• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root [WIP][DEV] Custom Recovery/Bootloader unlocking Work In Progress Thread

Well to hold down paper in windy situations, a sexy Lil sd card holder. A smooth surface to touch. A handy windows breaker or wall crator creator a house of motions if you have enough of them. Returning to metro for a new one. To hit people with. Yea bricked motion sounds fun. All I can do is hope otherwise is true of the bootloader that it can handle unlocking.

Sent from my LG-MS770 using Tapatalk 2
 
Shabbypenguin said:
what you guys need to understand is this isnt motorola. moto have been using fuses for a while some of their older devices (droid x etc) came with ways to unlock them but blew the efuse to prevent people from unlocking them.

the latest unlock tool by dan allows the non developer versions of these devices to unlock. moto left those fuses unblown in the regular version and just used software to tell the two apart which led to this. this device may have no fuses, it may have teh exact same ones, it may have them in a different location.

lets say for instance you probe teh right fuse on a razr M it thinks oh hey im a dev version and im unlocked. you probe the right "fuse" on the motion. there is no guarantee that there will be any form of it realizing oh crap so this is what unlocked feels like, it may just error out, it could brick, it could say hey im unlocked but now idk wtf to do.

the moto stuff worked because there was already systems in place for when it unlocked, not so much here as far as we can tell. unless someone knows something more they arent sharing :/
Click to expand...

This device does have qfuse present. It was visible in a dump somebody did and posted. Cant seem to locate the post. This post in response to speculation on fuses in the motion. For clarity
 
I have installed Ubuntu again and extracted boot. Img as well. I made a small (but will be noticeable) change but I'm having issues repacking it and can't get back to it until tomorrow. Once its repacked we can use the unlock command and flash modified boot. Image to see if it takes. If it doesn't boot but no security error I will add a dummy filler file to make the image its original size and we can try again.
 
Ok, unbricking/flashing firmware DOES reflash the bootloader. I know this because I erased aboot partition and went into download mode, aboot was reflashed. Phone would not do anything at all without an aboot installed (obviously).

Another thing: sometimes you can screw up your radio with messing with certain things while in CM10. Unbricking WILL NOT fix your radio partitions. You must reflash the partition to fix it. How??? I don't know, but hopefully you did flash lgm_modemst_bakup.zip. Maybe candoopa can chime in about that, he's the one who found that out to begin with.
 
Sammy your the most experiences with fastboot on our phone so i would prefer you test this but anyone who is comfortable is welcome.. I decided to take a different approach after exploring the unpacked boot.img. Since the wallpaper file is called by the etc early etc.rc file I could not do anything b/c that file is not in the ramdisk. I decided instead to take the stock recovery and modify it. So here it is....
https://www.dropbox.com/s/yc6mgqvo0mx7ez9/recovery.img
This is the recovery exactly AS IS minus the wallpaper file that is so disconcerning to many. I believe this should be flashed through fastboot after issueing the reboot bootloader and fastboot oem unlock command. If you do this please also run fastboot var all command and save the results. I believe this is the only way to replace our recovery correct sammy? I know you tried flashing some cwm recovery on the phone.....This should run recovery and set everything up minus lgs horrid wallpaper! I hope it works and if it does I believe i can use the same method to invoke root upon factory reset as well.
 
Okay I backed my work stuff up on PC. Point me in the easiest direction to achieve fastboot on this phone and I will furthur pursue the recovery, boot. Img, wallpaper etc on my own.
 
omgbossis21 said:
Sammy your the most experiences with fastboot on our phone so i would prefer you test this but anyone who is comfortable is welcome.. I decided to take a different approach after exploring the unpacked boot.img. Since the wallpaper file is called by the etc early etc.rc file I could not do anything b/c that file is not in the ramdisk. I decided instead to take the stock recovery and modify it. So here it is....
https://www.dropbox.com/s/yc6mgqvo0mx7ez9/recovery.img
This is the recovery exactly AS IS minus the wallpaper file that is so disconcerning to many. I believe this should be flashed through fastboot after issueing the reboot bootloader and fastboot oem unlock command. If you do this please also run fastboot var all command and save the results. I believe this is the only way to replace our recovery correct sammy? I know you tried flashing some cwm recovery on the phone.....This should run recovery and set everything up minus lgs horrid wallpaper! I hope it works and if it does I believe i can use the same method to invoke root upon factory reset as well.
Click to expand...

Sorry I didn't see this yet, haven't been on much cause I'm moving. Maybe on Sunday I'll try flashing this and a bunch of other stuff. I have a ton of homework on top of moving so, yea. If you need help getting into fastboot, I know Shabbypenguin knows.
Or read this: http://androidforums.com/showthread.php?p=5686483
Our boot block is 0p7 I believe.
 
Alright i used fastboot and flashed my recovery then exited fastboot and ran adn reboot recovery. This booted to a secure certificate error which i then rebooted again back in os. It was partially reset (some data and settings remained,apps etc did not). Is this the error you encountered flashing alternate recoveries? Also flashing my modified boot.img leads me to the secure error as well and all i changed was the boot logo. This is making me think these partitions are digitally signed.....
 
omgbossis21 said:
Alright i used fastboot and flashed my recovery then exited fastboot and ran adn reboot recovery. This booted to a secure certificate error which i then rebooted again back in os. It was partially reset (some data and settings remained,apps etc did not). Is this the error you encountered flashing alternate recoveries? Also flashing my modified boot.img leads me to the secure error as well and all i changed was the boot logo. This is making me think these partitions are digitally signed.....
Click to expand...

which is what is implied with a locked bootloader
 
Yes but I was under the impression Sammy's test of the recovery. Img didn't throw the security errors, just the custom cwm didn't work. Oh well, this phone will never be unlocked unless LG releases a unlock method and that's not gonna happen. Time to get a s3....
 
what if we run fastboot during cm 10 ROM.also used to have a moto click that you can read from the SD card first instead of the actual system. cood we mod the system and have it read the SD card first
 
omgbossis21 said:
Yes but I was under the impression Sammy's test of the recovery. Img didn't throw the security errors, just the custom cwm didn't work. Oh well, this phone will never be unlocked unless LG releases a unlock method and that's not gonna happen. Time to get a s3....
Click to expand...

i got morningcall.
 
I think qhusb_dload mode may bypass everything but i am not sure.
When i pucked my phone it acted like only the hardware was alive.
 
I didn't get morningcall either from recovery or boot. Img that were modified. Seems it may have failed a check pertaining to size. When I have some time I will build my recovery image to match the size of the stock one. I did run fastboot OEM unlock each time first.
 
I need the exact qhusb_ dload driver that was used when they programmed my phone
Or at least thats what a tech from qualcom told me when i called them looking for the driver
 
rhino889a said:
I need the exact qhusb_ dload driver that was used when they programmed my phone
Or at least thats what a tech from qualcom told me when i called them looking for the driver
Click to expand...

I would think it doesn't matter, probably needs a certain file to be loaded to "fix" the phone.
 
sammyz said:
I would think it doesn't matter, probably needs a certain file to be loaded to "fix" the phone.
Click to expand...

It matters with other Windows drivers for phones, just to get adb working.

Dealing with Qualcomm high speed usb download mode - porting directly to the modem functions - isn't trivial, sadly.
 
To unlock bootloader, we need to look inside the aboot partition for some exploit. The phone will retain the emergency/download mode if it has the following partitions untouched

SBL1, SBL2,SBL3,RPM,TZ.

You can mess around with aboot, remove it but the phone will be still having download mode and you can flash to stock via known tools. If any one of the above partitions are altered without any proper knowledge of what you are doing will brick the device permanently and your PC will detect the phone in QHUSB_DLOAD mode. We cannot recover yet from this kind of brick as we do not have any signed cert/hex files for our phones needed to be flashed with QPST etc.

The optimus g unlock which was mentioned some pages back isnt done by simple unlock cmd, i.e, fastboot oem unlock, its just that the phone is very much similar to the nexus4 and due to this the smart devs are able to dump nexus4 aboot and flash it onto the optimus g as mentioned by ShabbyPenguin already.

Also we need to patch boot.img in order to skip bootloader checks to avoid LG security error boot issue. I'm not aware of how to make these things work or anything like that, i have encountered some horrible issues with the optimus g and i was only be able to recover with the help of jtag and thats the only reason i know what bricks the device. I will be getting a motion for fun next week and if you guys need some info like partition dumps including sbl's, partition info (GPT), please do let me know.
 
You must log in or register to reply here.
Back
Top Bottom