Database Users

LG V20 US996 is it safe to flash Twrp and Magisk

So I unlocked the bootloader via LG developer.
Now on boot I get "Your device software cannot be checked for corruption. Lock the bootloader" on boot up which makes in impossible to get into recovery using the power and volume down buttons. I can still get into recover using the volume down button and plugging the phone into the pc with the usb cable. My question is, it safe to continue to flash twrp and magisk while only having access to recover this way. US99610f.

Yes
-- Brian

Is there a way to get rid of the bootloader unlocked message?

Short answer -- no.
Long answer, get the source code for aboot, edit it so it doesn't show, recompile, and then get LG or you carrier to sign it with their RSA cert.
The whole idea behind showing that message is that you will know that your phone could have been compromised. It would be nice if they added another option like: fastboot oem warn off
-- Brian

runningnak3d said:
Short answer -- no.
Long answer, get the source code for aboot, edit it so it doesn't show, recompile, and then get LG or you carrier to sign it with their RSA cert.
The whole idea behind showing that message is that you will know that your phone could have been compromised. It would be nice if they added another option like: fastboot oem warn off
-- Brian
Click to expand...
Click to collapse
Just recently picked up the US996 V20 and have unlocked the BL. Could you please confirm the latest TWRP img. for this phone.. is there a 3.1.1 version? Or, is the 3.0.2 the latest official? Also, after fastboot flashing twrp, specifically for the V20 can Magisk be flashed via twrp as usual? Assuming Magisk 14 is ok?

Well I've built 3.2.1 myself (only the fact I don't post much here has kept me for opening a proper thread) https://www.androidfilehost.com/?fid=745849072291694575 haven't actually tested a backup and restore with it yet, but everything seems to be working, done a few flashes of magisk opengapps, lineage and stock with it. been using magisk 14.5 beta with out issues

[ROOT] H872 (up to and including 20g)

WARNING​
DO NOT LET YOUR PHONE REBOOT, OR POWER OFF UNTIL I TELL YOU THAT IS WHAT YOU NEED TO DO.
If you do, I am not sure what shape your phone will be in.
This should go without saying, but you MUST have your bootloader unlocked (check OEM UNLOCK in developer options AND fastboot oem unlock). If you don't, you will probably brick your phone.
If you use this on any model G6 besides the H872, you will be stuck in a bootloop, and you will not be able to fix it since you will have wiped out download mode!
This is safe if no mistakes are made (typos, missing a step, etc). However, if you do mess up, the risk is high that you lose download mode at best, or brick your phone at worst.
If you deviate from this procedure, and think: "I can just skip a step, or I can do this on my own Linux install". Don't complain if you brick your phone.
PREREQUISITES:
You must have a version of laf that has the COPY opcode.
Since none of the firmware available for the H872 has the COPY opcode, we have to use the H918 laf partition.
Grab the H918 10p KDZ: link to 10p KDZ
You need to be on 11g or above. Be aware, once you are on 11g+ you cannot downgrade to any versions prior to 11g due to anti-rollback.
You will need a copy of the KDZ that your phone is on. If you are not currently on 11g, upgrade before continuing.
For 11g : Link to 11g KDZ
For 11h : Link to 11h KDZ
For 20a : Link to 20a KDZ
We are going to flash this using the patched LG UP. There may be one that was patched specifically for the G6 -- don't use it,
it has NOT been tested. Grab the one for the V20: link
It MUST be installed in: Crogram Files (x86)LG ElectronicsLGUP
You can't just unzip it anywhere and run it, it will not find the model file.
You need the H872 Unofficial 3.2.3 TWRP by @Eliminator74. 3.2.3 is included in the repo so that you know that you have the exact version.
If you decide to use any other version, you will brick your phone because the commands below are for this exact version!
You need to grab FWUL (version 2.7 or later) and burn it to a USB stick: link
Even if you have Linux, and you think you can install the dependencies, don't. I know this works from FWUL.
If you are rooting on 20a, you will need a Micro-SD card. Copy the TWRP 3.2.3 image and the latest Magisk zip to the SD card.
WARNING: Only applies if rooting while on 20a
Minor Encryption-related issues have occurred while testing 20a. If your data partition is encrypted, TWRP will NOT be able to decrypt it. Because of this, you will have to perform a wipe and format of your Data partition. Be sure to backup all data on your device prior to continuing by copying important files to an external SD card or using LG Mobile Switch to back it up.
PROCEDURE PART 1: Getting a working LAF onto your phone
By far this is the most dangerous part of this procedure.
Boot to download mode
In LG UP, choose partition DL.
Pick the H918 10p KDZ
Click start / ok
When you will be given a list of partitions to flash, only check laf
Click start / ok
You will get a warning about additional modified partitions -- ignore it, and click OK.
As a safety feature, LG UP will start flashing those modified partitions after laf completes flashing.
After the flash is initiated, pay close attention to the "step" and as soon as it changes from laf to another partition, PULL THE USB CABLE!
If you let it completely flash the H918 KDZ, your phone WILL reboot, and you WILL have a brick that can't be fixed.
You need to pay attention, but you also don't need to be sitting on pins and needles. You have quite a bit of time to pull the cable since system is one of the partitions that is flashed
Click OK and it will start flashing.
Once laf is flashed, and you have pulled the USB cable, you can click exit, and then re-open LG UP.
Choose partition DL again, and this time pick the H872 KDZ for the version your phone was on prior to flashing 10p (11g, 11h, or 20a)
Select all partitions except laf. If you forget to uncheck laf, you will have to do this all over again.
When it completes, it will reboot your phone.
Go back into download mode. This time you will be running the H918 laf, and we can continue with PART 2
PROCEDURE PART 2: Installing TWRP
Boot from your FWUL USB stick.
Put your phone into download mode. With the phone powered off, hold vol up and plug in the USB cable. You do not need to touch the power button -- the phone will power on and enter download mode.
This will NOT look like normal download mode on the phone. All you will get is small box that says: "Download mode" -- this is normal. You will also not have ANY indication on the PHONE that it is being flashed.
Once booted, login. The password is: linux
Double click the LG folder that is on the desktop
Double click on LG LAF (runningnak3d) icon and you will be at a terminal prompt.
The following are the commands that you enter into that terminal. You can copy / paste them if you like.
Code:
git pull
git checkout h872-miscwrte
./step1.sh
When you are told to, pull the USB cable, and the phone will power off. You now have TWRP on your laf partition. At this point you can flash a ROM, or Magisk or whatever you like, but I would suggest
at least flashing TWRP to the recovery partition. There is no button combination to get into laf (download mode), so if you only have TWRP on laf, then you will need a USB cable to get into recovery.
OPTIONAL:
If you don't know what to do with TWRP, and you just want to run rooted stock 11g, 11h or 20a, this is for you....
First boot into TWRP - with the phone off, hold vol up and plug in the USB cable.
PROCEDURE PART 3: Rooting and cleanup
Now that you are in TWRP:
Nougat (11g, 11h Users)
./step2.sh
If you ran step2.sh you have TWRP on laf, and recovery, and you are rooted. If you only ran step1.sh, then you have TWRP on laf. Either way, enjoy!
Oreo (20a) Users
Once in TWRP, click the “Wipe” button.
Choose Advanced Wipe and select the Dalvik, Data and Cache options and Wipe. Do not reboot the phone.
Go back to the main menu or main wipe screen
Select “Format Data” and complete the format.
Go back to the main menu and choose Install, and then Install Image.
Flash the TWRP 3.2.3 image from external_sd to the RECOVERY partition. DO NOT Reboot to System.
Go back to the main screen and attempt to reboot to Recovery.
If you are able to reboot to recovery without any issues, you should now Install the Magisk zip from external_sd.
After flashing Magisk, you may now reboot to system and Oreo should boot to the initial Android Setup screen.
After booting to Oreo, make sure you enable installations from Unknown Sources in your Android Settings and install the latest Magisk Manager.
If Oreo boots to an "Encryption Unsuccessful" screen, you will need to format the Data partition again. Tap the reset button and it should boot to Recovery. Perform another wipe of cache/data/dalvik and go back to the Wipe screen and Format Data. Reboot system and you should boot to Oreo Normally.
To Restore Download Mode
20a - Flash @Eliminator74's Bootstock with LAF image using TWRP
11g - Flash @weakNPCdotCom's StockLAF image using TWRP
CREDITS:
@KAsp3rd -- he risked his phone to make this happen. There were no guarantees that the H918 laf would boot and function.
Lekensteyn -- His base work on the G2 / G3 gave me a GREAT headstart!
@steadfasterX - He added some real nice features, great guy to bounce ideas off, and just testing crazy ideas because he wasn't afraid to brick his phone Also, for FWUL
tuxuser - Helping with my lacking in Python
@smitel - His original reverse engineering of LG UP. Great inspiration!
@weakNPCdotCom - Testing/Help with H87220a (Oreo)
-- Brian
XDA:DevDB Information
lafsploit - H872, Tool/Utility for the T-Mobile LG G6
Contributors
runningnak3d, KAsp3rd, weakNPCdotCom
Source Code: http://gitlab.com/runningnak3d/lglaf
Version Information
Status: Testing
Created 2018-04-09
Last Updated 2018-10-09

You ARE the man!
Good job, I'm certainly tempted to try, but have never done such kind of procedure to get root and I started flashing and rooting some time ago but everything was easier back then, I'll probably wait a bit, what's a week or two when I got the phone May last year.
Enjoy your time off. You really deserve it.
From a SM-960U that thinks is a SM-960U1...
Sent from my SM-G960U1 using Tapatalk

brick to me i didn't pull out the cable during laf partition...im on qualcomm 9008 no way to come out

Just curious, did you somehow overlook that step, or were you not looking and missed it?
-- Brian

runningnak3d said:
Just curious, did you somehow overlook that step, or were you not looking and missed it?
-- Brian
Click to expand...
Click to collapse
I feel like he just wants a way or a tool to unbrick Qualcomm 9008 models. Looking at his name and post on other thread. I might be wrong tho.
Amazing job btw. Much respect for you sir !!

pantmunu said:
I feel like he just wants a way or a tool to unbrick Qualcomm 9008 models. Looking at his name and post on other thread. I might be wrong tho.
Amazing job btw. Much respect for you sir !!
Click to expand...
Click to collapse
it my fall, when i start to do laf partion i didn't see when come out laf partition, so i let the program do his job after i see that it come to system write and i understand that it was there that i will pull the cable out, btw i will wait some good person will found solution for the qualcomm 9008 problem..they made a lot of good job..and of course is my mistake...if someone know how to come out from this problem i will be grated for all life..for the moment i will wait..or i found someone can unlock for a good price i will pay him and do the job...

The only fix for 9008 mode on UFS devices (which the G6 is) is a firehose programmer and QFIL. It is no longer possible to boot from an SD card. AFAIK, there is no signed (yes it MUST be signed) firehose for the H872.
Your only options are T-Mobile or LG warranty, or pay to have it repaired if it isn't under warranty. You could also swap the board with an H872 that has a cracked screen, but getting the thing apart looks like a real PITA.
-- Brian

runningnak3d said:
The only fix for 9008 mode on UFS devices (which the G6 is) is a firehose programmer and QFIL. It is no longer possible to boot from an SD card. AFAIK, there is no signed (yes it MUST be signed) firehose for the H872.
Your only options are T-Mobile or LG warranty, or pay to have it repaired if it isn't under warranty. You could also swap the board with an H872 that has a cracked screen, but getting the thing apart looks like a real PITA.
-- Brian
Click to expand...
Click to collapse
did you think in the future will come out a firehose file the lg g6? very thanks for your unswer and help, and very good job, i admire this talent people

Done!!! Where's your PayPal brother? I need to give you my pledge, thanks so much for opening the doors for this device's development. Can't thank you enough really...

Glad you came through it without issue.
Just click on the Donate to Me button -- tis linked to my PayPal.
Thanks,
-- Brian

Guys i found this on the web... maybe for the profesional user this can be a way to unbrick lg g6 with hard brick like mine https://www.androidbrick.com/download/download-latest-2018-qualcomm-flasher-qfil-qpst-2-7-472/
i try to use it and i didn't understand nothing..but my mobile it see as download mode

Thanks for putting this together, runningnak3d!
So, reading through the tutorial, you say this towards the end, after doing the cleanup steps:
Now you have TWRP on laf, and recovery, and you are rooted.
Click to expand...
Click to collapse
So... does that mean attempting to boot into LAF will always put you into TWRP? If yes... is there any way to get the original LAF partition back, while keeping TWRP in recovery?

Denversmartphone said:
Guys i found this on the web... maybe for the profesional user this can be a way to unbrick lg g6 with hard brick like mine https://www.androidbrick.com/download/download-latest-2018-qualcomm-flasher-qfil-qpst-2-7-472/
i try to use it and i didn't understand nothing..but my mobile it see as download mode
Click to expand...
Click to collapse
It's for Huawei.
Sent from my SM-G960U1 using Tapatalk

hendusoone said:
Thanks for putting this together, runningnak3d!
So, reading through the tutorial, you say this towards the end, after doing the cleanup steps:
So... does that mean attempting to boot into LAF will always put you into TWRP? If yes... is there any way to get the original LAF partition back, while keeping TWRP in recovery?
Click to expand...
Click to collapse
Yes, you can extract it from the 11g KDZ and flash it, but why? There will never be a situation where you would want laf over TWRP.
-- Brian

runningnak3d said:
Yes, you can extract it from the 11g KDZ and flash it, but why? There will never be a situation where you would want laf over TWRP.
-- Brian
Click to expand...
Click to collapse
My main reason is to maintain multiple methods of recovery. With a working LAF, you can flash a KDZ to get back to a working phone (even though it would need to be re-rooted). With TWRP in the LAF partition, if for some reason both instances of TWRP failed, that is no longer possible.

If something stopped TWRP from booting on laf, then laf wouldn't boot on laf either. They are both just kernel / initrd boot images.
Do what you want, but trust me, you are a lot safer with two copies of TWRP.
-- Brian

runningnak3d said:
If something stopped TWRP from booting on laf, then laf wouldn't boot on laf either. They are both just kernel / initrd boot images.
Do what you want, but trust me, you are a lot safer with two copies of TWRP.
-- Brian
Click to expand...
Click to collapse
Generally, I'd agree. Having redundant TWRP recoveries is probably better.
But it is nice that we can restore LAF on the off chance we want to restore the phone to default via KDZ. Perhaps to sell it or such.
---
Anyway, thanks for all the great work! I'll probably give it a whirl in a few days. Hopefully, this will spur some ROM development for the H872.

I made it all the way through to mounting system with read/write, twrp console just complains that it failed to mount /system with "device or resource busy". I haven't attempted to boot into recovery again since booting into system but twrp is definitely on laf still. I did try booting from laf twrp to recovery twrp before booting to system and it didn't have permissions either.
Installing Magisk doesn't give me root as it spits an error can't write to /system.
I truly never thought I'd ever see TWRP on this device, this is incredible.

slayer3032 said:
I made it all the way through to mounting system with read/write, twrp console just complains that it failed to mount /system with "device or resource busy". I haven't attempted to boot into recovery again since booting into system but twrp is definitely on laf still. I did try booting from laf twrp to recovery twrp before booting to system and it didn't have permissions either.
Installing Magisk doesn't give me root as it spits an error can't write to /system.
I truly never thought I'd ever see TWRP on this device, this is incredible.
Click to expand...
Click to collapse
U can mount /system. If u still have twrp on the laf partition all u have to do is reboot twice back into twrp then go to mounts and check system, clear cache then flash the magisk zip. But one thing o truly hate about magisk is my frequencies don't stick on kernel apps so I flashed regular su and right now everything is running amazing.
---------- Post added at 02:04 PM ---------- Previous post was at 01:42 PM ----------
Also if anyone has got a bootloop after flashing something I found out that the phone reboots when you are restoring backup. To fix this flash recovery system and boot from the backup but u have to keep tapping on the screen so it dont timeout and restore wrong.

Think I will wait till next week I'm just happy you got this far

Tried to unroot my LG V20 by accepting OTA update, now stuck in boot loop to TWRP

Rooted LG V20 owner here, but still running stock rom. Nowadays, my most important apps won't run because my phone is rooted. The apps check for that, and complain that my phone is rooted and won't let me use them. I've tried using apps like "Hide my root" so I can keep my phone rooted, but those apps just give me errors about being unable to find the su binary and what not. And I can't seem to fix them, or rather, don't even want to try. I'm just so tired of constantly having to deal with technical issues like this... So I decided today I would bend over and accept the latest OTA update, which would most likely make me lose root and also permanently make me unable to root my phone again.
Only problem is, now my phone is stuck in a boot loop, where it always boots into TWRP. I can't decrypt the data partition, which is the first thing TWRP asks me to do. Entering the long numeric PIN I used to encrypt it (using the stock ROM encryption feature) doesn't work, so I have no clue how else to decrypt it. Thing is, I'm not sure if I even need to decrypt it. I just want my phone to boot back up normally.
I tried to reflash the "debloated" H9180s image I had saved from last time I updated my phone, wiped the cache/dalvik, and rebooted, but the boot loop remains. Presumably this is because I couldn't decrypt "data" partition first(?). Then I tried some advice from some other threads, such as this one, and this one), but nothing has worked so far. I can't reinstall twrp because when I boot in fastboot mode, adb can't see my device even though fastboot can (apparently that's due to a patch from the manufacturer to prevent users from rooting their phones). Deleting any of the fota or misc folders didn't help either (most of them weren't there, but the one I did find and deleted had no effect).
Can anyone help me get my phone to boot again? I am open to any solution, whether it keeps root or not, as long as I still have my data and apps. Hoping to eventually get rid of root or figure out how to hide it so I can use certain important apps again. But that's a later step in the process.
EDIT: I forgot to mention that holding the volume down button and the power key when booting my phone has NEVER once worked ever since I have owned this phone. The only way I've ever been able to boot into TWRP (prior to my boot loop) was to plug it into my Macbook and run "adb boot recovery." So any solution with the "volume down and power button" combo isn't going to help. Curious why this has been an issue, too.

fronzee88 said:
Rooted LG V20 owner here, but still running stock rom. Nowadays, my most important apps won't run because my phone is rooted. The apps check for that, and complain that my phone is rooted and won't let me use them. I've tried using apps like "Hide my root" so I can keep my phone rooted, but those apps just give me errors about being unable to find the su binary and what not. And I can't seem to fix them, or rather, don't even want to try. I'm just so tired of constantly having to deal with technical issues like this... So I decided today I would bend over and accept the latest OTA update, which would most likely make me lose root and also permanently make me unable to root my phone again.
Only problem is, now my phone is stuck in a boot loop, where it always boots into TWRP. I can't decrypt the data partition, which is the first thing TWRP asks me to do. Entering the long numeric PIN I used to encrypt it (using the stock ROM encryption feature) doesn't work, so I have no clue how else to decrypt it. Thing is, I'm not sure if I even need to decrypt it. I just want my phone to boot back up normally.
I tried to reflash the "debloated" H9180s image I had saved from last time I updated my phone, wiped the cache/dalvik, and rebooted, but the boot loop remains. Presumably this is because I couldn't decrypt "data" partition first(?). Then I tried some advice from some other threads, such as this one, and this one), but nothing has worked so far. I can't reinstall twrp because when I boot in fastboot mode, adb can't see my device even though fastboot can (apparently that's due to a patch from the manufacturer to prevent users from rooting their phones). Deleting any of the fota or misc folders didn't help either (most of them weren't there, but the one I did find and deleted had no effect).
Can anyone help me get my phone to boot again? I am open to any solution, whether it keeps root or not, as long as I still have my data and apps. Hoping to eventually get rid of root or figure out how to hide it so I can use certain important apps again. But that's a later step in the process.
EDIT: I forgot to mention that holding the volume down button and the power key when booting my phone has NEVER once worked ever since I have owned this phone. The only way I've ever been able to boot into TWRP (prior to my boot loop) was to plug it into my Macbook and run "adb boot recovery." So any solution with the "volume down and power button" combo isn't going to help. Curious why this has been an issue, too.
Click to expand...
Click to collapse
In twrp go to mount and make sure system is mounted, then try rebooting
Sent from my LG-H910 using XDA Labs

cnjax said:
In twrp go to mount and make sure system is mounted, then try rebooting
Click to expand...
Click to collapse
It still boots into TWRP.

fronzee88 said:
It still boots into TWRP.
Click to expand...
Click to collapse
Did you try restoring a back up
Sent from my LG-H910 using XDA Labs

cnjax said:
Did you try restoring a back up
Click to expand...
Click to collapse
I made a backup with TWRP before attempting the original update that caused this issue, but I am doubting the integrity of that backup, because I was not able to decrypt the "data" partition before making the backup. So I backed up the data partition in the encrypted state, but I am not sure if that is restorable or not. Instead, I just tried reflashing the ROM.
When I navigated to the TWRP backups folder where the backup was supposed to have been saved, I couldn't find the (most recent) backup, so I am not sure if I can actually restore anything, should the need arise.

While in TWRP:
adb shell
dd if=/dev/zero of=/dev/block/bootdevice/by-name/misc bs=256 count=1
That will wipe the flags that are forcing a reboot into recovery that is trying to apply the OTA.
Once that is done, if you want to return your phone to stock, flash any 10p or higher KDZ. If you don't have download mode, there is a zip in the lafsploit thread that you can flash to get download mode back.
-- Brian

runningnak3d said:
While in TWRP:
adb shell
dd if=/dev/zero of=/dev/block/bootdevice/by-name/misc bs=256 count=1
That will wipe the flags that are forcing a reboot into recovery that is trying to apply the OTA.
Click to expand...
Click to collapse
I wasn't able to get connect with my laptop from adb (unauthorized message) but I did enter the dd command in a terminal directly in twrp itself (Advanced > Terminal). It worked!!! Thank you, thank you, thank you! Whew.

If you weren't able to connect with adb, then you are running a bad copy of TWRP (3.1). That build has issues. You need to upgrade to TWRP 3.2 -- but glad you are back up and running.
-- Brian

runningnak3d said:
If you weren't able to connect with adb, then you are running a bad copy of TWRP (3.1). That build has issues. You need to upgrade to TWRP 3.2 -- but glad you are back up and running.
Click to expand...
Click to collapse
Good to know. Thanks!

runningnak3d said:
If you weren't able to connect with adb, then you are running a bad copy of TWRP (3.1). That build has issues. You need to upgrade to TWRP 3.2 -- but glad you are back up and running.
Click to expand...
Click to collapse
I'm having trouble finding the latest official TWRP download for LG V20 T-Mobile (H918). The device isn't listed on their official site. Any suggestions on how to upgrade?

TWRP 3.2: https://forum.xda-developers.com/v20/development/recovery-twrp-3-2-1-0-t3720239
-- Brian

runningnak3d said:
if you want to return your phone to stock, flash any 10p or higher KDZ. If you don't have download mode, there is a zip in the lafsploit thread that you can flash to get download mode back.
Click to expand...
Click to collapse
I'm not sure what you mean by "download" mode, but my other question is: Will flashing a KDZ cause me to lose all my data? If so, how can I make a backup of all my data if the "data" partition is encrypted? I can't get TWRP to decrypt it even when entering the correct PIN that I normally use to unlock my encrypted phone upon regular bootup.
Note that Titanium Backup is not an option if I'm planning to unroot my phone.

Yes, flashing a KDZ wipes your phone.
If your data partition is encrypted, the only way to backup your data is from within the OS (copy to SD card) or use LG backup.

Btw the reason you arnt able to get into recovery via the buttons is because you were doing it wrong, its not hold power and volume down, its actually hold volume down, press power until the screen turns on, then (still holding vol down) tap the power button (either once at exactly the right time, or repeatedly which works more consistantly) until a screen appears asking if you want to factory reset. saying yes (via the volume and power buttons) twice boots twrp if installed, else it boots the stock recovery and wipes the phone.

runningnak3d said:
While in TWRP:
adb shell
dd if=/dev/zero of=/dev/block/bootdevice/by-name/misc bs=256 count=1
That will wipe the flags that are forcing a reboot into recovery that is trying to apply the OTA.
Once that is done, if you want to return your phone to stock, flash any 10p or higher KDZ. If you don't have download mode, there is a zip in the lafsploit thread that you can flash to get download mode back.
-- Brian
Click to expand...
Click to collapse
The same thing happened to me but on my V10. Would this command work on that phone?

Please help me restore back my original LGUP dump! (H910)

I tried to use the dirtysanta method to root my H910. Here is what I did:
1. Because I have the April 2017 security patch, I used LGUP to load up an kdz that is on Dec 2016.
This step was successful. Everything worked as expected.
2. Then I followed the dirtysanta approach, and everything worked great. I got into TWRP and wiped stuff as instructed.
3. However, at the last step, when the instruction says to adb fastboot into recovery, instead of booting back into TWRP, the phone boot into strange screen with stripes, and after a while it will show me a "kernel crash!" screen with a lot of text.
Question - is there any way to get my phone back? I cannot get into TWRP, and there is no more ADB. I also tried LGUP but it lists my phone under "unknown" model and I cannot select it.
Please anyone help me. Thanks!

zhangla said:
I tried to use the dirtysanta method to root my H910. Here is what I did:
1. Because I have the April 2017 security patch, I used LGUP to load up an kdz that is on Dec 2016.
This step was successful. Everything worked as expected.
2. Then I followed the dirtysanta approach, and everything worked great. I got into TWRP and wiped stuff as instructed.
3. However, at the last step, when the instruction says to adb fastboot into recovery, instead of booting back into TWRP, the phone boot into strange screen with stripes, and after a while it will show me a "kernel crash!" screen with a lot of text.
Question - is there any way to get my phone back? I cannot get into TWRP, and there is no more ADB. I also tried LGUP but it lists my phone under "unknown" model and I cannot select it.
Please anyone help me. Thanks!
Click to expand...
Click to collapse
Obviously you did not do enough reading on the ds root process because then you'd know static on boot is normal and you would have read about the button combo to get into twrp. I suggest you do some more reading
Sent from my LG-H910 using XDA Labs

I admit I did not read the thread fully, because it has about 2000+ posts on several hundreds of pages...
I did read the OP's instructions very carefully, and followed it word by word.
Right now, I could get into fastboot and flash TWRP again. That can get me into TWRP but any ROM I flash (either stock based, or custom ROMs), the phone will simply just get back into the static stripes and eventually crash on kernel or modem.
Is this because I should not use H910 ROMs anymore, because the DS uses other models kernels? 996?

zhangla said:
I admit I did not read the thread fully, because it has about 2000+ posts on several hundreds of pages...
I did read the OP's instructions very carefully, and followed it word by word.
Right now, I could get into fastboot and flash TWRP again. That can get me into TWRP but any ROM I flash (either stock based, or custom ROMs), the phone will simply just get back into the static stripes and eventually crash on kernel or modem.
Is this because I should not use H910 ROMs anymore, because the DS uses other models kernels? 996?
Click to expand...
Click to collapse
Flash whatever rom you want/can and then after flash preferably the mk2000 kernel (your varient) right after initial flash of rom-then reboot. Static will vanish like tacos on fat Tuesday. You can then do whatever.

Mysticblaze347 said:
Flash whatever rom you want/can and then after flash preferably the mk2000 kernel (your varient) right after initial flash of rom-then reboot. Static will vanish like tacos on fat Tuesday. You can then do whatever.
Click to expand...
Click to collapse
My problem now is that I can no longer boot into TWRP anymore.... I had recovery-twrp-h910-2018-10-18.img flashed and worked fine, but after I flashed the H910 Oreo stock rom, vol- and power then power, yes and yes to factory reset, the phone just boots into statics then LG then statics then the initial setup wizard. No more TWRP.
Trying to use fastboot to flash TWRP again, but now my phone can only be seen by adb under MTP mode, not when it's in fastboot mode.
Any way to flash TWRP when I am in regular MTP mode (e.g. regular adb)?

zhangla said:
My problem now is that I can no longer boot into TWRP anymore.... I had recovery-twrp-h910-2018-10-18.img flashed and worked fine, but after I flashed the H910 Oreo stock rom, vol- and power then power, yes and yes to factory reset, the phone just boots into statics then LG then statics then the initial setup wizard. No more TWRP.
Trying to use fastboot to flash TWRP again, but now my phone can only be seen by adb under MTP mode, not when it's in fastboot mode.
Any way to flash TWRP when I am in regular MTP mode (e.g. regular adb)?
Click to expand...
Click to collapse
I believe that via adb you can type "push" then type your directed file area of located file (twrp). Double check with google search on how push files via adb
Yeah for some odd reason adb reads via mtp (or photo transfer) only for some reason.

Mysticblaze347 said:
I believe that via adb you can type "push" then type your directed file area of located file (twrp). Double check with google search on how push files via adb
Yeah for some odd reason adb reads via mtp (or photo transfer) only for some reason.
Click to expand...
Click to collapse
The push command is to send files to external SD card while in recovery mode. I did that once. I don't think it actually flashes anything...

zhangla said:
The push command is to send files to external SD card while in recovery mode. I did that once. I don't think it actually flashes anything...
Click to expand...
Click to collapse
Might just have to redo Dirty Santa again...I really dont know what else other than researching ADB commands.
Im assuming that you already tried manual boot in twrp as Cnjax stated. Look into those as well. Different models sometimes have different button combos.

@zhangla
You best slow down and do more reading
You made another mistake
I had recovery-twrp-h910-2018-10-18.img flashed and worked fine, but after I flashed the H910 Oreo stock rom
Click to expand...
Click to collapse
The Oreo stock rom is Stock and flashes Stock recovery and removed TWRP.
Their are two v20 rooted Oreo h910 roms
you needed to use those.
You now need to start over by flashing the h915 nougat kdz and following the root guide
https://r.tapatalk.com/shareLink?ur...share_tid=3664500&share_fid=3793&share_type=t
[ROOT] HOWTO: AT&T H910 up to v20g (FULLY TESTED)
Sent from my PH-1 using Tapatalk

[RECOVERY] TWRP for Onn Android Tablets (unofficial) - 2019-11-30

TWRP Custom Recovery for the Onn Android Tablet series​
This is the first fully-featured custom recovery for Walmart's MediaTek-based Onn tablets: ONA19TB002, ONA19TB003 and ONA19TB007. TWRP needs no introduction. If you have come here, you probably have some idea of what it is and what it's used for. This TWRP build does not need the bootloader unlocked or VBMeta verification disabled, although it's recommended that you at least unlock the bootloader.
DISCLAIMER
Everything described in this thread is done at your own risk. No one else will be responsible for any data loss, corruption or damage of your device, including that which results from bugs in this software.
FEATURES
Decrypted data partition
All USB modes functional: MTP, ADB, Mass Storage, OTG, Charging
Fast boot time
Adoptable storage mounting
Firmware image backup and restore
Works under locked bootloader
Android 9 build fits within the 16MB recovery partition -- no compromises or partition resizing necessary
INSTALLATION METHOD 1
Download the recovery to your PC and unzip the image
Unlock the bootloader (skip if you have already done this)
Enable OEM Unlock in Developer Options in Android Settings
Boot into fastboot mode either by holding vol. up+power to power it on and selecting "Fastboot mode", or by running the 'adb reboot bootloader' command from within Android.
Install fastboot and appropriate drivers on your PC if you have not set those up
Unlock the bootloader with the command
Code:
fastboot flashing unlock
...and follow the instructions on the screen. This will wipe your data.
Flash the custom recovery with
Code:
fastboot flash recovery twrp-3.3.1-ONA19TB002.img
(use the right file name path for your device)
Reboot to recovery with
Code:
fastboot oem reboot-recovery
INSTALLATION METHOD 2
This assumes you are familiar with SP Flash Tool or can figure it out on your own
Download the recovery to your PC and unzip the image
Get the appropriate scatter file for your device. The scatter file may be found in the device's firmware under /system/data/misc.
Set up SPFT Download tab as Download Only. Load your scatter file.
Under the recovery line, double-click Location and open your TWRP image.
Click Download and connect your powered-off tablet to your PC. SPFT will automatically flash the recovery to the emmc and disconnect when finished.
INSTALLATION METHOD 3
Head over to Amazing Temp Root for MediaTek ARMv8, read the requirements and directions, and grab the latest mtk-su.
Open a root shell with mtk-su
Flash the (unzipped) recovery with the command:
Code:
dd bs=1048576 if=twrp-3.3.1-0-ONA19TB002.img of=/dev/block/by-name/recovery
(replace the if= file name with your appropriate recovery image path)
Exit root shell
START RECOVERY
Three methods:
On a powered off tablet, hold Vol. up+power for about 3 seconds. In the menu that appears, select "Recovery mode"
With Android ADB, use the command 'adb reboot recovery'
From Android root shell, use the command 'reboot recovery' or just use any root app with OS reboot features
NOTES
Kind of important: Make a backup of your Crypto Footer as soon as you can. This is the encryption key to your data partition. When accessed from TWRP, this key can get "upgraded" so that you will get locked out of Android. TWRP uses a hacky workaround that saves and restores the original footer on every /data decrypt. But that method is not what I would call 100% reliable.
Make sure you have a backup of the untouched stock system and vendor images. There are no official firmware packages available to download.
Only mount system/vendor partitions in read/write mode if you have unlocked the bootloader. It is recommended to choose to leave system read-only at the startup prompt unless you have a specific reason to modify it. If the bootloader is locked, then dm-verity is enforced.* So merely mounting it once in r/w will cause a boot loop.
It's currently not possible to install incremental OTA updates using this TWRP. Use the stock recovery to update the FW. That will only work if you have never mounted system/vendor in write mode.
DOWNLOAD (Nov. 30, 2019)
Current version: 3.3.1-1
ONA19TB002 - Onn 8" model
ONA19TB003 - Onn 10.1" model
ONA19TB007 - Onn 10.1" w/keyboard model
Source code
ONA19TB002 | ONA19TB003 | ONA19TB007
ACKNOWLEDGEMENTS
The team behind TWRP & OmniROM
@tek3195 for testing and feedback on the 8" model

Please post feedback since these are still pretty new and not exhaustively tested. Let me know if I should port it to other models in the series.

Reserved also

grabbing this one too cuz why not

Very nice! I'll download and test the 003 one soon.
I also have a 007 model to experiment with.
I tried about a dozen times to build TWRP and failed miserably LOL. Closest I got was one that would boot but the rotation was all messed up, USB wouldn't work, didn't mount some partitions... Yeah, it was a hot mess.
Do you happen to have sources available?

Hi @NFSP G35,
I'll have the source code soon. Most of the tricks involved patching bootable/recovery. So I need to commit those changes and include the proper patch set from my tree....

Amazing!! Gonna install and test 8" right now.

Has anyone tried a GSI on these tablets yet?

MishaalRahman said:
Has anyone tried a GSI on these tablets yet?
Click to expand...
Click to collapse
I do know @tek3195 , the Onn 8 thread starter, has tried many of them as well as others here, somewhere on that thread he listed his tests and opinion of several of them.
I'm pretty sure others on that thread have also tried GSI's.

MishaalRahman said:
Has anyone tried a GSI on these tablets yet?
Click to expand...
Click to collapse
I did try both Phhuson vanilla and also Liquid Remix (I'm keeping this one for now). I didn't flash them through twrp, but using fastboot via bootloader.

WoW! AwEsOmE! I cannot wait to try this! THANK YOU!!!!!!

Hey,
This is a neat thing to see for the Onn tablets. I have a question though. I own a device based on the mt8163, and am trying to help people with another device I don't own (the powkiddy x18 which also uses the mt8163). One of the things I wanted to do was to make a custom rom for the x18, since it's stock firmware is horrible. And of course, one of the first steps to custom roms is twrp. So I have a question for you that I hope you can answer for me. How did you make this build of twrp? I have seen no device trees for this device so I was kinda curious. If you can help me in any way, I'd be so grateful, and I'm sure the other people with the x18 would be grateful for help.

@diplomatic
Is there a different procedure for installing TWRP on a locked bootloader?
I can confirm that using SP Flash to load your TWRP.img will produce a bootloop when installing to a device with the BL locked. Reflashing the original recovery.img makes the problem go away. You mentioned in the OP that this TWRP will work on a locked BL so I thought I would share my case study with you in following the procedure you defined.
MY SINCERE GRATITUDE FOR YOUR EFFORTS IN PORTING THIS TO THE ONN!

You're welcome, @Spatry.... Can you describe how you ended up with a locked BL? Was it unlocked before? Have you ever tweaked vbmeta? Also, when you say bootloop, do you mean for Android or just for recovery? I'm not going to insist that it works under locked BL. I tested it once and it did boot up...

diplomatic said:
You're welcome, @Spatry.... Can you describe how you ended up with a locked BL? Was it unlocked before? Have you ever tweaked vbmeta? Also, when you say bootloop, do you mean for Android or just for recovery? I'm not going to insist that it works under locked BL. I tested it once and it did boot up...
Click to expand...
Click to collapse
Presently, I am running stock with Magisk patched BOOT on locked bootloader, stock vbmeta. The boot loop was at the ONN Android screen, I could not get it to even boot into recovery.
At one time I did run with the bootloader unlocked (with --disable-verification on stock vbmeta) and I ran Phusson's AOSP, Liquid Remix and Bliss. I found there was no benefit to me in running the other mods so I reverted back to stock courtesy of @CaffeinePizza and the bootloader re-locked to get rid of that annoying 5 second orange state.
In each instance, I always used SP Flash tools to load all .img files. I only used fastboot to install magisk_patched.img onto the stock installation. Unlocking the bootloader erases all data and I did not feel like reinstalling everything again, so I figured I would try to install TWRP per your instruction to see if it would work while the BL was still locked... Restoring the original recovery got rid of the bootloop. I do want to try your TWRP so I will try it with BL unlocked when I get some free time to do so.

Spatry said:
Presently, I am running stock with Magisk patched BOOT on locked bootloader, stock vbmeta. The boot loop was at the ONN Android screen, I could not get it to even boot into recovery.
Click to expand...
Click to collapse
This sounds like you might have flashed a wrong/corrupt image to recovery. It may have to do with AVB checks rather than bootloader lock. But those conditions might be interdependent somehow so I can't tell you for sure. The fact that you are able to boot a patched image on a locked BL says it doesn't care too much about verification. I can tell you for sure that any recovery image must have avb metadata, not necessarily the required hash, for both Android and recovery to boot. Can you try to unzip the image file and flash it over again?

Hmm, the situation with the bootloader lock sounds eerily similar to the Nabi SE. The latter also had a similar implementation where there's not much in the way of locking things down, other than an (easily circumvented) SP Flash Tool signature check and different preloader keys. And here's the real kicker: the nearly-identical Fisher Price Nabi also ran on the MT8163, so it makes me wonder if it's possible to boot Pie on it, or perhaps a GSI assuming that Treble can be tacked onto it.
Also, do you have the source repo to this TWRP port of yours?

If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.

diplomatic said:
If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.
Click to expand...
Click to collapse
Where do I find crypto footer to backup

diplomatic said:
If anyone here gave me an XDA ad-free subscription, thanks a lot! I didn't get a notification of who it was. Using this site is a lot more bearable now.
Click to expand...
Click to collapse
Kinda cool without the ads isn't it. I know I sent one about a week ago or so. I think everybody ought to send you one, you deserve it. THANKS and AWESOME work.