Root For S7/S7Edge Oreo And Nougat

Search This thread

Orlando_Native

New member
Feb 5, 2021
1
0
I know this particular thread is (mostly, when it's on topic) about the locked bootloader on the US versions of the Galaxy S7 and S7 Edge; but maybe there's a problem with "forest because of the trees" viewpoints.

Mobile phones are - basically - small computers with radio transceivers integrated into them. Computers *can* be programmed; but to do that one has to understand how the particular computer works.

Now, when one of these phones powers up; there's obviously a sequence of events. None of the pieces are completely independent; they interact.

First of all; a caveat. I'm not an Android expert; nor; for that matter; a mobile phone expert; but I have worked with computers for over 50 years now. And in general; computers tend to follow the same logical steps. The hardware powers on; the initial boot sequence (usually a hardware function) loads a "bootstrap" (which in the case of a mobile phone is probably the bootloader firmware section; or a portion of it) ; and then passes control to the code just loaded. So the question then becomes; how do we make use of this?

I wonder if the answer isn't in how the engineering boot image "works". Obviously, the boot loader continues to manage to load it; *even though* folks root it. Now; signing usually involves keys. But realistically the only way to verify that the key actually matches the code is if some "checksum" methodology is used to ensure that code itself hasn't been altered. Yet in the case of the engineering boot image; once rooted; it *has* been altered. Yet it still passes the signing check from the bootloader each time the phone is power cycled. How?

Another question is about the bootloader itself. Does it remain in memory (and have a function) after the basic phone firmware is loaded? Or is it "overlaid" by the code it loads and thus disappears once the phone software is initialized? If so; why couldn't one of those "engineering boot images" perform a similar function *after* it gets loaded? IE; read a custom rom image from device or extermal storage (maybe from a SD card?) and load it on top of it's code originally loaded by the bootloader; and then transfer control to it? Just like the bootloader itself does; but without the signing checks? *IF* you can root an engineering boot image; then it seems like you could add this functionality to it. Yes; it might take longer for a phone to completely initialize after power on; but is that a significant concern?

There's also the question as to whether there are any *other* Snapdragon-based (QC) phones using this same chip *outside* the US that don't have locked bootloaders; but are still signed (if the initial bootloader image is forced to be signed by the Snapdragon chip itself)? If so; could one of their images be flashed in place of the ones used in the US?

And one more. Just why can't a bootloader be "down rev'ed" once it's "upgraded"? It's just code. What does installing a "new" version actually *do* that can't be "undone" if you totally replace that code with a previous version? I understand that this might make the boot image that it would then try to load incompatible; but that can be re-written as well.

Just a few "outside of the box" questions.
 

Seattleweather

Senior Member
Oct 30, 2016
85
1
Hello,
Forgive me if this question might be noobish:

I am G930TUVSBCTA2.
Can I root ?
No, not at this time.
*** This root should work on ANY model G930/G935 A/P/Rx/T/V/U with bootloader version Rev.A/10 or lower. ***
*** DO NOT update to the latest firmware with bootloader Rev.B/11 or higher, it's not rootable at this time, and cannot be downgraded! ***
 

Rebnasty

New member
Feb 8, 2021
1
0
Hullo,
Forgive yet another newbie question (first time playing around with rooting / modifying an S7) but in the case of my two S7's that I want to try this with, am I correct in assuming that the bootloader version is the last two/three numbers and letters in the baseband? Nope. Looked here: Samsung Build Versions and if I read this right...

Ex: Phone 1 - G930AUCUBCTB1 - Rev.B/1
Phone 2 - G930UUESBCTA3 - Rev.A/3

Both phones are Rev.C/11 (????) If I'm reading this right, neither of these can be rooted at this time?
 
Last edited:

Seattleweather

Senior Member
Oct 30, 2016
85
1
Hullo,
Forgive yet another newbie question (first time playing around with rooting / modifying an S7) but in the case of my two S7's that I want to try this with, am I correct in assuming that the bootloader version is the last two/three numbers and letters in the baseband? Nope. Looked here: Samsung Build Versions and if I read this right...

Ex: Phone 1 - G930AUCUBCTB1 - Rev.B/1
Phone 2 - G930UUESBCTA3 - Rev.A/3

Both phones are Rev.C/11 (????) If I'm reading this right, neither of these can be rooted at this time?
Both B
G930AUCUBCTB1
G930UUESBCTA3
 

billa

Senior Member
Mar 30, 2006
730
352
And one more. Just why can't a bootloader be "down rev'ed" once it's "upgraded"? It's just code. What does installing a "new" version actually *do* that can't be "undone" if you totally replace that code with a previous version? I understand that this might make the boot image that it would then try to load incompatible; but that can be re-written as well.


The answer is that the bootloader is fused electronically, you can only flash an equal or higher version bootloader/firmware.
It's a hardware protection implemented by most phone manufacturers, and there's no known way around it.
If there was, we would have root on all bootloader versions by simply downgrading it, but no can do.
Don't lose too much sleep over it, lots of very smart guys have tried already to no avail.
The only way, is by unlocking the bootloader which is protected with a 256bit AES key, so good luck.



hey yall.. im looking for some direction.. had s7 got root and set up how i wanted just to find out my carrier (cricket) didnt support it bc of no 4g volte.. bought a new phone from them (a01 galaxy) and was looking for help with root/rom details here: https://forum.xda-developers.com/t/galaxy-a015az-cricket-root-rom.4231777/

VoLTE won't work on the "U" unlocked firmware even if it's flashed with Cricket/ATT firmware, unless it has an original ATT IMEI (yeah ATT blows!). There's no way around it, it's controlled by the network.
 
Last edited:
Feb 10, 2021
6
0
USA
The answer is that the bootloader is fused electronically, you can only flash an equal or higher version bootloader/firmware.
It's a hardware protection implemented by most phone manufacturers, and there's no known way around it.
If there was, we would have root on all bootloader versions by simply downgrading it, but no can do.
Don't lose too much sleep over it, lots of very smart guys have tried already to no avail.
The only way, is by unlocking the bootloader which is protected with a 256bit AES key, so good luck.





VoLTE won't work on the "U" unlocked firmware even if it's flashed with Cricket/ATT firmware, unless it has an original ATT IMEI (yeah ATT blows!). There's no way around it, it's controlled by the network.
Thanks, Cricket sucks in the fact that they wouldnt even let me check the firmware and build number on the phone until it was purchased..
Does Anybody know of a reasonably priced phone I could look for that can be fully Rooted/Rom without all the google/samsung (big brother watching BS) ?? Was looking at the librem phones from purism, but they are way outta my price range..
OR-- would it be a possibility to still do something with either my S7 or the A01 through a different carrier??
 

sasuke3369

Member
Jul 8, 2017
9
0
Oreo Root For The S7/S7E (Will work on V8 Bootloader) Is Finally Here!!

A big thanks goes out to @klabit87 he is 99 percent the reason we have root! Also @stang5litre and stang5litre test group and @gustco for eng boot.img



Downloads


S7_Oreo_Nougat_Adb_Advanced_Root_V12.zip Recommended Root Zip

This zip gives you the option to install some cpu tweaks and will also. Install the entropy tweak that the SEFix app does. The tweak sets entropy to high by default I also include the SEFix app if you want to change the settings. I also set the swappiness settings to very high. If you want to change these settings you can download the speedup swap app from playstore. The above zip also removes knox and changes the fstab.qcom file to disable dm-verity on system files and remove all file encryption which makes it seem to work better and make it compatible with my no root roms that has to have this done to allow safestrap to work. Installing the above zip requires a data wipe unless you have already installed it or you are coming from my non rooted roms



S7_Oreo_Su_Binary_Only_ADB_Root.zip Alternative Root Zip

This root zip is only for oreo an only installs the su binary to the system/xbin folder giving you root privelages it has no tweaks and does not change the fstab.qcomn file to remove dm-verity and system file encryption. There is no SuperSU app installed either but you will have root privelages.



View attachment 4562919

If you need to reinstall the SuperSu app only use this one







Directions:

This works for Oreo And Nougat Roms

As always there is a chance of bricking your phone

1. Download and extract S7_Oreo_Nougat_Adb_Advanced_Root.zip

2. Reboot your phone to download mode

3. Inside the S7_Oreo_Nougat_Adb_Advanced_Root folder you will find an Odin_Firmware folder. Use Odin and flash the Eng Boot Image for your

phone

4. Once phone is rebooted and connected to computer click on the cmd-here.exe and type root.bat in the command window and hit enter

5. Follow directions on the comand window

6. You can only use system root on Oreo

7. Once root is done and root bat closes leave your phone alone for a few minutes it may reboot a couple of times

8. Sprint Users This should work for you as well just let me know if your phone reboots with eng boot.img installed like it did on nougat while try too run the root.bat. I may need to change some things

9. With this system root do not update su binary if in anyway you get something asking you to update binaries ignore it. You can also disable notifications about updating binaries. This will not affect su app

10. Don't flash any superuser zips in recovery that are not made by me

Bugs

The usual root bugs that were present in nougat are still present in oreo

This has not been tested much so new bugs may arise



Volte And Hotspot Fix

View attachment 4555265





Credits:

- @Raymonf for modified odin

- @afaneh92 for safestrap

- @me2151 for help and finding alternative flash methods

- @tytydraco for some instructions

- @mweinbach for some instructions

- @Craz Basics for help

- @partcyborg for help and guides other devices root methods

- @elliwigy for being great help when I need it

- @stang5litre

- @jds3118

- @Krog18

If I missed you please pm me



Donations

If you would like to donate please send all donations to @klabit87 PayPal Link Here and give a thanks!
Hi, I'm new here I have an s7 g930v and I flashed g930u firmware on it. But when gaming device performance is not so good, gpu seats at 113mhz which makes games like pubg unplayable. I'm on binary b 11, any help on how to root.
Okay if maybe there's no rootable method can I at least adb push some thermal.conf file to system partition?
 

tdurdenn

Member
Jul 30, 2016
29
4
g930V

Screenshot_20210328-143402.jpg


Will this work? I cant tell if i got right bootloader.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 85
    Oreo Root For The S7/S7E (Will work on V8 Bootloader) Is Finally Here!!​

    A big thanks goes out to @klabit87 he is 99 percent the reason we have root! Also @stang5litre and stang5litre test group and @gustco for eng boot.img



    Downloads

    S7_Oreo_Nougat_Adb_Advanced_Root_V12.zip Recommended Root Zip

    This zip gives you the option to install some cpu tweaks and will also. Install the entropy tweak that the SEFix app does. The tweak sets entropy to high by default I also include the SEFix app if you want to change the settings. I also set the swappiness settings to very high. If you want to change these settings you can download the speedup swap app from playstore. The above zip also removes knox and changes the fstab.qcom file to disable dm-verity on system files and remove all file encryption which makes it seem to work better and make it compatible with my no root roms that has to have this done to allow safestrap to work. Installing the above zip requires a data wipe unless you have already installed it or you are coming from my non rooted roms



    S7_Oreo_Su_Binary_Only_ADB_Root.zip Alternative Root Zip

    This root zip is only for oreo an only installs the su binary to the system/xbin folder giving you root privelages it has no tweaks and does not change the fstab.qcomn file to remove dm-verity and system file encryption. There is no SuperSU app installed either but you will have root privelages.



    View attachment SuperSU.apk

    If you need to reinstall the SuperSu app only use this one







    Directions:

    This works for Oreo And Nougat Roms

    As always there is a chance of bricking your phone

    1. Download and extract S7_Oreo_Nougat_Adb_Advanced_Root.zip

    2. Reboot your phone to download mode

    3. Inside the S7_Oreo_Nougat_Adb_Advanced_Root folder you will find an Odin_Firmware folder. Use Odin and flash the Eng Boot Image for your

    phone

    4. Once phone is rebooted and connected to computer click on the cmd-here.exe and type root.bat in the command window and hit enter

    5. Follow directions on the comand window

    6. You can only use system root on Oreo

    7. Once root is done and root bat closes leave your phone alone for a few minutes it may reboot a couple of times

    8. Sprint Users This should work for you as well just let me know if your phone reboots with eng boot.img installed like it did on nougat while try too run the root.bat. I may need to change some things

    9. With this system root do not update su binary if in anyway you get something asking you to update binaries ignore it. You can also disable notifications about updating binaries. This will not affect su app

    10. Don't flash any superuser zips in recovery that are not made by me

    Bugs

    The usual root bugs that were present in nougat are still present in oreo

    This has not been tested much so new bugs may arise



    Volte And Hotspot Fix

    View attachment OREO_VOLTE_ICON_HOTSPOT_FIX.zip





    Credits:

    - @Raymonf for modified odin

    - @afaneh92 for safestrap

    - @me2151 for help and finding alternative flash methods

    - @tytydraco for some instructions

    - @mweinbach for some instructions

    - @Craz Basics for help

    - @partcyborg for help and guides other devices root methods

    - @elliwigy for being great help when I need it

    - @stang5litre

    - @jds3118

    - @Krog18

    If I missed you please pm me



    Donations

    If you would like to donate please send all donations to @klabit87 PayPal Link Here and give a thanks!
    18
    I have made a new root method that incorporates my unroot method into it and it can be flashed on any carriers (excepty sprint of course unless they are still v4 bootloader) and either variant of the S7 or S7 edge. It also contains temporary TWRP recovery, thats correct full TWRP recover that can be entered through adb. TWRP only works on fully on oreo and is very limited on nougat due to the data encryption issue so on nougat you are limited too stuff that only changes the system and not data as you cannot mount data without wiping it first. Oreo however it is fully working excepty mtp meaning your phone doesnt show up as a hard drive on your computer when in recovery but adb is functional in recovery. The root method still uses the crappy engboot with the same crapy lag but I have added back the systemless option in root for oreo that seems to execute startup scripts quicker so it may help. To root you simply enter TWRP and Flash a zip. I will post later today
    15
    I would like to say thank you to all the people that donated money to me in 2018. What I did was save the money over the year which added up to be a little over 200 dollars. I took that money and order 30 pizzas and had them delivered to my local homeless shelter. So thank you for allowing me too help out some people in need


    Sent using some kind of device I modified
    13
    sorry bro when you upload the file for the bootloader v8? ??
    Whoa guy... It will be uploaded soon. Just hold on tight to whatever is nearest to you.

    Sent from my Pixel 2 XL using Tapatalk

    ---------- Post added at 06:35 PM ---------- Previous post was at 06:29 PM ----------

    G930_v8.tar
    https://www.androidfilehost.com/?fid=11410963190603889616
    (Tested this one on my seriously bricked s7)

    G935_v8.tar
    https://www.androidfilehost.com/?fid=11410963190603889615

    And don't forget to thank @jrkruse
    13
    I am going to stop development on the s7/s7e. I think we have done some great things with the s7 but the time has come to move on. I have some final stuff I may post if I get around to it. I have left alot of stuff here in the s7 threads anyone is free to carry on my stuff. Anyone is free to use the stuff posted here or throughout the s7/s7e forums however they see fit. Just remember if I used something of someones and credit them I expect you too do the same. I may from time to time pop in and add something here or there but then again I may not. I thank all the people for their help along the way and the donations.


    Sent using some kind of device I modified
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone