[ROOT] Saferoot: Root for VRUEMJ7, MK2, and Android 4.3

Search This thread

k1mu

Senior Member
Apr 11, 2011
1,945
1,620
Virginia
Disclaimer: rooting your phone entails risk. You may brick it, cause it to catch fire, cause it to form the first node in the Skynet network, or otherwise render it inoperable. Please read the directions carefully to ensure that nothing unexpected happens. This rooting tool is as safe as I can make it, but there's never any guarantees.

After a very helpful suggestion from Surge1223, I managed to take an existing root exploit for the Xperia and modify it to work on 4.3 with SELinux enforcing. This installs su, SuperSU, and the necessary support files to enable the root.

This rooting process should work with a wide range of Android devices, particularly those running Linux Kernel before 3.5.5 (which most Android 4.3 ROMs use.) It 's known to work for may GS4 variants and is harmless if it fails to work (no "Warranty Void" flags get set.)

Again, using this WILL NOT set the "Knox Warranty Void" flag.

For a video showing the steps to root, see Tomsgt's awesome work here.
There's another video from owenbeals here.

A hint to people having problems using this:

If you use XDA to e-mail me a question, SET YOUR XDA ACCOUNT UP TO ACCEPT MAIL.
If you are set up to refuse mail, then your question will be ignored. Actually, you shouldn't e-mail me. PM or post here.

Step 1 - setting up the USB drivers
Before you try using this rooting program, you'll need to have the USB drivers installed for your phone.

The easiest way to do this is to install Samsung Kies. If Kies sees your phone, you're OK for the drivers.
If you don't have the drivers working, the root installer will hang at "waiting for device..."

Step 2 - Enable USB Debugging
The second thing you must do is to enable USB debugging on your phone. Go to "Settings", "More...", then "Developer Options".
If "Developer Options" doesn't appear, then you'll need to enable it - go to "Settings", "More", "About Phone". Scroll down so the "Build Number" is visible, then tap on that several times until developer mode is enabled.

In Developer Options, make sure "USB Debugging" is checkmarked.

Step 3 - Enable USB ADB Access
Make sure that your computer is allowed to use USB debugging on your phone. To do this, unplug your phone and unlock it. Then, plug in the USB cable.
If you see an "Alllow USB debugging?" window pop up, tap on the "Always allow from this computer" to check it, then tap OK.
If you don't see that popup, it's OK, you should be OK to proceed.

That's it for the phone.

Step 4 - Unzip the saferoot.zip
Then you need to unpack the attached ZIP file somewhere onto your PC.
You should have the following when done:
- a file called "install.bat"
- a file called "install.sh"
- a folder called "files"

Step 5 - Root your phone
Double click on the "install.bat" to run the root. It will root and reboot your phone. Once that's done, you're rooted!

The first thing that the install script will ask you is whether or not to install Busybox. Busybox is a program that provides a fairly extensive set of Linux shell utilities that a Unix user would expect to see. If you're not going to be using the shell (terminal emulator or adb shell) then you may not want to install Busybox. You may, however, find that some root-required utilities assume that Busybox is installed.

If SuperSU asks you to update the su binary, choose the "Normal" method.
If SuperSU asks you about disabling Knox, allow it.

This exploit will NOT set the Knox Warranty Void flag. It will set the "Custom" flag, but that's nothing to worry about.

While you're running this, you'll need to keep the phone awake and watch both the computer running the rooting script and your phone.
You shouldn't unplug the phone unless you're prompted by the rooting script. Leave it connected until it's done.

Rooting on Linux and MacOS
The saferoot script has a copy of adb for MacOS and for Linux included.

To run this root, download and unzip the zip file. Open a shell window, use "cd" to change to the directory where you unpacked the zip, and type "sh ./install.sh". The OS will be detected automatically and the root should run basically as described above.

If the embedded adb fails, you'll need to have the Android Debugging Bridge (adb) installed and configured and on your path. You can test that it's ready by opening a shell (Terminal) window and typing "adb shell". If you get a shell prompt on the phone, type "exit" and you're ready to go.

Notes
Don't try to download this onto your phone and run it from there. That won't work, at least for the i545 (i.e. running it from the Terminal Emulator app will fail.)

Having troubles getting adb connected? There are several possible causes and solutions.

There are cases where people can't get the connection working unless they toggle the USB connection type from Camera to Media and back. Perhaps that may help getting it to work. Toggling the "Enable USB Debugging" apparently helps in some cases as well.

Others report that using these Samsung USB drivers resolve connectivity issues. Of course, these drivers are for Samsung phones. Install the right stuff for your phone.

Important - please read
If you fail to read this, you will be taunted.

1. You can't install custom recovery and custom ROMs on a phone with a locked bootloader. This rooting program does not unlock your bootloader and won't allow you to flash custom on a locked device. However, NOTHING allows flashing a custom recovery on a bootloader locked phone at the moment. See Safestrap for a way to install some custom ROMs.
2. Resetting the "Custom" and open padlock indication during boot can be worked around using the Xposed Framwork and Wanam Xposed. Get those two from the Play Store. In Wanam, tick "Security Hacks", "Fake System Status".
3. If Saferoot fails with the messages
"Your kernel is patched!
This device is not supported."
That means that your device's Linux kernel has been updated to keep Saferoot from working. Unless you can downgrade to an older kernel, you can't use Saferoot.


Reported Successes
Here's a list of phones and reported builds where this has been verified to work.
  • AT&T Galaxy Note 2 (SGH-I317), Android 4.3
  • AT&T Galaxy S3 (SGH-i747), MJB
  • AT&T Galaxy S4 (SGH-i337) MK2,MK6
  • AT&T Galaxy S4 zoom
  • Bell Mobility i337,MK6
  • Canadian Galaxy S4 SGH-I337M
  • Digicel (Jamaica) i9500, MK1
  • d2vzw s3 with the 4.3 update
  • Galaxy NX Camera, JDQ39
  • Galaxy Legend SCH-I200,MK2
  • Galaxy Note 2 GT-N7100, MK9
  • Galaxy Note 2 N7105 4.3
  • GT-I9192, MK4 (ML2 does not work)
  • Google Glass, (XRT73B), XR14
  • i605
  • International Galaxy S4, I9505: MH6, MH8, MJ5, MKE, MKF
  • I9500: MJ8, MK1
  • Kindle Fire HD
  • LG Optimus F3 - T-Mobile
  • LG Escape -P870 - ATT
  • MK4 Build Date 13.11.2013
  • Razr HD 9.30.1 OTA
  • Razr M 98.18.94,98.30.1
  • Samsung Exhilarate SGH-I577, Android 4.0.4, Build LH3
  • Samsung GT-I9192, UBUBMK4
  • Samsung Galaxy Tab 2 GT-P5513
  • Samsung Galaxy S4 Mini LTE (GT-I9195), MJ7
  • Samsung i547, Android 4.1.2
  • Sprint Galaxy S3 (SPH-L710), MK5
  • Sprint Galaxy S4 Mini SPH-L520
  • Sprint Galaxy S4 SPH-L720,MK2 (NA2 does NOT work)
  • Sprint Galaxy S4 (SPH-L720T), MK5
  • T-Mobile Galaxy S4 SGH-M919 JFLTETMO, MK2
  • T-Mobile Galaxy Note 2 SGH-T889, MK7
  • Telcel (Mexico) SGH-i337M, MK6
  • Telus Note 2 SGH-I317M
  • Verizon Galaxy Note 2 Android 4.3
  • Verizon Galaxy S3 I9300 - LF2
  • Verizon Galaxy S3 SCH-I535
  • Verizon Galaxy S3 Mini, SM-G730V, MI9
  • Verizon Galaxy S4 (SCH-i545) ME7,MJ7,MK2
  • Verizon Galaxy S4 (SCH-i545L) MG6, MK4
  • Verizon Galaxy S4 Mini SCH-I435, MK5
  • Verizon Galaxy S4 Developer Edition, I1545OYUAMDK
  • Verizon HTC One
  • Verizon SCH-I200PP, MK2
  • xt907, xt925/6 & mb866

Edits:
12/12/13: This version of the zip file includes the adb.exe so you don't need to install ADB just for this.
I've also changed it so you shouldn't have to unzip to any special place.
12/13/13: I've swapped out Superuser for SuperSU. This version also installs busybox for you once the phone finishes rebooting.
12/14/13: Fixed install of busybox. Install SuperSU as Chainfire wants it: called Superuser.apk, installed into /system/app.
12/14/13: Move "Look at your phone and give permission" message to the top of the script.
12/15/13: Update source distribution to correspond to updates.
12/16/13: Rename to saferoot as it's not just for MJ7.
12/17/13: Update to fix "text file busy" errors
12/18/13: Correct the "text file busy" fix. Force su binary to be setuid root so root checkers will work.
12/18/13: Add more help in the "install.bat" for people having troubles getting adb working
12/18/13: Ensure the folder setup is right when starting install.bat
12/18/13: Give users time to allow su permissions
12/21/13: Disable SEAndroid before rooting
12/22/13: Install selinuxoff to set SELinux to Permissive mode at boot
12/23/13: Fix permission on selinuxoff binary, update SuperSU install and clean up rooting program
12/30/13: Remove selinuxoff program - it doesn't do anything. Updates to the install scripts.
1/6/14: Hard code kernel addresses for ATT Galaxy S4 so it takes less time to root.
1/6/14: Try to work around Knox deleting the su binary
1/10/14: Clear immutable bit on existing programs to allow them to be updated
1/12/14: Update to current SuperSU binary
1/13/14: Updates suggested by @bgmg
1/16/14: Correct typo in Linux/OSX installer
1/21/14: Really correct the typo. Add OS detection to install.sh so it can run on OSX or Linux without installing adb.
1/21/14: Update to current SuperSU
2/4/14: Detect when the phone is not rooted and don't continue the rest of the operations.
3/29/14: Install 'unroot' script and add unroot.bat/unroot.sh to allow simple removal of Saferoot changes.
4/4/14: Fix problem with unroot not running
4/30/14: Clearer error messages on root fail, allow user to choose installation of busybox
5/14/14: Fix typo in Unix install script, more text on why it failed.
5/24/14: Fix install.sh portability issue with double equals on test.
 

Attachments

  • saferoot.zip
    3.1 MB · Views: 508,652
Last edited:

k1mu

Senior Member
Apr 11, 2011
1,945
1,620
Virginia
Source code, Unrooting, and the Custom Flag

The source code for the exploit tool used for this rooting method is attached.

In addition, two common questions:

1. How do I unroot?

OK, so why are you so anxious to unroot just after rooting? :)

If you have used the current version of Saferoot to root your phone, then there's an unroot script installed to make this easy.
If you still have Saferoot unzipped, plug in your phone and use "unroot.bat" (Windows) or "unroot.sh" (Unix) to remove the changes that Saferoot made. Then, open SuperSU and instruct it to perform a "full unroot". After that, all changes that Saferoot have made to your device have been removed.

If you don't have the unroot.sh, then you can unroot manually as below.
There's two things you need to do to undo what this installer does. First, remove busybox. This will require adb shell or the use of Terminal Emulator to get a shell prompt. Execute the commands below at a shell prompt.
The "$" and "#" characters at the start of those lines are the system prompt. You don't type those.
Spacing, case, etc. matter. The letter after "type" in the "find" command is a lowercase L.

$ su
# mount -o remount,rw /system
# rm -f /system/etc/install-recovery-2.sh*
# rm -f /system/xbin/selinuxoff*
# find /system/xbin -type l | xargs rm
# rm /system/xbin/busybox
# mount -o remount,ro /system
# exit
$ exit

The easiest way to do this is to install the "Terminal Emulator" app from the Play Store. Or use "adb shell" to get a shell prompt.

You can cut and paste the following to make it easier.
su
mount -o remount,rw /system
rm -f /system/etc/install-recovery-2.sh*
rm -f /system/xbin/selinuxoff*
find /system/xbin -type l | xargs rm
rm /system/xbin/busybox
mount -o remount,ro /system
exit
exit
It's very likely that the "/system/xbin/selinuxoff" and "/system/etc/install-recovery-2.sh" files won't be there.

Now, open SuperSU and use "Settings", "Full unroot". When that's done, everything that this installer has done has been reverted.
If you've installed xposed framework or wanam, you should remove those and reboot BEFORE doing the SuperSU unroot. Also, if you've installed Safestrap you'll need to boot into SS recovery, delete the custom ROM slots, then uninstall Safestrap recovery. Or, uninstall the Safestrap application. If you forget to do these before doing the SuperSU unroot, you'll need to re-root to do those.

If you need adb to access your phone, there's a copy in the "files" directory included with the installer. You'll need to open a command prompt and use cd to change to the files directory before trying to use that adb.

2. How do I get rid of the "Custom" padlock open screen at boot?

You get that because you're running custom software. Samsung has an application that runs at boot to look for modified system files; this app detects that the phone has been modified and sets that flag.

If you really need to get rid of that, you can do the unroot in #1 above, then reboot. Wait about 10 minutes or so, then reboot again. If you haven't changed any other system files, the custom flag should have been reset.

If that doesn't fix it, flash the stock no-wipe ROMs from this forum. Those will undo whatever you've changed and allow the phone to reset the custom flag.

If you want to keep root while getting rid of that "Custom" flag, then you can fake it. Install xposed framework (google for it), enable it, then reboot.
Then install Wanam Xposed, and enable that module in xposed.
In Wanam, choose "Security Hacks", "Fake system status".
That will keep the "Custom" flag from appearing. This is a cosmetic fix, but it does get rid of the "Custom" screen.
 

Attachments

  • saferoot-source.zip
    8.5 KB · Views: 25,979
Last edited:

sharkie405

Senior Member
Dec 22, 2008
2,822
1,937
the depths
Suppose there is something actually malware-ish about vroot or kingoroot, would that be something that could be "undone" so to speak by unrooting? As in, I've already rooted via both of those other methods at different times. Should I unroot to stop whatever they "may" be doing and then try and root via your method? Or is there really no point now that I'm already rooted?
 
  • Like
Reactions: helboy618

Surge1223

Recognized Contributor
Nov 6, 2012
2,622
7,466
Florida
Google Pixel 6 Pro
I can confirm this works on ME7 just in case anyone is wondering, Im pretty sure it can easily work on any build we have so far. Might require minor modification but for the most part, this is solid.
 
  • Like
Reactions: Bait-Fish

k1mu

Senior Member
Apr 11, 2011
1,945
1,620
Virginia
Suppose there is something actually malware-ish about vroot or kingoroot, would that be something that could be "undone" so to speak by unrooting? As in, I've already rooted via both of those other methods at different times. Should I unroot to stop whatever they "may" be doing and then try and root via your method? Or is there really no point now that I'm already rooted?

As far as lingering malware on the phone, the only thing you could do would be to flash a full-wipe factory image then root it when done.
I don't know if it's worth the hassle or no. If it was me, I'd be wiping, but I put the effort in to make this happen since I couldn't accept the closed-source risk with vroot.
 

oldwolf613

Senior Member
Jun 12, 2011
177
22
Brooklyn, NY
Suppose there is something actually malware-ish about vroot or kingoroot, would that be something that could be "undone" so to speak by unrooting? As in, I've already rooted via both of those other methods at different times. Should I unroot to stop whatever they "may" be doing and then try and root via your method? Or is there really no point now that I'm already rooted?

Sharkie, I'm new to S4, but I've been reading for decades & decades & saw a reference to a youtube video by Sgt tom (not sure of the name, but…) you can search for titles there relating to rooting S4, & it shows how you can install kingo root to obtain the exploit, do some stuff (don't recall, it may just be deleting that)… & installing Super SU in it's place or over that.

So do a little searching on root & s4 in youtube & invest some time… sorry, not sure if that was all meant for a diff version of the firmware; but it is worth looking into to use the kingo's exploit & then immediately replace it.

Don't know about the issue w/kingo is malware, or 'just' that it harvests your meid &/or other personal info, but there is a way to use it & replace it if you are OK with that approach…

Sorry I don't have specific references, but I just got into this since 'Grey Thursday' sale @ Staples, early start on Black Friday sales… hth,

oldwolf
 
  • Like
Reactions: sharkie405

Craleb

Senior Member
Mar 2, 2009
705
202
Huntsville
First off... THANK YOU SO MUCH!

I did this method by putting it on my sd card... and it went through and told me to reboot. but upon reboot i have no custom splash screen and no su. i will try again tho.
 

Craleb

Senior Member
Mar 2, 2009
705
202
Huntsville
I think I'm doing it wrong? Can someone help my dumb ass. Lol or I can just to adb. Either way haha.

Sent from my SCH-I545 using xda app-developers app
 

Attachments

  • uploadfromtaptalk1386814616785.jpg
    uploadfromtaptalk1386814616785.jpg
    189.1 KB · Views: 4,885

Surge1223

Recognized Contributor
Nov 6, 2012
2,622
7,466
Florida
Google Pixel 6 Pro
I think I'm doing it wrong? Can someone help my dumb ass. Lol or I can just to adb. Either way haha.

Sent from my SCH-I545 using xda app-developers app

Try the adb method first then if you get a failure message try the install.sh method from terminal again. After the script is done type "su". See if that works

Sent from my SCH-I545 using XDA Premium 4 mobile app
 

Cdubzz20

Member
Sep 22, 2011
21
0
Try the adb method first then if you get a failure message try the install.sh method from terminal again. After the script is done type "su". See if that works

Sent from my SCH-I545 using XDA Premium 4 mobile app

I am having the same results as the poster before you. I tried using adb method, and the prompt said adb couldn't be found.
 

fivedezs

Member
Nov 21, 2012
34
1
Anybody want to confirm this works? I just updated to MK2 right now and want to try but would like another confirmation first.
 

Craleb

Senior Member
Mar 2, 2009
705
202
Huntsville
Ugh I have adb setup and everything... but my freaking phone will not go into debug mode. Even after restart. I have debugging checked in dev options. It just "connected as an installer" then MTP

Sent from my SCH-I545 using xda app-developers app
 

Jiggity Janx

Senior Member
Feb 19, 2010
1,397
286
Thanks for working on this. Copy of errors running script run in terminal emulator attached.
 

Attachments

  • rootmj7script.txt
    975 bytes · Views: 742

Top Liked Posts

  • There are no posts matching your filters.
  • 573
    Disclaimer: rooting your phone entails risk. You may brick it, cause it to catch fire, cause it to form the first node in the Skynet network, or otherwise render it inoperable. Please read the directions carefully to ensure that nothing unexpected happens. This rooting tool is as safe as I can make it, but there's never any guarantees.

    After a very helpful suggestion from Surge1223, I managed to take an existing root exploit for the Xperia and modify it to work on 4.3 with SELinux enforcing. This installs su, SuperSU, and the necessary support files to enable the root.

    This rooting process should work with a wide range of Android devices, particularly those running Linux Kernel before 3.5.5 (which most Android 4.3 ROMs use.) It 's known to work for may GS4 variants and is harmless if it fails to work (no "Warranty Void" flags get set.)

    Again, using this WILL NOT set the "Knox Warranty Void" flag.

    For a video showing the steps to root, see Tomsgt's awesome work here.
    There's another video from owenbeals here.

    A hint to people having problems using this:

    If you use XDA to e-mail me a question, SET YOUR XDA ACCOUNT UP TO ACCEPT MAIL.
    If you are set up to refuse mail, then your question will be ignored. Actually, you shouldn't e-mail me. PM or post here.

    Step 1 - setting up the USB drivers
    Before you try using this rooting program, you'll need to have the USB drivers installed for your phone.

    The easiest way to do this is to install Samsung Kies. If Kies sees your phone, you're OK for the drivers.
    If you don't have the drivers working, the root installer will hang at "waiting for device..."

    Step 2 - Enable USB Debugging
    The second thing you must do is to enable USB debugging on your phone. Go to "Settings", "More...", then "Developer Options".
    If "Developer Options" doesn't appear, then you'll need to enable it - go to "Settings", "More", "About Phone". Scroll down so the "Build Number" is visible, then tap on that several times until developer mode is enabled.

    In Developer Options, make sure "USB Debugging" is checkmarked.

    Step 3 - Enable USB ADB Access
    Make sure that your computer is allowed to use USB debugging on your phone. To do this, unplug your phone and unlock it. Then, plug in the USB cable.
    If you see an "Alllow USB debugging?" window pop up, tap on the "Always allow from this computer" to check it, then tap OK.
    If you don't see that popup, it's OK, you should be OK to proceed.

    That's it for the phone.

    Step 4 - Unzip the saferoot.zip
    Then you need to unpack the attached ZIP file somewhere onto your PC.
    You should have the following when done:
    - a file called "install.bat"
    - a file called "install.sh"
    - a folder called "files"

    Step 5 - Root your phone
    Double click on the "install.bat" to run the root. It will root and reboot your phone. Once that's done, you're rooted!

    The first thing that the install script will ask you is whether or not to install Busybox. Busybox is a program that provides a fairly extensive set of Linux shell utilities that a Unix user would expect to see. If you're not going to be using the shell (terminal emulator or adb shell) then you may not want to install Busybox. You may, however, find that some root-required utilities assume that Busybox is installed.

    If SuperSU asks you to update the su binary, choose the "Normal" method.
    If SuperSU asks you about disabling Knox, allow it.

    This exploit will NOT set the Knox Warranty Void flag. It will set the "Custom" flag, but that's nothing to worry about.

    While you're running this, you'll need to keep the phone awake and watch both the computer running the rooting script and your phone.
    You shouldn't unplug the phone unless you're prompted by the rooting script. Leave it connected until it's done.

    Rooting on Linux and MacOS
    The saferoot script has a copy of adb for MacOS and for Linux included.

    To run this root, download and unzip the zip file. Open a shell window, use "cd" to change to the directory where you unpacked the zip, and type "sh ./install.sh". The OS will be detected automatically and the root should run basically as described above.

    If the embedded adb fails, you'll need to have the Android Debugging Bridge (adb) installed and configured and on your path. You can test that it's ready by opening a shell (Terminal) window and typing "adb shell". If you get a shell prompt on the phone, type "exit" and you're ready to go.

    Notes
    Don't try to download this onto your phone and run it from there. That won't work, at least for the i545 (i.e. running it from the Terminal Emulator app will fail.)

    Having troubles getting adb connected? There are several possible causes and solutions.

    There are cases where people can't get the connection working unless they toggle the USB connection type from Camera to Media and back. Perhaps that may help getting it to work. Toggling the "Enable USB Debugging" apparently helps in some cases as well.

    Others report that using these Samsung USB drivers resolve connectivity issues. Of course, these drivers are for Samsung phones. Install the right stuff for your phone.

    Important - please read
    If you fail to read this, you will be taunted.

    1. You can't install custom recovery and custom ROMs on a phone with a locked bootloader. This rooting program does not unlock your bootloader and won't allow you to flash custom on a locked device. However, NOTHING allows flashing a custom recovery on a bootloader locked phone at the moment. See Safestrap for a way to install some custom ROMs.
    2. Resetting the "Custom" and open padlock indication during boot can be worked around using the Xposed Framwork and Wanam Xposed. Get those two from the Play Store. In Wanam, tick "Security Hacks", "Fake System Status".
    3. If Saferoot fails with the messages
    "Your kernel is patched!
    This device is not supported."
    That means that your device's Linux kernel has been updated to keep Saferoot from working. Unless you can downgrade to an older kernel, you can't use Saferoot.


    Reported Successes
    Here's a list of phones and reported builds where this has been verified to work.
    • AT&T Galaxy Note 2 (SGH-I317), Android 4.3
    • AT&T Galaxy S3 (SGH-i747), MJB
    • AT&T Galaxy S4 (SGH-i337) MK2,MK6
    • AT&T Galaxy S4 zoom
    • Bell Mobility i337,MK6
    • Canadian Galaxy S4 SGH-I337M
    • Digicel (Jamaica) i9500, MK1
    • d2vzw s3 with the 4.3 update
    • Galaxy NX Camera, JDQ39
    • Galaxy Legend SCH-I200,MK2
    • Galaxy Note 2 GT-N7100, MK9
    • Galaxy Note 2 N7105 4.3
    • GT-I9192, MK4 (ML2 does not work)
    • Google Glass, (XRT73B), XR14
    • i605
    • International Galaxy S4, I9505: MH6, MH8, MJ5, MKE, MKF
    • I9500: MJ8, MK1
    • Kindle Fire HD
    • LG Optimus F3 - T-Mobile
    • LG Escape -P870 - ATT
    • MK4 Build Date 13.11.2013
    • Razr HD 9.30.1 OTA
    • Razr M 98.18.94,98.30.1
    • Samsung Exhilarate SGH-I577, Android 4.0.4, Build LH3
    • Samsung GT-I9192, UBUBMK4
    • Samsung Galaxy Tab 2 GT-P5513
    • Samsung Galaxy S4 Mini LTE (GT-I9195), MJ7
    • Samsung i547, Android 4.1.2
    • Sprint Galaxy S3 (SPH-L710), MK5
    • Sprint Galaxy S4 Mini SPH-L520
    • Sprint Galaxy S4 SPH-L720,MK2 (NA2 does NOT work)
    • Sprint Galaxy S4 (SPH-L720T), MK5
    • T-Mobile Galaxy S4 SGH-M919 JFLTETMO, MK2
    • T-Mobile Galaxy Note 2 SGH-T889, MK7
    • Telcel (Mexico) SGH-i337M, MK6
    • Telus Note 2 SGH-I317M
    • Verizon Galaxy Note 2 Android 4.3
    • Verizon Galaxy S3 I9300 - LF2
    • Verizon Galaxy S3 SCH-I535
    • Verizon Galaxy S3 Mini, SM-G730V, MI9
    • Verizon Galaxy S4 (SCH-i545) ME7,MJ7,MK2
    • Verizon Galaxy S4 (SCH-i545L) MG6, MK4
    • Verizon Galaxy S4 Mini SCH-I435, MK5
    • Verizon Galaxy S4 Developer Edition, I1545OYUAMDK
    • Verizon HTC One
    • Verizon SCH-I200PP, MK2
    • xt907, xt925/6 & mb866

    Edits:
    12/12/13: This version of the zip file includes the adb.exe so you don't need to install ADB just for this.
    I've also changed it so you shouldn't have to unzip to any special place.
    12/13/13: I've swapped out Superuser for SuperSU. This version also installs busybox for you once the phone finishes rebooting.
    12/14/13: Fixed install of busybox. Install SuperSU as Chainfire wants it: called Superuser.apk, installed into /system/app.
    12/14/13: Move "Look at your phone and give permission" message to the top of the script.
    12/15/13: Update source distribution to correspond to updates.
    12/16/13: Rename to saferoot as it's not just for MJ7.
    12/17/13: Update to fix "text file busy" errors
    12/18/13: Correct the "text file busy" fix. Force su binary to be setuid root so root checkers will work.
    12/18/13: Add more help in the "install.bat" for people having troubles getting adb working
    12/18/13: Ensure the folder setup is right when starting install.bat
    12/18/13: Give users time to allow su permissions
    12/21/13: Disable SEAndroid before rooting
    12/22/13: Install selinuxoff to set SELinux to Permissive mode at boot
    12/23/13: Fix permission on selinuxoff binary, update SuperSU install and clean up rooting program
    12/30/13: Remove selinuxoff program - it doesn't do anything. Updates to the install scripts.
    1/6/14: Hard code kernel addresses for ATT Galaxy S4 so it takes less time to root.
    1/6/14: Try to work around Knox deleting the su binary
    1/10/14: Clear immutable bit on existing programs to allow them to be updated
    1/12/14: Update to current SuperSU binary
    1/13/14: Updates suggested by @bgmg
    1/16/14: Correct typo in Linux/OSX installer
    1/21/14: Really correct the typo. Add OS detection to install.sh so it can run on OSX or Linux without installing adb.
    1/21/14: Update to current SuperSU
    2/4/14: Detect when the phone is not rooted and don't continue the rest of the operations.
    3/29/14: Install 'unroot' script and add unroot.bat/unroot.sh to allow simple removal of Saferoot changes.
    4/4/14: Fix problem with unroot not running
    4/30/14: Clearer error messages on root fail, allow user to choose installation of busybox
    5/14/14: Fix typo in Unix install script, more text on why it failed.
    5/24/14: Fix install.sh portability issue with double equals on test.
    64
    Source code, Unrooting, and the Custom Flag

    The source code for the exploit tool used for this rooting method is attached.

    In addition, two common questions:

    1. How do I unroot?

    OK, so why are you so anxious to unroot just after rooting? :)

    If you have used the current version of Saferoot to root your phone, then there's an unroot script installed to make this easy.
    If you still have Saferoot unzipped, plug in your phone and use "unroot.bat" (Windows) or "unroot.sh" (Unix) to remove the changes that Saferoot made. Then, open SuperSU and instruct it to perform a "full unroot". After that, all changes that Saferoot have made to your device have been removed.

    If you don't have the unroot.sh, then you can unroot manually as below.
    There's two things you need to do to undo what this installer does. First, remove busybox. This will require adb shell or the use of Terminal Emulator to get a shell prompt. Execute the commands below at a shell prompt.
    The "$" and "#" characters at the start of those lines are the system prompt. You don't type those.
    Spacing, case, etc. matter. The letter after "type" in the "find" command is a lowercase L.

    $ su
    # mount -o remount,rw /system
    # rm -f /system/etc/install-recovery-2.sh*
    # rm -f /system/xbin/selinuxoff*
    # find /system/xbin -type l | xargs rm
    # rm /system/xbin/busybox
    # mount -o remount,ro /system
    # exit
    $ exit

    The easiest way to do this is to install the "Terminal Emulator" app from the Play Store. Or use "adb shell" to get a shell prompt.

    You can cut and paste the following to make it easier.
    su
    mount -o remount,rw /system
    rm -f /system/etc/install-recovery-2.sh*
    rm -f /system/xbin/selinuxoff*
    find /system/xbin -type l | xargs rm
    rm /system/xbin/busybox
    mount -o remount,ro /system
    exit
    exit
    It's very likely that the "/system/xbin/selinuxoff" and "/system/etc/install-recovery-2.sh" files won't be there.

    Now, open SuperSU and use "Settings", "Full unroot". When that's done, everything that this installer has done has been reverted.
    If you've installed xposed framework or wanam, you should remove those and reboot BEFORE doing the SuperSU unroot. Also, if you've installed Safestrap you'll need to boot into SS recovery, delete the custom ROM slots, then uninstall Safestrap recovery. Or, uninstall the Safestrap application. If you forget to do these before doing the SuperSU unroot, you'll need to re-root to do those.

    If you need adb to access your phone, there's a copy in the "files" directory included with the installer. You'll need to open a command prompt and use cd to change to the files directory before trying to use that adb.

    2. How do I get rid of the "Custom" padlock open screen at boot?

    You get that because you're running custom software. Samsung has an application that runs at boot to look for modified system files; this app detects that the phone has been modified and sets that flag.

    If you really need to get rid of that, you can do the unroot in #1 above, then reboot. Wait about 10 minutes or so, then reboot again. If you haven't changed any other system files, the custom flag should have been reset.

    If that doesn't fix it, flash the stock no-wipe ROMs from this forum. Those will undo whatever you've changed and allow the phone to reset the custom flag.

    If you want to keep root while getting rid of that "Custom" flag, then you can fake it. Install xposed framework (google for it), enable it, then reboot.
    Then install Wanam Xposed, and enable that module in xposed.
    In Wanam, choose "Security Hacks", "Fake system status".
    That will keep the "Custom" flag from appearing. This is a cosmetic fix, but it does get rid of the "Custom" screen.
    24
    Other devices?

    There is really nothing specific to the I545 or MJ7 in this root tool. There's a good chance it'll work on anything currently running 4.3.
    If you have success with other devices, please reply to let us know.
    17
    Im glad I could help and good work! Im sure this will work with MK2 too.

    Sent from my SCH-I545 using XDA Premium 4 mobile app
    9
    Im glad I could help and good work! Im sure this will work with MK2 too.

    Sent from my SCH-I545 using XDA Premium 4 mobile app

    Yup. I'd say that it's almost certain.