Rooting a LG V30 (Or how to Brick one)


AKA I just Soft bricked my LG v30 cause I forgot the password to the google account I temp created to play around with it. If you Did the above you can read the below on how to Root a Canadian based LG v30.

Step 0) Read: Read This and This and This.

Step 1) Unlock Bootloader.

  1. Download LGMobileDriver v4.4.2 (You need this, even if device shows up fine in Device Manger)
  2. Download LGUP. by technightA. Uninstall any prior LGUP you have. Uninstall anything like Uppercut, which no longer works and causes conflicts with this Dev Patched LGUP.B. Extract to a folder on your PC.C. Browse into the folder and launch LGUP_Store_Frame_Ver_1_14_3.msi.
    Follow the prompts to complete the install.

    D. In that folder, right click and select “Run as Administrator” on “SetDev.bat” to set LGUP to developer mode.
    -This is where I got super…. super, SUPER, annoyed. Read below…

    E. Launch LGUP using the desktop shortcut, NOT the Install folder shortcut.
    -Now you might bet an error “LGUP can’t load the model[C:\ProgramFiles(x86)\LG Electronics\LGUP\model\com”, You might Google this error... Probably find this guy who asks and gets no helpNot until this thread you might get a hint… I was really annoyed when I got saw the maintainers response here, like if so why isn’t it working? Then I decided to look at the bat script as mentioned in step 3. and lo and behold the answer hit me in the face. The SetDev,bat is written assuming a x64 based machine, thus assuming the system variable “%programfiles(x86)%” is defined, I was using a x86 aka a 32bit machine, and a 32bit version of windows doesn’t have that system variable. I changed the script to remove all (x86) from the system variable, re-ran the script and sure enough LGUP finally loaded successfully! Wooooo, does that feel good!

    Choose Process : PARTITION DL (all partitions) or REFURBISH

  3. Download US99820a_04_0330.kdz select this, and it fails, cause these fucking fucks can’t write a half decent fucking guide…. apparently….
    “Read that Frankenstein post carefully; you have to flash to Nougat US998 first, THEN to Oreo US998. You should NOT avoid those steps. That post is my documentation for converting LS998 V30+ to US998 V30+. Adapt to your model.”Actually Download US99810d_01_0411.kdz (Partition DL, Select All)As expected a boot loop. So…

    Master Reset — using buttons:
    A. Unplug phone and turn it OFF.
    B. Press and hold the Power and Volume down buttons.
    C. When the LG logo appears, quickly release the Power button only — then immediately press Power button again, while STILL pressing the Volume down button until you see the screen to select Yes to erase and reset everything.
    D. Release both buttons so you can make your choices.

    *This took me a couple tries to get, once I got it showed a cool  animation and then phone booted.

    K Now let’s install Version US998-20a…

    I got the exact same error this time… reading  a bit further… man are you serious… ughh….

    “NOTE: For Canadian H933 to convert to US998, @cre4per says you have to use DL Partition for both stages (Nougat and Oreo KDZ):

    cre4per said:
    That is what I tried but after the reset when i went back into lgup it would recognize phone as h933 and when trying to upgrade to oreo would say error cross flash h933 to us998, so i used DL Partition again instead of upgrade and it worked perfectly”

    Not sure, if it was even required, but I guess it was a good thing I did cause I guess this is the process to unlock the bootloader on a Canadian version. What a freakin’ mess should be one firmware all regions, redic stuff.

    Sure enough so far it’s working. K Finally! we are on the exploitable version of firmware, and we hopefully have all the drivers we need, so it should just come down to needing the ADB software and running the commands, I’ll first start with the minimal setup.

  4. Download ADB Tools. We need this to run the commands to exploit this firmware we are now on, yippy.and this is where my heart sunk…. a month ago I reset this device, and I created a phoney toss away account to sign up for google. I did not set up secondary email, or tie it to a phone number. I also apparently forgot the password, also (a sad and hard lesson learnt here) Android/Google do what Apple does and tie devices to accounts, and if the device is factory reset calls home to ensure the device is removed from the account first before it can be used.Here’s the other sad part, I need to able USB debugging in order for the device to show up to use ADB commands, in order to unlock the bootloader…

    I can only enable USB debugging via ADB commands if the device is already running with an unlocked bootloader...

    I can’t reset my google account tied to the device, since I forgot the password, I can’t reset the account cause I never tied additional email or phone to the account, and it’s all AI driven so can’t even call in to get the account reset, and the only device I’d be able to reset it from, I factory wiped, which is this v30.

    Only thing I can think of is I’d need to find someone who could get me the factory version of the exploitable firmware but with USB debugging somehow already on…

    I’m so sad right now, I was so close to victory just to be burned by one stupid step and not realizing that Android does what Apple does now, if I had known I would have done things differently. I would have:

1.  Saved my password in a password Manager.

2. Wrote down all the credential information to the throw away account.

3. Tied the account to some other secondary email or number.

4. Factory wiped the device before flashing it.

These are the hard lessons learnt. Sigh…. I gotta grow stronger through embracing failures.

Well I can now add a nice v30 to my pile of e-waste, like the Blackberry Playbook I factory wiped and now can’t get past the OOBE, two OOBE soft bricked paper weights!

*Update* See my next post, I was able to get a local cell repair company to get past the Google Lockout, unfortunately I was unable to get the juicy bits to do so again in the future… this mistake costed me $40. 🙁

But I’m back down to one e-waste item… the Playbook.

Apple Fun Times

An Apple Story

Well another day, more fun with big Tech. Today… Apple.

People love em, People hate em. Me I tend to swing to the latter, why, cause I’ve always been one who doesn’t believe in giving up freedoms for security. With Apple that’s exactly how it works.

In the Apple world (that beautiful utopia), all Apple software is run only on authorized Apple hardware. Apple even has the audacity to take it so far as to secretly  “pair” modular parts of the phone (such as the camera) to be “locked/usable” to only the board it came from, watch this YouTube video on the matter that has a crazy 10 mil views.

I won’t go too much into this, insane design choices. Instead I’ll simply attempt to cover some “things” I discovered simply attempting to deploy a couple new iPhones.

Thing 1 (How it began)

The first thing to note is… How did we get here? In this case I mean, let’s face it, Apple primary stakeholders were individuals, selling products to, well, people. The thing is they became so popular that people, being people, started to use these devices for a lot. Overtime they crept there way into the business world, which of course left a freaking huge gap as to how to…. you guessed it manage these devices.

Now if you are even slightly familiar with teh Apple ecosystem, at least in terms of their mobile phones and the iOS operating system. You maybe aware of a change to the factory restore process, roughly around iOS ~7 saga. That change was that if you happened to put a device into DFU mode, and attempt to set it as a new phone, you will be prompted to authorize that from the account (AppleID) that was previously associated with that device. This is a problem if a corporation owns the device, but a user uses a personal AppleID, tied to a personal Email address. In this case before you’d have to jump through some hoops with Apple. Such as provide proof of purchase and all this other fun jazz that can take a fair amount of time.

Bring in MDM (Mobile Device Management), Now if this was simple, I would have no issues with this. The fact is, there are far more hoops you have to jump through then you realize to make this a reality.

Thing 2 (Apple Business Manager)

Apple’s take on MDM is Apple Business Manager (ABM). Now as far as I know, ABM is not in itself MDM, it is merely a prerequisite required to actually starting use an MDM (from another provider) to manage iPhones, and other iDevices.

I’ll do my best to cover the processes here, but please note the entire process was not actually gone through in its entirety. So there will be more questions than answers through most of this blog post. I do apologies for this and if you want to stop reading you certainly can at this point.

So here’s the simplified overview PDF of ABM…

Overview of Managed Apple IDs for Business

And this is what the login page looks like:

Once you are logged in, it’s a super simplified Web UI that looks like a 4 year old designed it (in California of course). Now before you can even do anything at all, the very first step is to “authorize your domain”.

How do you do this? OK let me take one quick step back here. Reading this More detailed guide to ABM, the first part is signing up for ABM, in more cases than not, this will be handled by a Value Added Reseller. Once you are signed up, and have defined the “administrators”, they will have to be the one to “Validate the domain”, which (from experience) is nothing more than  a specially generated string you have to create a TXT record for on your external DNS provider for said domain. (Pissssst AKA DNS Validation).

Funny enough, even though I know (again from experience) that this is a required step, it was not anywhere in the Get started guide PDF I just referenced. Here’s how to do it though (according to Apple).

Thing 3 (Federation)

This part, honestly has me so confused. Throughout the history of Apple, they don’t integrate with anything else, unless it is Apple. Yet there’s this….

  1. Is federation a requirement to use ABM and MDM for Apple devices?
    I don’t know… lets ask someone on the Apple IRC channel…
    Apparently it is, and apparently MS Azure AD is the only auth provider to federate with? Uhhh ok, Not sure what suited donkeys sucked whos dick to make that deal….*Note* The IRC user that helped me above was a really cool guy.
  2. MS Azure AD is the only listed auth provider for federating.

Well that sure sounds like a bag of ass.

This is sort of where the road dies for me. As there is no Azure AD for us to use. So great, not sure where this requirement is listed. So anyway… normally…

Thing 4 (Mobile Providers and Reseller IDs)

If you did manage to federate, the next thing you need to do is “authorize” resellers and cell providers. You do this by taking the resellers ID (usually given to you by the VAR), then in the ABM click settings (lower left), then Device Management Settings, then edit Customer Numbers, and add them.


Thing 5 (MDM)

I’d love to cover this in more details, however since Thing 3 didn’t fly, I’m not exactly sure how this part works. When I clicked the “Add MDM server” it seemed to have wanted to simply generate a key pair, then I fully assume here, you use the public key by adding to the MDM server of choice.

When I figure out which MDM servers actually are available to use, and how to make them work, I plan to extend this blog to help cover those steps.

What now?

Well I guess if you don’t have Azure AD then the options available to you to manage Apple devices seems rather limited. There are limited control and auditing one can do with ActiveSync, but that’s only through MS Exchange servers if you have them.

New Phones!

So got some new Apple phones to deploy. Just note I’m not a fan of Apples hardcore stance on hardware lockdown (“for security”), including this now even swapping good working parts from another good working phone. Unreal…

First User, First Issue
Restore/Update UI Wizard Logic

First users transfer, the main thing was the user was excited that they stated their phone was fully up-to-date. While normally I would love to hear this, it actually caused me grief in when I went to upload the back up profile to the phone and got this nice alert from iTunes “iOS on  phone to old”…

Now, I would have assumed by this day and age computers would be more intuitive then this. So instead of iTunes having a nice prompt “Would you like me to update to the latest version for you and load your saved profile?” it gives the ugly prompt above, and expects you to jump through all the OOBE prompts of the phone, connect it to a network and update it before you can load your profile. Redic.

*Note* I managed to click on “setup a new phone” in iTunes, then I could click the phone icon on the upper bar area, then click on  update device. So it is possible in iTunes, it’s just not as intuitive as one would like.

Second User, Second Issue
Backup Encryption Logic

Now you figure without ABM/MDM issues would be less, but I digress.

With the second user, created a backup in iTunes. Now this is where I really got my knackers in a twist. After successfully creating a backup then go to restore it onto the new phone randomly get a prompt.. “Please enter the password for the backup.”

Like wtf you talking about.. I didn’t set a password when I created the backup, where did this password come from? Off to Google!

First result!

“Upon first turning on “Encrypt iPhone backup” in iTunes, a password must be set for your encrypted backups. This applies automatically to all future backups, without needing to enter it again.

If you later wish to turn off backup encryption or to restore from an encrypted iTunes backup, it is necessary to enter the current backup encryption password.

If you have forgotten or do not know the password, then encryption cannot be turned off and the iTunes backup cannot be used. There is no way around this feature.

An alternative solution for transferring the content and settings to your new iPhone is to back up your old iPhone using iCloud and then to restore your new iPhone from the iCloud backup. (iCloud backups are encrypted as standard, so will also include your sensitive data).”

Like, yeah ok, I could use iCloud but that will encrypt it with the same password I’d imagine, either way wanted to do it via iTunes to save a bit of time. Keep looking.

Second Result!

Wow there’s everything from try the iTunes password, to 0000, to windows admin password, to “your first ever iTunes password”. Get outta here, sure enough none of them worked, even though the comments appears the answer is all over the place. If you get lucky with any of these, congrats. Moving on.

Third Source!

“You can’t restore an encrypted backup without its password. With iOS 11 or later, you can make a new encrypted backup of your device by resetting the password. Here’s what to do:

On your iOS device, go to Settings > General > Reset.

Tap Reset All Settings and enter your iOS passcode.

Follow the steps to reset your settings. This won’t affect your user data or passwords, but it will reset settings like display brightness, Home screen layout, and wallpaper. It also removes your encrypted backup password.

Connect your device to iTunes again and create a new encrypted backup.

You won’t be able to use previous encrypted backups, but you can back up your current data using iTunes and setting a new backup password. If you have a device with iOS 10 or earlier, you can’t reset the password.”

Which lucky for me was the case this time. So this method actually worked, who’d thought that the encryption password is just part of the system settings. Oh Apple.

Anyway so this is why this really puts a knack in my gears, If someone made a backup on just iTunes, thinking there were good, and only when they restore do they get the password prompt, and they had lost their old phone, they’d be pissed. Frankly so would I, iTunes should state that fact as soon as a backup is being created to prompt for the password to ensure the user is 1) aware that there phones data is encrypted with a password and 2) that they know what that password is.

Third User, Third Issue
Storage Check Logic

Yeah, or should I say lack there of. When I started to complete the transfer of this user device, the storage used was much higher then the rest. However low and be hold I started the iTunes backup process not even thinking about that, cause, well why would I?

Now, I’ve been called out on being a “resource monitor” and by that I mean I spent a fair amount of time ensuring a system is working as intended by validating theory’s and deployments by, non other than looking at the data. In this case Windows Task Manager. If your really want to get in the weeds you can use Sysinteral’s Tools. Anyway, I noticed the hard drive space getting low, and the process bar and iTunes not being anywhere near the end (you’ve figure it show some stats, but just a bar).

It wasn’t long till it ran out, now I’m kind of shocked there’s not some simple validation logic coded here. It simply just took up all the data it could, and prompted an error telling me to “clear space”. I’ll not I did a whole bunch of that till there was nothing left to clear and it still sucked the hard disk dry. Now I wanted to see if I could simply point the iTunes install to another path like an external USB hard drive and use that, might lose some speed on the slower bus but should still be decent. Funny it was asked by this person and it was the answer by Doug which worked for me, the only reason the person asking the question didn’t understand the answer was cause of how iTunes for windows is hardcoded to use the Windows Users AppData location (Windows environment Variable %appdata%) which will always by default be the windows install drive. So even though they installed iTunes on the external drive it won’t use it to say the backup data. I would have expected there to be an option, which one was stated is available under the “advanced” area of the settings, but that clearly didn’t work cause after setting it and running the iTunes backup I could see it still using the windows install drive and the users appdata location, via resource monitor. Only after I created a syslink for that folder to the external drive was it using it to create a backup of the phone.

What a pain…


Noted Changes

  1. 6 Pin default for unlock code, can be changed to 4, but depends on if you use it to store pay stuff then, it might not be available.
  2. This one really pissed me off… It’s not a “power button” no that’s just to universally known, and far to single purpose driven. So instead let’s call it a “Side Button” and completely change the normal operation of powering on n off a phone. User comes up and the phone is stuck in a process “signing in to cloud” or some rubbish…. I look at the phone and go… well… did you reboot it? They laugh, I laugh, they look at the phone… try a bit and say… How do I do it? They laugh, I laugh, and then I press down the button and Siri listens to me swearing at it cause they made the power button the siri button…. brilliant!You can read here for more details. So from universal “Press and hold the power button” is now
    “One method is to press and hold either the Volume Up button or the Volume Down button and the Side button simultaneously until you see the Slide to Power Off slider.NOTE: Quickly pressing the Volume Up button and the Side button takes a screenshot instead of showing the Slide to Power Off slider.

    Alternatively, you can quickly press the Volume Up button followed by the Volume Down button and then press and hold the Side button to access the Slide to Power Off slider. When using this method, the SOS slider doesn’t display. If you’re nervous about accidentally triggering a 911 call, you can use this method”

    Brilliant, I’d almost consider this to be “genius” level.

  3. Zoom vs Standard This isn’t new technically, but is worth nothing about some issues around the type you pick. (Entertainingly enough, this blogger also notes of some of the un-intuitiveness of Apple’s design choices)
  4.  I’m sure there’s more I’ll save this as a place marker. Publish for now and write a summary once I’m done with this nightmare. I don’t even have a proper category for this content, and by gawd I don’t want to make an Apple category….  *shutters*

MacOS as a VMware VM

The Story

Requirement: MacOS, or something like it to play with the OS to support people.

Problem: Don’t own a Mac.

Idea: Just VM it like everything else.

Reality: See below…

Well… Yeah this is a thing. Need to play with this so here we go?

Sources: How to Install macOS on VMware in Windows PC [Mojave] | by BuildSomeTech | Medium

First Problem – Making/Getting Image File

No ISO is usually available directly from Apple, So you have to create it… with a Mac. Well I don’t got one of those, so nopers, on that.

Solution… Trust someone else to upload a clean version of the ISO, source blogger above did that, but again have to trust the ISO.

Second Problem – Download Quota

Too many people want this ISO now… have to bypass the download quota. Spoiler requires a Google account. I wasn’t exactly sure but after logging in I was able to create a shortcut of the source folder into myDrive, then create a shortcut to that, then download the file directly.

Once I got the file I extracted it with 7zip and entered the password provided from the source blog post. I then proceeded to create a new VM on my ESXi 6.7 hosts managed by vCenter 6.7.

Create VM

Only main thing was much like the source was to pick the MacOS under other:

I was not as nice with the hardware specs and left them default minimum:Ahh crap, I have to up the memory, to “min 4 GB”, fine, my host not gonna like me haha. So right click the VM, edit settings, bump up the memory to 4GB, while we are here, click VM options -> Advanced -> Edit Configuration

Then add a config: smc.version with value of 0

Also ensure to force boot into BIOS/EUFI menu so you can mount the ISO from above. Little trick (the Disc icon is greyed out till the VM is powered on in the VMRC (VMware Remote Console). So you can mount it and reset the VM to boot the ISO.

but when on..

Third Problem – Need the Unlocker

I got an error telling me that there are no compatible hypervisors, wait what?

Ohhhh!!!! Classic Apples, that’s why all these other guides are using an “unlocker

“MacOS is only able to be installed on Apple-branded, official hardware. Apple does not license you to install it otherwise. By using that “unlocker” program–which is actually a circumvention or “crack” device–you would be violating the EULAs of both Apple and VMware. So, the only way you are legally able to run MacOS in a virtual machine is on official Apple hardware. Any other installation type is illegal.” – daphnissov

Yeap… Apple, Apple, Apple… Ugh

So I went created a temp account on the unlocker site, downloaded the 208 version and ran it on a test ESXi host I had:

and rebooted it… Server rebooted, create new VM, set guest to MacOS and…

man… FFS… after even more research, managed to find newer version of the unlocker from better open sources (Git) 🙂

Like this one, and this one and one other one my colleague pointed me to, but I don’t have the link. Either way, downloading the package and running the command to install….


for reals…. this project is pissing me off.

So after Googling this, I found this reddit thread...

“the unlocker.tgz is not included in the master commit , dunno why, do this…” -KciNicKGX

Well **** off…. my nice colleague managed to check ou the build python script and noted a view things, and managed to create a unlocker package for me with the required unlocker.tgz file with in it… using it…

Finally! I can pick GuestOS MacOS 10.14 and the VM actually Boots!

Mount the ISO

OK… Now if you power on the VM you should see the disc icon available…

(I wonder how many people are just trippin cause my VM name is Majove and not Mojave… lol)

don’t let the greyed out icon fool you, just right click it and you’ll be able to mount the ISO from your local workstation without having to upload it to a datastore.

Let’s mount the ISO we had such a hard time getting above.

Now boot it by picking the virtual CD-Rom in the list…

so I finally got an Apple logo wooo..

Result Failure!

and does it work…. Nope.. Boot loop…

I found one other reference to a boot loop, all the comments state is to try alternative ESXi host version, which right now I don’t have.

You know what… Fuck this stupid ass fucking dumb shit.

I’m out.

Classic Editor

Ahhhh Yes!!!!! The Classic editor where life is easy!

CHeck this out!

Ohhhhh man! That took me 2 seconds! and it’s perfect!

Go Classic editor, simple and it works! Leave fancy editor stuff for plug-ins WordPress…. You’re bloating WordPress like MS bloated Windows…

At least Classic Editor will be supported till 2021, and my guess with how crappy the new editor seems, it’ll probably be supported longer. like XP, good things die hard. New shitty things die fast.

WordPress 5 and Blocks

Here I am, trying out WordPress 5+ and it’s new content editor.

Big Gaping Asshole… I mean spacer Block!!! OMG Now I can move My big Gaping Spacer Block using Arrows… OMG!!! AMAZING… meh

My old ways don’t work and it’s painful to do something that was super easy before.

I sound like like an old fart but I liked the old way, not that I don’t like the ingenuity and clearly the scaleabilty of the new way, but things were obviously missed…

for instance I used to be able to paste my imgur links and then using my old plug in options mark them clickable and pop out. Now if I paste it, it tatoos the living crap out of the image with imgur crap all over it….

God look at this garbage

But hey at least I can caption my shit and move them around, cause you know how often I screw up the order of my post when I make them….

This paragraph, I can, cause you know how people love to mess up there paragraphs and have to rearrange them all the time!

Now when I press enter it simply adds a new “Document” block, so If I wanted this paragraph after ^ That Paragraph.

If that was confusing trust me so is finding the Point of these “blocks” if I had maybe some horizontal control I could see some use, but it’s literally just vertical, up down that’s it… wooo, man it was so hard before selecting content with the mouse and using, keyboard shortcuts (Ctrl + X to cut, move to location, Ctrl+v to paste) in those times you needed to re-arrange… boy that stuff sure was hard to do. I’m glad I have blocks now to waste my life learning how to get something simple as my old pop up image plug-in to work again….. Pricks….

Time to install the Classic editor!

Splitting WordPress Titles
Post Headers

I wanted to do this since I noticed my one header being really long and was unsightly… I decided to google this, like I google everything…

First one I found, I didn’t want to dink with code, I like coding but mostly PowerShell (If you haven’t noticed based on my categories)… Sorry you’re out!

Second one I found, I didn’t like cause it used a plugin… However there’s always something great to learn form the comments, specially “pessimists” *Cough* realists such as this great comment by “KRZYSIEK DRÓŻDŻ”

“Wow, you really need a plugin for that?

Why don’t you just insert tag? Installing million plugins, that aren’t doing anything really isn’t a good idea… Especially, if such plugin is not popular, so very few people have looked at/controlled it’s code (this plugin had 30 active installs).”

Made me gooo, waaaaaa that’s it? So sure enough I add <br> in my Title, and Bam! The Title is split on 2 lines, now that was easy. Thanks Krzysiek!

Looks like my third source basically does the same thing.