The LG K51 (LM-K500) is a Mediatek MT6762 (MT6765) powered device running on Android 10 (Q). There are variants like LM-K500MM, LM-K500QM, LM-K500QN, LM-K500UM etc. This particular unit was dead; no sign of life when you press the power button. It showed a white LED light when connected to charger. When connected to PC, there were several connection-disconnection cycles (sounds). LGUP flashing was clearly not an option since it couldn’t enter download mode.
PRELOADER and BOOTROM mode flashing did offer some hope through tools like SP Flash tool but this model has secure boot so a DA and maybe Auth file would be required for flashing. Thankfully, there’s now a Mediatek DA & Auth bypass exploit that allows you flash such devices.
BROM mode for the LG K51 can be achieved by powering off then holding the Google Assistant button (the button below the volume decrease button) and the Volume decrease button then connecting to PC via USB-C cable. Its important to have first installed Mediatek drivers on the PC. The device should show up as Mediatek USB Port under device manager. At this point, I went ahead to install a device filter using libusb.
Now, back to that MTK Bypass Universal exploit I earlier mentioned, I ran the python script to disable DA and Auth then fired up SP Flash tool. My first port of call was a firmware dump using WWR MTK …to avoid stories that touch the heart.
The device did get detected and a WWR dump was successful. Here’s a video on using WWR MTK v2.51 which I recommend.
Armed with a reliable firmware dump, I was ready to flash. I downloaded the KDZ (firmware) for this model, extracted the contents of the kdz and tried flashing strategic partitions like preloader (after processing preloader.img in wwr), boot and laf (for entering Download Mode). Unfortunately, this didn’t work. I however had a glimmer of hope when I pressed the power button and the phone just flashed the LG logo and went dead.
Several failed attempts and a bottle of roasted groundnuts later, I realized that the partition addresses in the scatter file (from my dump) were different from those I saw when analyzing both pgpt and sgpt (from the extracted kdz) using WWR’s Table of sections (you load the pgpt or sgpt and go to that section) . It would seem that a failed cross-flashing attempt was how the device went dead in the first place (I didn’t get much info on how it went dead in the first place). This was probably why I kept getting Boundary Check Failed: rom_end_addr >= next rom begin addr.
Using the scatter file from my dump as a template, I began (using the info from pgpt in the kdz) manually editing the address info for each partition and arranging them in the order they appeared in WWR. The order is important else you’ll get an error about the regions not being in ascending sorting sequence or something like that. Its also important the file names in the scatter file match what you have in the firmware folder. A much faster approach is to load the pgpt then head to Auto Mode, select your chipset, start auto pilot then click Create scatter file.
After that was done, I loaded the scatter file and tried flashing. Got the PMT has changed error as expected so I had to do a format all + download. Format went through but download failed with a boundary check error. I began flashing one partition at a time. Turned out ftm was the cause of that error. After I was done flashing each partition, I edited ftm out of the scatter file (is_download:false) then flashed all other files. This went through.
Download Mode At Last
I powered up the device and it came on though it was stuck in a bootloop. I hadn’t flashed super because it came in chunks so this behavior was expected. While it was boot looping, I held the volume increase button then connected to PC via USB cable and launched LGUP. It got stuck at a blank screen (no display of Firmware Update etc) but LGUP detected it. I was finally in Download Mode!
Trying an LGUP flash with Refurbished option, I got an error about ftm being corrupted / wiped so I had to use ChipErase. This went through and the LG K51 finally booted. Because I had cross-flashed, I got Warning! Current version is not available for user. Can’t find matched carrier. Check NT-Code: FFFFFF: 85 at boot. This was easily dismissed and didn’t seem to affect network or other functionality.
If you get stuck at any point then feel free to reach out to us for Private Support .