How to Use DirtySanta Exploits to Unlock Bootloader on LG V20

While some OEMs allow bootloader unlocking on each and every model, the LG officially supports only a select devices. But there’s an important announcement here pertaining to the international variant of the LG V20. Thanks to the DirtySanta exploit, the bootloader can now be unlocked.

The method has been adapted to work with the H990 model by XDA Senior Member emdroidle. The process is little bit complicated but you can get through it with a little bit of patience. Just follow the instructions carefully and you should end up with an unlocked and rooted device.

Word of caution: Many of the commands used in the tutorial have a high probability of resulting in a brick if they are mistyped. You should be ready to have your V20 out of commission for a day or two. Also, don’t panic in case something starts going wrong. Just stop the process under such circumstances.

You should be familiar with LGUP/LGBridge and how to use them. Using LGUP is also how to get back to stock. The steps below will guide you for the same:

  1. Download .kdz file for your v20 model from the following links. Currently, v20 models available are F800K, F800L, F800S, H915, H918TN, H990, VS995, H990N and H990DS. You can use these links: Link
  2. Search, download and install LGUP (LGUP_Store_Frame_Ver_1_14_3.msi).
  3. Search, download and install LG Driver (LGMobileDriver_WHQL_Ver_4.1.1.exe).
  4. Completely Power off the v20.
  5. Plug the USB end of sync cable to your PC.
  6. Press and hold “Volume Up”.
  7. Plug in the USB-C end of sync cable to the v20. The phone will enter download mode (or Firmware Update). Now you can release the “Volume Up”.
  8. Run LGUP. The program will recognize the v20.
  9. At the file path, click “…” and chose the .kdz file.

10. Choose “UPGRADE”.

Advertisements

11.Click “Start” and wait until the process is complete.

Devices

You will need one of the attached files. Beware that the wrong file will likely give odd results:

  • H990DS (dual-SIM): You will need the attached h990ds-kernel.zip.
  • H990 (single-SIM): You will need the attached h990-kernel.zip. FAILED More analysis is needed.
  • H990N (dual-SIM): You will need the attached h990n-kernel.zip. (This has not be confirmed to work perfectly yet. So hold off on this one!)

For other variants of the V20 additional information is needed. In order to generate an appropriate kernel run the following two commands and send the output:

adb shell getprop ro.product.name

adb shell cat /sys/firmware/devicetree/base/chosen/bootargs

Rooting and full bootloader unlock for the H990 versions of the LGE V20:

  • Ensure you have a backup plan. Link
  • Backup your phone data. LG Bridge/LG Backup is pretty reliable, but it is advised that the backup should be done onto a desktop/laptop computer. If you backup to SD card, the SD card must not be encrypted.
  • Go to Settings -> General -> About phone -> Software info -> Android security patch level. If your phone is on an update after December 31, use LGUP to “refurbish” to an earlier firmware release (this will do a factory reset).
  • Ensure you have ADB/Fastboot files installed and working. Link
  • Ensure you have all relevant files prepared:
    • Installed backup plan.
    • Installed Terminal Emulator on the device.
    • Downloaded DirtySanta’s files and copied them to ADB directory.
    • Downloaded files, Put kernel and SuperSU zip into SD card; and TWRP into ADB directory.

Note: It might be necessary to download anti-virus/anti-malware programs when unpacking the original DirtySanta.

  • Using DirtySanta’s steps: Run “RUNMEFIRST.bat.” Do not close.
  • Run “step1.bat. ” Wait until you can type something again.
  • Type “run-as con”. If you get unknown package error, means your latest security patch patched it out; go back to step 3. LGUP should be able to downgrade you to an earlier firmware update.
  • Type “chmod 0777 /storage/emulated/0/*”.
  • Open Terminal Emulator, Type “id”.
  • Look for something containing “untrusted_app”. If not found, Start all over again. If found, continue.
  • Type “applypatch /system/bin/atd /storage/emulated/0/dirtysanta” into Terminal Emulator.
  • Wait for RUNMEFIRST.bat console to prompt you to run step2.bat.
  • Run “step2.bat”.
  • Save copies of the files “abootbackup.img” and “bootbackup.img”, which “step2.bat” saves in its directory, the latter is crucial in returning to stock.
  • At a command prompt run the following commands, but make sure to wait at least 30 seconds between each. Do not skimp on that delay as otherwise, the likelihood is this will fail (this is the most unreliable step in this process); waiting longer than 30 seconds is fine.

fastboot flash recovery twrp-3.0.2-1-h990.img

fastboot flash recovery twrp-3.0.2-1-h990.img

fastboot reboot

  • Boot into TWRP. Press and hold volume DOWN; press and hold power until the LG logo comes up, then briefly release power (0.5-1.0sec) and then hold power again. You will then be prompted “Delete all user data (including LG and carrier apps) and reset all settings?” Select “Yes” twice, and as long as TWRP installation was successful you’ll get into TWRP and NO RESET will be done. Inside TWRP flash the appropriate “h990*-kernel.zip” and then flash SuperSU.zip. At this point, the process should be complete. There won’t be static on boot, you’ll have root and nothing else should have changed.

Going back to stock:

Method 1:

  • Boot into TWRP (DOWN + Power with a brief release during LG logo).
  • Copy the file “abootbackup.img” from your archive to your phone (adb push abootbackup.img /).
  • Run `adb shell` and type (or copy&paste) the following commands:

dd if=abootbackup.img of=/dev/block/bootdevice/by-name/aboot
sync
sleep 30
sync

  • Get into Download mode. Power off phone from TWRP. Press and hold UP, then power phone on (no need to hold power).
  • Load the appropriate KDZ file onto your phone via LGUP.

Method 2:

  • Boot into fastboot mode. Any of these methods should work:
    • Run `adb reboot bootloader`
    • Press and hold DOWN, then plug in USB cable.
    • Press and hold DOWN, then power on.
  • With “abootbackup.img” in the current directory run the following commands, while waiting at least 30 seconds between them:

fastboot flash aboot abootbackup.img

(wait >30s)

Advertisement

fastboot flash aboot abootbackup.img

(wait >30s)

fastboot reboot

  • Get into Download mode. Press and hold UP. If the phone has already started to load Android, pull the battery, reinstall battery; then press and hold UP and power on.
  • Load the appropriate KDZ file onto your phone via LGUP.

 

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.