If you want to keep root on your T-Mobile V20, do NOT install the 10i update for the device until another rooting method is discovered.
Although LG allows bootloader unlocking on the LG V20, but you cannot install TWRP recovery directly on the device as LG has put in place a secure system that doesn’t allow modifications to any partitions on the device.
But thanks to developer jcadduono over at xda who released a workaround to install TWRP recovery on LG V20 using the Dirty Cow root exploit in kernel. The developer likes to call his workaround as recowvery.
Using recowvery exploit you can install TWRP recovery on your LG V20 and then flash SuperSU zip to disable force encrypt and get root access.
Let’s get started..
- Download dirtycow
- Download recowvery-applypatch
- Download recowvery-app_process64
- Download recowvery-run-as
- Download LG V20 TWRP recovery (.img)
How to Install TWRP on LG V20 using recowvery
- Setup ADB and Fastboot on your PC.
- Unlock bootloader on your LG V20.
- Download and save the following four recowvery files from the download links above to a separate folder on your PC.
- Download and transfer the LG V20 TWRP recovery .img file from the downloads section above to your phone’s base directory (not inside any folder).
- Make sure USB debugging is enabled on your V20.
- Connect your LG V20 to the PC.
- Now open a command window on your PC inside the folder where you saved recowvery files in Step 3 above. To do that, “Shift + Right click” on any empty white space inside the folder and select Open command window here from the context menu.
- Once command window is opened, issue the following commands one-by-one to get a root shell on your device using the Dirty Cow exploit:
adb push dirtycow /data/local/tmp adb push recowvery-applypatch /data/local/tmp adb push recowvery-app_process64 /data/local/tmp adb push recowvery-run-as /data/local/tmp
└ This will push the recowvery files to your device’s tmp folder.
adb shell cd /data/local/tmp chmod 0777 * ./dirtycow /system/bin/applypatch recowvery-applypatch
└ Wait for the script to finish.
./dirtycow /system/bin/app_process64 recowvery-app_process64
└ Wait for completion, you phone might look like it’s crashing.
adb logcat -s recowvery
└ Wait for the command to tell you it was successful. Once done, press CTRL+C on your keyboard.
adb shell reboot recovery
└ Your phone will reboot and recovery will be reflashed to stock.
adb shell getenforce
└ It should say permissive.
cd /data/local/tmp ./dirtycow /system/bin/run-as recowvery-run-as run-as exec ./recowvery-applypatch boot
└ recowvery patched boot image will be flashed, wait for it to complete.
└ This will give you a shell with root access.
dd if=/sdcard/twrp-3.0.2-0-beta4-h918.img of=/dev/block/bootdevice/by-name/recovery
└ This will install/flash TWRP recovery to your LG V20.
- TWRP recovery is now installed on your LG V20. Now follow the instructions below to disable Force encrypt and root LG V20 using SuperSU zip.
How to Disable Force Encrypt and Root LG V20
- Download and transfer the SuperSU zip file from the download link above to your LG V20.
- Connect your phone to the PC and open a command window on PC.
- Issue the following command on the PC to boot your LG V20 into TWRP recovery:
adb reboot recovery
- Once in TWRP recovery, tap on Install and select the SuperSU zip file that you transferred to your phone in Step 1 above.
- After selecting the .zip file, slide you finger on the Swipe to Confirm Flash button on screen to begin the flashing process.
└ This will install SuperSU and patch boot image to not force encrypt your LG V20 on boot. But since your device is already encrypted, you need to format Data once to decrypt it. If you do not want to decrypt though, then skip Step 6th and 7th below.
- Once SuperSU is flashed, go back to TWRP main menu » select Wipe » Advanced Wipe » tap on Data and then slide your finger on the Swipe to Wipe button.
└ This will decrypt your LG V20 and DELETE all data on the device.
- Since we wiped the device in the step above to decrypt it, you need to flash the SuperSU zip once again (follow Step 4th and 5th again).
- Once done, go to TWRP main screen » select Reboot » select System.
That’s all. Your LG V20 is now rooted and decrypted. To verify, download any root checker app from the Play store.