• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[Root][5.1.1] Root with Stock Kernel

Search This thread

karthikrr

Senior Member
Sep 2, 2013
140
80
This thread contains a tutorial on how to patch boot.img on Samsung Lollipop devices and achieve root with a stock firmware. The tutorial is intended for those who wish to make their own boot.img for their specific firmware. For the rest, a patched boot.img for each device variant is attached. Simplified instructions for flashing with these patched images is first, followed by the tutorial.

NOTES!

1: YOU MUST EXTRACT THE .IMG FILE FROM THE TAR AND FLASH WITH TWRP. For some reason flashing with ODIN does NOT work with the images attached to this thread.

2: To make ODIN tars, look at @drExel's post here.

3: In most variants, TWRP 2.8.7.0 appears to work, though there are some issues. On some devices, it takes a REALLY long time to boot into TWRP, making you believe the device has frozen, but just give it time and it will load eventually. On other devices, TWRP loads, but touch does not work. In these cases, the S-Pen works without any problems (but is very sensitive). Some users have posted alternate TWRPs that work properly; search the thread for this. I am not including it here because I have not personally tried these versions myself.

4: Since this issue came up multiple times, though it is mentioned in the instructions below, I am stressing this once again. DO NOT ALLOW TWRP TO AUTOMATICALLY INSTALL SUPERSU WHEN YOU HIT REBOOT. THIS WILL CAUSE A BOOTLOOP, GUARANTEED! YOU MUST FLASH THE BETA 2.52 SUPERSU MANUALLY AFTER FLASHING THE PATCHED BOOT.IMG AND CONFIRMING THE DEVICE WORKS PROPERLY!

5: If you take the time to read the entire thread, you will find redirects to other kernels, firmwares and more. I am sure they are excellent, but having not used any of them, I cannot vouch for the outcomes if you flash them. All information related to the other firmwares and any questions you have about them are best served by going to their dedicated threads. This thread is ONLY for a pure stock firmware with only the boot.img patched to permit root, and nothing else touched.

6: XPosed Framework does not work yet for TW LL, but @wanam has an unofficial version here that various members have reported works quite well.

7: Knox WILL be tripped. If you care about Knox, leave now and do not come back!

Simplified Instructions

The thread originally began as a pure tutorial, with only the P607T image. But given the requests others had, and my need to confirm that this works on all variants, I made more patched images. No 'simple instructions' were available earlier because this was not intended for end-users who might flash and find that it does not work. Now that all the images are confirmed working, and we have tested on all variants, here is a simplified set of instructions for those who just wish to flash and do not care what they are flashing.

1: Update to fully stock 5.1.1 for your device. Whether it is OTA or ODIN flash using a firmware from sammobile or elsewhere does not matter. You start with a fully stock device running 5.1.1.

2: Download the appropriate patched_boot.img for your device. They are attached as tar files due to XDA size restrictions, so you must untar and then save the .img file to your device. Also download SuperSU Beta 2.52.zip and save it as is to the same folder on your device where you put the .img file.

3: Download TWRP 2.8.7.0 for your device and flash it with ODIN. To get TWRP to stick, when the device reboots, you must go directly into recovery. If the device reboots normally, TWRP will be replaced by the stock recovery. There are guides on how to flash TWRP and you should go look at them if you are unsure how to do this.

4: Once you are in TWRP, go the Install area. The default is for installing .zip files. At the bottom right of the screen, you will see a button to change to Images. Hit this. Then select the patched_boot.img file that you saved on your device in the previous step. When you hit install, TWRP will ask you whether this is a boot image or a recovery image. Select Boot. Let TWRP do its thing. When done, go back and hit reboot. TWRP will volunteer to install SuperSU for you now. SAY NO TO THIS. If you accept this install, your device will bootloop and you have start all over again!

5: Make sure the device rebooted without any problems. You will see a red "Kernel SEAndroid Not Enforcing" message when you reboot. Ignore it, it just means that the patched boot.img is working. Once you have confirmed that the device is able to boot properly with the patched boot.img, reboot into recovery again. Go back to Install, this time, stick with Zip mode and install the Beta SuperSU 2.52.zip that you saved to your device. Reboot.

6: If you followed instructions properly, you will reboot without any problems. Run SuperSU, allow it to update if it wants to, and to disable knox if you want to. You have a rooted device now with a virgin firmware.

7: This process has worked for enough people now that any errors are user errors. If you are bootlooping after following these instructions to the letter, you should do a full factory reset and try from scratch. A previous incorrect flash of SuperSU that caused a bootloop seems to persist even if you reflash the stock firmware and messes things up. Always perform a clean install!

Tutorial to patch your own boot.img

This section is NOT meant for the non-technical end-user who "... just wants root ... "

So far, it seems the only way to get root on the 5.1.1 Firmware was to flash a permissive kernel that disabled SEAndroid completely. This is a bit like killing the patient to cure the disease. @Chainfire describes a 'trick' to get root with a fully stock kernel on this thread. Special Thanks to @garyd9 and @SHM for helping me get everything working properly.

Part 1:

1) Extract boot.img from your device's stock firmware.
2) Unpack the boot.img to get access to the ramdisk.
3) Copy the sepolicy file from the ramdisk. You will be patching this file to make the usual SuperSU method work again.

The stock image can be extracted from the firmware using any archive tool. To unpack the boot.img, you can take a look at the following threads for tools and instructions.

Carliv's Kitchen : Windows, very beginner friendly.
SHM's Toolset : I used this on Linux.

copy sepolicy from the ramdisk folder to your adb folder (If you are on Windows and using Minimal ADB and Fastboot; I am assuming linux users don't need to be told what to do here :) )

Part 2:

1) Connect an already rooted device running 4.4+ firmware & SuperSU Beta 2.50+ to your system. Make sure you have adb access.
2) Push the sepolicy file to the device.
3) Run supolicy on the sepolicy file to patch it.
4) Pull the sepolicy file back to your computer.

I used my rooted Note 2 to get the job done. ANY rooted device that permits adb should do the trick, but it needs to be on 4.4+ firmware and running SuperSU Beta 2.50+.

Once you have an adb connection established, do the following (this is from Chainfire's thread referenced at the beginning):

Code:
adb push sepolicy /data/local/tmp/sepolicy
adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out"
adb shell su -c "chmod 0644 /data/local/tmp/sepolicy_out"
adb pull /data/local/tmp/sepolicy_out sepolicy_out

Part 3:

1) Replace the sepolicy file in the stock ramdisk with the newly patched sepolicy file.
2) Repack the ramdisk.
3) Make a new boot.img with the stock kernel and repacked ramdisk.
4) Flash new boot.img on your Note 10.1. Reboot, make sure everything is working.

Replace the sepolicy in the ramdisk with the sepolicy_out file that you pulled from your reference device. This means RENAME sepolicy_out and overwrite the original sepolicy file.

Repack the ramdisk using the instructions that came with your tool.

Make a new patchedboot.img file using the instructions that came with your tool.

Copy this patchedboot.img file to your Note 10.1, reboot into TWRP, go to the install zip section, toggle image mode, flash the patchedboot.img file and reboot the device. DECLINE TWRP's friendly offer to install SuperSU for you. This will cause a bootloop!If the device reboots successfully, pat yourself on the back. At this point, all you have done is patched the sepolicy to allow rooting, but you have not yet rooted the device.

Part 4:

1) Use TWRP to install SuperSU Beta 2.50+ (I used 2.52)
2) Reboot

Copy SuperSU Beta 2.50+ (I used 2.52) to the device, reboot into TWRP and install SuperSU. Reboot for rooted Note 10.1 running a Stock Kernel and no compromised SEAndroid. Of course, it goes without saying, this will trip knox. Also, please note that XPosed is not out for 5.1.1 yet, at least not officially. @wanam has an unofficial version here that various members have reported works well.
 

Attachments

  • patched_bootP600XXUDOJ3.tar
    6.7 MB · Views: 7,705
  • patched_bootP601XXUDOJ2.tar
    6.7 MB · Views: 1,989
  • patched_bootP607TUVUBOI2.tar
    10.6 MB · Views: 696
  • patched_bootP605XXU1EOI5.tar
    10.5 MB · Views: 1,943
Last edited:

karthikrr

Senior Member
Sep 2, 2013
140
80
Hey, So at what step in this do I start if I dl'ed the Patched boot img? Thanks in advance.

Part 3, Step 4:

Flash new boot.img on your Note 10.1. Reboot, make sure everything is working.

Copy this patchedboot.img file to your Note 10.1, reboot into TWRP, go to the install zip section, toggle image mode, flash the patchedboot.img file and reboot the device. If the device reboots successfully, pat yourself on the back. At this point, all you have done is patched the sepolicy to allow rooting, but you have not yet rooted the device.

In TWRP, when you hit Install, on the bottom right, you will see an option for Images. Select that and when you goto the folder with your img, you should see the new img you copied on to your device. Continue with Part 4 for full root.

IF the device does not boot, you want to flash the stock boot.img again, so make sure you have a copy of that on your device as well, so you can recover easily!
 

icemanscion

Member
Jun 30, 2010
43
2
Part 3, Step 4:



In TWRP, when you hit Install, on the bottom right, you will see an option for Images. Select that and when you goto the folder with your img, you should see the new img you copied on to your device. Continue with Part 4 for full root.

IF the device does not boot, you want to flash the stock boot.img again, so make sure you have a copy of that on your device as well, so you can recover easily!

I have issues with TWRP since it wont work properly for me, so I'm going to try it with Philz CWM. Thank you again.
 

karthikrr

Senior Member
Sep 2, 2013
140
80
I have issues with TWRP since it wont work properly for me, so I'm going to try it with Philz CWM. Thank you again.

Good luck :) Just make sure you have the stock boot.img around, in case there are any problems. You are the first one trying it on the P600, or at least the first who cared to write in this thread, so this is uncharted territory!
 

karthikrr

Senior Member
Sep 2, 2013
140
80
So to get the patches boot.img, we unpack the tar file posted in the OP?

Sent from my SM-P600 using Tapatalk

Yes. xda does not allow me to post an image file greater than 8mb, but the P607T image is 10.5mb, so had to tar it. Decided to be consistent with all the images.

Technically, you can try to flash that .tar with ODIN, but in my case, it would not work. Only flashing the .img through TWRP did.
 

iridaki

Retired Forum Moderator
Feb 21, 2007
4,534
5,210
35
Edinburgh, Scotland
Yes. xda does not allow me to post an image file greater than 8mb, but the P607T image is 10.5mb, so had to tar it. Decided to be consistent with all the images.

Technically, you can try to flash that .tar with ODIN, but in my case, it would not work. Only flashing the .img through TWRP did.
Thank you! And thank you for providing us with a patched kernel! :)
I'll try rooting and installing Xposed tonight and report back!
 

karthikrr

Senior Member
Sep 2, 2013
140
80
Thank you! And thank you for providing us with a patched kernel! :)
I'll try rooting and installing Xposed tonight and report back!

Technically its just a patched boot image with a STOCK kernel, but yea, glad to help :) The real work was done by Chainfire and garyd9 and SHM helped me put this thing together, so they deserve the thanks!

If you get Xposed on it, let me know which version. The official one does not work on TW LL yet, but I believe Wanam has another version out that does. I haven't had the time to install it and test it, so your review will be helpful.
 

iridaki

Retired Forum Moderator
Feb 21, 2007
4,534
5,210
35
Edinburgh, Scotland
Technically its just a patched boot image with a STOCK kernel, but yea, glad to help :) The real work was done by Chainfire and garyd9 and SHM helped me put this thing together, so they deserve the thanks!

If you get Xposed on it, let me know which version. The official one does not work on TW LL yet, but I believe Wanam has another version out that does. I haven't had the time to install it and test it, so your review will be helpful.
Any contribution is a worthy contribution! ;)

Wanam Xposed works perfectly on my Note 4 and I think it will work on the 10.1 as well. I'll report back soon!
 

Vasishtha

Senior Member
Dec 9, 2013
126
34
SM-P600-TWRP 2.8.7.0 touch input doesn't work, but stylus input does

Hi!
Thanks for your posts, I'm sifting through is now. I was reflashing TWRP 2.8.7.0 (for SM-P600) and discovered that it wasnt responding to touch input. But I quickly discovered that it's UI does respond to the s-pen :)
I'll share my rooting experience as soon as possible.

V
 

iopxiang

Member
Sep 22, 2013
49
17
Hi!
Thanks for your posts, I'm sifting through is now. I was reflashing TWRP 2.8.7.0 (for SM-P600) and discovered that it wasnt responding to touch input. But I quickly discovered that it's UI does respond to the s-pen :)
I'll share my rooting experience as soon as possible.

V

How do you make it? I cannot flash the twrp successfully, there is always an error saying ''Recovery is not SEAndroid Enforcing''.
 

Vasishtha

Senior Member
Dec 9, 2013
126
34
The SM-P600 rooting(with your patched boot) was a success! I encountered no problems at all. Only the lack of touch responsiveness of twrp 2.8.x had me worried, but thankfully the s-pen had my back and I was able to browse the twrp UI with it.

I'm now restoring all my apps with titanium backup, I'll try out xposed later this afternoon.
Regarding the LL update: wow this tablet completely feels like a new device, the fluidity is just stunning. 60 fps animations:eek:
 

karthikrr

Senior Member
Sep 2, 2013
140
80
The SM-P600 rooting(with your patched boot) was a success! I encountered no problems at all. Only the lack of touch responsiveness of twrp 2.8.x had me worried, but thankfully the s-pen had my back and I was able to browse the twrp UI with it.

I'm now restoring all my apps with titanium backup, I'll try out xposed later this afternoon.
Regarding the LL update: wow this tablet completely feels like a new device, the fluidity is just stunning. 60 fps animations:eek:

Finally, a confirmation :) Thanks for letting us know!

As for TWRP, I believe the 2.6.3.3 (or something else in the 2.6 series) works without any problems on the P600.
XPosed is officially not out for Samsung LL, BUT Wanam has a version in development that works well, according to @iridaki on this thread. If you switch TWRP or try Wanam Xposed, post an update here as well!

And yes, the LL update actually made the device feel so damn good, its practically a Note 10.1 (2015 Edition)!
 

Vasishtha

Senior Member
Dec 9, 2013
126
34
Finally, a confirmation :) Thanks for letting us know!

As for TWRP, I believe the 2.6.3.3 (or something else in the 2.6 series) works without any problems on the P600.
XPosed is officially not out for Samsung LL, BUT Wanam has a version in development that works well, according to @iridaki on this thread. If you switch TWRP or try Wanam Xposed, post an update here as well!

And yes, the LL update actually made the device feel so damn good, its practically a Note 10.1 (2015 Edition)!

Twrp 2.6.x does work, however there is no option to flash .img files on those versions.
So you either have to use heimdall or something else in order to flash that boot.
The unofficial xposed 5.1.x on my nexus 5 worked without any problems, so I expect the same for the LL variant. But I'll keep you posted.

The multiwindow transitions now have fade in/out effects <3 and we now can snap floating windows to either the left or right sides D:
 

Top Liked Posts

  • There are no posts matching your filters.
  • 31
    This thread contains a tutorial on how to patch boot.img on Samsung Lollipop devices and achieve root with a stock firmware. The tutorial is intended for those who wish to make their own boot.img for their specific firmware. For the rest, a patched boot.img for each device variant is attached. Simplified instructions for flashing with these patched images is first, followed by the tutorial.

    NOTES!

    1: YOU MUST EXTRACT THE .IMG FILE FROM THE TAR AND FLASH WITH TWRP. For some reason flashing with ODIN does NOT work with the images attached to this thread.

    2: To make ODIN tars, look at @drExel's post here.

    3: In most variants, TWRP 2.8.7.0 appears to work, though there are some issues. On some devices, it takes a REALLY long time to boot into TWRP, making you believe the device has frozen, but just give it time and it will load eventually. On other devices, TWRP loads, but touch does not work. In these cases, the S-Pen works without any problems (but is very sensitive). Some users have posted alternate TWRPs that work properly; search the thread for this. I am not including it here because I have not personally tried these versions myself.

    4: Since this issue came up multiple times, though it is mentioned in the instructions below, I am stressing this once again. DO NOT ALLOW TWRP TO AUTOMATICALLY INSTALL SUPERSU WHEN YOU HIT REBOOT. THIS WILL CAUSE A BOOTLOOP, GUARANTEED! YOU MUST FLASH THE BETA 2.52 SUPERSU MANUALLY AFTER FLASHING THE PATCHED BOOT.IMG AND CONFIRMING THE DEVICE WORKS PROPERLY!

    5: If you take the time to read the entire thread, you will find redirects to other kernels, firmwares and more. I am sure they are excellent, but having not used any of them, I cannot vouch for the outcomes if you flash them. All information related to the other firmwares and any questions you have about them are best served by going to their dedicated threads. This thread is ONLY for a pure stock firmware with only the boot.img patched to permit root, and nothing else touched.

    6: XPosed Framework does not work yet for TW LL, but @wanam has an unofficial version here that various members have reported works quite well.

    7: Knox WILL be tripped. If you care about Knox, leave now and do not come back!

    Simplified Instructions

    The thread originally began as a pure tutorial, with only the P607T image. But given the requests others had, and my need to confirm that this works on all variants, I made more patched images. No 'simple instructions' were available earlier because this was not intended for end-users who might flash and find that it does not work. Now that all the images are confirmed working, and we have tested on all variants, here is a simplified set of instructions for those who just wish to flash and do not care what they are flashing.

    1: Update to fully stock 5.1.1 for your device. Whether it is OTA or ODIN flash using a firmware from sammobile or elsewhere does not matter. You start with a fully stock device running 5.1.1.

    2: Download the appropriate patched_boot.img for your device. They are attached as tar files due to XDA size restrictions, so you must untar and then save the .img file to your device. Also download SuperSU Beta 2.52.zip and save it as is to the same folder on your device where you put the .img file.

    3: Download TWRP 2.8.7.0 for your device and flash it with ODIN. To get TWRP to stick, when the device reboots, you must go directly into recovery. If the device reboots normally, TWRP will be replaced by the stock recovery. There are guides on how to flash TWRP and you should go look at them if you are unsure how to do this.

    4: Once you are in TWRP, go the Install area. The default is for installing .zip files. At the bottom right of the screen, you will see a button to change to Images. Hit this. Then select the patched_boot.img file that you saved on your device in the previous step. When you hit install, TWRP will ask you whether this is a boot image or a recovery image. Select Boot. Let TWRP do its thing. When done, go back and hit reboot. TWRP will volunteer to install SuperSU for you now. SAY NO TO THIS. If you accept this install, your device will bootloop and you have start all over again!

    5: Make sure the device rebooted without any problems. You will see a red "Kernel SEAndroid Not Enforcing" message when you reboot. Ignore it, it just means that the patched boot.img is working. Once you have confirmed that the device is able to boot properly with the patched boot.img, reboot into recovery again. Go back to Install, this time, stick with Zip mode and install the Beta SuperSU 2.52.zip that you saved to your device. Reboot.

    6: If you followed instructions properly, you will reboot without any problems. Run SuperSU, allow it to update if it wants to, and to disable knox if you want to. You have a rooted device now with a virgin firmware.

    7: This process has worked for enough people now that any errors are user errors. If you are bootlooping after following these instructions to the letter, you should do a full factory reset and try from scratch. A previous incorrect flash of SuperSU that caused a bootloop seems to persist even if you reflash the stock firmware and messes things up. Always perform a clean install!

    Tutorial to patch your own boot.img

    This section is NOT meant for the non-technical end-user who "... just wants root ... "

    So far, it seems the only way to get root on the 5.1.1 Firmware was to flash a permissive kernel that disabled SEAndroid completely. This is a bit like killing the patient to cure the disease. @Chainfire describes a 'trick' to get root with a fully stock kernel on this thread. Special Thanks to @garyd9 and @SHM for helping me get everything working properly.

    Part 1:

    1) Extract boot.img from your device's stock firmware.
    2) Unpack the boot.img to get access to the ramdisk.
    3) Copy the sepolicy file from the ramdisk. You will be patching this file to make the usual SuperSU method work again.

    The stock image can be extracted from the firmware using any archive tool. To unpack the boot.img, you can take a look at the following threads for tools and instructions.

    Carliv's Kitchen : Windows, very beginner friendly.
    SHM's Toolset : I used this on Linux.

    copy sepolicy from the ramdisk folder to your adb folder (If you are on Windows and using Minimal ADB and Fastboot; I am assuming linux users don't need to be told what to do here :) )

    Part 2:

    1) Connect an already rooted device running 4.4+ firmware & SuperSU Beta 2.50+ to your system. Make sure you have adb access.
    2) Push the sepolicy file to the device.
    3) Run supolicy on the sepolicy file to patch it.
    4) Pull the sepolicy file back to your computer.

    I used my rooted Note 2 to get the job done. ANY rooted device that permits adb should do the trick, but it needs to be on 4.4+ firmware and running SuperSU Beta 2.50+.

    Once you have an adb connection established, do the following (this is from Chainfire's thread referenced at the beginning):

    Code:
    adb push sepolicy /data/local/tmp/sepolicy
    adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out"
    adb shell su -c "chmod 0644 /data/local/tmp/sepolicy_out"
    adb pull /data/local/tmp/sepolicy_out sepolicy_out

    Part 3:

    1) Replace the sepolicy file in the stock ramdisk with the newly patched sepolicy file.
    2) Repack the ramdisk.
    3) Make a new boot.img with the stock kernel and repacked ramdisk.
    4) Flash new boot.img on your Note 10.1. Reboot, make sure everything is working.

    Replace the sepolicy in the ramdisk with the sepolicy_out file that you pulled from your reference device. This means RENAME sepolicy_out and overwrite the original sepolicy file.

    Repack the ramdisk using the instructions that came with your tool.

    Make a new patchedboot.img file using the instructions that came with your tool.

    Copy this patchedboot.img file to your Note 10.1, reboot into TWRP, go to the install zip section, toggle image mode, flash the patchedboot.img file and reboot the device. DECLINE TWRP's friendly offer to install SuperSU for you. This will cause a bootloop!If the device reboots successfully, pat yourself on the back. At this point, all you have done is patched the sepolicy to allow rooting, but you have not yet rooted the device.

    Part 4:

    1) Use TWRP to install SuperSU Beta 2.50+ (I used 2.52)
    2) Reboot

    Copy SuperSU Beta 2.50+ (I used 2.52) to the device, reboot into TWRP and install SuperSU. Reboot for rooted Note 10.1 running a Stock Kernel and no compromised SEAndroid. Of course, it goes without saying, this will trip knox. Also, please note that XPosed is not out for 5.1.1 yet, at least not officially. @wanam has an unofficial version here that various members have reported works well.
    4
    I'm also keep seeing the "kernel not SEandroid enforcing" message, I've seen it when I only flashed the patched boot.img, and after rooting it aswell. However in the device info page it says it's SEandroid enforcing...Do I need to be worried?

    The boot.img has ONLY the sepolicy patched with Chainfire's supolicy to allow SuperSU to be installed. The kernel is untoched. Best I can tell, with 5.1.1, Samsung changed their sepolicy to strictly monitor all changes to the device. This is why sideloading SuperSU without patching sepolicy results in a bootloop, because it now detects that there is unauthorized activity (root!) and so SEAndroid intervenes.

    The patched boot.img basically changes sepolicy to permit SuperSU, but since everything else is untouched, it is still monitoring these activities. Essentially, what it does is make sepolicy permissive ONLY for SuperSU, while it continues to be Enforcing for all else. Thus, you get the warning that SEAndroid is not enforcing when it detects root activity (SuperSU doing its thing during bootup), but the kernel itself continues to function as stock and will have the same security policies as earlier with the benefit of root.

    The only way I know to NOT have that message show up is to recompile the kernel with parameters set to disable SEAndroid (make a permissive kernel). This is NOT recommended since you basically solve the 'problem' by completely removing all security! I am sure somebody can tweak a kernel just enough to not show that message anymore, but as far as I know all it is is a message, and will not affect you in anyway.

    TLDR: Ignore it!
    3
    buhohitr, I was not planning to make any more patched images, since my objective was ONLY to test that this method works on all the variants. Thats why I put in a detailed tutorial for people who want to make their own images for specific firmwares. THAT SAID, I have a friend who has a XAR P600 and could use this, so sure, if you can send me a stock boot.img, I will patch it and upload :)

    As for your redirecting people to the other thread, I do not mind, but I would appreciate it if you also let it be known right here in your post that where you are sending them is NOT a fully stock firmware like this one is meant to provide. This thread is about patching ONLY boot to get root, and everything else is stock. That custom ROM you are redirecting them to, while I am sure is a good one, is NOT fully stock. I just want to make sure people know this before they go there and download it. Thanks!

    I posted an OK1 patched boot img for the XAR P600 here:

    http://forum.xda-developers.com/showpost.php?p=63980054&postcount=171
    3
    Install method below..
    Well, that was scary.. Got a boot loop - but managed to get out of it by manually flashing the SuperSU beta 2.52 zip in TWRP recovery..
    Here is what I did to get ROOT, in quotes as I took notes when I did it (pasted in) and to distinguish it from the rest! :)

    Copy patched Boot .IMG and SuperSU Beta 2.52.ZIP to P600 device in Windows (just into the root folder).
    (The IMG file is the system specific file from the first post, the SuperSU file is the correct version for my device from the SuperSU website.
    You'll also need TWRP for your device. I downloaded 2.8.7.0 and you'll need it as a TAR file.

    Install TWRP..
    Enter Download mode on P600 (Vol Down and Power). Connect to PC.
    Next, using Odin 3.09. (untick auto-reboot) Click on AP - Select TWRP 2.8.7.0 tar file. Start to upload to device.
    When complete, shut down tablet (power button) as you should have chose not to auto reboot it!
    Boot into recovery mode (NOT same as download mode) with Home, Vol UP and Power on my P600.
    Takes a while (get "recovery is not SEANDROID enforcing" message).

    Install Image and Root..
    Now this is where things get scary.. As expected, the touch screen didn’t work.
    Using SPen, I clicked on install and tried to flash the Custom Boot IMG file. Bear it in mind the SPEN is VERY sensitive.. Hold it a bit above the device. Need to change to IMG (bottom right), rather than Zip, as you're installing an Image file.
    This went fine and I selected to reboot the device but (mistake) chose to flash SuperSU when prompted during the reboot.. I didn't manually do it, it just came up..
    I don't know which version of SuperSU it tried to install but I was in a boot loop.. Not good..

    Anyway, I went back into TWRP recovery mode (using key combo to get out of the boot loop) and did another install. This time a ZIP install, selecting the SuperSU 2.52 Beta .zip file.
    Installed fine, chose to reboot, all OK - I now have confirmed root! :)

    #H

    Thanks to all involved and Karthikrr for the IMG and this thread - keeping everyone together! :)

    Cheers,

    #H
    2
    Hey, So at what step in this do I start if I dl'ed the Patched boot img? Thanks in advance.

    Part 3, Step 4:

    Flash new boot.img on your Note 10.1. Reboot, make sure everything is working.

    Copy this patchedboot.img file to your Note 10.1, reboot into TWRP, go to the install zip section, toggle image mode, flash the patchedboot.img file and reboot the device. If the device reboots successfully, pat yourself on the back. At this point, all you have done is patched the sepolicy to allow rooting, but you have not yet rooted the device.

    In TWRP, when you hit Install, on the bottom right, you will see an option for Images. Select that and when you goto the folder with your img, you should see the new img you copied on to your device. Continue with Part 4 for full root.

    IF the device does not boot, you want to flash the stock boot.img again, so make sure you have a copy of that on your device as well, so you can recover easily!