Post Reply

[ROOT] Saferoot: Root for VRUEMJ7, MK2, and Android 4.3

12th December 2013, 12:27 AM   |  #1  
k1mu's Avatar
OP Recognized Contributor
Flag Virginia
Thanks Meter: 1,552
 
1,910 posts
Join Date:Joined: Apr 2011
Donate to Me
More
Disclaimer: rooting your phone entails risk. You may brick it, cause it to catch fire, cause it to form the first node in the Skynet network, or otherwise render it inoperable. Please read the directions carefully to ensure that nothing unexpected happens. This rooting tool is as safe as I can make it, but there's never any guarantees.

After a very helpful suggestion from Surge1223, I managed to take an existing root exploit for the Xperia and modify it to work on 4.3 with SELinux enforcing. This installs su, SuperSU, and the necessary support files to enable the root.

This rooting process should work with a wide range of Android devices, particularly those running Linux Kernel before 3.5.5 (which most Android 4.3 ROMs use.) It 's known to work for may GS4 variants and is harmless if it fails to work (no "Warranty Void" flags get set.)

Again, using this WILL NOT set the "Knox Warranty Void" flag.

For a video showing the steps to root, see Tomsgt's awesome work here.
There's another video from owenbeals here.

A hint to people having problems using this:

If you use XDA to e-mail me a question, SET YOUR XDA ACCOUNT UP TO ACCEPT MAIL.
If you are set up to refuse mail, then your question will be ignored. Actually, you shouldn't e-mail me. PM or post here.

Step 1 - setting up the USB drivers
Before you try using this rooting program, you'll need to have the USB drivers installed for your phone.

The easiest way to do this is to install Samsung Kies. If Kies sees your phone, you're OK for the drivers.
If you don't have the drivers working, the root installer will hang at "waiting for device..."

Step 2 - Enable USB Debugging
The second thing you must do is to enable USB debugging on your phone. Go to "Settings", "More...", then "Developer Options".
If "Developer Options" doesn't appear, then you'll need to enable it - go to "Settings", "More", "About Phone". Scroll down so the "Build Number" is visible, then tap on that several times until developer mode is enabled.

In Developer Options, make sure "USB Debugging" is checkmarked.

Step 3 - Enable USB ADB Access
Make sure that your computer is allowed to use USB debugging on your phone. To do this, unplug your phone and unlock it. Then, plug in the USB cable.
If you see an "Alllow USB debugging?" window pop up, tap on the "Always allow from this computer" to check it, then tap OK.
If you don't see that popup, it's OK, you should be OK to proceed.

That's it for the phone.

Step 4 - Unzip the saferoot.zip
Then you need to unpack the attached ZIP file somewhere onto your PC.
You should have the following when done:
- a file called "install.bat"
- a file called "install.sh"
- a folder called "files"

Step 5 - Root your phone
Double click on the "install.bat" to run the root. It will root and reboot your phone. Once that's done, you're rooted!

The first thing that the install script will ask you is whether or not to install Busybox. Busybox is a program that provides a fairly extensive set of Linux shell utilities that a Unix user would expect to see. If you're not going to be using the shell (terminal emulator or adb shell) then you may not want to install Busybox. You may, however, find that some root-required utilities assume that Busybox is installed.

If SuperSU asks you to update the su binary, choose the "Normal" method.
If SuperSU asks you about disabling Knox, allow it.

This exploit will NOT set the Knox Warranty Void flag. It will set the "Custom" flag, but that's nothing to worry about.

While you're running this, you'll need to keep the phone awake and watch both the computer running the rooting script and your phone.
You shouldn't unplug the phone unless you're prompted by the rooting script. Leave it connected until it's done.

Rooting on Linux and MacOS
The saferoot script has a copy of adb for MacOS and for Linux included.

To run this root, download and unzip the zip file. Open a shell window, use "cd" to change to the directory where you unpacked the zip, and type "sh ./install.sh". The OS will be detected automatically and the root should run basically as described above.

If the embedded adb fails, you'll need to have the Android Debugging Bridge (adb) installed and configured and on your path. You can test that it's ready by opening a shell (Terminal) window and typing "adb shell". If you get a shell prompt on the phone, type "exit" and you're ready to go.

Notes
Don't try to download this onto your phone and run it from there. That won't work, at least for the i545 (i.e. running it from the Terminal Emulator app will fail.)

Having troubles getting adb connected? There are several possible causes and solutions.

There are cases where people can't get the connection working unless they toggle the USB connection type from Camera to Media and back. Perhaps that may help getting it to work. Toggling the "Enable USB Debugging" apparently helps in some cases as well.

Others report that using these Samsung USB drivers resolve connectivity issues. Of course, these drivers are for Samsung phones. Install the right stuff for your phone.

Important - please read
If you fail to read this, you will be taunted.

1. You can't install custom recovery and custom ROMs on a phone with a locked bootloader. This rooting program does not unlock your bootloader and won't allow you to flash custom on a locked device. However, NOTHING allows flashing a custom recovery on a bootloader locked phone at the moment. See Safestrap for a way to install some custom ROMs.
2. Resetting the "Custom" and open padlock indication during boot can be worked around using the Xposed Framwork and Wanam Xposed. Get those two from the Play Store. In Wanam, tick "Security Hacks", "Fake System Status".
3. If Saferoot fails with the messages
"Your kernel is patched!
This device is not supported."
That means that your device's Linux kernel has been updated to keep Saferoot from working. Unless you can downgrade to an older kernel, you can't use Saferoot.


Reported Successes
Here's a list of phones and reported builds where this has been verified to work.
  • AT&T Galaxy Note 2 (SGH-I317), Android 4.3
  • AT&T Galaxy S3 (SGH-i747), MJB
  • AT&T Galaxy S4 (SGH-i337) MK2,MK6
  • AT&T Galaxy S4 zoom
  • Bell Mobility i337,MK6
  • Canadian Galaxy S4 SGH-I337M
  • Digicel (Jamaica) i9500, MK1
  • d2vzw s3 with the 4.3 update
  • Galaxy NX Camera, JDQ39
  • Galaxy Legend SCH-I200,MK2
  • Galaxy Note 2 GT-N7100, MK9
  • Galaxy Note 2 N7105 4.3
  • GT-I9192, MK4 (ML2 does not work)
  • Google Glass, (XRT73B), XR14
  • i605
  • International Galaxy S4, I9505: MH6, MH8, MJ5, MKE, MKF
  • I9500: MJ8, MK1
  • Kindle Fire HD
  • LG Optimus F3 - T-Mobile
  • LG Escape -P870 - ATT
  • MK4 Build Date 13.11.2013
  • Razr HD 9.30.1 OTA
  • Razr M 98.18.94,98.30.1
  • Samsung Exhilarate SGH-I577, Android 4.0.4, Build LH3
  • Samsung GT-I9192, UBUBMK4
  • Samsung Galaxy Tab 2 GT-P5513
  • Samsung Galaxy S4 Mini LTE (GT-I9195), MJ7
  • Samsung i547, Android 4.1.2
  • Sprint Galaxy S3 (SPH-L710), MK5
  • Sprint Galaxy S4 Mini SPH-L520
  • Sprint Galaxy S4 SPH-L720,MK2 (NA2 does NOT work)
  • Sprint Galaxy S4 (SPH-L720T), MK5
  • T-Mobile Galaxy S4 SGH-M919 JFLTETMO, MK2
  • T-Mobile Galaxy Note 2 SGH-T889, MK7
  • Telcel (Mexico) SGH-i337M, MK6
  • Telus Note 2 SGH-I317M
  • Verizon Galaxy Note 2 Android 4.3
  • Verizon Galaxy S3 I9300 - LF2
  • Verizon Galaxy S3 SCH-I535
  • Verizon Galaxy S3 Mini, SM-G730V, MI9
  • Verizon Galaxy S4 (SCH-i545) ME7,MJ7,MK2
  • Verizon Galaxy S4 (SCH-i545L) MG6, MK4
  • Verizon Galaxy S4 Mini SCH-I435, MK5
  • Verizon Galaxy S4 Developer Edition, I1545OYUAMDK
  • Verizon HTC One
  • Verizon SCH-I200PP, MK2
  • xt907, xt925/6 & mb866

Edits:
12/12/13: This version of the zip file includes the adb.exe so you don't need to install ADB just for this.
I've also changed it so you shouldn't have to unzip to any special place.
12/13/13: I've swapped out Superuser for SuperSU. This version also installs busybox for you once the phone finishes rebooting.
12/14/13: Fixed install of busybox. Install SuperSU as Chainfire wants it: called Superuser.apk, installed into /system/app.
12/14/13: Move "Look at your phone and give permission" message to the top of the script.
12/15/13: Update source distribution to correspond to updates.
12/16/13: Rename to saferoot as it's not just for MJ7.
12/17/13: Update to fix "text file busy" errors
12/18/13: Correct the "text file busy" fix. Force su binary to be setuid root so root checkers will work.
12/18/13: Add more help in the "install.bat" for people having troubles getting adb working
12/18/13: Ensure the folder setup is right when starting install.bat
12/18/13: Give users time to allow su permissions
12/21/13: Disable SEAndroid before rooting
12/22/13: Install selinuxoff to set SELinux to Permissive mode at boot
12/23/13: Fix permission on selinuxoff binary, update SuperSU install and clean up rooting program
12/30/13: Remove selinuxoff program - it doesn't do anything. Updates to the install scripts.
1/6/14: Hard code kernel addresses for ATT Galaxy S4 so it takes less time to root.
1/6/14: Try to work around Knox deleting the su binary
1/10/14: Clear immutable bit on existing programs to allow them to be updated
1/12/14: Update to current SuperSU binary
1/13/14: Updates suggested by @bgmg
1/16/14: Correct typo in Linux/OSX installer
1/21/14: Really correct the typo. Add OS detection to install.sh so it can run on OSX or Linux without installing adb.
1/21/14: Update to current SuperSU
2/4/14: Detect when the phone is not rooted and don't continue the rest of the operations.
3/29/14: Install 'unroot' script and add unroot.bat/unroot.sh to allow simple removal of Saferoot changes.
4/4/14: Fix problem with unroot not running
4/30/14: Clearer error messages on root fail, allow user to choose installation of busybox
5/14/14: Fix typo in Unix install script, more text on why it failed.
5/24/14: Fix install.sh portability issue with double equals on test.
Attached Files
File Type: zip saferoot.zip - [Click for QR Code] (3.09 MB, 130997 views)
Last edited by k1mu; 11th June 2014 at 06:43 PM.
The Following 545 Users Say Thank You to k1mu For This Useful Post: [ View ]
12th December 2013, 12:28 AM   |  #2  
k1mu's Avatar
OP Recognized Contributor
Flag Virginia
Thanks Meter: 1,552
 
1,910 posts
Join Date:Joined: Apr 2011
Donate to Me
More
Source code, Unrooting, and the Custom Flag
The source code for the exploit tool used for this rooting method is attached.

In addition, two common questions:

1. How do I unroot?

OK, so why are you so anxious to unroot just after rooting?

If you have used the current version of Saferoot to root your phone, then there's an unroot script installed to make this easy.
If you still have Saferoot unzipped, plug in your phone and use "unroot.bat" (Windows) or "unroot.sh" (Unix) to remove the changes that Saferoot made. Then, open SuperSU and instruct it to perform a "full unroot". After that, all changes that Saferoot have made to your device have been removed.

If you don't have the unroot.sh, then you can unroot manually as below.
There's two things you need to do to undo what this installer does. First, remove busybox. This will require adb shell or the use of Terminal Emulator to get a shell prompt. Execute the commands below at a shell prompt.
The "$" and "#" characters at the start of those lines are the system prompt. You don't type those.
Spacing, case, etc. matter. The letter after "type" in the "find" command is a lowercase L.

$ su
# mount -o remount,rw /system
# rm -f /system/etc/install-recovery-2.sh*
# rm -f /system/xbin/selinuxoff*
# find /system/xbin -type l | xargs rm
# rm /system/xbin/busybox
# mount -o remount,ro /system
# exit
$ exit

The easiest way to do this is to install the "Terminal Emulator" app from the Play Store. Or use "adb shell" to get a shell prompt.

You can cut and paste the following to make it easier.
Quote:

su
mount -o remount,rw /system
rm -f /system/etc/install-recovery-2.sh*
rm -f /system/xbin/selinuxoff*
find /system/xbin -type l | xargs rm
rm /system/xbin/busybox
mount -o remount,ro /system
exit
exit

It's very likely that the "/system/xbin/selinuxoff" and "/system/etc/install-recovery-2.sh" files won't be there.

Now, open SuperSU and use "Settings", "Full unroot". When that's done, everything that this installer has done has been reverted.
If you've installed xposed framework or wanam, you should remove those and reboot BEFORE doing the SuperSU unroot. Also, if you've installed Safestrap you'll need to boot into SS recovery, delete the custom ROM slots, then uninstall Safestrap recovery. Or, uninstall the Safestrap application. If you forget to do these before doing the SuperSU unroot, you'll need to re-root to do those.

If you need adb to access your phone, there's a copy in the "files" directory included with the installer. You'll need to open a command prompt and use cd to change to the files directory before trying to use that adb.

2. How do I get rid of the "Custom" padlock open screen at boot?

You get that because you're running custom software. Samsung has an application that runs at boot to look for modified system files; this app detects that the phone has been modified and sets that flag.

If you really need to get rid of that, you can do the unroot in #1 above, then reboot. Wait about 10 minutes or so, then reboot again. If you haven't changed any other system files, the custom flag should have been reset.

If that doesn't fix it, flash the stock no-wipe ROMs from this forum. Those will undo whatever you've changed and allow the phone to reset the custom flag.

If you want to keep root while getting rid of that "Custom" flag, then you can fake it. Install xposed framework (google for it), enable it, then reboot.
Then install Wanam Xposed, and enable that module in xposed.
In Wanam, choose "Security Hacks", "Fake system status".
That will keep the "Custom" flag from appearing. This is a cosmetic fix, but it does get rid of the "Custom" screen.
Attached Files
File Type: zip saferoot-source.zip - [Click for QR Code] (8.5 KB, 7179 views)
Last edited by k1mu; 29th March 2014 at 06:13 PM. Reason: Added unroot script
The Following 54 Users Say Thank You to k1mu For This Useful Post: [ View ]
12th December 2013, 12:30 AM   |  #3  
k1mu's Avatar
OP Recognized Contributor
Flag Virginia
Thanks Meter: 1,552
 
1,910 posts
Join Date:Joined: Apr 2011
Donate to Me
More
Other devices?
There is really nothing specific to the I545 or MJ7 in this root tool. There's a good chance it'll work on anything currently running 4.3.
If you have success with other devices, please reply to let us know.
The Following 22 Users Say Thank You to k1mu For This Useful Post: [ View ]
12th December 2013, 12:38 AM   |  #4  
Surge1223's Avatar
Recognized Contributor
Flag Iowa
Thanks Meter: 3,835
 
1,716 posts
Join Date:Joined: Nov 2012
Donate to Me
More
Im glad I could help and good work! Im sure this will work with MK2 too.

Sent from my SCH-I545 using XDA Premium 4 mobile app
The Following 17 Users Say Thank You to Surge1223 For This Useful Post: [ View ]
12th December 2013, 12:41 AM   |  #5  
k1mu's Avatar
OP Recognized Contributor
Flag Virginia
Thanks Meter: 1,552
 
1,910 posts
Join Date:Joined: Apr 2011
Donate to Me
More
Quote:
Originally Posted by Surge1223

Im glad I could help and good work! Im sure this will work with MK2 too.

Sent from my SCH-I545 using XDA Premium 4 mobile app

Yup. I'd say that it's almost certain.
The Following 9 Users Say Thank You to k1mu For This Useful Post: [ View ]
12th December 2013, 01:09 AM   |  #6  
Senior Member
Thanks Meter: 20
 
160 posts
Join Date:Joined: May 2010
Script did not work for me. I think there is a problem with the script or the zip.
The Following User Says Thank You to Oozura For This Useful Post: [ View ]
12th December 2013, 01:15 AM   |  #7  
sharkie405's Avatar
Senior Member
Flag Waynesville, NC
Thanks Meter: 468
 
1,287 posts
Join Date:Joined: Dec 2008
More
Suppose there is something actually malware-ish about vroot or kingoroot, would that be something that could be "undone" so to speak by unrooting? As in, I've already rooted via both of those other methods at different times. Should I unroot to stop whatever they "may" be doing and then try and root via your method? Or is there really no point now that I'm already rooted?
The Following User Says Thank You to sharkie405 For This Useful Post: [ View ]
12th December 2013, 01:30 AM   |  #8  
k1mu's Avatar
OP Recognized Contributor
Flag Virginia
Thanks Meter: 1,552
 
1,910 posts
Join Date:Joined: Apr 2011
Donate to Me
More
Quote:
Originally Posted by Oozura

Script did not work for me. I think there is a problem with the script or the zip.

Which of the two scripts? What error did you get?
I'll be happy to fix if you'll provide some details!
The Following 3 Users Say Thank You to k1mu For This Useful Post: [ View ]
12th December 2013, 01:39 AM   |  #9  
Surge1223's Avatar
Recognized Contributor
Flag Iowa
Thanks Meter: 3,835
 
1,716 posts
Join Date:Joined: Nov 2012
Donate to Me
More
I can confirm this works on ME7 just in case anyone is wondering, Im pretty sure it can easily work on any build we have so far. Might require minor modification but for the most part, this is solid.
The Following User Says Thank You to Surge1223 For This Useful Post: [ View ]
12th December 2013, 01:47 AM   |  #10  
k1mu's Avatar
OP Recognized Contributor
Flag Virginia
Thanks Meter: 1,552
 
1,910 posts
Join Date:Joined: Apr 2011
Donate to Me
More
Quote:
Originally Posted by sharkie405

Suppose there is something actually malware-ish about vroot or kingoroot, would that be something that could be "undone" so to speak by unrooting? As in, I've already rooted via both of those other methods at different times. Should I unroot to stop whatever they "may" be doing and then try and root via your method? Or is there really no point now that I'm already rooted?

As far as lingering malware on the phone, the only thing you could do would be to flash a full-wipe factory image then root it when done.
I don't know if it's worth the hassle or no. If it was me, I'd be wiping, but I put the effort in to make this happen since I couldn't accept the closed-source risk with vroot.

The Following 4 Users Say Thank You to k1mu For This Useful Post: [ View ]
Post Reply Subscribe to Thread

Tags
4.3, mj7, root
Previous Thread Next Thread
Thread Tools
Display Modes


Top Threads in Verizon Samsung Galaxy S 4 Android Development by ThreadRank