[HOW-TO][EXYNOS/SNAPDRAGON] Root S20 series and upgrade firmware

Search This thread
1,2,3,4: yes
Rooted devices never get any OTA updates, only manual. With open BL no OTA.
So if you upgrade to A12 via Odin and install TWRP, you have to wipe data partition anyway to decrypt it.
No reason to root A11 before, when you start from the scratch anyway. So backup everthing you need.
Restoring your apps on A12 will get you problems sometimes. For me, A11 worked a litttle bit better, but you'll get no security updates in the future.
Thanks.

My phone is 100% virgin with only the BL unlocked (no accounts, no app or system updates.) From here ... what would you do to get to A12 + rooted - with the least work or complication? I'm good with either TWRP or no TWRP.
 

skysurfer1111

Senior Member
Jul 4, 2016
235
167
Berlin
Thanks.

My phone is 100% virgin with only the BL unlocked (no accounts, no app or system updates.) From here ... what would you do to get to A12 + rooted - with the least work or complication? I'm good with either TWRP or no TWRP.
You'll trigger knox and loose the waranty. Ok, what I would do is
  1. read the OP & read pages 20 + 21 of this Thread
  2. download the actual FW A12 with Frija or samfirm (don't patch it with Magisk if you use TWRP)
  3. download actual Magisk canary apk, TWRP + vbmeta tar
  4. download multidisabler-samsung-3.1
  5. flash the FW & TWRP with Odin - put TWRP + VBmeta tar in USERDATA. (reboot off!)
  6. Boot in TWRP (DON'T BOOT IN THE SYSTEM!) wipe data, decrypt it and flash the multidisabler.zip
  7. Install the Magisk app-debug.apk with TWRP (May be rename it to app-debug.zip if you have problems)
  8. Boot in the system, update Magisk (Canary update channel), install Zygisk + Zygisk list.
That's how I do it always. I like TWRP, because of the possibility to do nandroid backups, lots of more things and you don't need to patch anything with Magisk.
So have a good try ;)
 
Last edited:
  • Like
  • Love
Reactions: 1jkan and oaklandz

skysurfer1111

Senior Member
Jul 4, 2016
235
167
Berlin
You'll trigger knox and loose the waranty. Ok, what I would do is
  1. read the OP & read pages 20 + 21 of this Thread
  2. download the actual FW A12 with Frija or samfirm (don't patch it with Magisk if you use TWRP)
  3. download actual Magisk canary apk, TWRP + vbmeta tar
  4. download multidisabler-samsung-3.1
  5. flash the FW & TWRP with Odin - put TWRP + VBmeta tar in USERDATA. (reboot off!)
  6. Boot in TWRP (DON'T BOOT IN THE SYSTEM!) wipe data, decrypt it and flash the multidisabler.zip
  7. Install the Magisk app-debug.apk with TWRP (May be rename it to app-debug.zip if you have problems)
  8. Boot in the system, update Magisk (Canary update channel), install Zygisk + Zygisk list.
That's how I do it always. I like TWRP, because of the possibility to do nandroid backups, lots of more things and you don't need to patch anything with Magisk.
So have a good try ;)
If you have the exynos chip, you can try the ThunderStorms Kernel. It's a very nice kernel, saves your battery and gives you some tweaks. Easy to flash in TWRP. I love it :)
 
You'll trigger knox and loos the waranty. Ok, what I would do is
  1. read the OP & read pages 20 + 21 of this Thread
  2. ...
That's how I do it always. I like TWRP, because of the possibility to do nandroid backups, lots of more things and you don't need to patch anything with Magisk.
So have a good try ;)
Big wet kiss! LOL -
After being in and out of forums like this over the years, I see so much posted in cryptic short answers, etc. As a technical writer myself, you wrote very clear steps! A+ plus + for the links. I ever heard of Zygist - this is a good explanation although oddly written. https://krispitech.com/new-magisk-update-adds-support-for-android-12-adds-zygisk-denylist/

3 questions
Is the link you included for TWRP correct for the SM-G981B?
What is a good link for multidisabler-samsung-3.1?
I'm not familiar with 'decrypt' in #6, is that a clear option in TWRP?
 
  • Like
Reactions: skysurfer1111

skysurfer1111

Senior Member
Jul 4, 2016
235
167
Berlin
Big wet kiss! LOL -
After being in and out of forums like this over the years, I see so much posted in cryptic short answers, etc. As a technical writer myself, you wrote very clear steps! A+ plus + for the links. I ever heard of Zygist - this is a good explanation although oddly written. https://krispitech.com/new-magisk-update-adds-support-for-android-12-adds-zygisk-denylist/

3 questions
Is the link you included for TWRP correct for the SM-G981B?
What is a good link for multidisabler-samsung-3.1?
I'm not familiar with 'decrypt' in #6, is that a clear option in TWRP?
Hello,
  1. if you don't trust my link, take this one TWRP + VBMETA for all S20 Series (z3s).
    It's from the download links in the Beyond Rom thread, and should work for you.
  2. I send you already the link to multidisabler-3.1 (google is your friend :))
  3. Go in TWRP to Wipe -> Format data -> type "yes" -> go back and flash the multidisabler
    So the data partition is decrypted and multidisabler prevent the encryption in future.
    TWRP can't handle encrypted partitions, thats why.
Magisk Zygisk & the Denylist are new and for my opinion better than the old Magisk hide. All my banking apps and google pay work...

Good luck(y)
 
Last edited:
  • Like
Reactions: 1jkan
I don't know, I think data. There are all your apps and documents. May be you can encrypt SMS and other stuff with special apps. If you are rooted, some of the Samsung stuff is not working, for e. secure folder.
If you want encryption, you have to root without TWRP. So read the OP, i think, it's explaint there.

Good night ;)
Thanks! Arrivederci!
 
  • Like
Reactions: skysurfer1111

Matce

Senior Member
Jul 27, 2008
85
6
Been out of the loop for a while....
Is there a guide to go from fully rooted A11 to A12 ? Pretty crucial: without wiping data!

To update within A11 I typically did this:
- download Firmware and extract
- Odin BL/AP/CP/HOME_CSC and USERDATA (TWRP+VBMETA in 1 file)
-- untick auto reboot and flash
- go into TWRP, flash multidisabler, reboot into system
- go into TWRP again, flash kernel, done

is that still true to go from A11 to A12 now? just replace with new TWRP?

Samsung S20 here.

thanks
 

skysurfer1111

Senior Member
Jul 4, 2016
235
167
Berlin
Been out of the loop for a while....
Is there a guide to go from fully rooted A11 to A12 ? Pretty crucial: without wiping data!

To update within A11 I typically did this:
- download Firmware and extract
- Odin BL/AP/CP/HOME_CSC and USERDATA (TWRP+VBMETA in 1 file)
-- untick auto reboot and flash
- go into TWRP, flash multidisabler, reboot into system
- go into TWRP again, flash kernel, done

is that still true to go from A11 to A12 now? just replace with new TWRP?

Samsung S20 here.

thanks
Samsung S20 as well.
I had to wipe data and start from the scratch.
Try without, maybe you're lucky.
 

lukjod

Senior Member
Aug 12, 2004
178
22
Warsaw
Samsung Galaxy S21 Ultra
I had a few days ago problem that magisk upgraded itself from 23 to 24. Now it hangs all the time when want to open it, As it was hidden and changed name to Magik for banks app to work what can i do now to revert it back to 23. I had twrp and full nandroid backup a month old so probaly easiest is to restore it and check do not update option on Magisk. Question which partitions restore from nandroid? I have boot, modem, recovery, cache data, efs metadata optics, prism, super?
Will guess data is enough but please help me as dont want to start from scratches even though then will go for A12
 

skysurfer1111

Senior Member
Jul 4, 2016
235
167
Berlin
I had a few days ago problem that magisk upgraded itself from 23 to 24. Now it hangs all the time when want to open it, As it was hidden and changed name to Magik for banks app to work what can i do now to revert it back to 23. I had twrp and full nandroid backup a month old so probaly easiest is to restore it and check do not update option on Magisk. Question which partitions restore from nandroid? I have boot, modem, recovery, cache data, efs metadata optics, prism, super?
Will guess data is enough but please help me as dont want to start from scratches even though then will go for A12
So why don't you uninstall Magisk with TWRP - it's descript here in the lower part of the site - before you loose a month of your data.
You can reinstall it back later, use the latest canary apk.
If you want to restore with TWRP, I think, boot, data and super should be enough. Mount the partitions before restore.
Just give it a try(y)
 

lukjod

Senior Member
Aug 12, 2004
178
22
Warsaw
Samsung Galaxy S21 Ultra
So why don't you uninstall Magisk with TWRP - it's descript here in the lower part of the site - before you loose a month of your data.
You can reinstall it back later, use the latest canary apk.
If you want to restore with TWRP, I think, boot, data and super should be enough. Mount the partitions before restore.
Just give it a try(y)
Cause I have a few magisk apps including fixes for gpay which now can't restore easy so easiest is to go for twrp restore I guess. So before restore to mount partitions? Those 3 You posted?
 

skysurfer1111

Senior Member
Jul 4, 2016
235
167
Berlin
Cause I have a few magisk apps including fixes for gpay which now can't restore easy so easiest is to go for twrp restore I guess. So before restore to mount partitions? Those 3 You posted?
Yes, you can mount all of them, if you want, it doesen't matter. I had problems restoring super, if I didnt mount all partitions. TWRP will tell you issues and you can try again, no problem.

The latest Magisk canary with Zygisk , Deny list and safetynet-fix-v2.2.1 helped me to hide my banking apps and Gpay. All apps are working fine now.
 
  • Like
Reactions: lukjod
Sry, I forgot one thing: You can use TWRP with encrypted data, but you can't do nandroid backups of your data partition. Everything else works.
Thats it.:sleep:
Hey, another question. I'm still at virgin status with unlocked bootloader with the G198B. Should I update security patch level (to Nov 1 2021, >DUJ5) before I start flashing A12 / root? Does it matter? Will it be wiped out anyhow or will it persist?
 

skysurfer1111

Senior Member
Jul 4, 2016
235
167
Berlin
Hey, another question. I'm still at virgin status with unlocked bootloader with the G198B. Should I update security patch level (to Nov 1 2021, >DUJ5) before I start flashing A12 / root? Does it matter? Will it be wiped out anyhow or will it persist?
It will be wiped out. No need to update A11. There should be a new update for A12 - VA9. May be you can get it on Frija. The OTA-Freaks got it today.
 
Last edited:
  • Like
Reactions: oaklandz

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    Yes, it's absolutely normal. You'll see that message every time you reboot.
    2
    I just unlocked the bootloader on my galaxy s20 ultra SM-G988B /DS on the latest firmware, reflashed with the vb_disabled file in the userdata although now at the bootup it says this phone is not running samsung official software though sure boots successfully, just wanted to know if that is normal?

    This makes it look less alarming (if you have TWRP installed):

    1
    I will update the lsposed OneUI_4_Phone_X module with a new feature: Advanced Incoming Call Blocking, where you can block unwanted calls by adding a prefix (eg: 0195546*), suffix (eg: *465800) or both (eg: *4658*).
    Stay tuned!
    1
    Thank you for sharing this, appreciate it. Only problem is that I just started using this galaxy s20 ultra and since I wanted to set it asap and couldn't find the recovery I just went ahead with patching the boot image manually and rooting.

    Now the phone is all set and so I just wanted to know if there is a magisk alternative to this or if you or anyone here can link me to a working recovery for SM-G9880 /DS on A12, the latest firmware. Edit: I did find the twrp+vbmeta tar from the older posts. Just need to know if there's a way for me to just simply flash the twrp on this already rooted with odin (on userdata/ap?) without having to reset the phone or is the reset a must?

    Hi,

    If you havent already installed TWRP, then yes you would have to wipe data to decrypt it along with installing TWRP (which is why i put the "if you have TWRP installed" caveat in there)

    The link and patch is only a cosmetic thing, its not worth upsetting your current install just for that

    If you have to reflash stock at some point, then maybe revisit it.

    Theres no way to do the same thing in magisk as it isnt mounted at this stage of events
  • 67
    Applicable Models:
    All Exynos models including but not limited to:
    SM-G980F or SM-G980F/DS (S20)
    SM-G981B or SM-G981B/DS (S20)
    SM-G985F or SM-G985F/DS (S20+)
    SM-G986B or SM-G986B/DS (S20+)
    SM-G988B or SM-G988B/DS (S20 Ultra)
    All BL-unlockable Snapdragon models including but not limited to:
    SM-G9810 (S20, Hong Kong, Taiwan, China mainland)
    SM-G9860 (S20+, Hong Kong, Taiwan, China mainland)
    SM-G9880 (S20 Ultra, Hong Kong, Taiwan, China mainland)
    SM-G981N (S20, Korea)
    SM-G986N (S20+, Korea)
    SM-G988N (S20 Ultra, Korea)

    Japanese model (SC-*) also use Snapdragon but I can't not confirm that its bootloader is unlockable.
    It is known that bootloader can NOT be unlocked on U.S. models (U/U1) .

    Frequently used key combinations of S20 series:
    FORCE REBOOT: Hold "Volume Down" and "Bixby/Power" button.
    DOWNLOAD MODE: With the phone off, hold "Volume Down" and "Volume Up" button, connect your phone to a computer via a cable. Release the buttons after you see the "Warning" screen and then press "Volume Up"
    RECOVERY MODE: With the phone off, hold "Volume Up" and "Bixby/Power" button.

    Some facts:
    1. S20 series uses dynamic partition which means there is only one "super" partition (instead of "system", "vendor", "product").
    3. S20 series uses A-only partition which means there is only one set of system partition.
    3. S20 series uses 2 stage init (2SI).
    4. KNOX will be tripped after you flash a custom image. As a result, Samsung Pay and Secure Folder will become permanently (even after restore to stock firmware) unusable and your warranty may be voided. However, many jurisdictions including the European Union has law mandating manufacturer to provide hardware warranty even if user modifies the software.
    5. Samsung devices are almost impossible to hard brick (render the device unusable without a hardware-level repair) as critical sections including the bootloader are well-protected. However, if you do things incorrectly, you may soft brick your phone, but that can usually be resolved by resetting to factory settings (wipe data and cache) or restoring to stock firmware (check out Stage 4).

    Tools needed:
    On your computer:
    1. Odin 3.14.4 or newer
    2. Samsung Android USB driver
    3. SamFirm or other tools/websites to download official firmwares
    4. Android Verified Boot Metadata Image with verification disabled (vbmeta_disabled.tar)
    On your device:
    1. Magisk Manager

    Stage 1: Know your model and carrier code (CSC)
    1. Open "Settings"
    2. Go to "About phone" -> "Software information"
    3. Pay attention to "Service provider SW ver."
    4. Starting with "SM-", for example "SM-G9810", that's the model of your phone.
    5. Immediately after that, there are two 3-letter code, for example "OZL_CHC". The second 3-letter code "CHC" is your CSC.
    6. Remember your model and CSC.
    Screenshot_20200409-191910_Settings.jpg

    Stage 2: Unlock the bootloader
    WARNING: ALL data on your device, including apps, settings and files in internal storage, will be lost. You do not need to repeat this if you didn't re-lock your bootloader.
    1. Open "Settings"
    2. Turn on "Developer mode" by going to "About phone" -> "Software information" and pressing "Build number" for several times.
    3. Go to main menu of "Settings" and at the bottom you will find "Developer options"
    4. Go to "Developer options". You will find a toggle "OEM unlocking". Turn it on.
    Screenshot_20200409-191950_Settings.jpg
    5. Skip to step 8 if your device reboots to "Unlock bootloader?" screen. Make sure the toggle is on and then turn off your phone.
    6. With the phone off, hold "Volume Down" and "Volume Up" button, connect your phone to a computer via a cable. (don't use charging only cables)
    7. Release the buttons after you see the "Warning" screen. Then, hold the "Volume Up" button.
    8. You will see "Unlock bootloader?" screen. Proceed and unlock your bootloader by pressing "Volume Up" button.
    9. Your device will be reset to factory settings. Proceed with the Setup Wizard. Only connect to network via Wi-Fi or cellular and skip everything else. (to save time as data will be cleared again later.)
    10. Repeat step 1-4 to validate that "OEM Unlocking" is on. If it is not, turn it on.
    11. Repeat step 6.
    12. Release the buttons after you see the "Warning" screen. This time, press (not hold) the "Volume Up" button.
    13. You will see "Downloading" screen. On the top left, there are some important info.
    14. Pay attention to "OEM LOCK" and "REACTIVATION LOCK". If both of them are "OFF", you have unlocked the bootloader.
    IMG_0226.jpg

    Stage 3: Disable Android Verified Boot
    1. Reboot to DOWNLOAD mode. If you are already in the download mode, skip to step 2.
    2. Download Odin 3.14.4 or newer and make sure Samsung USB drivers are installed.
    3. Open Odin and put the vbmeta_disabled.tar into USERDATA slot and click "Start"
    4. Your device will reboot but it will not boot into system as vbmeta signature has changed.
    5. Your device will reboot into RECOVERY mode automatically and prompt "You have to reset your device to factory settings". Use "Volume Up" or "Volume Down" button to move and "Power/Bixby" button to select. Confirm and reset the device to factory settings.
    6. This is the last time the data on the device has to be cleared. Afterwards, if you don't re-lock bootloader or re-enable the Android Verified Boot, you will not lose your data. Be aware, a stock firmware package contains a Android Verified Boot Metadata Image (vbmeta.img) with verifications enabled. You will need to flash the vbmeta_disable image (put into USERDATA slot) along with the stock firmware (use BL, AP, CP, CSC slots) to make sure AVB is not re-enabled and the data is preserved.
    View attachment 4990053

    With bootloader unlocked and AVB disabled, it is now possible to boot modified images on the device.

    If a recovery is available and you don't want to go through the process of downloading official firmware, go to #2.

    You can also download a KERNEL TAR archive of your version here:
    Exynos: https://github.com/jesec/proprietary_vendor_samsung_xyzs/releases
    Snapdragon: https://github.com/jesec/proprietary_vendor_samsung_xyzq/releases
    and then skip to Step 6.

    Stage 4: Obtain the official firmware and upgrade
    1. Open SamFirm
    2. Type in your model and your region (CSC) and click "Check Update"
    3. "Download" and you will get a zip file.
    View attachment 4990061
    4. Extract it and you will get 5 files (AP, BL, CP, CSC and HOME_CSC). All files are in tar format and can be opened by 7-Zip, WinRAR or other software.
    5. Check the version code, for example (G9810ZCU1ATD1). The last 4 letters (ATD1) indicates the version of the firmware. If the version is the same as your current firmware, skip to Stage 5.
    Your data will be preserved if you do it right but it is good to have a backup.
    6. Open Odin on your computer and reboot your device to DOWNLOAD mode.
    7. Put AP, BL, CP files in their Odin slots. It takes time to verify the firmware so be patient.
    8. Put HOME_CSC file in CSC slot. Be careful here. Unlike AP, BL, CP slots, you should NOT use CSC file for CSC slot. Instead, you should use HOME_CSC file. CSC file contains partition table (PIT) which will erase all your data.
    9. Put vbmeta_disabled file in USERDATA slot so AVB remains disabled and your data preserved.
    10. Click "Start" and wait for it to finish. Allow the device to boot into system to complete the upgrade process. Do NOT interrupt/disconnect phones/hold button. It needs to complete the process without interruption or strange BUGs may appear.
    View attachment 4990063

    Stage 5: Extract boot (kernel) image from firmware
    If you are having trouble creating tar file, you can skip to Stage 6. (NOT RECOMMENDED as AP is basically full system image. It is huge (takes long time to flash/process) and Magisk may misbehave.)
    1. Extract boot.img.lz4 from the AP file.
    2. Use 7-Zip to create a tar archive which contains boot.img.lz4 only. (or "tar cvf boot.tar boot.img.lz4")
    View attachment 4990065View attachment 4990067View attachment 4990069View attachment 4990071

    Stage 6: Patch the boot (Kernel) image via Magisk
    1. Transfer the tar archive (or the AP file if you skipped stage 5) to your phone.
    2. Open Magisk Manager.
    3. Click top-right "Install" button
    4. Make sure "Recovery Mode" is off in Options.
    5. Click "Next" and select "Select and Patch a File" in Method.
    6. Select the file you transferred to your phone in step 1.
    7. Click "Next" and "LET'S GO".
    Screenshot_20200415-223750.jpgScreenshot_20200409-192424.jpgScreenshot_20200409-192430.jpgScreenshot_20200409-192447.jpgScreenshot_20200415-085506.jpg
    8. Transfer the patched file (in Download/magisk_patched.tar) to your computer
    9. Reboot the device to DOWNLOAD mode.
    10. Open Odin, put patched file to AP slot and then click "Start".
    11. After reboot, Magisk is installed and you will have the root access.

    HOW TO upgrade the firmware
    Repeat stage 4-6.

    XDA:DevDB Information
    Root S20 series and upgrade firmware, Tool/Utility for the Samsung Galaxy S20

    Contributors
    jesec

    Version Information
    Status: Stable

    Created 2020-04-08
    Last Updated 2020-04-08
    16
    Other Methods:

    You still need to unlock bootloader and disable AVB. (check Stage 2-3)

    Recovery Magisk installation:
    1. Open Odin on your computer.
    2. Reboot your device to DOWNLOAD mode.
    3. Put the recovery TAR flashable into AP slot.
    4. Click start.
    5. Use Volume Up + Power to reboot into recovery mode.
    6. Install Magisk via recovery.
    My recovery usually includes Magisk in "Select from root" -> ".builtin" folder. Or you can sideload the ZIP flashable of your choice via adb or https://flash.jesec.io/.

    Flash pre-patched boot (Kernel) image:
    Basically others have done stage 4-6 for you. Be aware that it is always safer to DIY.
    You are welcomed to share your patched image to the community by replying to this thread.
    Naming convention: model + firmware version (last four letters of build number) + magisk version .tar
    1. Make sure that the model and firmware version of the pre-patched image is the exact SAME as yours.
    2. Open Odin on your computer.
    3. Reboot your device to DOWNLOAD mode.
    4. Put pre-patched image into AP slot.
    5. "Start"

    SM-G9810_ATD1_ef9d077c.tar:
    https://drive.google.com/open?id=1SxKXWHqR0aM_g457Yp7pk524_6aqp1k5
    12
    Some Interesting Things:

    Change your CSC (carrier code):
    You have to root your device. There might be some secret codes to trigger the menu without root, though.
    Note that you can only change it to carrier configurations already included in your firmware.
    WARNING: Your device will be reset to factory settings.

    In a local terminal, type:
    su
    am start -n com.samsung.android.cidmanager/.preconfig.PreconfigActivity

    Screenshot_20200409-100230.jpg
    10
    The situation in US:
    As long as the model is shared with Verizon and ATT, it is highly unlikely that it will be BL unlockable. Verizon and ATT have strong desire to keep the phone BL locked. Samsung wants unlockable by default but they don't argue with Verizon/ATT on this. T mobile and Sprint are OK with unlock but they don't have strong desire to make it unlockable.

    Anyways, for Snapdragon users, now the Lineage Recovery is available. You can now root your device without downloading the full firmware.
    https://forum.xda-developers.com/galaxy-s20/samsung-galaxy-snapdragon-s20--s20--s20-ultra-roms-kernels-recoveries--other-development/recovery-lineage-recovery-s20-series-t4084977

    I will also take a look into Exynos devices if there are enough interest. (however i can only do blind development)

    I am also working on TWRP Android 10 branch. It is still early stage, though.
    image.jpg
    6
    Anyone tried on Android 11?
    Working here (s20+ exynos), stock android 11, plus twrp and edxposed (y)
    AP patched with latest magisk canary, which will also patch the vbmeta (to disable Android Verified Boot).

    Screenshot_20201206-134109[1].jpg Screenshot_20201206-134117[1].jpg Screenshot_20201206-134126[1].jpg Screenshot_20201206-134134_EdXposed_Manager[1].jpg