[Guide][SM-T500/T505] Galaxy Tab A7 10.4 - Unlock Bootloader & Root with Magisk

Search This thread

theGhost31

Senior Member
Dec 3, 2014
83
6
Hi @DJBhardwaj

Any ideas if this method is still available on this device under Android 11?

(I guess we can't have anymore updates from OTA if we apply the tutorial ?)

Thank you

Regards
 
Last edited:
Aug 28, 2020
10
0
Got the same error. Only Official released binaries are allowed to be flashed (vbmeta)
Someone knows why!? I Tried to root 10 times. shows me always the same error. =(
 

adjalex

New member
May 11, 2010
2
0
Hi, just a quick tip and suggestion for people rooting Android 11: to get into recovery mode in step 7, you need to hold Power and Volume Down key for 7 seconds and then release the Power key and keep holding the Volume Down button as soon as you see the first screen appear.
Release Volume Down button when you are in Recovery Mode.
 

Moose84

Member
Jul 24, 2019
9
4
Hi.
First of all I want to say, excellent guide.

After reading about how people were having some trouble after rooting I jumped to step 7 immediately to simulate and learn how to enter the recovery mode again.
Now I have no idea what Samsung has been doing with the Android 11 update but I simply can't enter Recovery mode after updating my SM-T500 to Android 11. At least not the old fashioned way.

After a quick google search I found a video that sounded like absolute hogwash until I tried it. The only way to enter Recovery Mode is by having a USB cable connected to the Tablet + Vol up + Power key.
How bizarre is that? Is this happening to anyone else with the non-LTE (or even the LTE) version of the Tablet on Android 11?
 

lewmur

Senior Member
Apr 30, 2011
1,765
377
Hello, thank you for you guide!
Can I flash T505's firmware to T500? I checked on official website, they are basically the same except T505 have 4G support. I really want the OneUI 3.1 update.
If it was that simple, why hasn't Samsung released it for the T500? I've been flashing custom ROMs on Tab As for about 5 yrs and have NEVER seen a ROM that worked on both LTE and wifi only tablets.
 

spkuja

Member
Jun 27, 2008
6
1
www.glaciergaming.co.uk
Is anyone else having trouble getting into the recovery mode after flashing? Holding both the power and up buttons just reboots the tablet before it gets to recovery. The problem I'm having is the warning about the bootloader being unlocked requires me to press the power button to skip it, so holding up and power is just rebooting the tablet
 

Moose84

Member
Jul 24, 2019
9
4
The OneUI 3.1 update for the T500 is released in some parts of the world already. I received it last week in the EEA.

@spkuja
As for entering recovery mode after the update, connect a USB to your Tablet before attempting to enter recovery mode. This seems to be the new norm for entering recovery mode after Android 11.
 

Mogster2K

Senior Member
Jun 25, 2011
330
64
Hi.
First of all I want to say, excellent guide.

After reading about how people were having some trouble after rooting I jumped to step 7 immediately to simulate and learn how to enter the recovery mode again.
Now I have no idea what Samsung has been doing with the Android 11 update but I simply can't enter Recovery mode after updating my SM-T500 to Android 11. At least not the old fashioned way.

After a quick google search I found a video that sounded like absolute hogwash until I tried it. The only way to enter Recovery Mode is by having a USB cable connected to the Tablet + Vol up + Power key.
How bizarre is that? Is this happening to anyone else with the non-LTE (or even the LTE) version of the Tablet on Android 11?
The non-LTE version doesn't have Android 11 yet.
 

Moose84

Member
Jul 24, 2019
9
4
The non-LTE version doesn't have Android 11 yet.
Don't know what to tell you.

Untitled.jpg
 

lewmur

Senior Member
Apr 30, 2011
1,765
377
Don't know what to tell you.

View attachment 5313525
The CSC code for this in Frija.exe is EUX and it is downloading. But very slowly.

edit: Download succeeded and installed AP, BL and HOME via Odin. Even though I'm in the U.S., everything appears to be working OK. The only difference I know of are the wifi channels. I ran an analyzer app and both 2.4 and 5ghz channels seem to be working.
 
Last edited:

myxiplx

New member
Apr 7, 2021
4
0
Folks, I really need some help with this. I've followed these instructions and tried flashing this tablet 4-5 times now. Every single time it locks up on boot with a "Security Error", and I'm having to wait a full week between each attempt to clear the "KG STATUS : PRENORMAL".

I've worked through the entire guide, right up to the step where you factory erase the firmware and reboot. The problem is I can't get to the step after that where you open the Magisk app. Before I can get to that, the tablet is opening the welcome wizard, and at step 3, after selecting the language options the only choice is "reboot". If you reboot at that point, the tablet locks up with:

"Security Error: This device has been flashed with unauthorized software & is locked."

I've tried several times, and have even tried the workaround listed in post 140 which states to avoid the forced reboot by going back and entering the accessibility menu, but that simply changed the setup to prompting me to scan a QR code. Once it had gone into the QR setup I couldn't find any way to bypass or get past that step, and of course attempting to reboot locked the tablet again with the security error.

How the heck do you get to that final step to finish rooting this device? I need to understand how to boot to this point after the factory reset:

We're not done yet. After booting, you will need to open the Magisk app from the app drawer and follow the on-screen instructions to replace the Magisk stub with the actual full application, and further complete the required setup when prompted by Magisk app.

Once this is done, your Tab A7 should reboot one last time and should be rooted thereafter.
 

scarymoviesg

Senior Member
Aug 12, 2007
53
0
Hi guys, I rooted my A7 successfully. However, the only problem I have is that it always seem to run out of memory and has to soft reset itself everytime when I'm using it. Do you experience this?
 

fjunk

Senior Member
May 29, 2015
60
6
hello, thanks a lot for this tutorial.

I am running with Ubuntu. Did anyone root this tablet it using heimdall? Heimdall successfully detects the device but is excepting a firmware package and not a set of files to patch.

Regards.
 

jdegreef

Senior Member
Oct 24, 2013
520
165
Brussels
The CSC code for this in Frija.exe is EUX and it is downloading. But very slowly.

edit: Download succeeded and installed AP, BL and HOME via Odin. Even though I'm in the U.S., everything appears to be working OK. The only difference I know of are the wifi channels. I ran an analyzer app and both 2.4 and 5ghz channels seem to be working.
Hi,

Do you mean you used this method to root android 11 t500/t505 ?
 

lewmur

Senior Member
Apr 30, 2011
1,765
377
Hi,

Do you mean you used this method to root android 11 t500/t505 ?
No. I haven't attempted to root. The post is outdated. I merely used it to get Android 11 stock before it was released in the U.S. I'm waiting for a custom ROM before attempting to root.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 24
    I recently purchased the Galaxy Tab A7 10.4 (released in 2020) and couldn't help but notice that there's no dedicated thread in the forums for unlocking the bootloader or rooting (Although, the method should be very similar to what is followed for the Tab 10.1 (2019)).

    It's been quite some time since I published a tutorial on XDA. So, I decided to put up this comprehensive tutorial, hope it helps everyone who's looking for it. We will take the direct approach of rooting the tab by patching the AP firmware and flashing the patched AP through Odin.

    /* I will be using the same images I prepared for the tutorial to be posted on my blog. Sorry that they have been watermarked, that is to prevent scrapers from stealing. It took me enough time to capture them and do some post-processing. */

    Before we start, here's the obligatory disclaimer and warning:
    • Unlocking the bootloader will erase all the data on your tab, including all the data that's on the internal storage. So, make sure that you have taken a complete backup of all your important data.
    • Flashing a custom binary (such as Magisk patched TAR in this guide) will trip the KNOX counter. Your device's official warranty will be void once KNOX is tripped.
    • You will not be able to use apps and services like Secure Folder, Samsung Pass, and anything that relies on KNOX.
    • Although I have tried this on my Galaxy Tab A7 (SM-500) and can confirm that this works, I will not take any responsibility of any bricked/toasted devices. Make sure that you fully understand what you're doing and accept the consequences if anything goes wrong.
    • If you do land your tablet in trouble, feel free to ask, I shall try my best to help.

    Update log

    Updated on March 2, 2021
    1. Added more info about the warranty. It seems like some users are still not aware of how KNOX affects the warranty. If you're getting into software modifications such as rooting, I expect you to have some prior knowledge about such things.
    2. Redacted the part where you needed to change Magisk's update channel under Step #5. Not needed anymore as Magisk v21.x was released to the Stable channel in January 2021.
    3. Replaced all instances of "Magisk Manager" with "Magisk App". Starting with Magisk v22, Magisk Manager is gone and merged with the core Magisk. It's now called the "Magisk App".

    Requirements
    • Your Galaxy Tab A7 with SM-T500 or SM-T505 model number
    • A compatible USB-C cable
    • A Windows computer. (Odin only works on Windows. If you're using Linux or Mac, you could try Heimdall)

    Instructions

    Step 1: Enable OEM Unlocking
    In order to unlock the bootloader, you must first enable the 'OEM Unlocking' toggle. This toggle resides inside the 'Developer options' screen, which is hidden by default on most Android devices.

    First, enable 'Developer options' by going to 'Settings' > 'About tablet' > 'Software Information' and repeatedly tap on the 'Build number' section five times. If you have a lock screen security set, you will need to input your PIN/Password/Pattern when prompted.

    fyOjj9C.jpg

    Once you do this, you should see a toast notification on the bottom of the screen saying that "Developer mode has been enabled".

    DS2QcOM.jpg

    Once that is out of the way, go to 'Settings' > 'Developer options' and turn ON the toggle next to "OEM unlocking". You will instantly be prompted to enter your PIN/Password/Pattern, so do it. Then select "Enable" to allow OEM unlocking.
    • Note: If the OEM unlocking toggle is grayed out, make sure that you have connected the tablet to the internet first (via WiFi or mobile network, your choice).

    P1e7Kks.jpg

    Step 2: Unlock the Bootloader
    Start by powering off your tablet completely. Then while holding the Volume Up and Volume Down keys together, connect it to your computer using the USB cable. This should take you to the bootloader screen (I call it that because logically that's what directs you to either Download Mode or Device Unlock Mode). Long-press the Volume Up key to enter the 'Device unlock mode'.

    A6rzA41.jpg

    Your tab should now prompt you with a confirmation screen, so press the Volume Up key to confirm and unlock the bootloader.

    DfBMlQI.jpg

    Your Tab A7's bootloader is now unlocked and it should reboot automatically. You should also see a warning message right before the Samsung splash screen, just as shown in the picture below. Don't worry, it's completely normal. And no, there's no way to get rid of it (unless of course, you relock the bootloader).

    zvQahPn.jpg

    The first boot after unlocking the bootloader could take some time (took around 3-4 minutes for me). So be patient.

    Now that the bootloader is unlocked, let's verify it. Samsung introduced a new feature known as "VaultKeeper", which will automatically relock the bootloader if you do not perform this step.

    After your tab boots, connect it to the internet. Then enable the Developer options as shown in step #1 and go to 'Settings' > 'Developer options'. The OEM unlocking toggle should be greyed out and say that the bootloader is already unlocked. Again, refer to the picture below.

    a3UaBV8.jpg

    Step 3: Download the firmware package
    With the bootloader properly unlocked, you can begin with the rooting part. As I mentioned, we will be patching the AP firmware file via Magisk App, as instructed by John Wu in his installation guide on Github.

    So, you will need to download the firmware package for the software version that's currently installed on your tab. This is very important, do not use an older firmware, as it will result in issues. You could of course use a newer firmware, which will update your tab at the same time as rooting it.

    To verify your software version, you can go to 'Settings' > 'About tablet' > 'Software information' and check the "Build number". The latter half of the mentioned build number is your tab's software version, which in my case as shown in the picture below is: T500XXU1ATJ2. So, I will need to download the firmware package for "T500XXU1ATJ2" and in your case you should download the one corresponding to the info you see under 'Build number'.

    Where to download? You could use online FW databases like SamMobile, Samfrew, etc. However, I would recommend using Frija or Samloader as they allow you to download the firmware directly from Samsung's Firmware Update Servers and without any speed caps. If you're operating on Windows, use Frija. On macOS/Linux, use Samloader.

    Step 4: Extract the AP firmware and transfer it to your Tab A7
    Once you have the ZIP package downloaded, you will need to extract it to get The extracted folder should contain the individual firmware files like BL, AP, CP (only for SM-T505 LTE variant), and CSC/HOME_CSC (in .tar.md5 file format).

    fwaedIp.jpg

    The file you'll require is the AP firmware, which in my case is "AP_T500XXU1ATJ2_CL19362637_QB34980135_REV00_user_low_ship_MULTI_CERT_meta_RKEY_OS10.tar.md5". Again, in your case, the filename would be a bit different, but it should follow the same structure.

    After extracting the AP firmware, connect your tab to the computer, enable File Transfer (MTP) mode on it, and copy over the AP firmware to your tab's internal storage. Copy it to the root directory, that is, outside all the folders as shown below. The location of the file doesn't matter, you can copy it anywhere, but I prefer this for easier access.

    LqSc4mN.jpg

    Step 5: Patch the AP firmware using Magisk App
    Now's the time to patch the AP firmware. To do this, download the latest version of the Magisk app from the official Github releases page to your Tab A7. This will be an APK file. Once downloaded, install the APK file using your choice of file manager.

    Warning about unofficial sources of Magisk: Magisk does not have any officially registered domain. If you Google for it, you will probably come across multiple websites that have the word "Magisk" in their domain URL. They are there to deceive the users, and often misinform users, especially those who are new to the scene.
    John Wu, as well as XDA have previously warned the users from falling into these deceptive websites. The only official place to get Magisk is from Github.

    You do not need to change Magisk's update channel to Beta anymore. Starting January 12, Magisk v21.x was pushed to the stable channel (default).

    After installing, go to the app drawer and launch the Magisk Manager app. Before you start patching, you would want to change Magisk Manager's update channel to Public Beta. This is because Magisk's latest version (i.e. v21.0) is only available on the beta channel and hasn't been pushed to the stable channel yet (at least at the time of publishing this tutorial).
    To do this, press the settings icon on the top-right, tap on "Update channel" and select "Beta". Then go back to the app's main screen. It should refresh and show you the latest version as v21.0.


    Press the "Install" button and then "Select and Patch a File" from the list of available methods. This should open the file selector, so navigate to the internal storage and select the AP firmware you transferred during the previous step.

    T1gvi0A.jpg

    Once the file is selected, hit "LET'S GO" to start the patching process. This should take a minute or so because the AP firmware is quite a heavy file. Once it is done, the patched AP firmware with the filename "magisk_patched_xxxxx.tar" (where "xxxxx" is an arbitrary code) should be stored inside the "Download" folder of your tab's internal storage.

    94P21Zb.jpg

    Step 6: Flash the Patched AP Firmware using Odin
    The last step is to flash the patched AP firmware to your Galaxy Tab A7 and root it. For this, connect your tab to the computer over USB and copy the "magisk_patched.tar" file from the Download folder. Paste this patched AP firmware inside the firmware folder that was extracted during step #5, along with the rest of the firmware files (BL, CSC, etc). Disconnect it from the PC after transferring the file.

    fbir5NI.jpg

    Now, boot your Tab A7 into Download Mode. Power it off, and connect it to the computer over USB while holding the Volume Up and Volume Down keys together. This should bring up the bootloader screen. Simply tap the Volume Up key once to enter Download Mode. Here's what the Download Mode on the Tab A7 looks like.

    EZMsBVJ.jpg

    Next, download Odin v3.14.1 from this XDA thread (NOT the patched version, but the regular one) and extract the contents of the downloaded ZIP package. Then launch Odin on your computer by double-clicking the "Odin3 v3.14.1.exe" executable and click "Ok" when prompted. You should see the Odin interface on your computer screen now.

    lpAaacO.jpg

    Odin should automatically recognize your tab in Download Mode and display the COM ID on the top-left.

    Click the 'Options' tab and uncheck the 'Auto Reboot' option. This will prevent the tablet from being automatically restarted after the flash is complete.

    Now, load the firmware files in the respective slots of Odin.
    • The BL firmware file (BL_T500/5XXXXXXX_xxxxxxxxxxx.tar.md5) goes to the "BL" slot
    • The CP firmware file (CP_T505XXXXXX_xxxxxxxxxxx.tar.md5) goes to the "CP" slot. Note that the CP firmware only applies to the Tab A7 LTE variant with the SM-T505 model number.
    • The HOME_CSC firmware file (HOME_CSC_OMC_ODM_T500/5XXXXXXX_xxxxxxxxx.tar.md5) goes to the "CSC" slot. We will not be using the regular CSC, as it will erase all the data. If you want to do that, feel free to use it.
    • And finally, the patched AP firmware file (magisk_patched.tar) goes to the "AP" slot.
    Once the files are loaded in their respective slots, hit the "Start" button to flash them to your tab.
    • Note: While you could get away with just flashing the patched AP firmware alone, John recommends NOT doing it. Always flash the patched AP along with the rest of the firmware files like BL, CSC, etc.

    Wait for the flash to finish. Once it is, you should see the 'PASS!' message in Odin. Like so:

    VNhOwVj.jpg

    You can now close the Odin window and disconnect your tab from the computer.

    Step 7: Perform a Factory Reset
    Once the flash is complete, you will need to manually boot your tablet into the stock recovery mode and do a factory reset. This is only mandatory during the initial rooting process, which is exactly what we are doing here.

    To do this, hold the Volume Down and Power keys together for about 7 seconds. As soon as the screen turns off, release the Volume Down key and quickly hold the Volume Up key, while still holding the Power key. Keep holding the keys until you see the stock recovery screen.

    You should now see the stock recovery screen with some device information in yellow color at the top. Like so:

    BGLUiVu.jpg


    Use the Volume keys to move the selector to 'Wipe data/factory reset' and hit the Power key to confirm the selection.

    You will now see a confirmation prompt on the screen. Select 'Factory Data Reset' to confirm and finally perform a factory reset.

    ybcSiEf.jpg


    Once done, select the 'Reboot system now' option from the recovery's main menu. Your Tab A7 should now reboot may be more than once, so be patient.

    We're not done yet. After booting, you will need to open the Magisk app from the app drawer and follow the on-screen instructions to replace the Magisk stub with the actual full application, and further complete the required setup when prompted by Magisk app.

    Once this is done, your Tab A7 should reboot one last time and should be rooted thereafter.

    Your Tab is Rooted!
    You may now go ahead and start using root applications, install some modules, etc. Since v20.4, Magisk Hide has been disabled by default on new installations in light of the new hardware-backed SafetyNet attestation. So, to use banking/security, or any other sort of apps that may detect root, you will need to turn ON Magisk Hide from within the Magisk App settings.

    9f85hgh.jpg

    Before you leave, there are a few key things you should note:
    • Unlike some other Samsung phones, you will not need to follow any complex button combinations to boot into the stock recovery. A normal reboot will always boot your Tab A7 into the rooted Magisk system. On the other hand, the regular Volume Up + Power key combo will get your tab into the stock recovery mode.
    • Second, if a new software update is rolled out, you will need to repeat the same process from step #4 all the way to step #7. When updating the FW, you can simply use the HOME_CSC instead of the regular CSC to prevent your data from being wiped. A backup should still be taken.

    That's all from my side. If you run into any issues, feel free to post. Don't forget to share details like the software version your tab is on, the firmware package you downloaded and used, and of course your tab's complete model number.
    5
    Okay, so I found some spare time to verify that the method still works (using the latest FW and Magisk). I have attached an image for confirmation.

    Here's a log of the things I have updated in the tutorial. It seems like a good idea to do this so that I can easily track the things I have changed and when. A copy of this log is also present in the tutorial for users who are new.

    Log:
    1. Added more info about the warranty. It seems like some users are still not aware of how KNOX affects the warranty. If you're getting into software modifications such as rooting, I expect you to have some prior knowledge about such things.
    2. Redacted the part where you needed to change Magisk's update channel under Step #5. Not needed anymore as Magisk v21.x was released to the Stable channel in January 2021.
    3. Replaced all instances of "Magisk Manager" with "Magisk App". Starting with Magisk v22, Magisk Manager is gone and merged with the core Magisk. It's now called the "Magisk App".
    Now, for users who have faced issues with this method. The error you're seeing is caused by the Prenormal KG state being in effect. You will only get this error IF you do something that's not mentioned or skip something in the guide.

    So, what do you do after that? It's quite simple actually. First off, restore the official FW via Odin. Then boot into the OS, connect to the internet, enable Developer Options, and verify that "OEM Unlocking" is present and greyed out in an ON state.

    Then re-attempt the tutorial. Make sure that you do not deviate this time, I know you would believe that you didn't, but we all can make mistakes. So just cross-reference each step while attempting.

    More importantly, after you have flashed the Magisk Patched TAR and performed the factory reset, make sure that you boot straight into the OS, connect the tab to the internet, and do the initial Magisk setup. DO NOT REBOOT the tab before doing this.

    While I personally didn't face the issue, I believe this is where things might go sideways, because Magisk needs to run its code to complete the rooting process. If not, Samsung's ugly security features will kick in and show you the "Only official binaries are allowed to be flashed" error message.

    If you still have doubts, drop in a comment. I am sure you'll get the help.



    At last, I want to bring up something that I didn't wanted to. I received a PM from a reader of this thread expressing his frustration on why I was ignoring the thread and that this tutorial was "tricking" you guys into bricking your devices.

    I have a personal life aside from XDA, and I do not get the time to visit the forums on a daily basis like I did until a few years ago. If it's important, I ask you to mention me in the comments so that I can receive a notification.

    Next, the method is nothing new or special. It's the one provided by Magisk's creator John Wu himself (like I mentioned yesterday). It's being used by thousands of users in and outside the community.

    If you have come across an unusual error message, please do not go on blaming others for your mistakes/errors without valid proof.

    Going through the last few pages of this thread, you will find users who successfully rooted their Tab A7 using this guide.

    I, or anyone in this community, does this voluntarily to help the users. We are not being paid for the effort or time we spend writing down guides or developing ROMs. This community works by supporting each other, by sharing our knowledge about the things/technology we so love.

    If you face issues, I request you to be patient, read, and ask the fellow community members for help by providing some constructive information.

    Thanks.
    5
    Sdcard fix

    adb shell
    Su
    sm list-disks
    sm partition <DISK> private
    reboot
    Or sm partition <DISK> mixed (number)
    Example sm partition disk:179,64 private or
    sm partition disk:179,64 mixed 50
    3
    Thanks for the replay. But I constantly read here that I have to boot into OS but my problem: "That's not possible!". After flashing (stock or not it does not matter) it does first time boot that is:

    1. I get a white screen where I can only chose "lets go". I press it
    2. Next screen I can set my language and on only have the option "Next"
    3. Then I get a white screen where I can set my country. And the only option I have is REBOOT.
    4. Then it reboots and after the reboot it continuous with the setup as shown in the video below from position 2.09 on.

    So I'm forced to reboot before the OS can be started. So forget the "boot into OS (that is boot to home screen)" because that's not possible without a reboot.
    Hello acinfo64,

    I encountered the same problem as you, i.e. the ”forced” reboot at step 3.

    The solution that works for me is to get backward using the arrow displayed on the screen (2 times).

    Then i clic on the symbol "accesibility", get back again, and then appears the screen with policy contrats to select.

    And no need to restart this time :). I hope this will help. I found this by chance.

    @DJBhardwaj, thank a lot for this guide, very usefull for me :)

    And sorry for my english, i’m a french guy with a low level of English. This is my 1st post.
    2
    Sdcard fix

    adb shell
    Su
    sm list-disks
    sm partition <DISK> private
    reboot
    Or sm partition <DISK> mixed (number)
    Example sm partition disk:179,64 private or
    sm partition disk:179,64 mixed 50

    This is amazing, thank you so much.

    To clarify for others, this does not require root at all. It can be done on stock android.

    Once done (and rebooted), you can open the app settings, select an app, then go to 'storage' then tab 'change' to move it to the SD card.

    Also 'mixed' vs 'private': Mixed lets you set a percentage to use for internal storage, private just uses the entire SD card.