now. I'll take it over in the morning first thing and get it shipped.


----------



## Astr4y4L (Aug 18, 2017)

ahhh welll!!!!!
i'm not able to paste the entire file content here because i'm not so very familliar with Vim or Vi
i use nano usually and gedet or leafpad etc..
but i'll convert it over to plaintext later for all to see
and i guess the guy who wrote it is called 
deokhwanjung
according to this line of code here...

(/Users/deokhwanjung/Desktop/common_DLL/base_dll/Source/Process/EFS/EFSManager)

sure wish we had the ip addreass to the workstation this guy was working on...
oh well unless someone can find THAT-GUY we have to do this the hard way...
but i'd love to see the other contents of said workstation 

---------- Post added at 07:31 PM ---------- Previous post was at 07:22 PM ----------




MotoJunkie01 said:


> @Astr4y4L sorry I didn't get your device in the mail today. Been laid up with a migraine. Just now moving around a little. Better now. I'll take it over in the morning first thing and get it shipped.

Click to collapse



Oh Yea Brother No Problem ! 
was wondering at lunch-break today but when i'm welding i learned to leave phones and any other glass objects out of my pockets . slag even smashes gorilla glass screens with the tiniest little drip or splash...

But yea I take you at your word when you tell me somethings going to happen i just believe it and wait to see.
i just hate a nag and i don't like being sweated about any promise i make so i treat others as i would treat myself..
 i wasn't going to ask Bro...
but AWSOME


----------



## MotoJunkie01 (Aug 18, 2017)

Astr4y4L said:


> ahhh welll!!!!!
> i'm not able to past the entire file content here because i'n not so very familliar with Vim or Vi
> i use nano usually and gedet or leafpad etc..
> but i'll convert it over to plaintext later for all to see
> ...

Click to collapse



I'm going to take some time and look over the code you posted.


----------



## Astr4y4L (Aug 18, 2017)

MotoJunkie01 said:


> @Astr4y4L sorry I didn't get your device in the mail today. Been laid up with a migraine. Just now moving around a little. Better now. I'll take it over in the morning first thing and get it shipped.

Click to collapse



Oh Yea Brother No Problem ! 
was wondering at lunch-break today but when i'm welding i learned to leave phones and any other glass objects out of my pockets . slag even smashes gorilla glass screens with the tiniest little drip or splash...

But yea I take you at your word when you tell me somethings going to happen i just believe it and wait to see.
i just hate a nag and i don't like being sweated about any promise i make so i treat others as i would treat myself..
 i wasn't going to ask Bro...
but AWSOME 

---------- Post added at 08:39 PM ---------- Previous post was at 08:39 PM ----------




MotoJunkie01 said:


> I'm going to take some time and look over the code you posted.

Click to collapse



Yep.
Looks to me like a C language compiled on a windows environment.
Which is good because it actually narrows things down a bit.
We now have an idea where to go from here.
We must study how the functions work and we will be able to pack our custom rom with our modified .dll and its kinda like a scatterfile that not only tells what our rom contains but instructs lgup what functions and protocalls to use when in runtime.
And at runtime our code will load up with our .kdz rom
And be executed line by line . Good or bad...
And at the end the user has either flashed our rom to the correct hardware ...
Or Big Joe... our user...
Well he tried to flash this to the wrong hardware and now its toasted ...
Good or bad ....

---------- Post added at 08:52 PM ---------- Previous post was at 08:39 PM ----------

@                                                                                                   MotoJunkie01

http://18.220.133.114/android/kdztools/kdzextracted/LGUP_Common.dll

http://18.220.133.114/android/kdztools/kdzextracted/LGUP_Common.dylib

---------- Post added at 08:56 PM ---------- Previous post was at 08:52 PM ----------

these files are the same thing only out of the pp7.kdz
they have the same names and everything so i believe the content is basically the same except for our current firmware...

---------- Post added at 09:05 PM ---------- Previous post was at 08:56 PM ----------

First we must understand the possible functions from lgup then we modify these 2 files to call only the functions we want...
And we gotta either extract the OEM sig. And incorporate that into our rom for flashing to lg devices or we have to root the device first and swap our own signiture with the OEM ones before flashing.
Either way is a lota work  but if we can freeload on lg's OEM sig. We could just straight out flash our work with lgup

---------- Post added at 09:22 PM ---------- Previous post was at 09:05 PM ----------

@Motojunki01
This could be big news for Rom Devs Like You !
I'm  more into the implications this can have on device security.
A quick rooter using lg's own code....
Kool   I wanna see it happen just to throw a finger at OEMs who lock all thair lowend devices down so that i cant use the hardware how i want...
$20 basic krap fone
=
Flagship hardware without fully-functioning software.
It sucks.
I doubt ill ever spend the money for an awsome nexus..
I gots 4 kidz man....
But now im ranting... N E Ways..
Id be able to open things up and maby load a patched wifi driver when i want and guys like u can cook up a rom with custom recovery and bootloader..
We all win and Verizon /Lg can suck it!
Well that's  where im at on this Bro.
Gotta go got work early tomarrow.


----------



## MotoJunkie01 (Aug 18, 2017)

Astr4y4L said:


> Oh Yea Brother No Problem !
> was wondering at lunch-break today but when i'm welding i learned to leave phones and any other glass objects out of my pockets . slag even smashes gorilla glass screens with the tiniest little drip or splash...
> 
> But yea I take you at your word when you tell me somethings going to happen i just believe it and wait to see.
> ...

Click to collapse



I heard that and I feel you 100%. I'm about sick of LG & Verizon both. By the way, Verizon persists to violate the 2012 federal guidelines which restrict them from carrier locking the SIM ports on their devices. They are being sued again on a federal class action suit. I hope they get slaughtered.


----------



## Astr4y4L (Aug 18, 2017)

Well from common sense and the uncanny  look at the programmers working directory structure referenced in the code..
I think with the right knowledge this could basically apply to all lg devices...
Which would basically give us as much power and control over our devices as fastboot with unlocked bootloader.. there is already some open source tools to work with laf protocall called lglaf.py
Just google it if u want to.
But this combined with that research would be a possible rout to exploitation..


----------



## MotoJunkie01 (Aug 18, 2017)

Astr4y4L said:


> Well from common sense and the uncanny look at the programmers working directory structure referenced in the code..
> I think with the right knowledge this could basically apply to all lg devices...
> Which would basically give us as much power and control over our devices as fastboot with unlocked bootloader.. there is already some open source tools to work with laf protocall called lglaf.py
> Just google it if u want to.
> But this combined with that research would be a possible rout to exploitation..

Click to collapse



Yes, back in the days of the LG G2 & LG G3, we basically used a protocol of nuking the /laf partition (backing it up first of course). As you already know, /laf does two primary tasks: (1) it serves as the device's "Download Mode", and (2) it keeps from accessing fastboot mode. By nuking /laf, you lose download mode, so great caution is needed, because you've just lost your only means to recover the device. Interestingly, /laf has a kernel and a /ramdisk filesystem just like any other boot image. So, when you boot the device with no /laf, and use your volume up button while plugging a micro USB to the device which is connected to your PC, a very interesting thing happens: the application bootloader (/aboot) looks for a kernel (it searches for the kernel in /laf), but it finds none because /laf is nuked. Hmmmmm. So now what happens. The device is forced to boot into fastboot mode. LG, of course, has figured this out. (They read XDA Forums too, lol) Now, in many newer devices you can still access fastboot mode this same way, however, fastboot functions have been disabled. In other words when you type "fastboot oem unlock," the command window will return with a "command not allowed" type error. Gotta love LG. The [email protected]


----------



## MotoJunkie01 (Aug 18, 2017)

By the way @Astr4y4L, I'm going to mail your Zone 3 here in a little bit.


----------



## Astr4y4L (Aug 18, 2017)

MotoJunkie01 said:


> By the way @Astr4y4L, I'm going to mail your Zone 3 here in a little bit.

Click to collapse



awesome i can barely  use this p.o.s as the glass is cracked all to hell..
Im bout to head off to work.

So let me understand u correctly we nuke laf and get fastboot because of the kernel missing but on our hardware lg crippled fastboot because they see what we got going....
But the g2 fastboot worked After laf nuke....
And we know  fastboot is controlled by fastboot.c  object inside of aboot it's self so if we  can replace the aboot maby aboot from g2 will boot us idk.. but if not we gotta get aboot open and replace our fastboot.c object with the one from inside aboot on g2 we can have the same as them when we kill laf. But seriously i think download mode may be ok if we crack lgup...
So we got two roads to choose...
Patch aboot . Nuke laf. And oem-unlock
Or 
Patch lg up . Understand the scatterloading structure involved with our own rom if we want to flash a new one.
And build an lg device specific tool call it LGReUP
And flash customized firmware to them all.. i saw places in the code where you can tell it weather or not its a q-fuse weather its locked even setting qcom modem and freakin gps or telephony options.
dont mistake me.
I want custom /aboot and im still working toward that exactly.
But also iv got like 4 of these laying in my drawer gathering dust because i tried  the wrong .prop edit and tried to flash a non secure image unsigned to a partition on device and ended up looking at Secure---Boot--Error--1003  or whatever.
So a unlocking/unbricking tool that can flash these without careing about weather or not a Lg sig is present would get me at least 4 working phones from my brick drawer...

---------- Post added at 10:02 AM ---------- Previous post was at 09:54 AM ----------

And speaking of the brick drawer.. does anyone know what to do with a bunch of fried phones and tablets ? I been keeping them for hardware pieces...parts.
They are currently Un recoverable with the tools i have to work with.
And i been thinking about the machine in walmart that gives u money for recycleing phones...


----------



## MotoJunkie01 (Aug 18, 2017)

Astr4y4L said:


> awesome i can barely use this p.o.s as the glass is cracked all to hell..
> Im bout to head off to work.
> 
> So let me understand u correctly we nuke laf and get fastboot because of the kernel missing but on our hardware lg crippled fastboot because they see what we got going....
> ...

Click to collapse



Man I tell you, eBay is your best outlet. I actually run a small business just selling device parts on eBay. Amazingly, you can get more money selling parts from a broken device than you can selling the device brand new in the box. I sometimes buy budget devices brand new, tear them apart, sell the parts on eBay, and make 4 times the money that I originally invested for the new device.


----------



## Astr4y4L (Aug 18, 2017)

MotoJunkie01 said:


> Man I tell you, eBay is your best outlet. I actually run a small business just selling device parts on eBay. Amazingly, you can get more money selling parts from a broken device than you can selling the device brand new in the box. I sometimes buy budget devices brand new, tear them apart, sell the parts on eBay, and make 4 times the money that I originally invested for the new device.

Click to collapse



Oh Kool... so if I just strip em down i can sell the pieces on ebay... i hadn't thought of that !
hey post the link to your ebay store i'm currious to see how that works !

---------- Post added at 02:09 PM ---------- Previous post was at 02:04 PM ----------

*Tracking Number:###############*







 		  Accepted 		
*Expected Delivery Day:  *Monday, August 21, 2017 			    
*Product & Tracking Information*


*Postal Product:* First-Class Mail®                   *Features:* 						 						 							 							 							 							 								USPS Tracking®


                                          												 				 					      	 		 			Date & Time 			Status of Item 			Location 		 	 	 		 			 				August 18, 2017, 				12:54 pm 			 			 				USPS in possession of item 			 			 				CORBIN, KY 40701  			 		 		 			 				 					USPS is now in possession of your item as of 12:54 pm on August 18, 2017 in CORBIN, KY 40701.

---------- Post added at 02:14 PM ---------- Previous post was at 02:09 PM ----------

WooHoo !!! i'll have something to work with again !

Thanks again for all your help with this project
I am thinking of creating a new thread maby two...
thread 1 would just be info for rooting  and thread two could be just step by step instructions for the downgrade process just to put all of our info together so that Noobs can understand how to accomplish what we've got


----------



## Astr4y4L (Aug 18, 2017)

WELL they killed my server at amazon so the link to Zone3 root .zip is down im working to fix it...


----------



## MotoJunkie01 (Aug 18, 2017)

Astr4y4L said:


> WELL they killed my server at amazon so the link to Zone3 root .zip is down im working to fix it...

Click to collapse



Upload to Google Drive. It is pretty reliable


----------



## Astr4y4L (Aug 18, 2017)

MotoJunkie01 said:


> Upload to Google Drive. It is pretty reliable

Click to collapse



Well I've Rerouted everything again and if you want to fix the link for OP it is now:

http://www.astrayalslanding.dynu.net/

and the donation button is included on that page and a direct-download link to the root package is there too 
I guess the people at amazon finnaly pulled my plug ...
i had it free for over a year because the first thing i do is set it up for ssh and root access then i change the linux-headers because amazon uses special **** to give them control using their AWS web panel  so i change the headers and do_dist-upgrade to take root control of the virt. machine...   

but i guess they finally just pulled the plug... thank God for Backups and Backups of Backups 
Anyhow please fix that one link in OP page 1
when you get time.
Uuugh !!!
backs killing me gotta go Ttyl
Astr4y4L


----------



## SquaredDev (Aug 19, 2017)

Astr4y4L said:


> ;
> i wonder if anyone else can try to flash the marshmallow update of dooom...
> Really think it would be cool if it will take and what would that look like...
> @SquaredDev maby

Click to collapse



trying it now! SO SORRY for being so MIA... life hit me hard... ran into some really bad luck on the semi truck.. anyways.. I gotta google pixel xl for my daily driver... so if this bricks this phone, it bricks it, lol..


----------



## Astr4y4L (Aug 19, 2017)

SquaredDev said:


> trying it now! SO SORRY for being so MIA... life hit me hard... ran into some really bad luck on the semi truck.. anyways.. I gotta google pixel xl for my daily driver... so if this bricks this phone, it bricks it, lol..

Click to collapse



i used the fota option and was at 99% when my stupid pc glitched... i was stuck in download mode and its now fried.

but you may have success... that would be freakin KOOL ! Marshmallow 

and a pixel congrats man thats nice ! My dream phone is the LG Google Nexis 5
but i'm always too strapped for cash to get it...


----------



## SquaredDev (Aug 19, 2017)

Astr4y4L said:


> i used the fota option and was at 99% when my stupid pc glitched... i was stuck in download mode and its now fried.
> 
> but you may have success... that would be freakin KOOL ! Marshmallow
> 
> ...

Click to collapse



NOW my issue, lol... I can't get LGUP to work for some reason.. it finds it as the com port but when i go to run it, it says cannot find model after I select my model and com port.... i got another laptop since my truck fried my laptop i was using to flash.... 


the pixel is nice, but very limited since i got the verizon version and ALAS, locked bootloader so no root...


----------



## Astr4y4L (Aug 19, 2017)

MotoJunkie01 said:


> Upload to Google Drive. It is pretty reliable

Click to collapse



well i would but my gdrive is absolutly full of pictures of family that i can't replace.

BUT !!
CHECK THIS OUT

https://forum.xda-developers.com/an...root-zone3-t3658768/post73452298#post73452298

I got the stuff posted up over there and if anyone needs help i sent them here cause i'll be here working on this aboot krap so we can stick it to lg and fix our fones with custom firmware. I mean its not the Nexis 5 that i want but if we figure this all out it will be good enough to handle the things i want to do...
checked on the USPS Package again and it's on the way..
I hope @SquaredDev manages to get this marshmallow to flash to his device...
that would be kool.
but i wonder if he noticed that we got past the  display issue with the other guy ?


----------



## SquaredDev (Aug 19, 2017)

Astr4y4L said:


> well i would but my gdrive is absolutly full of pictures of family that i can't replace.
> 
> BUT !!
> CHECK THIS OUT
> ...

Click to collapse



HOLY CRAP! Did yall really fix the display issue? If so, that would mean the world to me... i must go back and crawl the thread! If this MM works, that would be awesome as well


----------



## Astr4y4L (Aug 19, 2017)

SquaredDev said:


> HOLY CRAP! Did yall really fix the display issue? If so, that would mean the world to me... i must go back and crawl the thread! If this MM works, that would be awesome as well

Click to collapse



WARNING I WAS AT 99% BUT....
that don't mean i would have success .
it might brick...
any way the display thing was a krazy idea that turned into a flash to pp8 let it boot to red verizon screen then soon as it passes that and starts the app krapp pull battery before it finishes... then go streight to download-mode and flash the pp2
worked for 1 guy that we know of a few pages and days ago..
either way let us know how it go's

---------- Post added at 09:37 PM ---------- Previous post was at 09:20 PM ----------




SquaredDev said:


> NOW my issue, lol... I can't get LGUP to work for some reason.. it finds it as the com port but when i go to run it, it says cannot find model after I select my model and com port.... i got another laptop since my truck fried my laptop i was using to flash....
> 
> 
> the pixel is nice, but very limited since i got the verizon version and ALAS, locked bootloader so no root...

Click to collapse



Google search 
Xda + UPPERCUT
that helps lgup when its being stupid


----------



## SquaredDev (Aug 19, 2017)

[QUOTE

[/COLOR]

Google search 
Xda + UPPERCUT
that helps lgup when its being stupid[/QUOTE]

uppercut fixed the issue  Now to the sad  The KDZ for k4 MM won't flash for me.. i get to 4% with FOTA and get the same error message.. and if i try refurbish or upgrade, it crashes LGUP at 4%. I am redoanloading PP8 and PP2 to try the display issue... 
NOTE: I tried the K4 MM with pp6 installed on my phone.. should i try it with pp7 and pp8?


----------



## Astr4y4L (Aug 19, 2017)

SquaredDev said:


> [QUOTE
> 
> [/COLOR]
> 
> ...

Click to collapse



uppercut fixed the issue  Now to the sad  The KDZ for k4 MM won't flash for me.. i get to 4% with FOTA and get the same error message.. and if i try refurbish or upgrade, it crashes LGUP at 4%. I am redoanloading PP8 and PP2 to try the display issue... 
NOTE: I tried the K4 MM with pp6 installed on my phone.. should i try it with pp7 and pp8?[/QUOTE]

Really not sure...'
I had already rooted and removed a bunch of verizon krap and changed quite a few config files...
Essentially i had a rooted pp2 /system.
But yes please try the display thing and trick and let us know


----------



## Astr4y4L (Aug 19, 2017)

Well, how did it go?


----------



## Astr4y4L (Aug 20, 2017)

@MotoJunkie01
Today a guy in the grocery-store parking lot sold me a brand new phone and for $5 i went ahead and got it it is a 
LG L57BL10B
its a trackfone but it happens to be a rebel lte is what i found from google...
didn't see much on root for it and it has a Marshmallow build (MXB48T)
i've skipped through activation as it came without sim and is carrier-locked.
skipped adding google because fear of FRP skipped setting a pin and installed kingroot from adb... no go ... but im playing with dirtycow and its succeptible to the race-condition... haven't gotten far not a big deal as i'm working on Zone3 but you seem knowledgable about the rebel and it does seem to be an even more locked-down version of ours and k4 etc except its got a larger screen and different style with keys and this marshmallow build sucks
they took away the app drawer !!!!!!!!!!! WTF ? WHO DOES THAT?
but yep i'm trying to kill it allready.
HOW CAN WE ROOT IT TO PULL THE SYSTEM?


----------



## MotoJunkie01 (Aug 20, 2017)

Astr4y4L said:


> @MotoJunkie01
> Today a guy in the grocery-store parking lot sold me a brand new phone and for $5 i went ahead and got it it is a
> LG L57BL10B
> its a trackfone but it happens to be a rebel lte is what i found from google...
> ...

Click to collapse



Mine is actually a different model number than yours and its a 5.1.1 build. I'll see what I can find on your model number (yours may be Rebel 2?)


----------



## Astr4y4L (Aug 20, 2017)

MotoJunkie01 said:


> Mine is actually a different model number than yours and its a 5.1.1 build. I'll see what I can find on your model number (yours may be Rebel 2?)

Click to collapse



hell... I don't even know really...

but if they r the same ... well it is wierd it don't even go to download mode or recovery i'll post the .prop for you to compare...

---------- Post added at 03:02 PM ---------- Previous post was at 03:01 PM ----------

# begin build properties
# autogenerated by buildinfo.sh
ro.build.id=MXB48T
ro.build.display.id=MXB48T
ro.build.version.incremental=163551117ae6a
ro.build.version.sdk=23
ro.build.version.preview_sdk=0
ro.build.version.codename=REL
ro.build.version.all_codenames=REL
ro.build.version.release=6.0.1
ro.build.version.security_patch=2016-12-01
ro.build.version.base_os=
ro.build.date=Tue Dec 20 11:24:19 KST 2016
ro.build.date.utc=1482200659
ro.build.type=user
ro.build.user=jenkins
ro.build.host=LGEACI1R11
ro.build.tags=release-keys
ro.build.flavor=lv1_trf_us-user
ro.product.model=LGL57BL
ro.product.brand=lge
ro.product.name=lv1_trf_us
ro.product.device=lv1
ro.product.board=msm8909
# ro.product.cpu.abi and ro.product.cpu.abi2 are obsolete,
# use ro.product.cpu.abilist instead.
ro.product.cpu.abi=armeabi-v7a
ro.product.cpu.abi2=armeabi
ro.product.cpu.abilist=armeabi-v7a,armeabi
ro.product.cpu.abilist32=armeabi-v7a,armeabi
ro.product.cpu.abilist64=
ro.product.manufacturer=LGE
ro.product.locale=en-US
ro.wifi.channels=
ro.board.platform=msm8909
# ro.build.product is obsolete; use ro.product.device
ro.build.product=lv1
# Do not try to parse description, fingerprint, or thumbprint
ro.build.description=lv1_trf_us-user 6.0.1 MXB48T 163551117ae6a release-keys
ro.build.fingerprint=lge/lv1_trf_us/lv1:6.0.1/MXB48T/163551117ae6a:user/release-keys
ro.build.characteristics=default
ro.lge.lguiversion=5.0
# end build properties
#
# from device/qcom/msm8909/system.prop
#
#
# system.prop for msm8909
#

#rild.libpath=/system/lib/libreference-ril.so
rild.libpath=/system/vendor/lib/libril-qc-qmi-1.so
rild.libargs=-d /dev/smd0
persist.rild.nitz_plmn=
persist.rild.nitz_long_ons_0=
persist.rild.nitz_long_ons_1=
persist.rild.nitz_long_ons_2=
persist.rild.nitz_long_ons_3=
persist.rild.nitz_short_ons_0=
persist.rild.nitz_short_ons_1=
persist.rild.nitz_short_ons_2=
persist.rild.nitz_short_ons_3=
ril.subscription.types=NV,RUIM
DEVICE_PROVISIONED=1
# Start in cdma mode
# TODO: Please DO NOT enable the next line when you merge CAF
#ro.telephony.default_network=5

debug.sf.hw=1
debug.egl.hw=1
debug.composition.type=gpu
debug.hwc.dynThreshold=2.5
debug.mdpcomp.logs=0
#dalvik.vm.heapsize=36m
dalvik.vm.zygotemaxfailedboots=5
dev.pm.dyn_samplingrate=1
persist.demo.hdmirotationlock=false

#enable dirty rect
debug.sf.swaprect=1
#enable app buffer composition
debug.sf.hwc.canUseABC=1

#enable gpu perf hint
sys.hwc.gpu_perf_mode=1
#ro.hdmi.enable=true
#tunnel.decode=true
#tunnel.audiovideo.decode=true
#lpa.decode=false
#lpa.use-stagefright=true
#persist.speaker.prot.enable=false

#
# system props for the cne module
#
persist.cne.feature=1

#system props for the MM modules
media.stagefright.enable-player=true
media.stagefright.enable-http=true
media.stagefright.enable-aac=true
media.stagefright.enable-qcp=true
media.stagefright.enable-fma2dp=true
media.stagefright.enable-scan=true
mmp.enable.3g2=true
media.aac_51_output_enabled=true
#codecsPARSER_)AAC AC3 AMR_NB AMR_WB ASF AVI DTS 3GP 3G2 MKV MP2PS MP2TS MP3 OGG QCP WAV FLAC
mm.enable.qcom_parser=262143
# Default to AwesomePlayer
media.stagefright.use-awesome=false

#
# system props for the data modules
#
ro.use_data_netmgrd=true
persist.data.netmgrd.qos.enable=true
persist.data.mode=concurrent

#system props for time-services
persist.timed.enable=true

#
# system prop for opengles version
#
# 196608 is decimal for 0x30000 to report version 3
ro.opengles.version=196608

# System property for cabl
# if you need to add cabl feature you should add this property into /device/lge/MODEL/device.mk file
# ro.qualcomm.cabl=2

# System property for QDCM
persist.tuning.qdcm=1

# System property for Screen Color
ro.qcom.screencolor=1

#
# System props for telephony
# System prop to turn on CdmaLTEPhone always
#telephony.lteOnCdmaDevice=1

#Simulate sdcard on /data/media
#
persist.fuse_sdcard=true

#
# System property for Camera
# System prop to allocate Reprocess buffer as "1"
# during Longshot usecase
persist.camera.longshot.stages=1

#
# dirty ratio value when enable ums
#
ro.sys.umsdirtyratio=20

#
#snapdragon value add features
#
ro.qc.sdk.audio.ssr=false
##fluencetype can be "fluence" or "fluencepro" or "none"
#ro.qc.sdk.audio.fluencetype=none
persist.audio.fluence.voicecall=true
persist.audio.fluence.voicerec=false
persist.audio.fluence.speaker=true
#Set for msm8909
tunnel.audio.encode = false
ro.config.low_ram=false
#Buffer size in kbytes for compress offload playback
audio.offload.buffer.size.kb=64
#Minimum duration for offload playback in secs
audio.offload.min.duration.secs=30
#Enable offload audio video playback by default
#audio.offload.video=true
#enable voice path for PCM VoIP by default
use.voice.path.for.pcm.voip=true
#
#System property for FM transmitter
#
ro.fm.transmitter=false
#enable dsp gapless mode by default
audio.offload.gapless.enabled=true

#Audio voice concurrency related flags
voice.playback.conc.disabled=true
voice.record.conc.disabled=true
voice.voip.conc.disabled=true

#Audio VoIP / playback record concurrency flags
rec.playback.conc.disabled=true

#Set composition for USB
#persist.sys.usb.config=diag,serial_smd,rmnet_qti_bam,adb
#Set read only default composition for USB
#ro.sys.usb.default.config=diag,serial_smd,rmnet_qti_bam,adb

# set max background services
#ro.config.max_starting_bg=8

#property to enable user to access Google WFD settings
persist.debug.wfd.enable=0
#propery to enable VDS WFD solution
persist.hwc.enable_vds=1

#property to enable image unload by audio HAL
sys.audio.init=false

#property to enable DS2 dap
audio.dolby.ds2.enabled=true

#property to change touch screen resolution
persist.sys.synaptics_dsx.qhd=false

#HWUI properties
ro.hwui.text_large_cache_height=2048

# enable sta proxy bydefault
persist.mm.sta.enable=1
#Trim properties
ro.sys.fw.use_trim_settings=true
ro.sys.fw.empty_app_percent=50
ro.sys.fw.trim_empty_percent=100
ro.sys.fw.trim_cache_percent=100
ro.sys.fw.trim_enable_memory=1073741824

#Enable Delay service restart
ro.am.reschedule_service=true

# set cutoff voltage to 3200mV
ro.cutoff_voltage_mv=3200

#min/max cpu in core control
ro.core_ctl_min_cpu=2
ro.core_ctl_max_cpu=4

#Enable B service adj transition by default
ro.sys.fw.bservice_enable=true
ro.sys.fw.bservice_limit=5
ro.sys.fw.bservice_age=5000

#set device emmc size
ro.emmc_size=8GB

#
# ADDITIONAL_BUILD_PROPERTIES
#
log.tag.GpsLocationProvider=DEBUG
log.tag.LocationManagerService=DEBUG
log.tag.NlpProxy=DEBUG
log.tag.LocSvc_java=DEBUG
log.tag.LgeGpsIndicator=DEBUG
log.tag.GeofenceHardwareImpl=DEBUG
log.tag.GeofenceManager=DEBUG
log.tag.FlpServiceProvider=DEBUG
log.tag.GeofenceProxy=DEBUG
ro.com.lge.mada=gms_4.0
ro.build.target_operator=TRF
ro.build.target_country=US
ro.build.target_operator_ext=TRF_ATT
ro.telephony.default_network=9
ro.cdma.home.operator.alpha=Verizon
ro.cdma.home.operator.numeric=310004
ro.cdma.otaspnumschema=SELC;2;00;07;80;99
ro.lge.lcd_default_brightness=166
ro.lge.lcd_auto_brightness_mode=false
persist.sys.store_demo_enabled=0
wifi.lge.common_hotspot=true
wlan.lge.softap5g=false
wlan.lge.dcf.enable=true
wlan.lge.passpoint_setting=true
wifi.lge.ftm_test=2
wlan.lge.supportsimaka=YES
ro.wlan.trf_log_disabled=true
wlan.lge.txpower=true
persist.gsm.sms.disablelog=64
persist.radio.volte.dan_support=true
ro.lge.pnconfig=true
ro.lge.supported_carrier_list=att,tmus
persist.sys.cust.waitsound=true
persist.radio.sw_mbn_update=1
ro.qc.sdk.audio.fluencetype=fluence
persist.audio.fluence.voicecall=true
persist.audio.fluence.speaker=true
persist.audio.nsenabled=ON
persist.audio.spkcall_2mic=ON
persist.audio.headset_fluence=false
persist.audio.sm_fluence=OFF
persist.audio.spk_sm_fluence=OFF
persist.audio.voip_nsenabled=ON
persist.audio.voice.clarity=off
persist.audio.handset_rx_type=DEFAULT
ro.config.vc_call_vol_steps=7
ro.config.vc_call_vol_default=4
ro.lge.noise.suppression=1
ro.lge.voice.clarity=0
ro.lge.ns.default=1
ro.lge.bt_gain_control_factor=0.9
ro.config.ringtone=Life_Is_Good.ogg
ro.config.notification_sound=Crystal.ogg
ro.config.alarm_alert=Life_Is_Good_Alarm.ogg
ro.config.timer_alert=Timer.ogg
ro.product.ims=epdg
ro.lge.vib_magnitude_index=0,1044,1276,1508,1740,1972,2088,2204
lge.normalizer.param=version2.0/true/14/true/11500/1.0/2050/0.55
ro.com.google.gmsversion=6.0_r9
ro.setupwizard.mode=DISABLED
ro.com.google.apphider=off
ro.com.google.clientidbase=android-om-lge
ro.com.google.clientidbase.ms=android-americamovil-us
ro.com.google.clientidbase.yt=android-om-lge
ro.com.google.clientidbase.am=android-americamovil-us
ro.com.google.clientidbase.gmm=android-om-lge
ro.sf.lcd_density=240
debug.composition.type=gpu
persist.sys.strictmode.disable=true
ro.config.vibrate_type=0
ro.lge.sensor_chip=qct_kernel
ro.build.display_manufacture_sn=1
persist.service.crash.enable=0
ro.frp.pst=/dev/block/bootdevice/by-name/config
voice.playback.conc.disabled=false
voice.record.conc.disabled=true
voice.voip.conc.disabled=true
persist.gralloc.cp.level3=1
ro.lge.revshare=2015
ro.movetosdcard.enable=true
persist.service.odm_log.noti=true
persist.service.odm_log.svc=true
persist.radio.apm_sim_not_pwdn=1
audio.offload.pcm.enable=false
persist.speaker.prot.enable=false
av.offload.enable=false
audio.dolby.ds2.enabled=false
use.voice.path.for.pcm.voip=false
lge.fm_gain_control_speaker=0.9
dalvik.vm.heapstartsize=8m
dalvik.vm.heapgrowthlimit=96m
dalvik.vm.heapsize=256m
dalvik.vm.heaptargetutilization=0.75
dalvik.vm.heapminfree=2m
dalvik.vm.heapmaxfree=8m
ro.config.max_starting_bg=8
ro.sys.fw.bg_apps_limit=15
ro.sys.fw.bg_cached_ratio=0.33
ro.sys.fw.mOomAdj1=0
ro.sys.fw.mOomAdj2=1
ro.sys.fw.mOomAdj3=2
ro.sys.fw.mOomAdj4=3
ro.sys.fw.mOomAdj5=9
ro.sys.fw.mOomAdj6=15
ro.sys.fw.mOomMinFree1=73728
ro.sys.fw.mOomMinFree2=92160
ro.sys.fw.mOomMinFree3=110592
ro.sys.fw.mOomMinFree4=153600
ro.sys.fw.mOomMinFree5=199680
ro.sys.fw.mOomMinFree6=245760
ro.airplane.phoneapp=1
ro.lge.build.basetag=LAMPMMR1R161129
ro.lge.build.branch=msm8909_m_mr1_lv1_trf_us_mp_161214
sys.knockon.knockoff.distance=10
ro.lge.audio_soundexception=true
sys.lge.bnrd=0
ro.lge.capp_ZDi_O=true
lge.zdi.actionsend=false
lge.zdi.onactivityresult=true
lge.zdi.dragdropintent=false
drm.service.enabled=true
lge.signed_image=true
persist.service.main.enable=0
persist.service.system.enable=0
persist.service.radio.enable=0
persist.service.events.enable=0
persist.service.kernel.enable=0
persist.service.packet.enable=0
persist.service.storage.low=0
persist.service.power.enable=0
persist.service.memory.enable=0
persist.service.ccaudit.enable=0
persist.service.xfrm.enable=0
persist.lg.data.IMSSupport=true
persist.lg.data.IPV6Support=true
persist.lg.data.recovery=false
ro.afwdata.LGfeatureset=TATBASE
persist.lg.data.tmus.mode=false
persist.lg.data.att.mode=false
persist.lg.data.tmo.epdg=false
persist.lg.data.fds_prop=0
persist.lg.data.block_ssdp=0
persist.telephony.oosisdc=false
persist.lg.data.fd=-1
persist.qcril.disable_retry=true
persist.lg.data.llkklk.exact=true
persist.dpm.feature=0
ro.lge.swversion_arb=ARB02
ro.lge.swversion=L57BL10b
ro.lge.swversion_short=V10b
ro.lge.swversion_rev=0
ro.lge.factoryversion=LGL57BLHL-02-V10b-310-410-DEC-20-2016-ARB02+0
ro.vendor.extension_library=libqti-perfd-client.so
persist.radio.sib16_support=1
persist.radio.custom_ecc=1
ro.carrier=unknown
ro.boot.svelte=1
wlan.chip.vendor=qcom
wlan.chip.version=wcn
wifi.lge.patch=true
wlan.lge.concurrency=MCC
wlan.lge.wifidisplay=both
wlan.lge.traffic.trigger=100
persist.sys.dalvik.vm.lib.2=libart
dalvik.vm.isa.arm.variant=cortex-a7
dalvik.vm.isa.arm.features=default
net.bt.name=Android
dalvik.vm.stack-trace-file=/data/anr/traces.txt
persist.gps.qc_nlp_in_use=1
persist.loc.nlp_name=com.qualcomm.location
ro.gps.agps_provider=1
ro.expect.recovery_id=0x60c2805142549b8704c418d6fa587ec715ef534f000000000000000000000000

---------- Post added at 03:04 PM ---------- Previous post was at 03:02 PM ----------

lg  and identified in .prop as lv1


----------



## MotoJunkie01 (Aug 20, 2017)

Yeah, download mode is usually disabled on TracFone devices.


----------



## Astr4y4L (Aug 20, 2017)

MotoJunkie01 said:


> Yeah, download mode is usually disabled on TracFone devices.

Click to collapse



So.... Probably a candidate for a WiFi device for the kids except I don't like giving them a 911 dialer they are 8 and 9 lol

---------- Post added at 02:41 PM ---------- Previous post was at 02:35 PM ----------

Is it even a rebel?

---------- Post added at 03:19 PM ---------- Previous post was at 02:41 PM ----------




MotoJunkie01 said:


> Yeah, download mode is usually disabled on TracFone devices.

Click to collapse



Looked it up on Wal-Mart.com it is lg rebel2 LTE...


----------



## MotoJunkie01 (Aug 21, 2017)

Astr4y4L said:


> So.... Probably a candidate for a WiFi device for the kids except I don't like giving them a 911 dialer they are 8 and 9 lol
> 
> ---------- Post added at 02:41 PM ---------- Previous post was at 02:35 PM ----------
> 
> ...

Click to collapse



I just checked. My Rebel is the LG L43AL Tracfone version with 5.1.1, and a 09-01-2016 SPL.


----------



## Astr4y4L (Aug 21, 2017)

MotoJunkie01 said:


> I just checked. My Rebel is the LG L43AL Tracfone version with 5.1.1, and a 09-01-2016 SPL.

Click to collapse



Well... Krap.
Know of any shareware for carrier unlocking


----------



## MotoJunkie01 (Aug 21, 2017)

Astr4y4L said:


> Well... Krap.
> Know of any shareware for carrier unlocking

Click to collapse



Haha. Not right off top. I know very little about the Rebel as of now.  Trying to get full root as we speak.


----------



## Astr4y4L (Aug 21, 2017)

MotoJunkie01 said:


> Haha. Not right off top. I know very little about the Rebel as of now.  Trying to get full root as we speak.

Click to collapse



i hear ya, been the same on this P.O.S ...

I almost didn't buy it but when i looked to make sure the battery and all pieces was there i noticed that its got screws, a lot of newer low-end fones don't so i remembered what u said about your ebay store and figured the screen's probably worth more than 5 bucks, hell i can probably sell the whole thing for more than $5...
but when i realized it was actually a K4 Type i was hopeful i might have another development device. but alas trackfone screwed the pooch, no download-mode no recovery ,factory-mode nothing...
thinking about turning it off and see if that other tool for qcom modems i was foolin with could see it but ... IDK.
still it's 6.0.1 but 32bit and succeptable to dirty-cow race condition so there may be a chance of useing dirty-cow to swap a built-in .sh script with one of my own but gotta find something thats run in the init context to get root i think...

---------- Post added at 08:45 PM ---------- Previous post was at 08:37 PM ----------

if i could find a way to unlock the carrier i'd just swap my wife for that samsung galaxy amp2 that i put the .eng boot loader on and have that to play around with i've been wanting to figure out how to port Safe-Strap for it as it has no development on recoveries or roms... But , my wife won't let me fool with it anymore  i've got the stock rom bootloader and odin for every now and again it'll get all bugged out and i just pull everything to the p.c flash it again with odin, root it ,Xposed ,put her files apps and pictures all back and it runs like brand new for a while... i really don't understand why there aren't more people developing for budget devices... it make me sad 
but i guess thats what u and me's here for


----------



## Astr4y4L (Aug 21, 2017)

@MotoJunkie01
Hey. Don't know if this helps for anything but I'm digging in codefi.re and found this
http://downloads.codefi.re/autoprime/Qualcomm/Drivers


----------



## Astr4y4L (Aug 21, 2017)

@MotoJunkie01
On our zone 3... I know we have the snapdragon (msm8909?) that's qcom but does that same chipset handle our baseband and our wlan ?


----------



## jjangsangy (Aug 21, 2017)

So I was able to downgrade my phone to version P2 and was able to root it.

I was able to root the device successfully, however restarting the device goes into bootloops for a couple spins, like 5 minutes before it loads completely.

In order to get rid of the initial loading, I found a guide that told me to replace the files modem, modemst1, modemst2, fsg, ssd, but now I have infinite boot loops. I think I'm going to have to go all over and reinstall from scratch from the system recovery, but would still like to figure out how to get rid of the bootloops if you have chance to figure it out.


----------



## MotoJunkie01 (Aug 21, 2017)

Astr4y4L said:


> @MotoJunkie01
> On our zone 3... I know we have the snapdragon (msm8909?) that's qcom but does that same chipset handle our baseband and our wlan ?

Click to collapse



Yes. The Qualcomm Snapdragon  210 (MSM8909) handles all radio functionality. @Astr4y4L, when is your Zone 3 scheduled to arrive in the mail?


----------



## Astr4y4L (Aug 21, 2017)

MotoJunkie01 said:


> Yes. The Qualcomm Snapdragon  210 (MSM8909) handles all radio functionality. @Astr4y4L, when is your Zone 3 scheduled to arrive in the mail?

Click to collapse



It should arrive any time now its "out for delivery" I'll be so glad to have the zone 3 back 

---------- Post added at 10:24 AM ---------- Previous post was at 10:20 AM ----------




jjangsangy said:


> So I was able to downgrade my phone to version P2 and was able to root it.
> 
> I was able to root the device successfully, however restarting the device goes into bootloops for a couple spins, like 5 minutes before it loads completely.
> 
> In order to get rid of the initial loading, I found a guide that told me to replace the files modem, modemst1, modemst2, fsg, ssd, but now I have infinite boot loops. I think I'm going to have to go all over and reinstall from scratch from the system recovery, but would still like to figure out how to get rid of the bootloops if you have chance to figure it out.

Click to collapse



Ok first go get my root package again its here
http://www.astrayalslanding.dynu.net
Then follow the README.

And out of curriosity what software version did you begin with please?

---------- Post added at 10:26 AM ---------- Previous post was at 10:24 AM ----------




MotoJunkie01 said:


> Yes. The Qualcomm Snapdragon  210 (MSM8909) handles all radio functionality. @Astr4y4L, when is your Zone 3 scheduled to arrive in the mail?

Click to collapse



And I asked about the baseband because in devices that have a separate radio chip its another avenue of exploit....

---------- Post added at 10:29 AM ---------- Previous post was at 10:26 AM ----------




jjangsangy said:


> So I was able to downgrade my phone to version P2 and was able to root it.
> 
> I was able to root the device successfully, however restarting the device goes into bootloops for a couple spins, like 5 minutes before it loads completely.
> 
> In order to get rid of the initial loading, I found a guide that told me to replace the files modem, modemst1, modemst2, fsg, ssd, but now I have infinite boot loops. I think I'm going to have to go all over and reinstall from scratch from the system recovery, but would still like to figure out how to get rid of the bootloops if you have chance to figure it out.

Click to collapse



Did you use the refurbish option in download_mode on lgup when flashing pp2?


----------



## MotoJunkie01 (Aug 21, 2017)

Astr4y4L said:


> i hear ya, been the same on this P.O.S ...
> 
> I almost didn't buy it but when i looked to make sure the battery and all pieces was there i noticed that its got screws, a lot of newer low-end fones don't so i remembered what u said about your ebay store and figured the screen's probably worth more than 5 bucks, hell i can probably sell the whole thing for more than $5...
> but when i realized it was actually a K4 Type i was hopeful i might have another development device. but alas trackfone screwed the pooch, no download-mode no recovery ,factory-mode nothing...
> ...

Click to collapse



I think I've got my Rebel LTE carrier unlocked. Getting ready to try another GSM SIM card to see if it worked.
Oh, and I've got TWRP completed for the Zone 3. Now if we could flash it. Haha. Anyway, I'll upload it this evening and send you a link @Astr4y4L. Maybe we can put it to use soon.


----------



## Astr4y4L (Aug 21, 2017)

MotoJunkie01 said:


> I think I've got my Rebel LTE carrier unlocked. Getting ready to try another GSM SIM card to see if it worked.
> Oh, and I've got TWRP completed for the Zone 3. Now if we could flash it. Haha. Anyway, I'll upload it this evening and send you a link @Astr4y4L. Maybe we can put it to use soon.

Click to collapse



Hey bro awesome I just got the zone3 and report it in good condition and working order.
Its charging I swapped Sims and already got a spam telephone call so its all back like before.
I'll root it tonight and be back to work on aboot. 
Gotta go the children of the son are having a party

---------- Post added at 01:05 PM ---------- Previous post was at 12:18 PM ----------




MotoJunkie01 said:


> I think I've got my Rebel LTE carrier unlocked. Getting ready to try another GSM SIM card to see if it worked.
> Oh, and I've got TWRP completed for the Zone 3. Now if we could flash it. Haha. Anyway, I'll upload it this evening and send you a link @Astr4y4L. Maybe we can put it to use soon.

Click to collapse



About the carrier unlock :
It should be similar for zone3 please let me know what's involved

---------- Post added at 01:45 PM ---------- Previous post was at 01:05 PM ----------

Just flashed pp2 waiting for my bootloops to stop and then I'll root and fix bootloops

---------- Post added at 01:46 PM ---------- Previous post was at 01:45 PM ----------

Just got Verizon screen now I'm gonna root


----------



## MotoJunkie01 (Aug 21, 2017)

Astr4y4L said:


> Hey bro awesome I just got the zone3 and report it in good condition and working order.
> Its charging I swapped Sims and already got a spam telephone call so its all back like before.
> I'll root it tonight and be back to work on aboot.
> Gotta go the children of the son are having a party
> ...

Click to collapse



OK brother. Glad you received it.


----------



## Astr4y4L (Aug 21, 2017)

MotoJunkie01 said:


> OK brother. Glad you received it.

Click to collapse



Hey bro I'm rooted , booted and stoked!
Can u use any zone3 bricks for parts? I got a few I could send ya on the first of the month...

---------- Post added at 04:41 PM ---------- Previous post was at 04:00 PM ----------

@jjangsangy
How did it go?
Is your problem solved?

---------- Post added at 03:59 PM ---------- Previous post was at 03:41 PM ----------

@Motojunki01
csmg.lgmobile.com:9002
Is lg's software servers....
How can we find the servers for AT&T cricket/Aio etc?


----------



## MotoJunkie01 (Aug 21, 2017)

Astr4y4L said:


> Hey bro I'm rooted , booted and stoked!
> Can u use any zone3 bricks for parts? I got a few I could send ya on the first of the month...
> 
> ---------- Post added at 04:41 PM ---------- Previous post was at 04:00 PM ----------
> ...

Click to collapse



I think I can run them down using a logcat reader and throwing a ping.


----------



## Astr4y4L (Aug 22, 2017)

MotoJunkie01 said:


> I think I can run them down using a logcat reader and throwing a ping.

Click to collapse



Bro if u find the ip's I'll try to figure a way for us to query it..
or at least possibly browse the content of the server..

And I'm trying to get fm radio working to listen to local stations
And
How did it go on the carrier unlock thing?


----------



## MotoJunkie01 (Aug 22, 2017)

Astr4y4L said:


> Bro if u find the ip's I'll try to figure a way for us to query it..
> or at least possibly browse the content of the server..
> 
> And I'm trying to get fm radio working to listen to local stations
> ...

Click to collapse



I'm not certain I'm carrier unlocked. The device is reading GSM SIM cards from other networks. However, upon setting the APNs that correspond with the networks, data isn't connecting on all networks. Life Wireless is working as well as H20 Wireless (both AT&T mvno subsidiaries. ) T-Mobile & T-Roc Wireless are both giving me problems. While its on my mind I'll install a logcat reader, and ping the UpdateAccessPoint config application. I'll see if I can grab us a URL or two.


----------



## Astr4y4L (Aug 22, 2017)

MotoJunkie01 said:


> I'm not certain I'm carrier unlocked. The device is reading GSM SIM cards from other networks. However, upon setting the APNs that correspond with the networks, data isn't connecting on all networks. Life Wireless is working as well as H20 Wireless (both AT&T mvno subsidiaries. ) T-Mobile & T-Roc Wireless are both giving me problems. While its on my mind I'll install a logcat reader, and ping the UpdateAccessPoint config application. I'll see if I can grab us a URL or two.

Click to collapse



That would be great see if you can capture the POST or GIT request and the header so we can spoof the user agent
It'd be sweet if we can pull att and aio firmwares !
If I could get a kdz for the cricket spree I have one of those that was rooted and I tried to flash a custom recovery but got dmvarity secure boot error... But with a proper firmware update it would be usable again...


----------



## MotoJunkie01 (Aug 22, 2017)

Astr4y4L said:


> That would be great see if you can capture the POST or GIT request and the header so we can spoof the user agent
> It'd be sweet if we can pull att and aio firmwares !
> If I could get a kdz for the cricket spree I have one of those that was rooted and I tried to flash a custom recovery but got dmvarity secure boot error... But with a proper firmware update it would be usable again...

Click to collapse



I recently studied an XDA tutorial from a dev that's a master at grabbing OTAs and builds exclusive to the update servers. That's the method I'm using.


----------



## Astr4y4L (Aug 22, 2017)

MotoJunkie01 said:


> I recently studied an XDA tutorial from a dev that's a master at grabbing OTAs and builds exclusive to the update servers. That's the method I'm using.

Click to collapse



That's super cool! Later when u get time post the link to the tut. Sounds like an interesting read.


----------



## MotoJunkie01 (Aug 22, 2017)

Astr4y4L said:


> That's super cool! Later when u get time post the link to the tut. Sounds like an interesting read.

Click to collapse



Hey I'm not getting any type of interceptible URL for OTA updates or factory firmware servers for the Rebel. I'm having the exact issue on an Alcatel Ideal for which I've released developments. AT&T is apparently the world's toughest OTA to capture (I can't even locate the updater.zip OTA file using a root explorer!) Any ideas @Astr4y4L?


----------



## Astr4y4L (Aug 22, 2017)

MotoJunkie01 said:


> Hey I'm not getting any type of interceptible URL for OTA updates or factory firmware servers for the Rebel. I'm having the exact issue on an Alcatel Ideal for which I've released developments. AT&T is apparently the world's toughest OTA to capture (I can't even locate the updater.zip OTA file using a root explorer!) Any ideas @Astr4y4L?

Click to collapse



Not sure what network setup u have but if u have another computer you could use a man-in-the-middle approach with a network tool like wireshark and ettercap use ettercap to capture all network packets and wireshark to analize the p.cap files u intercept .... maby

---------- Post added at 12:12 PM ---------- Previous post was at 12:00 PM ----------




MotoJunkie01 said:


> Hey I'm not getting any type of interceptible URL for OTA updates or factory firmware servers for the Rebel. I'm having the exact issue on an Alcatel Ideal for which I've released developments. AT&T is apparently the world's toughest OTA to capture (I can't even locate the updater.zip OTA file using a root explorer!) Any ideas @Astr4y4L?

Click to collapse



Also I remember something like this before ...
Turned out it was stored in /fota something or another. But wasn't identifiable as update or .zip it was actually a file with no .extention and was labeled. With numbers and letters ....
Can't remember what device that was but I think it was a model of att. Gophone.
But it definitely won't be labeled update.zip it was Capitol letters and numbers


----------



## MotoJunkie01 (Aug 22, 2017)

Astr4y4L said:


> Not sure what network setup u have but if u have another computer you could use a man-in-the-middle approach with a network tool like wireshark and ettercap use ettercap to capture all network packets and wireshark to analize the p.cap files u intercept .... maby
> 
> ---------- Post added at 12:12 PM ---------- Previous post was at 12:00 PM ----------
> 
> ...

Click to collapse



That is probably the issue. Good thinking. There is actually a partition called /fota


----------



## Astr4y4L (Aug 22, 2017)

MotoJunkie01 said:


> That is probably the issue. Good thinking. There is actually a partition called /fota

Click to collapse



Yea, u might try dumping the content of that partition ...
its wild all the krap they do to try to keep us from developing for our devices.  I know though that if u have a usb stick u can download kali linux live .iso use dd to put it on the stick and use that liveboot stick to perform all kinds of kool test on your network ... including redirection of HTTP and capturing of network traffic's. And if by chance its using a secure protocol 
Such as ssl there's something to strip that too

Oh and if u want to make the boot stick from windows environment without downloading cygwin... I recommend a program called Rufus


----------



## MotoJunkie01 (Aug 22, 2017)

Astr4y4L said:


> Yea, u might try dumping the content of that partition ...
> its wild all the krap they do to try to keep us from developing for our devices. I know though that if u have a usb stick u can download kali linux live .iso use dd to put it on the stick and use that liveboot stick to perform all kinds of kool test on your network ... including redirection of HTTP and capturing of network traffic's. And if by chance its using a secure protocol
> Such as ssl there's something to strip that too
> 
> Oh and if u want to make the boot stick from windows environment without downloading cygwin... I recommend a program called Rufus

Click to collapse



Yes I love RUFUS for all my Windows software packages for both USB flash drive, DVD & CD.  I just found a fota URL as well. Soon as I decipher this stuff a little I'll forward the URL. Out of all things, it was the stock ro.build.jrdlogger that captured the URL.
PS. Here is a kernel enabler for USB OnTheGo support for the K4, Zone 3, Rebel, etc. 
persist.sys.isUsbOtgEnabled=1
And here is a single entry that significantly optimizes all available free RAM:
ro.config.low_ram=true


----------



## MotoJunkie01 (Aug 22, 2017)

I can confirm full GSM domestic SIM unlock (DSU)
on my LG Rebel LTE (LG L43AL) Tracfone. Life Wireless, H20 Wireless, Red Pocket Wireless, AT&T, T-Mobile, T-Roc Wireless, and Ting all confirmed fully working. I'll PM you the build.prop edits and tweaks needed for DSU this evening. I strongly assume this will work as well on your Rebel variant.


----------



## Astr4y4L (Aug 23, 2017)

MotoJunkie01 said:


> I can confirm full GSM domestic SIM unlock (DSU)
> on my LG Rebel LTE (LG L43AL) Tracfone. Life Wireless, H20 Wireless, Red Pocket Wireless, AT&T, T-Mobile, T-Roc Wireless, and Ting all confirmed fully working. I'll PM you the build.prop edits and tweaks needed for DSU this evening. I strongly assume this will work as well on your Rebel variant.

Click to collapse



I bet IT would but still can't find an exploit for it... and what sucks is if I had root on it it would be an awsome phone...
Oh well . Anyhow please do send me the info.
Id love to get that to work on this zone3 and I bet it will .
I really need that on the zone 3 so I can keep my favorite fone and ditch bigred

---------- Post added at 06:12 PM ---------- Previous post was at 06:07 PM ----------




MotoJunkie01 said:


> Yes I love RUFUS for all my Windows software packages for both USB flash drive, DVD & CD.  I just found a fota URL as well. Soon as I decipher this stuff a little I'll forward the URL. Out of all things, it was the stock ro.build.jrdlogger that captured the URL.
> PS. Here is a kernel enabler for USB OnTheGo support for the K4, Zone 3, Rebel, etc.
> persist.sys.isUsbOtgEnabled=1
> And here is a single entry that significantly optimizes all available free RAM:
> ro.config.low_ram=true

Click to collapse



That's hilarious  beat em to death with thair own code
And binarys...
Haha. Will try the .prop edits directly


----------



## MotoJunkie01 (Aug 23, 2017)

Astr4y4L said:


> I bet IT would but still can't find an exploit for it... and what sucks is if I had root on it it would be an awsome phone...
> Oh well . Anyhow please do send me the info.
> Id love to get that to work on this zone3 and I bet it will .
> I really need that on the zone 3 so I can keep my favorite fone and ditch bigred
> ...

Click to collapse



My Rebel uses a 5.1.1 LL build which is susceptible to the old brown dirty ass cow exploit, for a means by which to achieve temp root & adb shell to at least mod build.prop. Did you mention yours was a variant with a 6.0.x MM ROM? Is the security patch level prior to like December, 2016. Or you already tried the Begrimed Bos Taurus (LOL, Dirty Cow)?


----------



## Astr4y4L (Aug 23, 2017)

MotoJunkie01 said:


> My Rebel uses a 5.1.1 LL build which is susceptible to the old brown dirty ass cow exploit, for a means by which to achieve temp root & adb shell to at least mod build.prop. Did you mention yours was a variant with a 6.0.x MM ROM? Is the security patch level prior to like December, 2016. Or you already tried the Begrimed Bos Taurus (LOL, Dirty Cow)?

Click to collapse



Security patch=12-01-2016
And I believe it is susceptible...
Which version of the browncow are u using?

---------- Post added at 06:06 PM ---------- Previous post was at 06:03 PM ----------

Right now... I'm booting up. Cyber Sloup and going to poke at the rebel now


----------



## MotoJunkie01 (Aug 23, 2017)

From everything I've read, Google AOSP did not patch the Brown Cow exploit until either December, 2016 or January, 2017. I use the dirtycow.sh version that can be ran from a terminal emulator. I think I got it from XDA. I can link you a copy if you need


----------



## Astr4y4L (Aug 23, 2017)

MotoJunkie01 said:


> From everything I've reatd, Google AOSP did not patch the Brown Cow exploit until either December, 2016 or January, 2017. I use the dirtycow.sh version that can be ran from a terminal emulator. I think I got it from XDA. I can link you a copy if you need

Click to collapse



Yea send me the link. I just tried the crwoot.apk and it says my device isn't vulnerable...
But I ran a dirtycow from adb and it gave me the madvise and said exploited...
Haveing troubles though with the version I have.. Not sure what to do about getting the run-as shell... Maby if i try the windows version....


----------



## MotoJunkie01 (Aug 23, 2017)

MotoJunkie01 said:


> From everything I've read, Google AOSP did not patch the Brown Cow exploit until either December, 2016 or January, 2017. I use the dirtycow.sh version that can be ran from a terminal emulator. I think I got it from XDA. I can link you a copy if you need

Click to collapse



Here is the OTA access point URL I grabbed using a default.prop logger on one of my Alcatel devices. 
http://www-ccpp.tcl-ta.com/files/4060A.xml
Its a link for some source code it looks like, but I think there are some more URL captures within the source code.


----------



## MotoJunkie01 (Aug 23, 2017)

Astr4y4L said:


> Yea send me the link. I just tried the crwoot.apk and it says my device isn't vulnerable...
> But I ran a dirtycow from adb and it gave me the madvise and said exploited...
> Haveing troubles though with the version I have.. Not sure what to do about getting the run-as shell... Maby if i try the windows version....

Click to collapse



Here is a DirtyCow script for a SonyXperia I think. This should give you the links and enough info to execute the script for temp root shell. 
https://forum.xda-developers.com/xperia-x-performance/how-to/dirtycow-temp-root-t3503918 This script is geared towards Marshmallow Stock specifically


----------



## Astr4y4L (Aug 23, 2017)

cant get it to work on run-as... wtf ?

#################################################
[email protected]:/data/local/tmp $ ls
dirtycow
my-run-as
[email protected]:/data/local/tmp $ ./dirtycow
/system/bin/sh: ./dirtycow: can't execute: Permission denied
126|[email protected]:/data/local/tmp $ chmod 0777 *                                   
[email protected]:/data/local/tmp $ ./dirtycow                                         
usage ./dirtycow /default.prop /data/local/tmp/default.prop
dirtycow /system/bin/run-as /data/local/tmp/my-run-as                         <
warning: new file size (13796) and file old size (17920) differ

size 17920


[*] mmap 0xb6de6000
[*] exploit (patch)
[*] currently 0xb6de6000=464c457f
[*] madvise = 0xb6de6000 17920
[*] madvise = 0 1048576
[*] /proc/self/mem 1610612736 1048576
[*] exploited 0xb6de6000=464c457f
[email protected]:/data/local/tmp $ run-as con
run-as: Package 'con' is unknown
254|[email protected]:/data/local/tmp $ 
###############################################
it says exploited ... but i must be missing something...
IDK ??? !!!
how to confirm anything is actually being exploited ?
any idea ?
possibly place a dummy.txt file somewhere saying " it don't work    "
and a new dumdum.txt file saying " it worked  " in /tmp and see if it swapps them ?
im at a loss..


----------



## MotoJunkie01 (Aug 23, 2017)

Looks fine. Remember the DirtyCow script is nothing more than a privilege escalation exploit. You may get temp root and a working adb shell, now that you have escalated the privileges. Hang on, I almost forgot the most important part. Looking great so far. BRB
OK here is what I meant to include earlier. This concept will allow you to make partition image dumps using a Dirty Cow temp root script. Try thus now and I think you've got it. Dump the whole system image & boot image for example. 
https://forum.xda-developers.com/an.../tool-testing-dirtydump-to-dump-boot-t3544284


----------



## Astr4y4L (Aug 23, 2017)

MotoJunkie01 said:


> Looks fine. Remember the DirtyCow script is nothing more than a privilege escalation exploit. You may get temp root and a working adb shell, now that you have escalated the privileges. Hang on, I almost forgot the most important part. Looking great so far. BRB
> OK here is what I meant to include earlier. This concept will allow you to make partition image dumps using a Dirty Cow temp root script. Try thus now and I think you've got it. Dump the whole system image & boot image for example.
> https://forum.xda-developers.com/an.../tool-testing-dirtydump-to-dump-boot-t3544284

Click to collapse



Kool im gonna give it a read and I'll get back to it...
Stupid storms killed rhe power so it may be tomorrow before I get a chance to try it


----------



## MotoJunkie01 (Aug 23, 2017)

Astr4y4L said:


> Kool im gonna give it a read and I'll get back to it...
> Stupid storms killed rhe power so it may be tomorrow before I get a chance to try it

Click to collapse



Storms just touched down in Southeastern KY as well. Oh hell, lightnin' in dem Appleaishuns you dag burn varments


----------



## chwang13 (Aug 23, 2017)

*Rooted!!!!!! need help with getting it to work with T-mobile/Trurconnect SIM*

Greetings..
Yay!!! I can also confirm another successfully rooted Zone 3. Thanks so much for the info and the write-up!!!!  I'm so excited hopeful for what else is possible. The whole process went fairly smoothly considering that I'm a noob at this.  Next i'd like to get this device to work with a Truconnect/(T-MOBILE network) SIM.  I've been reading all the posts and have done the steps below  provided by MotoJunkie01 to modify the build.prop file and renaming the vzw*.apk files.  But I'm not sure about the node.db files, etc and whatever else that needs to be configured.  I guess at this point I should express my gratitude for the excellent work that's been done and seek help on making this phone work with other carrier SIMs.   Any help on this is is much appreciated..



x said:


> Yes. GSM unlock is still holding via root. This device is GSM unlockable in much the same way as the Lg Tribute 5, with replacement node.db and node-journal.db files in /root/carrier/app, and the standard "SPR" edit in build.prop. I'm still running the old LGVS425PP2.
> 
> Sent from my Galaxy Note 5 using XDA Labs.

Click to collapse





MotoJunkie01 said:


> OK, first things first. After obtaining root- preferably by using the OP's detailed and comprehensive method-you will need to download a build.prop editor and add the following lines to the Zone 3's build.prop:
> 
> telephony.lteOnCdmaDevice = 0
> ro.telephony.default_network = 3
> ...

Click to collapse


----------



## MotoJunkie01 (Aug 23, 2017)

chwang13 said:


> Greetings..
> Yay!!! I can also confirm another successfully rooted Zone 3. Thanks so much for the info and the write-up!!!! I'm so excited hopeful for what else is possible. The whole process went fairly smoothly considering that I'm a noob at this. Next i'd like to get this device to work with a Truconnect/(T-MOBILE network) SIM. I've been reading all the posts and have done the steps below provided by MotoJunkie01 to modify the build.prop file and renaming the vzw*.apk files. But I'm not sure about the node.db files, etc and whatever else that needs to be configured. I guess at this point I should express my gratitude for the excellent work that's been done and seek help on making this phone work with other carrier SIMs. Any help on this is is much appreciated..

Click to collapse



As more solid development comes forth, in addition to some general housekeeping & maintenance of existing development threads, this device will have easy to locate guides, mods, kernels, and hopefully, a functional & easy to install TWRP custom recovery. I recently ported a TWRP build for the Zone 3. Now getting permanent and seamless installation should follow. The same goes for the Domestic SIM Unlock (DSU) mod to which you referred in your post. The problem now with the DSU mod is that I formulated it during the very early days of the Zone 3, when Build  VS425PP2 was still available as an OTA update to the initial release firmware. As firmware builds progressed, and the  maintaining of  root access became increasingly problematic with each passing build, we slowly began to surmise that firmware downgrading (by modding LG UP device flashing protocols.), was the only known methodology by which to regain root access on many builds. So, going back to the DSU Mod we mentioned, that Mod was dependent, among other things, on the Partition Index Table & baseband firmware structure of the PP2 Build. If you are familiar with downgrading stock firmware packages, then you'll recall that while downgrading can be usually be performed safely & efficiently, with no great concern of the risk of hard bricking a device. However, downgrading also brings me to my point -- and a consistent phenomenon which occurs  across pretty much all of the manufacturer spectrum -- once a partition index table update has been flashed to the eMMC of a smart device, there is no unringing the proverbial bell. For example, while it is certainly feasible to downgrade from a newer build to an earlier build, the partition index itself can never be reverted back to that earlier build. And this isn't generally a negative factor. Updated partition indexes are normally a positive thing, and bring many updates in security features, performance standards, etc. Example: the A/B partitioning  system incorporated into the release of Android 7.0 Nougat, which allows for seamless and in the background OTA installations without the need for an immediate reboot. But in certain isolated situations, the DSU Mod being the case in point, I am currently unable to replicate the mod due to changes in size & format of /fsg, /ssd, /modemst1, /modemst2, and /fsc -- changes which simply cannot be reverted to their original, initial firmware release state. Thanks to the hard work of Devs like @Astr4y4L, at least cellular & data connectivity have been fixed in scenarios involving downgrading. Even now, another perfect example of this involves the Zone 3 members who own a device which shipped with PP5 firmware builds. Downgrading from that particular build caused screen resolution bugs, video driver failures, a failure of cellular communications, among other things. Last I heard @Astr4y4L was decompiling the application bootloader and has made some recent developments and headway on those issues. 
Yes I've rattled on long enough. But, due to our upcoming revised and revisited downgrading/rooting tutorials, this paragraph was the best way to get new & old thread members up to speed on things.


----------



## Astr4y4L (Aug 23, 2017)

@MotoJunkie01
Can u plz explain this ?
" standard "SPR" edit in build.prop. "
I know build prop but what is spr?

---------- Post added at 08:42 AM ---------- Previous post was at 08:32 AM ----------




MotoJunkie01 said:


> As more solid development comes forth, in addition to some general housekeeping & maintenance of existing development threads, this device will have easy to locate guides, mods, kernels, and hopefully, a functional & easy to install TWRP custom recovery. I recently ported a TWRP build for the Zone 3. Now getting permanent and seamless installation should follow. The same goes for the Domestic SIM Unlock (DSU) mod to which you referred in your post. The problem now with the DSU mod is that I formulated it during the very early days of the Zone 3, when Build  VS425PP2 was still available as an OTA update to the initial release firmware. As firmware builds progressed, and the  maintaining of  root access became increasingly problematic with each passing build, we slowly began to surmise that firmware downgrading (by modding LG UP device flashing protocols.), was the only known methodology by which to regain root access on many builds. So, going back to the DSU Mod we mentioned, that Mod was dependent, among other things, on the Partition Index Table & baseband firmware structure of the PP2 Build. If you are familiar with downgrading stock firmware packages, then you'll recall that while downgrading can be usually be performed safely & efficiently, with no great concern of the risk of hard bricking a device. However, downgrading also brings me to my point -- and a consistent phenomenon which occurs  across pretty much all of the manufacturer spectrum -- once a partition index table update has been flashed to the eMMC of a smart device, there is no unringing the proverbial bell. For example, while it is certainly feasible to downgrade from a newer build to an earlier build, the partition index itself can never be reverted back to that earlier build. And this isn't generally a negative factor. Updated partition indexes are normally a positive thing, and bring many updates in security features, performance standards, etc. Example: the A/B partitioning  system incorporated into the release of Android 7.0 Nougat, which allows for seamless and in the background OTA installations without the need for an immediate reboot. But in certain isolated situations, the DSU Mod being the case in point, I am currently unable to replicate the mod due to changes in size & format of /fsg, /ssd, /modemst1, /modemst2, and /fsc -- changes which simply cannot be reverted to their original, initial firmware release state. Thanks to the hard work of Devs like @Astr4y4L, at least cellular & data connectivity have been fixed in scenarios involving downgrading. Even now, another perfect example of this involves the Zone 3 members who own a device which shipped with PP5 firmware builds. Downgrading from that particular build caused screen resolution bugs, video driver failures, a failure of cellular communications, among other things. Last I heard @Astr4y4L was decompiling the application bootloader and has made some recent developments and headway on those issues.
> Yes I've rattled on long enough. But, due to our upcoming revised and revisited downgrading/rooting tutorials, this paragraph was the best way to get new & old thread members up to speed on things.

Click to collapse



I can whip-up the stock gpt.img from pp2 if anyone knows how or where to use it....
It's Listed in my chunk files so I could surely create an .img from it but haven't fooled with it because it was no use to what we've so far been working on.


----------



## MotoJunkie01 (Aug 23, 2017)

@Astr4y4L, can you possibly pack the chunks into a TOT or kdz? I also have a firmware flashing utility called LG Flash Tool 2014, and any other called the Verizon LG Firmware Upgrade & Repair Utility. Both of those do make certain. Rollback prevention & hash checks during flashing. But hey we fooled downgrade protection on LG's own LG-UP for Store.


----------



## Astr4y4L (Aug 23, 2017)

MotoJunkie01 said:


> @Astr4y4L, can you possibly pack the chunks into a TOT or kdz? I also have a firmware flashing utility called LG Flash Tool 2014, and any other called the Verizon LG Firmware Upgrade & Repair Utility. Both of those do make certain. Rollback prevention & hash checks during flashing. But hey we fooled downgrade protection on LG's own LG-UP for Store.

Click to collapse



Repacking to kdz wouldn't be too hard.
Curiously I. Cant find the info or a tut nor tools for building .tot
If u seen something I missed plz point me at it and I'll take a whack at it.
I was thinking along those same lines the other day ...
Maby one of those could save the spree....
If I could only find a firmware for it...
Also thinking maby I can tweak those dlls on the .kdz/lgup to possibly trick it into flashing an older version of the spree firmware ...


----------



## Astr4y4L (Aug 23, 2017)

@MotoJunkie01

ok well heres a bit more progress on aboot....
i'm getting closer 
here's a selection of code from aboot for u to look at
#########################################################################################################################################################################################################



@^@^@target/msm8909_e1/init.c^@^@^@^@%x^@^@restart_reason: 0x%x
^@^@^@Going down for shutdown.
^@^@^@Failed to halt pmic arbiter: %d
^@^@^@^@Rebooting failed
^@^@^@Platform type: %u is not supported
^@WARN: Invalid input param
^@^@WARN: Cannot get flash partition table
^@WARN: Cannot get partition index for %s
^@^@^@^@root=^@^@^@DEBUG: cmdline has root=
^@^@^@ root=^@^@ root=/dev/mtdblock%d^@^@^@PON_PON_PBL_STATUS:0x%x
^@^@^@^@PON_PON_REASON1:0x%llx
^@PON_WARM_RESET_REASON1:0x%llx
^@^@PON_WARM_RESET_REASON2:0x%llx
^@^@PON_POFF_REASON1:0x%llx
^@^@^@^@PON_POFF_REASON2:0x%llx
^@^@^@^@PON_SOFT_RESET_REASON1:0x%llx
^@^@PON_SOFT_RESET_REASON2:0x%llx
^@^@TEMP_ALARM_STATUS1:0x%x
^@^@^@^@ERROR: unable to read smem for pon
^@target_pause_for_battery_charge() started.
^@skip off-mode charger : factory cable is connected
^@ssd^@Error: ssd partition not found
^@Error: invalid ssd partition size
^@^@Error: allocating memory for ssd buffer
^@^@^@^@Error: cannot read data
^@^@^@^@target_init()
^@^@Error reading the partition table info
^@ERROR: unable to read shared memory for power on reason
^@^@^@^@PON_PON_REASON1:%#llx
^@^@PON_POFF_REASON1:%#llx
^@target/msm8909_e1/meminfo.c^@smem_ram_ptable_init_v1()^@^@^@index : %d, start$
^@^@^@^@Failed to add secondary banks memory addresses
^@target_panel_reset^@^@target_backlight_ctrl^@^@^@[Display] failed to initiali$
^@target/msm8909_e1/target_display.c^@^@[Display] i2c_init success
^@[Display] qup_i2c_xfer error, %d
^@^@^@[Display] i2c_write_reg addr : %d, val : %d
^@^@^@^@[Display] %s: enable=%d, bl_type=%d
^@^@^@^@[Display] backlight_on
^@[Display] backlight_off
^@^@^@^@[Display] %s: Failed to restore MDP security configs^@^@^@^@[Display] N$
^@^@^@[Display] %s: reset_gpio_id: %d
^@^@^@^@qcom,mdss_dsi_tcl_ili9806e_fwvga_video_panel^@^@^@^@[Display] Display %$
^@^@^@^@none^@^@^@^@[Display] Selected %s: Skip panel configuration
^@^@^@^@sim_video_panel^@sim_cmd_panel^@^@^@[Display] %s: +
^@^@^@^@[Display] %s: -
^@^@^@^@[Display] [TOUCH] display_i2c_deinit success
^@^@^@target_panel_clock^@^@target_display_init^@failed to initialize i2c dev
^@^@^@target/msm8909_e1/module_detect.c^@^@^@[TOUCH] touch_i2c_init success
^@[TOUCH] touch_i2c_deinit success
^@^@^@[TOUCH] touch id is %d, [0x%02x%02x]%x
^@[TOUCH] touch_i2c_deinit success
^@^@^@[TOUCH] touch id is %d, [0x%02x%02x]%x
^@[TOUCH] Fail read data from IC(slave addr : 0x%02X)
^@^@^@^@PRIMARY_MODULE^@^@SECONDARY_MODULE^@^@^@^@TERITARY_MODULE^@QUATENARY_MO$
^@^@[Display] OEM panel override:%s
^@^@^@^@[Display] Display not enabled for %d HW type
^@^@^@PMIC_8941^@^@^@dsi:0:^@^@qcom,mdss-dsi-panel^@DISPLAY_1^@^@^@{^@^@^@ ^@^@$
^@^@^@^@ERROR: unable to write shared memory for ID_VENDOR2
^@^@^@^@Could not set %d value to %s property in the chosen node.
^@^@Could not set %lld value to %s property in the chosen node.
^@^@^@^@Could not set %s value to %s property in the chosen node.
^@^@bootcmd_add_pair^@^@^@^@bootcmd_list_deinit^@<�d�H�d�P�d�\�d�l�d�t�d���d���$
^@^@^@^@%s: invalid key=%p or value=%p
^@%s: bootcmd list not found, key=%s
^@%s: invalid key
^@^@^@^@%s: invalid key size
^@^@^@%s: already exist key(%s)
^@^@%s: memory allocation failed
^@^@^@%s: initalized fail at the %d
^@^@%s: memory allocation failed
^@^@^@%s: initalized fail at the %d
^@^@%s: already exist key & value(%s, %s)
^@^@%s: value changed from %s to %s at %s
^@^@%s: bootcmd is not initialized
^@
appended LGE boot command list is belows:
^@ [%2d] key=%s, value=%s
^@^@^@^@FOTA_Reboot^@FOTA_Reboot_LCDOFF^@^@Reboot_by_Battery^@^@^@Recovery_mode$
^@%s: too much long cmdline size(%d)
^@bootcmd: %s=%s
^@bootcmd: %s
^@^@^@^@%s : remove all bootcmd_arg
^@^@^@^@lge.uart^@^@^@^@lge.rev^@lge.battid^@^@lge.bootreason^@^@maxcpus^@andro$
^@^@^@^@Thermal Bite!
^@^@LK Crash!
^@^@Crash on the LAF!
^@^@DBI Apps Watchdog Reset!
^@^@^@DBI Err Fatal!
@^@DBI Apps Watchdog Reset!
^@^@^@DBI Err Fatal!
^@DBI Undefined Error!
^@^@^@Unknown Reset!
^@Apps Watchdog Bite!
^@^@^@^@TZ Crash!
^@^@Apps Watchdog Bark!
^@^@^@^@Apps FIQ: AHB timeout!
^@Apps FIQ: OCMEM NOC Error!
^@Apps FIQ: MM NOC Error!
^@^@^@^@Apps FIQ: Periphral NOC Error!
^@Apps FIQ: SYS NOC Error!
^@^@^@Apps FIQ: CONF NOC Error!
^@^@TZ Undefined Error!
^@^@^@^@RPM Crash!
^@RPM Watchdog Bite!
^@RPM Undefined Error!
^@^@^@Kernel Crash!
^@^@Kernel Undefined Error!
^@^@^@Kernel Crash!
^@^@Kernel Undefined Error!
^@^@^@^@Undefined error^@subsys-restart: Failed to shutdown^@^@subsys-restart: $
^@^@%s: disabled as default
^@^@^@^@disable^@%s: board revision value is %d from smem
^@^@^@%s: smem read failed
^@^@^@%s: usb cable type is %d from smem
^@%s: usb port type is %d from smem
^@^@%llu^@^@^@^@androidboot.ddr_size^@^@^@^@%s: DDR Size info %llu from smem
^@^@^@mfts mode!!
^@^@^@^@mfts.mode^@^@^@%s: lcd maker id is %d from smem
^@^@^@ERROR: unable to read shared memory for battery info
^@^@^@batt_info = %d
^@DS2704_N^@^@^@^@DS2704_L^@^@^@^@DS2704_C^@^@^@^@ISL6296_N^@^@^@ISL6296_L^@^@^$
^@^@^@normal^@^@qem_56k^@qem_130k^@^@^@^@qem_910k^@^@^@^@pif_56k^@pif_130k^@^@^$
^@^@without usb cable or DCP type
^@^@with usb cable(not DCP or factory cable)
^@^@^@final key combination: vol_up=%d, vol_down=%d, power=%d, home=%d
^@^@^@with factory usb cable
^@selectmode_get_current_key_info^@Failed to read SMEM_ID_VENDOR2
^@%s : log_size: %d is not normal!!
^@^@skip sbl log!!
^@%s : sbl_log=%p, log_size=%d, delta_time=%d
^@^@^@^@%c^@^@sbl_log_init^@^@^@^@ftm_get_item^@^@^@^@ftm_add_item^@^@^@^@ftm_m$
^@^@^@^@BSP Forever^@%s: target is not emmc boot
^@^@^@^@%s: failed get offset
^@^@%s: mmc read failure
^@^@^@%s: FTM magic string is not equal. %s
^@^@%s: id=%d, val buf is NULL
^@%s: out of id range(%d)
^@^@^@^@%s: invalid id(%d)
^@%s: mmc write failure - %s
^@%s: mmc read failure - %s
^@^@misc: imei code read failed
^@^@^@^@misc: csn code read failed
^@get_qem = %d
@^@^@webdload status:%d
^@%s: FTM partition can't use
^@^@^@^@%s: name len(%d) is so long
^@^@^@^@%s: FTM item init failed in %d
^@KSwitch: %s
^@^@^@^@kswitch=^@^@^@^@%s: failed alloc memory
^@^@^@^@%s: mmc write failure!
^@is_mfts_mode = %d
^@^@ftm_check_validation^@^@^@^@ftm_set_item^@^@^@^@ftm_init^@^@^@^@get_image_i$
^@^@^@raw_resources^@^@^@%s: No '%s' partition found
^@^@^@^@%s: Read request out of '%s' boundaries
^@^@^@^@%s: memory allocation failed.
^@^@%s: Reading MMC failed
^@%s: %s partition not supported for NAND targets.
^@^@^@%s: Reading magic info failed
^@^@BOOT_IMAGE_RLE^@^@%s: Memory allocation for img_info failed.
^@%s: Reading image info failed
^@^@%s: No image data
^@^@%s: Reading image data failed: offset = 0x%X, size = %d
^@^@^@^@%s: total_num is invalid (%d)
^@^@%s: Image not found
^@^@^@^@%s: failed: %s, %d
^@load_charger_image^@^@lglogo_image^@^@^@^@^A^@^@^@^P^@^@^@��d�^C^@^@^@^@^@^@^$
^@^@^@^@verify_image : %d
^@^@keystore length is invalid.
^@^@^@^@%s is loaded
^@^@^@unknown platform id : %d
^@^@^@%08X%08X^@^@^@^@%02X^@^@^@^@KSNO^@^@^@^@KSOK^@^@^@^@No memory!
^@%s,%d^@^@^@No unlock key!
^@Found unlock key!
^@^@sig is null : %d
^@^@^@DeviceID : %s
^@^@000000000000000^@IMEI : %s
^@^@NONCE : %d @killswitch^@^@public key mismatch : %s
^@^@^@unlock key mismatch
^@^@^@^@rct^@partition table doesn't exist
^@^@%d^@^@ OFFICIAL !!
^@^@^@ MODIFIED !!
^@^@^@--------------------------------------------
^@^@^@ Secure booting Error!
^@ Error Code : %d
^@^@^@ANDROID!^@^@^@^@%s  : 0x%x(0x%x)
^@^@^@kernel^@^@ramdisk^@second^@^@dt^@^@%d version not support
^@Boot state is locked
^@^@^@kernel  : 0x%x(0x%x)
^@^@^@ramdisk  : 0x%x(0x%x)
^@^@gpt_integrity : invalid param
^@^@gpt_integrity : %4d-%s
^@gpt_integrity : %s partition not exist
^@gpt_integrity : %s partition mismatch : %llx:%llx, %llx:%llx
^@^@^@LGE_KEYSTORE^@^@^@^@version^@keyalias^@^@^@^@mykeybag^@^@^@^@KEYBAG^@^@my$
^A^A^K0�^A
^B�^A^A^@��.#�m�]�E�^Ac^0�^X<�7E=��k���v�l^O7�V���^Q�6^Cz�O���>�'c{�\9�e^H�b�O�$
�ɋ�̊^A�^L�^SŐ�u����ܬT'�͚*��Xh�@`��^A^B^C^A^@^A^@0�^A8^B^A^@^S^Pksut_vzw_msm89090�$
^A^A^K0�^A
^B�^A^A^@�!�ƆC��^H��
�b��g�^K^P��R
^U� ^K/(^Y-y��6���V^Bu�Y&W^E�^G^]���^[˼���>sg�^R5�!Y�YT��5^W��^_^G^F^_^W��^@���$
���^[email protected]���Y��z$H^B�m�)�h_W^U��1{�^L��^]<Uj^F9V�.i����!NT�O+^B^C^A^@^Acheck FTM m$
^@firstboot already finished
^@firstboot and try to update gpt
^@^@^@^@card info : last LBA %lld, backup gpt %lld
^@userdata^@^@^@^@%d,%d^@^@^@%s_%d^@^@^@androidboot.wp_addr^@cmd valud = %s
^@lge,sbl_delta_time^@^@lge,lk_delta_time^@^@^@lge,log_buffer_phy_addr^@lge,log$
^@^@^@status^@^@Failed to move/resize dtb buffer: %d
^@^@^@Failed to change Uart dts status : %d
^@^@vmalloc^@400m^@^@^@^@gpt^@model.name^@^@bootcable.type^@^@fakebattery^@lge.$
^@^@Rooted^@^@system_recovery_vzw_modified^@^@^@^@Rooted (%u)
^@^@^@^@%s: should be implemented
^@^@powered_android_image^@^@^@system_recovery_menu_image^@^@SM_SAFE_MODE start
^@lge.vzw_safe_mode^@^@^@SM_USB_DEBUG_MODE start
^@^@^@^@adb_enable^@^@SM_FACTORY_RESET start
^@SM_WIPE_CACHE start
^@^@^@^@SM_POWER_DOWN start
^@^@^@^@vzw_factory_power_off_image^@%s: selectmode_get_mode()=%d
^@^@^@SM_NATIVE_RECOVERY start
^@^@^@SM_VZW_SYSTEM_RECOVERY start
^@^@^@SM_LAF_DOWNLOAD start
^@^@SM_DEBUG start
^@SM_NONE
^@^@^@^@system_recovery_continue_image^@^@system_recovery_safemode_image^@^@sys$
^@if flashing complete, add the dlcomplete property.
^@androidboot.dlcomplete^@^@do not enter dload mode.
^@^@^@detect the volume up key + USB.
^@^@^@^@reboot reason is the laf boot.
^@910K : fr_pon_reason = 0x%x, fr_poff_reason = 0x%x
^@not enter laf mode after factory reset or mode reset for factory download.
^@detected the 910K USB cable.
^@^@^@56K^@130K^@^@^@^@910K^@^@^@^@VUSER^@^@^@^@^@`�^@^@`�^A^@^@^@^L^\^@^@^@^@^$
^@^@^@^@platform/msm8909/platform.c^@(ptn_entry.start & (MB-1)) == 0^@usb_iface$
^@^@^@platform/msm8909/acpuclock.c^@^@^@^@usb_core_clk^@^@^@^@failed to set usb$
^@^@^@^@failed to set usb_iface_clk after async ret = %d
^@^@^@sdc%u_iface_clk^@failed to set sdc1_iface_clk ret = %d
^@^@sdc%u_core_clk^@^@sdc frequency (%u) is not supported
^@^@^@^@failed to set %s ret = %d
^@^@uart%u_iface_clk^@^@^@^@uart%u_core_clk^@blsp%u_ahb_clk^@^@Failed to enable$
^@^@blsp%u_qup%u_i2c_apps_clk^@^@^@Failed to get %s
^@^@^@Failed to enable %s
^@^@^@^@ce%u_src_clk^@^@^@^@failed to set ce%u_src_clk ret = %d
^@^@^@^@ce%u_core_clk^@^@^@failed to set ce%u_core_clk ret = %d
^@^@^@ce%u_ahb_clk^@^@^@^@failed to set ce%u_ahb_clk ret = %d
^@^@^@^@ce%u_axi_clk^@^@^@^@failed to set ce%u_axi_clk ret = %d
^@^@^@^@mdp_ahb_clk^@failed to set mdp_ahb_clk ret = %d
^@mdss_mdp_clk_src^@^@^@^@failed to set mdp_clk_src ret = %d
^@mdss_vsync_clk^@^@failed to set mdss vsync clk ret = %d
^@^@mdss_mdp_clk^@^@^@^@failed to set mdp_clk ret = %d
^@mdss_axi_clk^@^@^@^@failed to set mdss_axi_clk ret = %d
^@^@^@^@mdss_esc0_clk^@^@^@failed to set esc0_clk ret = %d
^@^@^@^@sdc1_iface_clk^@^@sdc1_core_clk^@^@^@sdc2_iface_clk^@^@sdc2_core_clk^@^$
^@^@^@^@platform/msm8909/gpio.c^@Incorrect BLSP id %d
^@^@^@HALT: reboot into dload mode...
^@^@^@^@HALT: reboot_device failed
^@HALT: set_download_mode not supported
^@^@HALT: spinning forever...
^@^@smem_write_alloc_entry: len does not aligned
^@^@^@smem_write_alloc_entry: type is out of range
^@^@^@smem_write_alloc_entry: smem does not allocated
^@^@^@^@smem_write_alloc_entry: size does not matched
^@^@ERROR: Unknown smem ram ptable version: %u^@^@platform/msm_shared/smem_ptab$
^@0:APPS^@^@ERROR: Wrong smem_ram_ptable version: %u^@^@^@^@sbl1^@^@^@^@sbl2^@^$
^@MBR signature does not match.
^@^@Error allocating memory while reading partition table
^@^@Could not read partition from mmc
^@^@get_gpt_crc_header gpt
^@Failed to Allocate memory to read partition table
^@^@GPT: Could not read primary gpt from mmc
^@^@^@GPT: header_crc (before) = %X
^@^@GPT: header_crc (after) = %X
^@^@^@platform/msm_shared/partition_parser.c^@^@partition_entries^@^@^@MMC Boot$
^@GPT: (WARNING) Primary signature invalid
^@^@^@card_size_sec > 0^@^@^@GPT: Could not read backup gpt from mmc
^@^@^@^@GPT: Primary and backup signatures invalid
^@partition_count < NUM_PARTITIONS^@^@^@^@GPT: mmc read card failed reading par$
^@^@^@MMC Boot: GPT read failed!
^@NULL partition
^@Failed to write mbr partition
^@^@Failed to write EBR block to sector 0x%X
^@^@^@Failed to re-read mbr partition.
^@^@^@GPT: Primary signature invalid cannot write GPT
^@^@^@^@GPT: Backup signature invalid cannot write GPT
^@Failed to erase the eMMC card
^@^@Failed to write Protective MBR
^@Failed to write GPT header
^@Failed to write GPT backup header
^@^@GPT: Could not write GPT Partition entries array
^@^@^@Re-reading the GPT Partition Table
^@GPT: Partition Table written
^@^@^@Re-Flash all the partitions
^@^@^@^@Failed to write MBR block to mmc.
^@^@MBR written to mmc successfully
^@^@^@^@Writing MBR partition
^@^@Writing GPT partition
^@^@Invalid partition name passed
^@^@Error unable to find partition : [%s]
^@^@modem^@^@^@mdm^@system^@^@persist^@cache^@^@^@tombstones^@^@H^Ve�T^Ve�h^Ue�$
^@Entering test mode for TST_PKT
^@Entering test mode for SE0-NAK
^@platform/msm_shared/hsusb.c^@ept^@req^@allocate USB item fail ept%d%s queue
^@^@^@td count = %d
^@^@*UNKNOWN*^@^@^@-- reset --
^@^@^@^@-- portchange --
^@^@^@<UEI %x>
^@^@^@STALL %s %d %d %d %d %d
^@^@^@^@epts^@^@^@^@USB init ept @ %p
^@^@only one gadget supported
^@^@udc_start()
^@^@^@^@udc cannot start before init
^@^@^@udc has no gadget registered
^@^@^@GET_STATUS^@^@CLEAR_FEATURE^@^@^@SET_FEATURE^@SET_ADDRESS^@GET_DESCRIPTOR$
^@platform/msm_shared/boot_stats.c^@^@^@^@platform/msm_shared/rpm-smd.c^@^@^@*k$
^@^@^@^@smd_data^@^@^@^@Clock disable
^@^@%s: DTR is off
^@%s: len is greater than fifo sz
^@^@^@^@%s: channel is not in OPEN state
^@^@platform/msm_shared/smd.c^@^@^@ch->port_info^@^@^@smd_channel_alloc_entry^@$
^@^@ERROR reading smem channel alloc tbl
^@^@^@Apps timed out waiting for RPM-->APPS channel entry
^@^@^@^@Channel alloc freed
^@^@^@^@smd_read^@^@^@^@smd_write^@^@^@Error: sdhci reset failed for: %x
^@^@Error: Invalid UHS mode: %x
^@^@^@^@platform/msm_shared/sdhci.c^@Bus width is invalid: %u
^@^@^@cmd->data.data_ptr^@^@IS_CACHE_LINE_ALIGNED(cmd->data.data_ptr)^@^@^@Erro$
^@^@^@Invalid response type for the command
^@^@Error allocating memory
^@^@^@^@Error: Command never completed
^@Error: Transfer never completed
^@^@^@^@Error: Command timeout error
^@^@^@Error: Command CRC error
^@^@^@Error: CMD end bit error
^@^@^@Error: Command Index error
^@Error: DATA time out error
^@Error: DATA CRC error
^@^@Error: DATA end bit error
^@^@Error: Current limit error
^@Error: Auto CMD12 error
^@^@^@^@Error: ADMA error
^@^@^@^@^@^@^A^@^@^@^C^@^@^@^B^@^@^@^F^@^@^@^G^@^@^@^E^@^@^@^D^@^@^@^L^@^@^@
^@^@^@^O^@^@^@^N^@^@^@
^@^@^@^K^@^@^@  ^@^@^@^H^@^@^@sdhci_msm_config_dll^@^@^@^@��^@���^@^@�����3���3$
^@%s: clk_out_en timed out: %08x
^@Error: Calibration done in CDC status not set
^@^@CDC error set during calibration: %x
^@^@^@Error: DLL lock for hs400 operation is not set
^@platform/msm_shared/sdhci_msm.c^@tuning_data^@Failed in selecting the tuning $
^@^@^@Failed to get tuned phase
^@^@sdhci_msm_init_dll^@^@�^O�^@�����<����������������^?�w�������^O��<�3�������$
^@^@^@^L^@^@^@
^@^@^@^O^@^@^@^T^@^@^@^Y^@^@^@^^^@^@^@#^@^@^@(^@^@^@-^@^@^@2^@^@^@7^@^@^@<^@^@^$
^@^@^@Get card status failed
^@Switch cmd failed. Card not in tran state %x
^@^@^@Switch cmd failed. Switch Error.
^@^@^@Switch cmd failed
^@^@Failed Sending CMD55
^@^@^@Attempting to read or write beyond the Device capacity
^@The misaligned address did not match the block length used
^@The transferred bytes does not match the block length
^@^@Attempt to program a write protected block
^@Device error occurred, which is not related to the host command
^@^@^@^@A generic Device error
^@MMC card is not in TRAN state
^@^@Failed to send stop command
^@^@^@^@Switch cmd returned failure %d
^@Failure to set DDR mode for Card(RCA:%x)
^@^@^@Failure to set wide bus for Card(RCA:%x)
^@^@^@Tuning for hs200 failed
^@^@^@^@platform/msm_shared/mmc_sdhci.c^@card->ext_csd^@^@^@Bus width is not 8-$


----------



## Astr4y4L (Aug 23, 2017)

^@Failure Setting HS200 mode %s %d
^@^@^@Error adjusting interface speed!:%s       %d
^@Failure setting DDR mode:%s   %d
^@Switch cmd returned failure %s        %d
^@^@Tuning for hs400 failed
^@^@^@^@The response for CMD8 does not match the supplied value
^@^@^@^@Error: CMD8 response timed out
^@Failed sending App command
^@Failure sending ACMD41
^@Error: ACMD41 response timed out
^@^@^@Error allocating mmc device
^@^@^@^@Error Initializing MMC host : %u
^@^@^@Failure resetting MMC cards!
^@^@^@Failed to initialize SD card
^@^@^@Failed to set HS for SD card
^@^@^@Error adjusting interface speed!
^@^@^@Failure getting card's ExtCSD information!
^@Failed to set bus width for host controller
^@^@^@^@Failure to set HS400 mode for Card(RCA:%x)
^@Failure to set HS200 mode for Card(RCA:%x)
^@SDHC Running in High Speed mode
^@^@^@^@Failure to enalbe HS mode for Card(RCA:%x)
^@Failed to set bus width for the card
^@^@^@Failed to enable RST_n_FUNCTION
^@^@^@^@Failed detecting MMC/SDC @ slot%d
^@^@Done initialization of the card
^@^@^@^@Failure getting OCR response from MMC Card
^@MMC card failed to respond, try for SD card
^@^@^@^@Failure getting card's CID number!
^@Failure getting card's RCA!
^@^@^@^@Failure getting card's CSD information!
^@^@^@^@Failure selecting the Card with RCA: %x
^@^@^@^@Failure getting card's SCR register
^@^@^@^@Failed to get SSR from the card
^@^@^@^@SDHC Running in HS400 mode
^@SDHC Running in HS200 mode
^@SDHC Running in DDR mode
^@^@^@Card has busy status set. Init did not complete
^@^@^@^@Requested length is less than min erase group size
^@The erase group overlaps the max requested for erase
^@^@^@Address for CMD35 is out of range
^@^@Address for CMD36 is out of range
^@^@Failed to get card status after erase
^@^@Write Protect set for the region, only partial space was erased
^@^@^@^@Card status check timed out after sending erase command
^@^@^@^@Failed to send erase grp start address
^@Failed to send erase grp end address
^@^@^@Failed to erase the specified partition
^@^@^@^@Failed to get status of write protect bits
^@Failed to Disable PERM WP
^@^@Failed to read ext csd for the card
^@^@^@^@Power on protection is disabled, cannot be set
^@Length is less than min WP size, WP was not set
^@^@^@^@Failed to set power on WP for user
^@Address for CMD28/29 is out of range
^@^@^@Failed to get card status afterapplying write protect
^@^@Card status timed out after sending write protect command
^@^@card deselect error: %s
^@^@^@^@card sleep error: %s
^@^@^@^A^@^@^@
^@^@^@d^@^@^@�^C^@^@^P'^@^@��^A^@@B^O^@���^@^@^@^@^@
^@^@^@^L^@^@^@
@^@^@^O^@^@^@^T^@^@^@^Z^@^@^@^^^@^@^@#^@^@^@(^@^@^@-^@^@^@4^@^@^@7^@^@^@<^@^@^$
^@^@Error: UFS write failed writing to block: %llu
^@!(data_len % block_size)^@^@^@^@Failed Reading block @ %x
^@^@Error: UFS read failed writing to block: %llu
^@^@erasing 0x%x:0x%x
^@^@Erase Fail: Erase size: %u is bigger than scratch region:%u
^@^@^@^@failed to erase the partition: %x
^@^@!(addr % block_size)^@^@^@^@!(len % block_size)^@Erasing card: 0x%x:0x%x
^@^@^@^@SDHCI unit erase not required
^@^@MMC erase failed
^@^@^@mmc_erase_card: UFS erase failed
^@^@^@max_luns^@^@^@^@Error reading the partition table info for lun %d
^@^@GIC CPU mask not found
^@%s unimplemented
^@^@^@platform/msm_shared/qgic.c^@^@vector < NR_IRQS^@^@^@^@Invalid interrupt t$
^@^@^@^@gic_platform_fiq^@^@^@^@Alert!! clock list not defined!
^@^@^@^@Alert!! Requested clock "%s" is not supported!^@^@Can't find clock with$
^@^@^@Clock set rate failed.
^@Clock enable failed.
^@^@^@platform/msm_shared/clock_lib2.c^@^@^@^@rclk->set_rate^@^@platform/msm_sh$
^@^@^@Unsupported board info format %u.%u
^@^@^@^@^@^@^@^@^H^@^@^@^P^@^@^@^X^@^@^@�^@^@^@^@�^@^@^@^@�^@^@^@^@�^@^H^P^Xpla$
^@^@^@^@SPMI write command failure:                     cmd_id = %u, error = %u
^@SPMI read command failure:                    cmd_id = %u, error = %u
^@^@Unexpected interrupt : val %u
^@^@Size exceeds max size for a descriptor(0x7FFF)
^@platform/msm_shared/bam.c^@^@^@!((uint32_t)PA((addr_t)bam->pipe[pipe_num].fif$
^@^@Wrong params for BAM transfer
^@Please allocate the FIFO for the BAM pipe %d
^@^@^@Can't lock and unlock in the same desc
^@EOT flag set on the CMD desc
^@^@^@len of the desc exceeds max length %d > %d
^@Data transfer exceeds desc fifo length.
^@^@^@^@,��^U����^@^@^@ ^@^@^@^@^@^H^@^@^@^@^B^@@^@^@^@^@^@^@^@,��^U����^@^@^@^$
^@^@Could not read bad block value
^@NAND Erase error: Block address belongs to bad block: %d
^@^@^@Failed to write CW %d for page: %d
^@QPIC:NANDc BAM Read FIFO init error
^@^@^@^@QPIC: NANDc: BAM Write FIFO init error
^@QPIC:NANDc BAM CMD FIFO init error
^@Read ID cmd status failed
^@^@platform/msm_shared/qpic_nand.c^@flash->block_size^@^@^@flash->page_size^@^$
^@^@Failed to allocate memory for bad block table
^@^@Failed to allocate memory for page reads or writes
^@NAND device is not supported: nandid: 0x%xmaker=0x%02x device=0x%02x
^@^@^@nandid: 0x%x maker=0x%02x device=0x%02x page_size=%d
^@^@^@spare_size=%d block_size=%d num_blocks=%d
^@^@flash_ptable == NULL && new_ptable != NULL^@^@Read request start not at pag$
^@^@^@^@NAND page read failed. page: %x status %x
^@^@flash_read_image: failed (%d errors)
^@^@^@Erase operation failed
^@^@^@^@flash_write_image: out of space
^@^@^@^@flash_write_image: image undersized (%d < %d)
^@^@flash_write_image: bad block @ %d
^@^@flash_write_image: write failure @ page %d (src %d)
^@^@^@^@flash_write_image: erase failure @ page %d
^@flash_write_image: restart write @ page %d (src %d)
^@^@^@^@flash_write_image: success
^@%s:SCM call is not supported
^@^@^@ASSERT FAILED at (%s:%d): %s
^@^@^@platform/msm_shared/scm.c^@^@^@indir_arg^@^@^@SCM call: 0x%x failed with $
^@Secure Config failed
^@^@^@ssd_image_is_encrypted call failed^@^@ret == 0^@^@^@^@decrypt_scm_v2: fai$
^@^@^@decrypt_scm_v2: case default: failed status %d
^@Successfully loaded the keystore ^@^@^@Loading keystore failed status %d ^@^@$
^@in_buf != NULL^@^@out_buf != NULL^@Failed to call Cipher DIP SCM
^@^@Failed in Cipher DIP SCM call
^@^@Failed to call SCM_SVC_FUSE.SCM_QFPROM_READ_ROW_ID SCM @jumping to kernel via monitor
^@^@Failed to jump to kernel
^@^@^@0^@^@^@Secure canary SCM failed: %x
^@^@^@scm_call for random failed !!!^@^@Failed to set XPU violations as fatal e$
^@^@^@Configured XPU violations to be fatal errors
^@^@^@scm call is_secure_boot_enable failed
^@^@Failed to write to boot misc: %d
^@^@^@Failed to disable the wdog debug
^@^@dev_tree_get_entry_info^@ERROR: Unsupported version (%d) in dt node check
^@^@platform/msm_shared/dev_tree.c^@^@dt_node_member^@^@dt_node_member->dt_entr$
^@Out of memory
^@^@Tags addresses overlap with aboot addresses.
^@^@^@/^@^@^@model^@^@^@model does not exist in device tree
^@^@^@^@qcom,pmic-id^@^@^@^@qcom,board-id^@^@^@qcom,pmic-id(%d) or qcom,board-i$
^@^@qcom,board-id in device tree is (%d) not a multiple of (%d)
^@^@^@^@qcom,msm-id^@qcom,msm-id entry not found
^@^@^@^@qcom,msm-id in device tree is (%d) not a multiple of (%d)
^@^@board_data^@^@platform_data^@^@^@pmic_data^@^@^@dt_entry_array^@^@Best matc$
^@^@^@^@Using pmic info 0x%0x/0x%x/0x%x/0x%0x for device 0x%0x/0x%x/0x%x/0x%0x
^@DTB offset is incorrect, kernel image does not have appended DTB
^@^@^@ERROR: Bad magic in device tree table
^@ERROR: Unsupported version (%d) in DT table
^@^@^@ERROR: Bad parameter passed to %s
^@DTB Total entry: %d, DTB version: %d
^@^@^@Using DTB entry 0x%08x/%08x/0x%08x/%u for device 0x%08x/%08x/0x%08x/%u
^@ERROR: Unable to find suitable device tree for device (%u/0x%08x/0x%08x/%u)
^@^@^@^@reg^@Failed to add the memory information addr: %d
^@^@Failed to add the memory information size: %d
^@^@Could not find memory node.
^@^@^@^@#address-cells^@^@Using default #addr_cell_size: %u
^@^@Error finding the #address-cells property
^@^@#size-cells^@Using default #size_cell_size: %u
^@^@Error finding the #size-cells property
^@Could not find #address-cells and #size-cells properties: ret %d
^@^@^@ERROR: Could not set prop reg for memory node
^@^@ERROR: Could not append prop reg for memory node
^@^@^@Invalid device tree header
^@^@^@^@/memory^@ERROR: Cannot update memory node
^@^@^@/chosen^@Could not find chosen node.
^@^@^@^@bootargs^@^@^@^@ERROR: Cannot update chosen node [bootargs]
^@^@^@^@linux,initrd-start^@^@ERROR: Cannot update chosen node [linux,initrd-st$
^@^@linux,initrd-end^@^@^@^@ERROR: Cannot update chosen node [linux,initrd-end]^A^C*�H��

^@^@^@^@^A#Eg�����ܺ�vT2^P����g�  j��g�r�n<:�O�^?R^NQ�h^E��ك^_^Y��[do_sha_update $
^@^@do_sha_update returns error from crypto_get_digest
^@do_sha_update returns error %d
^@crypto_sha256 returns error %d
^@Could not allocate fifo buffer
^@CRYPTO_WRITE_REG: Reg write failed. reg addr = %x
^@^@Could not allocate output dump buffer
^@^@Could not allocate ce array buffer
^@CRYPTO: BAM Read FIFO init error
^@^@^@CRYPTO: BAM Write FIFO init error
^@^@CRYPTO: BAM init error
^@crypto_set_sha_ctx invalid auth algorithm
^@^@Authentication alg config failed.
^@^@Data start not aligned at burst length.
^@^@^@^@CRYPTO_ADD_DESC: Adding desc failed
^@^@^@^@Crypto send data failed
^@^@^@^@crypto_get_digest status error^@^@status = %x status2 = %x
^@^@^@0�^B�0�^A�^B^A^E0
^F      *�H��
^A^A^E^E^@0/1^K0        ^F^CU^D^F^S^BUS1^K0     ^F^CU^D^H^L^BCA1^S0^Q^F^CU^D
^L
Android LK0^^^W
110801145535Z^W
320212145535Z0/1^K0     ^F^CU^D^F^S^BUS1^K0     ^F^CU^D^H^L^BCA1^S0^Q^F^CU^D
^L
Android LK0�^A 0
^F      *�H��
^A^A^A^E^@^C�^A
^@0�^A^H^B�^A^A^@Ȃ      C�3��ʡC���&^L�^U�q���_��f�^?^K�^A��^[���!�^];
�^Nͅ�M��'r��&��_Ww=�y8ެ����B^DS�d������2-���5X�^�G(+��TӼ
^R_v^^V���^Q�6�:^\v�1�����VVR�p����.ݝ3�"�^P^WS�j���^TӢ��7�Lݢ�F2�#F^ZՆ�9�^F�O�o^$
^F      *�H��
^A^A^E^E^@^C�^A^A^@!�Ly�T�^Kv�
m^T�G/�=�^@��^K�n~^\�Mw��H^^�j=^Ac������M"�ϱ|02���r��^]�qm$T9��l$^O�^H��M.{^Q�M$
�|�����Z%^S���E^[Y�5ྜLưY'٬n�5^L��̺9Hn^D�mAJ�2�)�� ���Dl���R�^][���W�!��
�^E�ҲT�^G"<dT������@�A���e=��(#^C�k�R^D;�Nd�;�o0�,J^N�y�ӃERROR: Boot Invalid, R$
^@^@ERROR: Calloc failed during verification
^@^@^@ERROR: Image Invalid, X509_Certificate is NULL!
^@^@^@^@ERROR: Boot Invalid, PUB_KEY is NULL!
^@^@ERROR: Image Invalid! signature check failed! ret %d
^@^@^@ERROR: Image Invalid! Please use another image!
^@^@^@^@HW doesn't support READs > 256 bytes
^@^@^@dev_addr is NULL, that means i2c_qup_init failed...
^@^@^@^@QUP: I2C status flags :0x%x
^@^@^@QUP: QUP status flags :0x%x
^@^@^@^@QUP Busy:Trying to recover
^@I2C slave addr:0x%x not connected
^@^@QUP data xfer error %d
^@Error waiting for write ready
^@^@msm_display_init^@^@^@^@[Display] Config LVDS_PANEL.
^@^@^@[Display] Config MIPI_VIDEO_PANEL.
^@[Display] Config MIPI_CMD_PANEL.
^@^@^@[Display] Config LCDC PANEL.
^@^@^@[Display] Config HDMI PANEL.
^@^@^@[Display] Config EDP PANEL.
^@^@^@^@[Display] Turn on LVDS PANEL.
^@^@[Display] Turn on MIPI_VIDEO_PANEL.
^@^@^@^@[Display] Turn on MIPI_CMD_PANEL.
^@^@[Display] Turn on LCDC PANEL.
^@^@[Display] Turn on HDMI PANEL.
^@^@[Display] Turn on LCDC PANEL.
^@^@[Display] Turn on HDMI PANEL.
^@^@[Display] Turn on EDP PANEL.
^@^@^@[Display] Turn off LVDS PANEL.
^@[Display] Turn off MIPI_VIDEO_PANEL.
^@^@^@[Display] Turn off MIPI_CMD_PANEL.
^@[Display] Turn off LCDC PANEL.
^@[Display] Turn off EDP PANEL.
^@^@[Display] Continuous splash enabled, keeping panel alive.
^@^@^C^G^O^@Panel CMD: command mode dma test failed
^@^@^@^@Panel CMD: Did not recieve video mode done interrupt
^@^@^@dsi host init error
^@^@^@^@pre_init_func error
^@^@^@^@dsi panel init error
^@^@^@unsupported dst format
^@Video lane test failed
^@Video lane tested successfully
^@^C^G^O^@[Display] DSI1 PHY REGULATOR NOT READY,exceeded polling TIMEOUT!
^@^@^@���^\^H^@^@^@^@8�^\^K^@^@^@�nM"^H^@^@^@^@^PU"^L^@^@^@�}c$^H^@^@^@�+O'   $
^@^@^@^@�
(^N^@^@^@ �:*
^@^@^@�^W�,^K^@^@^@[Display] unable to get loop filter resistance. vco=%d
^@r0  0x%08x r1  0x%08x r2  0x%08x r3  0x%08x
^@^@^@^@r4  0x%08x r5  0x%08x r6  0x%08x r7  0x%08x
^@^@^@^@r8  0x%08x r9  0x%08x r10 0x%08x r11 0x%08x
^@^@^@^@r12 0x%08x usp 0x%08x ulr 0x%08x pc  0x%08x
^@^@^@^@spsr 0x%08x
^@^@^@^@%c%s r13 0x%08x r14 0x%08x
^@fiq^@irq^@svc^@und^@sys^@bottom of stack at 0x%08x:
^@unhandled syscall, halting
^@undefined abort, halting
^@^@^@data abort, halting
^@^@^@^@prefetch abort, halting
^@^@^@^@MSM8909_E1Q_VZW^@ci^@^@dpc^@welcome to lk

^@bootstrap2^@^@mutex_acquire: thread %p (%s) tried to acquire mutex %p it alr$
^@^@^@mutex_acquire_timeout: thread %p (%s) tried to acquire mutex %p it alrea$
^@^@^@mutex_release: thread %p (%s) tried to release mutex %p it doesn't own. $
^@^@^@somehow fell through thread_exit()
^@bootstrap^@^@^@idle^@^@^@^@dump_thread: t %p (%s)
^@      state %d, priority %d, remaining quantum %d, critical section %d
^@^@    stack %p, stack_size %zd
^@^@    entry %p, arg %p
^@^@    wait queue %p, wait queue ret %d
^@^@    tls:^@^@^@timer %p already in list
^@^@^@starting app %s
^@^@^@^@^@^@^@^@h\e�^@^@^@^@^@^@�^E^@^@^@^@^@^@^H^@^@^@^@^@^\�d�^@^@^@^@^@^@`^$
^@^@^@recoveryfs^@^@ androidboot.emmc=true^@^@ androidboot.serialno=^@^@ gpt^@$
^@^@^@^@Updating device tree: start
^@^@^@^@ERROR: Updating Device Tree Failed
^@^@^@^@Updating device tree: done
^@booting linux @ %p, ramdisk @ %p (%d), tags/device tree @ %p
^@^@^@Device is unlocked! Skipping verification...
^@^@^@Keystore verification failed! Continuing anyways...
^@^@^@^@kswitch_factory^@[KSWITCH] Disable recovery!
^@^@^@^@kswitch_dload^@^@^@[KSWITCH] Disable download mode!
^@^@^@devinfo^@ERROR: Cannot write device info
^@^@^@^@Authenticating boot image (%d): start
^@^@Authenticating boot image: done return value = %d
^@^@Device is tampered. Asserting..
^@^@^@^@bootselect^@^@Unable to locate /bootselect partition
^@partition /bootselect doesn't exist
^@^@^@^@buf^@mmc read failure /bootselect %d
^@^@^@^@Signature: 0x%08x or version: 0x%08x mismatched of /bootselect
^@failed to get ffbm cookie^@^@^@Unified boot method!
^@^@^@androidboot.recovery^@^@^@^@true^@^@^@^@false^@^@^@downloadmode^@^@^@^@F$
^@^@^@^@FOTA start boot
^@^@^@^@FOTA m_bFotaMode enable start recovery
^@Enter minios3 mode
^@androidboot.laf^@MID^@Enter laf mid mode
^@Enter normal mode
^@^@ERROR: No %s partition found
^@^@^@ERROR: So, Set default boot partition
^@^@boot from %s partition
^@ERROR: Cannot read boot image header
^@^@^@ERROR: Invalid boot image header
^@^@^@ERROR: Invalid page size^A^C*�H��
^A^C^A+^N^C^B^F+^N^C^B 

^@^@^@kernel/ramdisk addresses overlap with aboot addresses.
^@Boot image buffer address overlaps with aboot addresses.
^@^@^@ERROR: Cannot read boot image
^@^@Loading boot image (%d): done
^@^@ERROR: Cannot read boot image signature
^@^@^@^@ERROR: Cannot validate Device Tree Table
^@^@ERROR: Device Tree Blob cannot be found
^@^@^@^@ERROR: Appended Device Tree Blob not found
^@Secure boot started
^@^@^@^@Secure boot Fail
^@^@^@Secure boot End
^@^@^@^@GPT modified : %d
^@^@ERROR: Getting device tree address failed
^@^@persistent^@^@config^@^@Partition table doesn't exist
^@^@failed to erase partition
^@^@Erase persistent partition
^@androidboot.ksut_state^@^@persist partition wp enabled
^@^@^@laf cmd = %s
^@^@^@use_signed_kernel=%d, is_unlocked=%d, is_tampered=%d.
^@^@Device tree addresses overlap with aboot addresses.
^@^@^@^@Loading boot image (%d): start
^@Signature read buffer address overlaps with aboot addresses.
^@^@^@ERROR: Cannot read device info
^@ANDROID-BOOT!^@^@^@ERROR: Partition table not found
^@^@^@ERROR: No boot partition found
^@ERROR: No recovery partition found
^@ERROR: Invalid boot image pagesize. Device pagesize: %d, Image pagesize: %d
^@^@^@^@ERROR: Cannot read kernel image
^@^@^@^@ERROR: Cannot read ramdisk image
^@^@^@ERROR: Cannot read the Device Tree Table
^@^@^@ERROR: Cannot read device tree
^@reset_device_info called.^@^@^@set_device_root called.^@invalid bootimage he$
^@^@failed to write partition^@^@^@image is not a boot image^@^@^@size too lar$
^@^@Unknown chunk type^@^@Wrote %d blocks, expected to write %d blocks
^@^@^@sparse image write failure^@^@UBI#^@^@^@^@writing %d bytes to '%s'
^@^@^@partition '%s' updated
^@rebooting the device
^@^@^@Enabling charger screen check
^@^@Disabling charger screen check
^@Selecting display panel %s
^@oem unlock is not allowed^@^@^@oem unlock is been issued
^@^@Need wipe userdata. Do 'fastboot oem unlock-go'^@recovery
--wipe_data^@^@^@^@Fake Battery is enabled
^@^@^@^@Fake Battery is disabled
^@^@^@UART console is enabled.
^@^@^@UART console is disabled.
^@^@    Device tampered: %s^@^@^@^@     Device unlocked: %s^@^@^@^@     Charge$
^@^@ERROR: Boot image header invalid
^@^@^@Logo config doesn't match with fb config. Fall back to default logo
^@^@^@^@ERROR: Cannot read splash image from partition
^@ERROR: splash Partition table not found
^@^@^@^@ERROR: splash Partition invalid
^@^@^@^@ERROR: Cannot read splash image header
^@ERROR: Splash image header invalid
^@Logo config doesn't match with fb config. Fall back default logo
^@^@^@product^@serialno^@^@^@^@ Toshiba %dGB^@^@^@ Samsung %dGB^@^@^@ Hynix %d$
^@^@variant^@Not defined yet^@version-hardware^@^@^@^@Invalid partition index
^@^@^@^@Invalid partition name %s
^@^@     0x%llx^@^@^@^@partition size name truncated
^@^@partition type name truncated
^@^@    0x%x^@^@^@max-download-size^@^@^@charger-screen-enabled^@^@display-pan$
^@frp^@display^@thread_create is returned 'NULL'
^@^@^@VS425PP^@%s : select mode - SM_LAF_DOWNLOAD
^@Enter Recovery mode & Do Factory reset
^@Enter Minios mode & Skip Factory reset
^@FOTA_SILENT^@boot into laf
^@^@error in emmc_recovery_init
^@^@^@^@ERROR: Could not do normal boot. Reverting to fastboot mode.
^@^@^@aboot_init^@^@usb_write() queue failed
^@^@^@usb_write() transaction failed
^@usb_read() queue failed
^@^@^@^@usb_read() transaction failed
^@^@N/A^@%s%s^@^@^@^@fastboot: processing commands
^@^@Could not allocate memory for fastboot buffer
.^@app/aboot/fastboot.c^@^@^@^@fastboot: %s
^@^@^@FAIL^@^@^@^@unknown reason^@^@unknown command^@fastboot: oops!
^@^@^@^@data too large^@^@DATA%08x^@^@^@^@OKAY^@^@^@^@INFO%s^@^@fastboot_init()
^@^@^@^@dwc^@USB30 needs to be enabled for this target.
^@getvar:^@download:^@^@^@0.5^@fastboot^@^@^@^@Google^@^@Android^@CDSSIKOO^@
^@^@partition %s doesn't exist
^@mmc write failure %s %d
^@^@^@^@mmc read failure %s %d
^@ERROR: No misc partition found
^@ERROR: Cannot read recovery_header
^@ERROR: flash write fail!
^@^@^@ERROR: No cache partition found
^@^@^@^@MSM-RADIO-UPDATE^@^@^@^@ERROR: Cannot read radio image
^@Partition writen successfully!^@^@ERROR: unable to read shared memory for ap$
^@^@boot flag %x update status %x
^@^@Recovery command: %d %s
^@^@^@^@boot-recovery^@^@^@RADIO^@^@^@radio update success
^@^@^@radio update failed
^@^@^@^@failed-update^@^@^@update-radio^@^@^@^@start radio update
^@FOTA^@^@^@^@FOTA partition written successfully!^@^@^@^@app/aboot/recovery.c$
^@^@^@Writing MMC failed
^@Partition table not found
^@^@Writing flash failed
^@^@^@Invalid size argument passed to get_ffbm
^@^@^@Failed to alloc buffer for ffbm cookie
^@Misc partition not supported for NAND targets.
^@Invalid string in misc partition
^@^@^@Error reading MISC partition
^@^@^@ffbm-^@^@^@emmc_get_recvoery_msg error!
^@^@^@recovery
^@^@^@--wipe_data^@--wipe_cache^@^@^@^@--resize_data^@^@^@Unexpected recovery $
^@^@^@^@emmc_set_recvoery_msg error!
^@^@^@emmc_set_recovery_cmd
^@^@dev/fbcon/fbcon.c^@^@^@_config^@unknown framebuffer pixel format
^@^@^@NULL configuration, image cannot be displayed
^@^@lg_logo_image^@^@^@�^@^@^@^F^@^@^@^@^@^@^@^@^@^@^A�^@^@^@^@^E^@^@^A�^@^@^@$
^@^@^A�^@^@^@^@^O^@^@^A�^@�^@^@^@^@^@^A�^@^@^@mdss_edp_panel_power^@^@^@^@^@^@$
^@^@^@^@[Display] %s: panel enable failed
^@^@[Display] %s: panel disable failed
^@[Display] %s: ldo control disable failed
^@^@^@[Display] panel reset failed
^@^@^@[Display] panel reset disable failed
^@^@^@[Display] ldo control disable failed
^@^@^@[Display] Clock calculation failed
^@^@^@^@[Display] Backlight %s failed
^@^@0:edp:^@^@0:dsi:0:^@^@^@^@qcom,mdss_dsi_sim_cmd_1^@qcom,mdss_dsi_sim_cmd_0$
^@^@^@[Display] display command line buffer is small
^@[Display] slave node not present in dual dsi case
^@^@1:^@^@:1:^@[Display] DSI panel init failed!
^@^@^@[Display] Target panel init not found!
^@_^@^@^@^@^@^@^@^@^@^@^@^P^@^@^@^@^@^@^@^A^@^@^@^A^@^@^@^@^@^@^@ ^@^@^@^G^@^@$
^@[Display] Not able to calculate posdiv1
^@^@^@^@Invalid keycode posted: %d
^@Invalid keycode requested: %d
^@^@LDO pointer is invalid: %p
^@dev/pmic/pm8x41/pm8x41.c^@^@^@^@mvs^@mpp^@%s: Warm boot
^@^@%s: cold boot
^@^@pm8x41_get_is_cold_boot^@[%u] ^@^@^@panic (caller %p): ^@stack smashing de$
^@^@0x%02hhx ^@^@^@invalid input size
^@invalid input alignment
^@^@^@^@0123456789abcdef0123456789ABCDEF<null>^@^@phandle^@linux,phandle^@^@^@$
^@^@^@^@No^@^@Yes^@Apps^@^@^@^@Modem^@^@^@lib/openssl/crypto/bio/b_print.c^@^@$
^@^@^@pointer != NULL^@<<ERROR>>^@^@^@err^@ex_data^@x509^@^@^@^@x509_info^@^@^$
^@^@lib/openssl/crypto/ex_data.c^@^@^@^@lib/openssl/crypto/asn1/a_bitstr.c^@^@$
^@^@^@^@lib/openssl/crypto/asn1/ameth_lib.c^@lib/openssl/crypto/asn1/asn1_lib.$
^@^@lib/openssl/crypto/asn1/tasn_dec.c^@^@Field=^@^@, Type=^@Type=^@^@^@^@^@^@$
^@^@^@^@^@^@^@(^@^@^@��e��^@^@^@^@^@^@^@^@^@^@^@$�d�^X}e�^@^@^@^@^@^@^@^@^D^@^$
d��
d�T
d�^L^Qd��^Od�(^Nd�T     d�lib/openssl/crypto/err/err.c^@^@^@^@int_thread_get ($
^@^@Public Key^@^@Private Key^@Parameters^@^@lib/openssl/crypto/evp/pmeth_lib.$
*�H��
�

##############################################

anyways theres a snippet from our /aboot
and i'm sure you will find some neat interesting inf in that....
theres a lot more but there's part of whats plaintext
woooohooooo!!!!!!!!!!!!!!
gonna get 'em yet!!!!!!!!!!!!!!!!!!!!!!!!!!!!

---------- Post added at 02:44 PM ---------- Previous post was at 02:26 PM ----------

So... now im going to have to pipe all of it into a hexeditor and then i think we can modify it to skip some checks and stuff.
Matter of fact i just ran across a line of code the checks for a modified /boot
So yea. I'll call it some progress

---------- Post added at 02:55 PM ---------- Previous post was at 02:44 PM ----------

Looked at the url u sent from the acatel
And I erased the file name discription from the end of the url and got a forbidden but the kool part is they are using redhat linux.... and so that's all I'll say about it for now but....
Bro, I'm gonna try something's to get access to the other content on the server...
Wish us luck 

---------- Post added at 02:55 PM ---------- Previous post was at 02:55 PM ----------

Looked at the url u sent from the acatel
And I erased the file name discription from the end of the url and got a forbidden but the kool part is they are using redhat linux.... and so that's all I'll say about it for now but....
Bro, I'm gonna try something's to get access to the other content on the server...
Wish us luck


----------



## chwang13 (Aug 23, 2017)

I believe SPR means Sprint.  





Astr4y4L said:


> @MotoJunkie01
> Can u plz explain this ?
> " standard "SPR" edit in build.prop. "
> I know build prop but what is spr?
> ...

Click to collapse


----------



## Astr4y4L (Aug 23, 2017)

chwang13 said:


> I believe SPR means Sprint.

Click to collapse



Hmmmm....
How would that apply to a verizon device?


----------



## MotoJunkie01 (Aug 23, 2017)

OK @Astr4y4L, you were asking about SPR & spr components yesterday and it rang a bell. When Domestic SIM Unlocking the Sprint/Virgin Mobile LG Tribute 5 (Great device by the way), the uppercase "SPR" component had to be substituted with the lower case "spr". Upon reboot an amazing change had occurred: the options under Mobile Networks in Settings were no longer grayed out and were fully accessible, including APN Settings. Anyway here is the thread that discusses it. 
https://www.google.com/amp/lgtribut...ck-for-att-t-mobile-and-other-gsm-carriers/2/


----------



## Astr4y4L (Aug 23, 2017)

chwang13 said:


> I believe SPR means Sprint.

Click to collapse



I was actually talking about the text you quoted earlier
{replacement node.db and node-journal.db files in /root/carrier/app, and the standard "SPR" edit in build.prop.}
and so the guy said he was on vs425pp2 so i can't imagine where a verizon fone would need anything in build.prop edited to sprint variables unless of course he was talking about the lines for the CDMA modem & ril configs or something... maby he wanted to use Sprint networks?


----------



## Astr4y4L (Aug 24, 2017)

MotoJunkie01 said:


> OK @Astr4y4L, you were asking about SPR & spr components yesterday and it rang a bell. When Domestic SIM Unlocking the Sprint/Virgin Mobile LG Tribute 5 (Great device by the way), the uppercase "SPR" component had to be substituted with the lower case "spr". Upon reboot an amazing change had occurred: the options under Mobile Networks in Settings were no longer grayed out and were fully accessible, including APN Settings. Anyway here is the thread that discusses it.
> https://www.google.com/amp/lgtribut...ck-for-att-t-mobile-and-other-gsm-carriers/2/

Click to collapse



So if we change VZW to vzw in build.prop do ya think it affects zone3 ?

---------- Post added at 07:31 PM ---------- Previous post was at 07:15 PM ----------




MotoJunkie01 said:


> I can confirm full GSM domestic SIM unlock (DSU)
> on my LG Rebel LTE (LG L43AL) Tracfone. Life Wireless, H20 Wireless, Red Pocket Wireless, AT&T, T-Mobile, T-Roc Wireless, and Ting all confirmed fully working. I'll PM you the build.prop edits and tweaks needed for DSU this evening. I strongly assume this will work as well on your Rebel variant.

Click to collapse



Send me everything u have on this and how it used to be done with zone3 and I want to try to come up with a working method for this on zone3.
About to try to chocolate milker the rebel again (brown cow chicken brown cow!) Lol

---------- Post added at 07:31 PM ---------- Previous post was at 07:31 PM ----------




MotoJunkie01 said:


> I can confirm full GSM domestic SIM unlock (DSU)
> on my LG Rebel LTE (LG L43AL) Tracfone. Life Wireless, H20 Wireless, Red Pocket Wireless, AT&T, T-Mobile, T-Roc Wireless, and Ting all confirmed fully working. I'll PM you the build.prop edits and tweaks needed for DSU this evening. I strongly assume this will work as well on your Rebel variant.

Click to collapse



Send me everything u have on this and how it used to be done with zone3 and I want to try to come up with a working method for this on zone3.
About to try to chocolate milker the rebel again (brown cow chicken brown cow!) Lol

---------- Post added at 07:32 PM ---------- Previous post was at 07:31 PM ----------




MotoJunkie01 said:


> I can confirm full GSM domestic SIM unlock (DSU)
> on my LG Rebel LTE (LG L43AL) Tracfone. Life Wireless, H20 Wireless, Red Pocket Wireless, AT&T, T-Mobile, T-Roc Wireless, and Ting all confirmed fully working. I'll PM you the build.prop edits and tweaks needed for DSU this evening. I strongly assume this will work as well on your Rebel variant.

Click to collapse



Send me everything u have on this and how it used to be done with zone3 and I want to try to come up with a working method for this on zone3.
About to try to chocolate milker the rebel again (brown cow chicken brown cow!) Lol

---------- Post added at 07:38 PM ---------- Previous post was at 07:32 PM ----------

Oops! double double Posted posted


----------



## MotoJunkie01 (Aug 24, 2017)

As luck would have it, I found a complete build.prop mod package for converting Verizon & Sprint devices over to GSM support & UI. Of course, these mods are useless on devices in which GSM capability has been disabled by encryption (e.g., Sprint Moto E LTE, Sprint Moto G3). You wouldn't believe the number of CDMA devices that can be "unlocked" for GSM support with just a few build.prop edits. I'll get the information organized and uploaded and PM you a link. 
By the way reminds me of a debate I had going last night with the xt1609 (Verizon Moto G4 Play). Anyway, a member was swearing up and down that it was a "CDMA only" device. Here is the problem with his argument: the xt1609 is 4G/LTE capable. 
As I'm sure most people know, 4G/LTE is a GSM technology standard. So, what's good for us Devs and Android enthusiasts is that if a Sprint or Verizon device is 4G/LTE capable ((most are these days), then GSM support is always possible .


----------



## Astr4y4L (Aug 24, 2017)

MotoJunkie01 said:


> As luck would have it, I found a complete build.prop mod package for converting Verizon & Sprint devices over to GSM support & UI. Of course, these mods are useless on devices in which GSM capability has been disabled by encryption (e.g., Sprint Moto E LTE, Sprint Moto G3). You wouldn't believe the number of CDMA devices that can be "unlocked" for GSM support with just a few build.prop edits. I'll get the information organized and uploaded and PM you a link.
> By the way reminds me of a debate I had going last night with the xt1609 (Verizon Moto G4 Play). Anyway, a member was swearing up and down that it was a "CDMA only" device. Here is the problem with his argument: the xt1609 is 4G/LTE capable.
> As I'm sure most people know, 4G/LTE is a GSM technology standard. So, what's good for us Devs and Android enthusiasts is that if a Sprint or Verizon device is 4G/LTE capable ((most are these days), then GSM support is always possible .

Click to collapse



Alrighty then!
that's awesome.  We should be able to use this together with all the stuff going on on our dev server to add this so needed functionality back to our devices. .
And @MotoJunkie01
I move that whatever awsome package we put together from all this in the end be called (FRANKIN_Mod)

Astr4y4L


----------



## MotoJunkie01 (Aug 24, 2017)

Astr4y4L said:


> Alrighty then!
> that's awesome. We should be able to use this together with all the stuff going on on our dev server to add this so needed functionality back to our devices. .
> And @MotoJunkie01
> I move that whatever awsome package we put together from all this in the end be called (FRANKIN_Mod)
> ...

Click to collapse



FRANKLIN_Mod
Yes, very nostalgic sounding ..nice thinking


----------



## Astr4y4L (Aug 24, 2017)

MotoJunkie01 said:


> FRANKLIN_Mod
> Yes, very nostalgic sounding ..nice thinking

Click to collapse



Hey bro I fond a simcard kit (tracfone)for a buck at bestbuy.
I have a 13 y/o daughter who lives in Central Georgia ..
She wants my rebel 2 lte and her birthdays in about a month.
So since you're. An RF analyst, can u confirm good signal coverage for tracfone in the southeastern united states?
I don't want to send a phone that she can't use in her area.
Thanks
Astr4y4l

---------- Post added at 07:35 AM ---------- Previous post was at 07:31 AM ----------




MotoJunkie01 said:


> As luck would have it, I found a complete build.prop mod package for converting Verizon & Sprint devices over to GSM support & UI. Of course, these mods are useless on devices in which GSM capability has been disabled by encryption (e.g., Sprint Moto E LTE, Sprint Moto G3). You wouldn't believe the number of CDMA devices that can be "unlocked" for GSM support with just a few build.prop edits. I'll get the information organized and uploaded and PM you a link.
> By the way reminds me of a debate I had going last night with the xt1609 (Verizon Moto G4 Play). Anyway, a member was swearing up and down that it was a "CDMA only" device. Here is the problem with his argument: the xt1609 is 4G/LTE capable.
> As I'm sure most people know, 4G/LTE is a GSM technology standard. So, what's good for us Devs and Android enthusiasts is that if a Sprint or Verizon device is 4G/LTE capable ((most are these days), then GSM support is always possible .

Click to collapse



I need this info. I may have some time this week to work on it.
Taken it easy just had back operation. Yesterday ..


----------



## Astr4y4L (Aug 24, 2017)

@motojunki01

hey Bro my rebel ain't letting me dirty-cow something isn't right....
check this out...

###############################################
[email protected]:/data/local/tmp $ ./dirtycow                                         
usage ./dirtycow /default.prop /data/local/tmp/default.prop
[email protected]:/data/local/tmp $ ls
dirtycow
my-run-as
/dirtycow /system/bin/run-as /data/local/tmp/my-run-as                        <
warning: new file size (13796) and file old size (17920) differ

size 17920


[*] mmap 0xb6d35000
[*] exploit (patch)
[*] currently 0xb6d35000=464c457f
[*] madvise = 0xb6d35000 17920
[*] madvise = 0 1048576
[*] /proc/self/mem 1610612736 1048576
[*] exploited 0xb6d35000=464c457f
[email protected]:/data/local/tmp $ run-as con
run-as: Package 'con' is unknown
254|[email protected]:/data/local/tmp $


----------



## Astr4y4L (Aug 24, 2017)

@MotoJunkie01
Hey bro look what i caught after setting up middleman on my network and did factory reset then updated the home app on my rebel
#############################################

https://forum.xda-developers.com/member.php?u=7383447 #urlsnarf -i wlan1
urlsnarf: listening on wlan1 [tcp port 80 or port 8080 or port 3128]
android-68fe5b053373d4e6 - - [24/Aug/2017:12:49:18 -0500] "GET http://cfpublic.lgcpm.com/CASA1000000043271_hdpi_ic_launcher_home.png HTTP/1.1" - - "-" "Dalvik/2.1.0 (Linux; U; Android 6.0.1; LGL57BL Build/MXB48T)"
android-68fe5b053373d4e6 - - [24/Aug/2017:12:49:18 -0500] "GET http://cfpublic.lgcpm.com/CASA1000000033554_hdpi_icon.png HTTP/1.1" - - "-" "Dalvik/2.1.0 (Linux; U; Android 6.0.1; LGL57BL Build/MXB48T)"
android-68fe5b053373d4e6 - - [24/Aug/2017:12:50:13 -0500] "GET http://cfpublic.lgcpm.com/screenshot/com.lge.launcher2_48001500_THUMB_01_20161024022505662.jpg HTTP/1.1" - - "-" "Dalvik/2.1.0 (Linux; U; Android 6.0.1; LGL57BL Build/MXB48T)"
android-68fe5b053373d4e6 - - [24/Aug/2017:12:50:13 -0500] "GET http://cfpublic.lgcpm.com/screenshot/com.lge.launcher2_48001500_THUMB_02_20161024022505742.jpg HTTP/1.1" - - "-" "Dalvik/2.1.0 (Linux; U; Android 6.0.1; LGL57BL Build/MXB48T)"


----------



## Astr4y4L (Aug 24, 2017)

@MotoJunkie01

same thing different tool ...
##################################################


#ettercap -Tqi wlan1 -M ARP:REMOTE //192.168.43.1/

ettercap 0.8.2 copyright 2001-2015 Ettercap Development Team

Listening on:
 wlan1 -> 783:8D:000:8A
      192.168.43.11/255.255.255.0
      fe80::b14e:e90e:9a36:b353/64
      2600:100b:b000:f49b:3aba:b2f1:e1af:f911/64

Privileges dropped to EUID 65534 EGID 65534...

  33 plugins
  42 protocol dissectors
  57 ports monitored
20388 mac vendor fingerprint
1766 tcp OS fingerprint
2182 known services
Lua: no scripts were specified, not starting up!

Randomizing 255 hosts for scanning...
Scanning the whole netmask for 255 hosts...
* |==================================================>| 100.00 %

Scanning for merged targets (1 hosts)...

* |==================================================>| 100.00 %

2 hosts added to the hosts list...

ARP poisoning victims:

 GROUP 1 : 192.168.43.1 783:8D:000:8A

 GROUP 2 : ANY (all the hosts in the list)
Starting Unified sniffing...


Text only Interface activated...
Hit 'h' for inline help


Packet visualization restarted...

Packet visualization stopped...

Packet visualization restarted...


Thu Aug 24 13:58:36 2017 [855977]
UDP  192.168.43.155:6186 --> 192.168.43.1:53 |  (37)
1b...........clients3.google.com.....

Thu Aug 24 13:58:39 2017 [151424]
UDP  192.168.43.155:30383 --> 192.168.43.1:53 |  (31)
@...........www.lgcpm.com.....

Thu Aug 24 13:58:41 2017 [848318]
TCP  192.168.43.155:44423 --> 148.62.2.198:443 | S (0)


Thu Aug 24 13:58:41 2017 [860314]
UDP  192.168.43.155:6186 --> 192.168.43.1:53 |  (37)
1b...........clients3.google.com.....

Thu Aug 24 13:58:42 2017 [826240]
TCP  192.168.43.155:44423 --> 148.62.2.198:443 | S (0)


Thu Aug 24 13:58:44 2017 [146534]
UDP  192.168.43.155:30383 --> 192.168.43.1:53 |  (31)
@...........www.lgcpm.com.....

Thu Aug 24 13:58:44 2017 [839176]
TCP  192.168.43.155:44423 --> 148.62.2.198:443 | S (0)


Thu Aug 24 13:58:46 2017 [866902]
UDP  192.168.43.155:21580 --> 192.168.43.1:53 |  (37)
M\...........clients3.google.com.....

Thu Aug 24 13:58:48 2017 [837434]
TCP  192.168.43.155:44423 --> 148.62.2.198:443 | S (0)


Thu Aug 24 13:58:49 2017 [161128]
UDP  192.168.43.155:22159 --> 192.168.43.1:53 |  (31)
L    ...........www.lgcpm.com.....

Thu Aug 24 13:58:51 2017 [893262]
UDP  192.168.43.155:21580 --> 192.168.43.1:53 |  (37)
M\...........clients3.google.com.....

Thu Aug 24 13:58:52 2017 [804406]
TCP  192.168.43.155:46467 --> 148.62.2.198:443 | S (0)


Thu Aug 24 13:58:53 2017 [820515]
TCP  192.168.43.155:46467 --> 148.62.2.198:443 | S (0)


Thu Aug 24 13:58:54 2017 [154987]
UDP  192.168.43.155:22159 --> 192.168.43.1:53 |  (31)
L    ...........www.lgcpm.com.....

Thu Aug 24 13:58:55 2017 [809274]
TCP  192.168.43.155:46467 --> 148.62.2.198:443 | S (0)


Thu Aug 24 13:58:56 2017 [879144]
UDP  192.168.43.155:10558 --> 192.168.43.1:53 |  (37)
)1...........clients3.google.com.....

Thu Aug 24 13:58:59 2017 [827543]
TCP  192.168.43.155:46467 --> 148.62.2.198:443 | S (0)


Thu Aug 24 13:59:01 2017 [909986]
UDP  192.168.43.155:10558 --> 192.168.43.1:53 |  (37)
)1...........clients3.google.com.....

Thu Aug 24 13:59:06 2017 [898333]
UDP  192.168.43.155:24386 --> 192.168.43.1:53 |  (37)
G............clients3.google.com.....

Thu Aug 24 13:59:11 2017 [913195]
UDP  192.168.43.155:24386 --> 192.168.43.1:53 |  (37)
G............clients3.google.com.....

Thu Aug 24 13:59:17 2017 [77991]
TCP  192.168.43.155:37676 --> 192.237.192.48:80 | AP (419)
GET /_assets/captivecheck/success.html?t=1503601158147 HTTP/1.1.
Host: static.spotwifi.com.
Connection: keep-alive.
Cache-Control: max-age=0.
Accept: text/plain,text/html,*/*.
Accept-Encoding: identity.
Accept-Language: en-US.
User-Agent: Mozilla/5.0 (Linux; Android 4.4; Nexus 4 Build/KRT16H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36; Bx/2.3.20.260.20160627.
Cookie: .
.


Thu Aug 24 13:59:17 2017 [78059]
TCP  192.168.43.155:37676 --> 192.237.192.48:80 | FA (0)


Thu Aug 24 13:59:17 2017 [88231]
TCP  192.168.43.155:40807 --> 192.237.192.48:80 | S (0)


Thu Aug 24 13:59:17 2017 [436751]
TCP  192.168.43.155:37676 --> 192.237.192.48:80 | FAP (419)
GET /_assets/captivecheck/success.html?t=1503601158147 HTTP/1.1.
Host: static.spotwifi.com.
Connection: keep-alive.
Cache-Control: max-age=0.
Accept: text/plain,text/html,*/*.
Accept-Encoding: identity.
Accept-Language: en-US.
User-Agent: Mozilla/5.0 (Linux; Android 4.4; Nexus 4 Build/KRT16H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36; Bx/2.3.20.260.20160627.
Cookie: .
.


Thu Aug 24 13:59:17 2017 [974386]
TCP  192.168.43.155:37676 --> 192.237.192.48:80 | FAP (419)
GET /_assets/captivecheck/success.html?t=1503601158147 HTTP/1.1.
Host: static.spotwifi.com.
Connection: keep-alive.
Cache-Control: max-age=0.
Accept: text/plain,text/html,*/*.
Accept-Encoding: identity.
Accept-Language: en-US.
User-Agent: Mozilla/5.0 (Linux; Android 4.4; Nexus 4 Build/KRT16H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36; Bx/2.3.20.260.20160627.
Cookie: .
.


Thu Aug 24 13:59:18 2017 [65163]
TCP  192.168.43.155:40807 --> 192.237.192.48:80 | S (0)


Thu Aug 24 13:59:18 2017 [997786]
TCP  192.168.43.155:37676 --> 192.237.192.48:80 | FAP (419)
GET /_assets/captivecheck/success.html?t=1503601158147 HTTP/1.1.
Host: static.spotwifi.com.
Connection: keep-alive.
Cache-Control: max-age=0.
Accept: text/plain,text/html,*/*.
Accept-Encoding: identity.
Accept-Language: en-US.
User-Agent: Mozilla/5.0 (Linux; Android 4.4; Nexus 4 Build/KRT16H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36; Bx/2.3.20.260.20160627.
Cookie: .
.


Thu Aug 24 13:59:20 2017 [77420]
TCP  192.168.43.155:40807 --> 192.237.192.48:80 | S (0)


Thu Aug 24 13:59:21 2017 [88015]
TCP  192.168.43.155:37676 --> 192.237.192.48:80 | RA (0)


Thu Aug 24 13:59:24 2017 [92252]
TCP  192.168.43.155:40807 --> 192.237.192.48:80 | S (0)


Thu Aug 24 13:59:27 2017 [199199]
UDP  192.168.43.155:22225 --> 192.168.43.1:53 |  (37)
.............clients3.google.com.....

Thu Aug 24 13:59:29 2017 [526670]
UDP  192.168.43.155:18825 --> 192.168.43.1:53 |  (31)
.............www.lgcpm.com.....

Thu Aug 24 13:59:32 2017 [200075]
UDP  192.168.43.155:22225 --> 192.168.43.1:53 |  (37)
.............clients3.google.com.....

Thu Aug 24 13:59:34 2017 [524831]
UDP  192.168.43.155:18825 --> 192.168.43.1:53 |  (31)
.............www.lgcpm.com.....

Thu Aug 24 13:59:35 2017 [320921]
TCP  13.32.240.251:80 --> 192.168.43.155:47950 | FA (0)


Thu Aug 24 13:59:35 2017 [321149]
TCP  13.32.240.251:80 --> 192.168.43.155:44239 | FA (0)


Thu Aug 24 13:59:35 2017 [321173]
TCP  54.192.6.79:80 --> 192.168.43.155:48841 | FA (0)


Thu Aug 24 13:59:35 2017 [321191]
TCP  54.192.6.173:80 --> 192.168.43.155:48057 | FA (0)


Thu Aug 24 13:59:35 2017 [321509]
TCP  13.32.240.251:80 --> 192.168.43.155:47950 | FA (0)


Thu Aug 24 13:59:35 2017 [321530]
TCP  13.32.240.251:80 --> 192.168.43.155:44239 | FA (0)


Thu Aug 24 13:59:35 2017 [321545]
TCP  54.192.6.121:80 --> 192.168.43.155:49514 | FA (0)


Thu Aug 24 13:59:35 2017 [322165]
TCP  54.192.6.79:80 --> 192.168.43.155:48841 | FA (0)


Thu Aug 24 13:59:35 2017 [322196]
TCP  54.192.6.173:80 --> 192.168.43.155:48057 | FA (0)


Thu Aug 24 13:59:35 2017 [324133]
TCP  54.192.6.121:80 --> 192.168.43.155:49514 | FA (0)


Thu Aug 24 13:59:35 2017 [325394]
TCP  13.32.240.251:80 --> 192.168.43.155:47950 | FA (0)


Thu Aug 24 13:59:35 2017 [436417]
TCP  13.32.240.251:80 --> 192.168.43.155:44239 | FA (0)


Thu Aug 24 13:59:35 2017 [547272]
TCP  54.192.6.79:80 --> 192.168.43.155:48841 | FA (0)


Thu Aug 24 13:59:35 2017 [714367]
TCP  54.192.6.121:80 --> 192.168.43.155:49514 | FA (0)


Thu Aug 24 13:59:35 2017 [935846]
TCP  54.192.6.173:80 --> 192.168.43.155:48057 | FA (0)


Thu Aug 24 13:59:36 2017 [257425]
TCP  13.32.240.251:80 --> 192.168.43.155:47950 | FA (0)


Thu Aug 24 13:59:36 2017 [415332]
TCP  13.32.240.251:80 --> 192.168.43.155:44239 | FA (0)


Thu Aug 24 13:59:36 2017 [668001]
TCP  54.192.6.79:80 --> 192.168.43.155:48841 | FA (0)


Thu Aug 24 13:59:36 2017 [722730]
TCP  54.192.6.121:80 --> 192.168.43.155:49514 | FA (0)


Thu Aug 24 13:59:37 2017 [186727]
UDP  192.168.43.155:10902 --> 192.168.43.1:53 |  (37)
O............clients3.google.com.....

Thu Aug 24 13:59:37 2017 [569620]
TCP  54.192.6.173:80 --> 192.168.43.155:48057 | FA (0)


Thu Aug 24 13:59:38 2017 [245536]
TCP  13.32.240.251:80 --> 192.168.43.155:47950 | FA (0)


Thu Aug 24 13:59:38 2017 [370553]
TCP  13.32.240.251:80 --> 192.168.43.155:44239 | FA (0)


Thu Aug 24 13:59:38 2017 [742593]
TCP  54.192.6.121:80 --> 192.168.43.155:49514 | FA (0)


Thu Aug 24 13:59:38 2017 [913465]
TCP  54.192.6.79:80 --> 192.168.43.155:48841 | FA (0)


Thu Aug 24 13:59:39 2017 [527393]
UDP  192.168.43.155:25529 --> 192.168.43.1:53 |  (31)
e............www.lgcpm.com.....

Thu Aug 24 13:59:40 2017 [874226]
TCP  54.192.6.173:80 --> 192.168.43.155:48057 | FA (0)


Thu Aug 24 13:59:42 2017 [203316]
UDP  192.168.43.155:10902 --> 192.168.43.1:53 |  (37)
O............clients3.google.com.....

Thu Aug 24 13:59:42 2017 [225580]
TCP  13.32.240.251:80 --> 192.168.43.155:47950 | FA (0)


Thu Aug 24 13:59:42 2017 [282534]
TCP  13.32.240.251:80 --> 192.168.43.155:44239 | FA (0)


Thu Aug 24 13:59:42 2017 [778190]
TCP  54.192.6.121:80 --> 192.168.43.155:49514 | FA (0)


Thu Aug 24 13:59:43 2017 [409623]
TCP  54.192.6.79:80 --> 192.168.43.155:48841 | FA (0)


Thu Aug 24 13:59:44 2017 [536521]
UDP  192.168.43.155:25529 --> 192.168.43.1:53 |  (31)
e............www.lgcpm.com.....

Thu Aug 24 13:59:47 2017 [216311]
UDP  192.168.43.155:22769 --> 192.168.43.1:53 |  (37)
.............clients3.google.com.....

Thu Aug 24 13:59:47 2017 [386413]
TCP  54.192.6.173:80 --> 192.168.43.155:48057 | FA (0)


Thu Aug 24 13:59:50 2017 [104016]
TCP  13.32.240.251:80 --> 192.168.43.155:44239 | FA (0)


Thu Aug 24 13:59:50 2017 [177530]
TCP  13.32.240.251:80 --> 192.168.43.155:47950 | FA (0)


Thu Aug 24 13:59:50 2017 [858162]
TCP  54.192.6.121:80 --> 192.168.43.155:49514 | FA (0)


Thu Aug 24 13:59:52 2017 [217482]
UDP  192.168.43.155:22769 --> 192.168.43.1:53 |  (37)
.............clients3.google.com.....

Thu Aug 24 13:59:52 2017 [401685]
TCP  54.192.6.79:80 --> 192.168.43.155:48841 | FA (0)


Thu Aug 24 13:59:57 2017 [228174]
UDP  192.168.43.155:10310 --> 192.168.43.1:53 |  (37)
{B...........clients3.google.com.....

Thu Aug 24 14:00:00 2017 [473693]
TCP  54.192.6.173:80 --> 192.168.43.155:48057 | FA (0)


Thu Aug 24 14:00:02 2017 [226959]
UDP  192.168.43.155:10310 --> 192.168.43.1:53 |  (37)
{B...........clients3.google.com.....

Thu Aug 24 14:00:05 2017 [745969]
TCP  13.32.240.251:80 --> 192.168.43.155:44239 | FA (0)


Thu Aug 24 14:00:06 2017 [97002]
TCP  13.32.240.251:80 --> 192.168.43.155:47950 | FA (0)


Thu Aug 24 14:00:07 2017 [45547]
TCP  54.192.6.121:80 --> 192.168.43.155:49514 | FA (0)


Thu Aug 24 14:00:07 2017 [382031]
TCP  192.168.43.155:44983 --> 192.237.192.48:80 | S (0)


Thu Aug 24 14:00:07 2017 [442512]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | SA (0)


Thu Aug 24 14:00:08 2017 [378138]
TCP  192.168.43.155:44983 --> 192.237.192.48:80 | S (0)


Thu Aug 24 14:00:08 2017 [422148]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | A (0)


Thu Aug 24 14:00:09 2017 [350034]
UDP  192.168.43.155:28867 --> 192.168.43.1:53 |  (31)
#*...........www.lgcpm.com.....

Thu Aug 24 14:00:09 2017 [430764]
UDP  192.168.43.1:53 --> 192.168.43.155:28867 |  (47)
#*...........www.lgcpm.com.................6.1.

Thu Aug 24 14:00:10 2017 [376888]
TCP  192.168.43.155:44983 --> 192.237.192.48:80 | S (0)


Thu Aug 24 14:00:10 2017 [385127]
TCP  54.192.6.79:80 --> 192.168.43.155:48841 | FA (0)


Thu Aug 24 14:00:10 2017 [422855]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | A (0)


Thu Aug 24 14:00:14 2017 [358617]
UDP  192.168.43.155:28867 --> 192.168.43.1:53 |  (31)
#*...........www.lgcpm.com.....

Thu Aug 24 14:00:14 2017 [362873]
UDP  192.168.43.1:53 --> 192.168.43.155:28867 |  (47)
#*...........www.lgcpm.com.................6.1.

Thu Aug 24 14:00:14 2017 [378391]
TCP  192.168.43.155:44983 --> 192.237.192.48:80 | S (0)


Thu Aug 24 14:00:14 2017 [424358]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | A (0)


Thu Aug 24 14:00:17 2017 [547493]
UDP  192.168.43.155:27711 --> 192.168.43.1:53 |  (37)
g............clients3.google.com.....

Thu Aug 24 14:00:17 2017 [673178]
UDP  192.168.43.1:53 --> 192.168.43.155:27711 |  (89)
g............clients3.google.com..................clients.l...1..........&[email protected]    ........ .

Thu Aug 24 14:00:18 2017 [430106]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | FA (0)


Thu Aug 24 14:00:18 2017 [629062]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | FA (0)


Thu Aug 24 14:00:19 2017 [38276]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | FA (0)


Thu Aug 24 14:00:19 2017 [360994]
UDP  192.168.43.155:14104 --> 192.168.43.1:53 |  (31)
.D...........www.lgcpm.com.....

Thu Aug 24 14:00:19 2017 [366974]
UDP  192.168.43.1:53 --> 192.168.43.155:14104 |  (47)
.D...........www.lgcpm.com.................6.1.

Thu Aug 24 14:00:19 2017 [853141]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | FA (0)


Thu Aug 24 14:00:21 2017 [489966]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | FA (0)


Thu Aug 24 14:00:22 2017 [544834]
UDP  192.168.43.155:27711 --> 192.168.43.1:53 |  (37)
g............clients3.google.com.....

Thu Aug 24 14:00:24 2017 [374224]
UDP  192.168.43.155:14104 --> 192.168.43.1:53 |  (31)
.D...........www.lgcpm.com.....

Thu Aug 24 14:00:24 2017 [760534]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | FA (0)


Thu Aug 24 14:00:26 2017 [618548]
TCP  54.192.6.173:80 --> 192.168.43.155:48057 | FA (0)


Thu Aug 24 14:00:27 2017 [563436]
UDP  192.168.43.155:9800 --> 192.168.43.1:53 |  (37)
.............clients3.google.com.....

Thu Aug 24 14:00:31 2017 [386478]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | FA (0)


Thu Aug 24 14:00:32 2017 [553301]
UDP  192.168.43.155:9800 --> 192.168.43.1:53 |  (37)
.............clients3.google.com.....

Thu Aug 24 14:00:37 2017 [8701]
TCP  13.32.240.251:80 --> 192.168.43.155:44239 | FA (0)

Packet visualization stopped...

Inline help:

 [vV]      - change the visualization mode
 [pP]      - activate a plugin
 [fF]      - (de)activate a filter
 [lL]      - print the hosts list
 [oO]      - print the profiles list
 [cC]      - print the connections list
 [sS]      - print interfaces statistics
 [<space>] - stop/cont printing packets
 [qQ]      - quit

Closing text interface...


Terminating ettercap...
Lua cleanup complete!
ARP poisoner deactivated.
RE-ARPing the victims...
Unified sniffing was stopped.

┌─[[email protected]]─[/home/]
└──╼ #


----------



## Astr4y4L (Aug 24, 2017)

@MotoJunkie01

same thing different tool ...
##################################################


#ettercap -Tqi wlan1 -M ARP:REMOTE //192.168.43.1/

ettercap 0.8.2 copyright 2001-2015 Ettercap Development Team

Listening on:
 wlan1 -> 783:8D:000:8A
      192.168.43.11/255.255.255.0
      fe80::b14e:e90e:9a36:b353/64
      2600:100b:b000:f49b:3aba:b2f1:e1af:f911/64

Privileges dropped to EUID 65534 EGID 65534...

  33 plugins
  42 protocol dissectors
  57 ports monitored
20388 mac vendor fingerprint
1766 tcp OS fingerprint
2182 known services
Lua: no scripts were specified, not starting up!

Randomizing 255 hosts for scanning...
Scanning the whole netmask for 255 hosts...
* |==================================================>| 100.00 %

Scanning for merged targets (1 hosts)...

* |==================================================>| 100.00 %

2 hosts added to the hosts list...

ARP poisoning victims:

 GROUP 1 : 192.168.43.1 783:8D:000:8A

 GROUP 2 : ANY (all the hosts in the list)
Starting Unified sniffing...


Text only Interface activated...
Hit 'h' for inline help


Packet visualization restarted...

Packet visualization stopped...

Packet visualization restarted...


Thu Aug 24 13:58:36 2017 [855977]
UDP  192.168.43.155:6186 --> 192.168.43.1:53 |  (37)
1b...........clients3.google.com.....

Thu Aug 24 13:58:39 2017 [151424]
UDP  192.168.43.155:30383 --> 192.168.43.1:53 |  (31)
@...........www.lgcpm.com.....

Thu Aug 24 13:58:41 2017 [848318]
TCP  192.168.43.155:44423 --> 148.62.2.198:443 | S (0)


Thu Aug 24 13:58:41 2017 [860314]
UDP  192.168.43.155:6186 --> 192.168.43.1:53 |  (37)
1b...........clients3.google.com.....

Thu Aug 24 13:58:42 2017 [826240]
TCP  192.168.43.155:44423 --> 148.62.2.198:443 | S (0)


Thu Aug 24 13:58:44 2017 [146534]
UDP  192.168.43.155:30383 --> 192.168.43.1:53 |  (31)
@...........www.lgcpm.com.....

Thu Aug 24 13:58:44 2017 [839176]
TCP  192.168.43.155:44423 --> 148.62.2.198:443 | S (0)


Thu Aug 24 13:58:46 2017 [866902]
UDP  192.168.43.155:21580 --> 192.168.43.1:53 |  (37)
M\...........clients3.google.com.....

Thu Aug 24 13:58:48 2017 [837434]
TCP  192.168.43.155:44423 --> 148.62.2.198:443 | S (0)


Thu Aug 24 13:58:49 2017 [161128]
UDP  192.168.43.155:22159 --> 192.168.43.1:53 |  (31)
L    ...........www.lgcpm.com.....

Thu Aug 24 13:58:51 2017 [893262]
UDP  192.168.43.155:21580 --> 192.168.43.1:53 |  (37)
M\...........clients3.google.com.....

Thu Aug 24 13:58:52 2017 [804406]
TCP  192.168.43.155:46467 --> 148.62.2.198:443 | S (0)


Thu Aug 24 13:58:53 2017 [820515]
TCP  192.168.43.155:46467 --> 148.62.2.198:443 | S (0)


Thu Aug 24 13:58:54 2017 [154987]
UDP  192.168.43.155:22159 --> 192.168.43.1:53 |  (31)
L    ...........www.lgcpm.com.....

Thu Aug 24 13:58:55 2017 [809274]
TCP  192.168.43.155:46467 --> 148.62.2.198:443 | S (0)


Thu Aug 24 13:58:56 2017 [879144]
UDP  192.168.43.155:10558 --> 192.168.43.1:53 |  (37)
)1...........clients3.google.com.....

Thu Aug 24 13:58:59 2017 [827543]
TCP  192.168.43.155:46467 --> 148.62.2.198:443 | S (0)


Thu Aug 24 13:59:01 2017 [909986]
UDP  192.168.43.155:10558 --> 192.168.43.1:53 |  (37)
)1...........clients3.google.com.....

Thu Aug 24 13:59:06 2017 [898333]
UDP  192.168.43.155:24386 --> 192.168.43.1:53 |  (37)
G............clients3.google.com.....

Thu Aug 24 13:59:11 2017 [913195]
UDP  192.168.43.155:24386 --> 192.168.43.1:53 |  (37)
G............clients3.google.com.....

Thu Aug 24 13:59:17 2017 [77991]
TCP  192.168.43.155:37676 --> 192.237.192.48:80 | AP (419)
GET /_assets/captivecheck/success.html?t=1503601158147 HTTP/1.1.
Host: static.spotwifi.com.
Connection: keep-alive.
Cache-Control: max-age=0.
Accept: text/plain,text/html,*/*.
Accept-Encoding: identity.
Accept-Language: en-US.
User-Agent: Mozilla/5.0 (Linux; Android 4.4; Nexus 4 Build/KRT16H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36; Bx/2.3.20.260.20160627.
Cookie: .
.


Thu Aug 24 13:59:17 2017 [78059]
TCP  192.168.43.155:37676 --> 192.237.192.48:80 | FA (0)


Thu Aug 24 13:59:17 2017 [88231]
TCP  192.168.43.155:40807 --> 192.237.192.48:80 | S (0)


Thu Aug 24 13:59:17 2017 [436751]
TCP  192.168.43.155:37676 --> 192.237.192.48:80 | FAP (419)
GET /_assets/captivecheck/success.html?t=1503601158147 HTTP/1.1.
Host: static.spotwifi.com.
Connection: keep-alive.
Cache-Control: max-age=0.
Accept: text/plain,text/html,*/*.
Accept-Encoding: identity.
Accept-Language: en-US.
User-Agent: Mozilla/5.0 (Linux; Android 4.4; Nexus 4 Build/KRT16H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36; Bx/2.3.20.260.20160627.
Cookie: .
.


Thu Aug 24 13:59:17 2017 [974386]
TCP  192.168.43.155:37676 --> 192.237.192.48:80 | FAP (419)
GET /_assets/captivecheck/success.html?t=1503601158147 HTTP/1.1.
Host: static.spotwifi.com.
Connection: keep-alive.
Cache-Control: max-age=0.
Accept: text/plain,text/html,*/*.
Accept-Encoding: identity.
Accept-Language: en-US.
User-Agent: Mozilla/5.0 (Linux; Android 4.4; Nexus 4 Build/KRT16H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36; Bx/2.3.20.260.20160627.
Cookie: .
.


Thu Aug 24 13:59:18 2017 [65163]
TCP  192.168.43.155:40807 --> 192.237.192.48:80 | S (0)


Thu Aug 24 13:59:18 2017 [997786]
TCP  192.168.43.155:37676 --> 192.237.192.48:80 | FAP (419)
GET /_assets/captivecheck/success.html?t=1503601158147 HTTP/1.1.
Host: static.spotwifi.com.
Connection: keep-alive.
Cache-Control: max-age=0.
Accept: text/plain,text/html,*/*.
Accept-Encoding: identity.
Accept-Language: en-US.
User-Agent: Mozilla/5.0 (Linux; Android 4.4; Nexus 4 Build/KRT16H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36; Bx/2.3.20.260.20160627.
Cookie: .
.


Thu Aug 24 13:59:20 2017 [77420]
TCP  192.168.43.155:40807 --> 192.237.192.48:80 | S (0)


Thu Aug 24 13:59:21 2017 [88015]
TCP  192.168.43.155:37676 --> 192.237.192.48:80 | RA (0)


Thu Aug 24 13:59:24 2017 [92252]
TCP  192.168.43.155:40807 --> 192.237.192.48:80 | S (0)


Thu Aug 24 13:59:27 2017 [199199]
UDP  192.168.43.155:22225 --> 192.168.43.1:53 |  (37)
.............clients3.google.com.....

Thu Aug 24 13:59:29 2017 [526670]
UDP  192.168.43.155:18825 --> 192.168.43.1:53 |  (31)
.............www.lgcpm.com.....

Thu Aug 24 13:59:32 2017 [200075]
UDP  192.168.43.155:22225 --> 192.168.43.1:53 |  (37)
.............clients3.google.com.....

Thu Aug 24 13:59:34 2017 [524831]
UDP  192.168.43.155:18825 --> 192.168.43.1:53 |  (31)
.............www.lgcpm.com.....

Thu Aug 24 13:59:35 2017 [320921]
TCP  13.32.240.251:80 --> 192.168.43.155:47950 | FA (0)


Thu Aug 24 13:59:35 2017 [321149]
TCP  13.32.240.251:80 --> 192.168.43.155:44239 | FA (0)


Thu Aug 24 13:59:35 2017 [321173]
TCP  54.192.6.79:80 --> 192.168.43.155:48841 | FA (0)


Thu Aug 24 13:59:35 2017 [321191]
TCP  54.192.6.173:80 --> 192.168.43.155:48057 | FA (0)


Thu Aug 24 13:59:35 2017 [321509]
TCP  13.32.240.251:80 --> 192.168.43.155:47950 | FA (0)


Thu Aug 24 13:59:35 2017 [321530]
TCP  13.32.240.251:80 --> 192.168.43.155:44239 | FA (0)


Thu Aug 24 13:59:35 2017 [321545]
TCP  54.192.6.121:80 --> 192.168.43.155:49514 | FA (0)


Thu Aug 24 13:59:35 2017 [322165]
TCP  54.192.6.79:80 --> 192.168.43.155:48841 | FA (0)


Thu Aug 24 13:59:35 2017 [322196]
TCP  54.192.6.173:80 --> 192.168.43.155:48057 | FA (0)


Thu Aug 24 13:59:35 2017 [324133]
TCP  54.192.6.121:80 --> 192.168.43.155:49514 | FA (0)


Thu Aug 24 13:59:35 2017 [325394]
TCP  13.32.240.251:80 --> 192.168.43.155:47950 | FA (0)


Thu Aug 24 13:59:35 2017 [436417]
TCP  13.32.240.251:80 --> 192.168.43.155:44239 | FA (0)


Thu Aug 24 13:59:35 2017 [547272]
TCP  54.192.6.79:80 --> 192.168.43.155:48841 | FA (0)


Thu Aug 24 13:59:35 2017 [714367]
TCP  54.192.6.121:80 --> 192.168.43.155:49514 | FA (0)


Thu Aug 24 13:59:35 2017 [935846]
TCP  54.192.6.173:80 --> 192.168.43.155:48057 | FA (0)


Thu Aug 24 13:59:36 2017 [257425]
TCP  13.32.240.251:80 --> 192.168.43.155:47950 | FA (0)


Thu Aug 24 13:59:36 2017 [415332]
TCP  13.32.240.251:80 --> 192.168.43.155:44239 | FA (0)


Thu Aug 24 13:59:36 2017 [668001]
TCP  54.192.6.79:80 --> 192.168.43.155:48841 | FA (0)


Thu Aug 24 13:59:36 2017 [722730]
TCP  54.192.6.121:80 --> 192.168.43.155:49514 | FA (0)


Thu Aug 24 13:59:37 2017 [186727]
UDP  192.168.43.155:10902 --> 192.168.43.1:53 |  (37)
O............clients3.google.com.....

Thu Aug 24 13:59:37 2017 [569620]
TCP  54.192.6.173:80 --> 192.168.43.155:48057 | FA (0)


Thu Aug 24 13:59:38 2017 [245536]
TCP  13.32.240.251:80 --> 192.168.43.155:47950 | FA (0)


Thu Aug 24 13:59:38 2017 [370553]
TCP  13.32.240.251:80 --> 192.168.43.155:44239 | FA (0)


Thu Aug 24 13:59:38 2017 [742593]
TCP  54.192.6.121:80 --> 192.168.43.155:49514 | FA (0)


Thu Aug 24 13:59:38 2017 [913465]
TCP  54.192.6.79:80 --> 192.168.43.155:48841 | FA (0)


Thu Aug 24 13:59:39 2017 [527393]
UDP  192.168.43.155:25529 --> 192.168.43.1:53 |  (31)
e............www.lgcpm.com.....

Thu Aug 24 13:59:40 2017 [874226]
TCP  54.192.6.173:80 --> 192.168.43.155:48057 | FA (0)


Thu Aug 24 13:59:42 2017 [203316]
UDP  192.168.43.155:10902 --> 192.168.43.1:53 |  (37)
O............clients3.google.com.....

Thu Aug 24 13:59:42 2017 [225580]
TCP  13.32.240.251:80 --> 192.168.43.155:47950 | FA (0)


Thu Aug 24 13:59:42 2017 [282534]
TCP  13.32.240.251:80 --> 192.168.43.155:44239 | FA (0)


Thu Aug 24 13:59:42 2017 [778190]
TCP  54.192.6.121:80 --> 192.168.43.155:49514 | FA (0)


Thu Aug 24 13:59:43 2017 [409623]
TCP  54.192.6.79:80 --> 192.168.43.155:48841 | FA (0)


Thu Aug 24 13:59:44 2017 [536521]
UDP  192.168.43.155:25529 --> 192.168.43.1:53 |  (31)
e............www.lgcpm.com.....

Thu Aug 24 13:59:47 2017 [216311]
UDP  192.168.43.155:22769 --> 192.168.43.1:53 |  (37)
.............clients3.google.com.....

Thu Aug 24 13:59:47 2017 [386413]
TCP  54.192.6.173:80 --> 192.168.43.155:48057 | FA (0)


Thu Aug 24 13:59:50 2017 [104016]
TCP  13.32.240.251:80 --> 192.168.43.155:44239 | FA (0)


Thu Aug 24 13:59:50 2017 [177530]
TCP  13.32.240.251:80 --> 192.168.43.155:47950 | FA (0)


Thu Aug 24 13:59:50 2017 [858162]
TCP  54.192.6.121:80 --> 192.168.43.155:49514 | FA (0)


Thu Aug 24 13:59:52 2017 [217482]
UDP  192.168.43.155:22769 --> 192.168.43.1:53 |  (37)
.............clients3.google.com.....

Thu Aug 24 13:59:52 2017 [401685]
TCP  54.192.6.79:80 --> 192.168.43.155:48841 | FA (0)


Thu Aug 24 13:59:57 2017 [228174]
UDP  192.168.43.155:10310 --> 192.168.43.1:53 |  (37)
{B...........clients3.google.com.....

Thu Aug 24 14:00:00 2017 [473693]
TCP  54.192.6.173:80 --> 192.168.43.155:48057 | FA (0)


Thu Aug 24 14:00:02 2017 [226959]
UDP  192.168.43.155:10310 --> 192.168.43.1:53 |  (37)
{B...........clients3.google.com.....

Thu Aug 24 14:00:05 2017 [745969]
TCP  13.32.240.251:80 --> 192.168.43.155:44239 | FA (0)


Thu Aug 24 14:00:06 2017 [97002]
TCP  13.32.240.251:80 --> 192.168.43.155:47950 | FA (0)


Thu Aug 24 14:00:07 2017 [45547]
TCP  54.192.6.121:80 --> 192.168.43.155:49514 | FA (0)


Thu Aug 24 14:00:07 2017 [382031]
TCP  192.168.43.155:44983 --> 192.237.192.48:80 | S (0)


Thu Aug 24 14:00:07 2017 [442512]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | SA (0)


Thu Aug 24 14:00:08 2017 [378138]
TCP  192.168.43.155:44983 --> 192.237.192.48:80 | S (0)


Thu Aug 24 14:00:08 2017 [422148]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | A (0)


Thu Aug 24 14:00:09 2017 [350034]
UDP  192.168.43.155:28867 --> 192.168.43.1:53 |  (31)
#*...........www.lgcpm.com.....

Thu Aug 24 14:00:09 2017 [430764]
UDP  192.168.43.1:53 --> 192.168.43.155:28867 |  (47)
#*...........www.lgcpm.com.................6.1.

Thu Aug 24 14:00:10 2017 [376888]
TCP  192.168.43.155:44983 --> 192.237.192.48:80 | S (0)


Thu Aug 24 14:00:10 2017 [385127]
TCP  54.192.6.79:80 --> 192.168.43.155:48841 | FA (0)


Thu Aug 24 14:00:10 2017 [422855]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | A (0)


Thu Aug 24 14:00:14 2017 [358617]
UDP  192.168.43.155:28867 --> 192.168.43.1:53 |  (31)
#*...........www.lgcpm.com.....

Thu Aug 24 14:00:14 2017 [362873]
UDP  192.168.43.1:53 --> 192.168.43.155:28867 |  (47)
#*...........www.lgcpm.com.................6.1.

Thu Aug 24 14:00:14 2017 [378391]
TCP  192.168.43.155:44983 --> 192.237.192.48:80 | S (0)


Thu Aug 24 14:00:14 2017 [424358]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | A (0)


Thu Aug 24 14:00:17 2017 [547493]
UDP  192.168.43.155:27711 --> 192.168.43.1:53 |  (37)
g............clients3.google.com.....

Thu Aug 24 14:00:17 2017 [673178]
UDP  192.168.43.1:53 --> 192.168.43.155:27711 |  (89)
g............clients3.google.com..................clients.l...1..........&[email protected]    ........ .

Thu Aug 24 14:00:18 2017 [430106]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | FA (0)


Thu Aug 24 14:00:18 2017 [629062]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | FA (0)


Thu Aug 24 14:00:19 2017 [38276]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | FA (0)


Thu Aug 24 14:00:19 2017 [360994]
UDP  192.168.43.155:14104 --> 192.168.43.1:53 |  (31)
.D...........www.lgcpm.com.....

Thu Aug 24 14:00:19 2017 [366974]
UDP  192.168.43.1:53 --> 192.168.43.155:14104 |  (47)
.D...........www.lgcpm.com.................6.1.

Thu Aug 24 14:00:19 2017 [853141]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | FA (0)


Thu Aug 24 14:00:21 2017 [489966]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | FA (0)


Thu Aug 24 14:00:22 2017 [544834]
UDP  192.168.43.155:27711 --> 192.168.43.1:53 |  (37)
g............clients3.google.com.....

Thu Aug 24 14:00:24 2017 [374224]
UDP  192.168.43.155:14104 --> 192.168.43.1:53 |  (31)
.D...........www.lgcpm.com.....

Thu Aug 24 14:00:24 2017 [760534]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | FA (0)


Thu Aug 24 14:00:26 2017 [618548]
TCP  54.192.6.173:80 --> 192.168.43.155:48057 | FA (0)


Thu Aug 24 14:00:27 2017 [563436]
UDP  192.168.43.155:9800 --> 192.168.43.1:53 |  (37)
.............clients3.google.com.....

Thu Aug 24 14:00:31 2017 [386478]
TCP  192.237.192.48:80 --> 192.168.43.155:44983 | FA (0)


Thu Aug 24 14:00:32 2017 [553301]
UDP  192.168.43.155:9800 --> 192.168.43.1:53 |  (37)
.............clients3.google.com.....

Thu Aug 24 14:00:37 2017 [8701]
TCP  13.32.240.251:80 --> 192.168.43.155:44239 | FA (0)

Packet visualization stopped...

Inline help:

 [vV]      - change the visualization mode
 [pP]      - activate a plugin
 [fF]      - (de)activate a filter
 [lL]      - print the hosts list
 [oO]      - print the profiles list
 [cC]      - print the connections list
 [sS]      - print interfaces statistics
 [<space>] - stop/cont printing packets
 [qQ]      - quit

Closing text interface...


Terminating ettercap...
Lua cleanup complete!
ARP poisoner deactivated.
RE-ARPing the victims...
Unified sniffing was stopped.

┌─[[email protected]]─[/home/]
└──╼ #


----------



## MotoJunkie01 (Aug 24, 2017)

@Astr4y4L, on your question about TracFone coverage in the area of Georgia you specified, keepl in mind that Tracfone is a multi subsidized MVNO which utilizes all four of the major networks in the United States. The type of device being used, in conjunction with the geographical area of coverage, determines the specific network towers which will be used. What is the default network type on your Rebel , GSM or CDMA?


----------



## Astr4y4L (Aug 25, 2017)

MotoJunkie01 said:


> @Astr4y4L, on your question about TracFone coverage in the area of Georgia you specified, keepl in mind that Tracfone is a multi subsidized MVNO which utilizes all four of the major networks in the United States. The type of device being used, in conjunction with the geographical area of coverage, determines the specific network towers which will be used. What is the default network type on your Rebel , GSM or CDMA?

Click to collapse



Honestly I'm not sure it shows signal bars with no sim but if I put one of my other sims in it it just nags about wrong sim.
Its not vulnerable to qualcom quadroot or dirtcow or kingroot etc...

---------- Post added at 07:06 PM ---------- Previous post was at 06:50 PM ----------




Astr4y4L said:


> Honestly I'm not sure it shows signal bars with no sim but if I put one of my other sims in it it just nags about wrong sim.
> Its not vulnerable to qualcom quadroot or dirtcow or kingroot etc...

Click to collapse



But from your discription of networks it should be fine.
But if I can find any way to root it it would be awsome


----------



## jjangsangy (Aug 25, 2017)

Astr4y4L said:


> Did you use the refurbish option in download_mode on lgup when flashing pp2?

Click to collapse



Oh wow, ya I did glance over that part. Good catch, I'll give that a try today. Thanks


----------



## Astr4y4L (Aug 25, 2017)

jjangsangy said:


> Oh wow, ya I did glance over that part. Good catch, I'll give that a try today. Thanks

Click to collapse



Hey good luck to you !
Did you grab my ZONE3_root.zip.  rooting package?
It has everything you need after you downgrade.
I'm. Currently working on modification of the stock aboot


----------



## jjangsangy (Aug 25, 2017)

Astr4y4L said:


> Hey good luck to you !
> Did you grab my ZONE3_root.zip.  rooting package?
> It has everything you need after you downgrade.
> I'm. Currently working on modification of the stock aboot

Click to collapse





Astr4y4L said:


> Hey good luck to you !
> Did you grab my ZONE3_root.zip.  rooting package?
> It has everything you need after you downgrade.
> I'm. Currently working on modification of the stock aboot

Click to collapse



Yes, so here is exactly what you did. I've modified some of the steps in places that needed more elaboration if that helps

Gist: gist.github.com/jjangsangy/b0e7116bf31ca36f676feeb74502a87d


----------



## Astr4y4L (Aug 25, 2017)

jjangsangy said:


> Yes, so here is exactly what you did. I've modified some of the steps in places that needed more elaboration if that helps
> 
> Gist: gist.github.com/jjangsangy/b0e7116bf31ca36f676feeb74502a87d

Click to collapse



Here is what I've done I've killed Apache on my development server because I don't appriciate my work being posted publicly anywhere else.
@MotoJunkie01
If anyone needs my work they'll have to pm me for a new link 
Or make a donation to get download links.
Untill ofcourse our friend @jjangsangy
Takes his public revision of my work down
@MotoJunkie01 if u need anything. Holler at me and we'll get it.
I don't appreciate my work being posted in gist.hub
Thanks everyone I will continue our work on this device
Pm me or make a donation to get my files


----------



## jazzdglass (Aug 25, 2017)

Astr4y4L said:


> Here is what I've done I've killed Apache on my development server because I don't appriciate my work being posted publicly anywhere else.
> @MotoJunkie01
> If anyone needs my work they'll have to pm me for a new link
> Or make a donation to get download links.
> ...

Click to collapse



How about the sim unlock thing?


----------



## Astr4y4L (Aug 25, 2017)

jazzdglass said:


> How about the sim unlock thing?

Click to collapse



Have u removed my work from your gist.hub?
If so I'll. Turn the server back on and continue to post my work on both SIM_unlocking and our custom boot and recovery work.
Otherwise
I will keep my findings to myself. And my associates
Thanks
Astr4y4L
TEAM_astr4y4L


----------



## jazzdglass (Aug 25, 2017)

Astr4y4L said:


> Have u removed my work from your gist.hub?
> If so I'll. Turn the server back on and continue to post my work on both SIM_unlocking and our custom boot and recovery work.
> Otherwise
> I will keep my findings to myself. And my associates
> ...

Click to collapse



I didn't put your work on gist.hub


----------



## Astr4y4L (Aug 25, 2017)

jazzdglass said:


> I didn't put your work on gist.hub

Click to collapse



Ok then explain this...

gist.github.com/jjangsangy/b0e7116bf31ca36f676feeb74502a87d

This is where you reposted my work publicly
And I don't appreciate. It at all
that's sort of unethical. When you could just get it at my website
This is a problem. Because I depend upon people visiting my site.  
You are impeding my development by taking away my donation page.
My work is dependent upon donations to fund. Continued development.
You are not a member of team astr4y4l 
please remove this gist.hub you created with my work.
gist.github.com/jjangsangy/b0e7116bf31ca36f676feeb74502a87d
You need to take that down or I will not continue to share my developments with the community
Thanks
Astr4y4L


----------



## jazzdglass (Aug 25, 2017)

Astr4y4L said:


> Ok then explain this...
> 
> gist.github.com/jjangsangy/b0e7116bf31ca36f676feeb74502a87d
> 
> ...

Click to collapse



Why don't you look closely at usernames before making wrong accusations?


----------



## MotoJunkie01 (Aug 25, 2017)

@Astr4y4L what has happened?


----------



## Astr4y4L (Aug 25, 2017)

jjangsangy said:


> Yes, so here is exactly what you did. I've modified some of the steps in places that needed more elaboration if that helps
> 
> Gist: gist.github.com/jjangsangy/b0e7116bf31ca36f676feeb74502a87d

Click to collapse



 @Motojunkie01

Brother this has happened , my work my tut. has been posted in gist.hub
I don't like that, you understand being part of Team_Astr4y4L that anyone looking for our work can freely find it on our server ...
but this guy has taken my work and placed it somewhere else which bypasses our donation and introduction , etc.
which means even if someone wanted to donate or help with development they wont see our stuff if the Web-crawler catches this gist.hub stuff then google will direct them there instead of our development site....
 if this continues someone else takes credit for our project...
We loose Frankin_Mod... 
it becomes
 @jjangsangy _Mod
i don't appriciate it and am considering re uploading the Zone3_Root with a little Present in it for anyone stupid enough to just click things,
Metasploit is really fun to use. maby they download the NEW package and thair PC now Needs New Hardware Because I set the CPU and Gpu Clock speed way to high
burn it all !!!!
I Hate feeling as if my Hard work is redistributed in another name...
I Could crash XDA and Gist.hub easily with a few term. commands {BOT_NET DDOS}

---------- Post added at 02:14 PM ---------- Previous post was at 01:59 PM ----------




jazzdglass said:


> Why don't you look closely at usernames before making wrong accusations?

Click to collapse



OOPS !!!!

So sory Brother Hit the wrong Button And thats My Mistake.

your absolutly right it wasnt you it is this other guy and i hit the wrong reply button...
kinda had me shook up.
I apologize for my mistake.
the person I thought I was Speaking to is this guy @jjangsangy
and Listen Bro I will share with you but not publicly untill @jjangsangy removes the offending page at gist.hub
I am working on the sim_mod and been working on aboot so that we can use @Motojunkie01 's Custom TWRP recovery
and then My Plan is to rebuild the stock .kdz's so that we just flash our .kdz on LGUP and have root , TWRP ,and Team_Astr4y4L's Frankin_Mod ROM

---------- Post added at 02:36 PM ---------- Previous post was at 02:14 PM ----------



MotoJunkie01 said:


> @Astr4y4L what has happened?

Click to collapse

 
HERE IT IS IN A NUT_SHELL ....

#######################################
@jjangsangy
Please Remove The Gist.Hub That you created with my work .
I don't appriciate My Hard work being stolen.
the whole point is this ...
people need the firmware replacements and tools i put in the package to have stable root.
they  go to my personal webserver to download. everything go's great so they  donate a dollar to my paypall and 8 dollers equals a pack of pampers for  my kid...
30 dollars equals another zone3 to use for developing Frankin_Mod Rom By Team_Astr4y4L
So As You Can surly see I feel as if you have stolen from me and Team_Astr4y4L
this  is bad for the whole community because i've disabled the server untill  such time as you remove the offending page at gist.hub.
otherwise we will stop developing for Zone3 and Start Investigation and Recon. on you sir...

  If you wanted to help you should ask before doing something like this...

  You wouldent want a dedicated team of hAcKeRz upset with you would you?

  Stuff Like this causes problems for the whole community when a Noob Such as yourself takes it upon himself to change things...
 Please Do Not Do This Sort Of Thing In The Future

  Oh And welcome to XDA.

######################################

So thats where I stand on this .

Team Astr4y4L Is Not Going To Publish anymore findings or development if Noobs Are going to pull this ****.
I'm Pissed Bro !


----------



## jazzdglass (Aug 26, 2017)

MotoJunkie01 said:


> @Astr4y4L what has happened?

Click to collapse



Hi? Can you take a look at this? 
What files do I need to move and to where? This is from an sh file extension in a flashable zip. I can't flash a zip. So I think I could try manually follow same process. The file enables GSM for cdma phones. 

#!/sbin/sh
# 
# /system/addon.d/99-cdma_to_gsm_settings.sh
#
# Patch CDMA to GSM for Android Global Phones v 4.2.7
# Build: 25/04/2016 14:34
# by Mentor - www.internauta37.altervista.org
# [email protected]
#

. /tmp/backuptool.functions

list_files() {
cat <<EOF
bin/cdma_to_gsm_settings.sh
etc/apns-conf.xml
EOF
}

case "$1" in
  backup)
    list_files | while read FILE DUMMY; do
      backup_file $S/"$FILE"
    done
  ;;
  restore)
    list_files | while read FILE REPLACEMENT; do
      R=""
      [ -n "$REPLACEMENT" ] && R="$S/$REPLACEMENT"
      [ -f "$C/$S/$FILE" ] && restore_file $S/"$FILE" "$R"
    done
  ;;
  pre-backup)
  ;;
  post-backup)
  ;;
  pre-restore)
      cp /system/etc/apns-conf.xml /system/etc/apns-conf.xml.bak
  ;;
  post-restore)
      sh /system/bin/cdma_to_gsm_settings.sh
  ;;
esac


----------



## Astr4y4L (Aug 26, 2017)

jazzdglass said:


> Hi? Can you take a look at this?
> What files do I need to move and to where? This is from an sh file extension in a flashable zip. I can't flash a zip. So I think I could try manually follow same process. The file enables GSM for cdma phones.
> 
> #!/sbin/sh
> ...

Click to collapse



THIS WAS MADE TO BE FLASHED IN RECOVERY HAVING WRITE ACCESS TO /SYSTEM
However...

unzip it to your desktop  look for the folders named bin and etc.... inside you'll find 
inside of bin=cdma_to_gsm_settings.sh
inside of etc = apns-conf.xml
MOVE THESE TO DATA/LOCAL/TMP
adb push "file-name" "/data/local/tmp/"
adb shell
su
mount -o remount,rw /
mount -o remount,rw /system
mount -o remount,rw /proc
mount -o remount,rw /dev
mount -o remount,rw /sys
setenforce 0
chmod 0777 /data/local/tmp/*
mv /system/etc/apns-conf.xml  /system/etc/apns-conf.xml.bak
mv /data/local/tmp/apns-conf.xml /system/etc/apns-conf.xml
chmod 644 /system/etc/apns-conf.xm
AND NOW YOU WOULD RUN THE SHELL SCRIPT cdma_to_gsm_settings.sh
WICH YOU MOVED TO TMP EARLIER
cd /data/local/tmp/
./cdma_to_gsm_settings.sh
###################################
and then wait for meltdown  
I DO NOT RECOMMEND  THIS !!!!
but if your absolutely going to try it anyways  back-up build.prop first 
and maby open that script {cdma_to_gsm_settings.sh}
and run the commands one line at a time into adb su shell
instead of blindly running shell scripts that change your device discripters
WARNING IF BUILD.PROP PERMISSIONS ARN'T SET CORRECTLY YOU WILL BRICK,
IF BUILD.PROP PERMISSIONS ARN'T SET CORRECTLY AND YOU BRICK,OR IF YOU CHANGE DEVICE DISCRIPTORS IN BUILD.PROP AND YOU BRICK ,LG UP , NOR ANY FLASHTOOL CAN HELP YOU.
AND DO NOT DO FACTORY RESET FROM THE RECOVERY OR YOU WILL LOOSE ANY CONNECTION YOU HAVE REMAINING IN ADB AND YOU WILL HAVE NO CHANCE TO RECOVER

################################### @jazzdglass,
Bro I have Tried this very thing and report that by its-self this fixes nothing. but added to tinkering with the files and databases in /data/data/com.android.telephony/
and a few others like that i ended up with a working data over LTE connection on a Cricket simcard but i couldn't make any sort of phone call or send messages ...but could get right to google.com ,etc
so its a possibility  that you may find the piece i missed and unlock this and i wish you luck but i advise you not to do this because you will most likely end with a brick thats un-recoverable.
that being said happy hacking,
Astr4y4L


----------



## Astr4y4L (Aug 26, 2017)

@jazzdglass
I am actually looking for a fix for the messed up build.prop as we speak

---------- Post added at 03:00 PM ---------- Previous post was at 02:54 PM ----------

tried this

adb shell "su -c mount -o rw,remount /system/ /system/"
adb shell "su -c cp /system/build.prop.bak /system/build.prop
adb shell "su -c chmod 644 /system/build.prop
adb shell "su -c mount -o ro,remount /system/ /system/"

and reboot but still didn't work,
problem is boot process is halted somewhere so su isn't running
but it doesn't give error message either...


----------



## Astr4y4L (Aug 27, 2017)

Update:
Newest development.... 
After communication with @jjangsangy,
He has given me rights to the page he created with my work so the server has been turned back on and Zone3_Root.zip is now available for download once again....
Thanks to everyone


----------



## Astr4y4L (Aug 28, 2017)

On an unrelated note...
After configureing kodi between 3 pc and an android ...
Something can be said for an xml driven UI


----------



## jazzdglass (Aug 30, 2017)

Astr4y4L said:


> On an unrelated note...
> After configureing kodi between 3 pc and an android ...
> Something can be said for an xml driven UI

Click to collapse



On another unrelated note, how do I get full log on my phone? It's a T-mobile S7 G930T. I want to use an unlock service (by USB method) . The unlocker will be using TeamViewer to connect to my system while my phone is connected to my system. He says the process is instant. I wish to capture all what he's doing on my phone. The unlock service is pretty costly. About $99.99


----------



## MotoJunkie01 (Aug 30, 2017)

jazzdglass said:


> On another unrelated note, how do I get full log on my phone? It's a T-mobile S7 G930T. I want to use an unlock service (by USB method) . The unlocker will be using TeamViewer to connect to my system while my phone is connected to my system. He says the process is instant. I wish to capture all what he's doing on my phone. The unlock service is pretty costly. About $99.99

Click to collapse



You should be able to install a simple logcat reader from the play store and be able to capture everything taking place via the tethered process.


----------



## Astr4y4L (Aug 30, 2017)

adb logcat > [your home directory /logcat.txt

And maby route the whole internet connection through another pc and run
ettercap or wireshark or the like to catch all
Network traffic.  Analyze the capture files
For the command sent
And find a logcat for the pc running the teamviewer

---------- Post added at 12:56 PM ---------- Previous post was at 12:54 PM ----------

Probably need a good keylogger too


----------



## Astr4y4L (Aug 30, 2017)

@MotoJunkie01
Hey bro lookie what I found  this may be what we needed to figure out our problem.
It involves exploiting /tz to cause a particular qfuse to be blown resulting in unlocked bootloader!
Applicable to qualacomm devices I believe I will investigate this it deals with a Motorola device in the article but I believe it will apply to our zone 3 once modified to our particular bootchain.
Check it out

http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html?m=1


----------



## Astr4y4L (Aug 31, 2017)

jazzdglass said:


> I didn't put your work on gist.hub

Click to collapse





jazzdglass said:


> On another unrelated note, how do I get full log on my phone? It's a T-mobile S7 G930T. I want to use an unlock service (by USB method) . The unlocker will be using TeamViewer to connect to my system while my phone is connected to my system. He says the process is instant. I wish to capture all what he's doing on my phone. The unlock service is pretty costly. About $99.99

Click to collapse



So how did it go bro?


----------



## Astr4y4L (Aug 31, 2017)

Praying for a new zone3....
Ready to get back to work...
Also going to need rooted testers for modded aboot soon


----------



## jazzdglass (Aug 31, 2017)

Astr4y4L said:


> So how did it go bro?

Click to collapse



Haven't paid for it. I still don't know much about the log stuff


----------



## chwang13 (Sep 1, 2017)

Astr4y4L said:


> Praying for a new zone3....
> Ready to get back to work...
> Also going to need rooted testers for modded aboot soon

Click to collapse



I wuld love to help/participate in your aboot testing, should I qualify as a candidate.


----------



## Astr4y4L (Sep 2, 2017)

*RE: aboot testing*



chwang13 said:


> I wuld love to help/participate in your aboot testing, should I qualify as a candidate.

Click to collapse



I will be looking for testers for the aboot mod soon.
I am still crawling through the code for the edit and string modifications. 
Soon as I have something that I believe will boot I will post a public link.
REQUIREMENT. ....
YOU MUST NOT. USE THE MOD ON YOUR DAILY DRIVER.
YOU MUST HAVE STABLE ROOT ON YOUR DEVICE. 
AND BE COMFORTABLE (or able to learn quickly)  WITH ADB AND FLASHING WITH LGUP
AND YOU'RE PROBABLY GOING TO GET A BRICK. 
BEING THE ABOOT IS PART OF BOOT CHAIN YOU WILL NOT RECOVER USING LGUP.(I think)

So if any one is still interested in testing this I will try to hopefully have the first link up this weekend. 
Thanks


----------



## Fixup (Sep 2, 2017)

Have you got GSM to work?

I tried these posted by motojunkie01:

telephony.lteOnCdmaDevice = 0
ro.telephony.default_network = 3
ro.telephony.gsm-routes-us-smsc = 0

Seems no effect on phones that came with PP8, downgraded to PP2 and root with Astr44y4L package (thank you!).


----------



## Astr4y4L (Sep 2, 2017)

*RE: gsm mod*



Fixup said:


> Have you got GSM to work?
> 
> I tried these posted by motojunkie01:
> 
> ...

Click to collapse



I have successfully hacked a lte data connection from zone3 using the above modification plus I disabled a few system apps "anything Verizon " and changed some network things like /system/etc/apns.xml and some stuff in /data/data/com.android.telephony

---------- Post added at 08:25 PM ---------- Previous post was at 08:22 PM ----------

That was on a cricket sim card
And I never got voice to work.
But its absolutely possible given research and determination that it will be coming soon


----------



## Astr4y4L (Sep 3, 2017)

Well. Ive been decompileing aboot all day scrapeing back and forth through the code.
We had hoped to re-enable our fastboot functionality and bypass  the the secure boot problems...
But its going to be a no go on fastboot as the appropriate code to call the functions simply are not written in the code as far as i can tell. But we may be able to beat secure boot still looking at relationships between aboot ,tz (trust-zone) and qualacoms qseecom and i also think a lot of what i found here in a securitypatch bullitin could apply .especially the vurlnerability in the qualcom bootloader

Give it a read 
https://source.android.com/security/bulletin/2016-08-01

And of course we would be able to change all kinds of fun and interesting things if we are executing arbatrary code during the bootprocess running under the context of the kernel its self... @MotoJunkie01 ,
If you remember which lg varient had success with the laf-nukeing fastboot thing please try to get a copy of the exploitable .tot or .kdz or the boot sbl1 sbl2 Tz and aboot partitions .
I dont think i can add fastboot back to aboot, sha256 hashes and all that... unless we can find lg's signing key...
But with a few hex edits i may figure out how to trick it into allowing the aboot from say a G2 or G3 OR SOMETHING !!!!!. Im still pulling my hair out on this one...lol
Too bad im not more knowledgable about codeing in pure assembly...
Uggg....


----------



## MotoJunkie01 (Sep 3, 2017)

Astr4y4L said:


> Well. Ive been decompileing aboot all day scrapeing back and forth through the code.
> We had hoped to re-enable our fastboot functionality and bypass the the secure boot problems...
> But its going to be a no go on fastboot as the appropriate code to call the functions simply are not written in the code as far as i can tell. But we may be able to beat secure boot still looking at relationships between aboot ,tz (trust-zone) and qualacoms qseecom and i also think a lot of what i found here in a securitypatch bullitin could apply .especially the vurlnerability in the qualcom bootloader
> 
> ...

Click to collapse



Great work. The G2 and G3, as I recall, were the two main devices susceptible to the eradication of the /laf partitions. True we may be able to flash an /aboot partition to the Zone 3 from a G2 or G3, depending on the similarities in the partition indexes, partition image sizes, etc. Hopefully sha256 checksums won't impede us there. I can get the /aboot partition images from both the G2 and G3, so I'll be digging through my archives for those.


----------



## Astr4y4L (Sep 3, 2017)

MotoJunkie01 said:


> Great work. The G2 and G3, as I recall, were the two main devices susceptible to the eradication of the /laf partitions. True we may be able to flash an /aboot partition to the Zone 3 from a G2 or G3, depending on the similarities in the partition indexes, partition image sizes, etc. Hopefully sha256 checksums won't impede us there. I can get the /aboot partition images from both the G2 and G3, so I'll be digging through my archives for those.

Click to collapse



Great , because my linux boxes identify this and the spree as lgg2 when i issued
# lsusb -v
And so that simply means it uses the same driver in linux...
But lg/qualcom are not going to go out of the way to change much of the base code like that between devices because they have to use the same software to program every device regardless of model... flagships included. So im hopeing they kind of got lazy and used basicly the same code between devices. Except that the newer models were patched against this very flaw...
But if we can replace the entire boot chain with that of a similar platform same SoC
Then maby it would work. We vould then only have to modify the end of the process so that it doesnt lokc up at booting /system ..
And i was reading about lokki and how it exploits things to get bootloader unlock....
(Still hammering on the moto g) so ive noticed that all the qualcom chipset devices are very simialar in how trustzone and boot processes work. 
I mean if they patched a problem in a wifi driver for instance it gets pushed to all the devices Ota. You can see evedince in build.prop.
So if a prior kernel was exploitable in aboot or something all we gotta do is find a way to replace our kernel or whatever with the older one and then exploit the krapp out of it..
Thats basicly how we got root now anyhow... then we flashed those images i made from dissecting pp7 and that stopped the boot loop, well long story short that might be how we do it .
Does anyone have the very first release of zone 3 software.?
Was it exploitable by zeroing /Laf ?


----------



## MotoJunkie01 (Sep 3, 2017)

Astr4y4L said:


> Great , because my linux boxes identify this and the spree as lgg2 when i issued
> # lsusb -v
> And so that simply means it uses the same driver in linux...
> But lg/qualcom are not going to go out of the way to change much of the base code like that between devices because they have to use the same software to program every device regardless of model... flagships included. So im hopeing they kind of got lazy and used basicly the same code between devices. Except that the newer models were patched against this very flaw...
> ...

Click to collapse



Yes, by simply zeroing /laf, here is what occurred: /laf, as you know, is Download Mode on most LG devices. So when you commence to boot into Download Mode, /aboot searches for the kernel within /laf. When /laf is zeroed, /aboot searches for the /laf kernel, and when it finds no kernel, fastboot mode is forced.


----------



## Astr4y4L (Sep 3, 2017)

MotoJunkie01 said:


> Yes, by simply zeroing /laf, here is what occurred: /laf, as you know, is Download Mode on most LG devices. So when you commence to boot into Download Mode, /aboot searches for the kernel within /laf. When /laf is zeroed, /aboot searches for the /laf kernel, and when it finds no kernel, fastboot mode is forced.

Click to collapse



And by looking at aboot  source c0de [LITTLE_KERNEL codearrora]
We know that the fastboot is a part of aboot [includes-fastboot.c] etc. ,
So when no kernel is found at offset [laf] it falls back to fastboot but exactly where is the kernel that fastboot is running on?
It aint in offset at laf as we zero'd that right?
And so far as i can tell aboot is an arm bianary program .... not a rom or kernel.
It doesnt have a ramdisk so does it point to fastboot running on the kernel and rdisk located in /boot.  And if so wouldent we need to modify boot and also bootbak or whatever to get the actual functions out of fastboot?
Its a lot of headache trying to sort it all out....
If anyone with rom porting experience wants to chime in id love to hear some feedback. We need to model our boot after that of the g2 and use our own partition index and stuff but its all a lot of guesswork and then trying to confirm our guesses...
So we need aboot to be modified to boot any boot instead of signed boot and im working out now how to edit that.....


----------



## Astr4y4L (Sep 4, 2017)

LOOKING FOR TESTER...
MODIFIED UNSECURE BOOT WITH ADBD INSECURE AND A FEW OTHER SMALL CHANGES

WARNING THIS MAY JUST BRICK YOUR DEVICE
I CANT TEST BECAUSE MY ZONE3 IS NOT FUNCTIONING  

PLEASE ONLY TRY THIS ON A THROW AWAY DEVELOPMENT DEVICE
I DO NOT KNOW WHAT IT WILL DO

But yep somebody please rooted using downgrade + Astr4y4L root method
download this file http://www.astrayalslanding.dynu.net/testing/Frankin_Boot.img
use the partition tool installed in the root process to restore this image to boot partition and afterwards see if we boot or if we die, and please let me know the results.
test adb root command  if we boot 
happy laborday weekend USA


----------



## troptard (Sep 4, 2017)

*zone 3 root*

Hey Motojunki01 and Astr4y4L

I confirm that your script to root and get rid of endless bootloops works.

Here are some typos in READ_ME.rtf that you may want to consider fixing:

1. adb install "rom-toolbox-lite-6-0-7-0"
".apk" is missing. Also this version of rom-toolbox-lite failed to install with an error "Failure [INSTALL_FAILED_DEXOPT]."
Installing the most recent version from GooglePlay worked fine.

2. kingroot requires many reboots. So be patient.

3. in mrw/root.sh

Line 23:
cat /data/local/tmp/mrw/busybox > /system/bin/busybox
->
cat /data/local/tmp/busybox > /system/bin/busybox

Lines 40-42
cat /data/local/tmp/mrw/su > /system/xbin/su
cat /data/local/tmp/mrw/su  > /system/xbin/daemonsu
cat /data/local/tmp/mrw/su  > /system/xbin/sugote
->
cat /data/local/tmp/su > /system/xbin/su
cat /data/local/tmp/su  > /system/xbin/daemonsu
cat /data/local/tmp/su  > /system/xbin/sugote

Line 79
pm install /data/local/tmp/mrw/Superuser.apk
->
pm install /data/local/tmp/Superuser.apk

4. The default location of Partitions Backup is the internal SD card. Change it to External  SD.

Everything worked. Keep up the good work. Now if only GSM were enabled.


----------



## Astr4y4L (Sep 4, 2017)

troptard said:


> Hey Motojunki01 and Astr4y4L
> 
> I confirm that your script to root and get rid of endless bootloops works.
> 
> ...

Click to collapse



Thats great im glad it worked for you ! You are right the readme was done in a hurry, and has had life on 2 different servers. There is a revised git version that im meaning to replace it with and the romtoolbox apk must have gotten corrupted in copying the orig. Package between servers back in the takedown of a month or so ago.
Thanks so much for your input as now i need to compare your notes to the revised version and make sure its all fixed.

about the gsm-DSU thing :
I think it is totally possible. I also believe it would be a million times easier to write an xposed module comparable to X teather that would fix this.
But alass im more of a hands on direct kind of guy and i dont know how to build any xposed module...
With a lot of try this&that i managed a data over lte connection using a Cricket sim card and the before mentioned prop edits but i also changed apns.xml file with that of a samsung galaxy amp2 (cricket phone) and modified all sorts of values in databases located in /data/data/com.android.providers.telephony or something like that. 
So as i can not directly tell you how to do it i can tell you where to look so you can help all of us figure it out  
see as of late iv decided that if @MotoJunkie01 and myself can figure out the boot processes associated with aboot and boot we can make TWRP possible and that would open the door for quick flashing our own ported rom [Frankin_Mod]
And if we flash a ported rom it can be a given that afterwards i can put any tmobile at&t verizon  or any gsm simcard that operates on the radios supported bands.
Now thats a discussion for @MotoJunkie01 he knows quite a bit more about that than i do [radio bands and all]
Thanks
Astr4y4L


----------



## Astr4y4L (Sep 5, 2017)

@MotoJunkie01
Hey Bro hacked lgup for all functions
One file to rule them all


----------



## MotoJunkie01 (Sep 5, 2017)

Astr4y4L said:


> @MotoJunkie01
> Hey Bro hacked lgup for all functions
> One file to rule them all

Click to collapse



Wow. Seriously? That's impressive stuff. If you don't mind, I'd like a beta release of your modded LG UP whenever it's convenient. Thank you and once again, great work ....


----------



## Astr4y4L (Sep 5, 2017)

MotoJunkie01 said:


> Wow. Seriously? That's impressive stuff. If you don't mind, I'd like a beta release of your modded LG UP whenever it's convenient. Thank you and once again, great work ....

Click to collapse



Hey Bro!
check your messages!

RE:LG_UP_YOURS 

and let us know how the method works for you 
still working out the unknown model comport bricks problem
an if i can please get that kdz for g2 i'll pull the aboot and compare them

---------- Post added at 07:58 PM ---------- Previous post was at 07:51 PM ----------




Astr4y4L said:


> @MotoJunkie01
> Hey Bro hacked lgup for all functions
> One file to rule them all

Click to collapse



Screenshots attached

---------- Post added at 08:00 PM ---------- Previous post was at 07:58 PM ----------

Im dumping all partitions on my bricked spree right now


---------- Post added at 08:02 PM ---------- Previous post was at 08:00 PM ----------

Or mmaby the screenshot didnt load...


----------



## MotoJunkie01 (Sep 5, 2017)

Astr4y4L said:


> Hey Bro!
> check your messages!
> 
> RE:LG_UP_YOURS
> ...

Click to collapse



Ok got it brother. I'll install it to my Windows laptop in a little bit.  I won't share the files with anybody, as you may want to actually publish this work or, at the least, post it in a donate-only development thread. This is quite an accomplishment. Thanks again.


----------



## Astr4y4L (Sep 5, 2017)

MotoJunkie01 said:


> Ok got it brother. I'll install it to my Windows laptop in a little bit.  I won't share the files with anybody, as you may want to actually publish this work or, at the least, post it in a donate-only development thread. This is quite an accomplishment. Thanks again.

Click to collapse



Now If only I had a Working Zone3 to play with the Phone Settings option. I believe thats how we enable LTE and GSM
along with proper edits to build.prop

yes I am trying to rebuild the LG_UP installer to add my file automatically but its a little more complicated then just adding my file to the damn msi installer apparently i need to add it in the Common folder in the other installer...

I am trying to figure out how to make it accept the bricks with (UNKNOWN) model on Com imput... then I can get like 2 or 3 zone3's going again...
also DO NOT USE THE (CHIP ERASE) OPTION IT KILLED THE SPREE COMPLEATELY
I am working out how that works to be able to (Chip_erase ) A phone and then flash alternate firmware... such as turning a zone3 into a Global K4...
but...
I Need A Device to work with...
AHHHHHH so frekin close!!!
and you may actually have to holler at me in a PM and explain the Donate-only Dev thread


----------



## Astr4y4L (Sep 9, 2017)

Ok so I'm Now working to try to get these bricks recognized by lg_flash_tool since it doesn't appear to care what model/device it has as long as it can see the port on Comm, it is a dumber version of lgup basically but uses the very same protocalls . I'm following along with a G5 unbrick scenario where they use several other tools to dig the needed files out of firmware but i've already accomplished that long ago, now I have an idea what these files can be used to do. my longest standing bug is the damn comm ports and stuff but i believe i've just learned a little trick with that so im waiting for the vs425pp2.dz i created over at the server to finish downloading and we'll see if i can finnally get flashtool working for that. if indeed i get this to work we'll have the ultimate toolbox for our devices.
i've successfully created a mod for lgup that auto-magically opens ALL options  that are supported for any version of lg-up tested on our lg_up store version and on earlier lg up DEV version too so i believe this mod is universal.
i'm going to get all my findings and the tools i use together with a good write-up with instructions for noob-friendly instillation and I will be releasing my tool_box package in 2 Stages.
 Stage 1 : first  6 xda users that reply (Reserved ) to this post will get my Beta_Release of Zone3_Toolbox.zip for testing and so someone else can post screen shots of success on installation and also see what all these goodies do 
Stage 2: Final Release Of  Zone3_Toolbox.zip will be moved to a new thread and at that time the file will only be available as a consolation for donations.

so if your following this thread as a regular and consider yourself a Hardcore Power_User or A Dev or A Tester Here's your chance to save hours of work trying to re-write software.
get it now


----------



## Astr4y4L (Sep 9, 2017)

@MotoJunkie01
UPDATE :
I HAVE JUST GOT BACK 3 OUT OF 5 BRICKS THAT I THOUGHT WERE UN-RECOVERABLE  !!!!
 THE 2 THAT CAN'T YET BE SAVED DO NOT GO TO DOWNLOAD MODE THEY ARE STUCK IN QHSU-BULK (QCOMM-MODEM) MODE
BUT ALL THREE THAT I HAVE BEEN COMPLETELY UNABLE TO RECOVER ARE NOW OPPERATIONAL .

I now have a working daily driver plus 2 for testing purposes .
soon as i have time to assemble the toolbox and instructions i'll PM you with it 
now i gots some rootin to do then i'm gonna play with Boot and Aboot somemore.
wow
i guess the LK bootloader or aboot or something has a really cool looking splash screen says Mini OS with arrows going up and down it was Kool !
the best part ...
I just saved a ton of money with Gieco
no but really, $26. a piece times 3 =$76.00
i consider that a good reward for my time spent banging my poor head on the wall!
Get your reservations now 6 beta copies will be sent out and then after we test everything , the customized tools will be for my friends who support my work with donations .
will be revisiting the zone3 root zip to add in the revised readme and fix a few things with the scripts.
WoW
Blew My F''kin Mind With This One


----------



## MotoJunkie01 (Sep 9, 2017)

I'm without words. Remarkable work brother! You persist daily in making headway for our Zone 3s. Guys, members if this thread, please help support the development of @Astr4y4L with any donations possible. He puts me endless hours and resources into this device. Even if it's only a buck or two, every little bit helps.


----------



## Astr4y4L (Sep 9, 2017)

*Update*



MotoJunkie01 said:


> I'm without words. Remarkable work brother! You persist daily in making headway for our Zone 3s. Guys, members if this thread, please help support the development of @Astr4y4L with any donations possible. He puts me endless hours and resources into this device. Even if it's only a buck or two, every little bit helps.

Click to collapse



Now have 4 out of 5 bricks fixed
Wooohoooo I'm on a frickin roll. !!!!


----------



## jazzdglass (Sep 10, 2017)

Astr4y4L said:


> Now have 4 out of 5 bricks fixed
> Wooohoooo I'm on a frickin roll. !!!!

Click to collapse



That's great! I can now mess with the build.prop all I want with no fear of brick?

How do I reserve a slot for the beta


----------



## Astr4y4L (Sep 10, 2017)

*Reserved*



jazzdglass said:


> That's great! I can now mess with the build.prop all I want with no fear of brick?
> 
> How do I reserve a slot for the beta

Click to collapse



You sir are now reserved.

And yes I believe as long as you can get to download mode
We can make this puppy do tricks.
Ya may Want to wait till I have instructions and the toolbox uploaded and ill pm u your link sir 
And that leavez 5 reservations left not counting @Motojunki01
He gets first download 

---------- Post added at 07:42 PM ---------- Previous post was at 07:39 PM ----------

I absolutely abhor autocorect


----------



## Astr4y4L (Sep 10, 2017)

I am currently compressing the archive
For upload its pretty large so I'm using 7zip
Since its reliable and free and windows...
Depending on time uploading to server the first download may be available tonight.
The beta release doesn't have every option. Available. 
But it does have more than the unmodded versions. Available
It includes several more options useful for unbricking
The things I deemed useful for rom development I am saveing for the donate package.


----------



## Astr4y4L (Sep 10, 2017)

Tried uploading through webbrowser lastnight and after running all night it only had half of the file so iv erased that and I'm setting up winscappy or some krap. To use sftp to upload instead its processing the files now...

---------- Post added at 10:32 AM ---------- Previous post was at 10:13 AM ----------

This file transfer is taking 4 and a half hours

---------- Post added at 10:39 AM ---------- Previous post was at 10:32 AM ----------

But seems stable.

Any who I'm going to try to write my modded boot to one of these zone3s and see if it will boot. Thinking I may just get secureboot error. But then wont know till we try. Going to try to force it by using lg up to flash the modded boot to the device using an option called partition download


----------



## Astr4y4L (Sep 11, 2017)

Ended with a toaster but ill recover it later.
Anyways
My beta toolbox is now available.
Please let me know how the files integrity turned out.
If needed ill put it on a thumbdrive and upload it from somewhere with a fast connection.  Mines a trickle


----------



## Astr4y4L (Sep 12, 2017)

@ MotoJunkie01
well Krap !!!!!!!!!!!!!!!!!!!!!!!!
Toasted again... I Have now an /aboot from zone3 thats compleatly patched to bypass sig. verification.
Thanks to @pvineeth97
 only problem is that aboot on the zone 3 is signed by LG so by patching , the size of the code changed and thus the Header + codesize + Cert = SHA hash for signed image has changed resulting in a Null-Boot state
so from our previous look into LittleKernel/aboot we know that the signature  (hash) is equal to
 Header + codesize + Cert 
I'm just thinking the only thing that has changed in our new modded aboot is the codesize
and that the extra few lines of code have increased overall codesize and thus changed the hash.
so the end of aboot is basically empty space ( a bunch of zeros) and I have to wonder if we could delete some of the zeros to make the code size match again and thus the Hash would be the same again?
and i'm sure @pvineeth97  would be very helpful with this endevor but he needs to be contacted on the Tele or on Whatsapp 
I  don't do watsapp and i contacted him over the tele but it ate my  longdistance allotment in the time it took to explain who i am..
SO,
does anyone know how to recover from the corrupted boot state?
all i've got on comport is 
qualcomm hsusb qdloader 9008
i'm trying to work out a method for flashing the whole boot chain to devices in this condition.

i'm looking at a program called QFIL
Qualcomm_Flash_Image_Loader_v2.0.0.5
but it requires something called firehose .mbn and several other files (rawprogram0.xml)
and partitions.txt or some krap.
does anyone want to help figure that out?

also looking at a LG tool called BoardDiag3.99c
but we would still need to create the required files and i'm burnt from reading about all these programs and what they require and trying to create it all from scratch...
ANY HELP WITH THIS PLEASE ANYONE WHO KNOWS ANYTHING ABOUT THESE PROGRAMS OR THE QDLOADER BOOT STATE PLEASE SPEAK UP
Thanks
Astr4y4L

https://forum.xda-developers.com/member.php?u=7045959


----------



## Cubcadetlover (Sep 12, 2017)

Astr4y4L said:


> Now If only I had a Working Zone3 to play with the Phone Settings option. I believe thats how we enable LTE and GSM
> along with proper edits to build.prop
> 
> yes I am trying to rebuild the LG_UP installer to add my file automatically but its a little more complicated then just adding my file to the damn msi installer apparently i need to add it in the Common folder in the other installer...
> ...

Click to collapse



I am not necessarily interested in the special access to the beta testing files, but I am thankful for your work. I tried clicking "Donate to me" under your name and ended up with a PayPal error. Are you sure the link is working?


----------



## Astr4y4L (Sep 12, 2017)

Cubcadetlover said:


> I am not necessarily interested in the special access to the beta testing files, but I am thankful for your work. I tried clicking "Donate to me" under your name and ended up with a PayPal error. Are you sure the link is working?

Click to collapse



Oh WOW THANKS FOR LETTING ME KNOW 

I Have fixed it I believe but just in case of button problems 
donate via paypall to

[email protected]

And thank you for your donations you guys that donate for my work are truely the Bread&Butter of my development carrier
And You Sir will get a pm with a link for my finished toolbox as soon as the beta test period is complete
and If you should need it it'll be there for you when you should decide download it
Thanks 
Astr4y4L

---------- Post added at 08:48 PM ---------- Previous post was at 08:28 PM ----------

Well I just got done negotiating with Qualcom about the Development Kit for Android MSM8909 (Snapdragon 210)
I believe the stuff they have at the chip manufacturer may be able to help with our various states of Krap
SO Now I'm Waiting to hear back from them regarding weather they will grant me further access to files and programs over there...
but anyways all that took quite a bit of blablabla so i'm done for today..
see you all tomarrow
Astr4y4L


----------



## Cubcadetlover (Sep 12, 2017)

Astr4y4L said:


> Oh WOW THANKS FOR LETTING ME KNOW
> 
> I Have fixed it I believe but just in case of button problems
> donate via paypall to
> ...

Click to collapse



Works now... Check your inbox for PayPal


----------



## Astr4y4L (Sep 12, 2017)

*Thanks !!!! For your your Donation. *



Cubcadetlover said:


> Works now... Check your inbox for PayPal

Click to collapse



Thanks so much I'll send you a link for the beta toolbox
Now and if you find yourself in trouble you'll have something to help get you out.  Godbless you!

I will continue to work on development for this device and afew others.
The Zone3 is my favorite for now. 
@MotoJunkie01
I am thinking maby I can work some magic with this patched aboot.
Now that I understand it. 
Going to check out this crazy github fork of openbump
The ripoff of @codefire 's work from a while back.
But it wont work as is...
Gonna have to be tested extensively ...
And reworked .....
Hmmmm....
Bootstrap ...


----------



## chwang13 (Sep 12, 2017)

Astr4y4L said:


> Ok so I'm Now working to try to get these bricks recognized by lg_flash_tool since it doesn't appear to care what model/device it has as long as it can see the port on Comm, it is a dumber version of lgup basically but uses the very same protocalls . I'm following along with a G5 unbrick scenario where they use several other tools to dig the needed files out of firmware but i've already accomplished that long ago, now I have an idea what these files can be used to do. my longest standing bug is the damn comm ports and stuff but i believe i've just learned a little trick with that so im waiting for the vs425pp2.dz i created over at the server to finish downloading and we'll see if i can finnally get flashtool working for that. if indeed i get this to work we'll have the ultimate toolbox for our devices.
> i've successfully created a mod for lgup that auto-magically opens ALL options  that are supported for any version of lg-up tested on our lg_up store version and on earlier lg up DEV version too so i believe this mod is universal.
> i'm going to get all my findings and the tools i use together with a good write-up with instructions for noob-friendly instillation and I will be releasing my tool_box package in 2 Stages.
> Stage 1 : first  6 xda users that reply (Reserved ) to this post will get my Beta_Release of Zone3_Toolbox.zip for testing and so someone else can post screen shots of success on installation and also see what all these goodies do
> ...

Click to collapse



is there still available seat to test zone 3 toolbox?  thanks


----------



## Astr4y4L (Sep 12, 2017)

*Reserved*



chwang13 said:


> is there still available seat to test zone 3 toolbox?  thanks

Click to collapse



Check your pm's in 3


----------



## Astr4y4L (Sep 12, 2017)

Great news 
Team Astr4y4L is collaborating with a team of custom rom builders to work on the zone3

---------- Post added at 04:28 PM ---------- Previous post was at 04:25 PM ----------

Could mean custom rom with OTA update support Too ! Its being discussed.


----------



## Cubcadetlover (Sep 13, 2017)

Astr4y4L said:


> Great news
> Team Astr4y4L is collaborating with a team of custom rom builders to work on the zone3
> 
> ---------- Post added at 04:28 PM ---------- Previous post was at 04:25 PM ----------
> ...

Click to collapse




Great news... As I said in my PM, unfortunately all my devices seem to require VS425PP5+ due to the graphics driver issue... Touch works ok, but something is definitely wrong with the display. Will be great to have a custom image of the later versions.

For reference... https://forum.xda-developers.com/showpost.php?p=70511076&postcount=102


----------



## Astr4y4L (Sep 13, 2017)

*I have an idea*



Cubcadetlover said:


> Great news... As I said in my PM, unfortunately all my devices seem to require VS425PP5+ due to the graphics driver issue... Touch works ok, but something is definitely wrong with the display. Will be great to have a custom image of the later versions.
> 
> For reference... https://forum.xda-developers.com/showpost.php?p=70511076&postcount=102

Click to collapse



Possibly we can flash a pre rooted pp7 system.img
Useing lgup ill try to hook that up


----------



## Astr4y4L (Sep 13, 2017)

Pp7 pre rooted + busybox
Flash with lgup partition download option 
link removed
it didn't work that time but i'm still banging at it...

---------- Post added at 04:28 AM ---------- Previous post was at 04:27 AM ----------

Flash after lgup refurbish option with fresh pp7 .kdz

---------- Post added at 04:28 AM ---------- Previous post was at 04:28 AM ----------

Note untested


----------



## Cubcadetlover (Sep 13, 2017)

Astr4y4L said:


> Pp7 pre rooted + busybox
> Flash with lgup partition download option
> 
> http://astrayalslanding.dynu.net/tool/prerooted_pp7_system.img
> ...

Click to collapse



Been playing with this all day at work. Newb questions....

I flashed with LGUP to the standard PP7 file. Easy peasy... 

Installed LG Flash... Connected to model "Common" with S/W ver "prerooted_pp7_system". COM Port 41 shows Ready / Disconnect device and waiting for connection...

How do I *properly* get it into download mode for LG Flash to see? I tried power/Vol+ and power/Vol- with the cable. Only way I can get it back into download mode is to interrupt the LGUP


----------



## Astr4y4L (Sep 13, 2017)

*Lgflash*



Cubcadetlover said:


> Been playing with this all day at work. Newb questions....
> 
> I flashed with LGUP to the standard PP7 file. Easy peasy...
> 
> ...

Click to collapse



Go to searchbox by start button .
Type device manager...open that.
Boot fone into download.. vol-down + plugin usb holding vol-down
Look back to dev. Manager under coms&ports
Rightclick the lge-blablabla
Click properties
Click advanced
Bottom left of advanced settings box says
Port (somenumber) .....  click that 
Scroll it down to port 41 or anything between 41 and 45 whatevers not marked as used
Unplug usb
Restart lgflash click the correct options
Click start top left
Funny lookin arrow.
Plug device back in
And watch the box for which ever com port number u selected
And flash...

All that said there's a much easier way using the modded lgup from my toolbox
I realize its 2 gigs to grab the whole thing but if u want I can help u get only the modded lgup... and explain how to make that work.


----------



## Astr4y4L (Sep 14, 2017)

@MotoJunkie01
ok so i found an easier way to fix the bootloop problem without even having to root the device 
I am betting this will fix our issue with the pp5 devices too...
I'm Hoping @Cubcadetlover will be my willing test subject...
MWAAAHHAAAHAA !!!!
but really think I got the fix
and don't bother with the prerooted system i posted it led to the dead little android guy

soon as I get a tester on a pp5 device to confirm i'll release it to the public
it's good to get around things  

---------- Post added at 07:07 PM ---------- Previous post was at 07:04 PM ----------




Cubcadetlover said:


> Been playing with this all day at work. Newb questions....
> 
> I flashed with LGUP to the standard PP7 file. Easy peasy...
> 
> ...

Click to collapse




don't use flash tool unless lgup says the dreaded [unknown-model]


----------



## Astr4y4L (Sep 14, 2017)

*use this*



Astr4y4L said:


> @motojunki01
> ok so i found an easier way to fix the bootloop problem without even having to root the device
> I am betting this will fix our issue with the pp5 devices too...
> I'm Hoping @Cubcadetlover will be my willing test subject...
> ...

Click to collapse





use this

use this in your lgup Common folder
its a few different options than what your used to seeing but it's not all the options that are available...
the spc code is six zero's


----------



## Cubcadetlover (Sep 14, 2017)

Astr4y4L said:


> @MotoJunkie01
> ok so i found an easier way to fix the bootloop problem without even having to root the device
> I am betting this will fix our issue with the pp5 devices too...
> I'm Hoping @Cubcadetlover will be my willing test subject...
> ...

Click to collapse



I can confirm now that I was able to finally boot into PP2 with working graphics... The status still says "official". 

Now off to try to root the device now that I have gotten this far.


----------



## Astr4y4L (Sep 14, 2017)

Working. On method to flash root with existing tools

---------- Post added at 10:57 AM ---------- Previous post was at 10:49 AM ----------

Testing a prerooted pp7 img now....
Its flashing....

---------- Post added at 10:58 AM ---------- Previous post was at 10:57 AM ----------

Rebooting..
We see no boot loop and its booting.....

---------- Post added at 11:00 AM ---------- Previous post was at 10:58 AM ----------

weird it went through the motions yet didn't take...
All my kraps are still there...
Lol

---------- Post added at 11:01 AM ---------- Previous post was at 11:00 AM ----------

Trying again after a refurbish to pp7...

---------- Post added at 11:10 AM ---------- Previous post was at 11:05 AM ----------

Rebooting ....
Android updated guy...
Reboot and booting....
Wait to see if I have pp7 rooted.
Android is starting....
well this ging to take a bit.
Worst part getting through the stupid setup wizard and krap.
We shall see in a bit what exactly I've done to it

---------- Post added at 11:17 AM ---------- Previous post was at 11:10 AM ----------

Well its going through all its bullkrap.
Wanna disable that but these things are so finicky I don't want to mess it up


----------



## Astr4y4L (Sep 14, 2017)

I believe I may have rooted pp7
The binaries are in place had go back and change ownership and permissions ...
Duh.
But I'm bout to see now....
Trying again

---------- Post added at 01:57 PM ---------- Previous post was at 01:48 PM ----------

Ok here we go....
Processing now


----------



## Cubcadetlover (Sep 14, 2017)

Astr4y4L said:


> I believe I may have rooted pp7
> The binaries are in place had go back and change ownership and permissions ...
> Duh.
> But I'm bout to see now....
> ...

Click to collapse



*chmod -R 777 **

works every time...


----------



## Astr4y4L (Sep 14, 2017)

755 and
Chown. 2000:2000
(Shell :shell)

---------- Post added at 02:07 PM ---------- Previous post was at 02:07 PM ----------

It's booting and gotta setup krapps
Lol

---------- Post added at 02:36 PM ---------- Previous post was at 02:07 PM ----------

Well went and fixed permission
Also made copy and added Superuser.apk to system app.
So I'm going to try both flavors ...
Ill be back.


----------



## Cubcadetlover (Sep 14, 2017)

Astr4y4L said:


> 755 and
> Chown. 2000:2000
> (Shell :shell)
> 
> ...

Click to collapse



Awesome progress... Looking forward to test the progress. 

Was (half) joking about the previous chown comment... Works for me every time


----------



## MotoJunkie01 (Sep 14, 2017)

Sorry @Astr4y4L. Been out of town as usual for work. Storms here have damaged several cell towers and I've been working overtime on the many repairs. Haven't been on XDA much but it looks like you're making copious headway as usual. I hope to be back soon. Thanks for keeping this project up to speed.


----------



## Astr4y4L (Sep 15, 2017)

.....
It...
.......didn't ......
!................work.
.

---------- Post added at 07:54 PM ---------- Previous post was at 07:46 PM ----------

New idea but I. Don't have time to try..

Somebody download my stock pp7 system.img make 2 copies and run #1 through android kitchen on linux. Not a virtual machine ...
Then mount both #2 stock image 
And #1 cooked image. On loop
open both in file manager.
Delete all folders and files from stock 
Copy and past in all folders from cooked and presto we would have stock signed img containing cooked content...
Anybody wanna try I'll link up the stock pp7 system.img
Thanks

---------- Post added at 08:18 PM ---------- Previous post was at 07:54 PM ----------

Here's a pp7 system image to start with

http://www.astrayalslanding.dynu.net/testing/system.img


----------



## Astr4y4L (Sep 15, 2017)

@MotoJunkie01
Think u can jazz up this system. Img ?


----------



## Cubcadetlover (Sep 15, 2017)

Astr4y4L said:


> New idea but I. Don't have time to try..
> 
> Somebody download my stock pp7 system.img make 2 copies and run #1 through android kitchen on linux. Not a virtual machine ...
> Then mount both #2 stock image
> ...

Click to collapse



Apologizing first... I am the newb here.... All new tools to me and running for first time.

Found Archikitchen and downloaded your system.img. It started asking for the boot.img, which I didn't have.

Downloaded KDZ tools* and extracted the required images from the stock PP7.

When I ran both against Archi, mine mounted and yours just errored out. dmesg output below from Debian*.  Noticed that my source system image file is a lot larger than yours (by 160MB). Not sure why.

Any pointers for me to (try to) help out next?

Notes
* https://github.com/ehem/kdztools
* [2109325.940509] EXT4-fs (loop0): bad geometry: block count 528384 exceeds size of device (488992 blocks)


----------



## Astr4y4L (Sep 15, 2017)

Hmmmm. I use that toolset but if I remember right I had to run it through python and then correct the script by changing the line where it expected a header for g2 firmwares. And hardcoded the header from our firmware into that script ....
For the kitchen ...
Use this one 
https://forum.xda-developers.com/showthread.php?t=633246

I think it gives the option to fake a boot img
We cannot use a cooked boot img at this time I'll check my image  linked yesterday. But I know the system.img should be 2.2. Gb
In size. If your's is significantly smaller or larger something is terribly wrong in your tools setup. Debian is great. I've had more success manipulating these things useing a Debian  based security distro called Parrot os
Don't know why but its better.

https://www.parrotsec.org

But yep that should get ya started
Anymore issues let me know. We'll see how we can work around it.

---------- Post added at 09:56 AM ---------- Previous post was at 09:54 AM ----------

And I wish u luck Jedi
May your success benefit us all


----------



## coco_84 (Sep 15, 2017)

Place ppl Loll l TV umpteenth


----------



## Astr4y4L (Sep 15, 2017)

Hmmmmm.....





coco_84 said:


> Place ppl Loll l TV umpteenth

Click to collapse





I am absolutely unsure what this means ....
If you need assistance please state your problem precisely
Thanks
Astr4y4L

---------- Post added at 01:34 PM ---------- Previous post was at 01:23 PM ----------




Cubcadetlover said:


> Apologizing first... I am the newb here.... All new tools to me and running for first time.
> 
> Found Archikitchen and downloaded your system.img. It started asking for the boot.img, which I didn't have.
> 
> ...

Click to collapse



I linked wrong image 
Hey the copy of kdztools here are confirmed working
http://www.astrayalslanding.dynu.net/kdztools


----------



## Astr4y4L (Sep 15, 2017)

@Cubcadetlover
Sry bout the other link.
Try this for pp7. System partition

http://www.astrayalslanding.dynu.net/testing

Be sure your files are apropriate in size
Use this to mount them
[  mount  -t ext4 -o loop system.image /mnt/tmp ]
Do the same for cooked copy except we make a new tmp to mount on
[ mkdir /mnt/tmp2 ]
[ mount -t ext4 -o loop cookedsystem.img /mnt/tmp2 ]
Then open mnt tmp and mnt tmp2 in filemanager perform operations
close all things when done .
[ umount /mnt/tmp ]
[ umount /mnt/tmp2 ]
[ rm -rf cookedsystem.img ]
And flash resulting system image

---------- Post added at 02:41 PM ---------- Previous post was at 02:34 PM ----------

You may ofcourse need to adjust the commands above to reflect your file names


----------



## Cubcadetlover (Sep 16, 2017)

Astr4y4L said:


> @Cubcadetlover
> Sry bout the other link.
> Try this for pp7. System partition
> 
> ...

Click to collapse



More newb questions... Enjoying learning the process

- Ran the Android-Kitchen scripts and output a zip file, could not find an image file (even though I renamed the ROM in the menu)
- What the benefit of copying the cooked ROM/zip contents to the original system image? Wouldn't this invalidate even a very simple checksum check?


----------



## Astr4y4L (Sep 16, 2017)

*Nope*



Cubcadetlover said:


> More newb questions... Enjoying learning the process
> 
> - Ran the Android-Kitchen scripts and output a zip file, could not find an image file (even though I renamed the ROM in the menu)
> - What the benefit of copying the cooked ROM/zip contents to the original system image? Wouldn't this invalidate even a very simple checksum check?

Click to collapse



The system is a signed image but by replacing the content of said image you get a factory signed image file with modified contents.  Meaning it should boot

---------- Post added at 11:43 PM ---------- Previous post was at 11:37 PM ----------

The cooked rom will be a zip file contains folders and an update binary. Something for flashing from twrp or cwm recovery ...
But open update binary as a text file ...
Its really a shell script ... try to follow it..
Says whaat gos where and permissions and all


----------



## CorrySand (Sep 16, 2017)

*Hey*

Hello!
Yay!!! I can also confirm another successfully rooted Zone 3. Thanks so much for the info and the write-up!!!! I'm so excited hopeful for what else is possible. The whole process went fairly smoothly considering that I'm a noob at this. Next i'd like to get this device to work with a Truconnect/(T-MOBILE network) SIM. I've been reading all the posts and have done the steps below provided by MotoJunkie01 to modify the build.prop file and renaming the vzw*.apk files. But I'm not sure about the node.db files, etc and whatever else that needs to be configured. I guess at this point I should express my gratitude for the excellent work that's been done and seek help on making this phone work with other carrier SIMs. Any help on this is is much appreciated..


----------



## Astr4y4L (Sep 16, 2017)

CorrySand said:


> Hello!
> Yay!!! I can also confirm another successfully rooted Zone 3. Thanks so much for the info and the write-up!!!! I'm so excited hopeful for what else is possible. The whole process went fairly smoothly considering that I'm a noob at this. Next i'd like to get this device to work with a Truconnect/(T-MOBILE network) SIM. I've been reading all the posts and have done the steps below provided by MotoJunkie01 to modify the build.prop file and renaming the vzw*.apk files. But I'm not sure about the node.db files, etc and whatever else that needs to be configured. I guess at this point I should express my gratitude for the excellent work that's been done and seek help on making this phone work with other carrier SIMs. Any help on this is is much appreciated..

Click to collapse



Congrats on rooting your first zone3 and welcome to our thread on xda 
As for the sim thing  thats what I was initially after also.
I successfully got the data over LTE on a cricket sim by changing those things u mentioned and by messing with the data data com.android.providers.telephony .db files also swapped my system etc apns.xml with one from a cricket phone but never did work out volte. And without abilities to make voice calls it was useless too me and so I abandoned the idea. At that time we had to be very careful about changing build.prop because it led to  bricks with unknown model. In lgup but with the advances we've made it is possible to recover from even that as long as u can still get to download mode.
So I hope that you have success in your endevor.
And if you do figure it out please share the details with us here.
Thanks
Astr4y4L

---------- Post added at 09:58 AM ---------- Previous post was at 09:14 AM ----------

Also, if u grab the publicgift file I linked a page back or there about.  I noticed when I plug the fone in in regular booted mode and hit the phone settings option on lgup then click read bottom left of phone setting lgup menu and I noticed the option to change the bands (lte evdo etc ) and place to set all that network stuff ... just think that it might open up our lte and network sim options.
 if someone can figure out what all that stuff means id be very grateful.  
I've been too busy as of late to mess with it.
 I truly wish my friend. @MotoJunkie01
Would shed light on this. He was successful in our sister phone the rebel with simunlocking and changing carriers sims...
@MotoJunkie01 what do u say Bro can you shed some light?


Also want to site verisons own policy on that issue ..
I remember reading that after 3 months of prepaid service your device becomes able to be unlocked with the regular methods...
I imagine there's a process to request the code or something. I went through this with the cricket spree also... but bricked it before getting the code back. If I remember correctly it has something to do with imie number too
On back of box it says 1 year.... so hmmmm.
Check out
http://vzw.com/prepaidunlockingpolicy
For details ....
That means to me its absolutely possible we can crack this functionality from our phones

---------- Post added at 11:05 AM ---------- Previous post was at 10:54 AM ----------

Oh wow just read the policy and its a year or $100 in payments which ever comes first...
I suggest paying for the $50 a month plan two months in a row then call Verizon and tell them u intend to continue useing Verizon. But want to be able to swap sim cards when you are going to (insert place here) and argue the point with the sales person that yhe policy clearly states that u can.
And they will try to say a year but you say
No I payed my money $50 a month for 2 months and policy states $100 or a year....

Of course this don't work if you've modified your device so go stock first...


---------- Post added at 11:47 AM ---------- Previous post was at 11:05 AM ----------

Hmmm ....
Maby flash to pp2 refuse updates call Verizon do the unlock procedure. And dump the unlocked phone so we have an unlocked flashable ....
Interesting idea....


----------



## Astr4y4L (Sep 17, 2017)

@MotoJunkie01
We have issues with custom rom because of bootloader but why can't we make a partition and chroot to a custom rom?
It works for linux on android and iv seen androidx86 but why could we not chroot to a custom android os?


----------



## Astr4y4L (Sep 17, 2017)

Well if nothing else I'm going to go through the motions with Verizon and see if I can get one of these unlocked I've paid my dues and since I got multiples I should logically try to get one unlocked ....
We shall see how it go's


----------



## MotoJunkie01 (Sep 17, 2017)

Astr4y4L said:


> Well if nothing else I'm going to go through the motions with Verizon and see if I can get one of these unlocked I've paid my dues and since I got multiples I should logically try to get one unlocked ....
> We shall see how it go's

Click to collapse



Hello brother. I've got to get caught up on here because you guys are way ahead of me. Haha. Custom ROM? Wow I've really got to get up to speed here.


----------



## Astr4y4L (Sep 17, 2017)

MotoJunkie01 said:


> Hello brother. I've got to get caught up on here because you guys are way ahead of me. Haha. Custom ROM? Wow I've really got to get up to speed here.

Click to collapse



Yep. But issues abound.  We got aboot patched. Problems with signed image. So no boot. But iv successfully placed busybox and su binaries inside of xbin on a pp7 image and then flashed it ... it booted but supersu could not (see) them although when I run ls -l /system/xbin
Its listed right there.
so I know that we can mod out system. And flash it using lgup.
But I don't know enough about supersu and such to get past selinix.
How to kill selinux? Got access to any file...
I am wanting to try SuperR's kitchen but I'm inbetween operating systems at the moment.  Net installation blues


----------



## Astr4y4L (Sep 17, 2017)

MotoJunkie01 said:


> Hello brother. I've got to get caught up on here because you guys are way ahead of me. Haha. Custom ROM? Wow I've really got to get up to speed here.

Click to collapse



Not so far... still only got modified stock to boot
can't get past selinux to get supersu to see binaries placed in xbin


----------



## Astr4y4L (Sep 17, 2017)

Well I was just reading @Chainfires write up on supersu and iv realized my mistake ...
Will try again once I've got working os on my laptop ...


----------



## Astr4y4L (Sep 18, 2017)

Anyone know if lgup works in Ubuntu with wine?


----------



## Astr4y4L (Sep 18, 2017)

gosh dang it isn't working.
yet....


----------



## LilAnt530 (Sep 18, 2017)

Hey guys I have a vs425pp & need help going from pp8 to pp2 as i did experience the bootloop issues, & succeeded in flashing pp8 getting to the start up screen, pulling the battery, reflashing pp2 & making it thru the setup, however upon attempting to root with KingRoot it bootlooped again


----------



## Astr4y4L (Sep 18, 2017)

*How*



LilAnt530 said:


> Hey guys I have a vs425pp & need help going from pp8 to pp2 as i did experience the bootloop issues, & succeeded in flashing pp8 getting to the start up screen, pulling the battery, reflashing pp2 & making it thru the setup, however upon attempting to root with KingRoot it bootlooped again

Click to collapse



Kingroot is fickle ... it does that ...
Try this. rightclick the lgup and open file location
Download this
https://forum.xda-developers.com/attachment.php?attachmentid=4271808&d=1505348345
Unzip put UIconfig in Common folder of lgup
Set permissions read-only
Restart lgup as an administrator
Choose refurbish to pp2.kdz
When its done and starts bootlooping pull battery go back to download mode restart lgup as admin
Use partition download option lgup and choose the pp7 kdz
Click start and u get a box asking what partitions..
Click to check these partitions
Modem
Modemst1
Modemst2
Ssd
Fsg
Click to continue and then reboot
You should be pp2 with the pp7 radio.
It shouldn't bootloop anymore so try king root again after all that 
Goodluck
Astr4y4L


----------



## LilAnt530 (Sep 18, 2017)

Astr4y4L said:


> Kingroot is fickle ... it does that ...
> Try this. rightclick the lgup and open file location
> Download this
> https://forum.xda-developers.com/attachment.php?attachmentid=4271808&d=1505348345
> ...

Click to collapse




Holy Honeycomb!


That sounds like an epic process!. I've already invested data in the pp2 & pp8 firmwares, screw it might as well get the pp7 as well & let it rip XD. Thank you for the response as I couldn't keep skimming this thread until it worked lol.

While I'm here, I also have an LG Rebel with identical specs & it goes into the same generic download mode as the zone 3, so am I going to have issues flashing zone 3 firmware onto what is essentially a zone 3 refurb? ,

Again thanks for responding! These prepays are always fun to tinker with


----------



## Astr4y4L (Sep 18, 2017)

LilAnt530 said:


> Holy Honeycomb!
> 
> 
> That sounds like an epic process!. I've already invested data in the pp2 & pp8 firmwares, screw it might as well get the pp7 as well & let it rip XD. Thank you for the response as I couldn't keep skimming this thread until it worked lol.
> ...

Click to collapse



Honestly I don't know about the rebel but I would recommend a nand dump first unless you have factory firmware for it


----------



## LilAnt530 (Sep 18, 2017)

Astr4y4L said:


> Honestly I don't know about the rebel but I would recommend a nand dump first unless you have factory firmware for it

Click to collapse



In the phone settings, & on the back of the device, the FCC ID for the LG Rebel is VS425PP, & it's quite literally a TracFone refurbished VZW device, so i got the thing for free I'm going to try that flash as well later on today & see if it turns out, if not oh well.

By the way I downloaded pp7 & tried your steps, thank you again! Cheers mate!


----------



## Astr4y4L (Sep 18, 2017)

*Did it work for u?*



LilAnt530 said:


> In the phone settings, & on the back of the device, the FCC ID for the LG Rebel is VS425PP, & it's quite literally a TracFone refurbished VZW device, so i got the thing for free I'm going to try that flash as well later on today & see if it turns out, if not oh well.
> 
> By the way I downloaded pp7 & tried your steps, thank you again! Cheers mate!

Click to collapse



I'm glad things worked out for you id like a nand dump of the rebel to see if I can flash it to verizon zone3
I want to use cricket/at&t I believe trackfone is a subsidy of att...


----------



## LilAnt530 (Sep 18, 2017)

Astr4y4L said:


> I'm glad things worked out for you id like a nand dump of the rebel to see if I can flash it to verizon zone3
> I want to use cricket/at&t I believe trackfone is a subsidy of att...

Click to collapse



PM me as I will most likely need help making a backup, & TracFone is a subsidiary of Walmart unfortunately, but I've noticed they're basically all network unlocked it just depends on which side of the refurb bin you get really.
For example i lived in Alaska and all of the towers there were owned by GCI, & AT&T paid royalties to use those towers, in turn every TracFone device would be AT&T compatible.
But I now live in Northern California where TracFone is bouncing off of Verizon Towers, which means my Verizon 4G LTE works in my Straight Talk ZTE Majesty Pro device (thanks to Cell Tower Monopoly rings)


----------



## Astr4y4L (Sep 18, 2017)

*that's kool*



LilAnt530 said:


> PM me as I will most likely need help making a backup, & TracFone is a subsidiary of Walmart unfortunately, but I've noticed they're basically all network unlocked it just depends on which side of the refurb bin you get really.
> For example i lived in Alaska and all of the towers there were owned by GCI, & AT&T paid royalties to use those towers, in turn every TracFone device would be AT&T compatible.
> But I now live in Northern California where TracFone is bouncing off of Verizon Towers, which means my Verizon 4G LTE works in my Straight Talk ZTE Majesty Pro device (thanks to Cell Tower Monopoly rings)

Click to collapse



I think we can use one of my lgup mods to get full dump of the phone.


----------



## LilAnt530 (Sep 19, 2017)

Astr4y4L said:


> I think we can use one of my lgup mods to get full dump of the phone.

Click to collapse




Let's do this bro! I have ALOT of LG and other prepay devices, some bricked some aren't.

I have a fairly extensive knowledge on Android devices, mostly Samsung and LG in terms of the ones I could manage to root that is xD.


----------



## Astr4y4L (Sep 19, 2017)

*Lets Get Cracking !*



LilAnt530 said:


> Let's do this bro! I have ALOT of LG and other prepay devices, some bricked some aren't.
> 
> I have a fairly extensive knowledge on Android devices, mostly Samsung and LG in terms of the ones I could manage to root that is xD.

Click to collapse



Ok Bro ! I Can Set you up with a copy of my toolbox.
it's got a write up on what go's where and best of all it has modified_LGUP .  "way more modified than what I've let out " I can Help You along the way and If you benefit directly from all my work I do accept donations via paypal and have even been known to perform remote jail_breaks/Android_Roots for those generous enough to donate a few bucks 
But yes sir please check your PM's I'm sending you something.


----------



## Cubcadetlover (Sep 20, 2017)

You guys are getting beyond my abilities  but I can confirm that @Astr4y4L has good stuff. His tools got me to a PP2/PP7 hybrid for something I was working on...

Just a matter of time before this is wide open.


----------



## Astr4y4L (Sep 20, 2017)

*Hows the farm *



Cubcadetlover said:


> You guys are getting beyond my abilities  but I can confirm that @Astr4y4L has good stuff. His tools got me to a PP2/PP7 hybrid for something I was working on...
> 
> Just a matter of time before this is wide open.

Click to collapse



I Trust u made it past the Kingroot bullkrap?
I've been busy, took a second job cause we broke...
But I am working on adding root to a pp7 stock img.
I'm very close got it to boot and see binaries but couldn't access the...
And now I got one that I believe world have worked but I believe I got the links in the folder structure wrong...and it hangs on the red Verizon screen ...
So won't be long hopefully ... maby someone with more custom rom experience. Could chime in on manually adding su and superuser...
Then we would have a foolproof way to root every zone3


----------



## Astr4y4L (Sep 20, 2017)

@LilAnt530
Is lg up saying unknown model with the rebel?
Or it doesn't see it at all?
if it sees nothing, go to device manager, plug in in dl mode , look in coms&ports it should have lg some blabla 
Right click that go to properties look for ADVANCED. click that and on thE left side is a check box Port Some number.
Click that and set it to port 2-13 any one that doesn't say (used) next to it .
Close all that restart lgup (run as admin)
See if he sees the rebel then.
Let me know how it go's


----------



## Astr4y4L (Sep 23, 2017)

Am I the only one still working on this stuff?
Been away. Wife had emergency surgery.
She going to be ok but I'm screwed on the bills...
So still going to be quite busy but is anyone else even following the thread?


----------



## Astr4y4L (Sep 23, 2017)

*Big Update. Lgup flashable root*



Astr4y4L said:


> Am I the only one still working on this stuff?
> Been away. Wife had emergency surgery.
> She going to be ok but I'm screwed on the bills...
> So still going to be quite busy but is anyone else even following the thread?

Click to collapse



@MotoJunkie01
Well I got it figured out and as soon as I have enough time 
I will have a new quickroot package.  
SuperSu. And busybox out of the box.
No more kingroot BS.  Fixes all issues from the pp5 
Graphic problems. 
Does require a full factory reset after performing ..
Sorry guys this will wipe your device. 
But after factory reset. You start out with SuperSu 
And installed busybox. 
You must quickly disable software updates 
Apps. I used romtoolbox lite available on google play 
Everything seems to work smoothly. In fact im posting from the test device now.
Best of all is universal,  and. Totally neewb friendly.
Just don't deviate. 
This will be available soon for 3 of you guys to test .
I need feedback 
After that its going to be available as a gift for $20 donations. 
The way I see it sure you could save $20 bucks and follow the thread here and probably get rooted but this saves you 
Days of endless bootloops and fighting with kingroot
And best of all you don't have to burn out 6 or 7 devices to work out the method.
So 

Xda I need 3 testers. Soon who is it going to be?


----------



## Cubcadetlover (Sep 23, 2017)

Astr4y4L said:


> Am I the only one still working on this stuff?
> Been away. Wife had emergency surgery.
> She going to be ok but I'm screwed on the bills...
> So still going to be quite busy but is anyone else even following the thread?

Click to collapse



Family takes priority over most things including this... Lets hope she has a speedy recovery.

I've not had a lot of time to tinker with work. If you are able to work something out and need testing, I will certainly make it a priority to test.

Never did root the hybrid phone... Just never would go... Probably my issue.

---------- Post added at 12:42 AM ---------- Previous post was at 12:39 AM ----------




Astr4y4L said:


> Xda I need 3 testers. Soon who is it going to be?

Click to collapse




Didn't see your note until my after my last post... I've got 11 of these things I want to root...  Mostly P5 and maybe a P4 or 2.


----------



## Astr4y4L (Sep 23, 2017)

*Well alrighty then nevermind 3 testers I've got this guy*



Cubcadetlover said:


> Family takes priority over most things including this... Lets hope she has a speedy recovery.
> 
> I've not had a lot of time to tinker with work. If you are able to work something out and need testing, I will certainly make it a priority to test.
> 
> ...

Click to collapse



Well awsome ! 
I can make it super easy.
Im going to help you and maby you can help me.
Takeing care of the wife after surgery pluss 3 kids 1 of wich is a year old this month is keeping me from work at my regular 8-5 job.
Now i have bills to pay and no money comeing in till i get back to work.
I NEED donations at this time .
Tomarrow im going to plug you in to my new kit
And walkyou through it to make sure there's no hiccups
You will root every zone3 you have thats already in working order... all models.
Iv taken down the server... development on this is over...

Im not asking yOu for a donation because you were the first to donate. I Will Do It For U.
If you get 6 or 7 perfect rooted devices from this and feel generious and donate for this particular work thats great but if not i understand.
What I am going to ask from you when we are done is for you to please give xda an honest review of the work iv created in the package.
And to rate it so that others who want to can pay for a
Super easy way out.
Thanks
Team_Astr4y4L


----------



## Astr4y4L (Sep 23, 2017)

*Almost finished uploading*

Are you ready?


----------



## Cubcadetlover (Sep 23, 2017)

Astr4y4L said:


> Are you ready?

Click to collapse



Back home in the drivers seat.


----------



## Astr4y4L (Sep 23, 2017)

Cubcadetlover said:


> Back home in the drivers seat.

Click to collapse




Check your PM
but don't download yet till I let ya know or you'll get a partial file

:good:
:laugh::victory::silly:


----------



## Astr4y4L (Sep 23, 2017)

Well figured it out was problem with stupid mobile hotspot...

ETA 3 Hrs 6 Min.s
Hopefully no more problems ....


----------



## Astr4y4L (Sep 24, 2017)

New ETA

1 Hr  22 Min

---------- Post added at 06:34 PM ---------- Previous post was at 06:05 PM ----------

Now ETA
45 Min

---------- Post added at 07:23 PM ---------- Previous post was at 06:34 PM ----------

fuuuuuk
Just restart again....
Moved to local Linux machine and push with rsync
Now at 9% @Cubcadetlover
Will u be up for a bit tonight?
We can run through this at some point tonight. ..
Oh and fuuuuuuk windows 
Rsync ssh over ssh tunneled openVPN 
Moving much better now 
Hopefully rsync will keep going if connections reset...

---------- Post added at 07:29 PM ---------- Previous post was at 07:23 PM ----------

fuuuuuk
Just restart again....
Moved to local Linux machine and push with rsync
Now at 9%  @Cubcadetlover
Will u be up for a bit tonight?
We can run through this at some point tonight. ..
Oh and fuuuuuuk windows 
Rsync ssh over ssh tunneled openVPN 
11%

---------- Post added at 07:30 PM ---------- Previous post was at 07:29 PM ----------

Oops double posted


----------



## Cubcadetlover (Sep 24, 2017)

Astr4y4L said:


> New ETA
> 
> 1 Hr  22 Min
> 
> ...

Click to collapse



Yep, rsyncd is much better for something this large. I will be up... College football on 1 screen, tinkering on the other.


----------



## Astr4y4L (Sep 24, 2017)

Sounds great. 
I don't follow sports much but who ya rooting for?

---------- Post added at 08:24 PM ---------- Previous post was at 07:47 PM ----------

At 50%

---------- Post added at 08:25 PM ---------- Previous post was at 08:24 PM ----------

Wife just went back to ER ....
That suks

---------- Post added at 08:57 PM ---------- Previous post was at 08:25 PM ----------




Cubcadetlover said:


> Back home in the drivers seat.

Click to collapse



I hope u have fast internet. 
It is almost 1 GB download and should be close to ready in 45 min..

---------- Post added at 09:48 PM ---------- Previous post was at 08:57 PM ----------

@Cubcadetlover
Hey sync says its all there just sent new link
Let me know when u ready

---------- Post added at 10:15 PM ---------- Previous post was at 09:48 PM ----------

@Cubcadetlover
are you ready to begin?


----------



## Cubcadetlover (Sep 24, 2017)

Astr4y4L said:


> Sounds great.
> I don't follow sports much but who ya rooting for?
> 
> ---------- Post added at 08:24 PM ---------- Previous post was at 07:47 PM ----------
> ...

Click to collapse



Downloaded and extracted.


----------



## Astr4y4L (Sep 24, 2017)

Ok open lgup and connect in dl mode
Then use partition DL and pick system.img in the unzipped folder and start it up



EDIT: fuuuuk Autocorrect

---------- Post added at 10:33 PM ---------- Previous post was at 10:23 PM ----------

remember SPC code is 000000

---------- Post added at 10:39 PM ---------- Previous post was at 10:33 PM ----------

the other bonus is this should disable FRP also 
thats always a hihgly sought after thing on these forums...

---------- Post added at 10:40 PM ---------- Previous post was at 10:39 PM ----------

@Cubcadetlover
how's it going?
did u read the readme ?


----------



## Cubcadetlover (Sep 24, 2017)

Astr4y4L said:


> Ok open lgup and connect in dl mode
> Then use partition DL and pick system.img in the unzipped folder and start it up
> 
> 
> ...

Click to collapse



Got an error....   _CrossCheckDL Fail

I just did a clean PP7 refurbish so I could start clean instead of the previous hybrid test.


----------



## Astr4y4L (Sep 24, 2017)

*Ok*



Cubcadetlover said:


> Got an error....   _CrossCheckDL Fail

Click to collapse



Which Modded Lg Up Did U Use?
Run As ADMIN?


----------



## Cubcadetlover (Sep 24, 2017)

Astr4y4L said:


> Which Modded Lg Up Did U Use?
> Run As ADMIN?

Click to collapse



Same one as I used before... Placed in the UI_Config.LGL file (changed to read-only) and launched as admin... Same process as I always do.

Did a refurbish 30 seconds before to PP7 to start with a clean base before applying your image.

$ sha256sum system.img
e749f88819d327d6b16b3c0184e6e2729341126be0deb5e9594e0af8f82c8981  system.img


----------



## Astr4y4L (Sep 24, 2017)

did u use the one from the current zip file?
if so, 
try the one from my toolbox
if that don't work i'll send u something else...

---------- Post added at 10:52 PM ---------- Previous post was at 10:50 PM ----------

god I hope the stinking file didn't get corrupted. if the .img is ok lgup is easy to fix


----------



## Cubcadetlover (Sep 24, 2017)

Astr4y4L said:


> did u use the one from the current zip file?
> if so,
> try the one from my toolbox
> if that don't work i'll send u something else...

Click to collapse



Used the one from the toolbox and not the gift file. Also, not the one from the included zip...


----------



## Astr4y4L (Sep 24, 2017)

try the one from this current zip


----------



## Cubcadetlover (Sep 24, 2017)

Astr4y4L said:


> try the one from this current zip

Click to collapse



Bingo... Working fine. Even thinks it official 

Rebooting and doing the (stupid) optimizations


----------



## Astr4y4L (Sep 24, 2017)

Thank you Jesus 
I need to make bill & diaper money so i need this to work...
then I need to sell it or something...

---------- Post added at 11:08 PM ---------- Previous post was at 11:00 PM ----------




Cubcadetlover said:


> Bingo... Working fine. Even thinks it official
> 
> Rebooting and doing the (stupid) optimizations

Click to collapse



You will need to download something like system app remover from gplay and remove the f'd up romtoolbox then reinstall room toolbox to disable system updates or it'll mess up bad when he try to update to pp8


----------



## Cubcadetlover (Sep 24, 2017)

Astr4y4L said:


> Thank you Jesus
> I need to make bill & diaper money so i need this to work...
> then I need to sell it or something...
> 
> ...

Click to collapse



Installing the lite one now... I do see the errors about rom toolbox


----------



## Astr4y4L (Sep 24, 2017)

*Stupid setup wizard*



Cubcadetlover said:


> Bingo... Working fine. Even thinks it official
> 
> Rebooting and doing the (stupid) optimizations

Click to collapse



Did he make it?
Best to factory reset then do apps and setup wizard
Did u reset from recovery?


----------



## Cubcadetlover (Sep 24, 2017)

Astr4y4L said:


> Did he make it?
> Best to factory reset then do apps and setup wizard
> Did u reset from recovery?

Click to collapse



Bah, no.... Doing it now... Yes, made it fine... I saw supersu and the borked rom toolbox


----------



## Astr4y4L (Sep 24, 2017)

Awesome!!!
Now I might be able to get the babyboy some diapers and stuff he getting low and i can't work with the surgery on my wife and all.
How many u gonna try to crack tonight?


----------



## Cubcadetlover (Sep 24, 2017)

Astr4y4L said:


> Awesome!!!
> Now I might be able to get the babyboy some diapers and stuff he getting low and i can't work with the surgery on my wife and all.
> How many u gonna try to crack tonight?

Click to collapse



Already 1230am here… Just going to play with this one and start writing a setup script to customize them all..


----------



## Astr4y4L (Sep 24, 2017)




----------



## Cubcadetlover (Sep 24, 2017)

Cubcadetlover said:


> Already 1230am here… Just going to play with this one and start writing a setup script to customize them all..

Click to collapse



***SUCCESS****

Such a beautiful thing... A standard SSH prompt to manage/control the devices.


```
[email protected]:/data/data/berserker.android.apps.sshdroid/home # whoami
root
[email protected]:/data/data/berserker.android.apps.sshdroid/home # id
uid=0(root) gid=0(root)
[email protected]:/data/data/berserker.android.apps.sshdroid/home #
```


----------



## Astr4y4L (Sep 24, 2017)

Awesome  so it bypassed the FRP too?
right?


----------



## Cubcadetlover (Sep 24, 2017)

Astr4y4L said:


> Awesome  so it bypassed the FRP too?
> right?

Click to collapse



I didn't get prompted for the google credentials, but I always authenticate with the same ID. I don't think this triggers the FRP. I will have reset and test FRP on another couple devices.


----------



## Astr4y4L (Sep 24, 2017)

*Kool Bro !*



Cubcadetlover said:


> ***SUCCESS****
> 
> Such a beautiful thing... A standard SSH prompt to manage/control the devices.
> 
> ...

Click to collapse



So Good when a good-thing Comes Together,
Well by all means drive it around a bit...

 And Then... Please find time to give it a review ..

#1 How Easy Was It This time to root the zone3?

#2 Did you Have too worry about Factory-Reset-Protection ?

#3 is all working for your device, meaning specifically the functions of phone wifi and data etc, and what models you used it on successfully ?

#4 How Much is it worth to unlock root on zone3 with my new method? what should I charge?

#5 How long did the base process take?

Thanks for your support Bro without guys like you , guys like me go hungry !!!

For everyone else ,
Yes it's true, Yes it's Real, And Yes for a one time donation it can be yours to Use on as many devices as u want...
If Anyone Else Wants This Please PM me On XDA
donations via paypal
paypal email---->     [email protected]
@Cubcadetlover
Have A Rooted Night Bro I'm Signing off 
if you need further assistance pm me and i'll get to it in the morning
@MotoJunkie01
Did You See this 
pm me when you get time and i'll send you your link and the new password Bro!
HA !!! LG_UP_YOURS !!!!

*sincerely_sticking_it_to_LG_AND_BigRed*
_*Team_Astr4y4L*_


----------



## LilAnt530 (Sep 24, 2017)

Astr4y4L said:


> @MotoJunkie01
> Well I got it figured out and as soon as I have enough time
> I will have a new quickroot package.
> SuperSu. And busybox out of the box.
> ...

Click to collapse




Hey man i tried that for the LG Rebel, and I believe it's some sort of driver issue still, i am currently reinstalling windows 10, & will try with the TracFone drivers only, then try a backup with your mod!!!


Also I'll test your Zone3 method if you want lol, just got a new screen for it and all! xD


----------



## Astr4y4L (Sep 24, 2017)

*Sry testing phase over*



LilAnt530 said:


> Hey man i tried that for the LG Rebel, and I believe it's some sort of driver issue still, i am currently reinstalling windows 10, & will try with the TracFone drivers only, then try a backup with your mod!!!
> 
> 
> Also I'll test your Zone3 method if you want lol, just got a new screen for it and all! xD

Click to collapse



I hope u get the thing for the rebel figured out
Really need the dump to work on network unlocking for zone3
As for new method ...
Its great but testing is finished...
Already polishing it up to put on a donations only thread...
I used it twice, @Cubcadetlover used it once tonight and got 10 more tomorrow... 
I'd call it tested :highfive: 
But its so great because it disables. FRP. 
And adds chainfire's SuperSU also busybox.
And no more shenanigans with kingroots and all that
Also no stupid graphics problems...
Oh removed a lot of Verizon's krapware and reenabled LG's.  
Blacktheam too 
So yep thats that... You did get your Zone3  rooted didn't you?
I hope so because the old unreliable down&dirty method I first developed is now depreciated. 
Im sure the files are floating around someplace and while it worked (sometimes)  I've deleted it from the server as it sucked when compared to this...
And this one is the cumulative work of all the other methods and about 3 months work..
For a onetime $20 donation everyone else can get it.
And did I mention no more FRP ?
Oh yea I did   
So see I killed 5 of these and paid out of pocket for 4 of them
Got two that still work but after all that...
Yep its worth $20.


----------



## LilAnt530 (Sep 24, 2017)

Astr4y4L said:


> I hope u get the thing for the rebel figured out
> Really need the dump to work on network unlocking for zone3
> As for new method ...
> Its great but testing is finished...
> ...

Click to collapse




Still got the toolbox & it's a shame to throw away all that work because that seemed to work universally across alot of other LG models xD. I was using LG UP for my G2, the LG Lucid from 2013 or older which had issues converting the crazy firmware files into .kdz to even flash onto the freakin thing. I literally fixed 4 or 5 LG devices that were previously paperweights using some of those files, (Not to mention root the LG Lucid) So hopefully I can actually get this L44VL to show on my desktop & I can work something out with ya!  it's times like these where i wish i had a paypal or lived close enough to pick up a prepay because bro what you've done with this is worth a good $100 lol


----------



## Astr4y4L (Sep 24, 2017)

*$100. Naaa. Just donate a min. Of $20*



LilAnt530 said:


> Still got the toolbox & it's a shame to throw away all that work because that seemed to work universally across alot of other LG models xD. I was using LG UP for my G2, the LG Lucid from 2013 or older which had issues converting the crazy firmware files into .kdz to even flash onto the freakin thing. I literally fixed 4 or 5 LG devices that were previously paperweights using some of those files, (Not to mention root the LG Lucid) So hopefully I can actually get this L44VL to show on my desktop & I can work something out with ya!  it's times like these where i wish i had a paypal or lived close enough to pick up a prepay because bro what you've done with this is worth a good $100 lol

Click to collapse



Of course 
for anyone who can't use PayPal or whatever..

PM me and I can give  an address to send money snail mail
It take 2 or 3 days but it works.... When I get payments. I give files..
Of course no more freebies my wife is bAck in OR for second time in a week I can't work got 3 kids no sitter
On top of everything else I guess i picked up the stupid flu while up there  waiting on surgery to be done...
I need help bro


----------



## MotoJunkie01 (Sep 24, 2017)

Astr4y4L said:


> So Good when a good-thing Comes Together,
> Well by all means drive it around a bit...
> 
> And Then... Please find time to give it a review ..
> ...

Click to collapse



Very impressive. Two thumbs up for Team @Astr4y4L. You have made a lot of achievement in a relatively short period of time. I had hoped someone like yourself would come along and lend a hand. Your work has been above & beyond what I could have ever expected. 
XDA members, for those of you who have benefited from @Astr4y4L´s work, please show your gratitude by giving him a tap on the thanks button or, if possible, by giving a donation. Doesn't have to be a lot; a couple bucks here and there can go a long way towards development expenses.


----------



## Astr4y4L (Sep 24, 2017)

OK Everyone Please Don't send Emails to [email protected]

that is only for paypal payments 
i'm following this thread regularly. every time some one posts here I get notified no need to clog the Sick Wife's Email...

Thanks,
Astr4y4L

---------- Post added at 02:05 PM ---------- Previous post was at 01:58 PM ----------

also i'm putting everything back together serverside and am setting links etc....

so all the questions can be asked here..
to see what i'm doing and what tools /firmware mods are available 
Go HERE

http://www.astrayalslanding.dynu.net/


There's Not links to things quite yet as i'm currently in the process of automating the whole process to make donations and recieve your links for various tools
also setting up a mailclient and blog place for it all so go hit that link...
i'll have everything together soon.
but please don't send the sick wife a bunch of emails about this
just reach down and hit the post quick reply button here on xda 
I get instant notifications from xda
Thanks ,
Astr4y4L


----------



## Astr4y4L (Sep 24, 2017)

Big Update 
Come see the site think I got it up now
 tools available at the site

http://www.astrayalslanding.dynu.net

---------- Post added at 03:59 PM ---------- Previous post was at 03:54 PM ----------

@MotoJunkie01
Brother check out our new site
http://www.astrayalslanding.dynu.net

Also I give u and only u permissions to mirror
My original zone3_root.zip package on your googledrive.
Just in case people don't want or can't donate they can still root zone3
The hard way ....
But the newest things are over at the new site check it out


----------



## blankaultra1 (Sep 24, 2017)

I'd like to donate for the zone 3 root software, but I don't know too much about android software and basically just have a pc and the zone 3 phones. Would I still be able to use your software and does it work on any version of the software zone 3? Thanks!


----------



## Astr4y4L (Sep 25, 2017)

*Universal Root Zone3*



blankaultra1 said:


> I'd like to donate for the zone 3 root software, but I don't know too much about android software and basically just have a pc and the zone 3 phones. Would I still be able to use your software and does it work on any version of the software zone 3? Thanks!

Click to collapse



Yes I believe works for them all
And yes u should be fine with windows 7 or better,
And grab the lg_up installer in the first post of the thread 
Thanks @MotoJunkie01 for that
Get lgup installed and working ,
By all means donate and I'll send u the link
Then I will even coach you through it..
Donations via PayPal ----> [email protected]
Thanks for your interest. .
Aatr4y4L

---------- Post added at 06:02 PM ---------- Previous post was at 05:55 PM ----------

@Cubcadetlover

So hows it going with the other 10
Zone3'S. 

Dyeing for feedback here 
Thanks

---------- Post added at 06:32 PM ---------- Previous post was at 06:02 PM ----------

Hey can anyone confirm that my PayPal is working
Had a few messages about donations 
And don't see any thing in the account.
Thanks
Astr4y4L

---------- Post added at 07:05 PM ---------- Previous post was at 06:32 PM ----------

And development continues 
Just got a cardreader and will be delving into our Verizon Sim cards soon and many then we can figure out some more neat stuff for network mods

---------- Post added at 07:09 PM ---------- Previous post was at 07:05 PM ----------

And wanted to assure youse guys that are donating. 
Team Astr4y4L does not forget the hands that feed.
Everytime I update the software or firmware 
You'll get messages with new links for all the best new stuff  and enjoy


----------



## Cubcadetlover (Sep 25, 2017)

Astr4y4L said:


> [/COLOR]@Cubcadetlover
> 
> So hows it going with the other 10
> Zone3'S.
> ...

Click to collapse




Starting to play a little tonight... Did another stock PP5 and had no problems... Works great and can confirm supersu is fine. Only small bug is the ROM toolkit error on startup... Remove the package and its gone.

They have some K3 devices at my local Walmart on clearance... Would this also work for the K3?


----------



## Astr4y4L (Sep 25, 2017)

I absolutely believe the method and technique could work. But...

DO NOT FLASH THIS IMAGE TO ANYTHING THAT.  Doesn't say e1q. For hardware model 
Confirmed working on Zone3 
May work on sister phones but i'd say it'll prolly F things up if u flash this on anything not Verizon. Too 
So if anyone wants to brick the devices
Like spree or k4 
Give it a shot worst case no boot.
Best case Verizon/ Zone3. And cricket spree 
Make A type of weird mongrel lovechild 

No I won't try it
Edit:
I may try to prepare this type of modification for other devices firmware in the future
It will require a dump of your device or as in the case of the zone3 i had to have .kdz files to extract the firmware for modifications


----------



## Astr4y4L (Sep 25, 2017)

JUST RECIEVED DONATION FROM @blankaultra1

Thankyou for Supporting Team_Astr4y4L.

When your download is finished hit me up, we will get you through the process and you'll be root today !

Team_Astr4y4L

---------- Post added at 11:05 AM ---------- Previous post was at 10:59 AM ----------

[/COLOR @blankaultra1
are you here ?


----------



## blankaultra1 (Sep 25, 2017)

thank you! ready to get started when you are


----------



## Astr4y4L (Sep 25, 2017)

@blankaultra1
If You'll open the inclosed {read me} it has the instructions 
where to place the files.
as always Team_Astr4y4L is here to answer questions and help in your attempt to root your device

---------- Post added at 11:17 AM ---------- Previous post was at 11:09 AM ----------

basically have to place the file {UIconfig} in the common folder in your lgup installation
the easiest way is right-click the lgup shortcut on your desktop and select oprn file location...
navigate to 
model---> common
and copy paste the UIconfig file from my zip you downloaded into the common folder .
you'll provide admin rights just click ok...
then right click the UIconfig file and set properties to READ ONLY
as lgup will delete the file on start up if you skip this step..
then start lgup as normal and notice that lgup looks a little different now !

here we go 
click the box to select partition dl
go down and click the button on the right side of where it says BIN 
a file box opens to choose the file to flash

---------- Post added at 11:19 AM ---------- Previous post was at 11:17 AM ----------

then useing that box choose the file system.img located in the Firmware folder from my zip package...

---------- Post added at 11:19 AM ---------- Previous post was at 11:19 AM ----------

click start
it ask for code
code is

000000

---------- Post added at 11:21 AM ---------- Previous post was at 11:19 AM ----------

click ok
and watch as LG's own tools automagically flash root to your Zone3
Have fun 
let me Know if you need more help or if you get stuck
Thanks 
Team_Astr4y4L


----------



## blankaultra1 (Sep 25, 2017)

is the box to select partition download called "PRL/ERI write"?


Astr4y4L said:


> @blankaultra1
> If You'll open the inclosed {read me} it has the instructions
> where to place the files.
> as always Team_Astr4y4L is here to answer questions and help in your attempt to root your device
> ...

Click to collapse


----------



## Astr4y4L (Sep 25, 2017)

Hows it going?
Did ya figure it out?
My connection is crap cause I'm on the go...


----------



## blankaultra1 (Sep 25, 2017)

do i keep the process selected on "REFURBISH"? Also, when i click on the "..." to select the file, it does not see the file since it's only looking for *.tot and *.kdz


----------



## Astr4y4L (Sep 25, 2017)

It should be partitions dl 
Not refurbish

---------- Post added at 11:55 AM ---------- Previous post was at 11:54 AM ----------

Did you follow instructions about prepareing lgup?


----------



## blankaultra1 (Sep 25, 2017)

found it, my mistake. i put the file in the main folder instead of literally the folder called 'common'


----------



## Astr4y4L (Sep 25, 2017)

blankaultra1 said:


> found it, my mistake. i put the file in the main folder instead of literally the folder called 'common'

Click to collapse



Lol thats great

I'm glad it worked out would you mind 
Posting about the experience here?

Also can u confirm no FRP


----------



## blankaultra1 (Sep 25, 2017)

what does FRP stand for? Also I think it worked but as stated in the directions, ROM toolbox lite is showing an error. I tried downloading it from the playstore but it doesn't have an option to uninstall and I can't find it in the application list to manually uninstall


----------



## Astr4y4L (Sep 25, 2017)

Search google play 

System app remover 

Remove the romtoolbox reboot reinstall Romtoolbox don't forget to factory reset first  after flashing
FRP= factory resrt protection


----------



## blankaultra1 (Sep 25, 2017)

in the system app remover, i'm looking for romtoolbox but i can't find it in the list. is it com.jrummy.liberty.toolbox?if not, do you know the name of it? 



Astr4y4L said:


> Search google play
> 
> System app remover
> 
> ...

Click to collapse


----------



## Astr4y4L (Sep 25, 2017)

Absolutely correct on the name

---------- Post added at 12:41 PM ---------- Previous post was at 12:39 PM ----------

I'm so glad you we're able to confirm another zone3 rooted.

please confirm it was a pp5 model before?

---------- Post added at 12:54 PM ---------- Previous post was at 12:41 PM ----------

Ok well you should. Be good to go.
Please don't forget to disable system updates useing app manager in rom toolbox from gplay


----------



## blankaultra1 (Sep 25, 2017)

everything worked out perfectly and the Zone 3 was rooted! thanks so much Astr4y4L! To anyone considering, it was well worth it

---------- Post added at 07:17 PM ---------- Previous post was at 06:56 PM ----------




blankaultra1 said:


> everything worked out perfectly and the Zone 3 was rooted! thanks so much Astr4y4L! To anyone considering, it was well worth it

Click to collapse



yes I believe it was a pp5


----------



## Astr4y4L (Sep 25, 2017)

Awsome @MotoJunkie01
Did u get your copy the other day?
If not let me know and   I can open the door for ya.
Ofcorse u could ssh in with your server account credentials from a while back.
And get whatever u need


----------



## blankaultra1 (Sep 25, 2017)

blankaultra1 said:


> everything worked out perfectly and the Zone 3 was rooted! thanks so much Astr4y4L! To anyone considering, it was well worth it

Click to collapse



yes I believe it was a pp5


----------



## Astr4y4L (Sep 25, 2017)

*Perfect*



blankaultra1 said:


> yes I believe it was a pp5

Click to collapse



Also can you confirm ,
Did it prompt about factory reset protection?


Did it prompt for that?
you'll know because I believe I disabled that 
It will still ask to add a google acount but should not
Ask to verify on resetting?


----------



## blankaultra1 (Sep 25, 2017)

I'm not sure about the factory reset protection. When I did a factory reset, it looked the same way as when I first got the phone (loading apps --> asking to activate phone --> asking for language --> asking for google account )



Astr4y4L said:


> Also can you confirm ,
> Did it prompt about factory reset protection?
> 
> 
> ...

Click to collapse


----------



## Astr4y4L (Sep 25, 2017)

blankaultra1 said:


> I'm not sure about the factory reset protection. When I did a factory reset, it looked the same way as when I first got the phone (loading apps --> asking to activate phone --> asking for language --> asking for google account )

Click to collapse



Great that confirms it for me the order you said in which the operation proceeded means that it would have asked you for your Google credentials before going through the setup Wizard and then also asked you to add your account after the setup wizard so that means FRP is over with


----------



## Astr4y4L (Sep 25, 2017)

@MotoJunkie01
Did u see the note about FRP


----------



## Astr4y4L (Sep 26, 2017)

Here's an update i poped another sim in the one from cricket and got no signal ...
Which I fully expected.
But what I didn't expect is the nag about 
This is not a verizon sim was not there.
So I've got a system dump from a spree and I'm going to try later to create a flash file that can cause the zone 3 to work on the cricket/at&t network..
Also grabbed a simcard cloner /reader
And as soon as I figure out how to work the damn thing ( no documents)  lol
I may know more about how the sim works
On these things....


----------



## Cubcadetlover (Sep 26, 2017)

Astr4y4L said:


> And Then... Please find time to give it a review ..
> 
> #1 How Easy Was It This time to root the zone3?
> 
> ...

Click to collapse


 @Astr4y4L

1. It was very easy... All I had to do was modify the LGUP tool and then deploy the image. Once the image reset, you simply exit out of the LG signup screen and then do a factory reset. Only issue I had was that it would get cranky about Gmail stopping... Once I did the factory reset, its golden.

2. Not sure about the FRP... I don't think it was active. It worked as any other new phone. Signed in with Google using my normal credentials.

3. I use wifi only with airplane mode... Initial thoughts were that its more stable without the standard VZW crap running. Much nicer that my services start on reboot instead of using ADB... root shell is beautiful.

4. Easy peasy doing the new method...  Only "issue" is that its a factory reset. Not the end of the world though.

5. I did 5 devices today in less than an hour... Very quick.


----------



## Astr4y4L (Sep 26, 2017)

*Super kool*



Cubcadetlover said:


> @Astr4y4L
> 
> 1. It was very easy... All I had to do was modify the LGUP tool and then deploy the image. Once the image reset, you simply exit out of the LG signup screen and then do a factory reset. Only issue I had was that it would get cranky about Gmail stopping... Once I did the factory reset, its golden.
> 
> ...

Click to collapse




that's awesome. Thanks for reviewing our new methods
I'm glad that all is well at the farm. Lol.
There you have it folks
Easypeasy!

Thanks for everything and I'll keep you up to date with
All of my newest developments.
And don't forget the tip jar..
that's what I'm living off of for the moment

Team_Astr4y4L has your back @Cubcadetlover


----------



## Cubcadetlover (Sep 26, 2017)

Astr4y4L said:


> that's awesome. Thanks for reviewing our new methods
> I'm glad that all is well at the farm. Lol.
> There you have it folks
> Easypeasy!
> ...

Click to collapse



Will hit the tip jar later tonight...

Easy Peasy is a highly technical term I use.


----------



## Astr4y4L (Sep 26, 2017)

Cubcadetlover said:


> Easy Peasy is a highly technical term I use.

Click to collapse



  :silly:  :crying: :highfive:

---------- Post added at 07:57 PM ---------- Previous post was at 07:32 PM ----------

Just wanted to Say that the website 
Is functioning perfectly. And if you donate through the website. Be sure to hit the [Return to Merchant]button it will take you back to the downloads page. Where I've put some really good stuff.
For the new root method. Just donate at the site and then pm me and I'll rescue you from the binds of lg and bigred .

But everything else is right there for the takeing and every body that donates gets something good.

Even got IDA over there with a password.txt file to keep you from having to pay the krazy prices to use that.
So.
Drop on by and see the site..

TEAM_Astrayal has just received a donation from @Cubcadetlover 
Thank you my friend we will keep you up to date


----------



## MotoJunkie01 (Sep 26, 2017)

Astr4y4L said:


> Awsome @MotoJunkie01
> Did u get your copy the other day?
> If not let me know and I can open the door for ya.
> Ofcorse u could ssh in with your server account credentials from a while back.
> And get whatever u need

Click to collapse



If you could, please open the door for me. I used the link you provided in your PM; however, I was prompted for a Username and Password for access.
Thanks much....


----------



## Cubcadetlover (Sep 26, 2017)

Cubcadetlover said:


> @Astr4y4L
> 
> 
> 5. I did 5 devices today in less than an hour... Very quick.

Click to collapse




And 4 more devices tonight all were successful. No issues... Picked another one up from ebay yesterday.... No idea which version it will be, but I expect it to work.

Definitely the goto phone for me now.


----------



## Astr4y4L (Sep 26, 2017)

*The Door*



MotoJunkie01 said:


> If you could, please open the door for me. I used the link you provided in your PM; however, I was prompted for a Username and Password for access.
> Thanks much....

Click to collapse



 come on by Bro the doors open. For u now!


----------



## Astr4y4L (Sep 26, 2017)

*Door now closed*



Astr4y4L said:


> come on by Bro the doors open. For u now!

Click to collapse


 @MotoJunkie01
Pm me if u didn't get the download lastnight
Iv locked up the doors again
Thanks
Astr4y4L


----------



## Astr4y4L (Sep 26, 2017)

Well Krap That don't Work...
Can't put cricket's spree system on zone3 I really want to be able to use this hardware on the Cricket Network


----------



## Astr4y4L (Sep 26, 2017)

Update:
Team_Astr4y4L
Will be having Half-price Thursdays 
Every service Half-off on thursdays 
Thanks


----------



## Cubcadetlover (Sep 27, 2017)

*VS425PP8 Works*

Picked up another LG Zone 3 today for cheap. Today's was PP8... Opened the box and flashed it with no problem...

Easy Peasy.


----------



## Astr4y4L (Sep 27, 2017)

*Team_Astr4y4L  Strikes Again*



Cubcadetlover said:


> Picked up another LG Zone 3 today for cheap. Today's was PP8... Opened the box and flashed it with no problem...
> 
> Easy Peasy.

Click to collapse



Easy Peasy....
Lol God I Love that! :good:

---------- Post added at 02:16 AM ---------- Previous post was at 02:13 AM ----------

@Motojunkie01
So how did it go?
Are you diggin this?


----------



## Cubcadetlover (Sep 27, 2017)

Astr4y4L said:


> Easy Peasy....
> Lol God I Love that! :good:
> 
> ---------- Post added at 02:16 AM ---------- Previous post was at 02:13 AM ----------
> ...

Click to collapse



And a new (to me) PP7 from eBay.

Hopefully, this is enough testing to prove that @Astr4y4L hack is awesome.


----------



## Astr4y4L (Sep 28, 2017)

*Here's something else*



Cubcadetlover said:


> And a new (to me) PP7 from eBay.
> 
> Hopefully, this is enough testing to prove that @Astr4y4L hack is awesome.

Click to collapse



Just made a freak hybrid.
Zone3 
Force flashed...
K4.  Lgl121
Twaaahahahaha
tehehe....
But seriously ...
Wifi not working usb not functioning . Or rather my pc can't see it now...
Probably drivers and krap....
Hmmmmm.


----------



## Astr4y4L (Sep 29, 2017)

Well.
Guess they should call me cpuSlayer.
2 nd one in a couple months.
All development is hereby delayed until I can get a suitable replacement PC.
Everything up to this point is still available on my server at my site thankfully.
But my workstation is toast.
R.I.P.


----------



## Astr4y4L (Sep 29, 2017)

Astr4y4L said:


> Well.
> Guess they should call me cpuSlayer.
> 2 nd one in a couple months.
> All development is hereby delayed until I can get a suitable replacement PC.
> ...

Click to collapse



New pc has been ordered.
I really. can't afford it but I'm hopeful that donations from my work here will be enough to offset the cost.


----------



## Astr4y4L (Sep 29, 2017)

Ive got an idea that we may be able to open gsm etc by porting the system and radio firmware from a k4 .
The method i want to use will require mounting both system images under linux and swapping apps and firmware folders libraries etc from the k4 to the zone3.
And then flashing the resulting image useing a specially crafted payload in lgup as with the new easyflash root method we just finished developing.
I wont personally be able to do this untill...
A  - my new workstation gets delivered next week.

And 
B - i get a new device to test this on.
But if any of our brothers here want to give it a go ,thats the direction we are headed.

---------- Post added at 05:23 PM ---------- Previous post was at 04:44 PM ----------

Hi everyone recently asked a question by an associate how to get rid of a persistant notification.
(Thanks again for the zone 3 root! I just have a quick question since you’re great with androids. Do you know of a way to disable the “app is not responding” notification?)
From adb  shell
Or android terminal

su
pm disable (packagename)

Where packagename is the apps actual name
a list of all available packages can be found with
pm list packages


----------



## Heimish (Sep 30, 2017)

Would root allow me to enable diag mode for flashing? I see flashed ones available on eBay so it must be possible...


----------



## Astr4y4L (Sep 30, 2017)

*Hmmmm.*



Heimish said:


> Would root allow me to enable diag mode for flashing? I see flashed ones available on eBay so it must be possible...

Click to collapse



Well by rooting you Get access and authority to make any low-level changes you want.
I know for fact I've seen the diag setting listed in build.prop
And you are correct with out root access you can't change it.
As to flashing the device... not sure what you mean.
I flash them using lgup and download mode.
We have not been able to use fastboot with this device.
Lg disabled it in boot. Since the fiasco with the 
G2 and G3 and all the contraversy concerning
Team codefire and that guy that ripped off thair work and
Posted OpenBump.py openly...
What an arse.


----------



## Heimish (Sep 30, 2017)

By flashing I mean using CDMA workshop to edit prl or meid etc., not firmware flashing


----------



## Astr4y4L (Sep 30, 2017)

*Ah ha*



Heimish said:


> By flashing I mean using CDMA workshop to edit prl or meid etc., not firmware flashing

Click to collapse



Well if that's what your after I'm sure by rooting the device
You're going to be able to set usbsettings and diag mode through build.prop edit.
Though I myself am not super familiar with cdmaworkshop.
As a sidenote after useing one of my hacks.
There will be available in lgup an option called.
(Phonesetting) and it deals with a lot of prl settings rvnuim and such.
But honestly I don't know what changing those settings does.
I would say root it and let us know how it go's


----------



## Astr4y4L (Oct 3, 2017)

Moving foward...
We are going to try to adapt our quick-root to other lg devices.
And for the zone 3 we have moved our focus to gsm unlocking.

To adapt our method to other devices we will need to aquire new testing devices.
If anyone has a lg device that you woul like to see this done to you may make suggestions.
If your suggestions include sending us a device to work on we will be more apt to put it top of the list.
You know if we own a device. It will be top of the list.


----------



## Astr4y4L (Oct 6, 2017)

*Great News :*

I saved a ton of $$$$ by switching to Geico. 

No not really. But Team Astr4y4L's New workstation is now functional.
8 Gb ram
Dualboot on seperate Hdd
Ubuntu 17.  1.5 Tb
Windows 10x64 250Gb
We are setting up our work environment as I speak. An soon will spread our hacks like a virus to all other Lg devices compatible with LgUp


----------



## Heimish (Oct 7, 2017)

Astr4y4L said:


> Well if that's what your after I'm sure by rooting the device
> You're going to be able to set usbsettings and diag mode through build.prop edit.
> Though I myself am not super familiar with cdmaworkshop.
> As a sidenote after useing one of my hacks.
> ...

Click to collapse



Thanks for your great work on this device! Ordered one off eBay and will donate when I get it rooted  Do you have a recovery for this yet?


----------



## Astr4y4L (Oct 7, 2017)

*Congrats !!!*

The zone3 is getting some attention but the problem with custom recovery is that we are basically blocked in boot and we can't fix that YET because of aboot...
But I Use one of these every day and its really a great fone.
right now i'm focused on gsm domestic sim unlock by remote usb connections
having absolutely nothing to do with the conventional methods useing IMIE and dialer codes and all..
we're going to offer it as a service once we've got it all worked out.
currently waiting on a box of zone3's and possibly other Vs425 varients to test on.
As a byproduct of the research and development on gsm enableing
I've Got a neat toy that i'm sending to a friend to tinker on ...
Zone3 Dirty-Forced flashed to K4 firmware... but it's buggy and can't connect to a network . 
He has quite a selection of simcards to test with it so...
But it does SEE the verizon, and Cricket networks thats all I've tested in it.
If nothing else it's an Odity that reflects that we will with time and effort accomplish full GSM on these phones



Heimish said:


> Thanks for your great work on this device! Ordered one off eBay and will donate when I get it rooted  Do you have a recovery for this yet?

Click to collapse



So @Heimish Have you decided on which method you'll use for your Zone3 Root needs?


----------



## Astr4y4L (Oct 7, 2017)

UPDATE:
---------------------------MURPHY'S LAW-----------------------------
IF IT CAN GO WRONG IT WILL GO WRONG AT THE WORST POSSIBLE MOMENT ...
------------------------------------------------------------------------------------------------------------------
So, ofcourse I got us all set-up workstation for modding out lg firmware for you all,
workstation is working sooo nicely !
BUT...
Murphy strikes again .
they hit my Bank account for the money to pay for the CO/Pay's and stupid fee's associated with the Wife's Emergency-room Visit and subsequent Emergency Surgery....
SO , when it came time for Auto-pay to Pay the bill for my Phone-Service (which is also my ONLY internet connection for anything) the money was not there and auto-pay couldn't pay.
and Now I'm Broke... (see 4 line's above)
So I Will Be placing any New Development on Hold untill such time as I can Raise the Funds to Pay the Phone Bill... ($50.00 plan on verizon) so that I have My tethered Android connection to provide Internet Access for the Whole Workstation...

Idea's 
1: Maby someone wants things to continue
 in a timely manner so they donate $55.00 at my website....
2: maby someone needs remote root on two devices... that would do it.
3: Break out the old lawn-mower and talk someone into paying for cut grass...
4: Wait 30 days untill I get My Monthly Pay-check from My Regular job deposited in the Bank and let Auto-pay handle the details...

So that's Where thing's Sit At Team_Astr4y4L
But on the bright side... 
the server at Amazon is still UP so the stuff
 we already have remains fully functioning and available..
and Now I'm Actually seriously looking into the Fone-Farm thing...


----------



## Chekm8Qc (Oct 9, 2017)

Hi there , I read through almost every page of this thread and it's pretty crazy all the progress you have made  I have an LG K4 k121 and I was wondering if what you guys done with the zone 3 could somehow apply to my k4. I read here and there that the K4 and some others are the sister phones of zone3.. which is pretty cool but I have not found anything anywhere for the K4. I did try all the new root methods for LG devices but didn't work.


----------



## Cubcadetlover (Oct 9, 2017)

Chekm8Qc said:


> Hi there , I read through almost every page of this thread and it's pretty crazy all the progress you have made  I have an LG K4 k121 and I was wondering if what you guys done with the zone 3 could somehow apply to my k4. I read here and there that the K4 and some others are the sister phones of zone3.. which is pretty cool but I have not found anything anywhere for the K4. I did try all the new root methods for LG devices but didn't work.

Click to collapse



I tried (asked this question) and was shot down.... 

Thinking out loud... Wonder if this method would destroy the "phone" ability, but keep the wifi which is all I care about anyway. Unfortunately, don't have one to play with yet.

---------- Post added at 01:05 PM ---------- Previous post was at 01:04 PM ----------




Chekm8Qc said:


> Hi there , I read through almost every page of this thread and it's pretty crazy all the progress you have made  I have an LG K4 k121 and I was wondering if what you guys done with the zone 3 could somehow apply to my k4. I read here and there that the K4 and some others are the sister phones of zone3.. which is pretty cool but I have not found anything anywhere for the K4. I did try all the new root methods for LG devices but didn't work.

Click to collapse



I tried (asked this question) and was shot down.... 

Thinking out loud... Wonder if this method would destroy the "phone" ability, but keep the wifi which is all I care about anyway. Maybe the entire stupid thing.

Unfortunately, don't have one to play with yet.


----------



## Astr4y4L (Oct 9, 2017)

*Shotdown ?*

WOWZERS !!!!



Cubcadetlover said:


> I tried (asked this question) and was shot down....
> Thinking out loud... Wonder if this method would destroy the "phone" ability, but keep the wifi which is all I care about anyway. Maybe the entire stupid thing.
> Unfortunately, don't have one to play with yet.

Click to collapse



First, anyone who "SHOT you Down" for asking this question is an idiot !
Second, @Chekm8Qc
 I want to say this is absolutely possible to apply to K4 and I'm already in possession of a fully modified and rooted system.img for the Vs425PP K4.  8gb version
the only thing is that the one I posses  is for a Canada version of the K4 running on The subsity that uses At&t towers..."can't remember the actual name" - could examine build.prop later to get it if need be.
 And I actually accidentally ended up with a zone3 that now thinks it's a K4 by flashing a .kdz that I was Modding.
{GSM research}

so yes I believe with a bit of work we can probably quickly get that going for you on your k4.

BUT... 
as I said, if you flash it you will be on At&t towers afterwards. ON THE UPSIDE the 
device that was used to prepare the flash file was actually GSM unlocked and so you may be able to use any of the compatable sim cards and get service...

Can I promise it will work and not turn your device into a FLAMING TURD ? 
NO .
Am I Willing to try ? :good:
Yes !
but you will have to accept that I'll be basically testing an untested Process on your Phone. :crying:
So if it's your daily driver I'd recommend you wait until I've had a chance to test it on a test device
I'd feel real bad if I tell you to Flash this or that and end up killing your only phone or whatever....

ALL THAT BEING SAID....:fingers-crossed:
If anyone has a K4  8gb version and wants to try  we can give it a shot....
just post here on the thread.
and Team_Astr4y4L will be watching.
@Cubcadetlover
Hi Brother ! how's it going ? Hows the farm? Lol
I'm actually looking at the potential income involved in these fone-farm things...
just don't see much point in continuing until I get a high-speed internet connection 
to pipe my local network through...
Looking at at&t .
but yea, how's everything been going? Have you encountered any issues with all those zone3's you flashed with my root?
I'm working on integrating the GSM-Unlock into the Root so that it's basically an all-in-one
GSM + FRP + Root
but the lack of high-speed internet is killing me on the time it takes me to download a firmware to modify and the time it takes to upload my results to the server for testing and distribution .
Uggh!!!
but soon we will have all that taken care of hopefully .
and I was wondering.... Do you happen to have an 8gb Lg K4 to test this on?
Astr4y4L

---------- Post added at 01:27 PM ---------- Previous post was at 01:14 PM ----------




Chekm8Qc said:


> Hi there , I read through almost every page of this thread and it's pretty crazy all the progress you have made  I have an LG K4 k121 and I was wondering if what you guys done with the zone 3 could somehow apply to my k4. I read here and there that the K4 and some others are the sister phones of zone3.. which is pretty cool but I have not found anything anywhere for the K4. I did try all the new root methods for LG devices but didn't work.

Click to collapse




absolutely possible !!!
but see the post above...

https://forum.xda-developers.com/showpost.php?p=74097221&postcount=760


----------



## Cubcadetlover (Oct 9, 2017)

Astr4y4L said:


> First, anyone who "SHOT you Down" for asking this question is an idiot !
> 
> @Cubcadetlover
> Hi Brother ! how's it going ? Hows the farm? Lol
> ...

Click to collapse



Not upset on the "shot you down"... No big deal.

The farm is rocking and rolling... Picking up broken/used ones on ebay where possible as my goto phone. Otherwise new with discounts/sales. By far my most stable phone. My only concern is 5.1.1 vs something newer, but I will run them into the ground... Oh and MASSIVE battery bloat.

No other LG phones for me.


----------



## Astr4y4L (Oct 9, 2017)

Cubcadetlover said:


> . Oh and MASSIVE battery bloat..

Click to collapse



Awesome , I'm so glad things are working !

but quick question when you say 





Cubcadetlover said:


> MASSIVE battery bloat

Click to collapse



I'm wondering exactly what you mean are your batteries not lasting very long?
Or are the batteries lasting a good amount of time? 

I ask because if your having battery issues we can try to kill some more pre-load apps and background services , etc.
I definitely don't want anyone to be dis-satisfied with the results of our work.
and as always thankyou so much for your feed-back

Astr4y4L


----------



## Gunhot15 (Oct 9, 2017)

*Need help with bootloop issue*

I have the vpp8 version of the phone I have the vpp2 software downloaded can u guy send me a email of steps my email is [email protected]


----------



## Astr4y4L (Oct 9, 2017)

Chekm8Qc said:
			
		

> Hey thanks for the info ! So unfortunately this K4 IS the only phone I  use for the moment so as much as I would love to be a tester it won't be  possible for now   unless (like u said ) you've had the time to test it on one of your  devices. Theres something that bothers me .. I thought I had found an  earlier version of my firmware (K12110c_00_0224.kdz) but when I tried it  with LGUP it denied it.. It's been a few months so I don't remember  exactly the error it gave me though. My current firmware is  K12110f_00_0912.kdz and I tested it after a bad install of the other kdz  and everything went well. I wonder why I wasn't able to downgrade..  maybe it's just not the right kdz but I was pretty sure of it. My  rollback version is 0 when I check on the hidden menu, which should  allow me to downgrade. I'm  very far from having the same knowledge as  you that's for sure lol.

Click to collapse



Well it sounds as if you've used the (UMMM.....Stock) version of LgUp  and tried to flash that .kdz file using the usual refurbish, or upgrade options... problem with that is Lgup when used that way will throw an exception if you try to use a .kdz from a much earlier release... or if you try useing a .kdz intended for a different Vendor even though it is the same Hardware (platform)
the solution for this is either donate and grab my Lgup mod's that unlock (other-than-Stock) options in LgUp. 
or Do a whole bunch of research and Go Mod Your Lgup install yourself...

what I mean is this ...

If you use the modded LgUp, you will have a new option called

Partitions dl

and I've purposefully added a line of code that lets the Software Allow (File-Exceptions)
meaning you can on-purpose flash even THE-WRONG-FIRMWARE to your device..
though it may tell you things like

THE GPT HAS CHANGED
THE LOCATIONS OF SYSTEM AND MODEM HAVE CHANGED...
DO YOU WISH TO PROCEED ?

and when you click ok or yes or whatever, It actually flashes the .kdz one partition at a time...
Thus is how I ended up with the Zone3 that thinks it's a K4 !

BUT... 
There are some things to be aware of...
If you flash the firmware from a sister phone it may boot and everything just fine but there will more than likely be a few bugs you may need to work around...
EXAMPLE:
Keymapping...
sounds trivial because if your rooted you can use any number of apps from G-play to remap your soft and hard keys...
( Home soft button on home screen) (the Volume up button on the side of the phone ) (the Power button) etc.
But the problem is ...
if you flash a version of software to your device and maby the older model release of the phone had the power button on the back and now its on the side... or had the hard key(physical-button) on the front for home 
but now the newer version uses the soft-key (virtual-button ) on your touch-screen instead.
or like in the case of the Zone3...
between version  (VS425PP2)
 and version (VS425PP4)
the Vendor " I Presume " has changed things in the Modem and so we had zero connectivity upon trying to downgrade.
and in version (VS425PP5) they changed the way the system handles the graphics (patches to drivers)
and so those poor souls who tried the downgrade ended with white & black lines all over the screen and only the lucky and talented ones were able to blindly enter into Dl Mode and flash back to the other version...
These are a few of the pitfalls I've seen while working through all of this...

Does this mean you can't downgrade?
NO!
Does this mean it's easy ?
NO!
But Can it work ?
Absolutely !

And for any one interested I have a modded out rooted system.img from a K4 that i'm eager to test...
Just have too much on my plate right now to go grab a K4 to test it....
also working on K3.... So Stay tuned for future developments !
 @MotoJunkie01 
Hey Brother I haven't forgotten you ! I'm Just so freakin broke I can't even scrape up the $5.00 or whatever it's going to cost to mail you that toy I Promised ...
But hopefully soon!

Sincearly ,
Astr4y4L
Team_Astr4y4L

---------- Post added at 05:01 PM ---------- Previous post was at 04:25 PM ----------




Gunhot15 said:


> I have the vpp8 version of the phone I have the vpp2 software downloaded can u guy send me a email of steps my email is [email protected]

Click to collapse



I'm sorry but Team_Astr4y4L no longer supports the old method of downgrading to PP2 To accomplish root..
If you want a fool-proof way to fix your boot-loops , and add stable root to your device...
However you can pm me and we can, for a reasonable donation to pay for my time and efforts in this endeavor,  Pretty much guarantee that your device will be rooted and no bootloops with all functions of your phone working flawlessly .

OR if your after Root,
But you Like to do things the hard way....

start at post #1
of this thread, and read through it's all there ...
but unless @MotoJunkie01 has uploaded my original Zone3 Root-kit to his G-Drive you'll most likely have to figure out how to extract the relevant partitions from stock .kdz firmware and then manually modify those to be .img files instead of Sparse-Chunk files (which MUST be done from a real Linux install-- virtual-box vm's don't cut it...)  and then find a way  place those on the device and then replace the relevant partitions with those created .img files 
we used an app to write to the partitions because for some reason it worked when dd gave us a lot of problems.....

But Honestly It will take you DAYS of prep work just to try it.
and you'll probably succeed in DESTROYING your phone.
I KILLED A BOX OF PHONES ON THIS !!!!

###########----As for just fixing your bootloops...----------#######################

STEP 1:  go download VS425PP8.kdz
STEP 2: Flash the file using LGuP and choose Refurbish option...
STEP 3: Reboot and your back to stock :good:
IF BY CHANCE LGUP DOESN'T RECOGNIZE YOUR PHONE USE GOOGLE AND SEARCH
LG-FLASHTOOL + MOD +  MEGALOCK.DLL
and follow the guides for a G2 or G3.. that works the same for the zone3...
and flash the correct firmware to your phone ! 

Hope this Helps,
Astr4y4L


----------



## Gunhot15 (Oct 9, 2017)

*Yea root*



Astr4y4L said:


> Well it sounds as if you've used the (UMMM.....Stock) version of LgUp  and tried to flash that .kdz file using the usual refurbish, or upgrade options... problem with that is Lgup when used that way will throw an exception if you try to use a .kdz from a much earlier release... or if you try useing a .kdz intended for a different Vendor even though it is the same Hardware (platform)
> the solution for this is either donate and grab my Lgup mod's that unlock (other-than-Stock) options in LgUp.
> or Do a whole bunch of research and Go Mod Your Lgup install yourself...
> 
> ...

Click to collapse



I will pay $50 next week for your help with this we can do it then thanks allot for the response


----------



## Chekm8Qc (Oct 10, 2017)

@Astr4y4L

Thanks for the quick response and so detailed hehe. So to start .. I hate option #2 lol. I really don't have the time to start doing a bunch of research for LG UP .. I have two kids and my wife hates when I'm pinned in front of the the computer for hours haha.

What your saying is pretty encouraging, that probably means that the other firmware I have is good after all and would probably work on my k121. If it doesn't .. I just have to flash the current kdz that Im on right now.

I will look into donating, I think it's worth a try.


----------



## Astr4y4L (Oct 10, 2017)

*Awesome*



Gunhot15 said:


> I will pay $50 next week for your help with this we can do it then thanks allot for the response

Click to collapse



Sounds great. Just Pm me when your ready.
I'll connect you to my server, give you my phone number to call me and we will go through it together step by step.
When we are finished you'll have root.
And you're going to be able to repeat the process as needed to root  as many Zone3's as you like!

Welcome to the rooted club, Lol 

---------- Post added at 06:49 PM ---------- Previous post was at 06:35 PM ----------




Chekm8Qc said:


> @Astr4y4L
> 
> Thanks for the quick response and so detailed hehe. So to start .. I hate option #2 lol. I really don't have the time to start doing a bunch of research for LG UP .. I have two kids and my wife hates when I'm pinned in front of the the computer for hours haha.
> 
> ...

Click to collapse



Sounds great. Let us know when your ready to try it.
I would like to try to flash ONLY your system partition,
Firstly because that's where we did the root modifications, 
And secondly because that way we can be sure that we get back into download mode if anything go's wrong.

Since you're willing to give this a shot, and since its untested on K4.
I'm willing to cut you a break on the donating, 
Meaning,  if we do this and it works, then you donate because your happy that it worked.
But if it doesn't,  then I help you back to stock and I go back to my server to make changes so we can try again. 
Like Ive stated previously,  I won't stop trying to port this method to every LG device We can find.
It's so freakishly easy once I get it to work the first time with a device. 

Astr4y4L


----------



## Chekm8Qc (Oct 10, 2017)

@Astr4y4L 

Something scares me though .. You said your test device wad an 8gb k4 ? Mine is 4gb, maybe the rest of the specs are the same though ( msm8909 quad snapdragon)  Are these details important ?

Oh and if it bricks .. what kind of brick are we talking about.? Will LGUP still be able to flash my stock kdz ?


----------



## Astr4y4L (Oct 10, 2017)

Chekm8Qc said:


> @Astr4y4L
> 
> Something scares me though .. You said your test device wad an 8gb k4 ? Mine is 4gb, maybe the rest of the specs are the same though ( msm8909 quad snapdragon)  Are these details important ?
> 
> Oh and if it bricks .. what kind of brick are we talking about.? Will LGUP still be able to flash my stock kdz ?

Click to collapse




Well , firstly I truly believe your mistaken about your device, as far as being 4gb....
I truly believe that what you mean is YOU have "about" 4gb of space in your ROM and what that in turn means is that you've got the 8gb version of the K4.
because the system +boot+ modem,etc adds up to roughly 4 gb and the userdata + grow partitions make up the rest of the 8gb...
basically everyone with a stock Lg phone regardless of make & model , unless of course you buy the flagship version has roughly an 8gb ROM and you have half of that space to use for your apps and pictures,music,files,etc.

AND The fact that your on 
K12110f_00_0912.kdz   Firmware , Correct ?
Means for sure that you have the 8gb ROM.

Now about the bricking ,
We will not touch your Boot partitions nor your Laf partitions only your System partition.
That means you should have no issues getting back to Download Mode By the normal method (volume-up + plug-in usb) as that is controlled by Aboot + Boot + Laf partitions in that order...

So if we fail the first time, we should have no issues going stock again to be able to come back and try again 
So No Worries :good:


----------



## XeeheroX (Oct 10, 2017)

Hello @Astr4y4L .
I've received an LG Zone3 425pp6 ..
I had to unlock it so i might be able to use it in Egypt. I didn't have any possible way to pay for the unlocking cause online payments in Egypt were blocked long ago ..i asked a friend in the US to get the unlock code for me .. And once i used the unlock code the phone got actually unlocked ... But with no services .. I made some search that took me to multible threads here .. As i just want to get a signal for the phone to be able to use it for GSM/3G networks in Egypt .. 

I have the PP6 .. I don't know where to start
I've downloaded the PP2 kdz . i have no idea how to get it flashed .
 I've tried .. LGUP .. Only to get the message of Unknown model .

I also tried VZW UTILITY ... and it's not even starting as it gives a message that says no internet connection .. While my connection is fine ..

I even tried the LG FLASHTOOL .. but i don't know how or where to get the .dll file that suits the PP2 

Please help i just urgently need a working phone before the 12th of october ..
 Thanks in advance guys .. I've read almost everything on this thread and i can see the effort and how long it took you to get this done ..


----------



## Cubcadetlover (Oct 10, 2017)

Astr4y4L said:


> I'm wondering exactly what you mean are your batteries not lasting very long?
> Or are the batteries lasting a good amount of time?
> 
> Astr4y4L

Click to collapse



When I say bloat, the batteries physically expand. They actually push into the LCD display and cause bad spots on the display. I could care less other than if the battery stops working and I need to replace it. Cuts into the earnings. 

The issue occurs for me after about 1 year of use. For me they are constantly plugged into the USB chargers. I’ve read it happens whether you periodically discharge them or not.


----------



## Astr4y4L (Oct 10, 2017)

*Hmmmm*



XeeheroX said:


> Hello @Astr4y4L .
> I've received an LG Zone3 425pp6 ..
> I had to unlock it so i might be able to use it in Egypt. I didn't have any possible way to pay for the unlocking cause online payments in Egypt were blocked long ago ..i asked a friend in the US to get the unlock code for me .. And once i used the unlock code the phone got actually unlocked ... But with no services .. I made some search that took me to multible threads here .. As i just want to get a signal for the phone to be able to use it for GSM/3G networks in Egypt ..
> 
> ...

Click to collapse



So are you Bricked or trying to Root ?
If your bricked and the device still go's to download mode I can probably get you back to stock.. I gots an ace in the  Hole as they say.
But if your looking for root we can do that too.
I don't however know if you will loose whatever your friend has had done to the device.
I'd love to do a full dump of the device first if we can get lgup to see it.
But today was the 9th and you need a phone by the 12 just don't know if we can get it done in that time frame.
And if you go stock again it may not work on your network. ..
Are they using Verizon towers in Egypt?

---------- Post added at 09:11 PM ---------- Previous post was at 08:56 PM ----------

Oh thanks so much for clearing that up !
I was actually worried my mods were draining your battery or some crazy thing....



Cubcadetlover said:


> When I say bloat, the batteries physically expand. They actually push into the LCD display and cause bad spots on the display. I could care less other than if the battery stops working and I need to replace it. Cuts into the earnings.
> 
> The issue occurs for me after about 1 year of use. For me they are constantly plugged into the USB chargers. I’ve read it happens whether you periodically discharge them or not.

Click to collapse



I imagine what is occurring is the battery is expanding because the lithium gets HOT after a lot of use..
Its to be expected if you run them continuously 
That the base metals that make up the lithium ion battery 
Will expand with heat and contract with cold,
And the lithium will decay at a certain rate(talking nuclear physics) causing the release of gas which will intern cause the casing of the  battery to warp.

I was scared you meant the battery was dyeing extremely fast or something and that would indicate a problem in your ROM. 

Boy in glad you chimed in to clear that up !
Hey don't worry though,
Team_Astr4y4L will always have your back!


----------



## Chekm8Qc (Oct 10, 2017)

Astr4y4L said:


> Well , firstly I truly believe your mistaken about your device, as far as being 4gb....
> I truly believe that what you mean is YOU have "about" 4gb of space in your ROM and what that in turn means is that you've got the 8gb version of the K4.
> because the system +boot+ modem,etc adds up to roughly 4 gb and the userdata + grow partitions make up the rest of the 8gb...
> basically everyone with a stock Lg phone regardless of make & model , unless of course you buy the flagship version has roughly an 8gb ROM and you have half of that space to use for your apps and pictures,music,files,etc.
> ...

Click to collapse



Omg I'm such a noob lol.. Okay so that sounds not too risky  I would definitely be willing to try that system img if it means getting that darn device rooted eventually hehe.

Would u be interested in the K12110c_00_0224.kdz at all ? Thought maybe that one would be usefull since it's an earlier version .. and I think it's" rootable" cause I read that some k121 owners were able to root via Kingroot before they updated. I noticed that this "C" version isn't on any firmware websites anymore but I still have it on my pc.


----------



## XeeheroX (Oct 10, 2017)

Thanks @Astr4y4L for replying

i didn't try anything  yet  it still untouched with PP6








and as far as i know if the phone can get GSM activated and work on AT&T networks ,that also will work on all Egypt's GSM/3G Networks,  which i think it can be done if i can root it..


----------



## Astr4y4L (Oct 10, 2017)

XeeheroX said:


> Thanks @Astr4y4L for replying
> 
> i didn't try anything  yet  it still untouched with PP6
> 
> ...

Click to collapse



Brother if root is what you need we can arrange that in a matter of 30 minutes

---------- Post added at 02:55 PM ---------- Previous post was at 02:53 PM ----------




Chekm8Qc said:


> Omg I'm such a noob lol.. Okay so that sounds not too risky  I would definitely be willing to try that system img if it means getting that darn device rooted eventually hehe.
> 
> Would u be interested in the K12110c_00_0224.kdz at all ? Thought maybe that one would be usefull since it's an earlier version .. and I think it's" rootable" cause I read that some k121 owners were able to root via Kingroot before they updated. I noticed that this "C" version isn't on any firmware websites anymore but I still have it on my pc.

Click to collapse



YESSSSS!!!!!

upload that sucka somewhere that I can use wget or Curl to grab it PLZ!


----------



## Astr4y4L (Oct 11, 2017)

UPDATE : FRANKIN_MOD_PROJECT

we are very close to being able to turn zone3's into Canadian K4's
I have a zone3 now running K4 firmware and tested with Cricket Sim card.
Working:
mostly everything,
wifi, LTE-Data, Text-messaging , Apps.

NOT-WORKING:
voice telephone-calls

I believe the issue with voice telephone calls is that it's still trying to route Voice over CDMA-EVDO Network and the Cricket/At&t Network is LTE/GSM
I truly believe with a bit more time I will most likely be able to tweak some build.props to tell it to default to LTE/GSM instead of the other  and then technically speaking I will Have GSM-UNLOCKED it....

So what do ya' think guys?
IS this worth pursuing ?
Has ANYONE ever heard of anything like this before?

I personally am ecstatic because if I get Voice working (with-out having to use hangouts-dialer) I will not have to be stuck with Verizon and the supper shi*ty Data throttling BS
also If I can further this to work with T-Mobile towers 
I can run the sim from my free-Obama-phone in it and pay exactly $1.00 for a year of service !!!
       

IF anyone with actual android knowledge has any tips tricks or advise that I should be aware of concerning 
the Voice-Service
Please share !

Thanks,
Astr4y4L


----------



## XeeheroX (Oct 11, 2017)

@Astr4y4L
thanks a lot where do i start .. if i have to downgrade to PP2 from PP6 , i wold have to get LGUP to recognize my device





and if i dont need to flash an older PP2 then where do i start?


----------



## Astr4y4L (Oct 11, 2017)

XeeheroX said:


> @Astr4y4L
> thanks a lot where do i start .. if i have to downgrade to PP2 from PP6 , i wold have to get LGUP to recognize my device
> 
> 
> ...

Click to collapse



Ok buddy I'm going to get you to stock (no-root) but recognized in lgup 
I will Pm you a link and after you download that pm me back...
after we get you recognized in lgup it's no prob to get you rooted.


----------



## Cubcadetlover (Oct 11, 2017)

XeeheroX said:


> @Astr4y4L
> thanks a lot where do i start .. if i have to downgrade to PP2 from PP6 , i wold have to get LGUP to recognize my device
> 
> 
> ...

Click to collapse




I've seen that a few times... In most instances, just close LGUP and unplug the USB... Replug and its happy. 

Did you install the LG MTP drivers in Windows?


----------



## Astr4y4L (Oct 11, 2017)

*True*



Cubcadetlover said:


> I've seen that a few times... In most instances, just close LGUP and unplug the USB... Replug and its happy.
> 
> Did you install the LG MTP drivers in Windows?

Click to collapse



Very true . Sometimes. ...
Iv even been able to trick it by connecting one phone getting lgup ready.
Then quickly replacing the good phone with the bad one....
But sometimes that doesn't work.

In cases where those dont work i have another method
That involves my hacked version of 
Lg_flashtool_2014
And after that lgup works every time 
I sent him a link. If i can help him get stock and working with lgup im hoping that he will donate for the full root access. 

Hey did u catch the news on frankin_mod?
A freekin zone 3 running as K4.
Im posting from it now.
Im freaking blown away !!!
Can call over ip. Hangouts etc.
But haven't gotten around to fixing voice over lte yet.
Its pretty kool though ?


----------



## Astr4y4L (Oct 11, 2017)

XeeheroX said:


> i wold have to get LGUP to recognize my device
> 
> 
> 
> ...

Click to collapse



Well Brother I've sent you the link for my special tool that should get you where you need to be to root....
I have not had a reply from you so I can not Promise I'll be available later as I am working on some remote things down at Belize.

so if you seriously want my help plz respond soon...


----------



## Heimish (Oct 11, 2017)

Just finished the downgrade now gonna root it soon. BTW when you start up the device you don't need to go through the setup, there's a shortcut to skip the setup, just press up down and back and it will skip the setup.


----------



## XeeheroX (Oct 12, 2017)

Astr4y4L said:


> Well Brother I've sent you the link for my special tool that should get you where you need to be to root....
> I have not had a reply from you so I can not Promise I'll be available later as I am working on some remote things down at Belize.
> 
> so if you seriously want my help plz respond soon...

Click to collapse



I am sorry it took me forever to download the link .. now i have it and i am ready to get this done ... thanks man
!

---------- Post added at 12:32 AM ---------- Previous post was at 12:22 AM ----------




Cubcadetlover said:


> I've seen that a few times... In most instances, just close LGUP and unplug the USB... Replug and its happy.
> 
> Did you install the LG MTP drivers in Windows?

Click to collapse



I've tried everything to get it to work ,, thanks for the advice 
it's getting frustrating i already have a useless StraitTalk LG L33L locked by Tracphone that's not eligible to get unlocked and it only works on wifi

---------- Post added at 12:32 AM ---------- Previous post was at 12:32 AM ----------




Cubcadetlover said:


> I've seen that a few times... In most instances, just close LGUP and unplug the USB... Replug and its happy.
> 
> Did you install the LG MTP drivers in Windows?

Click to collapse



I've tried everything to get it to work ,, thanks for the advice 
it's getting frustrating i already have a useless StraitTalk LG L33L locked by Tracphone that's not eligible to get unlocked and it only works on wifi


----------



## Astr4y4L (Oct 12, 2017)

*Hello my time is limited*

Hello if your there respond please,
thanks 
Astr4y4L

---------- Post added at 09:56 PM ---------- Previous post was at 09:28 PM ----------




xeeherox said:


> i am sorry it took me forever to download the link .. Now i have it and i am ready to get this done ... Thanks man

Click to collapse



well it'll have to be later now...
Im out of time tonight.
Sry

---------- Post added at 10:45 PM ---------- Previous post was at 09:56 PM ----------




Heimish said:


> Just finished the downgrade now gonna root it soon. BTW when you start up the device you don't need to go through the setup, there's a shortcut to skip the setup, just press up down and back and it will skip the setup.

Click to collapse



Right so how are you going to root ?

and what are you going to do to remedy the bootloop issues associated with downgradeing?

with my new Donate-Only Root method you don't even have to fool with downgrading...


----------



## Heimish (Oct 13, 2017)

Astr4y4L said:


> Right so how are you going to root ?
> 
> and what are you going to do to remedy the bootloop issues associated with downgradeing?
> 
> with my new Donate-Only Root method you don't even have to fool with downgrading...

Click to collapse



Just sent donation. Weird thing is, I tried it on a second phone and the LCD stops working (white screen) on PP2, but when I go back to PP7 it's working again.


----------



## Heimish (Oct 13, 2017)

Astr4y4L said:


> UPDATE : FRANKIN_MOD_PROJECT
> 
> 
> IF anyone with actual android knowledge has any tips tricks or advise that I should be aware of concerning
> ...

Click to collapse




Did you try changing this setting?


----------



## Astr4y4L (Oct 13, 2017)

*Problem with old method.*



Heimish said:


> Just sent donation. Weird thing is, I tried it on a second phone and the LCD stops working (white screen) on PP2, but when I go back to PP7 it's working again.

Click to collapse



Brother we got your donation and will ba available to assist in  a bit.
But that was a common problem with the old method.
So flash fresh to PP7 
And i will send you a link to download in a few.
We are going to bump u up to the new method. 
It usually cost $20 but im going to believe if we help u u will surely be happy and donate the other $10 afterward.

---------- Post added at 12:30 PM ---------- Previous post was at 11:30 AM ----------




Heimish said:


> Did you try changing this setting?

Click to collapse



yes tried it. and that stuff helped connect to the networks, the problem is I've got to modify some things in Framework to get it set right...
also edit APNS.xml and some other small changes...
I'll figure it out eventually just takes time...


----------



## Chekm8Qc (Oct 13, 2017)

@Astr4y4L 

ok so holy crap your k4 image worked !  umm so for testing .. what would you like to know ? 
First of all I "dirty flashed" it and I didn't lose any of my settings which is kinda awesome.

texting works ..voice calls .. what else ?!

I used app manager to remove disabled apps  with root access and that WORKED. Maybe some minor details... wallpaper doesn't appear on lock screen. After uninstalling apps and rebooted sometimes it hangs at "android is starting apps"


----------



## Astr4y4L (Oct 14, 2017)

Chekm8Qc said:


> @Astr4y4L
> 
> ok so holy crap your k4 image worked !  umm so for testing .. what would you like to know ?
> First of all I "dirty flashed" it and I didn't lose any of my settings which is kinda awesome.
> ...

Click to collapse



DID YOU DOUBT US TWAAHAHAHA !!!

no but really I'm glad it went well.
if your super exited please donate 
Rent Mans on my A*ss

Astr4y4L
Thanks for Chooseing Team_Astr4y4L for your K4 root needs


---------- Post added at 06:52 PM ---------- Previous post was at 06:50 PM ----------




Chekm8Qc said:


> @Astr4y4L
> texting works ..voice calls .. what else ?!
> "

Click to collapse



Can you please tell us exactly what network and what region your in?
also did you adjust any APN settings etc?

---------- Post added at 06:58 PM ---------- Previous post was at 06:52 PM ----------




Heimish said:


> HOW TO PROCEEDE?

Click to collapse



steps to root the easy way,
STEP 1:
unzip everything , make sure you followed instructions to Mod out LGUP

step 2:
choose the system.img file from the zip
and flash it with lgup 
pick the Partitions dl option in lgup

allow time to flash 
on reboot pull battery reboot to recovery...
and do factory reset.
PROFIT.
your device has now been rooted.
if your satisfied with your rooted device please remember to donate.
Thanks
Astr4y4L
Team_Astr4y4L


----------



## Chekm8Qc (Oct 14, 2017)

@Astr4y4L 

I'm with Videotron Quebec, Canada. I didn't adjust anything.

Just noticed flash and camera don't work..is it because I didn't factory reset ?

update: after reset still no camera and flash. This is interesting though.. I have a software update ready to install  The 10c ..not the latest 10f. Should I try it ? I have a feeling that this one is still "rootable"


----------



## Chekm8Qc (Oct 14, 2017)

@Astr4y4L

bah tried the update lol didn't let me go through with it because of root  right now I'm stuck with no camera :\


----------



## Astr4y4L (Oct 14, 2017)

Chekm8Qc said:


> @Astr4y4L
> 
> bah tried the update lol didn't let me go through with it because of root  right now I'm stuck with no camera :\

Click to collapse



Maby side-load adifferent camera app?
you are rooted after all...
don't have an actual K4 to mess with wish I did.  !

Next I'm going after the older version of the Lg Rebel


----------



## Chekm8Qc (Oct 14, 2017)

yeah maybe .. Just installing another camera app doesn't work. I'm back to stock for now. 

What would probably fix everything is to have that same system image you sent me but unrooted. That would probably allow me to go through the 10c OTA update. Afterwards depending of that update..I may be able to install root myself.


----------



## Astr4y4L (Oct 14, 2017)

*WOWZERZ !!!*



Chekm8Qc said:


> yeah maybe .. Just installing another camera app doesn't work. I'm back to stock for now.
> 
> What would probably fix everything is to have that same system image you sent me but unrooted. That would probably allow me to go through the 10c OTA update. Afterwards depending of that update..I may be able to install root myself.

Click to collapse



Nobody's ever asked me to unroot....
should be simple though...
and then you could update to the c version of software....?
and re-root?


----------



## Chekm8Qc (Oct 14, 2017)

@Astr4y4L

Yeah reroot but not necessarily with rooted img method. Depending if the C update is rootable .. It's kind of a guess. I'm confident that the ota would fix the camera though.
I tried updating with Lg Bridge from your system.img but the updater would have sent me back directly to 10F.

Unless your able to use that 10C firmware I sent u to create a rooted system img lol but damn I would be asking a lot.


----------



## Astr4y4L (Oct 14, 2017)

*Kingroot = camera exploit*



Chekm8Qc said:


> yeah maybe .. Just installing another camera app doesn't work. I'm back to stock for now.
> 
> What would probably fix everything is to have that same system image you sent me but unrooted. That would probably allow me to go through the 10c OTA update. Afterwards depending of that update..I may be able to install root myself.

Click to collapse



I do believe unless I am mistaken that Kingroot exploited a bug in either media stagefright.
Or 
Camera....
Many u try and let us know if camera works before and after rooting the OTA.
Also what's to stop
Fota from downloading all the data to update clear up to newest versions. ..
Hmmm...
Worth a try I guess.


----------



## Chekm8Qc (Oct 14, 2017)

@Astr4y4L 

Right now I'm on 10F though  and Kingroot doesn't work I tried many times hehe. Like I said to update to 10C with ota I would need to be on your  10b but without root for it to pass. 

So once on 10C my plan was to try Kingroot like u said, or there are other ways using download mode with sendcommand.exe (which didn't work on 10F)


----------



## Astr4y4L (Oct 14, 2017)

@Motojunkie01
have you by change got the firmware for the lg rebel 
*LG REBEL™ LTE (L44VL)*

                                                                  I can not seem to locate that.

---------- Post added at 12:00 PM ---------- Previous post was at 11:54 AM ----------




Chekm8Qc said:


> @Astr4y4L
> 
> So once on 10C my plan was to try Kingroot like u said, or there are other ways using download mode with sendcommand.exe (which didn't work on 10F)

Click to collapse



download mode with sendcommand.exe 
was'n't aware of that one...
but kingroot will probably break your camera again...
i'm going to flip a zone3 over to K4 later this evening and i'll play with the camera and let u know what i find.

is it possible your download got corrupted?

let me see if i can get camera on one on my end...
i never really checked camera... was chaseing the GSM- dream Lol


----------



## Chekm8Qc (Oct 14, 2017)

@Astr4y4L 

hm I'm pretty sure the download went good ...didn't take long either at 4mb/s


----------



## Astr4y4L (Oct 14, 2017)

Chekm8Qc said:


> @Astr4y4L
> 
> hm I'm pretty sure the download went good ...didn't take long either at 4mb/s

Click to collapse



Bout ta flash over to the kkgimage and see if its hard to unroot


----------



## Chekm8Qc (Oct 14, 2017)

Astr4y4L said:


> Bout ta flash over to the kkgimage and see if its hard to unroot

Click to collapse



I'm sure you know this but simply uninstalling supersu isn't enough I tried. LG has a root checker built in or something, once rooted it stays identified as root.


----------



## Astr4y4L (Oct 14, 2017)

Right 
Ill unroot.
Dump the system partition .
Mount it in linux and replace both the RCT binary and rct log.
No big deal.
Then flash it back and should be unrooted
And pass that check too.


----------



## Astr4y4L (Oct 14, 2017)

@Chekm8Qc 

Have you tried this , i'm still in the process of locating the stupid RCT binary again but this may work for you on your end...
worth a try
found it in another thread....




Vagelis1608 said:


> *This can be done on any LG device that has RCT in it **
> 
> You can't use FOTA updates because your /system  partition has been modified. You will need to flash a KDZ of your device  to restore the unmodified state.
> 
> ...

Click to collapse


----------



## Chekm8Qc (Oct 14, 2017)

@Astr4y4L

damn that's interesting  Things might have changed since 4.4.2 KK though. I will give this a try .. going to flash the rooted system img to start with. I will tell u about it as soon as I can


----------



## Astr4y4L (Oct 14, 2017)

@Chekm8Qc
the other thing you can do is first flash the stock .kdz from the F-version of the firmware 
and then 
flash the unrooted B-version of the system.img
reboot and done..
but do adb-backup first...
I'll have you a link to the unrooted system.img soon as done uploading.
that's the only sure method I know...


----------



## Chekm8Qc (Oct 14, 2017)

Astr4y4L said:


> @Chekm8Qc
> the other thing you can do is first flash the stock .kdz from the F-version of the firmware
> and then
> flash the unrooted B-version of the system.img
> ...

Click to collapse



That would be great hehe


----------



## Astr4y4L (Oct 14, 2017)

Chekm8Qc said:


> That would be great hehe

Click to collapse



So It's uploading steadily with Rsync over cable connection to sat-link,
should take a hour or two maby 3 but connection is very stable...
slow but steady...
I get like 12Mbps Down
1.2Mbps Up
So yea !:good:
but I'll send ya the link soon as it completes sync....
wouldn't want ya to get a partial and end up stuck with the brick ...


----------



## Chekm8Qc (Oct 14, 2017)

@Astr4y4L 

ok cool tyvm, I'm confident this will work. Like u once said, theres not much risk of a brick if it's just system img..I have my 10f kdz ready to fix whatever happens.


----------



## Heimish (Oct 15, 2017)

Can't you just flash original firmware and download and capture the update zip file?


----------



## Astr4y4L (Oct 15, 2017)

Heimish said:


> Can't you just flash original firmware and download and capture the update zip file?

Click to collapse



Yes but with out flashing the 121B the best kdz we got on k4 is 121F which is unrootable...
however if you flash a kdz you replace the RCT in the process.
then flash the unrooted .img and ota should work....


----------



## Astr4y4L (Oct 15, 2017)

Chekm8Qc said:


> @Astr4y4L
> 
> ok cool tyvm, I'm confident this will work. Like u once said, theres not much risk of a brick if it's just system img..I have my 10f kdz ready to fix whatever happens.

Click to collapse



Hey in the mean time can you confirm if this works for you:
first while on stock unrooted good RCT
please connect to PC and issue 
adb pull "/persist/rct"
adb pull "/persist/rct.cfg"

and save those for a bit.
flash to the rooted system.
firstly download Rom tool box from playstore
next place those rct files we pulled from stock above in your sdcard 
(just get them back on the device)
use rom too;box to replace the files in 
/persist
and then full unroot from superuser app.
when it reboots it should catch the files you replaced that hven't been tripped.
and since you unroot from superuser it should go fine.
IMPORTANT ALSO REMOVE BUSYBOX BEFORE UNROOTING.


----------



## Chekm8Qc (Oct 15, 2017)

how do we remove busybox ?
I like the idea of pulling the files though hehe.

---------- Post added at 04:25 PM ---------- Previous post was at 04:11 PM ----------

@Astr4y4L 

so adb pull didn't work... gives me persist/rct does not exist.


----------



## Astr4y4L (Oct 15, 2017)

Chekm8Qc said:


> how do we remove busybox ?
> I like the idea of pulling the files though hehe.
> 
> ---------- Post added at 04:25 PM ---------- Previous post was at 04:11 PM ----------
> ...

Click to collapse



Hmmm...

oh well was worth a try,
shouldn't matter 

and remember the steps 
first using partitions dl flash .kdz  selecta all flash

then flash the unrooted UNZIPPED system.img
reboot should be good.
let me know

---------- Post added at 10:48 AM ---------- Previous post was at 10:37 AM ----------




chekm8qc said:


> how do we remove busybox ?
> I like the idea of pulling the files though hehe.
> 
> ---------- post added at 04:25 pm ---------- previous post was at 04:11 pm ----------
> ...

Click to collapse



edit 
don't worry about busy box if youre flashing unrooted just flash kdz, flash unrooted system,
factory-reset to get the arm to odex,
roboot call it good...


----------



## Chekm8Qc (Oct 15, 2017)

yep will try thx  
I might try to pull those files again once on B ..might work.


----------



## Astr4y4L (Oct 15, 2017)

chekm8qc said:


> yep will try thx
> i might try to pull those files again once on b ..might work.

Click to collapse



yea it wouldn't do any good on pulling those from b, they would have been tripped if it was rooted.
Without root it's not going to show them...
I am going to find where they are in the rom eventually  and make something kool to bypass rct for ota's in the future...

Just cause lg sucks for adding another layer of bs to our stuff.

Yep just flash all in lgup partitions dl then flash unrooted after booting once from stock and it should clear up if not im gonna throw a phone at the wall...
Lol


----------



## Chekm8Qc (Oct 15, 2017)

@Astr4y4L

damn I was sure it would work .. somehow detects .sh

Did everything like I was supposed to .. flashed unrooted image and factory reset. To start with I was on 121F official unrooted. I don't know what's wrong  I didn't try the ota cause Im pretty sure it won't go.

I read somewhere that newer phones have RCT embedded inside boot.img


----------



## Astr4y4L (Oct 15, 2017)

Chekm8Qc said:


> @Astr4y4L
> 
> damn I was sure it would work .. somehow detects .sh
> 
> ...

Click to collapse



OH WOW THAT'S FUKIN AWESOME LOL

Ok I know exactly what and where that is...

so no problem I'll get you fixed up later today and hopefully then all will be well

---------- Post added at 12:18 PM ---------- Previous post was at 12:11 PM ----------




Chekm8Qc said:


> @Astr4y4L
> 
> damn I was sure it would work .. somehow detects .sh
> 
> ...

Click to collapse



working on it now...


----------



## Chekm8Qc (Oct 15, 2017)

@Astr4y4L 

man I hope the C firmware really is rootable lol .. If it works first thing Ill do is dump the system img of 121c with partition DL to finally have a stock C.


----------



## Astr4y4L (Oct 15, 2017)

Chekm8Qc said:


> @Astr4y4L
> 
> man I hope the C firmware really is rootable lol .. If it works first thing Ill do is dump the system img of 121c with partition DL to finally have a stock C.

Click to collapse



absolutely and then upload to googledrive and link me in Bro

just sent new link for system.img unrooted 
deleted
/system/bin/.sh

---------- Post added at 12:48 PM ---------- Previous post was at 12:34 PM ----------




Chekm8Qc said:


> @Astr4y4L
> 
> man I hope the C firmware really is rootable lol .. If it works first thing Ill do is dump the system img of 121c with partition DL to finally have a stock C.

Click to collapse



another idea if new system.img gives error...

use rooted img
let it download the update.
go to adb shell

su
cd /cache/fota
ls
THIS SHOWS THE DOWNLOADED PACKAGE.ZIP FILE FROM OTA

dd if=/cache/fota/(NAME-OF-ZIP) of=/sdcard/update.zip

THIS SHOULD COPY THE UPDATE TO YOUR INTERNAL SDCARD AND RENAMED IT TO UPDATE.ZIP

exit
exit
NOW BACK TO WINDOWS COMMANDPROMPT
adb pull "/sdcard/update.zip"

THIS PULL UPDATE TO FOLDER YOUR WORKING CMD-PROMPT OUT OF....

NOW FLASH WITH LGUP USING FOTA UPDATE OPTION AFTER FLASHING .KDZ FIRST USING PARTITIONS DL OPTION TO ENSURE STOCK...

THAT HAS TO FREEKIN WORK
LOL


----------



## Chekm8Qc (Oct 15, 2017)

Astr4y4L said:


> absolutely and then upload to googledrive and link me in Bro
> 
> just sent new link for system.img unrooted
> deleted
> ...

Click to collapse



wow good idea man hehe 
I'm at Walmart supposed to do the groceries but you got me obsessed with XDA lol


----------



## Chekm8Qc (Oct 15, 2017)

@Astr4y4L

ok so the new img still detects .sh

Going to try the rooted method.

update: so the rooted method.
When I type ls under cache/fota I get only a small 400bytes file called usd.dat.
I did transfer it to sdcard but I doubt this will do any good, when downloading ota it was 30mb.

damn I think I found it .. it was in data/fota named dlpkgfile
I now have a 30 mb update.zip on the root of my sdcard.


----------



## Astr4y4L (Oct 15, 2017)

Chekm8Qc said:


> @Astr4y4L
> 
> ok so the new img still detects .sh
> 
> Going to try the rooted method.

Click to collapse



goodluck

---------- Post added at 02:51 PM ---------- Previous post was at 02:46 PM ----------




Chekm8Qc said:


> @Astr4y4L
> 
> ok so the new img still detects .sh
> 
> Going to try the rooted method.

Click to collapse



later when I have more time I will manually get that sucker....
unless this works, then you can save lots of time later by dumping as you suggested.

---->RESERVED


----------



## Chekm8Qc (Oct 15, 2017)

Astr4y4L said:


> goodluck
> 
> ---------- Post added at 02:51 PM ---------- Previous post was at 02:46 PM ----------
> 
> ...

Click to collapse



new edit up there


----------



## Astr4y4L (Oct 15, 2017)

Chekm8Qc said:


> @Astr4y4L
> 
> ok so the new img still detects .sh
> 
> ...

Click to collapse



thats it 
congrats man u got that sukka!!!
flash it using FOTA in lgup...
after flashing 
F.kdz


----------



## Chekm8Qc (Oct 15, 2017)

@Astr4y4L

I tried flashing the update package but got an error.  The green android appeared with the text "error". That was when LGUP showed "launching fota updater" or something similar. Why couldn't it be simple lol..

Right but I forgot to go back to 10F before doing that .. Dummy. Was it really important? Cause that would be a downgrade .. Trying it now.


----------



## Astr4y4L (Oct 15, 2017)

Chekm8Qc said:


> @Astr4y4L
> 
> I tried flashing the update package but got an error.  The green android appeared with the text "error". That was when LGUP showed "launching fota updater" or something similar. Why couldn't it be simple lol..
> 
> Right but I forgot to go back to 10F before doing that .. Dummy. Was it really important? Cause that would be a downgrade .. Trying it now.

Click to collapse



I'll say.
gotta be stock to update...

but maby it'll let you do it after flashing .kdz...
kdz flash resets EVERYTHING including stupid rct


----------



## Chekm8Qc (Oct 15, 2017)

Astr4y4L said:


> I'll say.
> gotta be stock to update...
> 
> but maby it'll let you do it after flashing .kdz...
> kdz flash resets EVERYTHING including stupid rct

Click to collapse



yeah so even at 10F it gives me an error. Then I noticed that when u chose the ota file in LGUP there are 3 possible file extensions. (.up .upc and .zip) when I tried renaming update.zip to .up the fota launcher actually launched ( with an error still ) but it's interesting. When the fota launcher appears I noticed there was another file created in the same folder as the ota.. called DataFile.up and 0 bytes. Maybe that other file  in cache/fota (usd.dat) was useful after all? Maybe it uses both files to start the flashing process. This is complicated lol Im not even sure if Im making sense   I also tried .upc and then the file created was DataFile.dat (still blank 0bytes) I believe.. not sure about the name this time but it was definitely a .dat. like the one in cache/fota.


----------



## Astr4y4L (Oct 16, 2017)

no your making perfect sense.
try to catch both and put them over there...


----------



## Chekm8Qc (Oct 16, 2017)

Astr4y4L said:


> no your making perfect sense.
> try to catch both and put them over there...

Click to collapse



ok so I went back to rooted too pull both files, it's a little late to go back to 10F to retry the fota upgrade tonight hehe. I did try it while on the rooted firmware but no go. The fota launcher still creates the Datafile.up and overwrites mine.


----------



## peterparkers (Oct 16, 2017)

*Metalchic;69999*

It did not works properly


----------



## Astr4y4L (Oct 16, 2017)

peterparkers said:


> It did not works properly

Click to collapse



Can I ask what didn't work properly?

---------- Post added at 08:42 AM ---------- Previous post was at 08:17 AM ----------

Obviously for any of theses methods to work you have to follow instructions.

It's amazing how people don't follow instructions and come say " oh it don't work"
everything "works" if you follow instructions.


----------



## Astr4y4L (Oct 16, 2017)

God I hate windows,  reinstalling completely my win OS.
Clicked on a. Stupid link to download LG octoplus 
Fukin Crackers Phishers SuK


----------



## Astr4y4L (Oct 16, 2017)

well here we are back on winblows 7
decided against 10 this time.


----------



## Chekm8Qc (Oct 24, 2017)

@Astr4y4L 

dude .. out of NOWHERE. Tried Kingoroot and it worked ?? wth ?! Im pretty sure I had tried it in the past. This was version 4.3.2.
It even survived a reboot, uninstalled a system app also.
Yesterday I flashed 10c laf partition,boot,recovery from my 10c kdz.. You think that might have influenced Kingoroot to work ?


----------



## Astr4y4L (Oct 24, 2017)

*Device model/firmware version plz?*



Chekm8Qc said:


> @Astr4y4L
> 
> dude .. out of NOWHERE. Tried Kingoroot and it worked ?? wth ?! Im pretty sure I had tried it in the past. This was version 4.3.2.
> It even survived a reboot, uninstalled a system app also.

Click to collapse



That's great. What firmware version are you running?
And for clarification which version of device are you originally

K4 and the F version of software?


----------



## Chekm8Qc (Oct 24, 2017)

@Astr4y4L 
yes I have been on K4 stock 10F for a while  now (kinda gave up on the rooted system image for now lol)


----------



## Astr4y4L (Oct 24, 2017)

*So I just have to ask*



Chekm8Qc said:


> @Astr4y4L
> yes I have been on K4 stock 10F for a while  now (kinda gave up on the rooted system image for now lol)

Click to collapse



After rooting does the flashlight and camera work correctly?
And if so do u need help replacing kroot with superSU?


----------



## Chekm8Qc (Oct 24, 2017)

Astr4y4L said:


> After rooting does the flashlight and camera work correctly?
> And if so do u need help replacing kroot with superSU?

Click to collapse



yes camera works with flash hehe. I was just about to try this guide..
https://forum.xda-developers.com/an...g/replace-kingoroot-supersu-manually-t3573361 hope the simple way works for me 

Probably going to do a dump of this rooted system first.


----------



## Astr4y4L (Oct 24, 2017)

Chekm8Qc said:


> yes camera works with flash hehe. I was just about to try this guide..
> https://forum.xda-developers.com/an...g/replace-kingoroot-supersu-manually-t3573361 hope the simple way works for me

Click to collapse



Simple to me equals
Push folder (mrw)to tmp
Run a script
Update binary in SuperSU
Done


----------



## Chekm8Qc (Oct 24, 2017)

Astr4y4L said:


> Simple to me equals
> Push folder (mrw)to tmp
> Run a script
> Update binary in SuperSU
> Done

Click to collapse



damn too late  I had tried the first steps of this guide.  But when I launched Supersu it says SU binary occupied.


----------



## Astr4y4L (Oct 24, 2017)

*re-root with kingroot...*



Chekm8Qc said:


> damn too late  I had tried the first steps of this guide.  But when I launched Supersu it says SU binary occupied.

Click to collapse



re root with kingroot and I'm sending you the link to what i use for kingroot removal


----------



## Astr4y4L (Oct 25, 2017)

Ok Does anyone out there happen to have an Lg Spree from Cricket?
I really need the partitions info like where boot , system, and such are located.
I'm working on a mod to try to turn Zone3 into Cricket Spree.
@MotoJunkie01
Did you ever get anything going on the Rebel?


----------



## MotoJunkie01 (Oct 25, 2017)

Astr4y4L said:


> Ok Does anyone out there happen to have an Lg Spree from Cricket?
> I really need the partitions info like where boot , system, and such are located.
> I'm working on a mod to try to turn Zone3 into Cricket Spree.
> @MotoJunkie01
> Did you ever get anything going on the Rebel?

Click to collapse



No luck on the Rebel. I have a friend from over on my LG K3 thread who is testing a series of DirtyCow exploit scripts on the Rebel. I think he mentioned obtaining temp root, but of course either /aboot or /rct is causing issues in allowing the SU daemon to be written to /system. I'll keep you updated on the progress. Even better, if it is ok with you, I can have him contact you by PM. I have a feeling you could be a huge help in his efforts to gain permanent root on the LG Rebel LTE. 
Also, I will ask on my other LG device threads whether anyone owns an LG Spree, and if so, to provide a partition index for the device.


----------



## Astr4y4L (Oct 25, 2017)

MotoJunkie01 said:


> No luck on the Rebel. I have a friend from over on my LG K3 thread who is testing a series of DirtyCow exploit scripts on the Rebel. I think he mentioned obtaining temp root, but of course either /aboot or /rct is causing issues in allowing the SU daemon to be written to /system. I'll keep you updated on the progress. Even better, if it is ok with you, I can have him contact you by PM. I have a feeling you could be a huge help in his efforts to gain permanent root on the LG Rebel LTE.
> Also, I will ask on my other LG device threads whether anyone owns an LG Spree, and if so, to provide a partition index for the device.

Click to collapse



absolutely and as a quick nside note doesn't the rebel go into DownloadMode? and if so can't we use my mods to dump the system with-out root? and at that point i can quickly convert it to .img file mount it and make any changes we want... including hiding our SU.d in system/bin or system/xbin 
and then flash it back with lgup and then gain temp-root and your SU.d is already there.... just a thought...
hardest parts i ran into was libsupol and and file permissions...

i'm downloading the kdz for the verizon G2 right now and going to try to replace the boot chain on the zone3 so we can get fastboot back.  been working on the Zone3-to-K4 conversions and Gsm modding that. but still can't get Voice working... not sure how to force voice to use LTE or GSM...
all the stupid patch.zips on the net are for if you have twrp or philz or whatever and we can't even get Flashfire to work correctly....
kinda frustrated with that and im leaving it on backburner till i get another idea.

hopefully I'll be able to get that to work.  before I flash it blindly (CORRUPT BOOT CHAIN AND YOU DON'T GET DLMODE EVER AGAIN)
i'm going to extract the boot etc. and have a look at the fstab located in ramdisk.  may need to patch that...
but hey yea have your buddy contact me and we'll see if we can help get that rebel rooted


----------



## Astr4y4L (Oct 25, 2017)

@Motojunkie01
hey bro the boot chain from g2 won't work from Boot on up... because of the naming schemes and the fstab in fact it looks like a different processor so it has different init-files...
but later i'll try to get the aboot swapped and zero a laf to see if the crippled functions were actually in aboot.
hopefully the aboot binary will still boot the boot-partition being that I don't remember any hard-coded boot locations in the aboot.bin it's self...


----------



## MotoJunkie01 (Oct 25, 2017)

Astr4y4L said:


> @Motojunkie01
> hey bro the boot chain from g2 won't work from Boot on up... because of the naming schemes and the fstab in fact it looks like a different processor so it has different init-files...
> but later i'll try to get the aboot swapped and zero a laf to see if the crippled functions were actually in aboot.
> hopefully the aboot binary will still boot the boot-partition being that I don't remember any hard-coded boot locations in the aboot.bin it's self...

Click to collapse



That's amazing the work you've done on the G2 boot chain. Definitely promising for a number of these LG devices that have thus far been impenetrable to root exploit. I've had time to briefly check out your modded LG UP, and it's absolutely groundbreaking. 
If you don't mind, I am putting your name in the hat to an XDA Moderator for Title of XDA Recognized Contributor. Your work definitely warrants the title.
Oh PS, on your question regarding Download Mode on the Rebel, it appears that TracFone has pulled their notoroius block on the feature. (Exactly like they done on the LG Optimus Zone 2). Read the threads on the Zone 2 and you will see exactly how developers got around that.


----------



## Astr4y4L (Oct 25, 2017)

MotoJunkie01 said:


> That's amazing the work you've done on the G2 boot chain. Definitely promising for a number of these LG devices that have thus far been impenetrable to root exploit. I've had time to briefly check out your modded LG UP, and it's absolutely groundbreaking.
> If you don't mind, I am putting your name in the hat to an XDA Moderator for Title of XDA Recognized Contributor. Your work definitely warrants the title.
> Oh PS, on your question regarding Download Mode on the Rebel, it appears that TracFone has pulled their notoroius block on the feature. (Exactly like they done on the LG Optimus Zone 2). Read the threads on the Zone 2 and you will see exactly how developers got around that.

Click to collapse



OH WOW! Thanks Bro !

I will definitely read up on the tracfone-vs-download thing and check out the Zone2 thing.
I really want to get that Damn VoLTE thing working so that I can be done with the Frankin_Mod GSM thing...
 It's pretty wild I can pretty much turn the Zone3 into K4 and from there the only hang-up is Voice still somehow doesn't want to work with the LTE it go's straight for the wcdma or whatever...
but i can fully make calls over LTE on ip phone apps such as talkatone and Hangouts dialer etc.

I'm beginning to think my  remaining problems are with the phone or network app it's self 
I'd like to replace it with the ASOP dialer and maybe other apps too... see if it's just hard-coded that way in the apps.

because I had a Cricket Spree and the Hardware Is in fact the very same so it's capable if not necessarily willing to make phone calls over LTE .
if nothing else a functioning free SiP account is a temporary workaround  and  the stock dialer does have functionality for ip (SiP) calls....


----------



## MotoJunkie01 (Oct 25, 2017)

Astr4y4L said:


> OH WOW! Thanks Bro !
> 
> I will definitely read up on the tracfone-vs-download thing and check out the Zone2 thing.
> I really want to get that Damn VoLTE thing working so that I can be done with the Frankin_Mod GSM thing...
> ...

Click to collapse



Bub for the life of me I don't know how in the hell I initially enabled GSM on the Zone 3, but I sure wish I had carefully dilineated my procedure. It must have been some anomaly or even an accidental occurrence I invoked due to the particular firmware build and root procedure I used. I've tried and tried and cannot replicate the mod. All I really know is that is mostly involved edits to build.prop and system applications and processes. 
Anyway I've finally got some spare time off. I've been in Indiana climbing cell towers for two and a half months. I'm tired but psyched to finally delve back into some quality Androidology on XDA.
P.S. I will put your name in the hat for a Title of Recognized Contributor for you. I'll do it this evening.


----------



## Astr4y4L (Oct 25, 2017)

MotoJunkie01 said:


> Bub for the life of me I don't know how in the hell I initially enabled GSM on the Zone 3, but I sure wish I had carefully dilineated my procedure. It must have been some anomaly or even an accidental occurrence I invoked due to the particular firmware build and root procedure I used. I've tried and tried and cannot replicate the mod. All I really know is that is mostly involved edits to build.prop and system applications and processes.
> Anyway I've finally got some spare time off. I've been in Indiana climbing cell towers for two and a half months. I'm tired but psyched to finally delve back into some quality Androidology on XDA.
> P.S. I will put your name in the hat for a Title of Recognized Contributor for you. I'll do it this evening.

Click to collapse



Thanks So Much ! 

Man It'll Sure Be Good To Have You Back For A Few Days, 
if not for you I'd never thought about the original boot loop issues to be caused by conflicting Modem firmware, all the log-cats in the world don't make up for real world experience .

Bro I've found this crazy file called features.xml located @ /system/etc/features.xml
and I do believe that file too may play a roll i've searched it out and found mention of this file in other devices and i believe it sets how the os handles some network related things
I'm really tired of messing with it ... it's getting frustrating to be so close to 100% and be stuck a 95%.
Grrr...
Persistence Not Patience is what gets results in my experience but then again at what Cost.
test devices get expensive even when developing on so-called low budget devices. after someone kills two or three of them developing a root exploit they know what i mean ..


----------



## MotoJunkie01 (Oct 25, 2017)

Astr4y4L said:


> Thanks So Much !
> 
> Man It'll Sure Be Good To Have You Back For A Few Days,
> if not for you I'd never thought about the original boot loop issues to be caused by conflicting Modem firmware, all the log-cats in the world don't make up for real world experience .
> ...

Click to collapse



Yeah exactly, those bricks laying around in the Android graveyard sure add up in cash. Low budget or not, a brick is never good on the old billfold.


----------



## Astr4y4L (Oct 26, 2017)

MotoJunkie01 said:


> Yeah exactly, those bricks laying around in the Android graveyard sure add up in cash. Low budget or not, a brick is never good on the old billfold.

Click to collapse



On a different note just got LEDE working on my old netgear router...
talk about a kool interface "Lucy"

Hey does the K3 work with download mode?  Got people asking for help but i don't own the device ...
I'd love to help with that but to get started I need a dump from the K3 
and I don't even know if it go's to download mode...


----------



## MotoJunkie01 (Oct 26, 2017)

Astr4y4L said:


> On a different note just got LEDE working on my old netgear router...
> talk about a kool interface "Lucy"
> 
> Hey does the K3 work with download mode? Got people asking for help but i don't own the device ...
> ...

Click to collapse



Yes, I had referred a K3 user to you earlier that I thought you may be able to assist. Yes, Download Mode is fully functional on both the Boost Mobile and Virgin Mobile variants of the K3. It's actually an older thread now. I'll get you a link for the thread so you can review the progress at your convenience. Mine is actually fully rooted, but is a lot like the Zone 3, in that only the very early 6.0.1 stock firmware builds are susceptible to common root exploits.
https://forum.xda-developers.com/general/help/to-root-lg-k3-t3479758/page23


----------



## Astr4y4L (Oct 26, 2017)

MotoJunkie01 said:


> Yes, I had referred a K3 user to you earlier that I thought you may be able to assist. Yes, Download Mode is fully functional on both the Boost Mobile and Virgin Mobile variants of the K3. It's actually an older thread now. I'll get you a link for the thread so you can review the progress at your convenience. Mine is actually fully rooted, but is a lot like the Zone 3, in that only the very early 6.0.1 stock firmware builds are susceptible to common root exploits.
> https://forum.xda-developers.com/general/help/to-root-lg-k3-t3479758/page23

Click to collapse



Awesome I think we may be able to use the same methods as the zone3
if you'd like to assist you could be of great assistance if you can simply dump your system partition from the rooted K3 and link me to it...
I can quickly transform that into what we have on the Zone3..... 
IE: LguP quick-flash for root....


----------



## MotoJunkie01 (Oct 26, 2017)

Astr4y4L said:


> Awesome I think we may be able to use the same methods as the zone3
> if you'd like to assist you could be of great assistance if you can simply dump your system partition from the rooted K3 and link me to it...
> I can quickly transform that into what we have on the Zone3.....
> IE: LguP quick-flash for root....

Click to collapse



Is /system all you need from my rooted K3?


----------



## Astr4y4L (Oct 26, 2017)

*Yep*



MotoJunkie01 said:


> Is /system all you need from my rooted K3?

Click to collapse




yep if you can do a dump from LgUp that would be best, but probably any old system dump method will suffice .
and also if possible can you convert to superSU and install that to system root before dumping?

if you can manage that without bootloops and then dump the system-rooted I can transform that into an LgUp mod  flash-able system.img and the work on K3 root will be complete...
You'd be a Big help to Me and to all K3 users I'm trying to help.

ofcourse you get a full copy incase you ever brick him and need a quick way to restore...
if ya don't mind just load it up to google drive or the like and i'll grab it asap.
Thanks again Bro 
and I still want to send you one of these Frankin_Mod fones soon as I get it all working right.


----------



## MotoJunkie01 (Oct 26, 2017)

Astr4y4L said:


> yep if you can do a dump from LgUp that would be best, but probably any old system dump method will suffice .
> and also if possible can you convert to superSU and install that to system root before dumping?
> 
> if you can manage that without bootloops and then dump the system-rooted I can transform that into an LgUp mod flash-able system.img and the work on K3 root will be complete...
> ...

Click to collapse



Yeah I'm actually running the stock 6.0.1 Marshmallow with the su daemon installed to /system, versus the typical systemless root on 6.0.1 and later ROMs. Because the bootloader is apparently locked, systemless root via patched boot image was not possible on the K3. I'm using Partition Backup & Restore by @wanam to dump /system as a raw .img file. It will be a rooted system image like you need. I'll get that to you ASAP.


----------



## Astr4y4L (Oct 26, 2017)

MotoJunkie01 said:


> Yeah I'm actually running the stock 6.0.1 Marshmallow with the su daemon installed to /system, versus the typical systemless root on 6.0.1 and later ROMs. Because the bootloader is apparently locked, systemless root via patched boot image was not possible on the K3. I'm using Partition Backup & Restore by @wanam to dump /system as a raw .img file. It will be a rooted system image like you need. I'll get that to you ASAP.

Click to collapse



That'll be Kool I'll rework that into something for our K3 friends to test using LgUp to flash over the current system...
should be relatively simple... 
and all the K3 friends will jump for joy :good:


----------



## Astr4y4L (Oct 26, 2017)

@MotoJunkie01


Hey Bro any luck on that K3 dump?


----------



## Chekm8Qc (Oct 27, 2017)

Hey guys I'm having trouble removing a leftover file from king root in /system/bin/.usr/.ku

I get operation not permitted.. even after using command mount -o remount,rw /system. Any ideas ?


----------



## Astr4y4L (Oct 27, 2017)

@  Chekm8Qc

yep try this.....
su
mount -o remount,rw /
mount -o remount,rw /proc
mount -o remount,rw /system
mount -o remount,rw /dev
setenforce 0
chown 0.0 /system/bin/.usr/.ku
busybox chattr -ia  /system/bin/.usr/.ku
rm -r  /system/bin/.usr/.ku

each line is a command and should be run 1 at a time from adb shell or terminal emu.
if that don't work let me know and we'll find a way to nuke that bugger

---------- Post added at 07:27 PM ---------- Previous post was at 06:43 PM ----------

@_MotoJunkie01_ Bro I Can't Pm you and I really Need that Dump File...


----------



## Chekm8Qc (Oct 27, 2017)

@Astr4y4L

Man that nuked the file so hard I think the phone vibrated lol. Thanks ! 
The rooted system img I uploaded to my drive contains that same file.. would you prefer if I dumped another one ? (cleaner)


----------



## Astr4y4L (Oct 27, 2017)

Chekm8Qc said:


> @Astr4y4L
> 
> Man that nuked the file so hard I think the phone vibrated lol. Thanks !
> The rooted system img I uploaded to my drive contains that same file.. would you prefer if I dumped another one ? (cleaner)

Click to collapse



Naa no big deal i'll come back later and note it in a .txt file and stick it in the same folder and when i mount it later ill remove it manually....
thanks though...

---------- Post added at 08:23 PM ---------- Previous post was at 08:00 PM ----------




Chekm8Qc said:


> @Astr4y4L
> 
> Man that nuked the file so hard I think the phone vibrated lol. Thanks !
> The rooted system img I uploaded to my drive contains that same file.. would you prefer if I dumped another one ? (cleaner)

Click to collapse



Ps. check your system bin for redsocks in bin that too is Kroot related....
also check your /data/local/tmp/
folder for kr.somethin somethin blablabla
that sometimes gets missed...


----------



## Astr4y4L (Oct 27, 2017)

@MotoJunkie01 
Hey Bro Where Ya At ?

---------- Post added at 09:27 PM ---------- Previous post was at 09:25 PM ----------




MotoJunkie01 said:


> Yeah I'm actually running the stock 6.0.1 Marshmallow with the su daemon installed to /system, versus the typical systemless root on 6.0.1 and later ROMs. Because the bootloader is apparently locked, systemless root via patched boot image was not possible on the K3. I'm using Partition Backup & Restore by @wanam to dump /system as a raw .img file. It will be a rooted system image like you need. I'll get that to you ASAP.

Click to collapse




Bro I NEED THIS to help these guys on the K3 threads...


----------



## MotoJunkie01 (Oct 27, 2017)

Astr4y4L said:


> @MotoJunkie01
> Hey Bro Where Ya At ?
> 
> ---------- Post added at 09:27 PM ---------- Previous post was at 09:25 PM ----------
> ...

Click to collapse



Sorry mate not forgot about you at all.  I've ran into Murphy's Law again on this K3.....if it can go wrong it will.  I actually got a bootloop  -soft brick - installing BusyBox to /system/xbin. I've been all day trying to iron this out. If I LG UP flash the latest firmware I'll lose the ability to root.  I'm trying my best to preserve my /system partition.


----------



## Astr4y4L (Oct 27, 2017)

MotoJunkie01 said:


> Sorry mate not forgot about you at all.  I've ran into Murphy's Law again on this K3.....if it can go wrong it will.  I actually got a bootloop  -soft brick - installing BusyBox to /system/xbin. I've been all day trying to iron this out. If I LG UP flash the latest firmware I'll lose the ability to root.  I'm trying my best to preserve my /system partition.

Click to collapse



OH NO !!!
Man , I sure Wish you could have dumped it using LguP Dump option....
before the brick, but now you can probably still dump it using LguP 
and then I can Mount that after converting it and delete the Busybox from linux and then we can flash it back to see if that resolves your Boot loops....

we gotta get you back Up on your K3 before I worry about everyone else....

So If you'll Dump the current system by LguP I'll Try to fix it Off-Device and we can then see if that helps your current condition...
Do you Know how to use the Dump option in lgup?
fist make a folder on desktop called K3-dump or whatever then choose Dump in Modded Lgup
it'll ask you where to dump and just choose the folder you created click ok and boom we're in buisness...
then upload that ANYWHERE and link me I'll Remove the Busybox binary from the /system/xbin
wrap it back up and shoot you a return link so you can flash it back with lgup...

worst case it doesn't boot and your left in the same state it is now ,
BEST CASE 
Your back to before the busybox install...
I'd bet selinux or RTC caught the damn BB.bin in xbin and locked it up
if it's that we may be in luck...
Try this dump before trying to factory reset if you haven't already...

So , I'll Be standing by ...
also please add me to contacts so i can PM you i'm currently blocked somehow.
Thanks Bro


----------



## MotoJunkie01 (Oct 27, 2017)

Astr4y4L said:


> OH NO !!!
> Man , I sure Wish you could have dumped it using LguP Dump option....
> before the brick, but now you can probably still dump it using LguP
> and then I can Mount that after converting it and delete the Busybox from linux and then we can flash it back to see if that resolves your Boot loops....
> ...

Click to collapse



Yeah I'm familiar with LG UP dump option. I'll follow your directives and see if that'll work. Yeah I was simply installing BusyBox 1.27.2 to /system/xbin before I went to dump my system partition and on reboot. ..BOOTLOOP! Man talk about aggravated. Anyway I'll see if I can get system dumped with LG UP.


----------



## Astr4y4L (Oct 27, 2017)

MotoJunkie01 said:


> Yeah I'm familiar with LG UP dump option. I'll follow your directives and see if that'll work. Yeah I was simply installing BusyBox 1.27.2 to /system/xbin before I went to dump my system partition and on reboot. ..BOOTLOOP! Man talk about aggravated. Anyway I'll see if I can get system dumped with LG UP.

Click to collapse



Kool Brother !!! It has to be that binary write to xbin then... and I can remove that easily....

I'm fairly confident that if that doesn't fix it in it's self ..
a factory reset to clear everything (system,rtc,cached data)  then flash the rooted busybox removed dump back probably will work for you.

God I hope it works for then we will have the K3 Quick root...

---------- Post added at 11:01 PM ---------- Previous post was at 10:55 PM ----------

------------ >  Team_Astr4y4L

Stickin it to LG BigRed  Murphy And His Laws .

who gave that guy the lawbook and a pen anyway?
LOL


----------



## MotoJunkie01 (Oct 27, 2017)

Astr4y4L said:


> Kool Brother !!! It has to be that binary write to xbin then... and I can remove that easily....
> 
> I'm fairly confident that if that doesn't fix it in it's self ..
> a factory reset to clear everything (system,rtc,cached data) then flash the rooted busybox removed dump back probably will work for you.
> ...

Click to collapse



Well Luck of the Irish, I think my device is toast. Albeit all the correct device drivers, DLL files, etc, my device is not now being recognized by LG UP or my PC. I have changed USB ports, data transfer cables, all the typical troubleshooting. I've even tried my other Windows 10 laptop.  All to no avail. @Astr4y4L, you're my go to guy on these LG smartphones, do you have any tips or tricks I could try at this point? I've ran the race here and I'm pulling in last place. 
Thanks


----------



## wdthompson (Oct 27, 2017)

Hi,, you wanted a twrp recovery, here's one to test,, twrp from K7, kernel from K4 (k121)
I don't have my phone yet (next week) or your tools
Everything is more expensive in canada, phone is 120 + tx from carriers,
I got one for 65 (75),, 60US,,, do you still have 1/2 price thursday???
(the exchange is a killer, I may donate 15 instead of 10, 15 is almost 20C)

The twrp rec is more tha 1M bigger, but the partition is big enough
Of course you have to disable bin/install-recovery.sh, or it will be overwritten
I don't know if the wrong info in default.prop will be a problem (still K7),,
I would have used K4 info so that would still not be right for note 3
Fstab looks OK, there is no init.{hardware}.rc in the ramdisk

https://drive.google.com/file/d/0B1zh5VapBnVoMmk1bDNJRjBZaGc/view?usp=sharing

From undz
15 : laf_278528.bin (12348351 bytes)
16 : boot_311296.bin (9883030 bytes)
17 : recovery_344064.bin (10383371 bytes)
18 : factory_376832.bin (9917975 bytes)

ls -l 
total 23204
-rw-r--r-- 1 d d   524288 Oct 27 09:31 PrimaryGPT_0.bin
-rw-r--r-- 1 d d 11010048 Oct 27 09:31 recovery_344064.bin
-rw-r--r-- 1 d d 12187648 Oct 27 09:34 twrp-3.1.1-0-m1.img
[[email protected] dzextracted]$ 


From gdisk PrimaryGPT_0.bin

  32          278528          311295   16.0 MiB    FFFF  laf
  33          311296          344063   16.0 MiB    FFFF  boot
  34          344064          376831   16.0 MiB    FFFF  recovery
  35          376832          425983   24.0 MiB    FFFF  factory

From abootimg -i twrp
* image size = 12187648 bytes (11.62 MB)
  page size  = 2048 bytes

* Boot Name = ""

* kernel size       = 7422960 bytes (7.08 MB)
  ramdisk size      = 4231082 bytes (4.04 MB)

* load addresses:
  kernel:       0x00008000
  ramdisk:      0x02000000
  tags:         0x00000100

From abootimg -i recovery_344064.bin 

Android Boot Image Info:

* file name = recovery_344064.bin 

* image size = 11010048 bytes (10.50 MB)
  page size  = 2048 bytes

* Boot Name = ""

* kernel size       = 7455152 bytes (7.11 MB)
  ramdisk size      = 2860760 bytes (2.73 MB)

* load addresses:
  kernel:       0x80008000
  ramdisk:      0x82000000
  tags:         0x80000100

---------- Post added at 06:50 PM ---------- Previous post was at 06:47 PM ----------

Let me know how it works


----------



## Astr4y4L (Oct 27, 2017)

*Reserved*



wdthompson said:


> Hi,, you wanted a twrp recovery, here's one to test,, twrp from K7, kernel from K4 (k121)
> I don't have my phone yet (next week) or your tools
> Everything is more expensive in canada, phone is 120 + tx from carriers,
> I got one for 65 (75),, 60US,,, do you still have 1/2 price thursday???
> ...

Click to collapse



..


----------



## wdthompson (Oct 27, 2017)

More,, I am a curious fellow,, from install-recovery.sh
if ! applypatch -c EMMC:/dev/block/bootdevice/by-name/recovery:10676224:b7b5aede4e83c83c25d7655a612e8c6f14e2ff08; then
(this is for K4, your note 3 will be a bit different)
applypatch -c checks sha1sum,, read 10676224 bytes and sha1sum that 10476K bytes,
if it is not b7b5.......ff08 then overwrite with following lines, also sha1sum checked
FWIW


----------



## Astr4y4L (Oct 27, 2017)

*ARRRGH !!!!*



MotoJunkie01 said:


> Well Luck of the Irish, I think my device is toast. Albeit all the correct device drivers, DLL files, etc, my device is not now being recognized by LG UP or my PC. I have changed USB ports, data transfer cables, all the typical troubleshooting. I've even tried my other Windows 10 laptop.  All to no avail. @Astr4y4L, you're my go to guy on these LG smartphones, do you have any tips or tricks I could try at this point? I've ran the race here and I'm pulling in last place.
> Thanks

Click to collapse



Wow Yep that stinks...
so I've had that exact issue before and it didn't resolve untill i completely nuked my windows 10 and reinstalled win 7...
it was wierd because i accidentally grabed the (wrong) test device "the usb-dead one" and plugged it in and low and behold 
Windows is searching Windows-Update for device drivers...
and now the sucker connects.
why ?
I DONT KNOW...
CANT EXPLAIN IT... Fluke?

---------- Post added at 02:49 PM ---------- Previous post was at 02:24 PM ----------

trying it now via dd


----------



## wdthompson (Oct 27, 2017)

BTW let give a plug for abootimg,, for linux, you have to compile, it is simple, so easy compile
BUT,,BUT don't use the one for macs, it doesn't work (maybe if you have a mac?)
Search git  "Gilles Grandou" abootimg .  It just packs/unpacks android boot images
you still have to zcat infile |cpio -i   and find|sort|cpio -o -H newc --quiet|gzip > outfile  to the ramdisk


----------



## Chekm8Qc (Oct 27, 2017)

I get a secure boot error "modified" when I try to boot into that recovery.. It's  weird though cause even on STOCK recovery I can't access it. I get this  dead android guy on it's back lol. Its like LG just deactivated it.


----------



## wdthompson (Oct 27, 2017)

aboot!
[[email protected] dzextracted]$ strings -10 aboot_151552.bin |grep -A 8 -B 12 MODIF
No memory!
No unlock key!
Found unlock key!
sig is null : %d
DeviceID : %s
000000000000000
NONCE : %d
killswitch
public key mismatch : %s
unlock key mismatch
partition table doesn't exist
 OFFICIAL !!
 MODIFIED !!
--------------------------------------------
 Secure booting Error!
 Error Code : %d
%s  : 0x%x(0x%x)
%d version not support
Boot state is locked
kernel  : 0x%x(0x%x)
ramdisk  : 0x%x(0x%x)


----------



## Astr4y4L (Oct 27, 2017)

wdthompson said:


> BTW let give a plug for abootimg,, for linux, you have to compile, it is simple, so easy compile
> BUT,,BUT don't use the one for macs, it doesn't work (maybe if you have a mac?)
> Search git  "Gilles Grandou" abootimg .  It just packs/unpacks android boot images
> you still have to zcat infile |cpio -i   and find|sort|cpio -o -H newc --quiet|gzip > outfile  to the ramdisk

Click to collapse



Problem with that was that the whole bootchain is signed by Lg and so when we fooled with aboot at all we changed the check-sum of the file.

Header + Code-size + Lg's signing key = the checksum....

if you look .. Oh about page 20 -something of this thread and just read all the way through  to present you will see that we've tried modifying the aboot before but since it's not going to match the original then the Sum will be different resulting in No-Boot or Secure-Boot-Error-1004 or  Secure-Boot-Error-1008 ...
as for compiling custom aboot from source...
well , tried that too...
mostly the problem is that from the system on a chip it securely boots the Secondary bootloader [MiniOS] 
The s.b.l  then has the function to boot the application boot loader [aboot]
which is the first part of our rom ...

according to everything I've found our only hope for fastboot functions is to replace aboot with aboot'functioning" by patching our current aboot or by compiling a different aboot binary.

Which Brings me back to the problem that the aboot has to be signed..

They used to have a method for early G2 and stuff developed by @codefire
i think it was , and it was run as a service, that [ Bumped ]
your boot .img files and caused them to be signed by Lg as far as your phone cared...
But thanks to an adventurous Neewb who discovered how the service worked, out came[ OPENBUMP.PY ] 
  Google-search it..
and at that Point It became PUBLIC Disclosure  and LG noticed...
Yes Guys , the Tech's over at LG watch XDA too...LOL
and so then they patched that hole.  so the story go's ...
and so thats why I'm trying to work-out a way to just use the aboot from another LG device Namely the G2. because if I can get the phone to allow a LG-G2 aboot in the place of the one it's accustomed to we can at said point Nuke /laf [ zero'd .img]
and then instead of booting into Download mode, we get fall-back which defaults to the fast-boot environment.

---> Astr4y4L takes a deep breath...

which on the G2 the fastboot binarys located in aboot didn't have crippled functions and we can then say fastboot flash  bla bla bla 
or fasboot boot bla bla bla

so you see the Problem remains....
WE NEED A COPY OF LG'S SIGNING KEY
generick snakeoil keys don't work
personal signing keys even purchased from a key authority wouldn't work...

Has to be LG.



so i'm going to continue to try to replace the individual pieces of the firmware swapping with other stock bits to get the features we desire without killing the signed state of the firmware...

I Have extracted the latest "un-extractable" -kdz G2 firmware from the Verizon model's .kdz file and extricated the aboot partition.
I want to test it on a device , and if after the replacement the device boots then we will be all alot happier installing twrp and root and what-ever

But I only have one working [TEST] device at the moment and I'm also developing what i've already got trying to gain full GSM functionality in a flashable package..
so I will not be testing the extracted aboot or any aboot or boot chain modification for a while...

also keep being drawn to figure out the K3 root issues, those poor K3 owners are F***ED at the moment and now my good buddy @MotoJunkie01 has had his K3 melt-down so I'm going to be focused on trying to help him back to life on the K3...

I could link you to my G2 aboot and you can write it to a zone3 or older K4 and let us know how it turn's out...
you'd save a bunch of waiting for me to ever get all the way back around to it...


----------



## Chekm8Qc (Oct 27, 2017)

damn I don't understand anything of this lol. All this meaning locked bootloader?

I was referring to wdthompson's post.


----------



## Astr4y4L (Oct 27, 2017)

Chekm8Qc said:


> damn I don't understand anything of this lol. All this meaning locked bootloader?
> 
> I was referring to wdthompson's post.

Click to collapse



:good:  Abso-fukin-loot-ly
and i hate the OEM's for it....


----------



## Chekm8Qc (Oct 27, 2017)

Astr4y4L said:


> :good:  Abso-fukin-loot-ly

Click to collapse



I wonder if flashing my older aboot (10c) would help. After all I was able to root with king root only after replacing my boot.img with the 10c one..cause I had tried many times before with 10f and never did it work.


----------



## Astr4y4L (Oct 27, 2017)

Chekm8Qc said:


> I wonder if flashing my older aboot (10c) would help. After all I was able to root with king root only after replacing my boot.img with the 10c one..cause I had tried many times before with 10f and never did it work.

Click to collapse



Very Good My young jedi

I think thats exactly how it happened

---> Astr4y4L clapping

---------- Post added at 05:22 PM ---------- Previous post was at 05:21 PM ----------




wdthompson said:


> aboot!
> [[email protected] dzextracted]$ strings -10 aboot_151552.bin |grep -A 8 -B 12 MODIF
> No memory!
> No unlock key!
> ...

Click to collapse




If you make it work you'll be legend


----------



## Chekm8Qc (Oct 27, 2017)

tried to flash 10c aboot..didn't change anything hehe still get the secure boot error 1003 modified when I try to launch recovery.


----------



## Astr4y4L (Oct 27, 2017)

Chekm8Qc said:


> tried to flash 10c aboot..didn't change anything hehe still get the secure boot error 1003 modified when I try to launch recovery.

Click to collapse



Yep recovery still has to be signed image.....

---------- Post added at 05:45 PM ---------- Previous post was at 05:40 PM ----------




Chekm8Qc said:


> tried to flash 10c aboot..didn't change anything hehe still get the secure boot error 1003 modified when I try to launch recovery.

Click to collapse



If you feel adventurous download the d8-whatever verizon version of G2 .kdz and try the aboot from that

if it boots you may be able to nuke laf and have fastboot working...
if that works you'll be the first to boot twrp on the device...


----------



## Chekm8Qc (Oct 27, 2017)

Astr4y4L said:


> Yep recovery still has to be signed image.....
> 
> ---------- Post added at 05:45 PM ---------- Previous post was at 05:40 PM ----------
> 
> ...

Click to collapse



Ouch sounds risky .. if I lose download mode I'm screwd lol.

---------- Post added at 11:58 PM ---------- Previous post was at 11:50 PM ----------

I read somewhere that even after nuking laf..sometimes you're left with a "dumbed down" fastboot that doesn't let you enter any commands. That is with the more recent LG phones I believe.


----------



## Astr4y4L (Oct 27, 2017)

but if it works you can have the ever so sought after fastboot.... lol

hey for saftey sake back-up current laf  to a external sd card

use 

dd if=/dev/block/platform/7824900.sdhci/by-name/laf of=/storage/external_SD/laf.img


----------



## Chekm8Qc (Oct 28, 2017)

Astr4y4L said:


> but if it works you can have the ever so sought after fastboot.... lol
> 
> hey for saftey sake back-up current laf to a external sd card
> 
> ...

Click to collapse



so if download mode is fμcked.. will I be able to boot the phone and restore this laf backup via terminal emu or with pc ?


----------



## Astr4y4L (Oct 28, 2017)

Chekm8Qc said:


> I read somewhere that even after nuking laf..sometimes you're left with a "dumbed down" fastboot that doesn't let you enter any commands. That is with the more recent LG phones I believe.

Click to collapse



exactly why I'd like to replace ours with the older one from G2

right now if we nuke laf we get that stupid-crippled fastboot.

however I have a old tester that came with broken-glass and PP1 on it...

and before turning it into a pp7 and then a k4
I did dump the whole rom...

I could send you the aboot from that and we can see if that one's crippled...

it's older than your c version...
but you'll have to write it to the device with partitions backup tool by @wanam available from googleplay..

---------- Post added at 06:07 PM ---------- Previous post was at 06:05 PM ----------




Chekm8Qc said:


> so if download mode is fμcked.. will I be able to boot the phone and restore this laf backup via terminal emu or with pc ?

Click to collapse



well as long as the phone will still boot up you could restore the image using the exact reverse of the command you use to back it up...


----------



## Chekm8Qc (Oct 28, 2017)

Astr4y4L said:


> exactly why I'd like to replace ours with the older one from G2
> 
> right now if we nuke laf we get that stupid-crippled fastboot.
> 
> ...

Click to collapse



Argh .. this is scary.
So aboot is not like boot.img right.. It won't screw up boot you sure ?


----------



## Astr4y4L (Oct 28, 2017)

Chekm8Qc said:


> Argh .. this is scary.

Click to collapse



I know right...
I started with one zone3 and ended up totally killing at the least 3
had 5 bricks at one point but kept going and buying another one at $20 US a pop
and trying [stuff] again and again untill i figured out what we've got thus far...


----------



## Chekm8Qc (Oct 28, 2017)

Astr4y4L said:


> I know right...
> I started with one zone3 and ended up totally killing at the least 3
> had 5 bricks at one point but kept going and buying another one at $20 US a pop
> and trying [stuff] again and again untill i figured out what we've got thus far...

Click to collapse



yeah what you have accomplished is amazing work hehe. Phones over here are expensive though ..even my crappy k4.


----------



## Astr4y4L (Oct 28, 2017)

Chekm8Qc said:


> yeah what you have accomplished is amazing work hehe. Phones over here are expensive though ..even my crappy k4.

Click to collapse



well while i was sitting here i couldnt resist flashing it over on the device and it booted which was no surprise it's just the earlier version of same firmware.. PP1 -- i mean

I'm not brave enough to try the G2 aboot yet it's from a different device and if it don't work i'd be screwed on development till i get a new device...
but later ill definately nuke laf on this one to see if that gave real fastboot...


----------



## Chekm8Qc (Oct 28, 2017)

Astr4y4L said:


> well wile i was sitting here i couldnt resist flashing it over on the device and it booted which was no suprize it's just the earlier version of same firmware.. PP1 -- i mean
> 
> I'm not brave enough to try the G2 aboot yet it's from a different device and if it don't work i'd be screwed on development till i get a new device...

Click to collapse



so flashing that aboot might simply brick my device ? Will I be able to go to DL mode at least?


----------



## Astr4y4L (Oct 28, 2017)

Chekm8Qc said:


> so flashing that aboot might simply brick my device ? Will I be able to go to DL mode at least?

Click to collapse



theres the possibility when flashing other-than-stock or -wrong- firmware to royally Brick the device...

thats why i wont try with the one from g2

but the PP1 versions of everything are compatible ...
just tested on a modded Frankin_Fone

for all purposes it's the same as your K4 so it should be no prob...
mine don't want to give me adb for what-ever reason... i broke it.

but i'll check later to see if that changed the way stuff works at all


----------



## Chekm8Qc (Oct 28, 2017)

Astr4y4L said:


> theres the possibility when flashing other-than-stock or -wrong- firmware to royally Brick the device...
> 
> thats why i wont try with the one from g2
> 
> ...

Click to collapse



ok can u send me the link to the pp1 aboot ? Just in case I suddenly feel like flashing it lol. I am very interested but still kinda unsure


----------



## Astr4y4L (Oct 28, 2017)

Chekm8Qc said:


> ok can u send me the link to the pp1 aboot ? Just in case I suddenly feel like flashing it lol. I am very interested but still kinda unsure

Click to collapse



yep i'll PM you the link to the folder containing the entire boot chain...

---------- Post added at 07:27 PM ---------- Previous post was at 07:22 PM ----------

@Chekm8Qc
check PM's


----------



## wdthompson (Oct 28, 2017)

Er,, I have actually read the whole thread,, its so long
But I don't remember this
>.. Oh about page 20 -something of this thread and just read all the way through to present you will see that >we've tried modifying the aboot before but since it's not going to match the original then the Sum will be >different resulting in No-Boot or Secure-Boot-Error-1004 or Secure-Boot-Error-1008 ...
I should have realized that it is so locked down by all your toils


----------



## Astr4y4L (Oct 28, 2017)

wdthompson said:


> Er,, I have actually read the whole thread,, its so long
> But I don't remember this
> >.. Oh about page 20 -something of this thread and just read all the way through to present you will see that >we've tried modifying the aboot before but since it's not going to match the original then the Sum will be >different resulting in No-Boot or Secure-Boot-Error-1004 or Secure-Boot-Error-1008 ...
> I should have realized that it is so locked down by all your toils

Click to collapse



OH YEA parts of that info may actally have been passed in PM...

but yes we need someone to start a New thread based on whats current
because its become very easy to get lost on this thread...   LOL
but if we can just get the stupid aboot fixed i think we'd be all good.
aboot is what checks security for boot partition that we are used to tampering with in other roms...
so aboot is where we must break the chain of trust if we want to replace the files in the ram disk of /boot partition...
seems
your experienced on linux so if you want to take a stab at it you will find testers around here... but I would personally try it on a device I own first ...
that way no one kills a phone and gets all Butt-Hurt about it...


----------



## wdthompson (Oct 28, 2017)

Like I said in the post, I get the phone next week, its in the mail, can't do anything til then
I seldom use win, have to check out your toolchain
Since the phone is about 3x the price you can get them for (factoring exchange), I will be a bit cautious
Why are they so cheap in US?
this is actually better than Allwinner (tablets), fortunatly they are unbrickable,,
there is a good reason there are no button presses to get to recovery,
3 out of 4, just going to recovery resulted in bootloop, on a fresh install,
and the 4th, only the power button did anything, all you could do was reboot
Really crappy software,, and when I did a dump of recovery, there was the ANDROID! string,
3/4 of the way thru, !!! followed by lg and lge strings !!!! So it could be worse.


----------



## MotoJunkie01 (Oct 28, 2017)

Yeah I agree with you @Astr4y4L -- a new thread would freshen things up. And, I think a new thread would highlight your recent work as well as a great place for links to your modded LG UP and other recent work. 
By the way I've recommended an XDA Moderator review your work and contributions, and consider you for a Recognized Contributor. You should get a PM regarding that decision within a few days.


----------



## Astr4y4L (Oct 28, 2017)

MotoJunkie01 said:


> Yeah I agree with you @Astr4y4L -- a new thread would freshen things up. And, I think a new thread would highlight your recent work as well as a great place for links to your modded LG UP and other recent work.
> By the way I've recommended an XDA Moderator review your work and contributions, and consider you for a Recognized Contributor. You should get a PM regarding that decision within a few days.

Click to collapse



I would love to see it {both the PM and the new thread} and if you would like to start the thread I'll put a static unchanging link to my site there as well as links to everything that I deem Freebie's as far as my R&D files...

Thanks so much Brother for your Continued Support !

I Really want to get every thing laid out in a clean orderly fashion.
I guess I could write a thread on it all after all I can build working websites...
but, I just don't have the time at this moment to do it all by my self.

It would do well to be laid out in the fashion that things were explained nicely for neewbs
and each tool or link to a file explained separately...

of course if I were to take the time to do that I'd just add more pages to my site to separate and explain things  from there that way I control the content and all rights to it...

but if you do it here I could easily separate things and organize the Back-end of my server 
to accommodate your post structure and links here on XDA. then we can have the free -well documented general post with a link to that folder.. followed by a link to my site for reference to My Donate-only section and a list of the tools and files and process involved.
If you'd Help me with Xda end I'll handle everything on my end and get some better laid out instructions for each different mod we have and how to use them..
and then I can spend more time Breaking New [TEST] devices and less time explaining things...


Really need a dump of that Krazy K3 Old-school firmware.
I guess you still are stuck on that guy eah?

I have a zone3/k4 [Fr4nkin-fone] in the weird state of no usb connection 
unless I go to DL -mode then it connects...
it's some kinda Bug in LG roms I think...

or maby not a bug but a self-imposed condition 
resulting from tearing out the little android-Guy's gutz and packing different stuff back in there...

But needless to say if you can find an old k3 we can dump him to get that rootable firmware...
Well Brother, I guess I'm calling it a night.
Add me to whatever group is enabled to PM you so I don't Have to blab openly in public about our upcoming top-secret Projects...

Laterz

Astr4y4L


----------



## Chekm8Qc (Oct 29, 2017)

Just tested my dumped rooted system image with LGUP and it works.. good to know. The phone didn't boot after activating lucky patcher in xposed lol oops


----------



## wdthompson (Oct 29, 2017)

http://opensource.lge.com/osSch/list?types=ALL&search=vs425pp
and of course
http://opensource.lge.com/osSch/list?types=ALL&search=k121
have not yet found aboot or sbl in this,, maybe it is in the android src


----------



## Chekm8Qc (Oct 29, 2017)

wdthompson said:


> http://opensource.lge.com/osSch/list?types=ALL&search=vs425pp
> and of course
> http://opensource.lge.com/osSch/list?types=ALL&search=k121
> have not yet found aboot or sbl in this,, maybe it is in the android src

Click to collapse



That's interesting .. Would be great if you found that aboot for our exact model  Since its version 10a maybe the fastboot won't be messed with.. hopefully.


----------



## MotoJunkie01 (Oct 29, 2017)

Astr4y4L said:


> I would love to see it {both the PM and the new thread} and if you would like to start the thread I'll put a static unchanging link to my site there as well as links to everything that I deem Freebie's as far as my R&D files...
> 
> Thanks so much Brother for your Continued Support !
> 
> ...

Click to collapse



Yes, your work -- and everything we've amassed on the Zone 3 -- would look great on a clean, neatly laid out and organized thread. This old thread has been ok for sort of a catch-all of different topics for the Zone 3 -- firmware, general info, unbricking, and of course your comprehensive guides, root packages and software you've developed. 
Tell you what, I'll draft and post the thread right now while I'm free. What do you want the title of the thread to be? Give me a general idea of the title and opening and I'll lay it out.
And, it would be great if we could maybe co-author the thread. I can place all links you want posted in the OP - just provide me links and descriptions via PM.
Thanks @Astr4y4L.


----------



## Astr4y4L (Oct 29, 2017)

*Awesome !!!*



MotoJunkie01 said:


> Yes, your work -- and everything we've amassed on the Zone 3 -- would look great on a clean, neatly laid out and organized thread. This old thread has been ok for sort of a catch-all of different topics for the Zone 3 -- firmware, general info, unbricking, and of course your comprehensive guides, root packages and software you've developed.
> Tell you what, I'll draft and post the thread right now while I'm free. What do you want the title of the thread to be? Give me a general idea of the title and opening and I'll lay it out.
> And, it would be great if we could maybe co-author the thread. I can place all links you want posted in the OP - just provide me links and descriptions via PM.
> Thanks @Astr4y4L.

Click to collapse



Well I tried to Pm you but still as right now the stupid thing doesn't let me...
Says Bla bla bla Motojunkie01 has chosen not to recieve Private messages bla bla bla...

so I can't PM you
AAAAHHHH !!!!

ok but yea, anyways  we can still call it "Frankin_Mod_Root Project"
with a description " Universal zone3 root method + k4-121" 
plus we need to mention that we've created (Frankin_Fone) the zone3's flashed to K4 and partially GSM-enabled)

co-authored by us both sounds great ! 
I'll go clean things up at the server-backend NOW to organize the links easier
"wish I caught you earlier... been working on my mothers church website all morning ( http://rscc.dynu.net/ ) and didn't see the notifications..."

So what do I need to Do to contact you, It wont let me PM you?

---------- Post added at 01:54 PM ---------- Previous post was at 01:48 PM ----------




wdthompson said:


> http://opensource.lge.com/osSch/list?types=ALL&search=vs425pp
> and of course
> http://opensource.lge.com/osSch/list?types=ALL&search=k121
> have not yet found aboot or sbl in this,, maybe it is in the android src

Click to collapse



it's not open sourced completely ...
the aboot is based on Littlekernel project (google-it)

but I've got it dumped from a device and also extracted from our stock .kdz firmwares...  just haven't been able to modify it in any way because of the security checks...

freekin sux

---------- Post added at 02:29 PM ---------- Previous post was at 01:54 PM ----------




MotoJunkie01 said:


> Yes, your work -- and everything we've amassed on the Zone 3 -- would look great on a clean, neatly laid out and organized thread. This old thread has been ok for sort of a catch-all of different topics for the Zone 3 -- firmware, general info, unbricking, and of course your comprehensive guides, root packages and software you've developed.
> Tell you what, I'll draft and post the thread right now while I'm free. What do you want the title of the thread to be? Give me a general idea of the title and opening and I'll lay it out.
> And, it would be great if we could maybe co-author the thread. I can place all links you want posted in the OP - just provide me links and descriptions via PM.
> Thanks @Astr4y4L.

Click to collapse



i've got links ,discriptions and such ready . cleaned up the server a bit...

I'll try to pm you and see if that works yet...

---------- Post added at 02:33 PM ---------- Previous post was at 02:29 PM ----------

@Motojunkie01 

Still can't PM you... WTF is wrong with xda? Grrrr.
email me so we can bypass xda for secure communications...
    EDIT --->EMAIL REMOVED 

Astr4y4L
Team_Astr4y4L


----------



## MotoJunkie01 (Oct 30, 2017)

Astr4y4L said:


> Well I tried to Pm you but still as right now the stupid thing doesn't let me...
> Says Bla bla bla Motojunkie01 has chosen not to recieve Private messages bla bla bla...
> 
> so I can't PM you
> ...

Click to collapse



Sorry about the PM thing my friend. I need to sign into XDA on my browser and fix the settings in my User CP for messaging. I've got it set to only allow PMs from contacts on XDA and I thought I had added you as a contact/friend. I'll get that fixed asap


----------



## Astr4y4L (Oct 30, 2017)

Well I'm going to try some things I'm now downloading the many many gigs of source for cm 12.1
and I know that pure Cyanogenmod will not boot here unless i can get LG to sign the image...   huh, imagine that.

but what I Am going to try is to open one of these signed images in linux and erase/replace things with pieces of my freshly built  cm12.1 lollipop image...
Apps init scripts and framework stuff will all catch attention in this Mod...

My hope is that by ripping the android guys guts out and stuffing him full of Cyanogen_Mod Team_Astr4y4L goodness The result will be an ext4 system.img signed by LG containing MY system instead of there's.
now this will not be like the usual CM build as lots of CM's features will not be available because of the way LG has Implemented the init in a locked way and cant change it because it loads from /boot partition and I can't mount /Boot and change it on the fly like the other partition....
YET.....
but that too is on the table once the R&D gets back to it

Updated Our Site to prepare for the New thread that @MotoJunkie01 and myself are going to co Author.
there's going to be a direct link in the New thread that will link to a folder where I'm putting some good Freebies {tools, apps, firmwares, etc}

here's the link to that page and it will also be posted in the new thread when we move...

http://www.astrayalslanding.dynu.net/All_My_Tools/

and @MotoJunkie01 I suggest we use the above link for that as I've hardcoded everything in Html  and that way it's seperate incase the content management frontend for the site buggz out or something we wont loose this linked page and wont have to update the OP in the new thread...


----------



## wdthompson (Oct 30, 2017)

I think that some of the little kernel src is in android/vendor/lge/factory/minios  ,,
in the adroid tgz from  http://opensource.lge.com/osSch/list?types=ALL&search=vs425pp  or K121
But that is only part of it, only the lg specific(modified?) parts, and  not the kernel or initrd
There are only 2 references in that whole thing to aboot (grep -R), in the kernel tgz, to MIPS

---------- Post added at 04:56 AM ---------- Previous post was at 04:42 AM ----------

But, to be clear, aboot is not an android boot image,,
file aboot_151552.bin 
aboot_151552.bin: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, stripped

aboot and its bak are identical as are sb1 and its bak... sb1 is also ELF 32 bit ...etc


----------



## Astr4y4L (Oct 30, 2017)

*Regarding little kernel*



wdthompson said:


> I think that some of the little kernel src is in android/vendor/lge/factory/minios  ,,
> in the adroid tgz from  http://opensource.lge.com/osSch/list?types=ALL&search=vs425pp  or K121
> But that is only part of it, only the lg specific(modified?) parts, and  not the kernel or initrd
> There are only 2 references in that whole thing to aboot (grep -R), in the kernel tgz, to MIPS

Click to collapse



that's absolutely an awesome find. It verywell may be the Piece we didn't have.

Take a look at this article it is a good read on aboot and little kernel. And has link to lk source

http://newandroidbook.com/Articles/aboot.html

---------- Post added at 11:02 PM ---------- Previous post was at 10:58 PM ----------




wdthompson said:


> I think that some of the little kernel src is in android/vendor/lge/factory/minios  ,,
> in the adroid tgz from  http://opensource.lge.com/osSch/list?types=ALL&search=vs425pp  or K121
> But that is only part of it, only the lg specific(modified?) parts, and  not the kernel or initrd
> There are only 2 references in that whole thing to aboot (grep -R), in the kernel tgz, to MIPS
> ...

Click to collapse



Your right its not. Its a binary file which is signed by lg.
Give the article I referenced a read please.
I believe it will help you understand
And and also I believe its got the info you'll need for aboot


----------



## Astr4y4L (Oct 30, 2017)

@MotoJunkie01

Hey brother I may have found the problem with the Voice calls on the GSM/DSU thing...
in the Hidden menu I found a place to configure LTE also IMS Provisioning [the core network *IP Multimedia SubSystem (IMS)* ], P-CSCF
 and Network-Mode {IE: LTE-only}
so after researching what all these alphabet-soup settings are I've found that these things control how the device connects and so now I need to know some info about what settings to apply in these menu's 
If I can find the proper value's the device will then regester on the LTE and make telephone calls ,[ we already have both data and SMS ] so this is it !!! the missing piece of the puzzle !!!
Brother I'm Stoked  @MotoJunkie01 I am hoping that you can use your resources to assist me in finding the proper values to plug in to it and then we can unlock the networks fully { voice,SMS, and Data }

PLEASE help me figure this out... you Know WAY more about radio frequency stuff than I and you have access to info that I can't access {with-out getting into trouble} 
Help us O B 1 your the only HOPE!!!


----------



## MotoJunkie01 (Oct 30, 2017)

Astr4y4L said:


> @MotoJunkie01
> 
> Hey brother I may have found the problem with the Voice calls on the GSM/DSU thing...
> in the Hidden menu I found a place to configure LTE also IMS Provisioning [the core network IP Multimedia SubSystem (IMS) ], P-CSCF
> ...

Click to collapse



Ok my friend....I finally figured out the PM problem and got it fixed. You should be able to send me a PM now. I'm very sorry it gave you an issue. My settings in the User CP are set a bit unorthodox but I believe it's now fixed.


----------



## MotoJunkie01 (Oct 30, 2017)

MotoJunkie01 said:


> Ok my friend....I finally figured out the PM problem and got it fixed. You should be able to send me a PM now. I'm very sorry it gave you an issue. My settings in the User CP are set a bit unorthodox but I believe it's now fixed.

Click to collapse



PS, I'm willing to bet you're on the correct path with the GSM issue you're exploring. And, this is my next project if I can get the extra time to work on it. 
https://forum.xda-developers.com/android/general/guide-zte-blade-vantage-z839-specs-t3696635


----------



## Astr4y4L (Oct 30, 2017)

*I believe !!!!*



MotoJunkie01 said:


> PS, I'm willing to bet you're on the correct path with the GSM issue you're exploring. And, this is my next project if I can get the extra time to work on it.
> https://forum.xda-developers.com/android/general/guide-zte-blade-vantage-z839-specs-t3696635

Click to collapse



Yep, Just gotta find some values to plug to the proper settings....
Just a matter of time...
and I have a $500USD Wager riding on it too...
Weee !!! what fun we're having this morning 

RE: your linked thread,

Sweet an LTE-ONLY Verizon Device....
HMMMM
you already know what i'm thinking...

and bootloader locked too, aww how sad that OEM's make it hard for us...

BUT , we all have locked bootloaders over here too and we made quite a bit of progress...
ZTE ... Hmm does it get basic fastboot out of box?

Can't wait to see Our New thread too !!! well guy's I gots a lotta R&D required reading this morning so I'll be back to check-in later
Astr4y4L

---------- Post added at 12:43 PM ---------- Previous post was at 11:46 AM ----------




MotoJunkie01 said:


> PS, I'm willing to bet you're on the correct path with the GSM issue you're exploring. And, this is my next project if I can get the extra time to work on it.
> https://forum.xda-developers.com/android/general/guide-zte-blade-vantage-z839-specs-t3696635

Click to collapse



 @MotoJunkie01   UPDATE:

Found an interesting document on the subject of VoLTE and the GSM and those settings I told you about...

still stumped but an interesting read...
It wont let me attach the file because of file size... SO I've uploaded it on my server and heres the link for it....

http://www.astrayalslanding.dynu.ne...and-Implementation-Guidelines-Version-2.0.pdf


maby after reading this someone out in XDA land can advise us on values for these settings...
any assistance is appriciated ,
Astr4y4L
Team_Astr4y4L

---------- Post added at 12:53 PM ---------- Previous post was at 12:43 PM ----------

The PCSCF is the initial point of contact for session signalling for the IMS
-enabled VoLTE UE.  The  PCSCF  behaves  as  a  SIP  proxy  by  forwarding  SIP  messages  between  the  UE and the IMS Core Network, maintains the security associations between itself and the VoLTE  UE,  and  incorporates  the  Application  Function  aspect  of  PCC  to  enable  binding  of 
the  IMS  session  with  the  bearer  for  applying  dynamic  policy  and  receiving  notifications  of bearer  level  events. The  PCSCF  may  be  implemented  in  an  Access  Session  Border Controller which may also incorporate the IMS ALG/IMS

---------- Post added at 01:01 PM ---------- Previous post was at 12:53 PM ----------

frekin Rocket science ?

Naa just a bunch of big words meaning the VoLTE functions as a mobile SIP phone sending voice packets over ip...
but i need the values to make it connect to att's network.

the old mostly un-used At&t Developer's account may actually come in handy if I can Sound smart enough on the subject to do a little Social-Engeneereing  over there.
Hell I got the Developer account, So technically I'm really an At&t developer but I have to have a Legit reason to need this info ... 
Like maby developing a new app,
an att-only app ?

IDK

---------- Post added at 01:05 PM ---------- Previous post was at 01:01 PM ----------

Serving Call Session Control Function

---------- Post added at 01:10 PM ---------- Previous post was at 01:05 PM ----------

SCSCF (Serving Call Session Control Function)
The  SCSCF  provides  session  setup,  session  teardown,  session  control  and  routing functions.  It  generates  records  for  billing  purposes  for  all  sessions  under  its  control,  and 
invokes  Application  Servers  based  on  IFCs  received  from  the  HSS.  The  SCSCF  acts  as SIP  registrar  for  VoLTE  UEs  that  the  HSS  and  ICSCF  assign  to  it.  It  queries  the  HSS  for 
the  applicable  subscriber  profiles  and  handles  calls
involving  these  end  points  once  they 
have been registered.


----------



## MotoJunkie01 (Oct 30, 2017)

Astr4y4L said:


> Yep, Just gotta find some values to plug to the proper settings....
> Just a matter of time...
> and I have a $500USD Wager riding on it too...
> Weee !!! what fun we're having this morning
> ...

Click to collapse



Great. You've stumbled upon the service programming menu, which as you have pointed out, will allow us to input the alpha-numeric values to enable GSM support and possible VoLTE. I sent you a PM. Check that out and you'll see my present status.


----------



## Astr4y4L (Oct 30, 2017)

*Sweet!!!*



MotoJunkie01 said:


> Great. You've stumbled upon the service programming menu, which as you have pointed out, will allow us to input the alpha-numeric values to enable GSM support and possible VoLTE. I sent you a PM. Check that out and you'll see my present status.

Click to collapse



I See what you mean .. Obviously I'd like to get this last piece of it straightened out. 
I KNEW if I could Get into it there would be something good and signs pointed to it controlling the databases for the settings we need to make work...

And I Knew Once I got in to it too see and found these Settings that YOU Sir would be The Guy who would be able to help with this 

---------- Post added at 02:32 PM ---------- Previous post was at 01:37 PM ----------

VoLTE UE Attachment and IMS Registration


A  VoLTE  UE,  under  LTE  coverage,  shall  automatically  perform  an  LTE  Attach  (What I've had success with{ie messaging and lte data} ) followed  by an  IMS  registration  for  VoLTE, (THE SETTINGS I FINALLY CRACKED OPEN)if  the  network  supports  VoLTE. This ensures that the VoLTE  UE  shall  be  available  for  VoLTE  services  (i.e.  incoming  calls,  outgoing  calls  and supplementary   services),   similar   to   the   voice   experience   in   today's   CS   network ...




So that's it folks We have confirmation that I have found the Last piece of the puzzle  concerning GSM-Unlocking these things... Am I making calls yet ?
Well no... I have to tell the device to register on at&t's network first...
 So I will be working closely with a few select friends to compare and test different possible values in the settings and by trying the values from other devices that access At&t's Network first we narrow down the possibilities 
And I have A $500 USD wager riding on my success or falure in this thing so I'm not giving up..
If nothing else I'll just keep on trying different values untill something makes sense..


Kinda Hope that that other guy figure's out /aboot.
if that happened and we figure out this then Zone3 and for that matter e1q hardware platform will be in for some Crazy-Fun advancements !!!


----------



## Astr4y4L (Oct 30, 2017)

*Screen-shots*

Ok Guys Here's some random screen-shots of what I'm working on...


----------



## Astr4y4L (Oct 30, 2017)

it's headed toward full gsm unlock very quickly...


----------



## Astr4y4L (Oct 30, 2017)

HAH here's another useful screen shot...


----------



## Astr4y4L (Oct 30, 2017)

---------------- >          Team_Astr4y4L 
Stickin it too em' again ... LOL

we're about to try to get the required info from mom's cricket phone and it's an lg.....
completely diff model but should have the info in it somewhere...


----------



## wdthompson (Oct 31, 2017)

>Kinda Hope that that other guy figure's out /aboot.
I was poking at it a hour this morning,, I am not that good
I can tell that is a different aboot header, for KK and our header is different
Can find lk starts at 0x8000, there are 2 refs to that address, 99-9a and b0-b1,,
and likely the cert is not 0x100 (long) but 0x1000,, 59-5a
I am not sure if your zone3 aboot is the same as K121,, so,
 md5sum aboot1st512.md5 
adc7661852de46ad8f438865704d6530  aboot1st512.md5  ,, (dd,,count=1)
and
02f09a607b50f8e556211c17c43ae0d5  aboot_151552.bin
and the hardware may not be exactly the same,, k121 has 1G mem, zone3 has more I think
(and so the dt(device tree) is likely a bit different, that is in there too , appended I think, then cert)
ro.product.device=e1q
ro.product.board=msm8909  ,,(build prop)

etc/init.lge.zramswap.sh lists 4 or 5 different boards


----------



## Astr4y4L (Oct 31, 2017)

*Sweet!!!*



wdthompson said:


> >Kinda Hope that that other guy figure's out /aboot.
> I was poking at it a hour this morning,, I am not that good
> I can tell that is a different aboot header, for KK and our header is different
> Can find lk starts at 0x8000, there are 2 refs to that address, 99-9a and b0-b1,,
> ...

Click to collapse



We got someone who's going to work on /aboot that's awesome !!! I haven't had time to get back to that particular piece... here a month or more ago I was in touch with several Rom- developers, long story short they were developing for the bootloader locked K7's " I think can't remember the model think it was K7 or maybe K10"
Anyhow they were relating to me how they found that if they modified the /aboot.bin they were able to patch the signiture-checking mechanism He was Useing IDA pro on windows and said it worked great for several devices...
I wanted to attempt the same for our devices but I don't have that well a grasp on Assembly language and turns out to be a pretty big learning curve for IDA even...

So they offered to patch my aboot so I sent it to them...
He claimed he patched it...  I Know for FACT he changed something because when I wrote the binary back to the device It would no longer boot... no , nothing... no screen effect at all no sign of life... 
now it sits in the Brick-box (DRAWER IN DESK GOT FULL) and I just repurposed the parts... Screen replacement is fairly easy on these devices once you figure it out ..
@wdthompson is correct about the devices memory Zone3 1.5 Gb Emmc RAM
K4-121 1gb Emmc RAM  Cricket Spree(e1q){k120b} 1Gb Emmc Ram
not entirely sure on the Rebel but i'd bet it's 1 Gb Emmc Ram
so the hardware is technically different BUT I've noticed that if I don't touch the Boot-Stack I can flash a Zone 3 with parts of K121 firmware{only the 8Gb Rom version)
and when doing so I get warnings about the GPT has changed... theres several pieces that are not in the same Partition Locations . but I can still boot the K4-121 on a Zone3 using the Zone3 boot-Stack.

@wdthompson If you would like some different copies of /aboot to test, I can Break- apart several .kdz's today and load the aboot's in different folders on a directory at the Server, and link you there so that you can examine them...

I think I still have the /aboot--patched that those other guys sent back to us and I can load that up too for a comparison If you would like ? ? ?

It's good to have someone around that can work on this particular part of the project

@wdthompson I'd like for you to know that Team_AstrayaL is willing to assist you and collaborate on this if you need any-thing...

In fact seems like you , like myself are a Linux Man , so I'm not sure if you have anything like the IDA pro disassembler , I had tried _radare2 but couldn't satisfy the dependencies for what-ever reason{not liking all the bug's in the latest ubuntu 17 } So I have IDA Pro and a password for starting it up.

So I'm going to send you a Pm with a link to that and the Password to use it so you don't have to spend the insane amount of money that all that stuff cost ...
I really want to see the security mech. in aboot patched My-self I think fast-boot is great and all if it's not crippled, but it's kinda irrelevant because if we can patch /aboot we can then modify /boot and also write our custom recoveries to /recovery 
and sorry everyone but if I can get TWRP to boot on a device I have no need for Fastboot...

But if you read the article I linked you to before about aboot you'll see that Lg and Sammobile are very alike in their Rom's  and that means if we change anything in the aboot with-out creating a [dummy-spot placeholder for what we remove we change the code-size and therefor the signature check fails...

But any-how i feel like i'm rambleing on now so check your PM for the IDA link.

Astr4y4L
_

---------- Post added at 11:04 AM ---------- Previous post was at 10:49 AM ----------

Oh yea here's a thread that deals with the topic, also the 
Dev's that I mentioned are over there...


https://forum.xda-developers.com/lg-k10/how-to/bootloader-unlocked-guys-bootloader-t3558810

the Helpful guy was @pvineeth97


----------



## Astr4y4L (Nov 1, 2017)

So during my investigation I needed new tools to analize files in the /system and setteled on a program called Autopsy by Sluthkit.org...
this is forensic Data investigation software and has some really kool tools and automates much of the process...
it's the same software used by many Alphabet soup organizations such as NSA FBI and state police ...

but enough with the tool lets get to some interesting data...

                    [LGNetworkSettings.apk, res/drawable-xhdpi-v4/fplmn.png res/drawable-xhdpi-v4/plmn.png,,res/mipmap-xhdpi-v4/ic_launcher_contacts.png))res/mipmap-xhdpi-v4/ic_launcher_phone.png--res/mipmap-xxhdpi-v4/ic_launcher_contacts.png**res/mipmap-xxhdpi-v4/ic_launcher_phone.png33res/drawable-xxxhdpi-v4/shortcut_mobile_network.png GPRS/GSM only 3		Home only Automatic A Automatic B TD-SCDMA Triple mode HSPA/LTE auto SIM1 SIM2 SIM3 GSM / WCDMA auto GSM / WCDMA preferred GSM / WCDMA / LTE auto Global GSM/WCDMA (auto mode) RUIM/SIM For all trips Only for this trip Cricket only		CDMA only 4G/3G/2G 3G/2G GSM / HSPA / LTE auto GSM / HSPA auto		HSPA only LTE only All networks National roaming Unknown Retry Cancel Missing voicemail number77Mobile network settings are not available for this user Access point names		Voicemail Network operators Disabled Call settings Call settings error Reading settings Updating settings !!Unexpected response from network. Network or SIM card error$$SS request modified to DIAL request.$$SS request modified to USSD request.&&SS request modified to new SS request.ttYour Phone app's Fixed Dialing Numbers setting is turned on. As a result, some call-related features aren't working.77Please turn on the radio before viewing these settings. Enable Voicemail number changed.[[Voicemail number change unsuccessful. Please contact your carrier if this problem persists. Choose voicemail service Mobile network settings Available networks Searching No networks found. Search networks88Please, disconnect mobile data connection and try again.##Error while searching for networks. Registering on %s ::Your SIM card does not allow a connection to this network.GGUnable to connect to this network at this time. Please try again later. Registered on network. Select a network operator&&Select a network operator when roaming!!Search for all available networks Select automatically&&Automatically select preferred network Automatic registration... Network mode!!Change the network operating mode Preferred network mode  Preferred network mode: GSM only""Preferred network mode: WCDMA only##Preferred network mode: GSM / WCDMA Preferred network mode: CDMA##Preferred network mode: CDMA / EvDo!!Preferred network mode: CDMA only!!Preferred network mode: EvDo only++Preferred network mode: CDMA/EvDo/GSM/WCDMA Preferred network mode: LTE%%Preferred network mode: GSM/WCDMA/LTE%%Preferred network mode: CDMA+LTE/EVDO77Preferred network mode: Global(CDMA/EVDO/LTE/GSM/WCDMA)##Preferred network mode: LTE / WCDMA&&Preferred network mode: TD-SCDMA / LTE&&Preferred network mode: TD-SCDMA / GSM((Preferred network mode: TD-SCDMA/GSM/LTE**Preferred network mode: TD-SCDMA/WCDMA/LTE88Preferred network mode: TD-SCDMA/LTE/CDMA/EvDo/GSM/WCDMA44Preferred network mode: TD-SCDMA/CDMA/EvDo/GSM/WCDMA Enhanced 4G LTE ModeHHUse LTE services to improve voice and other communications (recommended) Data roaming%%Connect to data services when roaming``You have lost data connectivity because you left your home network with data roaming turned off.>>Allow data roaming? You may incur significant roaming charges! 4G single data networkLLCalls and messages are unavailable while 4G single data network is connected LTE (recommended) 4G (recommended) GSM/UMTS Network Preferences GSM/UMTS network preferences System select Change the cdma roaming mode CDMA Subscription Change between RUIM/SIM and NV subscription Activate device Set up data service Carrier settings Save""Type a PIN that is 4 to 8 numbers. SIM PIN changed successfully. Voicemail number New voicemail New voicemail (%d) Voicemail number unknown No service!!Selected network (%s) unavailable Dismiss		<Not set> Help Voicemail / Toll-Free Network type and strength;;Tap to see the current network type and the signal strength Global data roaming access Data roaming access""Set up data services while roaming Global data roaming&&Connect to data services while roaming Allow accessxxAccessing data during trips outside the US may result in significantly higher charges. Do you want to allow data access? Deny data roaming access Allow access only for this trip Allow access for all trips Allow data access?&&Deny data roaming access for this trip''Allow data roaming access for this trip Using data while in the US, including Alaska & Hawaii, will bill according to your data plan. Using data during trips outside of the US without a global data plan may result in significantly higher changes. Do you want to turn on data?VVConnect to mobile network when Wi-Fi is unavailable. Mobile network charges may [email protected]@Connecting via mobile network may incur data connection charges.vvConnect to mobile network when Wi-Fi is unavailable. Mobile network charges may apply. Check 4G data network settings.99Data service is not available when Wi-Fi is not connected Disable mobile data? Ask at power [email protected]@Always ask for permission to use 3G/4G data network at power on.&&Enable data access over Mobile network International data roaming33Connect to data services when international roaming International data roaming charges apply to data usage outside of the U.S., Puerto Rico and U.S.V.I. Turn data roaming off to avoid international data roaming charges. Set up SIM card type Vodafone Contract Vodafone PAYGqqData charges may apply without a flat rate pricing plan or when using pay services. Allow mobile data connection?LLData services will be limited when data connection is not allowed. Disallow?ooData charges may apply if you are not on a flat rate plan and the service is not for free. Turn Mobile data on?44Data services will be limited. Turn Mobile data off? Data consumption SOME APPLICATIONS INCLUDED IN THIS PHONE REQUIRE DATA CONNECTION WICH INVOLVE SOME COST. SUGGEST YOU TO HIRE AN INTERNET PACKAGE. DETAILS WITH YOUR SERVICE OPERATOR.--Always show this message after device turn on Network indicator Service area Available network Connected network Show network status Set to show available network Set to show connected network Current network99Always ask for permission to use data network at power on Enable to use data service Data network connection is allowed. Depending on your data plan, charges may apply due to data network connection, GPS info transmission, email account sync, and certain functions on this phone. Data network connection not allowed. Calls and multimedia messages are available. With Wi-Fi connection, Automatic sync and data via Calendar and Email are also available. Operator when roaming Info Subscribed network System Settings Auto-select (recommended) Select manually44Searching for global roaming network... Please wait.\\Connected to %s. Another roaming network will be connected when this network is unavailable.KK%s is unavailable. Another roaming network will be connected automatically. Not connected//This operation is effective only for this time. Available networks(slot 1) Available networks(slot 2) GSM network selection Searching GSM network... Search timed out!!Searching time is out. Try again. 32 bit Hi-Fi DACddYou can experience high quality sound via 32 bit Hi-Fi DAC when earphones or a headset is connected. Close Select subscription Roaming Mode Error codeppUnable to establish wireless data connection. If the problem persists, please contact your mobile phone company. Unable to establish wireless data connection. Please select Update Profile to correct this problem. If the problem persists, please contact your mobile phone company. Network busy. Please try again. Update profile Call Set network>>If you select the wrong network, the call may not be connected Data network enabled Use mobile data Ask when data connected,,Notify when powered on and connected to data33Always ask when power on and data network connected Selection mode--No network operator (PLMN ID) info identified Operator info is not available System can not search networksGGTo sign up for a global data plan, call global support at  908-559-4899. Note Select a LTE/3G network))Data roaming is disabled by server policy,,Data connection is disabled by server policy++Data connection is enabled by server policy Cannot enter more letters.		Connected MetroPCS Only--Change the network mode and CDMA roaming mode 3G/4G data is disabled.::3G/4G data is enabled. (It will incur additional charges.) Mobile data is disabled. Mobile data is enabled. Any data access while on a trip outside the USA may result in significantly higher charges. Allow data access?  To sign up for a global data plan, call global support at  908-559-4899. Allow If data network connection (WCDMA/LTE) is allowed, additional charges may apply without a flat rate pricing plan or when using pay services.UUTo turn on mobile data, additional charges may apply depending on your plan. Turn on?ooYou will be notified when the phone is powered on and connected to a WCDMA/LTE network for mobile data. Notify?kkUnable to connect to this network at this time. Please try again later. Only emergency calls are available. 4G settings 4G properties Network provider IP address&&Enable data access over mobile network Do not show this again Connections Optimizer Always standard call HD voice priority HD Voice priority Block HD Voice PRL update Connect OTA server to update PRL. Auto-update after a few minutes occurring connecting sound. Do you want to connect OTA server?(Call %s)55Update roaming country data (only available in Japan) Use 4G data network++Using 4G data network instead of 3G network~~Data service is available overseas when Data roaming is turned on. Significant charges may apply due to Data roaming. Turn on? Data roaming allows you to browse the web, use emails, multimedia messages and other data services overseas. Check with your network provider for pricing. Turn on? Settings Data enabled PRL Version,,Enable 3G/4G data access over mobile network Cost save mode''Call will be made via assigned SIM card When cost save mode is on, each contact can be assigned to specific SIM in Contacts. When call is made to contact assigned to available SIM, the SIM is used for the call even if other SIM is active. Continue? UIM card is PIN locked. UIM card is PUK locked. UIM card is PERM locked. SIM card is PIN locked. SIM card is PUK locked. SIM card is PERM locked. Decline with message Decline with message Mobile networks LTE preferred//LTE network is set on priority for data serviceccData service on 3G network. LTE subscribers can use the service more quickly in LTE preferred mode. Set up APN for data service CMCC CUCC Unless you use Wi-Fi, you will no longer be able to use the Internet, Email or other apps that require a data connection. Turn off the mobile data connection? Unless you use Wi-Fi, you won't be able to use the Internet, Email or other apps that require a data connection. Turn off the mobile data connection? Video calls won't work when mobile data is off. Also, you won't be able to use the Internet, Email or other apps that need a data connection unless you use Wi-Fi. Turn off the mobile data connection? Your phone's Video Calling function won't work when mobile data is off. Also, you won't be able to use the Internet, Email or other apps that need a data connection unless you use Wi-Fi. Turn off the mobile data connection? Mobile data Domestic roaming Display network name!!Display network name on indicatorzzUnable to search networks while data service is connected. Do you want to disconnect the data service and search networks?00Temporarily unavailable. Please try again later.^^Searching networks available for roaming service... Please wait. It may take up to 2 minutes. minkkMake sure you selected a correct network for data connection and phone calls. Select a network for roaming?**Selected romaing provider (%s) unavailable Select roaming network))Preferred network mode: GSM/HSPA/LTE auto%%Preferred network mode: GSM/HSPA auto!!Preferred network mode: HSPA only&&Not possible to perform manual search. Subscribed roaming network Registering... Please wait.DDRegistering subscribed roaming network automatically... Please wait. Enhanced 4G LTE Services Not available Roaming Not roaming Voice and Data roaming Voice roaming 2G/3G/LTE auto 2G/3G/4G auto 2G/3G auto!!Preferred network mode: 2G/3G/LTE  Preferred network mode: 2G/3G/4G Preferred network mode: 2G/3G  Preferred network mode: 4G/3G/2G Preferred network mode: 3G/2G Preferred network mode: 2G only Preferred network mode: 3G only Preferred network mode: 4G onlyggManually set network may be unavailable when roaming, moving across countries, or in your home country. Select operator manually Operator list Search operators Automatic (LTE preferred) 3G/2G only 3G preferred 2G preferred++Unable to connect. Select another operator.$$Preferred network mode: 3G preferred$$Preferred network mode: 2G preferred Block on list Block all calls Available GSM networks Data networks Roaming state$$Forbidden network, unable to connect Default Clean SoftXXAirplane mode is on. You will be unable to make or receive calls with airplane mode on. Restrict data roaming Refresh Data network connection (WCDMA/LTE) not allowed. Multimedia messages are available but data will not sync without Wi-Fi connection. To turn off mobile data (WCDMA/LTE), multimedia messages will still be available. Turn off? To use the Internet, connect to Wi-Fi.yyWCDMA/LTE data connection blocked. You cannot send or receive multimedia messages. To use data service, connect to Wi-Fi.~~To turn off mobile data (WCDMA/LTE), multimedia messages will be unavailable. Turn off? To use the Internet, connect to Wi-Fi. Roaming only Search for AT&T MicroCell Automatic(4G/3G/2G) Searching for MicroCell?? No MicroCells found MicroCell Selection Success**This operation is not allowed during call. You can change roaming operators by choosing Select operator manually when calls or data connections are unavailable while roaming. If you select a wrong operator in current country, however, the operator setting will change from O to X in the list and the roaming service may become unavailable. When roaming service is unavailable, go back to the previous menu and deselect Select operator manually. Alternatively, tap the Menu key and select Reset roaming network. Available roaming network will be connected automatically. Connected to %s11Unable to connect to %s. Select another operator.&&Touch to change data roaming settings. National only LTE Calling Turn on HD Voice and Video call  Turn off HD Voice and Video call		LTE/WCDMA Turn offHH- Data roaming is enabled - Use data service(LTE) in global roaming modeSS- Data roaming is enabled - Use data service(WCDMA/GPRS/GSM) in global roaming modeDD- Data roaming is disabled - Use data service in global roaming mode It is not roaming area Sync optimization..Optimize interval to sync apps to save battery VoLTE>>Use high-quality voice calls and communication services on LTEyyThe roaming traffic may cause additional charges. For more information about rates refer to the website http://www.tre.itzzUnable to change networks while data service in use. Stop using current data service and select another available network?iiData service is available overseas when Mobile data is turned on. Significant charges may apply. Turn on? GSM networks CDMA networks CDMA networks can be connected to automatically without being selected. If you cannot connect through your current network, try a manual search for an alternative roaming network.""Connecto to an alternative network``Search for an alternative network. Current network will be added to the filter networks. Search?EEDisconnect from current network and search for an alternative network View filter networks Filter networks Clear filter networks++The filter networks will be cleared. Clear? Minimize data when off<<Minimize data usage for apps when screen off to save batteryGGYour smartphone has been configured with your preferred network! Enjoy! Manual Network Selection When cost save mode is on, each contact can be assigned to specific UIM/SIM in Contacts. When call is made to contact assigned to available UIM/SIM, the UIM/SIM is used for the call even if other UIM/SIM is active. Continue?++Call will be made via assigned UIM/SIM card SIM card lock settings SIM card 1 icon SIM card 2 icon SIM card 3 icon SIM card color theme Home Office Heart Theme 01 Theme 02 SIM card slot 1 SIM card slot 2 Theme Data network PERM locked SIM card to use Not available while calling PIN locked PUK lockedBBUnable to change the default data network. Please try again later.--SIM switching is not available while calling. Lock SIM%d card Unlock SIM%d card Change SIM%d PIN Old SIM%d PIN SIM%d PIN changed successfully Require PIN to use phone Do not require PIN to use phone SIM PIN PINs don't match!22Unable to Change SIM Lock. SIM doesn't support it. No SIM**Unable to Change SIM PIN. Enable SIM LOCK. Lock SIM card Change SIM PIN Old SIM PIN SIM card 1 is PIN locked. SIM card 2 is PIN locked. SIM card 3 is PIN locked. SIM card 1 is PUK locked. SIM card 2 is PUK locked. SIM card 3 is PUK locked. SIM card 1 is PERM locked. SIM card 2 is PERM locked. SIM card 3 is PERM locked. Dual SIM card Enter current PIN Remaining: %1$s attempt Remaining: %1$s attemptsOOPIN is wrong. You have %1$s times from now. Please check it and input it again.NNPIN is wrong. You have %1$s time from now. Please check it and input it again. SIM card lock enabled. SIM card lock disabled. Set new PIN Confirm new PIN PIN must be 4 ~ 8 digits Invalid PIN No SIM card Triple SIM card SIM card slot 3??Network mode cannot be changed while SIM%d is set as WCDMA modeCCCannot change network mode while SIM card %1$d is set to %2$s mode. Activate slot 1 Activate slot 2 Activate slot 3 SIM card 1 SIM card 2 SIM card 3 Activating... Deactivating... Checked not checked SIM card switch key Tap to Change SIM card.//Touch and hold to go to Dual SIM card settings.11Touch and hold to go to Triple SIM card settings. -__This SIM card is set as default for data network. To use data network, change default SIM card. Now deactivated SIM card name UIM/SIM card name UIM/SIM card manager UIM/SIM card color theme Access data via %s--Touch and hold to go to UIM/SIM card manager.ggThis SIM card is set as default for data network. To use data network, change default SIM card. Change?00SIM card for data network changed to SIM card %d==This SIM card is set as default for data network. Deactivate? Switch to networkCCWhen no Wi-Fi is available, connect to mobile network automatically No UIM UIM card slot SIM card slot UIM card SIM card Access data via SIM card Lock UIM card Change UIM PIN Old UIM PIN UIM PIN changed successfully. UIM PIN Unlock UIM card Unlock SIM card UIM/SIM card to use UIM/SIM card switch key Tap to Change UIM/SIM card.ooThis UIM/SIM card is set as default for data network. To use data network, change default UIM/SIM card. Change?AAThis UIM/SIM card is set as default for data network. Deactivate? No UIM card Turn Mobile Data on?AAMobile data must be on to make a video call. Turn Mobile data on? CDMA Roaming mode GSM/UMTS settings Legacy 3GPP multi Network submode LTE/GSM/UMTS GSM/UMTS multi-mode GSM only mode UMTS only mode GSM/UMTS multi LTE/Legacy 3GPP multi		UMTS only--Select network submode and network operators. LTE/GSM/UMTS settingsFFPlease insert SIM card to use GSM network (except for emergency calls) Standard datazzEnables mobile data such as email, web browsing, and push notifications over the cellular network. Data charges may apply.qqEnables HD Voice and enhanced communications over the cellular network (where available). Data charges may apply. Enables mobile data such as email, web browsing, and push notifications over the cellular network when roaming outside the U.S., Puerto Rico and USVI. International roaming data charges will apply. Enables HD Voice and enhanced communications over the cellular network (where available) when roaming outside the U.S., Puerto Rico and USVI. International roaming data charges will apply. Use VoLTE roaming VoLTE roaming==With Use VoLTE roaming on, charges will apply per actual use. Preferred networks Network ID Priority New PLMN Slot 1 Slot 2 Slot 3 Icons Video capability sharing Video Calling>>Allow callers to see that your phone is capable of video calls Try again later. Turning on. Please wait... Turning off. Please wait... Search settings More China Mobile HK Use Mobile DataWWDo you want to purchase data so you can use the Verizon network to access the Internet? Add Mobile ServiceAAPlease contact Customer Service at (800) 922-0204 for assistance. Not nowVVYou turned off Mobile Data. Do you want to continue with current Video Call or End it? Continue call End current call WCDMA/LTE auto&&Preferred network mode: WCDMA/LTE auto Warning  Searching...(Remaining time: %s) LTE/CDMA GSM/UMTS CDMA CDMA w/o EvDo LTE / CDMA GSM/WCDMA auto GSM/WCDMA/LTE auto CDMA/EvDo auto		Automatic WCDMA only		EvDo only GSM only Phone%%Allow data access over Mobile network CDMA roaming mode Don't show this again 2G only		User PLMNJJYou will be prompted to select whether to allow WCDMA/LTE data connection. Star NV		SIM%d PIN GSM/GPRS/EDGE only UMTS/HSPA/HSPA+ onlyIIChanging data access will stop all LTE services. Do you want to continue? 3G only null WCDMA GPRS/GSM EvDo CDMA/EV-DO GSM/WCDMA 	GSM GSM/WCDMA GSM/WCDMA/LTE  GSM/WCDMA( CDMA GSM/HSPA/LTE GSM/HSPA HSPA ...	 DIAL USSD ...	 : GSM : WCDMA : GSM/WCDMA : CDMA : CDMA/EvDo : CDMA : EvDo : CDMA/EvDo/GSM/WCDMA : LTE


----------



## Astr4y4L (Nov 1, 2017)

and the rest of it:

: GSM/WCDMA/LTE : CDMA+LTE/EVDO : Global : LTE / WCDMA 4G LTE "\LTE &n4G LTE (  GSM/UMTS +CDMA CDMA %CDMA CDMA RUIM/SIM UIM PIN (%d) (%s) +uWi-Fi USVI Wi-Fi #c%s Hi-Fi DAC7 Hi-Fi DAC PLMN (PLMN ID)  908-559-4899 !LTE/3G MetroPCS CDMA &3G/4G ;3G/4G : 908-559-4899 0~WCDMA/LTE  NWCDMA/LTE (WCDMA/LTE)  %s) -UIM -UIM .UIM PERM -SIM -SIM .SIM PERM  LTE Wi-Fi Wi-Fi Wi-Fi Wi-Fi : GSM/HSPA/LTE : GSM/HSPA : HSPA ...  4G LTE 2G/3G/LTE( (2G/3G/4G)     (2G/3G) 2G/3G/LTE 2G/3G/4G 2G/3G :4G/3G/2G :3G/2G (LTE 3G/2G WCDMA/LTE Wi-Fi (WCDMA/LTE) Wi-Fi WCDMA/LTE Wi-Fi (WCDMA/LTE) Wi-Fi AT&T MicroCell 2G/3G( $MicroCell 'MicroCell %1$s VoLTE (WCDMA/GPRS/GSM) http://www.3.dk CDMA CDMA UIM/SIM UIM/SIM UIM/SIM UIM/SIM UIM/SIM !SIM PREM SIM%d SIM%d SIM%d SIM%d PIN  SIM%d FSIM ASIM PIN SIM PIN UIM PIN .SIM .SIM .SIM .SIM .SIM .SIM /SIM PERM /SIM PERM /SIM PERM : %1$s :%1$s (jPIN %1$s 3SIM 3SIM ;PIN 3+mSIM%d WCDMA ,nSIM%1$d %2$s Dual SIM UIM/SIM "UIM/SIM %UIM/SIM UIM/SIM (%d) Wi-Fi 'SIM UIM PIN UIM PIN UIM PIN *SIM UIM/SIM "UIM/SIM UIM/SIM UIM/SIM UIM/SIM UIM/SIM $UIM GSM/UMTS GSM/UMTS UMTS GSM/UMTS LTE/Legacy 3GPP GSM/GPRS/EDGE UMTS/HSPA/HSPA+     LTE UMTS LTE/GSM/UMTS )kGSM -OFF Verizon (800) 922-0204 ...( : %s)     PRL (4G/3G/2G) Automatisch Nur 3G Nur GPRS/GSM Nur Startseite Automatisch A Automatisch B 4G / 3G Nur EvDo CDMA ohne EvDo CDMA/EvDo (automatisch) 2G/3G (automatisch) Nur 2G GSM/WCDMA bevorzugt 2G/3G/4G (automatisch) UMTS 2G/3G (automatischer Modus) r alle Reisen Nur f r diese Reise Nur Kricket Nur CDMA GSM/HSPA/LTE (automatisch) GSM/HSPA (automatisch) Nur HSPA Alle Netzwerke Inland-Roaming  Telefon        Unbekannt Wiederholen        Abbrechen Fehlende MailboxnummerDFMobilfunknetz-Einstellungen sind f r diesen Benutzer nicht verf gbar Zugangspunkte Mailbox Netzbetreiber Deaktiviert Anrufeinstellungen Fehler bei Anrufeinstellungen Einstellungen werden gelesen "$Einstellungen werden aktualisiert   Unerwartete Antwort vom Netzwerk Netzwerk- oder SIM-Kartenfehler$&SS-Anfrage in W HL-Anfrage ge ndert.+,SS-Anfrage wurde auf USSD-Anfrage ge ndert.66SS Anfrage ist zu neuer SS Anfrage modifiziert worden.x{F r Ihr Telefon ist die Anrufbeschr nkung aktiviert. Demzufolge funktionieren einige gespr chsbezogene Funktionen nicht.PPAktivieren Sie Ihre Mobilfunkverbindung, bevor Sie diese Einstellungen anzeigen. Aktivieren Mailboxnummer ge ndert.|}Die Mailboxnummer konnte nicht ge ndert werden. Kontaktieren Sie Ihren Netzbetreiber, wenn dieses Problem weiterhin besteht. Mailbox-Dienst ausw hlen Mobilfunknetz-Einstellungen Verf gbare Netzwerke Suchvorgang l uft ... Keine Netzwerke gefunden Netzwerke suchenIIBitte trennen Sie die mobile Datenverbindung und versuchen Sie es erneut. Fehler bei der Netzwerksuche Registrierung in %s l @AIHre SIM-Karte unterst tzt keine Verbindung mit diesem Netzwerk.ghEs kann derzeit keine Verbindung zu diesem Netzwerk hergestellt werden. Versuchen Sie es sp ter erneut. In Netzwerk registriert. Netzbetreiber ausw hlen.0W hlen Sie einen Netzbetreiber f r das Roaming()Nach allen verf gbaren Netzwerken suchen Automatisch ausw hlen*+Bevorzugtes Netzwerk automatisch ausw hlen Automatische Registrierung... Netzwerkmodus Netzwerkbetriebsmodus  ndern Bevorzugter Netzwerkmodus!!Bevorzugter Netzwerkmodus: nur 2G!!Bevorzugter Netzwerkmodus: nur 3G  Bevorzugter Netzwerkmodus: 2G/3G Bevorzugter Netzwerkmodus: CDMA$$Bevorzugter Netzwerkmodus: CDMA/EvDo##Bevorzugter Netzwerkmodus: nur CDMA##Bevorzugter Netzwerkmodus: nur EvDo..Bevorzugter Netzwerkmodus: CDMA/EvDo/GSM/WCDMA Bevorzugter Netzwerkmodus: LTE//Bevorzugter Netzwerkmodus: 2G/3G/4G automatisch00Bevorzugter Netzwerkmodus: 2G/3G/LTE automatisch((Bevorzugter Netzwerkmodus: CDMA+LTE/EVDO!!Bevorzugter Netzwerkmodus: Global$$Bevorzugter Netzwerkmodus: LTE/WCDMA Erweiterter 4G LTE-ModusZZVerwenden Sie LTE-Dienste, um Sprach- und andere Kommunikationen zu verbessern (empfohlen)+,Datenzugriff  ber Mobilfunknetze aktivieren Daten-Roaming*+Datendienste w hrend des Roamings erlaubenabDatenverbindung nicht verf gbar, da Sie nicht im Heimnetz sind und Daten-Roaming deaktiviert ist.JMDaten-Roaming zulassen? Es k nnen betr chtliche Roaming-Geb hren anfallen! 4G-Einzel-Daten-NetzwerkceAnrufe und Nachrichten sind w hrend der Verbindung mit dem 4G-Einzel-Daten-Netzwerk nicht verf gbar LTE (empfohlen) 4G (empfohlen) GSM-/UMTS-Netzwerkeinstellungen Systemauswahl CDMA-Roamingmodus  ndern CDMA-Roamingmodus CDMA-Abonnement!!Zwischen RUIM/SIM und NV wechseln Abonnement t aktivieren Datendienst einrichten Netzbetreiber-Einstellungen        Speichern))Geben Sie eine 4- bis 8-stellige PIN ein.&(PIN f r SIM-Karte erfolgreich ge ndert Mailbox-Zentrale Neue Nachricht Neue Nachricht (%d) Mailboxnummer unbekannt kein Dienst*,Ausgew hltes Netzwerk (%s) nicht verf gbar Nein        Verwerfen <Nicht festgelegt> Hilfe Voicemail / Geb hrenfrei Netzwerktyp und -st rkeHITippen Sie, um den aktuellen Netzwerktyp und die Signalst rke anzuzeigen  Zugriff weltweites Daten-Roaming Daten-Roaming-Zugriff45Legen Sie den Datendienst w hrend des Roamings fest. Weltweites Daten-Roaming Zugriff erlauben Der Zugriff auf Daten kann bei Reisen au erhalb der USA zu deutlich h heren Kosten f hren. M chten Sie den Datenzugriff zulassen? Daten-Roaming verwehren Zugriff nur auf diese Reise((Erlauben Sie den Zugriff auf alle Reisen Datenverbindung zulassen?78Verweigern Sie einen Datenroamingzugang f r diese Reise01Roaming-Datenverbindung f r diese Reise zulassen Die Verwendung von Daten wird, w hrend Sie sich in den USA, einschlie lich Alaska, Hawaii, Puerto Rico sowie die Amerikanischen Jungferninseln aufhalten, gem  Ihres Datentarifs abgerechnet. Die Verwendung von Daten, auf Reisen au erhalb der USA und ohne einen globalen Datentarif, kann deutlich h here Geb hren verursachen. chten Sie die Verwendung von Daten aktivieren?qsVerbindung zu Mobilfunknetz herstellen, wenn Wi-Fi nicht verf gbar ist. M glicherweise fallen Mobilfunkkosten an.KLVerbindung  ber das Mobilefunknetz kann Datenverbindungskosten verursachen. Verbindung zu Mobilfunknetz herstellen, wenn Wi-Fi nicht verf gbar ist. M glicherweise fallen Mobilfunkkosten an.  berpr fen Sie die Einstellungen des 4G-Datennetzwerks.GHWenn keine Wi-Fi-Verbindung besteht, sind keine Datendienste verf gbar. Mobile Daten deaktivieren? Beim Einschalten fragenQQBeim Einschalten immer um Erlaubnis bitten, das 3G/4G-Datennetzwerk zu verwenden../Datenverbindung  ber Mobilfunknetze aktivieren Internationales Daten-RoamingGGBei internationalem Roaming eine Verbindung zu Datendiensten herstellen erhalb der USA, Puerto Rico und den US Virgin Islands enstehen bei Datennutzung internationale Daten-Roaminggeb hren. Deaktivieren Sie das Daten-Roaming, um internationale Daten-Roaminggeb hren zu vermeiden. SIM-Kartentyp einstellen Vodafone-Kontrakt Datengeb hren k nnen ohne einen Flatrate-Tarif oder bei der Verwendung von Bezahldiensten anfallen.  chten Sie die mobile Datenverbindung zulassen?`aDatendienste werden eingeschr nkt sein, wenn die Datenverbindung deaktiviert wird. Deaktivieren? Datengeb hren k nnen anfallen, wenn Sie nicht  ber einen Flatrate-Tarif verf gen und der Service nicht kostenlos ist. M chten Sie Mobile Daten aktivieren?LMDatendienste werden begrenzt werden.  chten Sie Mobile Daten deaktivieren? Datenintensiv Einige Anwendungen dieses Telefons ben tigen eine Datenverbindung, welche zus tzliche Kosten verursachen kann.Wir schlagen vor ein Internet Packet zu buchen, Details gibt es bei Ihrem Netz Betreiber.33Immer anzeigen, wenn das Telefon eingeschaltet wird Netzwerkanzeige Service-Bereich Verf gbares Netzwerk Verbundenes Netzwerk Den Netzwerkstatus anzeigen56Ist eingestellt, die verf gbaren Netzwerke anzuzeigen55Ist eingestellt, die verbundenen Netzwerke anzuzeigen Aktuelles NetzwerkKKBeim Einschalten immer um Erlaubnis bitten, das Datennetzwerk zu verwenden.++Aktivieren, um den Datendienst zu verwenden Datennetzwerkverbindungen sind zugelassen. Wenn eine Verbindung zu einem Datennetzwerk besteht, fallen zus tzliche Geb hren an. Datennetzwerkverbindungen sind nicht zugelassen. MMS funktionieren jedoch weiterhin, und  ber Wi-Fi k nnen Sie automatische Synchronisierung und Daten  ber Kalender, E-Mail und andere Dienste verwenden. Betreiber beim Roaming Abboniertes Netzwerk Systemeinstellungen Autom. Auswahl Manuell ausw hlenEEAuf der Suche nach einem globalen Roaming-Netz ...  Bitte warten Sie. Verbunden mit %s.  Es wird mit einem anderen Roaming-Netzwerk verbunden werden, wenn dieses Netzwerk nicht verf gbar sein sollte.XY%s ist nicht verf gbar.  Ein anderes Roaming-Netzwerk wird automatisch verbunden werden. Nicht verbunden**Dieser Vorgang ist nur dieses Mal wirksam. Verf gbare Netzwerke (Slot 1) Verf gbare Netzwerke (Slot 2) GSM Netzauswahl%%Auf der Suche nach einem GSM(2G)-Netz Zeitlimit f r Suche abgelaufen12Zeitlimit f r Suche abgelaufen. Erneut versuchen. 32 Bit Hi-Fi DACosSie k nnen hohe Klangqualit ber 32-Bit Hi-Fi DAC erleben, wenn ein Kopfh rer oder Headset angeschlossen ist. Nicht erneut anzeigen     Schlie Anmeldung ausw hlen Roamingmodus Fehlercode Es kann keine drahtlose Datenverbindung hergestellt werden. Wenn dieses Problem weiterhin besteht, wenden Sie sich bitte an Ihren Dienstanbieter. Es kann keine drahtlose Datenverbindung hergestellt werden. Bitte w hlen Sie  Profil aktualisieren , um dieses Problem zu beheben. Wenn dieses Problem weiterhin besteht, wenden Sie sich bitte an Ihren Dienstanbieter.;<Netzwerk ist besetzt. Bitte versuchen Sie es sp ter erneut. Profil aktualisieren Anruf Benutzer PLMN Netz w hlenSUWenn Sie das falsche Netzwerk w hlen, wird der Anruf m glicherweise nicht verbunden Datennetzwerk aktiviert Mobile Daten verwenden$$Fragen, wenn Datenverbindung bestehtFFBei Aktivierung und Verbindung mit einem Datennetzwerk benachrichtigencdImmer fragen, wenn das Ger t eingeschaltet wird und eine Verbindung mit einem Datennetzwerk besteht        Markieren00Keine Netzbetreiber-Info (PLMN-ID) identifiziert!"Betreiberinfo ist nicht verf gbar""System kann keine Netzwerke suchenwxUm sich f r einen globalen Datentarif anzumelden, rufen Sie bitte unseren globalen Kundenservice unter  908-559-4899 an. Hinweis Netzwerkmodus  hlen Sie ein LTE/3G-Netzwerk55Daten-Roaming ist wegen Server-Richtlinie [email protected]@Datenverbindung wurde aufgrund der Server-Richtlinie deaktiviert66Datenverbindung wird durch Server-Richtlinie aktiviert45Es k nnen keine weiteren Zeichen eingetragen werden.        Verbunden Nur MetroPCS55Wechseln des Netzwerkmodus und des CDMA Roaming-Modus 3G/4G-Daten deaktiviert783G/4G Daten aktiviert (Es entstehen zus tzliche Kosten) Mobile Daten deaktiviert Mobile Daten aktiviert Bei Datenzugriff auf einer]

this is every bit of text from LGNetworksettings.apk

---------- Post added at 10:23 PM ---------- Previous post was at 10:12 PM ----------

and in /system/Priv-APP/IMS.apk

we find this...
output of strings

       Ims.apk AndroidManifest.xml *+"j 0z*o |WB\ ;5U=Z U[x5 RvlU OYr? oFx3 res/drawable-hdpi-v4/icon.png IHDR EIDATx c{6{ 3MgsG Zp<  Q}x) ieK|7I9 Fkf(gFU8 9/T% V=n,z&w KX#Y #b8y2q XJoq LH[z g_E) ^B]fO XB]"[ N]6? Gx,j V+kUh Zkuh 5uhm 8jLe ykm5 \$~T 2#}* Ocb) \.388 3C"i >MKj )<B] ppp# :l-F #|6v>A{ WKQ* y-(S cB<' MqEq TYQ; ,Iw.W/ r/6UyV_i' -vg_ C\'9lg CHSr ;au=E*fq [email protected][z-- Ffj;%F ]Oqa oqer 4 [email protected] IEND @=B]f! res/layout/main.xml A)(( tHtD gwF3 3rA6 T-d9 =B]f! res/layout/password.xml b[=x g`Y2 2>3Y" oQ4: l3Ow5 azTr W|T{ res/xml/imsprovisioning.xml M*RZ {`z6cm`~ 8gEE !;:>y06y     '0l 5]bmkm e3bq= +h'b v<2} ^}K_  c(6yN$ cs`, <4K1 =):%s^ eD<Q ~    [email protected] uD]i BTC; }HA/ {?bG$ i>Oh> w$=tA d~[$ v+p} YZ{vH %snH 0nP`\I0 S5,A resources.arsc res/layout/main.xml res/layout/password.xml res/xml/imsprovisioning.xml res/drawable-hdpi-v4/icon.png global local Global Number Local Number 3gpp2 3gpp true false IPV6 IPV4 IPV6V4 IPV4V6 sip_tel tel_sip default remote none UPDATE INVITE NONE DISABLED ENABLED 0x0000000F 0x0004000F LG IMS IMS Settings  IMS Provisioning Common ims_provisioning Subscriber ISIM Debug Services        Test Mode P-CSCF P-CSCF (0) P-CSCF (1) P-CSCF (2) Address Port P-CSCF Discovery Home Domain Name IMPI IMPU Primary Ref. Index IMPU (0)        IMPU (1)* IMPU (2) Phone Context Credential        User Name Realm Password        Algorithm Realm Leniency S-CSCF Compact Form Features Tag Prefix        Device ID TCP Threshold Length Registration TCP Transport Timer Connection        Keepalive Wouldblock Listen Channel Scheme        Transport        SIP Timer Timer - T1 Timer - T2        Timer - B        Timer - D        Timer - F        Timer - H        Timer - I        Timer - J        Timer - K User Agent SW Version Service Version Duration Subscription Subscription(reg) Expires Enabler SIP Preferred Identity Target Scheme Target Number Format Session Timer Min SE Session Expires        Refresher Refresh Method SIP Headers No refresh by re-INVITE Connection (0) Connection (1) Connection (2) Profile Name IP Version Access Policy Guard Timer Value (in service)""Guard Timer Value (out of service) REG (0) REG (1) REG (2) Type Flow Id Retry Interval Retry Repeat Interval IPSec SMS Format SMS Over IP Network ims_subscriber ims        admin_ims admin_isim admin_debug admin_services admin_testmode pcscf server_pcscf_0_address server_pcscf_1_address server_pcscf_2_address server_pcscf_0_port server_pcscf_1_port server_pcscf_2_port admin_pcscf subscriber_0_home_domain_name subscriber_0_impi subscriber_0_impu##subscriber_0_impu_primary_ref_index subscriber_0_impu_0 subscriber_0_impu_1 subscriber_0_impu_2 subscriber_0_phone_context subscriber_0_auth_username subscriber_0_auth_realm subscriber_0_auth_password subscriber_0_auth_algorithm  subscriber_0_auth_realm_leniency subscriber_0_server_scscf ims_sip ims_sip_common common_compact_form common_sip_features common_tag_prefix common_device_id common_tcp_criterion_len ims_sip_registration sip_tcp_transport_timer timer_tv_tcp_connection timer_tv_tcp_keepalive timer_tv_tcp_wouldblock sip_listen_channel listen_channel_scheme listen_channel_port listen_channel_transport        sip_timer timer_tv_t1 timer_tv_t2 timer_tv_tb timer_tv_td timer_tv_tf timer_tv_th timer_tv_ti timer_tv_tj timer_tv_tk ims_user_agent ua_version_sw_version header_info_service_version reg_expiration reg_subscription reg_sub_expiration header_info_preferred_id header_info_target_scheme  header_info_target_number_format session_timer session_st_minse session_st_session_expires session_st_refresher session_st_method session_st_headers!!session_st_no_refresh_by_reinvite ims_aos aos_connection aos_connection_0 aos_connection_1 aos_connection_2 aos_connection_0_profile_name aos_connection_1_profile_name aos_connection_2_profile_name aos_connection_0_ip_version aos_connection_1_ip_version aos_connection_2_ip_version aos_connection_0_access_policy aos_connection_1_access_policy aos_connection_2_access_policy  aos_connection_0_service_in_time  aos_connection_1_service_in_time  aos_connection_2_service_in_time!!aos_connection_0_service_out_time!!aos_connection_1_service_out_time!!aos_connection_2_service_out_time aos_reg        aos_reg_0        aos_reg_1        aos_reg_2 aos_reg_0_type aos_reg_0_flow_id aos_reg_0_retry_interval aos_reg_0_retry_repeat_interval aos_reg_0_ipsec aos_reg_1_type aos_reg_1_flow_id aos_reg_1_retry_interval aos_reg_1_retry_repeat_interval aos_reg_1_ipsec aos_reg_2_type aos_reg_2_flow_id aos_reg_2_retry_interval aos_reg_2_retry_repeat_interval aos_reg_2_ipsec ims_sms sms_sip sms_sip_timer sms_timer_tv_t1 sms_timer_tv_t2 sms_timer_tv_tf sms_header_info_service_version sms_header_info_target_scheme$$sms_header_info_target_number_format sms_common sdm_sms_format sdm_sms_over_ip_network Disabled Enabled 1024 ~ 65535$$Comma-separated list - PCO/ISIM/CONF SIP Features - gruu(0x1), rport(0x2), keep(0x4), multiple_reg(0x8), pan_info_in_initial_reg(0x10000), p_preferred_id_in_reg_sub(0x20000), auth_algorithm(0x01000000), ua_set_by_context(0x02000000), user_agent(0x04000000), display_name_dquot(0x08000000), contact_in_all_1xx(0x10000000) Session timer related headers - none(0x00), session_expires(0x01), minse(0x02), require(0x04,timer in 200 OK), check_session_expires(0x10), all(0xFF) Trace        ims_trace Log Selection trace_option com.lge.ims attr drawable layout array string icon main password imsprovisioning target_scheme_value target_number_format_value target_number_format_entry one_item_value two_item_value three_item_value four_item_value sms_format_value sms_over_ip_network_value ip_version_value ip_version_entry preferred_id_entry session_refresher_entry session_refresh_method_entry log_label_entry log_label_value app_name ims_settings ims_provisioning ims_label_common ims_key_provisioning ims_label_subscriber ims_label_ims ims_label_isim ims_label_debug ims_label_services ims_label_testmode ims_label_pcscf ims_label_pcscf_0 ims_label_pcscf_1 ims_label_pcscf_2 ims_label_address ims_label_port ims_label_admin_pcscf ims_label_home_domain_name ims_label_impi ims_label_impu  ims_label_impu_primary_ref_index ims_label_impu_0 ims_label_impu_1 ims_label_impu_2 ims_label_sip_phone_context ims_label_credential ims_label_username ims_label_realm ims_label_password ims_label_algorithm ims_label_realm_leniency ims_label_scscf ims_label_sip ims_label_sip_common ims_label_sip_compact_form ims_label_sip_features ims_label_sip_tag_prefix ims_label_sip_device_id ims_label_sip_tcp_criterion_len ims_label_sip_registration!!ims_label_sip_tcp_transport_timer""ims_label_sip_tcp_connection_timer!!ims_label_sip_tcp_keepalive_timer""ims_label_sip_tcp_wouldblock_timer ims_label_sip_listen_channel##ims_label_sip_listen_channel_scheme!!ims_label_sip_listen_channel_port&&ims_label_sip_listen_channel_transport ims_label_sip_timer ims_label_sip_timer1 ims_label_sip_timer2 ims_label_sip_timerb ims_label_sip_timerd ims_label_sip_timerf ims_label_sip_timerh ims_label_sip_timeri ims_label_sip_timerj ims_label_sip_timerk ims_label_user_agent ims_label_sw_version ims_label_service_version ims_label_registration_duration ims_label_subscription ims_label_reg_sub_expiration ims_label_enabler_sip ims_label_preferred_id ims_label_target_scheme ims_label_target_number_format ims_label_session_timer ims_label_session_st_minse$$ims_label_session_st_session_expires ims_label_session_st_refresher ims_label_session_st_method ims_label_session_st_headers++ims_label_session_st_no_refresh_by_reinvite ims_label_aos ims_label_aos_connection ims_label_aos_connection_0 ims_label_aos_connection_1 ims_label_aos_connection_2%%ims_label_aos_connection_profile_name##ims_label_aos_connection_ip_version&&ims_label_aos_connection_access_policy((ims_label_aos_connection_service_in_time))ims_label_aos_connection_service_out_time ims_label_aos_reg ims_label_aos_reg_0 ims_label_aos_reg_1 ims_label_aos_reg_2 ims_label_aos_reg_type ims_label_aos_reg_flow_id  ims_label_aos_reg_retry_interval''ims_label_aos_reg_retry_repeat_interval ims_label_aos_reg_ipsec ims_label_sms ims_label_sms_common ims_label_sms_format ims_label_sms_over_ip_network ims_key_subscriber ims_key_ims ims_key_admin_ims ims_key_admin_isim ims_key_admin_debug ims_key_admin_services ims_key_admin_testmode ims_key_pcscf ims_key_pcscf_address_0 ims_key_pcscf_address_1 ims_key_pcscf_address_2 ims_key_pcscf_port_0 ims_key_pcscf_port_1 ims_key_pcscf_port_2 ims_key_admin_pcscf ims_key_home_domain_name ims_key_impi ims_key_impu ims_key_impu_primary_ref_index ims_key_impu_0 ims_key_impu_1 ims_key_impu_2 ims_key_phone_context ims_key_auth_username ims_key_auth_realm ims_key_auth_password ims_key_auth_algorithm ims_key_auth_realm_leniency ims_key_scscf ims_key_sip ims_key_sip_common ims_key_sip_compact_form ims_key_sip_features ims_key_sip_tag_prefix ims_key_sip_device_id ims_key_sip_tcp_criterion_len ims_key_sip_registration ims_key_sip_tcp_transport_timer  ims_key_sip_tcp_connection_timer ims_key_sip_tcp_keepalive_timer  ims_key_sip_tcp_wouldblock_timer ims_key_sip_listen_channel!!ims_key_sip_listen_channel_scheme ims_key_sip_listen_channel_port$$ims_key_sip_listen_channel_transport ims_key_sip_timer ims_key_sip_timer_t1 ims_key_sip_timer_t2 ims_key_sip_timer_tb ims_key_sip_timer_td ims_key_sip_timer_tf ims_key_sip_timer_th ims_key_sip_timer_ti ims_key_sip_timer_tj ims_key_sip_timer_tk ims_key_user_agent ims_key_sw_version ims_key_service_version ims_key_registration_duration!!ims_key_registration_subscription ims_key_reg_sub_expiration ims_key_preferred_id ims_key_target_scheme ims_key_target_number_format ims_key_session_timer ims_key_session_st_minse""ims_key_session_st_session_expires ims_key_session_st_refresher ims_key_session_st_method ims_key_session_st_headers))ims_key_session_st_no_refresh_by_reinvite ims_key_aos ims_key_aos_connection ims_key_aos_connection_0 ims_key_aos_connection_1 ims_key_aos_connection_2%%ims_key_aos_connection_0_profile_name%%ims_key_aos_connection_1_profile_name%%ims_key_aos_connection_2_profile_name##ims_key_aos_connection_0_ip_version##ims_key_aos_connection_1_ip_version##ims_key_aos_connection_2_ip_version&&ims_key_aos_connection_0_access_policy&&ims_key_aos_connection_1_access_policy&&ims_key_aos_connection_2_access_policy((ims_key_aos_connection_0_service_in_time((ims_key_aos_connection_1_service_in_time((ims_key_aos_connection_2_service_in_time))ims_key_aos_connection_0_service_out_time))ims_key_aos_connection_1_service_out_time))ims_key_aos_connection_2_service_out_time ims_key_aos_reg ims_key_aos_reg_0 ims_key_aos_reg_1 ims_key_aos_reg_2 ims_key_aos_reg_0_type ims_key_aos_reg_0_flow_id  ims_key_aos_reg_0_retry_interval''ims_key_aos_reg_0_retry_repeat_interval ims_key_aos_reg_0_ipsec ims_key_aos_reg_1_type ims_key_aos_reg_1_flow_id  ims_key_aos_reg_1_retry_interval''ims_key_aos_reg_1_retry_repeat_interval ims_key_aos_reg_1_ipsec ims_key_aos_reg_2_type ims_key_aos_reg_2_flow_id  ims_key_aos_reg_2_retry_interval''ims_key_aos_reg_2_retry_repeat_interval ims_key_aos_reg_2_ipsec ims_key_sms ims_key_sms_sip ims_key_sms_sip_timer ims_key_sms_sip_timer_t1 ims_key_sms_sip_timer_t2 ims_key_sms_sip_timer_tf ims_key_sms_user_agent ims_key_sms_target_scheme  ims_key_sms_target_number_format ims_key_sms_common ims_key_sms_format ims_key_sms_over_ip_network ims_disabled ims_enabled ims_port_range ims_summary_admin_pcscf ims_summary_sip_features ims_summary_session_st_headers ims_label_trace ims_key_trace log_label_enabled log_key_enabled layout_root imspassword META-INF/MANIFEST.MFm #1,1 C    2H {[email protected] ,<3s INQp} |rgv  11oy META-INF/CERT.SFm Kopf ?p?" BE\D5b 3`{b META-INF/CERT.RSA3hbKc f&F&&N 90>; `jbddxi/% sMnA [oy} 2h|n  Wfi\o TY?g :-&KbNn     4lb s4-< AndroidManifest.xml res/drawable-hdpi-v4/icon.pngPK @=B]f! res/layout/main.xmlPK res/layout/password.xmlPK res/xml/imsprovisioning.xmlPK resources.arscPK META-INF/MANIFEST.MFPK META-INF/CERT.SFPK META-INF/CERT.RSAPK

Looking at this makes me think we may be able to manually swap apps such as this from another device dump thats not locked to a particular network and that may cause some settings and such to change auto-magically...
But thats where we sit and what we're up to at The Team_AstrayaL lab.
maby somebody will spot some usefull tidbit in all this raw data...

---------- Post added at 10:35 PM ---------- Previous post was at 10:23 PM ----------

Also as a side Note I've uncovered Approx 884 xml files that control different aspects of the devices OS firmware and software...


----------



## wdthompson (Nov 1, 2017)

@Astr4y4L
Thanks for link,, my box doesn't have so much mem to run vbox easily,
I managed to get radare compiled, but not cutter (the gui), it wants newest qt5
I am not at all skilled in disassembly, but I will poke at it for a few weeks
I gave the md5's and board info so you could see how similar 3 and k4 are,
I doubt that they are identical (aboot,,GPT) (K4 GPT appended)
7c-f is where aboot ends up in mem, the 2nd half (8f600000)

K4 GPT
Number  Start (sector)    End (sector)  Size       Code  Name
   1           16384          147455   64.0 MiB    0700  modem
   2          147456          148479   512.0 KiB   FFFF  sbl1
   3          148480          150527   1024.0 KiB  FFFF  tz
   4          150528          151551   512.0 KiB   FFFF  rpm
   5          151552          155647   2.0 MiB     FFFF  aboot
   6          155648          156671   512.0 KiB   FFFF  sbl1bak
   7          156672          158719   1024.0 KiB  FFFF  tzbak
   8          158720          159743   512.0 KiB   FFFF  rpmbak
   9          159744          163839   2.0 MiB     FFFF  abootbak
  10          163840          166911   1.5 MiB     FFFF  modemst1
  11          166912          169983   1.5 MiB     FFFF  modemst2
  12          169984          171007   512.0 KiB   FFFF  ssd
  13          171008          172031   512.0 KiB   FFFF  DDR
  14          172032          175103   1.5 MiB     FFFF  fsg
  15          175104          176127   512.0 KiB   FFFF  fsc
  16          176128          177151   512.0 KiB   FFFF  sec
  17          177152          178175   512.0 KiB   FFFF  keystore
  18          178176          179199   512.0 KiB   FFFF  encrypt
  19          179200          180223   512.0 KiB   FFFF  eksst
  20          180224          182271   1024.0 KiB  FFFF  devinfo
  21          182272          183295   512.0 KiB   FFFF  config
  22          183296          196607   6.5 MiB     FFFF  spare1
  23          196608          208895   6.0 MiB     FFFF  fota
  24          208896          209919   512.0 KiB   FFFF  rct
  25          209920          212991   1.5 MiB     FFFF  spare2
  26          212992          215039   1024.0 KiB  FFFF  raw_resources
  27          215040          217087   1024.0 KiB  FFFF  raw_resourcesbak
  28          217088          229375   6.0 MiB     0700  drm
  29          229376          241663   6.0 MiB     0700  sns
  30          241664          262143   10.0 MiB    FFFF  misc
  31          262144          278527   8.0 MiB     FFFF  persist
  32          278528          311295   16.0 MiB    FFFF  laf
  33          311296          344063   16.0 MiB    FFFF  boot
  34          344064          376831   16.0 MiB    FFFF  recovery
  35          376832          425983   24.0 MiB    FFFF  factory
  36          425984          491519   32.0 MiB    0700  mpt
  37          491520         5603327   2.4 GiB     0700  system
  38         5603328         6012927   200.0 MiB   0700  cache
  39         6012928        15253503   4.4 GiB     0700  userdata
  40        15253504        15269854   8.0 MiB     0700  grow


----------



## Astr4y4L (Nov 1, 2017)

wdthompson said:


> @Astr4y4L
> Thanks for link,, my box doesn't have so much mem to run vbox easily,
> I managed to get radare compiled, but not cutter (the gui), it wants newest qt5

Click to collapse



Your Host... Is it Linux?
IDA is for windows... 
I'm also using this Autopsy tool on windows.
Got 8gb usable RAM
2 HDD's
HD 0 = ubuntu 17.4  with 1.5 terrabytes of storage.
HD 1= Windows 7 with 250 GB storage
2.3 ghz Intel core Duo...

and it gets slow sometimes on some of these tasks but usually it get's the job done...
So what Do you think from the raw output above , do you think we would have any success if we swapp apps from say a Cricket Spree {e1q} to to the zone3 {e1q_vzw} to get the network voice calls crap working?


----------



## wdthompson (Nov 1, 2017)

@Astr4y4L
Yes I am using a linux box, radare (&cutter) are pre-compiled for win
reading  https://www.qualcomm.com/documents/secure-boot-and-image-authentication-technical-overview
I am not so optimistic about interrupting secure boot


----------



## Astr4y4L (Nov 1, 2017)

*Thus you now see our delima....*



wdthompson said:


> @Astr4y4L
> Yes I am using a linux box, radare (&cutter) are pre-compiled for win
> reading  https://www.qualcomm.com/documents/secure-boot-and-image-authentication-technical-overview
> I am not so optimistic about interrupting secure boot

Click to collapse



so you now see how the Cert chain of trust works... 
It's like next level stuff and even our /system is signed but then I found that by mounting the partition in linux I am able to Mod the files and such contained within but can't build a new IMAGE because it isnt signed by LG/Vzw  but we can modify the signed images if we don't break signitures...

BUT...
Always a but...
/Aboot as you've stated is an ELF executable and when we change the functions contained within we are changing the bits and thus the code-size which is part of how secure boot validate's the image...

ofcourse if we can find the EEPROM files from LG or qualcom and use the Chip-erase options in LGuP we could possibly compile our own rom and burn it on to the eeprom...
Unfortunately even after signing up at qualcom and becoming a developer over there ... I STILL CAN"T GET THE FILES...
Proprietary Software they claim ....  also if you can get the correct files we could get to QHUSB-Bulk mode and use qualcom's QFIL ...

but I think our best bet is to patch the aboot to always return that the image is signed , but we gotta cause the hash of the file to remain the same or once we flash it to the device we just get dead black-screen of doom...
Kudo's on the good reading material...
Astr4y4L


----------



## Astr4y4L (Nov 1, 2017)

OH WOW...
this autopsy Program found approx 664 credit card numbers hidden in bin files in  zone3 /system.img...
on my further investigation it appears it has found the signing keys for all app's and binaries in the ROM....

Creditcard numbers? Naaa just sha hashes that it thought were credit card numbers...

Neat stuff.
Oh and you all familiar with the file called 
(recovery-from-boot.p) well it's pascal code which I'm not familiar with and the content of strings is thus

IMGDIFF2
BSDIFF404
BZh91AY&SY
BZh91AY&SY
BZh9
rE8P
BSDIFF40
BZh91AY&SY
i56FL
z2h4eC
=OSM='
3#Rz
=O(h=C
M=OF
!B`4
HMPc
(mXz
Ax%4k&
quZD
'ULY
a\jW
tx$l
ZBTp[
G"Y]i
M,Jl#qK
3OsT`
rU%0
zCyi
039(
%Vn5kb:}69
E5`q
|tKB
YQ%&@
AY<=
<}6I
e"0E
VkAYB
=>i!
gU~&k
u8&j
+;nL
:Mmx8SEf1jr
2B0Q 
'8[xP
DN~_Jy
%U+ 
:m`S7
5sn5
 ^O:!
*D)/0
OS?4w
n0)_
5IiG~
H}=r
cwE;
!OWA
BBI    
|OfO
|GKC&
[¥l\J
5\(p
(ñ[email protected]
y ov
z'>;
{a\2
)S"*
YX^D
e4Ocv
*v_#Bi
y,7
5V\.o
33 H`;
Q-**
Df\c[
$;?S
Qq\c
<UJ~_
*[Tm
fz&8
rJo=
AN[\
8wsa
B0g5C
hQ+5)
owu#
V_d#
WZx;
b%F-
`6u~
1reaVJ
j)x=
*iZh
>zA,
uY]^
UYy$
dmZ!Z
]smA;
 H    +"
ei19
]Ra 
):SU
|6V6g*
4?46k
*FZ[F
j`D[Dj
gtXf
zVD[Y
"(f}
j82b
9W]g{
yMGeC"g
8fwI
[3wM
^l    c
uFSN
u.sJ
AV,C
ZYEl
BBiM-lBZh91AY&SYY
[him
[email protected]{
mc=+
6/7*R
h0J~&E?
h10)
M=OI<OAC
mO(4
2?SS
4mLF
L&i=CLCA
I$&"d
SdlR
DFLO
?Q14
:qlNe
&t_8
eFX(S
\uAq
HrR^~V
r1?Ef
rSwu
Razu
u'+Fy
4MH6m2
FULT
gVn*
Ez(R
    p|P
k4]}
]ec7
DlBL
y]bL+R=Ql
Kz8i
o1b9-
H8#5
`T7}R
1}-4,
]R    px
HI>xE6i
x    (mt
N[\%
Gs&B
[s"4
mv)\
c#g    
Jo(L
8z5|
g\TZ
26C[
.dcc
)Q8㌉
).#RA
`]uC
6n'r
8]%h
nLP,Î
Q^>.tF
uqAMl
)f]A,@pA
6pEZA
{Sd^
l=5#
Bo<'
Lf !
C>c0x
[email protected] 
Z`f0V
w<:M
wt"9PD/C
*O{~
qfg_
ihwD,
u6P:4
ém $
yz    w
/M$9iQ
zT [0
<2}K
f-2(L
m]    qj
[email protected](gHi&V
.)#]
m7;    
41E1
BD\1
S/f>
CVTI
MAT]
[email protected]
\CX+:
f)zE
\[email protected]
4;,$
nVsb
LqqE
)ñAfi
% hIN
E-zS
FG+dU
%%&V!HJ
dDQL2
c<|9.n
sacT
8v./
Jj`[email protected]
:0.7
'sEC
zm+O
/kY$x
4zt5


----------



## wdthompson (Nov 1, 2017)

@Astr4y4L
>It's like next level stuff and even our /system is signed 
No, if it was, there would be a "verify" flag in fstab,,
and there is not (this is a android 6 and 7 "feature")
They must update the cert too when there is a OTA update
>gotta cause the hash of the file to remain the same
Yes, because sbl checks it, you realize this is almost impossible?


----------



## Astr4y4L (Nov 1, 2017)

wdthompson said:


> @Astr4y4L
> >It's like next level stuff and even our /system is signed
> No, if it was, there would be a "verify" flag in fstab,,
> and there is not (this is a android 6 and 7 "feature")
> They must update the cert too when there is a OTA update

Click to collapse



From /system/build.prop  --->lge.signed_image=true 
just as an experiment ... try to run your system image through drixda's android kitchen and modify ..anything... then take the output of that and convert back to an image format..[ext4_system.img]
and try to flash that to your device...
dd wont help...
Lgup wont touch it...

your right they must somehow resign the image ON-DEVICE after as a part of the OTA...
I really don't understand all of the Mech.'s involved in their Updates...
I ROOT ANDROID so I ALWAYS disable updates ..  




			
				wdthompson; said:
			
		

> >gotta cause the hash of the file to remain the same
> Yes, because sbl checks it, you realize this is almost impossible?

Click to collapse



I do... :crying: 
But reading about it in reverse engineering androids application bootloader  [Android internals] 
and examining the file extensively in various hex editors and debug software I know that the end of the file contains a lot of dead space [ 00 ] Zero's ... and wonder if we can somehow modify our values in the functions and then hash that to see what our value is and then we can maybe use the known value [what it is now before touching the file ] and some how then calculate a way to remove some Zero's to cause the [Code-Size ] to be the same as before which then would result in a matching sha value...

Might take Years or may be simple computation with the correct formula... I Honestly don't know if it can be done. But We've been trying  :0

I Myself think we may be able to just swap the Damn Binary with another signed one from Lg software...
It will Either Boot or NO

But WE DO KNOW the Vzw Zone3 doesn't have those [e-fuses] set for roll-back protection etc.
that's why we are able to downgrade and attain root and thus is how we got to where we are...

It's a Damn Turky-chase...

But bro some genius out there is probably reading this and has the damn answer but won't speak up...
Grrr
---> Frustrations
Astr4y4L

---------- Post added at 01:27 PM ---------- Previous post was at 01:16 PM ----------

$$Comma-separated list - PCO/ISIM/CONF
SIP Features - gruu(0x1), rport(0x2), keep(0x4), multiple_reg(0x8), pan_info_in_initial_reg(0x10000), p_preferred_id_in_reg_sub(0x20000), auth_algorithm(0x01000000), ua_set_by_context(0x02000000), user_agent(0x04000000), display_name_dquot(0x08000000), contact_in_all_1xx(0x10000000)
Session timer related headers - none(0x00), session_expires(0x01), minse(0x02), require(0x04,timer in 200 OK), check_session_expires(0x10), all(0xFF)

May just have found what i have been chasing  now I gotta go back to Mom's fone's case file and compare the values that are located in the same place in her rom...
I fully expect them to be different values and her fone is on the Cricket ATT network...

back in a bit I really want to win this $500 wager.
:fingers-crossed:


----------



## MotoJunkie01 (Nov 2, 2017)

Astr4y4L said:


> From /system/build.prop --->lge.signed_image=true
> just as an experiment ... try to run your system image through drixda's android kitchen and modify ..anything... then take the output of that and convert back to an image format..[ext4_system.img]
> and try to flash that to your device...
> dd wont help...
> ...

Click to collapse



Wow mate. I've got a lot of reading to catch up on here. Looks like you've been knee-deep in this device as usual. Your ceaseless hard work never fails to amaze me. Anyway, I'll catch up on your recent finding and progress. I've been on this all day. Finally got this tabled decrypted and compiled a stock ROM for TWRP installation. 
https://forum.xda-developers.com/android/general/rom-lenovo-tab-3-8-tb3-850f-t3617594/page7


----------



## Astr4y4L (Nov 2, 2017)

MotoJunkie01 said:


> Wow mate. I've got a lot of reading to catch up on here. Looks like you've been knee-deep in this device as usual. Your ceaseless hard work never fails to amaze me. Anyway, I'll catch up on your recent finding and progress. I've been on this all day. Finally got this tabled decrypted and compiled a stock ROM for TWRP installation.
> https://forum.xda-developers.com/android/general/rom-lenovo-tab-3-8-tb3-850f-t3617594/page7

Click to collapse



Still haven't found the values to plug into the settings...
hmmm... lenovo tabs seem pretty neat , looks as though your out rescuing some poor guys that can't get stock firmware's again, :good:
I am in touch with @phonecapone and were communicating about both the K3 and that Rebel that he has...

I think he's been trying to use that Croot.apk or what ever and like him I NEVER had success with the little apk.
now the adb- command-line version I Have success with exploiting many devices using the Race-condition.

Have you had any news on the K3 front?
I just right now bricked a zone3 pretty good. 
got 2 in qcom  Qdloader9008 mode now...
that leaves the one that thinks he is a K4 but lost download-mode on it...
and the one I use as a phone.....

UGGGG.... stupid boot-stack issues because I cant help messing with things... 

Oh well stuff happens there sometimes but if I don't do it and nobody else tries it we never find the good stuff...
got someone I'm talking to about becoming a tester on the 2017 K4 the marshmallow version...
and as I can't get firmware from tracfone or streight-talk or aio or att ...
I'm going to suggest that @phonecapone  uses my mod-tools and gets a non-root dump of the whole Rebel...
then we can finally get after that one...
who knows might be next incarnation Frankin_Mod material.
got to remember how I got out of the QDLoader mod last time...
found a sure-fire way to get devices into that state if we ever find a use for that... LMAO

But yes sir we have been busy on zone3 again.
and it's good to hear from you brother


----------



## MotoJunkie01 (Nov 2, 2017)

Astr4y4L said:


> Still haven't found the values to plug into the settings...
> hmmm... lenovo tabs seem pretty neat , looks as though your out rescuing some poor guys that can't get stock firmware's again, :good:
> I am in touch with @phonecapone and were communicating about both the K3 and that Rebel that he has...
> 
> ...

Click to collapse



Tell me this: do you have an option for Reverse Tunneling and, if so, what is it set to? On the K3, I'm definitely going to be sending you one. I'll be traveling to Louisville, Kentucky this weekend where the mall has a Best Buy Mobile. They have had their Boost and Virgin Mobile varians of the LG K3 (LG LS450) on sale for $19.99. Walmart in the area I live no longer carries the K3, so I will pick you one up this weekend. If you get lucky and end up getting one with an early firmware build, you can root it with iRoot or KingoRoot with the PC version one-click root exploit. I'm guessing you will figure out how to downgrade the device even if it is a more recent build which is not vulnerable to one-click root exploits. DirtyCow should also be feasible on builds prior to 12/01/2016. I'll keep you updated on the status of your K3.


----------



## Astr4y4L (Nov 3, 2017)

MotoJunkie01 said:


> Tell me this: do you have an option for Reverse Tunneling and, if so, what is it set to? On the K3, I'm definitely going to be sending you one. I'll be traveling to Louisville, Kentucky this weekend where the mall has a Best Buy Mobile. They have had their Boost and Virgin Mobile varians of the LG K3 (LG LS450) on sale for $19.99. Walmart in the area I live no longer carries the K3, so I will pick you one up this weekend. If you get lucky and end up getting one with an early firmware build, you can root it with iRoot or KingoRoot with the PC version one-click root exploit. I'm guessing you will figure out how to downgrade the device even if it is a more recent build which is not vulnerable to one-click root exploits. DirtyCow should also be feasible on builds prior to 12/01/2016. I'll keep you updated on the status of your K3.

Click to collapse



Great news thanks Bro.
If you buy one brand new in the box... look at the software version usually near imie info printed by barcode on box.
Usually they let me do that when I am in the market place.
They won't usually all be the same.
Kinda bunt on the zone3 at the moment.
Putting him on the back burner and playing with the Bass again... driving everyone nutz lol.

But anyway. I need a dump from A 2017 k4 m151 I believe it is.
I want to take a crack at that also. 
And I killed a zone 3 yesterday.  Gotta work out an unbrick
For these. In that state. Qdloader-9008

Edit --> didn't find anything in the device about reverse tunnels.

Now if you need a reverse tunnel setup somewhere. Holler at me bro. We can pipe you through the lab server.  No big deal


----------



## Astr4y4L (Nov 3, 2017)

RE aboot

http://newandroidbook.com/Articles/aboot.html


----------



## wdthompson (Nov 6, 2017)

Thanks to Astr4y4L his software and help,, my K121 (10f)is rooted
Only a little painfull, and we caught a couple bugs so it will be better
I am no expert on win, as usual win seems to need more than 1 boot
to get it  all together, fairly smooth once it was sorted,, 9/10
The mod to LGup is quite impressive
Oh, camera still works, I gather 10b and 10c, kingroot loses camera
thanks Astr4y4L


----------



## MotoJunkie01 (Nov 6, 2017)

As always @Astr4y4L, impressive work and incredible development. Do you ever rest or sleep? Lol


----------



## Astr4y4L (Nov 6, 2017)

MotoJunkie01 said:


> As always @Astr4y4L, impressive work and incredible development. Do you ever rest or sleep? Lol

Click to collapse




 Yea we have a Global botnet of android monkeys working 24/7 to bring everyone the greatest new Mods we can come up with.







Working on K3 stuff right now and repo -syncing the needed Asop stuff to build these open-source lg software kits from lg's dev site.

I cant sign the image but may be able to build and swap guts if ya know what I mean.

Anyways yea also any-one with a (LG FRP-Bricked) regardless of make and model may have new options for a frp unlock remote service Team_Astr4y4L is putting together.
So big Stuff going on


----------



## [email protected] (Nov 7, 2017)

Someone is remotely accessing my cellphone. 
Need to stop government spying on my cellphone. Seeing. Chinese writing in background. 

content://media/external/file/4310


----------



## Astr4y4L (Nov 7, 2017)

*WTF ?*



[email protected] said:


> Someone is remotely accessing my cellphone.
> Need to stop government spying on my cellphone. Seeing. Chinese writing in background.
> 
> content://media/external/file/4310

Click to collapse



WOW !!!
 so you think the Gov. is spying on you?

HMMM,

they can surly do that but i wouldn't think the Government would need to exploit a device to spy on you ,
Hell THEY OWN THE INTERNET,
THEY OWN THE AIRWAVES AND WATCH ALL TRAFFIC.

SO what device do you have and What contry are you in?
Have you tried Kingroot, King of root, Iroot or any other Krap on the device thats in question?

If so , Then thats probably it.. the apps you download ask for permissions on your device and we grant them to have the app.

So I would Recomend first DELETE EVERYTHING.
YOUR PRIVATE FILES PICTURES EVERYTHING.
THEN FACTORY RESET THE DEVICE.
THEN FLASH THE LATEST STOCK FIRMWARE FOR YOUR DEVICE
THEN BOOT TO RECOVERY AND FACTORY RESET YOUR DEVICE AGAIN AFTER YOU FLASHED STOCK FIRMWARE..

This will prevent anything other than the devices Stock firmware from being on the device.

If after that the " Who-ever " is still messing with you then they probably have your accounts info's,
suggest sign out of ALL devices and then change Passwords for ALL acounts
If that doesn't fix it then someone who has physical access to your device is messing with you,

Also 
KEEP BLUETOOTH OFF

%90 percent of android is affected by a bluetooth vulnerability

SO Avoid that

Hope We Have Helped...

Astr4y4L
Team_Astr4y4L


----------



## Astr4y4L (Nov 8, 2017)

Hey everybody theres a new service coming out for FRP bypass on LG devices 
It is A paid service BUT,
right now it's going into Beta-Test Phase so you can get in absolutely free,
So if that kind of thing will be helpful to anyone heres a link to the thread.

https://forum.xda-developers.com/general/general/frp-bypass-teamastr4y4l-looking-beta-t3701935


----------



## Astr4y4L (Nov 10, 2017)

Removed post


----------



## Astr4y4L (Nov 10, 2017)

Removed post


----------



## Astr4y4L (Nov 10, 2017)

ok update: and it's building all kinds of goodies for k3...
will any of it work ----> Maaaybe

but it's building eng/test-keys boot image which may be handy for rooting the K3

we'll see what happens, i'm trying not to be too optamistic as of yet...

from /root/default.prop
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.secure=0
ro.allow.mock.location=1
ro.debuggable=1
ro.zygote=zygote32
dalvik.vm.image-dex2oat-Xms=64m
dalvik.vm.image-dex2oat-Xmx=64m
dalvik.vm.dex2oat-Xms=64m
dalvik.vm.dex2oat-Xmx=512m
ro.dalvik.vm.native.bridge=0
debug.atrace.tags.enableflags=0
#
# BOOTIMAGE_BUILD_PROPERTIES
#
ro.bootimage.build.date=Fri Nov 10 09:32:06 CST 2017
ro.bootimage.build.date.utc=1510327926
ro.bootimage.build.fingerprint=Android/aosp_arm/generic:6.0.1/MXB48T/astr4y4l11100803:eng/test-keys
persist.sys.usb.config=adb


----------



## MotoJunkie01 (Nov 11, 2017)

Ah, the old dreaded dm-verity. Damn I hate I bricked my K3. By exploring which exploit the one-click method utilized in rooting my device, you could have compiled a root package directly from dumps of my device. But, not to fret, I've found you a new device to keep and develop on. PM sent.


----------



## Astr4y4L (Nov 11, 2017)

*Still possibly ,possible*



MotoJunkie01 said:


> Ah, the old dreaded dm-verity. Damn I hate I bricked my K3. By exploring which exploit the one-click method utilized in rooting my device, you could have compiled a root package directly from dumps of my device. But, not to fret, I've found you a new device to keep and develop on. PM sent.

Click to collapse



if we can ever get it to connect to your pc in download mode we could still dump the /system...

if we can just get an image from it I can remove the busybox. from /system/xbin and make sure it isn't in /system/bin either and flash it back to your device...

that would probably de-brick him too.. 
but alas no  download mode and not booting...

have you tried to force it into serial mode and connect it with lg_flash tool  thats how i come back from UNKNOWN MODEL issues in LGuP

Oh well , Guess we'll be hacking and cracking on a brand new device soon, I hope we get one with old firmware and only turn it on with no network access and immediately dump the whole device...

before any type of auto-update patches the holes in earlier firmware..

hmmmmm


----------



## Astr4y4L (Nov 12, 2017)

@MotoJunkie01

check out this little tid-bit of info i just uncovered in an att lg rom file..

<DMCDescription>
         Default packet configuration mask for device testing. ||This configuration covers single SIM for any radio technology (1X, HDR, LTE, GSM, WCDMA, TDSCDMA).
      </DMCDescription>
and it go's on so this may be of importance in unlocking gsm, file also mentions 

<QXDMProfessional>
    <Persistence>
        <MultiInstance>0</MultiInstance>
        <FixedFontSize>0</FixedFontSize>
        <DynamicParsersPath>C:\Users\Public\Documents\Qualcomm\QXDM\Parsers\</DynamicParsersPath>
        <DroppedMessages>0</DroppedMessages>
        <ParsingPreference>5</ParsingPreference>
        <EmptyHexadecimalPane>1</EmptyHexadecimalPane>
        <DIAGRequestTimeout>500</DIAGRequestTimeout>
        <ScriptCommandTimeout>15000</ScriptCommandTimeout>
        <TargetCOMPort>Disconnect</TargetCOMPort>
        <GPSCOMPort>Disconnect</GPSCOMPort>
        <TrackNMEA>0</TrackNMEA>
        <OSCoreDump>1</OSCoreDump>
        <MessagesView>
            <Appearance>
                <ShowDate>0</ShowDate>
                <ShowMilliseconds>1</ShowMilliseconds>
                <TypeSpecificTime>1</TypeSpecificTime>
                <UseLegacyFormat>0</UseLegacyFormat>
                <IncludeHeader>0</IncludeHeader>
                <Order>0,1,2,3</Order>
                <Columns>0/80,1/80,2/240,3/120,4/400,5/400,6/120,7/80,8/80</Columns>
            </Appearance>
            <ISVConfig>
                <Items>5</Items>
                <AcceptUnknowns>1</AcceptUnknowns>
                <DelayedSubsysOnly>0</DelayedSubsysOnly>
                <LogCodes>
0x157A,
0x157B,
0x157E,
0x157F

---->QXDMProfessional i believe is for programing radio firmware..

also found a an exe file i presumed for windows but it won't run on my windows 
im attaching the file in a zip and if anyone knows what it is or can figure out what it is it may be important..
Thanks
Astr4y4L


----------



## wdthompson (Nov 15, 2017)

I have no idea what 'PCAP' is,, maybe you do

file RIDLClient.exe 
RIDLClient.exe: ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked (uses shared libs), BuildID[md5/uuid]=5c1681b385999c424c9ee0fc3a28af29, stripped

----------------------
#############################################################################
# QSHRINK Hash File                
#############################################################################
# GENERAL DESCRIPTION
# Copyright (c) 
 Qualcomm Technologies, Incorporated. All Rights Reserved.
# Export of this technology or software is regulated by the U.S. Government.
# Diversion contrary to U.S. law prohibited.
</version>
vendor/qcom/proprietary/RIDL/PCAPGenerator/System/ZLibFile.cpp(77) : 
decompress
: Throwing Lang::Exception("Could not decompress data")
Could not decompress data
vendor/qcom/proprietary/RIDL/PCAPGenerator/System/ZLibFile.cpp(109) : 
vendor/qcom/proprietary/RIDL/PCAPGenerator/System/ZLibFile.cpp(121) : 
: Throwing Lang::Exception("Did not write all bytes")
Did not write all bytes
vendor/qcom/proprietary/RIDL/PCAPGenerator/System/Lz4File.cpp(58) : 
: Throwing Lang::Exception("Error decompressing LZ4 data")
Error decompressing LZ4 data

--------------
vendor/qcom/proprietary/RIDL/RIDLClient/RIDLMD5.cpp
--windowsize=
--droptolerance=
Invalid Command Line option
libPCAPGenerator
vendor/qcom/proprietary/RIDL/PCAPGenerator/PCAPGenerator.cpp
Invalid Command Line option: 
More than one Wireshark/tethereal call: 
Unsupported Wireshark/tethereal option: 
Too Many Parameters
 [input_file] [output_path] [-option]
where options may include any of the following flags in any order:
        -v      display version information
        -d      to force parsing .dlf file. (default is .isf)
        -l      suppress output for legacy PPP packet.
        -u      suppress output for UM PPP packet.
        -r      suppress output for RM PPP packet.
        -a      suppress output for AN PPP packet.
        -t      run Wireshark on the output file.
        -tR<filter>     Wireshark option: set filter.
        -tV     Wireshark option: set output file format to be verbose.
        -tt r|a|ad|d    Wireshark option: set timestamp format.
        --windowsize=n   set the log window size ( max # of sequence numbers
                        to skip for a given log point MUST BE at least>= 32  
        --droptolerance=n        set the max number of packets dropped in row 
                                before assuming the phone has reset
        Example: -lura to suppress output for all legacy PPP packets.
Note: You can invoke the file browser by not supplying any
argument (recommended for novice user).


----------



## Astr4y4L (Nov 15, 2017)

wdthompson said:


> I have no idea what 'PCAP' is,, maybe you do
> 
> file RIDLClient.exe
> RIDLClient.exe: ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked (uses shared libs), BuildID[md5/uuid]=5c1681b385999c424c9ee0fc3a28af29, stripped
> ...

Click to collapse



Oh wow !!!
the qcom version of wireshark! 

and PCAP = packet capture, it's used in monitoring network traffic...
and thanks for that @wdthompson
I didn't have time to fool with it

so I'm now guessing this file isn't to be installed but called from another process...
another step toward progress. 
thanks guys
Astr4y4l


----------



## Astr4y4L (Nov 15, 2017)

Ok so I just sent this to Qualcomm in a reply to an email they sent me detailing an ndk update. .. Email follows...


Greetings, 
I and our team are developing on a board using the msm8909 Soc,
Recently we've had an issue with some modifications in our build.prop causing the device to enter the QD Loader 9008
And we require the file called firehose for the msm8909 to be able to reload firmware in this state using the firmware loader tool
Qfil.

I have searched our sources locally and on the net and yet can't find that one single file.

As I understand its a binary,  and without the source code I can't compile it,  my team wants to try to reverse-engineer the program and the firehose we do have to see if it can be modified to work with our particular device,  and since its proprietary software I don't believe we should be reverse engineering it.
So as a Qualcomm developer I'm reaching out to your team for support.
If you can help us with this it will save us months of downtime and our projects can be completed,  so that we can move on to the next. 
Our board has the 
Snapdragon 210 msm8909 SoC
If you all can send me anything to expedite the development on this project we would be Most Greatful.
Thanks.

So they immediately so not me the automatic reply able it them reviewing our issue and request for support.

So we'll see what they say...
Wouldn't it be great to have the whole kit for that snapdragon 210 boards?

Well I don't expect it to work but never know

---------- Post added at 01:39 AM ---------- Previous post was at 01:30 AM ----------

Ha got sort of an answer fast...


Dear customer,

Please open case with “Wireless Device Support” case record type for getting proper technical support.

Thank you,
Qualcomm Support

--------------- Original Message ---------------
From. My name removed  [email removed ]
Sent: 11/14/2017 11:19 PM
To: [email protected]
Subject: Development msm8909

Greetings,
I and our team are developing on a board using the msm8909 Soc,
Recently we've had an issue with some modifications in our build.prop causing the device to enter the QD Loader 9008
And we require the file called firehose for the msm8909 to be able to reload firmware in this state using the firmware loader tool
Qfil.

I have searched our sources locally and on the net and yet can't find that one single file.

As I understand its a binary,  and without the source code I can't compile it,  my team wants to try to reverse-engineer the program and the firehose we do have to see if it can be modified to work with our particular device,  and since its proprietary software I don't believe we should be reverse engineering it.
So as a Qualcomm developer I'm reaching out to your team for support.
If you can help us with this it will save us months of downtime and our projects can be completed,  so that we can move on to the next.
Our board has the
Snapdragon 210 msm8909 SoC
If you all can send me anything to expedite the development on this project we would be Most Greatful.
Thanks.
ref:_removednumber:ref


----------



## ehacker22 (Nov 21, 2017)

Quick question did you ever get the GSM portion of the zone 3 to work?


----------



## Astr4y4L (Nov 21, 2017)

*Almost*

Removed post


----------



## Astr4y4L (Nov 21, 2017)

*A new ADB/FASTBOOT Installer*

Removed post


----------



## Astr4y4L (Nov 22, 2017)

Removed post


----------



## phonecapone (Nov 26, 2017)

Astr4y4L said:


> and be sure to thank @phonecapone for giving us a good reason to write this one, the old one's were driving him NutZ , hahaha

Click to collapse



=] Yeah but we are a-ok now. Would be cool to eventually add a gui like qtADB.


----------



## PHug (Nov 26, 2017)

*Can't get into PP2 without zebra screen*

Re-posting this here since I got redirected here... the copy paste didn't come out right.

Quote:
Originally Posted by Astr4y4L 

now you must downgrade your device software to pp2 version{VS425PP2}
---------------------------------------------------------------------------
NOTE:** If your device has pp5 software version you have an extra step, you must flash to pp8 or pp7... let it get to the red verizon screen and soon as it go's to android optimizing apps pull battery re-enter download mode and then flash pp2
---------------------------------------------------------------------------
Ok so that went well but now right after flashing pp2 you will have bootloops. It will bootloop for a few minutes then eventually it will boot to verizons red screen.
( This is because of the modem firmware )
after it finishes booting you must connect to wifi and finish or skip through the Setup wizard, once you've done that and you are looking at the home screen go to settings

My Zone 3 came with pp8 installed

I've tried several times to " let it get to the red verizon screen and soon as it go's to android optimizing apps pull battery re-enter download mode and then flash pp2"
but every time I finish downgrading to PP2 all I get is a white screen with various black patterns...

Does this mean that my phone can not be rooted?
oh and btw... 
Model# VS425PP
Software version # VS425PP8
Build # LMY47V


----------



## Astr4y4L (Nov 26, 2017)

*Krappy...*

Removed post


----------



## pvineeth97 (Nov 27, 2017)

Astr4y4L said:


> LONGER ANSWER
> 
> Brother, We have the LTE working in several of our Mod's
> and yes I've been able to get Internet, ie google and such working.
> ...

Click to collapse



I don't understand this. Why do you want to waste time on a phone which isn't that capable to run heavy apps, has less RAM and LG already seized it's development on it's side! Buy a good phone with all the features you want. I already been through all this Custom ROM stuff with LG K10 and none of them gave me a satisfactory experience other than the stock rom. It is just my advice to not waste time on things which will not work well as I wasted 6-7 months on it.

If you really that interested in Android development, make apps and explore stuff on Operating Systems.


----------



## Astr4y4L (Nov 27, 2017)

*If ya hadn't noticed,*

Im not much into that.
I like to break android and own my devices.
When an OEM locks the devices down and i get one in my 
Hands. 
I consider it a personal challenge to root
My devices. 
And your absolutely right.
Go get a high-end development device. 
That's what every one eventually does
But that's also the answer to your questions. 
Why do we do this?
Because none of the others will 
As u say, waste time on it.
So that leaves average Joe User
With no way to root the $20 PO.S.   he got stuck with
From work or Christmas present
Or whatever. 

And when u reach out to LG or Verizon concerning these
Devices,  they tell you buy a new one your board need replaced. 

Lies.
They just want money.
I just like breaking OEM rules
brother 

How are things over on your side of the pond Brother? 

Ttyl
Astr4y4L






pvineeth97 said:


> I don't understand this. Why do you want to waste time on a phone which isn't that capable to run heavy apps, has less RAM and LG already seized it's development on it's side! Buy a good phone with all the features you want. I already been through all this Custom ROM stuff with LG K10 and none of them gave me a satisfactory experience other than the stock rom. It is just my advice to not waste time on things which will not work well as I wasted 6-7 months on it.
> 
> If you really that interested in Android development, make apps and explore stuff on Operating Systems.

Click to collapse


----------



## Narfoid (Nov 28, 2017)

My Canadian K4 is now rooted! Thanks Astr4y4L!


----------



## Astr4y4L (Nov 28, 2017)

*Remember Back up Everything*



Narfoid said:


> My Canadian K4 is now rooted! Thanks Astr4y4L!

Click to collapse



But of course.

Be sure to grab something like titanium backup
And back up everything. 

Then come back and let us know if it feels better after debloating. 

And please freeze an app first reboot and no errors 
Then nuke the app...
Some have dependency on other being present 

Of course u know that.
But for those that don't..
I say it.

Thanks for choosing Team_Astr4y4L

Astr4y4L


----------



## Narfoid (Nov 28, 2017)

In theory, can we use the modded LGUP to flash a new recovery?


----------



## Astr4y4L (Nov 28, 2017)

POST REMOVED DUE TO RULES,
Sorry guys.

---------- Post added at 02:33 PM ---------- Previous post was at 02:22 PM ----------




Narfoid said:


> In theory, can we use the modded LGUP to flash a new recovery?

Click to collapse



UMMMM>>>>NO !

The issue with that Narf, it's ok to call ya Narf right?
  The issue Sir is that we can only flash Signed images on it.
so Yes you can use it to flash a new Recovery, BUT it has to be signed by OEM meaning it would be a Stock recovery.

NOW don't get it Twisted, Bro I'D love to do just that to flash TWRP on my zone3 but Lg most likely will not even respond to an email asking them to jar-sign a TWRP recovery compiled for one of these devices LOL !!!!

But hey it's good to see ya over here today Brother and I love the Way your thinking about the implications of what I revealed to you Yesterday on Team_Viewer ! 
Kinda Kool Huh?

I have been trying to research making something like Safe-Strap for it but have not gotten anywhere... and would probably install it using an SD card and ADB Shell dd Commands

Astr4y4L
Team_AStr4y4L


----------



## Kaitlin7193 (Nov 30, 2017)

*Review for Astr4y4L Zone3 root service*

I recently had team Astr4y4L perform a Zone3 root service for my LG phone.

Since I know nothing about this process LOL, they remotely performed all the necessary actions on my computer while I watched. They were very interactive letting me know step by step what was happening and gave me very detailed direction of what I needed to do on my end. I did all the steps correctly and if I can do it anyone can! LOL.  The process worked and they successfully rooted my phone. 

The time and effort put on by Astr4y4L was superb. I'm talking constant email support all hours of the day even late at night. Whenever I asked a question they immediately responded with great information.

Astr4y4L even went above and beyond performing the root and remoted into my computer and performed a data dump of my phone to help with an additional issue at no extra cost.

I could not give any higher praise or recommendation. Five stars for sure!


----------



## pvineeth97 (Dec 2, 2017)

Astr4y4L said:


> Im not much into that.
> I like to break android and own my devices.
> When an OEM locks the devices down and i get one in my
> Hands.
> ...

Click to collapse



Nothing much but studies!


----------



## Astr4y4L (Dec 2, 2017)

Blah blah blah, silly little rant.

MOD EDIT


----------



## majored (Dec 3, 2017)

*You rule astryl 4*

Pretty sure i got the name wrong but ive been impressed with this successful root

---------- Post added at 10:28 PM ---------- Previous post was at 10:22 PM ----------

You guys rule however i am unable to tether wifi to this dev something about sim card and verizon but sims in there is there something on build prop or ?  Tether some data upgraded to win 10 and that shut my home network of data from phone to laptop to network via tenda wifi utility i hate win 10 for this and in kali hey im just not that good Yet  anyone help


----------



## George_Jetson (Dec 14, 2017)

*Have you tried Xposed?*



majored said:


> Pretty sure i got the name wrong but ive been impressed with this successful root
> 
> ---------- Post added at 10:28 PM ---------- Previous post was at 10:22 PM ----------
> 
> You guys rule however i am unable to tether wifi to this dev something about sim card and verizon but sims in there is there something on build prop or ?  Tether some data upgraded to win 10 and that shut my home network of data from phone to laptop to network via tenda wifi utility i hate win 10 for this and in kali hey im just not that good Yet  anyone help

Click to collapse



I've been able to use Xposed after Astr4y4L's Root .
and If you look through Xposed modules and find X-teather.
it may Help you .

repo(dot)xposed(dot)info/module/com(dot)dym(dot)motoxtether
not allowed to post links but replace (dot)  with .   
and there it is.

---------- Post added at 04:04 PM ---------- Previous post was at 03:57 PM ----------




George_Jetson said:


> I've been able to use Xposed after Astr4y4L's Root .
> and If you look through Xposed modules and find X-teather.
> it may Help you .
> 
> ...

Click to collapse



Oh and I found over on Androidforums looks like Team Astr4y4l did a tut on how to root these bad boys for free!!!

```
https://androidforums.com/threads/verizon-zone3-how-to-root.1223248/
```
and if your like me and new but need to post a link...
wrap it up in Code -tags...

---------- Post added at 04:11 PM ---------- Previous post was at 04:04 PM ----------




George_Jetson said:


> I've been able to use Xposed after Astr4y4L's Root .
> and If you look through Xposed modules and find X-teather.
> it may Help you .
> 
> ...

Click to collapse



X-teather 


```
repo.xposed.info/module/com.dym.motoxtether
```


----------



## George_Jetson (Dec 17, 2017)

*is that for 32 or 64 bit?*



phonecapone said:


> =] Yeah but we are a-ok now. Would be cool to eventually add a gui like qtADB.

Click to collapse



Does this work for 32bit ubuntu?

---------- Post added at 06:46 AM ---------- Previous post was at 06:45 AM ----------




ehacker22 said:


> Quick question did you ever get the GSM portion of the zone 3 to work?

Click to collapse



Bump

---------- Post added at 06:50 AM ---------- Previous post was at 06:46 AM ----------




Astr4y4L said:


> Hey everybody theres a new service coming out for FRP bypass on LG devices
> It is A paid service BUT,
> right now it's going into Beta-Test Phase so you can get in absolutely free,
> So if that kind of thing will be helpful to anyone heres a link to the thread.
> ...

Click to collapse



NOT THERE...


----------



## Helzgoth (Dec 18, 2017)

*VS425PP9?*

Has anyone had any success rooting VS425PP9? The best I've come up with is to first flash PP2.kdz and then flashing all the partitions of PP7.kdz except for boot,  recovery, factory, and system. Rooting with Kingroot works but the screens gets messed up if the screen gets turned off.


----------



## phonecapone (Dec 18, 2017)

George_Jetson said:


> Does this work for 32bit ubuntu?
> 
> ---------- Post added at 06:46 AM ---------- Previous post was at 06:45 AM ----------
> 
> ...

Click to collapse



Sorry i'm lost in posts on this long thread. Did what work with 32bit?


----------



## MotoJunkie01 (Dec 22, 2017)

Helzgoth said:


> Has anyone had any success rooting VS425PP9? The best I've come up with is to first flash PP2.kdz and then flashing all the partitions of PP7.kdz except for boot, recovery, factory, and system. Rooting with Kingroot works but the screens gets messed up if the screen gets turned off.

Click to collapse



As far as I know, the method you just described is the only viable and confirmed working root method for PP6 -- PP9. However, try this: because the display drivers are encompassed within the boot image, try flashing the boot.img from PP7 instead of using the PP2 version.


----------



## Hyper_X (Jan 11, 2018)

MotoJunkie01 said:


> ....

Click to collapse



Hi, so I have totally bricked this LG phone and not sure what to do. I'm quite experienced in rooting/modifying android phones in general, but this LG is a nightmare. I tried rooting it by the guide found somewhere and it worked quite well, but then I tried to add GSM functionality by editing few lines in build.prop It usually would boot up after like 5 boot loops, but after the edit it was just glitching on LG logo like it wasn't even trying to boot. After that I entered the Download mode and tried to factory restore it, but the LGUP is now stuck on "Unknown device" and in the download mode you can see it says "modified" in red. Verizon LG software is just throwing a random error. I tried following couple un-brick guides, but nothing has changed. I refuse to think that this is the end for this phone, because I've seen far worse situations than this one, I'm just not sure what to do with it?


----------



## George_Jetson (Jan 12, 2018)

try flashing the kdz or the dz file from pp7 
and use flashtool2014 to do it.
if you need help pm me


----------



## George_Jetson (Jan 12, 2018)

Hyper_X said:


> Hi, so I have totally bricked this LG phone and not sure what to do. I'm quite experienced in rooting/modifying android phones in general, but this LG is a nightmare. I tried rooting it by the guide found somewhere and it worked quite well, but then I tried to add GSM functionality by editing few lines in build.prop It usually would boot up after like 5 boot loops, but after the edit it was just glitching on LG logo like it wasn't even trying to boot. After that I entered the Download mode and tried to factory restore it, but the LGUP is now stuck on "Unknown device" and in the download mode you can see it says "modified" in red. Verizon LG software is just throwing a random error. I tried following couple un-brick guides, but nothing has changed. I refuse to think that this is the end for this phone, because I've seen far worse situations than this one, I'm just not sure what to do with it?

Click to collapse



if you use flash tool and the pp7.kdz and board download options 
and point the .dll to the lgup common dll and choose the kdz, also put your port settings to port 41, i've had to do this 2 or 3 times it looks scarry but it's possible to fix it


----------



## George_Jetson (Jan 25, 2018)

Man every since Team Astr4y4L Left , This thread's gotten Stale.
AnyBody even Following this anymore?


----------



## George_Jetson (Jan 30, 2018)

Working Zone3 TuT over on discord...

https://discord.gg/966gnvS

---------- Post added at 07:39 PM ---------- Previous post was at 07:39 PM ----------

got the invite this morning


----------



## Calicol (Mar 28, 2018)

Hi there, I see you mentioned "There is the option of flashing the Zone 3 with LG K4 firmware since they are the exact same phone." in the post above. I am trying to root my phone which is a model VS425PP8. Will flashing it with the LG K4 firmware will make my phone rootable?


----------



## George_Jetson (Apr 14, 2018)

HAHAHA,
Team_Astr4y4L Has went and done it again, they have just released a work-around for the devices that get screen issues after downgrading  
the compleate write up is over on Team_Astr4y4L's Discord.
they made me a member of the team, and I invite everyone here to join the discussion and read the new tutorial
https://discord.gg/PZxnCa3


----------



## Smith73738 (Apr 15, 2018)

*Facing same problem*

Thanks for the discussion. Its really helpful. Now My problem has been solved. Keep discussing.

tricksnyou.in


----------



## SnowFuhrer (May 4, 2018)

I have a LG k4 k121 that I am trying to root.  Does anyone know where to get the 5.0 lollipop kdz file for it? 

Sent from my LG-K121 using XDA Labs


----------



## Chekm8Qc (May 5, 2018)

Hey can anyone share another invite link for Discord ?


----------



## healthy69 (May 6, 2018)

کیست مویی موهاي ناحيه انتهاي ستون فقرات يا دنبالچه،که به جاي آن كه از سمت ريشه به سمت پوست حركت داشته باشد سمت بافت زير پوست نفوذ و ايجاد التهاب مي كند.ارتباط نامتعادل به صورت يك لوله، بين اندام ها و يا رگ،عارضه اي به نام فیستول ايجاد مي شود.شقاق (فيشر) ترك و يا زخمي است كه در مقعد ايجاد مي شود.بواسیر یا هموروئید سیاهرگ های آماس کرده هستند که درانتهای روده ایجاد میشوند.


----------



## Chekm8Qc (May 14, 2018)

Man wth happened to get your posts deleted all over the thread..


----------



## MotoJunkie01 (May 22, 2018)

marcelo2802 said:


> @MotoJunkie01 Would it be possible to carry a custom ROM from Alcatel pixi 4 "6 to LG optimus zone 3? They have the same processor

Click to collapse



With the same chipset, porting is certainly possible.  However,  due to incompatibility between LG and Alcatel hardware, working drivers for the camera would probably entail creating custom shims for the hardware blobs. I'm not very proficient with building custom shims, but it is possible to use a prebuilt camera application such as Google Camera to get at least basic functioning up and going.


----------



## George_Jetson (Jun 25, 2018)

I would think the difficulty is in the bootloader being Locked


----------



## johnnysacco (Jul 11, 2018)

Can someone please re-post an invite to discord.


----------



## abced123 (Jul 14, 2018)

*Rooting PP4*

I have not used this phone for a while. It is on PP4 . Back then, i was able to root with PP2 or so, but after updating to PP4 I was not able to root or downgrade . The software said modified . Now, is there anyway to root PP4 or downgrade to PP2 ? TIA


----------



## George_Jetson (Jul 26, 2018)

All Questions Answered Here
https://discord.gg/ysU5kMy


----------



## Chekm8Qc (Jul 26, 2018)

omg tried to install Magisk with flashfire... what a mistake ! It patched boot image now I'm on a bootloop damn. I really thought I would still have access to download mode though ! It just stays at loading download mode omg... I'm totally screwed.


----------



## SnowFuhrer (Jul 27, 2018)

No way, I did the same a month ago. I might try making a usb jig to get it into download mode. Dumb thing is the computer doesn't recognize it.( my other bricked phones it would recognize the SoC). I did get it to the screen that gave the option to factory reset but  I left it thinking I could get back to it but I never could.

Sent from my Samsung SM-A520W using XDA Labs


----------



## Chekm8Qc (Jul 27, 2018)

Yeah I tried doing a factory reset.. doesnt fix the boot img hehe. The only way I see would be to get it in qsb loader mode by shorting test pins... don't even know where they are and I broke the phone trying to open it up lol.. it's totaled. Getting my new phone monday, moto g6 play..I hope I won't be dissapointed.


----------



## SnowFuhrer (Jul 27, 2018)

I'm still clinging to the hope I can get mine going. I have got a replacement Samsung a5 but 2 phones are better than 1 haha.:laugh:

Sent from my Samsung SM-A520W using XDA Labs


----------



## Chekm8Qc (Jul 28, 2018)

Hehe good luck with that  I decided to go with the moto g5 ( had way better cpu) it's amazing for under 200$ 

Seems pretty easy to root and such which is great hehe.


----------



## SnowFuhrer (Jul 28, 2018)

I won't root my a5 until it isn't my main phone because it will trip knox. I really wanted a google pixel 2 but oh, well. If I get the k4 working, I can do any bootloader modifications I want, because I don't care if it gets bricked.



Sent from my Samsung SM-A520W using XDA Labs


----------



## George_Jetson (Aug 17, 2018)

Here's that zone3 Discord again...


```
https://discord.gg/wap4yPz
```


----------



## SnowFuhrer (Sep 25, 2018)

@Chekm8Qc, I got my lg working again! The download jig didn't work, but I repeatedly connected and disconnected to the pc while doing the buttons.

Sent from my SM-A520W using XDA Labs


----------



## Chekm8Qc (Sep 25, 2018)

iloveoreos said:


> @Chekm8Qc, I got my lg working again! The download jig didn't work, but I repeatedly connected and disconnected to the pc while doing the buttons.

Click to collapse



Nice! I feel kinda stupid for breaking my k4 lol.. Too bad.


----------



## SnowFuhrer (Sep 25, 2018)

Chekm8Qc said:


> Nice! I feel kinda stupid for breaking my k4 lol.. Too bad.

Click to collapse



I felt the same way; that's why I didn't report it here right away.  And now when I use it, I wonder how I survived with such a slow phone.

Sent from my SM-A520W using XDA Labs


----------



## SnowFuhrer (Sep 27, 2018)

@MotoJunkie01, or anyone else, when you nuke laf partition, how do you get it back? Does fastboot work for that? Or do you have to manually put it in?

Sent from my SM-A520W using XDA Labs


----------



## MotoJunkie01 (Sep 27, 2018)

iloveoreos said:


> @MotoJunkie01, or anyone else, when you nuke laf partition, how do you get it back? Does fastboot work for that? Or do you have to manually put it in?

Click to collapse



If you have nuked the /laf partition to enable fastboot mode, you can reinstall /laf at a later time using this command:

fastboot flash laf laf.img 

Of course, when you reinstall the /laf partition, fastboot will once again become disabled and the device will again boot into Download Mode versus Fastboot Mode. To reinstall /laf, it is imperative that you backed up the partition image prior to nuking it.


----------



## SnowFuhrer (Sep 27, 2018)

MotoJunkie01 said:


> If you have nuked the /laf partition to enable fastboot mode, you can reinstall /laf at a later time using this command:
> 
> fastboot flash laf laf.img
> 
> Of course, when you reinstall the /laf partition, fastboot will once again become disabled and the device will again boot into Download Mode versus Fastboot Mode. To reinstall /laf, it is imperative that you backed up the partition image prior to nuking it.

Click to collapse



:good: What is the dd command to delete laf?

Sent from my LG-K121 using XDA Labs


----------



## MotoJunkie01 (Sep 27, 2018)

@iloveoreos, this thread should give you some guidance on the subject matter: https://forum.xda-developers.com/showthread.php?t=2708466


----------



## SnowFuhrer (Sep 27, 2018)

MotoJunkie01 said:


> @iloveoreos, this thread should give you some guidance on the subject matter: https://forum.xda-developers.com/showthread.php?t=2708466

Click to collapse



Ok, I will try wrecking laf(good riddance!) then. :laugh:
I don't know if anyone still has this phone, but why couldn't a guy just BUMP!a modified aboot to avoid secure booting? I know you all worked hours on this and know more, but I am just wondering

Sent from my SM-A520W using XDA Labs


----------



## MotoJunkie01 (Sep 27, 2018)

iloveoreos said:


> Ok, I will try wrecking laf(good riddance!) then. :laugh:
> I don't know if anyone still has this phone, but why couldn't a guy just BUMP!a modified aboot to avoid secure booting? I know you all worked hours on this and know more, but I am just wondering

Click to collapse



You can use modified aboot to avoid secure boot error. However if you just want root, full root with SuperSU v2.82-SR5 can be attained without modifying the boot image. You can use LG-UP to downgrade firmware to VS425pp2, use KingRoot to gain temp root, replace Chinese root binaries with SuperSU root binaries, then use the EverRoot feature of Flashfire to upgrade to the latest build. 
I'm thinking Astr4y4L used a modified aboot from an LG G2 to bypass secure boot to get systemless root via Magisk.


----------



## SnowFuhrer (Sep 27, 2018)

MotoJunkie01 said:


> You can use modified aboot to avoid secure boot error. However if you just want root, full root with SuperSU v2.82-SR5 can be attained without modifying the boot image. You can use LG-UP to downgrade firmware to VS425pp2, use KingRoot to gain temp root, replace Chinese root binaries with SuperSU root binaries, then use the EverRoot feature of Flashfire to upgrade to the latest build.
> I'm thinking Astr4y4L used a modified aboot from an LG G2 to bypass secure boot to get systemless root via Magisk.

Click to collapse



I currently have my k4 rooted with SuperSU 2.79.(first rooted with kingoroot). Would the modified aboot work on a k4 too? As I said a few posts back, i had tried installing magisk but it had secure booting error.

Sent from my LG-K121 using XDA Labs


----------



## MotoJunkie01 (Sep 27, 2018)

iloveoreos said:


> I currently have my k4 rooted with SuperSU 2.79.(first rooted with kingoroot). Would the modified aboot work on a k4 too? As I said a few posts back, i had tried installing magisk but it had secure booting error.

Click to collapse



Don't know for certain on that. Although I realize that the K4 is basically the GSM version of the Zone 3, I'm not sure as to whether there are any significant partition mapping or configuration differences. I would recommend contacting Astr4y4L, who is now developing over at Android Central. Tell him I referred you. He's very well versed on these LG devices and I believe he will have the answers.


----------



## SnowFuhrer (Sep 28, 2018)

MotoJunkie01 said:


> @iloveoreos, this thread should give you some guidance on the subject matter: https://forum.xda-developers.com/showthread.php?t=2708466

Click to collapse



I tried the command in this thread but there was no such file or directory. I PM'ed you.

Sent from my LG-K121 using XDA Labs


----------



## MotoJunkie01 (Sep 28, 2018)

iloveoreos said:


> I tried the command in this thread but there was no such file or directory. I PM'ed you.

Click to collapse



Regretfully, I no longer do support on the device. In the near future, when overtime on my current job slows down, I will be working with @Astr4y4L to port a LineageOS or CyanogenMod based custom ROM for the Zone 3.


----------



## SnowFuhrer (Sep 28, 2018)

MotoJunkie01 said:


> Regretfully, I no longer do support on the device.

Click to collapse



Ya, I'm kind of alone. :crying:

Sent from my SM-A520W using XDA Labs

---------- Post added at 04:04 PM ---------- Previous post was at 03:45 PM ----------




MotoJunkie01 said:


> Regretfully, I no longer do support on the device. In the near future, when overtime on my current job slows down, I will be working with @Astr4y4L to port a LineageOS or CyanogenMod based custom ROM for the Zone 3.

Click to collapse



Did he get the bootloader unlocked? 

Sent from my LG-K121 using XDA Labs


----------



## SnowFuhrer (Sep 28, 2018)

iloveoreos said:


> I tried the command in this thread but there was no such file or directory. I PM'ed you.

Click to collapse



I tried a different root browser and for some reason it showed some files that my other one didn't. Found laf and killed it. Just need to hook my phone up to the pc.

Sent from my SM-A520W using XDA Labs


----------



## SnowFuhrer (Oct 2, 2018)

@MotoJunkie01, my phone was having some issues so I tried to boot into fastboot to reflash the system and whatnot. However it booted into download mode! So I tried reflashing with lgup like I always have and didn't think much of it. But after it had completed, all my apps and data were there still. I tried a few times but it kept doing the same. I have used that firmware often and it always works. And the reason I tried reflashing was that I couldn't root. Kingoroot and supersu would install properly, but the apps are stuck on acquiring root. Do you have any idea?

Sent from my Samsung SM-A520W using XDA Labs


----------



## MotoJunkie01 (Oct 2, 2018)

iloveoreos said:


> @MotoJunkie01, my phone was having some issues so I tried to boot into fastboot to reflash the system and whatnot. However it booted into download mode! So I tried reflashing with lgup like I always have and didn't think much of it. But after it had completed, all my apps and data were there still. I tried a few times but it kept doing the same. I have used that firmware often and it always works. And the reason I tried reflashing was that I couldn't root. Kingoroot and supersu would install properly, but the apps are stuck on acquiring root. Do you have any idea?

Click to collapse



Have you tried using the Verizon Software Repair & Upgrade utility for PC?  It recognizes your device (in Download Mode), downloads the most current stock build, and restores your phone to stock factory condition. It'll typically work when other methods fail.


----------



## SnowFuhrer (Oct 2, 2018)

MotoJunkie01 said:


> Have you tried using the Verizon Software & Upgrade utility for PC? It recognizes your device (in Download Mode), downloads the most current stock build, and restores your phone to stock factory condition. It'll typically work when other methods fail.

Click to collapse



Does it just work with Verizon phones?

Sent from my Samsung SM-A520W using XDA Labs


----------



## MotoJunkie01 (Oct 2, 2018)

iloveoreos said:


> Does it just work with Verizon phones?

Click to collapse



Verizon branded LG devices. Yes. You also have the option of the LG Flash Tool (2014). It installs KDZ and TOT firmware packages.


----------



## SnowFuhrer (Oct 2, 2018)

MotoJunkie01 said:


> Verizon branded LG devices. Yes. You also have the option of the LG Flash Tool (2014). It installs KDZ and TOT firmware packages.

Click to collapse



Ok, because I'm on koodo mobile in Canada. I tried flashing again and my device drivers uninstalled or something weird. Anyway, I might try lg flash tool. I'm wondering if there is pc issues?

Sent from my Samsung SM-A520W using XDA Labs


----------



## MotoJunkie01 (Oct 2, 2018)

iloveoreos said:


> Ok, because I'm on koodo mobile in Canada. I tried flashing again and my device drivers uninstalled or something weird. Anyway, I might try lg flash tool. I'm wondering if there is pc issues?

Click to collapse



Yeah very possible. Try switching USB ports, sync cables, or even try another PC.


----------



## SnowFuhrer (Oct 2, 2018)

MotoJunkie01 said:


> Yeah very possible. Try switching USB ports, sync cables, or even try another PC.

Click to collapse



Don't have another pc but could try different cables or ports. The weird thing is lgup detects phone, no errors while flashing, and download mode shows what it normally does.

Sent from my Samsung SM-A520W using XDA Labs


----------



## SnowFuhrer (Oct 2, 2018)

I finally factory reset.(I could still get in the phone). When it finished it went right to the home screen, didn't have to do Google account or anything. Weird anyway

Sent from my Samsung SM-A520W using XDA Labs


----------



## MotoJunkie01 (Oct 9, 2018)

iloveoreos said:


> I finally factory reset.(I could still get in the phone). When it finished it went right to the home screen, didn't have to do Google account or anything. Weird anyway

Click to collapse



Cool. So is everything still working as normal? Any more issues?


----------



## SnowFuhrer (Oct 9, 2018)

MotoJunkie01 said:


> Cool. So is everything still working as normal? Any more issues?

Click to collapse



Haven't worked on it for a few days. I found out that the aboot flashes successfully as I can root when I flash the right one but not the other. Just can't grant apps root access for some reason. It works about perfect except for no root. And lg  backup always (every 30 seconds or so) pops up on my screen to move data from my old device. If I could just grant flashfire root, I think I could fix it.

Sent from my Samsung SM-A520W using XDA Labs


----------



## SnowFuhrer (Oct 17, 2018)

There went @MotoJunkie01 :crying:

Sent from my Samsung SM-A520W using XDA Labs


----------



## Chekm8Qc (Oct 17, 2018)

iloveoreos said:


> There went @MotoJunkie01 :crying:

Click to collapse



I remember the way I rooted my k4 when I had it. It's not the aboot that I flashed it was the boot.img. The 10c boot.img (cause I was on 10f firmware and it was unrootable)

That's what made kingroot work. Then I had replaced king user with SuperSU.


----------



## SnowFuhrer (Oct 18, 2018)

Chekm8Qc said:


> I remember the way I rooted my k4 when I had it. It's not the aboot that I flashed it was the boot.img. The 10c boot.img (cause I was on 10f firmware and it was unrootable)
> 
> That's what made kingroot work. Then I had replaced king user with SuperSU.

Click to collapse



I could root just not grant apps root privileges. But now I am stuck with no root as I had flashed 10f and LGUP doesn't show up properly. Also can't get adb to work. Did a few factory resets but that doesn't help, of course. I wish there was a way to get Qualcomm bulk download mode working.

Sent from my Samsung SM-A520W using XDA Labs


----------



## Chekm8Qc (Oct 18, 2018)

iloveoreos said:


> I could root just not grant apps root privileges. But now I am stuck with no root as I had flashed 10f and LGUP doesn't show up properly. Also can't get adb to work. Did a few factory resets but that doesn't help, of course.

Click to collapse



Can you simply start from scratch with a full kdz flash ? ADB should work if your drivers are installed and all ..


----------



## SnowFuhrer (Oct 18, 2018)

Chekm8Qc said:


> Can you simply start from scratch with a full kdz flash ? ADB should work if your drivers are installed and all ..

Click to collapse



LGUP doesn't have any options (they disappeared after latest flash).. unless it's a pc issue. I'll upload a screenshot.

Sent from my Samsung SM-A520W using XDA Labs


----------



## Chekm8Qc (Oct 18, 2018)

iloveoreos said:


> LGUP doesn't have any options (they disappeared after latest flash).. unless it's a pc issue. I'll upload a screenshot.

Click to collapse



But LGUP isn't the only way to go back to full stock. I used Lg mobile support or lg bridge I think..connect the phone and its supposed to do the work.

This lgup stuff isn't really fresh in my memory unfortunately. What I know is that before I found out about lgup I used another program for flashing .


----------



## SnowFuhrer (Oct 18, 2018)

Chekm8Qc said:


> But LGUP isn't the only way to go back to full stock. I used Lg mobile support or lg bridge I think..connect the phone and its supposed to do the work.
> 
> This lgup stuff isn't really fresh in my memory unfortunately.

Click to collapse



There is alternatives? I'll maybe try one of those. I think the reason adb isn't working is because there is no popup coming up on my phone to allow from the pc. Why it wouldn't is beyond me. Adb works on my other phone though.


Sent from my Samsung SM-A520W using XDA Labs


----------



## Chekm8Qc (Oct 18, 2018)

iloveoreos said:


> There is alternatives? I'll maybe try one of those. I think the reason adb isn't working is because there is no popup coming up on my phone to allow from the pc. Why it wouldn't is beyond me. Adb works on my other phone though.

Click to collapse



Maybe try to get your phone back to scratch and then try ADB again. Yes there are alternatives but they aren't cool lik LGUP hehe. They don't allow partition flashing and backups and stuff. Just simple back to stock firmware flashing.

And if you backtrack our PM's from way back you can find instructions on installing modded LGUP (say you want to reinstall it)


----------



## SnowFuhrer (Oct 18, 2018)

Chekm8Qc said:


> Maybe try to get your phone back to scratch and then try ADB again. Yes there are alternatives but they aren't cool lik LGUP hehe. They don't allow partition flashing and backups and stuff. Just simple back to stock firmware flashing.
> 
> And if you backtrack our PM's from way back you can find instructions on installing modded LGUP (say you want to reinstall it)

Click to collapse



Ya I did that. The alternative lg tools can just upgrade not reflash. Here is the screenshot of lgup.


----------



## Chekm8Qc (Oct 18, 2018)

iloveoreos said:


> Ya I did that. The alternative lg tools can just upgrade not reflash. Here is the screenshot of lgup.

Click to collapse



Hmm are you sure about that ? I believe there was a repair option somewhere in lg mobile support tool.

Something like that ?


----------



## SnowFuhrer (Oct 18, 2018)

Chekm8Qc said:


> Hmm are you sure about that ? I believe there was a repair option somewhere in lg mobile support tool.
> 
> Something like that ?

Click to collapse



I will check again.


----------



## pndwal (Oct 18, 2018)

iloveoreos said:


> There went @MotoJunkie01 :crying:

Click to collapse



Just to say for now we have no OP for some 35 threads incl. threads for Tb3-850F, Moto E, Moto G, LG and others.

Our OP was a casualty in what can only be described as a train wreck. Nerves were stepped on, tempers flared, and the rest is history. Its all history.

I hope he'll be back in the drivers seat sometime soon, but I'm not holding my breath.

I'm very disappointed it's come to this. (For me, especially after hoping and looking forward to his LOS port for Lenovo TB3-850F for some time, and knowing the initial release has been completed but now will not be posted on XDA).

Thank you @MotoJunkie01, for your efforts with our shared devices, and for the help, support and edification you offered to so many over the last couple of years. Hope you will return, but wish you all the best anyway.

Sincerely, PW.


----------



## SnowFuhrer (Oct 18, 2018)

pndwal said:


> Just to say for now we have no OP for some 35 threads incl. threads for Tb3-850F, Moto E, Moto G, LG and others.
> 
> Our OP was a casualty in what can only be described as a train wreck. Nerves were stepped on, tempers flared, and the rest is history. Its all history.
> 
> ...

Click to collapse



Ya, it's too bad. 
But anyway back to business, @Checkm8Qc, I had to disconnect my phone from the pc for the option to show up. Once I did that it worked until it downloaded the firmware. It stops after that. Here is the screenshot. 
Another issue with my phone is that network provided time is wacky. Don't know if this is relevant to any issues tho.


----------



## SnowFuhrer (Oct 18, 2018)

I can't move files between the phone and computer over usb either. The drivers don't show up normally. This phone is probably done for  Here is a bit of a log that might be of interest.
	
	



```
---- SHOW MAP 124 () (/system/xbin/su root showmap 124) ------ *** exec(/system/xbin/su): No such file or directory *** /system/xbin/su: Exit code 255 [/system/xbin/su: 0.101s elapsed]
```


----------



## Chekm8Qc (Oct 18, 2018)

iloveoreos said:


> I can't move files between the phone and computer over usb either. The drivers don't show up normally. This phone is probably done for  Here is a bit of a log that might be of interest.

Click to collapse



Not sure what to say..have you tried lg bridge too ??


----------



## SnowFuhrer (Oct 18, 2018)

Chekm8Qc said:


> Not sure what to say..have you tried lg bridge too ??

Click to collapse



I installed it and looked through it a little but didn't find anything. I redownloaded the lgup stuff and lgup worked! So I tried flashing the firmware but nothing changes now.  Can't even root. I have been trying to figure out lg flash tool but I need some knowledge how to use it. But,  I'm sure something in the phone is wrong as pc doesn't detect it correctly.


----------



## Chekm8Qc (Oct 18, 2018)

iloveoreos said:


> I installed it and looked through it a little but didn't find anything. I redownloaded the lgup stuff and lgup worked! So I tried flashing the firmware but nothing changes now. Can't even root. I have been trying to figure out lg flash tool but I need some knowledge how to use it. But, I'm sure something in the phone is wrong as pc doesn't detect it correctly.

Click to collapse



Ok so you flashed the full kdz 10f ??
If so ..now flash the 10c boot.img.


----------



## SnowFuhrer (Oct 18, 2018)

Chekm8Qc said:


> Ok so you flashed the full kdz 10f ??
> If so ..now flash the 10c boot.img.

Click to collapse



It doesn't flash though. It shows that it does but it isn't. My apps stay, data stays, it the damndest thing I ever saw.


----------



## Chekm8Qc (Oct 18, 2018)

iloveoreos said:


> It doesn't flash though. It shows that it does but it isn't.

Click to collapse



How do you know it doesn't flash ? You mean the kdz or the boot img?


----------



## SnowFuhrer (Oct 18, 2018)

Chekm8Qc said:


> How do you know it doesn't flash ? You mean the kdz or the boot img?

Click to collapse



Everything. I tried the boot.img like always but I can't root.


----------



## Chekm8Qc (Oct 18, 2018)

iloveoreos said:


> Everything. I tried the boot.img like always but I can't root.

Click to collapse



Maybe cause the kdz didn't actually flash.. or since it's the same version it doesn't actually reset the phone idk. So you said you had tried a different aboot ?? Which one are you on right now ?

And when you say you can't root you mean that king root succeeds but it's not really rooted or it simply fails ?


----------



## SnowFuhrer (Oct 18, 2018)

Chekm8Qc said:


> Maybe cause the kdz didn't actually flash.. or since it's the same version it doesn't actually reset the phone idk. So you said you had tried a different aboot ?? Which one are you on right now ?

Click to collapse



I never flashed a different about as I got these issues first. But I had tried disabling laf. But obviously it didn't work. Maybe it's causing the problem. I will try flashing the 10c kdz and the 10f after that.


----------



## Chekm8Qc (Oct 18, 2018)

iloveoreos said:


> I never flashed a different about as I got these issues first. But I had tried disabling laf. But obviously it didn't work. Maybe it's causing the problem. I will try flashing the 10c kdz and the 10f after that.

Click to collapse



I don't think you can flash to whole 10c kdz I tried that once ..the system IMG doesn't pass the check or something.

You nuked laf but you can still access download mode ?


----------



## SnowFuhrer (Oct 18, 2018)

Chekm8Qc said:


> I don't think you can flash to whole 10c kdz I tried that once ..the system IMG doesn't pass the check or something.
> 
> You nuked laf but you can still access download mode ?

Click to collapse



Ya the 10c doesn't flash completely.
I thought I had nuked laf but I can still get into download mode so it mustn't have worked. 
I just tried lg bridge but it doesn't connect.

---------- Post added at 11:23 PM ---------- Previous post was at 11:20 PM ----------




iloveoreos said:


> Ya the 10c doesn't flash completely.
> I thought I had nuked laf but I can still get into download mode so it mustn't have worked.
> I just tried lg bridge but it doesn't connect.

Click to collapse



If only I had done a dump when I had got this phone. It was running 5.0.0.:crying:

I just finished trying to flash the 10c and 10f. Same result.


----------



## Chekm8Qc (Oct 19, 2018)

iloveoreos said:


> Ya the 10c doesn't flash completely.
> I thought I had nuked laf but I can still get into download mode so it mustn't have worked.
> I just tried lg bridge but it doesn't connect.
> 
> ...

Click to collapse



There must be something wrong with laf if nothing flashes hehe..if you try to flash laf.img from 10c kdz ?


----------



## SnowFuhrer (Oct 19, 2018)

Chekm8Qc said:


> There must be something wrong with laf if nothing flashes hehe..if you try to flash laf.img from 10c kdz ?

Click to collapse



Sure, I'll try. I tried flashing a system.img from an earlier backup and it bootlooped. So something must be flashing. Just not everything. How that works, I don't know. :silly:


----------



## Chekm8Qc (Oct 19, 2018)

iloveoreos said:


> Sure, I'll try. I tried flashing a system.img from an earlier backup and it bootlooped. So something must be flashing. Just not everything.

Click to collapse



Dang I'm not sure what to say anymore lol this is confusing.

Did you use the same version of king root or the latest when you tried to root ?


----------



## SnowFuhrer (Oct 19, 2018)

Chekm8Qc said:


> Dang I'm not sure what to say anymore lol this is confusing.
> 
> Did you use the same version of king root or the latest when you tried to root ?

Click to collapse



I have never tried kingroot until today and it said sending requests. I have always used kingoroot. I haven't seen different versions of either one though. I was thinking if I could inject supersu into a system.img I could maybe root that way.


----------



## Chekm8Qc (Oct 19, 2018)

iloveoreos said:


> I have never tried kingroot until today and it said sending requests. I have always used kingoroot. I haven't seen different versions of either one though. I was thinking if I could inject supersu into a system.img I could maybe root that way.

Click to collapse



I had tried rooting that way but the system image didn't pass once again .. though I checked my old posts and Astr4y4l had uploaded a rooted system image 10B or something and flashing it actually worked. Though camera didn't work.

Say you flash that image..then try to restore with lg bridge or lg support tool since you would be on a different version than 10F. Maybe the tool will work since it's kind of an update.

I also checked what version of king o root (thought it was king root but no..) and it was 4.3.2

Edit: I checked again and  it's weird sometimes I mention king root sometimes kingoroot lol wtf.


----------



## SnowFuhrer (Oct 19, 2018)

Chekm8Qc said:


> I had tried rooting that way but the system image didn't pass once again .. though I checked my old posts and Astr4y4l had uploaded a rooted system image 10B or something and flashing it actually worked. Though camera didn't work.
> 
> Say you flash that image..then try to restore with lg bridge or lg support tool since you would be on a different version than 10F. Maybe the tool will work since it's kind of an update.
> 
> I also checked what version of king o root (thought it was king root but no..) and it was 4.3.2

Click to collapse



Do you know where the link is?


----------



## Chekm8Qc (Oct 19, 2018)

iloveoreos said:


> Do you know where the link is?

Click to collapse



Probably have that still on my PC I'll check. 

Edit : I found a system image from a Dump I had made with lgup and it was in a folder named 10b. That's probably the right one. I'm uploading it to Google drive.

---------- Post added at 01:53 AM ---------- Previous post was at 01:05 AM ----------




iloveoreos said:


> Do you know where the link is?

Click to collapse



Just name it system.img 

https://drive.google.com/file/d/1Azi6YylA7IatS4HDWyCA-LaP_hlnQHuX/view?usp=drivesdk


----------



## SnowFuhrer (Oct 21, 2018)




----------



## SnowFuhrer (Oct 24, 2018)

@Chekm8Qc there was a bent pin in my phone port. I straightened it out, reflashed, and everything is normal I think!


----------



## Chekm8Qc (Oct 24, 2018)

iloveoreos said:


> @Chekm8Qc there was a bent pin in my phone port. I straightened it out, reflashed, and everything is normal I think!

Click to collapse



Lol who would have thought that really


----------



## SnowFuhrer (Oct 24, 2018)

Chekm8Qc said:


> Lol who would have thought that really

Click to collapse



 Yeah it's kind of funny!


----------



## SnowFuhrer (Oct 24, 2018)

I'm having this problem again. I have uninstalled, reinstalled, copied the folders, redownloaded, nothing seems to help. I can get it to work with Uppercut, but that doesn't have the right options.


----------



## SnowFuhrer (Oct 24, 2018)

@Chekm8Qc I flashed pp7 firmware and hard bricked it


----------



## Chekm8Qc (Oct 26, 2018)

iloveoreos said:


> @Chekm8Qc I flashed pp7 firmware and hard bricked it

Click to collapse



Noooo

Astr4yal's pp7 or what ? Man this sucks sorry to hear that.


----------



## SnowFuhrer (Oct 26, 2018)

Chekm8Qc said:


> Noooo
> 
> Astr4yal's pp7 or what ? Man this sucks sorry to hear that.

Click to collapse



Ya the stock zone 3. I read in a g4 thread you could short 2 pins to get Qualcomm 9008 mode. If I can get that, then it might be fixable. It looks like a mess to pull apart though.  I am getting good at hard bricking phones lol.


----------



## Chekm8Qc (Oct 27, 2018)

iloveoreos said:


> Ya the stock zone 3. I read in a g4 thread you could short 2 pins to get Qualcomm 9008 mode. If I can get that, then it might be fixable. It looks like a mess to pull apart though.  I am getting good at hard bricking phones lol.

Click to collapse



A mess you say ? I broke mine trying to open it lol cause it was also hard bricked. I must admit that I wasn't very gentle though ..was kinda pissed that it was bricked hehe.


----------



## SnowFuhrer (Oct 27, 2018)

Chekm8Qc said:


> A mess you say ? I broke mine trying to open it lol cause it was also hard bricked. I must admit that I wasn't very gentle though ..was kinda pissed that it was bricked hehe.

Click to collapse



I can't seem to find any screws so it looks like a job for a heat gun or something. I KNOW  it wouldn't be fun.


----------



## jaylapp35 (Apr 29, 2019)

Hey buddy I'm trying to root my LG Zone 4 been having trouble just all the way around would like a somebody to explain it to me maybe in some pretty good detail


----------



## SnowFuhrer (Apr 29, 2019)

jaylapp35 said:


> Hey buddy I'm trying to root my LG Zone 4 been having trouble just all the way around would like a somebody to explain it to me maybe in some pretty good detail

Click to collapse



This is for the zone 3 not zone 4. You can probably assume that your phone is unrootable given how hard the zone 3 is to root. But you need a dev for it and that is very unlikely.


----------



## jaylapp35 (May 1, 2019)

iloveoreos said:


> This is for the zone 3 not zone 4. You can probably assume that your phone is unrootable given how hard the zone 3 is to root. But you need a dev for it and that is very unlikely.

Click to collapse



Can you tell me how to root my zone 4


----------



## SnowFuhrer (May 1, 2019)

jaylapp35 said:


> Can you tell me how to root my zone 4

Click to collapse



I don't think you can. Can you access fastboot?


----------



## techeligible3322 (May 3, 2019)

hey do you have firmware for android 7 ?


----------



## SnowFuhrer (May 4, 2019)

techeligible3322 said:


> hey do you have firmware for android 7 ?

Click to collapse



Android 6 doesn't exist for it afaik.


----------



## techeligible3322 (May 18, 2019)

SnowFuhrer said:


> Android 6 doesn't exist for it afaik.

Click to collapse



alright thank you


----------



## OrdoñezFTW (Jun 20, 2019)

A have this phone:
IMEI: 3529xxxxxxxxxxx


----------



## SoleCrusherTheFirst (Jul 2, 2019)

Is it possible to root the VS425PP9?

---------- Post added at 04:21 PM ---------- Previous post was at 04:18 PM ----------




MotoJunkie01 said:


> LG OPTIMUS ZONE 3 - UNBRICKING GUIDE AND 5.1.1 FACTORY FIRMWARE
> 
> This guide has two main objectives: (1) for those with a bricked device who want to restore to the latest factory firmware image; and (2) those who need .kdz Stock 5.1.1 Factory Firmware files.
> 
> ...

Click to collapse



Can you root the VS425PP9 with this method???


----------



## SnowFuhrer (Jul 3, 2019)

SoleCrusherTheFirst said:


> Is it possible to root the VS425PP9?
> 
> ---------- Post added at 04:21 PM ---------- Previous post was at 04:18 PM ----------
> 
> ...

Click to collapse



I suppose you could try.


----------



## romis138 (Nov 12, 2019)

I have a couple of these still on 5.1.1, can they be rooted?


----------



## SnowFuhrer (Nov 12, 2019)

romis138 said:


> I have a couple of these still on 5.1.1, can they be rooted?

Click to collapse



Yup, but you cant unlock bootloader. Also idk if the files are still available.


----------



## ₥ike_grips (Apr 26, 2020)

*Dev settings enable oem unlock*

With rooted vs425Lpp2 vzw zone 3 (USA)
From quick shortcut maker launch settings util
(Com.android.settings.utils.settingsutil)
I Changed property to US - LGU 
I found that in developer settings enable oem unlock was present
I enabled it. Warning pop up popped up. I haven't ran fastboot oem_unlock -go  yet.  
Wanted to share. I wish I could do this to my mpcs A10e ?


----------



## jen-soft (Oct 22, 2020)

VS425PP2
As to rooting the Zone 3, several recent advancements have been achieved and full root access is now possible. Thanks to  Astr4y4L, a comprehensive root package is available for Click on this link and scroll down the the bottom and click the projects link.
 Server not found  : ((
does anybody have instruction how to rooting it?


----------



## noidodroid (Jun 18, 2021)

MotoJunkie01 said:


> @Astr4y4L sorry I didn't get your device in the mail today. Been laid up with a migraine. Just now moving around a little. Better now. I'll take it over in the morning first thing and get it shipped.

Click to collapse



Hey MotoJunkie.. Are you back here on XDA? I can't reach you through email or on the Motorola forums.. Get back with me if you are. Be great to catch up.


----------



## jenbcute (Jul 30, 2021)

George_Jetson said:


> Working Zone3 TuT over on discord...
> 
> https://discord.gg/966gnvS
> 
> ...

Click to collapse



do you have an updated link I could check out?


----------



## noidodroid (Aug 5, 2021)

jenbcute said:


> do you have an updated link I could check out?

Click to collapse



I didn't see the whole post but if you're referring to the telegram I think it's since abandoned.


----------



## codebot (Nov 18, 2022)

₥ike_grips said:


> *Dev settings enable oem unlock*
> 
> With rooted vs425Lpp2 vzw zone 3 (USA)
> From quick shortcut maker launch settings util
> ...

Click to collapse



This is interesting but  does anyone know what it means?

I can't find `com.android.settings.utils.settingsutil` referenced anywhere, not on the phone, source code, or online.

What does "changed property to US - LGU" mean? Which property? Which settings? Is there any other way to change this? (build.prop?)

How would `fastboot oem unlock` even work when fastboot doesn't work? If you nuke the laf partition you can get to fastboot but it's a broken version that can't actually do anything. Did that get solved?


----------

