[操作疑難] 仲有冇人用緊 LG V20? 請教 unlock bootloader 同 root 問題

https://forum.xda-developers.com ... santa-h990-t3624296

我跟住呢個 post 做, 去到步驟 16 就已經唔得
已經跟左佢講每打一句 command 之間都等左一分鐘
但係當 reboot 返部機就個 mon 花哂, 仲搞到 kernel crush, 要用 LG UP 刷返 stock ROM 重新來過

整左好多次都係搞唔到, 有冇方法可以提升機會率?

仲有乜野app,需要root呢?

TOP

Can anyone help?

TOP

本帖最後由 ylimny 於 2020-6-9 15:12 編輯

回覆 3# jacky_chua


1.    首先你step 1至15係咪都OK?ok意思不單指你run左,而係run左 & 無任何error出現
2.    step 16 只係裝recovery, 你可嘗試用新版本的twrp https://dl.twrp.me/h990/twrp-3.3.1-0-h990.img.html
條command 則會變成 fastboot flash recovery twrp-3.3.1-0-h990.img
3. kernel version 一定要用 v0.2.4

若然真係唔得,你可參考以下link, 佢都係V20行貨雙卡機,成功root
https://forum.xda-developers.com ... 0&postcount=613

TOP

本帖最後由 jacky_chua 於 2020-6-9 19:21 編輯
回覆  jacky_chua


1.    首先你step 1至15係咪都OK?ok意思不單指你run左,而係run左 & 無任何error出現 ...
ylimny 發表於 2020-6-9 15:10


多謝師兄你雪中送炭!! 我返去研究下先
但佢嗰部係 H990DS
我係 H990N
唔知有冇分別,不過真係唔得就用佢方法

TOP

你16寫recovery到有無成功?之後你入system係去原生rom? 咁當然唔得
成功寫入recovery ,第一次一定要入twrp,最好format system,寫入 LineageOS ,原個係原生rom,一定寫入對應的 Kernel
https://forum.xda-developers.com ... ernel-oreo-t4090779
最好寫magisk防止出問題..

TOP

你16寫recovery到有無成功?之後你入system係去原生rom? 咁當然唔得
成功寫入recovery ,第一次一定要入twrp, ...
god_md5 發表於 2020-6-10 20:33


我跟住個 post 寫左三次 recovery, 之後 fastboot reboot 就花屏
原 post 話最好多次寫入, 會比較穩陣

TOP

本帖最後由 jacky_chua 於 2020-6-11 01:01 編輯

呢個有裝LG UP, 隨時可以刷返 stock ROM

2. Backup your phone data. LG Bridge/LG Backup is pretty reliable, but I strongly advise backing up everything onto a desktop/laptop computer. If you backup to SD card, the SD card must not be encrypted! (failures will destroy the key and the data)

係備用機, 唔介意total lost, 冇任何野係入面, 所以 skip

3. Go to Settings -> General -> About phone -> Software info -> Android security patch level; if your phone is on an update after December 31, use LGUP to "refurbish" to an earlier firmware release (this will do a factory reset).

Firmware version V10e, security patch level December 1, 2016

4. Ensure you have ADB/Fastboot files installed and working: https://forum.xda-developers.com/sho....php?t=2588979
This also requires developer mode -> USB debugging to be enabled.

已開啟 developer mode, Enable OEM unlock 同 USB debugging, ADB/Fastboot 已經裝左

5. Ensure you have all relevant files prepared:
Installed backup plan.
Installed Terminal Emulator on device.
Downloaded DirtySanta's files and copied them to ADB directory.
Downloaded files, Put kernel and SU implementation (Magisk.zip and
SuperSU.zip work) into SD card; and TWRP into ADB directory.
Note: It may be necessary to temporarily disable anti-virus/anti-malware programs when unpacking the original DirtySanta. At least one has detected `dirtycow`/CVE-2016-5195 as malware (it can in fact act in that role).

裝左 Terminal 係部機度, DirtySanta download左都放左落ADB folder, Magisk.zip download左最新 同 TWRP 剛剛換左最新來試下, 睇下得唔得先, Kernel 0.2.4 download左 放左落 microSD卡

6. Using dirtysanta's steps: Run "RUNMEFIRST.bat" <-- Do not close.

呢個時候就接上USB, 開左 RUNMEFIRST.bat, V20 就問 enable Android debugging, 答左 YES

7. Run "step1.bat" <-- Wait until you can type something again.


有以下 message: 途中有 warning, 但冇話係 fatal error, 所以照過

C:\adb>adb push dirtysanta /storage/emulated/0
dirtysanta: 1 file pushed. 0.6 MB/s (18760 bytes in 0.030s)

C:\adb>adb push aboot.img /storage/emulated/0
aboot.img: 1 file pushed. 8.0 MB/s (2097152 bytes in 0.252s)

C:\adb>adb push dirtycow /data/local/tmp
dirtycow: 1 file pushed. 0.9 MB/s (9984 bytes in 0.011s)

C:\adb>adb push my-run-as /data/local/tmp
my-run-as: 1 file pushed. 1.4 MB/s (13796 bytes in 0.009s)

C:\adb>adb shell chmod 0777 /data/local/tmp/*

C:\adb>adb shell /data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/my-run-as
warning: new file size (13796) and file old size (14360) differ

size 14360


  • mmap 0x750000a000
  • exploit (patch)
  • currently 0x750000a000=10102464c457f
  • madvise = 0x750000a000 14360
  • madvise = 0 1048576
  • /proc/self/mem -2122317824 1048576
  • exploited 0x750000a000=10101464c457f

    C:\adb>adb shell /data/local/tmp/dirtycow /system/bin/applypatch /data/local/tmp/dirtycow
    warning: new file size (9984) and file old size (165144) differ

    size 165144


  • mmap 0x730e4f3000
  • exploit (patch)
  • currently 0x730e4f3000=10102464c457f
  • madvise = 0x730e4f3000 165144
  • madvise = 0 1048576
  • /proc/self/mem 1367343104 1048576
  • exploited 0x730e4f3000=10102464c457f

    C:\adb>adb shell
    elsa:/ $


    8. Type "run-as con" <-- If you get unknown package error, means your latest security patch patched it out; go back to step 3. LGUP should be able to downgrade you to an earlier firmware update.

    冇任何 error message

    9. Type "chmod 0777 /storage/emulated/0/*"

    冇任何 error message

    10. Open Terminal Emulator, Type "id"
    11. Look for something containing "untrusted_app". If not found, Start all over again. If found, continue.

    有一句 "context=u:r:untrusted_app:s0:c512,c768", 所以冇問題

    12. Type "applypatch /system/bin/atd /storage/emulated/0/dirtysanta" into Terminal Emulator
    13. Wait for RUNMEFIRST.bat console to prompt you to run step2.bat.

    C:\adb>adb logcat -s dirtysanta
    * daemon not running; starting now at tcp:5037
    * daemon started successfully
    - waiting for device -
    --------- beginning of system
    --------- beginning of main
    --------- beginning of crash
    01-01 07:16:34.676 10076 10076 I dirtysanta: Starting Backup
    01-01 07:16:36.226 10076 10076 I dirtysanta: Backup Complete.
    01-01 07:16:41.227 10076 10076 I dirtysanta: Starting flash of Aboot!
    01-01 07:16:41.402 10076 10076 I dirtysanta: Finished. Please run Step 2 now.

    14. Run "step2.bat"

    run 完就入左 fastboot mode, 冇問題發生

    15. Save copies (put them somewhere safe where you'll remember them) of the files "abootbackup.img" and "bootbackup.img", which "step2.bat" saves in its directory, the latter is crucial in returning to stock.
    saved

    16. At a command prompt run the following commands, but make sure to wait at least 30 seconds between each. Do not skimp on that delay as otherwise the likelihood is this will fail (this is the most unreliable step in this process); waiting longer than 30 seconds is fine.


    搞左一輪就搞掂左了, 係唔係一入 TWRP 就即刻 flash kernel?

    我flash左 custom ROM, 但唔知點解一開機佢會去到 fastboot mode, 入唔到 custom ROM
    Edit: 我只係 Wipe 左 d partition 咁就搞掂了
  • TOP

    我都想root咗部h990ds雙卡港版8.0
    上網睇過資料....好複雜.......
    n年前試過一鍵root4.0,唔洗備份唔洗盛,成功root到可以保留全部資料
    8.0冇一鍵root?
    會搞到變磚就唔整....

    TOP

    我都想root咗部h990ds雙卡港版8.0
    上網睇過資料....好複雜.......
    n年前試過一鍵root4.0,唔洗備份唔洗盛,成 ...
    ways 發表於 2020-6-11 03:24


    你可以睇下
    https://forum.xda-developers.com ... 0&postcount=613
    我跟呢個方法得左

    雖然我係H990N, 唔係 H990DS

    TOP