Intro:
I've put in a serious number of hours poking around my G925T that I've upgraded to the official G925TUVU2COH6 firmware, trying to get TWRP installed and working on our device. With help from @bigbiff, @_that, and several testers in this thread, we finally have something working solid for our device. Before continuing, please take a moment to read through the extremely-relevant warnings below:
I've put in a serious number of hours poking around my G925T that I've upgraded to the official G925TUVU2COH6 firmware, trying to get TWRP installed and working on our device. With help from @bigbiff, @_that, and several testers in this thread, we finally have something working solid for our device. Before continuing, please take a moment to read through the extremely-relevant warnings below:
WARNING: Intentionally modifying your System partition from TWRP recovery, without first flashing a custom kernel (kernel must have no "verify" mount parameter in fstab), will likely cause a soft-brick (boot-loop). Before flashing this (or any) custom recovery/kernel, it is advised that you know how to restore your phone back to OH6 stock using Odin.
Note: Flashing a custom kernel (while keeping a stock System/ROM) may cause your device to report a security threat. If you proceed without caution, the device will literally attempt to re-flash the stock OH6 kernel again. It is possible to freeze "Security Log Agent" (or uninstall it completely), and this should keep your device from reporting this problem. Other reports say that using "Smart Manager" might also report the security threat, and there are some options out there for replacing it with a patched version.
Rooted Phones: Do NOT allow "com.tmobile.pr.adapt" to obtain root permissions, EVER. This app might be something that T-Mobile uses to determine if your device has ever been rooted. I would recommend freezing/disabling this app.
Unlocked Phones: If you have unlocked your phone, you might run into problems with 5.1.1. There have been reports of phones stuck in a boot-loop when upgrading from 5.0.2 -> 5.1.1 when the phone has been unlocked or EFS/IMEI has been tampered with. Combine this with the new "FRP LOCK" (Factory Reset Protection) in 5.1.1, and you might find yourself with a complete brick with no warranty. This issue may or may not have anything to do with rooting or custom firmware.
WARNING: Flashing any custom firmware to your device will trip the KNOX Warranty Bit. At this time, this is irreversible, and might cause you problems when returning faulty devices to T-Mobile or Samsung. YMMV.
How-To-Install (The Short Version):
- Recognize that this will trip KNOX.
- Be sure you're actually already running the 5.1.1 (OH6) firmware. If you're on 5.0.2 (OCG, for example), this thread is not for you.
- Turn on "OEM unlocking" in Settings -> Developer options. This is the dreaded "FRP LOCK" that prohibits custom firmware from being flashed to the G925T/G920T (and maybe others) - it's something new in 5.1.1.
- Download and Odin-flash my v13 of TWRP 2.8.7.x.
- Download and Odin-flash (or TWRP-flash) my v1 build of the OH6 kernel. G920T users should use the appropriate G920T kernel for their device.
- (Optional): Download and TWRP-flash Chainfire's SuperSU v2.49 (.zip format).
- (Advice): Use Titanium Backup or some other app to freeze/disable/uninstall "SecurityLogAgent" (remove nagging about security) and "com.tmobile.pr.adapt" (remove nagging about root, helps with sleep, and may be used by T-Mobile to determine your rooted status).
- Enjoy TWRP + Root with an almost-completely-stock OH6 kernel/system!
Official TWRP for G925T:
It's official! Thanks to all of our hard work in this thread, plus a bunch of work getting things fine-tuned and finalized by @bigbiff, our device is now officially supported by TeamWin! Check out the official page here. Development will continue here on this thread until further notice, and I'll always be building the latest-and greatest from source and making it available in this thread (not to mention this is the go-to place to get the latest version of my kernel).
Downloads:
Here's the Odin-flashable OF6 kernel I've built:
Version 1 (6/25/15) - built from OF6 stock kernel source, no modifications
Version 2 (6/27/15) - built from OF6 stock kernel source, fixes boot-loop
Version 3 (6/28/15) - built from OF6 stock kernel source, fixes boot-loop and allows root
Version 4 (6/28/15) - built from OF6 stock kernel source, fixes boot-loop, allows root, and fixes Deep Sleep - also available as a TWRP-flashable .zip or Flashify .img
Here's the Odin-flashable OF8 kernel I've built:
Version 1 (8/10/15) - built from OF8 stock kernel source, fixes boot-loop, allows root, and fixes Deep Sleep - also available as a TWRP-flashable .zip or Flashify .img
Here's the Odin-flashable OH6 kernel I've built:
Version 1 (9/15/15) - built from OH6 stock kernel source, fixes boot-loop, allows root, and fixes Deep Sleep - also available as a TWRP-flashable .zip or Flashify .img
Here's the Odin-flashable TWRP recovery I've put together:
Version 13 (7/10/15) - also available as a Flashify .img
And, in case you need it, here's the stock OF8 recovery as an Odin-flashable:
OF8 Stock Recovery - No guarantees it won't trip KNOX (it shouldn't), but if you're needing this, you've probably already tripped KNOX. Sorry, I'm too lazy to package and upload a flashable OH6 stock kernel.
G920T users! I bring you a gift! I took the G920TUVU2DOH6 Samsung source, built it with the same modifications as I did the G925T kernel to allow modified System partitions (allows root w/o bootloop), and then stuck that into the G920T OH6 stock kernel provided by @icepuente (thanks!). Also, some additional thanks to @icepuente for testing it, too!
Version 1 (9/21/15) - FOR G920T - built from G920TUVU2DOH6 stock kernel source, fixes boot-loop, allows root, and fixes Deep Sleep - also available as a TWRP-flashable .zip or Flashify .img
Building this OH6 kernel from source:
- Setup your build environment for compiling Android.
- Download the latest NDK, unpack, etc., etc.
- Download the OH6 source code directly from Samsung.
- Update the Makefile's CROSS_COMPILE to use the NDK toolchain. Mine ended up looking like this: /home/aou/android/NDK/android-ndk-r10e/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin/aarch64-linux-android-
- make exynos7420-zerolte_tmo_defconfig
- For some reason, gcc treats CONFIG_ALWAYS_ENFORCE as always defined, and therefore the kernel will, of course, always enable SELinux: Enforcing. This makes it "impossible" to root Android 5.1.1. There is a workaround:
- rm -rf security/selinux
- svn export https://github.com/glewarne/S6-UniKernel/trunk/security/selinux security/selinux (snags a copy of their security/linux folder...)
- Go give the guys over at the UniKernel thread some "Thanks!" for making this workaround in their kernel, especially @AndreiLux - he was the one to author this change to their source that fixes this problem.
- Replace drivers/scsi/sd.c with Sujit Reddy Thumma's Deep Sleep fixed version, referenced in the UniKernel's source:
curl https://raw.githubusercontent.com/glewarne/S6-UniKernel/master/drivers/scsi/sd.c > drivers/scsi/sd.c- make -j#
- Go snag that juicy arch/arm64/boot/Image - This is your kernel zImage.
- Go download the official OH6 Odin package and extract the boot.img (kernel) from it.
- Unpack the official kernel using the mkbootimg_tools, available here, replace the kernel file in the unpacked boot.img, and then repack it into a boot.img again. This boot.img would need to be tarballed and md5summed to be Odin flashable.
- You'll want to remove the ,verify from both of these files in the ramdisk: fstab.samsungexynos7420 and fstab.samsungexynos7420.fwup
- At the bottom of default.prop, you'll want to add these two lines:
Code:ro.securestorage.support=false androidboot.selinux=0
Building TWRP from source:
- Setup your build environment for compiling Android.
- Download the latest NDK, unpack, etc., etc. Mine ended up in ~/android/NDK.
- Git clone the TWRP zerolte kernel source somewhere useful. Mine was cloned into ~/android/kernel:
git clone https://github.com/TeamWin/android_kernel_samsung_zerolte.git -b android-5.1 ~/android/kernel
The next several steps The next several steps are performed in & relative to this path.- Update the Makefile's CROSS_COMPILE to use the NDK toolchain. Mine ended up looking like this: /home/aou/android/NDK/android-ndk-r10e/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin/aarch64-linux-android- (to match my NDK path above - note I couldn't use the relative ~ path for /home/aou).
- make exynos7420-zerolte_defconfig (ignore warnings about 'jump')
- make -j# (replace # with number of CPU cores + 1)
- Note the location of the output kernel - you'll need it in a little bit. In my case, it would be ~/android/kernel/arch/arm64/boot/Image.
- Setup your Omnirom compile environment. Mine's in ~/android/omni. The next several steps are performed in & relative to this path.
- Git clone the TWRP zeroltetmo device source into device/samsung/zeroltetmo:
rm -rf device/samsung/zeroltetmo && git clone https://github.com/TeamWin/android_device_samsung_zeroltetmo.git -b android-5.1 device/samsung/zeroltetmo- For some reason, TWRP doesn't build too well with the Omnirom's version of busybox. Replace the whole external/busybox folder with that from cm-12.1 source:
rm -rf external/busybox && git clone https://github.com/CyanogenMod/android_external_busybox.git -b cm-12.1 external/busybox- Remember that kernel we built? Rename/copy it to replace device/samsung/zeroltetmo/kernAl. In my case:
cp ~/android/kernel/arch/arm64/boot/Image device/samsung/zeroltetmo/kernAl- At this time (7/10/15), we need to cherry-pick a change by Dees Troy from the TWRP Gerrit. This is the stuff about forcing Read-Only mode on first boot, which will help with some of the boot-loop stuff (if you still have a stock kernel). You can grab the changes fairly easily using:
cd bootable/recovery && git fetch https://gerrit.omnirom.org/android_bootable_recovery refs/changes/15/14015/3 && git cherry-pick FETCH_HEAD && cd ../..- Since we're using Omnirom source and we're going to use lunch later, we need to create device/samsung/zeroltetmo/vendorsetup.sh. We can do that like this:
echo add_lunch_combo omni_zeroltetmo-eng > device/samsung/zeroltetmo/vendorsetup.sh- Do a . build/envsetup.sh (note the space between the period and "build" - was important for my environment).
- lunch for omni_zeroltetmo-eng
- make -j# recoveryimage (again, number of CPU cores +1)
- Take that precious out/target/product/zeroltetmo/recovery.img and tarball/md5sum it to be Odin flashable.
- Flash away!
Notes about accidentally causing a boot-loop:
The OF6/OF8/OH6 kernel, out-of-the-box, checks the hash/signature of your system partition. Modifying your system partition in any way (without flashing a custom kernel that does not perform this check) will cause your device to boot-loop.
Additionally, if you decide to use TWRP to mount your System partition read-write (despite warnings), upon exiting TWRP properly, it will make some changes to your system partition for you (namely, renames /system/recovery-from-boot.p to /system/recovery-from-boot.bak to prevent some systems from re-writing over your custom recovery). This would cause the boot-loop.
You obviously have some options to avoid causing a bootloop!
Option 1a: Flash my v4 kernel above. It does not have the hash/signature checks, plus it sets SELinux to permissive (allowing root!). You'll still need to root the device manually by flashing Chainfire's SuperSU.
Option 1b: Flash a different custom kernel that does not have these checks. The S6 UniKernel seems to work fine, for example.
Option 2: Don't modify your System partition, and don't let TWRP exit properly while you have the "read-only" checkbox unchecked (in the Mount screen).
Recovering from a boot-loop:
Something go wrong? Skip a step? No big deal. To get our device back in working order, you have a couple options:
Option 1: Flash the official OH6 firmware via Odin again. In my experience, the package DOES NOT wipe your data or sdcard partitions, so it really isn't that big of a deal to do. It just takes downloading a monster-size file, and the foreknowledge on how to flash it. But, caveat, don't blame me if something goes wrong with restoring the stock firmware!
Option 2: See Options 1a & 1b in the first list above. By flashing a custom kernel that doesn't have the hash/signature checks included, it should fix the boot-loop.
Last edited: