So I have two v20s with 10d firmware.
I have followed Github's instruction to root the phones. Which are as follows:
Building:
lunch your_device-eng
make -j5 dirtycow recowvery-applypatch recowvery-app_process recowvery-run-as
Running:
Note: Use app_process32 on 32-bit targets.
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb shell
$ cd /data/local/tmp
$ chmod 0777 *
$ ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
$ ./dirtycow /system/bin/app_process64 recowvery-app_process64
"<wait for completion, your phone will look like it's crashing>"
$ exit
adb logcat -s recowvery
"<wait for it to tell you it was successful>"
"[CTRL+C]"
adb shell reboot recovery
"<wait for phone to boot up again, your recovery will be reflashed to stock>"
adb shell
$ getenforce
"<it should say Permissive, adjust source and build for your device!>"
$ cd /data/local/tmp
$ ./dirtycow /system/bin/run-as recowvery-run-as
$ run-as exec ./recowvery-applypatch boot
"<wait for it to flash your boot image this time>"
$ run-as su
#
"<play around in your somewhat limited root shell full of possibilities>"
From your root shell, it's possible to use commands such as:
dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
Now, first phone I was able to get TWRP however when I rebot the phone to recovery, it would ask me for password. It would not instal super user without the password. It would be read only. When I reset the phone, it went into infamous recovery bootloop. It would only boot to TWRP.
Second phone I have got to as far as getenforce however it says enforcing instead of permissive.
Now I am sure what to do next and I am stuck with two bricked? phone.
I have been trying to find firmware 10d but I could not find it. Only 10i or 10j were found. Do I restore it to stock then re-root? What would be best solutions for me? Thanks in advance.
Edit: I am reading several threads and I do see same symptoms but no solutions were posted later. So I dont know what were done to fix it. I just don't what to do next at this point.
sharpeyedman said:
The 1st one that is asking for password is because you have not FORMATTED DATA
this is required for twrp to be able to read the entire phone as it was encrypted by lg.
FORMAT DATA OPTION requires you to type YES if you haven't done that it needs done,
after flash a stock rom and reboot. Usually 1st boot is 10-20 min wait time for it to setup.
This is covered on the main thread that it must be done to resolve.
If you get boot loops, put the device into fastboot ,
wipe /fota , /misc , /cache and /etc using
fastboot erase fota replace "fota" with each directory.
Furthermore, you can also wipe "system" and "data" also but you will have to flash rom again if you wipe those 2.
as well there has been some devices that wouldn't boot or booted 10x slower, and the resolution was to
push a alternate boot.img to the device that was not the engineering/debug image.
For the 2nd one, you've not provided enough info.
What software version are you on?
as well you may need to post in the root/unlock page for direct assistance to the process on this one.
.......
Click to expand...
Click to collapse
Team DevDigitel said:
sharpeyedman said:
The 1st one that is asking for password is because you have not FORMATTED DATA
this is required for twrp to be able to read the entire phone as it was encrypted by lg.
FORMAT DATA OPTION requires you to type YES if you haven't done that it needs done,
after flash a stock rom and reboot. Usually 1st boot is 10-20 min wait time for it to setup.
This is covered on the main thread that it must be done to resolve.
If you get boot loops, put the device into fastboot ,
wipe /fota , /misc , /cache and /etc using
fastboot erase fota replace "fota" with each directory.
Furthermore, you can also wipe "system" and "data" also but you will have to flash rom again if you wipe those 2.
as well there has been some devices that wouldn't boot or booted 10x slower, and the resolution was to
push a alternate boot.img to the device that was not the engineering/debug image.
For the 2nd one, you've not provided enough info.
What software version are you on?
as well you may need to post in the root/unlock page for direct assistance to the process on this one.
.......
Click to expand...
Click to collapse
Both are on 10d stock firmware. When I run getenforce then it prompts me with "enforcing". Instead of "permissive". Now when I ignore the prompt and proceed further, it later would not let me install new recovery or TWRP. So I cannot boot to customer recovery it TWRP. If I retry the procedures all over from the beginning then it would not run chmod 0777 *. It would say not granted or permitted. What should I do with the second phone? Thanks so much for your help.
Click to expand...
Click to collapse
sharpeyedman said:
Team DevDigitel said:
Both are on 10d stock firmware. When I run getenforce then it prompts me with "enforcing". Instead of "permissive". Now when I ignore the prompt and proceed further, it later would not let me install new recovery or TWRP. So I cannot boot to customer recovery it TWRP. If I retry the procedures all over from the beginning then it would not run chmod 0777 *. It would say not granted or permitted. What should I do with the second phone? Thanks so much for your help.
Click to expand...
Click to collapse
i dont know, post this one in other page
Click to expand...
Click to collapse
Related
Hi there...
I'm finally considering rooting, however all the guides lead to flashing a custom rom... but actually I don't want to flash a custom ROM, I want to keep everything as it is, with the difference that I (and preferably only I) can become super user on the shell when I need to do some changes (like fixing the stock widget bug in the internal database).
I've read this right now:
http://forum.xda-developers.com/showthread.php?t=724741
And they say I can flash this files called EngTools.zip
Does this also work on the Hero assuming the guide (PossibleGSMRoot or something... fromt he villainforum) works on my phone?
I don't even want to permanently have some kind of AmonRa blabla recovery boot image on my phone. If I need it while I get root that's fine, but I want to get rid of it afterwards. I really don't need root for any applications liek overclocking etc. etc. just for smaller dives into the files system and changes there via adb.
olafos said:
Hi there...
I'm finally considering rooting, however all the guides lead to flashing a custom rom... but actually I don't want to flash a custom ROM, I want to keep everything as it is, with the difference that I (and preferably only I) can become super user on the shell when I need to do some changes (like fixing the stock widget bug in the internal database).
I've read this right now:
http://forum.xda-developers.com/showthread.php?t=724741
And they say I can flash this files called EngTools.zip
Does this also work on the Hero assuming the guide (PossibleGSMRoot or something... fromt he villainforum) works on my phone?
I don't even want to permanently have some kind of AmonRa blabla recovery boot image on my phone. If I need it while I get root that's fine, but I want to get rid of it afterwards. I really don't need root for any applications liek overclocking etc. etc. just for smaller dives into the files system and changes there via adb.
Click to expand...
Click to collapse
Hmmm. If you are on 2.1, then you can use the GSM root i posted over at VR. The recovery needs to be flashed to the phone though, so you can flash zips to the phone from there.
As for your wish to get rid of the patched recovery afterwards, you're missing out a lot, but if you can find the stock recovery img file, you can simply flash that using
"flash_image recovery FilenameHero.img" via the phone's shell or adb (once rooted, presuming you added the flash_image binary).
As for that file, I don't know, as I've never checked if that will work on the hero.
I'd be inclined to say DON'T TRY IT, since it will contain a kernel, and flashing the wrong kernel can brick your device's radio, essentially ruining it.
But if you locate the correct files for the GSM hero, and package them similarly, you could flash that onto your phone via recovery
Bear in mind the stock HTC ROM is basically full on the system partition, so you might have issues actually fitting the files on.
I've been a lurker for some time here but just before I had thought about exactly the same issue as OP... I always wondered why there's no way to just get root access temporarily. Most people told me I'd have to flash a custom ROM.
So today I finally looked into the matter and based on your (anon2122) post on VillainROM and the Eris exploits etc. I managed to do exactly what I wanted... and thought it's time to get an account...
I only really needed root for the Stock app currency issue: [HTTP]://forum[DOT]xda-developers[DOT]com/showthread[DOT]php?t=719149 which I was now able to fix.
HTC Hero GSM soft root guide by ixampl
(... credits belong to / based on: [HTTP]://www[DOT]villainrom[DOT]co[DOT] uk/viewtopic[DOT]php?f=110&t=2096)
1 Flashing a custom recovery image
1.1 Backup (1)
Code:
adb shell mkdir /data/local/backup
adb shell cat /data/local/rights/mid.txt > /data/local/backup/mid.txt
1.2 Uploading custom recovery image and image flashing tool and setting correct permissions
Code:
adb push recovery-RA-hero-v1.6.2.img /data/local/
adb push flash_image /data/local/
adb shell chmod 777 /data/local/recovery-RA-hero-v1.6.2.img
adb shell chmod 777 /data/local/flash_image
1.3 Center piece of the permissions exploit for the recovery ROM
Code:
adb shell ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt
1.4 Normal reboot
Code:
adb reboot
1.5 Now that the recovery ROM (/dev/mtd/mtd1) is accessible: Backup (2)
Code:
adb shell cat /dev/mtd/mtd1 > /data/local/backup/recovery.img
1.6 Flashing the previously uploaded custom recovery image
Code:
adb shell /data/local/flash_image recovery /data/local/recovery.img
1.7 Rebooting into recovery mode
Code:
adb reboot recovery
2 Adding root shell (optional)
2.1 Mounting all devices
Code:
adb shell mount -a
2.2 Adding rootsh
Code:
adb shell cat /system/bin/sh > /system/bin/rootsh
adb shell chmod 4755 /system/bin/rootsh
2.3 Rebooting into system
Code:
adb reboot
After this you can flash the recovery.img you backed up in step 1.5 just as you flashed in step 1.6 (adjust the parameters accordingly).
ixampl said:
I've been a lurker for some time here but just before I had thought about exactly the same issue as OP... I always wondered why there's no way to just get root access temporarily. Most people told me I'd have to flash a custom ROM.
So today I finally looked into the matter and based on your (anon2122) post on VillainROM and the Eris exploits etc. I managed to do exactly what I wanted... and thought it's time to get an account...
I only really needed root for the Stock app currency issue: [HTTP]://forum[DOT]xda-developers[DOT]com/showthread[DOT]php?t=719149 which I was now able to fix.
HTC Hero GSM soft root guide by ixampl
(... credits belong to / based on: [HTTP]://www[DOT]villainrom[DOT]co[DOT] uk/viewtopic[DOT]php?f=110&t=2096)
1 Flashing a custom recovery image
1.1 Backup (1)
Code:
adb shell mkdir /data/local/backup
adb shell cat /data/local/rights/mid.txt > /data/local/backup/mid.txt
1.2 Uploading custom recovery image and image flashing tool and setting correct permissions
Code:
adb push recovery-RA-hero-v1.6.2.img /data/local/
adb push flash_image /data/local/
adb shell chmod 777 /data/local/recovery-RA-hero-v1.6.2.img
adb shell chmod 777 /data/local/flash_image
1.3 Center piece of the permissions exploit for the recovery ROM
Code:
adb shell ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt
1.4 Normal reboot
Code:
adb reboot
1.5 Now that the recovery ROM (/dev/mtd/mtd1) is accessible: Backup (2)
Code:
adb shell cat /dev/mtd/mtd1 > /data/local/backup/recovery.img
1.6 Flashing the previously uploaded custom recovery image
Code:
adb shell /data/local/flash_image recovery /data/local/recovery.img
1.7 Rebooting into recovery mode
Code:
adb reboot recovery
2 Adding root shell (optional)
2.1 Mounting all devices
Code:
adb shell mount -a
2.2 Adding rootsh
Code:
adb shell cat /system/bin/sh > /system/bin/rootsh
adb shell chmod 4755 /system/bin/rootsh
2.3 Rebooting into system
Code:
adb reboot
After this you can flash the recovery.img you backed up in step 1.5 just as you flashed in step 1.6 (adjust the parameters accordingly).
Click to expand...
Click to collapse
That is a nice method.
I've long thought about making something similar, so maybe today I'll try, as an idea has come back to me...
I am thinking that I can avoid the whole recovery flashing, though I'm not going to say the idea till I've thought it through, as someone might try it before I realise how stupid an idea it is...
But I'll certainly see if it can get permanent root sorted out on the phone, although it won't give root adb access, as that is defined in the boot.img, though I guess I could flash that while I'm at it...
Good work.
Thanks!
Yes, a method to (safely) acquire super user access without flashing anything would be highly appreciated There's a small risk involved with flashing. Granted it usually causes no issues, but there is the slight possibility of bricking your phone.
Good work.
Click to expand...
Click to collapse
Thanks, although - as you know - I really didn't do anything special there
[...] although it won't give root adb access [...]
Click to expand...
Click to collapse
Yes, that's a minor annoyance, but really minor ... for the currency fix I naturally couldn't do
Code:
adb pull /data/data/com.htc.dcs.service.stock/databases/stock.db stock.db
or
Code:
adb push stock.db /data/data/com.htc.dcs.service.stock/databases/stock.db
but it's not that hard to just work around that via /data/local:
Code:
adb shell
$ rootsh
# cat /data/data/com.htc.dcs.service.stock/databases/stock.db > data/local/stock.db
then pull from there etc.
I really think "rooting" is a misnomer for most of the current guides.
I can see that most people "root" their phone in order to get custom ROMs (and I have no issue with that, it's just too much overkill for someone who just wanted to fix a small bug ) but In fact most people don't care about rooting per se, they care about flashing a recovery image which enables them to flash custom ROMs.
I actually wanted to try:
Code:
adb shell ln -s /dev/mtd/mtd3 /data/local/rights/mid.txt
...and see what happens if I remount after boot. If it causes the system to follow back the link with user permissions for the recovery ROM, maybe the system ROM could be (write-)accessed as well. Then again, it was my first venture into rooting so naturally there would have been no way to fix a broken system image safe for reflashing the 1.5 RUU.
Do you have any details about what the original purpose of the (original) mid.txt was? I mean, it was there, sitting in a directory named rights... quite an invitation (of course, we didn't actually "set" rights in that file or anything for the exploit, but still...)
Is it safe to delete mid.txt and will it be recreated with some default values by the system?
Click to expand...
Click to collapse
Hi everyone, I am writing this post because there is currently no information on rooting the Telstra specified Motorola Xoom from the Stock 3.1 and still keeping 3G (the latest 3.1 update, not the problematic one). Since I don't have enough post to be able to write in Development section, I just write it over here and I take no credit for this.
With this root, you don't have to flash any custom recovery at all.
1/. Ensure that you have the Motorola Xoom STOCK 3.1, N_01.83.35P, H.6.3-25-5 or you can move back to stock, flash everyback from
developer.motorola.com/products/software/MZ601_H.6.1-38-9_Telstra_Australia.zip/
and receive the official OTA update.
2/. Ensure that you have already UNLOCKED your Motorola Xoom bootloader. This will wipe your device out so be very careful.
3/. Download the attachment file to this thread, which contain the new unsecured boot, su and superuser.apk file
4/. Enable USB Debugging on your Xoom
5/. Open command prompt, write the following code:
Code:
adb reboot bootloader
6/. Now your AU Xoom will reboot, continue to type this:
Code:
fastboot flash boot newtelstraboot.img
fastboot reboot
7/. Wait for your AU Xoom to reboot to HC. Open your command prompt, type this:
Code:
adb remount
adb shell su /system/bin
adb shell ln –s /system/bin/su /system/xbin/su
adb shell chmod 4755 /system/bin/su
adb push Superuser.apk /system/app
Now you got root on your Australian Xoom from Telstra with working 3G.
Cheers
Screenshots:
img638.imageshack.us/img638/1516/screenshot1ew.png
img21.imageshack.us/img21/1907/screenshot2ck.png
Shouldn't be Step 7 more like ->
Step 6
Code:
fastboot flash boot newtelstraboot.img
fastboot reboot
Step 7
Code:
adb remount
adb push su /system/bin/su
adb shell chmod 4755 /system/bin/su
adb shell ln -s /system/bin/su /system/xbin/su
adb push Superuser.apk /system/app/
adb reboot
BTW: it should be called Non-US Xoom instead of AU Xoom
Oh, thks,
There are something I want to say though:
First, I don't think you should really need a reboot at the end of step 7. It works for me without the need to reboot.
Secondly, I'm not quite sure if my procedure works with other non-AU xoom. I have just been able to test on 3 Australian Telstra Xooms. At least they all work!
However, I'm new so I am willing to learn from you all. Thanks.
--- I posted to general by accident, meant to do Q&A, but don't have permission to delete as a new user. --
--- Please see the question in Q&A ---
Greetings,
I'm new here, and can't get over to the developers forums to ask. I have two GT-I9500s for development purposes, one if full of junk, and the other is still stock, except for recovery. They both have CWM Recovery v6.0.3.2, the latest available pre-compiled I've found. The stock phone has only been booted once. That system is not rooted (and this is my whole point, I want as close to stock as possible)
I am attempting to extract the system image from Stock I9500. I have booted into CWM Recovery mode, then "adb shell" into the device. All commands I issue to the shell return "Permission Denied"
Code:
:$ adb shell
~ $ ls
/sbin/sh: ls: Permission denied
~ $ dd of=/storage/extSdCard/SYSTEM.img if=/dev/block/mmcblk0p20 bs=4069
/sbin/sh: dd: Permission denied
~ $ su
/sbin/sh: su: Permission denied
~ $ sudo su
/sbin/sh: sudo: Permission denied
I have tried to use Advanced->Fix Permissions to no avail.
CWM is pure and latest from www dot clockworkmod dot com slash rommanager (new users apparently cannot post links). CWM is able successfully operate "Backup to External" from the stock device.
The end goal is to clone the clean, stock device onto the other one. CWM claims success on "Restore from External" to the other device, but it sits on the "Samsung" loading screen forever.
A solution to either or both of these problems would be appreciated.
-MM
same issue
I have the same issue. I first also didn't adb shell available. But I fixed it in recovery mode by doing mount /system. However, now like you I have no permissions at all. I'm considering doing a factory reset, but that's gonna be my final resort. I first go looking for other ways to come around it.
ansjovis86 said:
I have the same issue. I first also didn't adb shell available. But I fixed it in recovery mode by doing mount /system. However, now like you I have no permissions at all. I'm considering doing a factory reset, but that's gonna be my final resort. I first go looking for other ways to come around it.
Click to expand...
Click to collapse
You need to allow your pc first to use adb. Boot into android, use adb and press allow. After that you can use adb in recovery. If it still fails, then try a different recovery. Philz or TWRP.
Ok, so I got TWRP on the phone then I used Flash Fire to try and get Android 7 while maintaining custom recovery (and even was supposed to inject SuperSU. It went and did it's thing and on boot I saw SuperSU on phone so I thought hey I am good sweet. HA, Well open it and it said can't find binary, ut oh. I go to manually boot recovery and it wipes user data instead so I lost TWRP.
Well Ok, I thought. Let me LG UP the modified TOT and select refurb to just get me back to Marshmellow with TWRP and try again. YEAH RIGHT. Looks like the Android 7 update blows another qfuse and now LG UP just states anti rollback version is smaller than installed.
I WANT ROOT I PAID FOR THIS THING IN FULL WHY IS IT SOO HARD FOR MANUFACTURERS TO ALLOW ME ACCESS TO MY OWN HARDWARE. When I buy a computer with an OS they don't give me a user only level account and tell me it is for my own good. They allow me to do whatever I WANT because you know why I BOUGHT THE HARDWARE IN FULL AND the supreme court has said no subsidy locks allowed as when a user buys a device it is theirs not yours. I feel this is another version of a subsidy lock at the rate we are going and I can't wait until someone with the time and money sues an OEM and wins us the right to not jump through all these damn hoops to be allowed to do what we wish with the hardware we buy IN FULL NOW.
Ok, rant over, Anyone out there know of a way to root android 7 on the H830? I dunno if a dev could maybe mod up a 20a image so that we can LGUP it to the H830s that have Android 7 and need root.
@RealPariah here ya go follow this Thanks to @godfather123189 for finding these instructions:
i can confirm dirtycow worked for me to reflash twrp. you have to make sure to have the newest version of twrp.img. i was also able to root 20a with the newest supersu.zip.
i will try going back to 10j nandroid i had made before i upgraded to 20a
download all the files from here:
https://build.nethunter.com/android-tools/dirtycow/arm64/
and follow these instructions:
**pushing files**
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb push twrp.img /sdcard/twrp.img
**end pushing files**
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
5) ./dirtycow /system/bin/app_process64 recowvery-app_process64
"<wait for completion, your phone will look like it's crashing>"
6) exit
7) adb logcat -s recowvery
"<wait for it to tell you it was successful>"
8) CTRL+C
9) adb shell reboot recovery
"<wait for phone to boot up again, your recovery will be reflashed to stock>"
10) adb shell
11) getenforce
"<it should say Permissive, adjust source and build for your device!>"
12) cd /data/local/tmp
13) ./dirtycow /system/bin/run-as recowvery-run-as
14) run-as exec ./recowvery-applypatch boot
"<wait for it to flash your boot image this time>"
15) run-as su
16) dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
Well you arent alone. And I agree , I fully own my device and I think I should be able to do what ever the living F*&% I want with it .
Its only a question of time though,these guys are the best there are at cracking through companies 'efforts at locking us out of our own shiznat....in the meantime setup the stuff you can without ROOT (no Titanium Backup....*sniff) LOL.
Before long we'll wake up and see TWRP attached to the ROM like before and all will be well. Cheers
OK after 2 days of attempting this without even wrapping my head around the idea of how to access /data/local/temp without being rooted to begin with I hereby surrender :crying:
Thanks for posting this for dayum sure, I only wish I was a more proficient SDK user as to be able to utilize it.
I mean Im fully versed in the very basics of Fastboot/ADB as a long time Nexus user.Push,pull flashing recoveries and the other relatively easy stuff.But I cant get this worth a crap .....
Thanks guys
Jonathanpeyton said:
OK after 2 days of attempting this without even wrapping my head around the idea of how to access /data/local/temp without being rooted to begin with I hereby surrender :crying:
Thanks for posting this for dayum sure, I only wish I was a more proficient SDK user as to be able to utilize it.
I mean Im fully versed in the very basics of Fastboot/ADB as a long time Nexus user.Push,pull flashing recoveries and the other relatively easy stuff.But I cant get this worth a crap .....
Thanks guys
Click to expand...
Click to collapse
I struggled with it at first I would be glad to assist I'm not at home but when I get home and can access my desktop I would be glad to try to explain it better.
---------- Post added at 06:45 AM ---------- Previous post was at 06:12 AM ----------
Jonathanpeyton said:
OK after 2 days of attempting this without even wrapping my head around the idea of how to access /data/local/temp without being rooted to begin with I hereby surrender :crying:
Thanks for posting this for dayum sure, I only wish I was a more proficient SDK user as to be able to utilize it.
I mean Im fully versed in the very basics of Fastboot/ADB as a long time Nexus user.Push,pull flashing recoveries and the other relatively easy stuff.But I cant get this worth a crap .....
Thanks guys
Click to expand...
Click to collapse
OK here goes my best attempt at explaining it, you need to have your phone turned on with Android debugging turned on as well plug your phone into the pc and then accept the request from adb to access the device. Then start running the adb commands starting with the ones under ***pushing files*** then start following the steps 1-16. Let me know if you have any more questions or something you don't understand. Hopefully this was helpful. P.S. I also had all of the downloaded files inside my adb folder and opened the command window from that folder.
shaneg79 said:
@RealPariah here ya go follow this Thanks to @godfather123189 for finding these instructions:
i can confirm dirtycow worked for me to reflash twrp. you have to make sure to have the newest version of twrp.img. i was also able to root 20a with the newest supersu.zip.
i will try going back to 10j nandroid i had made before i upgraded to 20a
download all the files from here:
https://build.nethunter.com/android-tools/dirtycow/arm64/
and follow these instructions:
**pushing files**
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb push twrp.img /sdcard/twrp.img
**end pushing files**
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
5) ./dirtycow /system/bin/app_process64 recowvery-app_process64
"<wait for completion, your phone will look like it's crashing>"
6) exit
7) adb logcat -s recowvery
"<wait for it to tell you it was successful>"
8) CTRL+C
9) adb shell reboot recovery
"<wait for phone to boot up again, your recovery will be reflashed to stock>"
10) adb shell
11) getenforce
"<it should say Permissive, adjust source and build for your device!>"
12) cd /data/local/tmp
13) ./dirtycow /system/bin/run-as recowvery-run-as
14) run-as exec ./recowvery-applypatch boot
"<wait for it to flash your boot image this time>"
15) run-as su
16) dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
Click to expand...
Click to collapse
This worked great! Thank you! After TWRP was flashed via steps above I just followed the video I linked below from the 8:20 mark and formatted data and then flashed dmverify encrypt and super su (both downloads in vid) and now I'm back to rooted on 7.0 nougat with TWRP and supersu!
Go dirtycow!
Thank you shaneG79 and Genardas this made all the difference!
so An Instruction List ,a Thoughtfully Worded Explanation and You Tube Video are worth a 1000 words
shaneg79 said:
I struggled with it at first I would be glad to assist I'm not at home but when I get home and can access my desktop I would be glad to try to explain it better.
---------- Post added at 06:45 AM ---------- Previous post was at 06:12 AM ----------
OK here goes my best attempt at explaining it, you need to have your phone turned on with Android debugging turned on as well plug your phone into the pc and then accept the request from adb to access the device. Then start running the adb commands starting with the ones under ***pushing files*** then start following the steps 1-16. Let me know if you have any more questions or something you don't understand. Hopefully this was helpful. P.S. I also had all of the downloaded files inside my adb folder and opened the command window from that folder.
Click to expand...
Click to collapse
Any Idea why Im still getting a "permission denied" affter my chmod 0777* here?
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
that seems to throw it all out of wack..
Jonathanpeyton said:
Any Idea why Im still getting a "permission denied" affter my chmod 0777* here?
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
that seems to throw it all out of wack..
Click to expand...
Click to collapse
I think there may be a space between the last 7 and the * I can't be sure though because I copy and pasted it into the adb window
shaneg79 said:
I think there may be a space between the last 7 and the * I can't be sure though because I copy and pasted it into the adb window
Click to expand...
Click to collapse
I think you may be right,and as I am copy pasting now Ive been been able to get past it.
I still was able to get root last night with it but was denied access to data in the end so I had to go back.Thank you!
when you finally get to "adb shell reboot recovery" did yours boot to the Firmware Update page? or to something else....mine repeatedly goes to Firmware update then of course isnt seen by adb anymore and no recovery is ever flashed I dont think..
Jonathanpeyton said:
when you finally get to "adb shell reboot recovery" did yours boot to the Firmware Update page? or to something else....mine repeatedly goes to Firmware update then of course isnt seen by adb anymore and no recovery is ever flashed I dont think..
Click to expand...
Click to collapse
No mine rebooted and I finished the rest of the steps I would try going through the steps again and copy and paste everything into adb window. I think in order for twrp to be flashed you have to finish all 16 steps.
shaneg79 said:
No mine rebooted and I finished the rest of the steps I would try going through the steps again and copy and paste everything into adb window. I think in order for twrp to be flashed you have to finish all 16 steps.
Click to expand...
Click to collapse
Roger will do thank you!
nah its no good.No matter what it will only go to that Firmware page.All the commands are correct.It must be something in my setup itself.
I had wondererd am I supposed to leave the cable in for the entirety of the 16 steps (which I have done)?
Jonathanpeyton said:
nah its no good.No matter what it will only go to that Firmware page.All the commands are correct.It must be something in my setup itself.
I had wondererd am I supposed to leave the cable in for the entirety of the 16 steps (which I have done)?
Click to expand...
Click to collapse
Yes I did, you might try using lg up and reflashing 20a and then trying again.
OK I went full on fresh as possible all installs.
Uninstalled reinstalled all drivers/ utils (Uppercut,LGUP ect.)
Copied all instructions to a separate file to ease copying
all before taking your advice (which I thought sounded like the right direction to go) and reflashing 20a.KMZ in LGUP.
Still the result is the same,step 9 (reboot to recovery) leads only to the Firmware Update screen ~~~~~> https://drive.google.com/open?id=0B03a0JRwWhkwX1RQdmlSRmh5c0U AND https://drive.google.com/open?id=0B03a0JRwWhkwT0lMNEViNGIxWkE
Also I want to mention, when I try to directly copy the chmod as is (0777 *) I get a permission denied so Ive been changing it to 0777* (no space between the asterisk [regex] and the last 7) which seems to work as I am able to continue entering code....
man and I thought Samsung devices were a pain to root lol.
Thanks so much for all the help so far Im usually not this much trouble....
Jonathanpeyton said:
OK I went full on fresh as possible all installs.
Uninstalled reinstalled all drivers/ utils (Uppercut,LGUP ect.)
Copied all instructions to a separate file to ease copying
all before taking your advice (which I thought sounded like the right direction to go) and reflashing 20a.KMZ in LGUP.
Still the result is the same,step 9 (reboot to recovery) leads only to the Firmware Update screen ~~~~~> https://drive.google.com/open?id=0B03a0JRwWhkwX1RQdmlSRmh5c0U AND https://drive.google.com/open?id=0B03a0JRwWhkwT0lMNEViNGIxWkE
Also I want to mention, when I try to directly copy the chmod as is (0777 *) I get a permission denied so Ive been changing it to 0777* (no space between the asterisk [regex] and the last 7) which seems to work as I am able to continue entering code....
man and I thought Samsung devices were a pain to root lol.
Thanks so much for all the help so far Im usually not this much trouble....
Click to expand...
Click to collapse
You're not being any trouble I just wish I knew why yours isn't working correctly
ok update..... I used the devices internal settings to do a factory reset then reinstalled 20a.THAT made it to where I am now able to grant the proper permissions to /data/local/tmp.However,I still wind up at the Firmware Update page after >adb shell reboot recovery instead of the recovery screen or just a reboot....but I guess its small progress.
shaneg79 said:
@RealPariah here ya go follow this Thanks to @godfather123189 for finding these instructions:
i can confirm dirtycow worked for me to reflash twrp. you have to make sure to have the newest version of twrp.img. i was also able to root 20a with the newest supersu.zip.
i will try going back to 10j nandroid i had made before i upgraded to 20a
download all the files from here:
https://build.nethunter.com/android-tools/dirtycow/arm64/
and follow these instructions:
**pushing files**
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb push twrp.img /sdcard/twrp.img
**end pushing files**
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
5) ./dirtycow /system/bin/app_process64 recowvery-app_process64
"<wait for completion, your phone will look like it's crashing>"
6) exit
7) adb logcat -s recowvery
"<wait for it to tell you it was successful>"
8) CTRL+C
9) adb shell reboot recovery
"<wait for phone to boot up again, your recovery will be reflashed to stock>"
10) adb shell
11) getenforce
"<it should say Permissive, adjust source and build for your device!>"
12) cd /data/local/tmp
13) ./dirtycow /system/bin/run-as recowvery-run-as
14) run-as exec ./recowvery-applypatch boot
"<wait for it to flash your boot image this time>"
15) run-as su
16) dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
Click to expand...
Click to collapse
Thank you so much... And whom ever is behind this I anyway... One word... Genius... Simply Genius.. Well that was 2 words
Accidental double post see next post, my bad...
Accidental double post
As title says... Just found out about H91810p will make the phone unrootable which is something im planning later on. Sadly the update is scheduled for next restart.
Anything i can do to prevent that?
TempezT said:
As title says... Just found out about H91810p will make the phone unrootable which is something im planning later on. Sadly the update is scheduled for next restart.
Anything i can do to prevent that?
Click to expand...
Click to collapse
if you're rooted, go to /cache and rename update.zip to something else. then create a zero length file using the name update.zip. lastly set the permissions on that file to read only
Here since your on TMO, I compiled this for a buddy of mine through various sources (links provided) on the whole procedure start to finish. Might as well paste it for ya. Props to all original authors, etc...
I just did this on mine, same model, on firmware 10j. If your not on that or i step one will be to flash to the appropriate version. I didnt include that in my notes as myself and my buddy were both on 10j. But theres plenty of threads for that. if your on that, continue on:
Also if you are already flashed and rooted, jump to step #8 for the info regarding OTAs...
====================================================
Specifically for T-Mobile LG V20 H918
Firmware(s) 10I & 10J
====================================================
BOOTLOADER
SOURCES:
*** https://forum.xda-developers.com/v20/how-to/guide-unlock-bootloader-t3488878
*** https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594/page2
*** https://forum.xda-developers.com/showpost.php?p=69897433&postcount=1060
*** https://forum.xda-developers.com/pi...e-pixel-xl-t3466185/post69239012#post69239012
====================================================
Warning: This will delete all your data. You'll also see a large warning every time you turn on the device (attached), this disappears in less than a second.
*Turn on developer mode:
Settings -> About device -> Software info -> Build number. (tap 7 times until it's enabled)
*Turn on OEM unlock and USB debugging:
Settings -> Developer options -> OEM unlock & USB Debugging. (turn it on)
Don't ever turn OEM unlock or Developer options off when using a custom ROM or recovery. This could lose to loss of all your data.
*Install LG drivers
WIN:
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00120120425
MAC:
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00320110909
You will also need adb and fastboot. You can download them in a portable small form factor here:
http://forum.xda-developers.com/android/software/host-tools-t3402497
You may need to get an additional .dll for adb to work, if so you can pull it from the pixel add compilation here:
https://xenserver.underpants-gnomes.biz/~romracer/fastboot_adb_pixel.zip
*In Terminal navigate to ADB root:
Type
Code:
adb devices
and authorize your computer on the phone
Type
Code:
adb reboot bootloader
Type
Code:
fastboot devices
and make sure your phone shows up
Type
Code:
fastboot oem unlock
Type
Code:
fastboot getvar all
Should say (bootloader) unlocked:yes
Type
Code:
fastboot reboot
====================================================
TWRP & ROOT:
SOURCES:
http://www.droidviews.com/install-twrp-root-t-mobile-lg-v20/
https://forum.xda-developers.com/v20/how-to/instruction-to-root-h918-10i-t3536472
https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594
https://build.nethunter.com/android-tools/dirtycow/arm64/
https://github.com/jcadduono/android_external_dirtycow#running
https://build.nethunter.com/test-builds/twrp/lge/twrp-3.0.2-1-h918.img
https://download.chainfire.eu/supersu
====================================================
*Prerequisites:
Your LG driver must be up to date. You can have problems with USB 3.1 if so grab latest drivers.
ADB installed, put all 4 recowvery files into the folder:
https://build.nethunter.com/android-tools/dirtycow/arm64/
Download the TWRP “twrp-3.0.2-1-h918” image:
https://build.nethunter.com/test-builds/twrp/lge/twrp-3.0.2-1-h918.img
Rename TWRP file to twrp.img and put it into internal storage (sdcard)
Download SuperSU:
https://download.chainfire.eu/supersu
Copy SuperSU onto external memory card (or keep in root of adb, and you could push it back, after formating).
You must be on a 100% stock ROM. Rooted or not.
USB Debugging & OEM unlock allowed in Developer Settings
Bootloader unlocked
Make sure all security/locks are off. No pins, fingerprint, etc…
Steps:
1. Plug your phone to your host computer. Make sure it's in MTP mode.
2. Open your command prompt:
Code:
cd\
cd (right click your mouse and paste the ADB platform-tools address, if using portable pack, where you put the adb folder)
Code:
adb devices
This will show your connected phone
3. Enter the following prompt: (you can simply highlight, copy, right click on command prompt and choose paste):
Code:
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb shell
cd /data/local/tmp
chmod 0777 *
./dirtycow /system/bin/applypatch recowvery-applypatch
* On ADB shell mode, you should see $ on the front. Wait for few…
Code:
./dirtycow /system/bin/app_process64 recowvery-app_process64
* Your phone screen may look weird. Wait for another few minutes. Once finished exit.
Code:
exit
4. Type:
Code:
adb logcat -s recowvery
You should see a lot of lines comes across your screen.
Once you see the ASCII box with the message about giving jcadduomo a hug you can press CTRL+C to exit logcat.
Reboot to the stock recovery:
Code:
adb shell reboot recovery
Restart a session:
Code:
adb shell
You will see a $ sign. Now to check…
Code:
getenforce
It should show Permissive. Thanks Dirty COW!!!
5. Temp Root. Lets patch the boot image:
Code:
cd /data/local/tmp
./dirtycow /system/bin/run-as recowvery-run-as
run-as exec ./recowvery-applypatch boot
Lets run as root
Code:
run-as su
You should have a #, indicating you have root. Ahh my little nix…
6. Flash TWRP
Code:
dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
exit
reboot recovery
The phone should have flashed TWRP and rebooted into recovery.
7. TWRP:
In TWRP swipe to allow modifications. Or TWRP will be replaced next boot!
To disable any encryption perform the factory reset, and the Format Data options.
Install SuperSU from the external SD location.
If you didn’t do a full wipe and reset, you probably want to wipe cache and dalvik.
Reboot to system.
8. Stop them OTA updates!!!
====================================================
https://forum.xda-developers.com/showpost.php?p=72463487&postcount=4237
https://forum.xda-developers.com/showpost.php?p=70795926&postcount=5
====================================================
Open up your dialer interface and type in 277634#*#
This will bring up a hidden menu and then select Wi-Fi test and then select OTA then select disable.
After that you will have to kill the hidden menu and you shouldn't be seeing the annoying OTA icon in your status bar anymore.
In file manager (root browser):
Rename otacerts.zip in /system/etc/security to otacerts.bak.
The full update is found in the cache partition called update.zip.
Move (or delete) the update.zip file from /cache directory (I put it on the sd card).
** dimm0k's method there seems to achieve a similar result, cant hurt to add the step of creating a zero length file after deleting/moving update.zip. I hadnt seen it, thus never did that but I havent had any OTA activity in a few days on mine.
Also in titanium backup (buy it already if you haven’t lol), freeze:
FOTA Update 7.0
Update Center 5.30.12
(I also disabled the com.lge.updatecenter.xxx overlay and themes, cuz whatever... lol)
Reboot and swipe away the notification if its still there. Should have stopped by this point.
======================
There ya go, good luck!
Damn I dont have a computer in hand. Guess i have to wait until im back home in October. Cross fingers this thing don't restart cause that freaking patch is already scheduled.
MDMAchine said:
Here since your on TMO, I compiled this for a buddy of mine through various sources (links provided) on the whole procedure start to finish. Might as well paste it for ya. Props to all original authors, etc...
I just did this on mine, same model, on firmware 10j. If your not on that or i step one will be to flash to the appropriate version. I didnt include that in my notes as myself and my buddy were both on 10j. But theres plenty of threads for that. if your on that, continue on:
Also if you are already flashed and rooted, jump to step #8 for the info regarding OTAs...
====================================================
Specifically for T-Mobile LG V20 H918
Firmware(s) 10I & 10J
====================================================
BOOTLOADER
SOURCES:
*** https://forum.xda-developers.com/v20/how-to/guide-unlock-bootloader-t3488878
*** https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594/page2
*** https://forum.xda-developers.com/showpost.php?p=69897433&postcount=1060
*** https://forum.xda-developers.com/pi...e-pixel-xl-t3466185/post69239012#post69239012
====================================================
Warning: This will delete all your data. You'll also see a large warning every time you turn on the device (attached), this disappears in less than a second.
*Turn on developer mode:
Settings -> About device -> Software info -> Build number. (tap 7 times until it's enabled)
*Turn on OEM unlock and USB debugging:
Settings -> Developer options -> OEM unlock & USB Debugging. (turn it on)
Don't ever turn OEM unlock or Developer options off when using a custom ROM or recovery. This could lose to loss of all your data.
*Install LG drivers
WIN:
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00120120425
MAC:
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00320110909
You will also need adb and fastboot. You can download them in a portable small form factor here:
http://forum.xda-developers.com/android/software/host-tools-t3402497
You may need to get an additional .dll for adb to work, if so you can pull it from the pixel add compilation here:
https://xenserver.underpants-gnomes.biz/~romracer/fastboot_adb_pixel.zip
*In Terminal navigate to ADB root:
Type
Code:
adb devices
and authorize your computer on the phone
Type
Code:
adb reboot bootloader
Type
Code:
fastboot devices
and make sure your phone shows up
Type
Code:
fastboot oem unlock
Type
Code:
fastboot getvar all
Should say (bootloader) unlocked:yes
Type
Code:
fastboot reboot
====================================================
TWRP & ROOT:
SOURCES:
http://www.droidviews.com/install-twrp-root-t-mobile-lg-v20/
https://forum.xda-developers.com/v20/how-to/instruction-to-root-h918-10i-t3536472
https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594
https://build.nethunter.com/android-tools/dirtycow/arm64/
https://github.com/jcadduono/android_external_dirtycow#running
https://build.nethunter.com/test-builds/twrp/lge/twrp-3.0.2-1-h918.img
https://download.chainfire.eu/supersu
====================================================
*Prerequisites:
Your LG driver must be up to date. You can have problems with USB 3.1 if so grab latest drivers.
ADB installed, put all 4 recowvery files into the folder:
https://build.nethunter.com/android-tools/dirtycow/arm64/
Download the TWRP “twrp-3.0.2-1-h918” image:
https://build.nethunter.com/test-builds/twrp/lge/twrp-3.0.2-1-h918.img
Rename TWRP file to twrp.img and put it into internal storage (sdcard)
Download SuperSU:
https://download.chainfire.eu/supersu
Copy SuperSU onto external memory card (or keep in root of adb, and you could push it back, after formating).
You must be on a 100% stock ROM. Rooted or not.
USB Debugging & OEM unlock allowed in Developer Settings
Bootloader unlocked
Make sure all security/locks are off. No pins, fingerprint, etc…
Steps:
1. Plug your phone to your host computer. Make sure it's in MTP mode.
2. Open your command prompt:
Code:
cd\
cd (right click your mouse and paste the ADB platform-tools address, if using portable pack, where you put the adb folder)
Code:
adb devices
This will show your connected phone
3. Enter the following prompt: (you can simply highlight, copy, right click on command prompt and choose paste):
Code:
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb shell
cd /data/local/tmp
chmod 0777 *
./dirtycow /system/bin/applypatch recowvery-applypatch
* On ADB shell mode, you should see $ on the front. Wait for few…
Code:
./dirtycow /system/bin/app_process64 recowvery-app_process64
* Your phone screen may look weird. Wait for another few minutes. Once finished exit.
Code:
exit
4. Type:
Code:
adb logcat -s recowvery
You should see a lot of lines comes across your screen.
Once you see the ASCII box with the message about giving jcadduomo a hug you can press CTRL+C to exit logcat.
Reboot to the stock recovery:
Code:
adb shell reboot recovery
Restart a session:
Code:
adb shell
You will see a $ sign. Now to check…
Code:
getenforce
It should show Permissive. Thanks Dirty COW!!!
5. Temp Root. Lets patch the boot image:
Code:
cd /data/local/tmp
./dirtycow /system/bin/run-as recowvery-run-as
run-as exec ./recowvery-applypatch boot
Lets run as root
Code:
run-as su
You should have a #, indicating you have root. Ahh my little nix…
6. Flash TWRP
Code:
dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
exit
reboot recovery
The phone should have flashed TWRP and rebooted into recovery.
7. TWRP:
In TWRP swipe to allow modifications. Or TWRP will be replaced next boot!
To disable any encryption perform the factory reset, and the Format Data options.
Install SuperSU from the external SD location.
If you didn’t do a full wipe and reset, you probably want to wipe cache and dalvik.
Reboot to system.
8. Stop them OTA updates!!!
====================================================
https://forum.xda-developers.com/showpost.php?p=72463487&postcount=4237
https://forum.xda-developers.com/showpost.php?p=70795926&postcount=5
====================================================
Open up your dialer interface and type in 277634#*#
This will bring up a hidden menu and then select Wi-Fi test and then select OTA then select disable.
After that you will have to kill the hidden menu and you shouldn't be seeing the annoying OTA icon in your status bar anymore.
In file manager (root browser):
Rename otacerts.zip in /system/etc/security to otacerts.bak.
The full update is found in the cache partition called update.zip.
Move (or delete) the update.zip file from /cache directory (I put it on the sd card).
** dimm0k's method there seems to achieve a similar result, cant hurt to add the step of creating a zero length file after deleting/moving update.zip. I hadnt seen it, thus never did that but I havent had any OTA activity in a few days on mine.
Also in titanium backup (buy it already if you haven’t lol), freeze:
FOTA Update 7.0
Update Center 5.30.12
(I also disabled the com.lge.updatecenter.xxx overlay and themes, cuz whatever... lol)
Reboot and swipe away the notification if its still there. Should have stopped by this point.
======================
There ya go, good luck!
Click to expand...
Click to collapse
Okay someone in my base lend his laptop but its low end(sony viao core2 duo) dunno how well this work for flashing purposes, also I wanted to point before doing the process that my phone was unlocked permanently by tmobile unlock app and wanted to know if this can affect the unlocking or any other function of my v20.
Following those instructions to root will not gid rid of your carrier unlock.
You might be able to go to Settings>>Storage and delete Cached data.
Zacharee1 said:
You might be able to go to Settings>>Storage and delete Cached data.
Click to expand...
Click to collapse
Thank you! Now my other concern is that Im paying Jump! and root would void the warranty so I dont know if I should go ahead and do it regardless cause that silly update is already scheduled.
TempezT said:
Thank you! Now my other concern is that Im paying Jump! and root would void the warranty so I dont know if I should go ahead and do it regardless cause that silly update is already scheduled.
Click to expand...
Click to collapse
You can always restore to stock with the H918. Backup and root.
Zacharee1 said:
You can always restore to stock with the H918. Backup and root.
Click to expand...
Click to collapse
Thanks!
The issue Im having now is that I cant find how to root H91810k which is the current version my phone has besides the schedule update. Any info on that?
You have to find the KDZ for 10d and flash it with LGUP. Then you can use EasyRecowvery to root.
Flashing KDZs will wipe your data, so use LG Bridge to make a backup.
MDMAchine said:
Here since your on TMO, I compiled this for a buddy of mine through various sources (links provided) on the whole procedure start to finish. Might as well paste it for ya. Props to all original authors, etc...
I just did this on mine, same model, on firmware 10j. If your not on that or i step one will be to flash to the appropriate version. I didnt include that in my notes as myself and my buddy were both on 10j. But theres plenty of threads for that. if your on that, continue on.......
Click to expand...
Click to collapse
This is awesome! Thank you!!! You may want to make this its own post it's so helpful. Thanks again!!!!!!!!!
wewantutopia said:
This is awesome! Thank you!!! You may want to make this its own post it's so helpful. Thanks again!!!!!!!!!
Click to expand...
Click to collapse
No problem! Glad it helped, I will probably update the post a bit, and then I'll re-post it to its own thread in a few days. As I noticed this section is a bit disorganized...
MDMAchine said:
8. Stop them OTA updates!!!
====================================================
https://forum.xda-developers.com/showpost.php?p=72463487&postcount=4237
https://forum.xda-developers.com/showpost.php?p=70795926&postcount=5
====================================================
Open up your dialer interface and type in 277634#*#
This will bring up a hidden menu and then select Wi-Fi test and then select OTA then select disable.
After that you will have to kill the hidden menu and you shouldn't be seeing the annoying OTA icon in your status bar anymore.
In file manager (root browser):
Rename otacerts.zip in /system/etc/security to otacerts.bak.
The full update is found in the cache partition called update.zip.
Move (or delete) the update.zip file from /cache directory (I put it on the sd card).
** dimm0k's method there seems to achieve a similar result, cant hurt to add the step of creating a zero length file after deleting/moving update.zip. I hadnt seen it, thus never did that but I havent had any OTA activity in a few days on mine.
Click to expand...
Click to collapse
just wanted to add that SOMETIMES the update.zip is not in /cache. had this happen to me when I had the LGV10 and it just happened to me now. I had recently wiped my device to start from scratch and after initially setting up my device I got the update icon and indeed /cache/update.zip existed. a few reboots later for various reasons the update icon/notification disappeared, as did /cache/update.zip. I thought I was in the clear until last night when I got the update icon/notification again, but this time it was not in /cache. it somehow changed to /data/data/com.google.android.gms/app_download. so if you can't find it in /cache, look there!