After a very helpful suggestion from Surge1223, I managed to take an existing root exploit for the Xperia and modify it to work on 4.3 with SELinux enforcing. This installs su, SuperSU, and the necessary support files to enable the root.
This rooting process should work with a wide range of Android devices, particularly those running Linux Kernel before 3.5.5 (which most Android 4.3 ROMs use.) It 's known to work for may GS4 variants and is harmless if it fails to work (no "Warranty Void" flags get set.)
Again, using this WILL NOT set the "Knox Warranty Void" flag.
For a video showing the steps to root, see Tomsgt's awesome work here.
There's another video from owenbeals here.
A hint to people having problems using this:
If you use XDA to e-mail me a question, SET YOUR XDA ACCOUNT UP TO ACCEPT MAIL.
If you are set up to refuse mail, then your question will be ignored. Actually, you shouldn't e-mail me. PM or post here.
Step 1 - setting up the USB drivers
Before you try using this rooting program, you'll need to have the USB drivers installed for your phone.
The easiest way to do this is to install Samsung Kies. If Kies sees your phone, you're OK for the drivers.
If you don't have the drivers working, the root installer will hang at "waiting for device..."
Step 2 - Enable USB Debugging
The second thing you must do is to enable USB debugging on your phone. Go to "Settings", "More...", then "Developer Options".
If "Developer Options" doesn't appear, then you'll need to enable it - go to "Settings", "More", "About Phone". Scroll down so the "Build Number" is visible, then tap on that several times until developer mode is enabled.
In Developer Options, make sure "USB Debugging" is checkmarked.
Step 3 - Enable USB ADB Access
Make sure that your computer is allowed to use USB debugging on your phone. To do this, unplug your phone and unlock it. Then, plug in the USB cable.
If you see an "Alllow USB debugging?" window pop up, tap on the "Always allow from this computer" to check it, then tap OK.
If you don't see that popup, it's OK, you should be OK to proceed.
That's it for the phone.
Step 4 - Unzip the saferoot.zip
Then you need to unpack the attached ZIP file somewhere onto your PC.
You should have the following when done:
- a file called "install.bat"
- a file called "install.sh"
- a folder called "files"
Step 5 - Root your phone
Double click on the "install.bat" to run the root. It will root and reboot your phone. Once that's done, you're rooted!
The first thing that the install script will ask you is whether or not to install Busybox. Busybox is a program that provides a fairly extensive set of Linux shell utilities that a Unix user would expect to see. If you're not going to be using the shell (terminal emulator or adb shell) then you may not want to install Busybox. You may, however, find that some root-required utilities assume that Busybox is installed.
If SuperSU asks you to update the su binary, choose the "Normal" method.
If SuperSU asks you about disabling Knox, allow it.
This exploit will NOT set the Knox Warranty Void flag. It will set the "Custom" flag, but that's nothing to worry about.
While you're running this, you'll need to keep the phone awake and watch both the computer running the rooting script and your phone.
You shouldn't unplug the phone unless you're prompted by the rooting script. Leave it connected until it's done.
Rooting on Linux and MacOS
The saferoot script has a copy of adb for MacOS and for Linux included.
To run this root, download and unzip the zip file. Open a shell window, use "cd" to change to the directory where you unpacked the zip, and type "sh ./install.sh". The OS will be detected automatically and the root should run basically as described above.
If the embedded adb fails, you'll need to have the Android Debugging Bridge (adb) installed and configured and on your path. You can test that it's ready by opening a shell (Terminal) window and typing "adb shell". If you get a shell prompt on the phone, type "exit" and you're ready to go.
Don't try to download this onto your phone and run it from there. That won't work, at least for the i545 (i.e. running it from the Terminal Emulator app will fail.)
Having troubles getting adb connected? There are several possible causes and solutions.
There are cases where people can't get the connection working unless they toggle the USB connection type from Camera to Media and back. Perhaps that may help getting it to work. Toggling the "Enable USB Debugging" apparently helps in some cases as well.
Others report that using these Samsung USB drivers resolve connectivity issues. Of course, these drivers are for Samsung phones. Install the right stuff for your phone.
Important - please read
If you fail to read this, you will be taunted.
1. You can't install custom recovery and custom ROMs on a phone with a locked bootloader. This rooting program does not unlock your bootloader and won't allow you to flash custom on a locked device. However, NOTHING allows flashing a custom recovery on a bootloader locked phone at the moment. See Safestrap for a way to install some custom ROMs.
2. Resetting the "Custom" and open padlock indication during boot can be worked around using the Xposed Framwork and Wanam Xposed. Get those two from the Play Store. In Wanam, tick "Security Hacks", "Fake System Status".
3. If Saferoot fails with the messages
"Your kernel is patched!
This device is not supported."
That means that your device's Linux kernel has been updated to keep Saferoot from working. Unless you can downgrade to an older kernel, you can't use Saferoot.
Here's a list of phones and reported builds where this has been verified to work.
- AT&T Galaxy Note 2 (SGH-I317), Android 4.3
- AT&T Galaxy S3 (SGH-i747), MJB
- AT&T Galaxy S4 (SGH-i337) MK2,MK6
- AT&T Galaxy S4 zoom
- Bell Mobility i337,MK6
- Canadian Galaxy S4 SGH-I337M
- Digicel (Jamaica) i9500, MK1
- d2vzw s3 with the 4.3 update
- Galaxy NX Camera, JDQ39
- Galaxy Legend SCH-I200,MK2
- Galaxy Note 2 GT-N7100, MK9
- Galaxy Note 2 N7105 4.3
- GT-I9192, MK4 (ML2 does not work)
- Google Glass, (XRT73B), XR14
- International Galaxy S4, I9505: MH6, MH8, MJ5, MKE, MKF
- I9500: MJ8, MK1
- Kindle Fire HD
- LG Optimus F3 - T-Mobile
- LG Escape -P870 - ATT
- MK4 Build Date 13.11.2013
- Razr HD 9.30.1 OTA
- Razr M 98.18.94,98.30.1
- Samsung Exhilarate SGH-I577, Android 4.0.4, Build LH3
- Samsung GT-I9192, UBUBMK4
- Samsung Galaxy Tab 2 GT-P5513
- Samsung Galaxy S4 Mini LTE (GT-I9195), MJ7
- Samsung i547, Android 4.1.2
- Sprint Galaxy S3 (SPH-L710), MK5
- Sprint Galaxy S4 Mini SPH-L520
- Sprint Galaxy S4 SPH-L720,MK2 (NA2 does NOT work)
- Sprint Galaxy S4 (SPH-L720T), MK5
- T-Mobile Galaxy S4 SGH-M919 JFLTETMO, MK2
- T-Mobile Galaxy Note 2 SGH-T889, MK7
- Telcel (Mexico) SGH-i337M, MK6
- Telus Note 2 SGH-I317M
- Verizon Galaxy Note 2 Android 4.3
- Verizon Galaxy S3 I9300 - LF2
- Verizon Galaxy S3 SCH-I535
- Verizon Galaxy S3 Mini, SM-G730V, MI9
- Verizon Galaxy S4 (SCH-i545) ME7,MJ7,MK2
- Verizon Galaxy S4 (SCH-i545L) MG6, MK4
- Verizon Galaxy S4 Mini SCH-I435, MK5
- Verizon Galaxy S4 Developer Edition, I1545OYUAMDK
- Verizon HTC One
- Verizon SCH-I200PP, MK2
- xt907, xt925/6 & mb866
12/12/13: This version of the zip file includes the adb.exe so you don't need to install ADB just for this.
I've also changed it so you shouldn't have to unzip to any special place.
12/13/13: I've swapped out Superuser for SuperSU. This version also installs busybox for you once the phone finishes rebooting.
12/14/13: Fixed install of busybox. Install SuperSU as Chainfire wants it: called Superuser.apk, installed into /system/app.
12/14/13: Move "Look at your phone and give permission" message to the top of the script.
12/15/13: Update source distribution to correspond to updates.
12/16/13: Rename to saferoot as it's not just for MJ7.
12/17/13: Update to fix "text file busy" errors
12/18/13: Correct the "text file busy" fix. Force su binary to be setuid root so root checkers will work.
12/18/13: Add more help in the "install.bat" for people having troubles getting adb working
12/18/13: Ensure the folder setup is right when starting install.bat
12/18/13: Give users time to allow su permissions
12/21/13: Disable SEAndroid before rooting
12/22/13: Install selinuxoff to set SELinux to Permissive mode at boot
12/23/13: Fix permission on selinuxoff binary, update SuperSU install and clean up rooting program
12/30/13: Remove selinuxoff program - it doesn't do anything. Updates to the install scripts.
1/6/14: Hard code kernel addresses for ATT Galaxy S4 so it takes less time to root.
1/6/14: Try to work around Knox deleting the su binary
1/10/14: Clear immutable bit on existing programs to allow them to be updated
1/12/14: Update to current SuperSU binary
1/13/14: Updates suggested by @bgmg
1/16/14: Correct typo in Linux/OSX installer
1/21/14: Really correct the typo. Add OS detection to install.sh so it can run on OSX or Linux without installing adb.
1/21/14: Update to current SuperSU
2/4/14: Detect when the phone is not rooted and don't continue the rest of the operations.
3/29/14: Install 'unroot' script and add unroot.bat/unroot.sh to allow simple removal of Saferoot changes.
4/4/14: Fix problem with unroot not running
4/30/14: Clearer error messages on root fail, allow user to choose installation of busybox
5/14/14: Fix typo in Unix install script, more text on why it failed.
5/24/14: Fix install.sh portability issue with double equals on test.