hi. i can't believe i'm the first person to ask this but i've searched as best i can through these forums, and on google, and cannot find a definitive answer. there are lots of pages giving high level descriptions of rooting a phone like "gives admin access", "allows access to the root filesystem", etc. but, when you root a phone, what actually happens ? does it simply make the "su" binary available so that apps can call it to access the root user ? eg. i've got a samsung galaxy s2, if i install an insecure kernel, then add su to /system/xbin, and then reinstall a stock kernel, is that technically a rooted phone ? this is actually what i did on my phone, although i installed superuser and busybox from the market after adding su. i am aware that there are various threads in the sgs2 forums on how to root, i'm just using my phone as an example, i'm just trying to understand generically what is meant when someone says a phone has been rooted. cheers.
Full control over your system
Ability to alter system files. You can replace many parts of the "Android Core" with this including:
Themes
Core apps (maps, calendar, clock etc)
Recovery image
Bootloader
Toolbox (linux binary that lets you execute simple linux commands like "ls") can be replaced with Busybox (slightly better option)
Boot images
Add linux binaries
Run special apps that need more control over the system
SuperUser (lets you approve or deny the use of root access to any program)
Task Manager For Root (Lets you kill apps that you otherwise could not kill)
Tether apps (like the one found at [android-wifi-tether.googlecode.com])
<there are more but I cannot think of any right now>
Backup your system
You can make a folder on your sdcard and backup all of your .apk files to your sdcard (helps if an author decides to "upgrade" you to a version that requires you to pay to use the version you just had)
Relocate your (browser/maps/market) cache to your /sdcard
Relocate your installed applications to your /sdcard
Reboot your phone from the terminal app easily (su <enter> reboot <enter>)
Copied and pasted from google... it is your friend.
thanks for the response however, i'm trying to understand what actually changes on the phone when you root it, rather than simply the benefits of rooting a phone.
Carrot Cruncher said:
thanks for the response however, i'm trying to understand what actually changes on the phone when you root it, rather than simply the benefits of rooting a phone.
Click to expand...
Click to collapse
Unrooted phone is like logging on as user in a computer. By rooting you have "administrative" rights, just like using sudo command in Ubuntu. Some binaries which are important in gaining administrative rights are installed in the phone.
sent from my nokia 3210
If you come from Windows, you're familiar with the Administrator account. A user that can do everything on the system, as opposed to other users than only have limited privileges. In Linux, that account is called "root". That's all there is to it. It's a user that can do everything on the system.
@Panos_dm: Actually, it's *not* like using sudo. Sudo gives elevated privileges to your existing user account, whereas "root" is a whole separate account.
Nope, sudo actually switches users
i'm a linux user and have been a linux admin in the past so understand the difference between su and sudo. sorry to sound pedantic but i'm still not clear on exactly what happens when you root a phone, i.e. what exactly happens during the rooting process ?
It opens your phone to a whole new array of possibilities.
Sent from my HTC Sensation 4G using xda premium
Carrot Cruncher said:
but i'm still not clear on exactly what happens when you root a phone, i.e. what exactly happens during the rooting process ?
Click to expand...
Click to collapse
In a gist? The "su" binary and the Superuser.apk app get installed. Sometimes doing so requires exploiting a vulnerability via a trigger. Rageagainstthecage is a common trigger. I once had a link that explained what exactly rageagainstthecage does, but I don't have it anymore.
If you really want to know all the details, here's the script I used to root my Defy: http://pastebin.com/G3m9v4FQ
Hmm, I see the script contains a link to the explanation of what rageagainstthecage does. Cool.
many thanks for confirming my understanding of the process.
Disclaimer: rooting your phone entails risk. You may brick it, cause it to catch fire, cause it to form the first node in the Skynet network, or otherwise render it inoperable. Please read the directions carefully to ensure that nothing unexpected happens. This rooting tool is as safe as I can make it, but there's never any guarantees.
After a very helpful suggestion from Surge1223, I managed to take an existing root exploit for the Xperia and modify it to work on 4.3 with SELinux enforcing. This installs su, SuperSU, and the necessary support files to enable the root.
This rooting process should work with a wide range of Android devices, particularly those running Linux Kernel before 3.5.5 (which most Android 4.3 ROMs use.) It 's known to work for may GS4 variants and is harmless if it fails to work (no "Warranty Void" flags get set.)
Again, using this WILL NOT set the "Knox Warranty Void" flag.
For a video showing the steps to root, see Tomsgt's awesome work here.
There's another video from owenbeals here.
A hint to people having problems using this:
If you use XDA to e-mail me a question, SET YOUR XDA ACCOUNT UP TO ACCEPT MAIL.
If you are set up to refuse mail, then your question will be ignored. Actually, you shouldn't e-mail me. PM or post here.
Step 1 - setting up the USB drivers
Before you try using this rooting program, you'll need to have the USB drivers installed for your phone.
The easiest way to do this is to install Samsung Kies. If Kies sees your phone, you're OK for the drivers.
If you don't have the drivers working, the root installer will hang at "waiting for device..."
Step 2 - Enable USB Debugging
The second thing you must do is to enable USB debugging on your phone. Go to "Settings", "More...", then "Developer Options".
If "Developer Options" doesn't appear, then you'll need to enable it - go to "Settings", "More", "About Phone". Scroll down so the "Build Number" is visible, then tap on that several times until developer mode is enabled.
In Developer Options, make sure "USB Debugging" is checkmarked.
Step 3 - Enable USB ADB Access
Make sure that your computer is allowed to use USB debugging on your phone. To do this, unplug your phone and unlock it. Then, plug in the USB cable.
If you see an "Alllow USB debugging?" window pop up, tap on the "Always allow from this computer" to check it, then tap OK.
If you don't see that popup, it's OK, you should be OK to proceed.
That's it for the phone.
Step 4 - Unzip the saferoot.zip
Then you need to unpack the attached ZIP file somewhere onto your PC.
You should have the following when done:
- a file called "install.bat"
- a file called "install.sh"
- a folder called "files"
Step 5 - Root your phone
Double click on the "install.bat" to run the root. It will root and reboot your phone. Once that's done, you're rooted!
The first thing that the install script will ask you is whether or not to install Busybox. Busybox is a program that provides a fairly extensive set of Linux shell utilities that a Unix user would expect to see. If you're not going to be using the shell (terminal emulator or adb shell) then you may not want to install Busybox. You may, however, find that some root-required utilities assume that Busybox is installed.
If SuperSU asks you to update the su binary, choose the "Normal" method.
If SuperSU asks you about disabling Knox, allow it.
This exploit will NOT set the Knox Warranty Void flag. It will set the "Custom" flag, but that's nothing to worry about.
While you're running this, you'll need to keep the phone awake and watch both the computer running the rooting script and your phone.
You shouldn't unplug the phone unless you're prompted by the rooting script. Leave it connected until it's done.
Rooting on Linux and MacOS
The saferoot script has a copy of adb for MacOS and for Linux included.
To run this root, download and unzip the zip file. Open a shell window, use "cd" to change to the directory where you unpacked the zip, and type "sh ./install.sh". The OS will be detected automatically and the root should run basically as described above.
If the embedded adb fails, you'll need to have the Android Debugging Bridge (adb) installed and configured and on your path. You can test that it's ready by opening a shell (Terminal) window and typing "adb shell". If you get a shell prompt on the phone, type "exit" and you're ready to go.
Notes
Don't try to download this onto your phone and run it from there. That won't work, at least for the i545 (i.e. running it from the Terminal Emulator app will fail.)
Having troubles getting adb connected? There are several possible causes and solutions.
There are cases where people can't get the connection working unless they toggle the USB connection type from Camera to Media and back. Perhaps that may help getting it to work. Toggling the "Enable USB Debugging" apparently helps in some cases as well.
Others report that using these Samsung USB drivers resolve connectivity issues. Of course, these drivers are for Samsung phones. Install the right stuff for your phone.
Important - please read
If you fail to read this, you will be taunted.
1. You can't install custom recovery and custom ROMs on a phone with a locked bootloader. This rooting program does not unlock your bootloader and won't allow you to flash custom on a locked device. However, NOTHING allows flashing a custom recovery on a bootloader locked phone at the moment. See Safestrap for a way to install some custom ROMs.
2. Resetting the "Custom" and open padlock indication during boot can be worked around using the Xposed Framwork and Wanam Xposed. Get those two from the Play Store. In Wanam, tick "Security Hacks", "Fake System Status".
3. If Saferoot fails with the messages
"Your kernel is patched!
This device is not supported."
That means that your device's Linux kernel has been updated to keep Saferoot from working. Unless you can downgrade to an older kernel, you can't use Saferoot.
Reported Successes
Here's a list of phones and reported builds where this has been verified to work.
AT&T Galaxy Note 2 (SGH-I317), Android 4.3
AT&T Galaxy S3 (SGH-i747), MJB
AT&T Galaxy S4 (SGH-i337) MK2,MK6
AT&T Galaxy S4 zoom
Bell Mobility i337,MK6
Canadian Galaxy S4 SGH-I337M
Digicel (Jamaica) i9500, MK1
d2vzw s3 with the 4.3 update
Galaxy NX Camera, JDQ39
Galaxy Legend SCH-I200,MK2
Galaxy Note 2 GT-N7100, MK9
Galaxy Note 2 N7105 4.3
GT-I9192, MK4 (ML2 does not work)
Google Glass, (XRT73B), XR14
i605
International Galaxy S4, I9505: MH6, MH8, MJ5, MKE, MKF
I9500: MJ8, MK1
Kindle Fire HD
LG Optimus F3 - T-Mobile
LG Escape -P870 - ATT
MK4 Build Date 13.11.2013
Razr HD 9.30.1 OTA
Razr M 98.18.94,98.30.1
Samsung Exhilarate SGH-I577, Android 4.0.4, Build LH3
Samsung GT-I9192, UBUBMK4
Samsung Galaxy Tab 2 GT-P5513
Samsung Galaxy S4 Mini LTE (GT-I9195), MJ7
Samsung i547, Android 4.1.2
Sprint Galaxy S3 (SPH-L710), MK5
Sprint Galaxy S4 Mini SPH-L520
Sprint Galaxy S4 SPH-L720,MK2 (NA2 does NOT work)
Sprint Galaxy S4 (SPH-L720T), MK5
T-Mobile Galaxy S4 SGH-M919 JFLTETMO, MK2
T-Mobile Galaxy Note 2 SGH-T889, MK7
Telcel (Mexico) SGH-i337M, MK6
Telus Note 2 SGH-I317M
Verizon Galaxy Note 2 Android 4.3
Verizon Galaxy S3 I9300 - LF2
Verizon Galaxy S3 SCH-I535
Verizon Galaxy S3 Mini, SM-G730V, MI9
Verizon Galaxy S4 (SCH-i545) ME7,MJ7,MK2
Verizon Galaxy S4 (SCH-i545L) MG6, MK4
Verizon Galaxy S4 Mini SCH-I435, MK5
Verizon Galaxy S4 Developer Edition, I1545OYUAMDK
Verizon HTC One
Verizon SCH-I200PP, MK2
xt907, xt925/6 & mb866
Edits:
12/12/13: This version of the zip file includes the adb.exe so you don't need to install ADB just for this.
I've also changed it so you shouldn't have to unzip to any special place.
12/13/13: I've swapped out Superuser for SuperSU. This version also installs busybox for you once the phone finishes rebooting.
12/14/13: Fixed install of busybox. Install SuperSU as Chainfire wants it: called Superuser.apk, installed into /system/app.
12/14/13: Move "Look at your phone and give permission" message to the top of the script.
12/15/13: Update source distribution to correspond to updates.
12/16/13: Rename to saferoot as it's not just for MJ7.
12/17/13: Update to fix "text file busy" errors
12/18/13: Correct the "text file busy" fix. Force su binary to be setuid root so root checkers will work.
12/18/13: Add more help in the "install.bat" for people having troubles getting adb working
12/18/13: Ensure the folder setup is right when starting install.bat
12/18/13: Give users time to allow su permissions
12/21/13: Disable SEAndroid before rooting
12/22/13: Install selinuxoff to set SELinux to Permissive mode at boot
12/23/13: Fix permission on selinuxoff binary, update SuperSU install and clean up rooting program
12/30/13: Remove selinuxoff program - it doesn't do anything. Updates to the install scripts.
1/6/14: Hard code kernel addresses for ATT Galaxy S4 so it takes less time to root.
1/6/14: Try to work around Knox deleting the su binary
1/10/14: Clear immutable bit on existing programs to allow them to be updated
1/12/14: Update to current SuperSU binary
1/13/14: Updates suggested by @bgmg
1/16/14: Correct typo in Linux/OSX installer
1/21/14: Really correct the typo. Add OS detection to install.sh so it can run on OSX or Linux without installing adb.
1/21/14: Update to current SuperSU
2/4/14: Detect when the phone is not rooted and don't continue the rest of the operations.
3/29/14: Install 'unroot' script and add unroot.bat/unroot.sh to allow simple removal of Saferoot changes.
4/4/14: Fix problem with unroot not running
4/30/14: Clearer error messages on root fail, allow user to choose installation of busybox
5/14/14: Fix typo in Unix install script, more text on why it failed.
5/24/14: Fix install.sh portability issue with double equals on test.
Source code, Unrooting, and the Custom Flag
The source code for the exploit tool used for this rooting method is attached.
In addition, two common questions:
1. How do I unroot?
OK, so why are you so anxious to unroot just after rooting?
If you have used the current version of Saferoot to root your phone, then there's an unroot script installed to make this easy.
If you still have Saferoot unzipped, plug in your phone and use "unroot.bat" (Windows) or "unroot.sh" (Unix) to remove the changes that Saferoot made. Then, open SuperSU and instruct it to perform a "full unroot". After that, all changes that Saferoot have made to your device have been removed.
If you don't have the unroot.sh, then you can unroot manually as below.
There's two things you need to do to undo what this installer does. First, remove busybox. This will require adb shell or the use of Terminal Emulator to get a shell prompt. Execute the commands below at a shell prompt.
The "$" and "#" characters at the start of those lines are the system prompt. You don't type those.
Spacing, case, etc. matter. The letter after "type" in the "find" command is a lowercase L.
$ su
# mount -o remount,rw /system
# rm -f /system/etc/install-recovery-2.sh*
# rm -f /system/xbin/selinuxoff*
# find /system/xbin -type l | xargs rm
# rm /system/xbin/busybox
# mount -o remount,ro /system
# exit
$ exit
The easiest way to do this is to install the "Terminal Emulator" app from the Play Store. Or use "adb shell" to get a shell prompt.
You can cut and paste the following to make it easier.
su
mount -o remount,rw /system
rm -f /system/etc/install-recovery-2.sh*
rm -f /system/xbin/selinuxoff*
find /system/xbin -type l | xargs rm
rm /system/xbin/busybox
mount -o remount,ro /system
exit
exit
Click to expand...
Click to collapse
It's very likely that the "/system/xbin/selinuxoff" and "/system/etc/install-recovery-2.sh" files won't be there.
Now, open SuperSU and use "Settings", "Full unroot". When that's done, everything that this installer has done has been reverted.
If you've installed xposed framework or wanam, you should remove those and reboot BEFORE doing the SuperSU unroot. Also, if you've installed Safestrap you'll need to boot into SS recovery, delete the custom ROM slots, then uninstall Safestrap recovery. Or, uninstall the Safestrap application. If you forget to do these before doing the SuperSU unroot, you'll need to re-root to do those.
If you need adb to access your phone, there's a copy in the "files" directory included with the installer. You'll need to open a command prompt and use cd to change to the files directory before trying to use that adb.
2. How do I get rid of the "Custom" padlock open screen at boot?
You get that because you're running custom software. Samsung has an application that runs at boot to look for modified system files; this app detects that the phone has been modified and sets that flag.
If you really need to get rid of that, you can do the unroot in #1 above, then reboot. Wait about 10 minutes or so, then reboot again. If you haven't changed any other system files, the custom flag should have been reset.
If that doesn't fix it, flash the stock no-wipe ROMs from this forum. Those will undo whatever you've changed and allow the phone to reset the custom flag.
If you want to keep root while getting rid of that "Custom" flag, then you can fake it. Install xposed framework (google for it), enable it, then reboot.
Then install Wanam Xposed, and enable that module in xposed.
In Wanam, choose "Security Hacks", "Fake system status".
That will keep the "Custom" flag from appearing. This is a cosmetic fix, but it does get rid of the "Custom" screen.
Other devices?
There is really nothing specific to the I545 or MJ7 in this root tool. There's a good chance it'll work on anything currently running 4.3.
If you have success with other devices, please reply to let us know.
Im glad I could help and good work! Im sure this will work with MK2 too.
Sent from my SCH-I545 using XDA Premium 4 mobile app
Surge1223 said:
Im glad I could help and good work! Im sure this will work with MK2 too.
Sent from my SCH-I545 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Yup. I'd say that it's almost certain.
Script did not work for me. I think there is a problem with the script or the zip.
Suppose there is something actually malware-ish about vroot or kingoroot, would that be something that could be "undone" so to speak by unrooting? As in, I've already rooted via both of those other methods at different times. Should I unroot to stop whatever they "may" be doing and then try and root via your method? Or is there really no point now that I'm already rooted?
Oozura said:
Script did not work for me. I think there is a problem with the script or the zip.
Click to expand...
Click to collapse
Which of the two scripts? What error did you get?
I'll be happy to fix if you'll provide some details!
I can confirm this works on ME7 just in case anyone is wondering, Im pretty sure it can easily work on any build we have so far. Might require minor modification but for the most part, this is solid.
sharkie405 said:
Suppose there is something actually malware-ish about vroot or kingoroot, would that be something that could be "undone" so to speak by unrooting? As in, I've already rooted via both of those other methods at different times. Should I unroot to stop whatever they "may" be doing and then try and root via your method? Or is there really no point now that I'm already rooted?
Click to expand...
Click to collapse
As far as lingering malware on the phone, the only thing you could do would be to flash a full-wipe factory image then root it when done.
I don't know if it's worth the hassle or no. If it was me, I'd be wiping, but I put the effort in to make this happen since I couldn't accept the closed-source risk with vroot.
sharkie405 said:
Suppose there is something actually malware-ish about vroot or kingoroot, would that be something that could be "undone" so to speak by unrooting? As in, I've already rooted via both of those other methods at different times. Should I unroot to stop whatever they "may" be doing and then try and root via your method? Or is there really no point now that I'm already rooted?
Click to expand...
Click to collapse
Sharkie, I'm new to S4, but I've been reading for decades & decades & saw a reference to a youtube video by Sgt tom (not sure of the name, but…) you can search for titles there relating to rooting S4, & it shows how you can install kingo root to obtain the exploit, do some stuff (don't recall, it may just be deleting that)… & installing Super SU in it's place or over that.
So do a little searching on root & s4 in youtube & invest some time… sorry, not sure if that was all meant for a diff version of the firmware; but it is worth looking into to use the kingo's exploit & then immediately replace it.
Don't know about the issue w/kingo is malware, or 'just' that it harvests your meid &/or other personal info, but there is a way to use it & replace it if you are OK with that approach…
Sorry I don't have specific references, but I just got into this since 'Grey Thursday' sale @ Staples, early start on Black Friday sales… hth,
oldwolf
First off... THANK YOU SO MUCH!
I did this method by putting it on my sd card... and it went through and told me to reboot. but upon reboot i have no custom splash screen and no su. i will try again tho.
I think I'm doing it wrong? Can someone help my dumb ass. Lol or I can just to adb. Either way haha.
Sent from my SCH-I545 using xda app-developers app
Craleb said:
I think I'm doing it wrong? Can someone help my dumb ass. Lol or I can just to adb. Either way haha.
Sent from my SCH-I545 using xda app-developers app
Click to expand...
Click to collapse
Try the adb method first then if you get a failure message try the install.sh method from terminal again. After the script is done type "su". See if that works
Sent from my SCH-I545 using XDA Premium 4 mobile app
Surge1223 said:
Try the adb method first then if you get a failure message try the install.sh method from terminal again. After the script is done type "su". See if that works
Sent from my SCH-I545 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
I am having the same results as the poster before you. I tried using adb method, and the prompt said adb couldn't be found.
Anybody want to confirm this works? I just updated to MK2 right now and want to try but would like another confirmation first.
Ugh I have adb setup and everything... but my freaking phone will not go into debug mode. Even after restart. I have debugging checked in dev options. It just "connected as an installer" then MTP
Sent from my SCH-I545 using xda app-developers app
Thanks for working on this. Copy of errors running script run in terminal emulator attached.
on MK2 and got the same output as Jiggity
Sent from my SCH-I545 using XDA Premium 4 mobile app