Root For S7/S7Edge Oreo And Nougat

[Orlando_Native]

I know this particular thread is (mostly, when it's on topic) about the locked bootloader on the US versions of the Galaxy S7 and S7 Edge; but maybe there's a problem with "forest because of the trees" viewpoints.

Mobile phones are - basically - small computers with radio transceivers integrated into them. Computers *can* be programmed; but to do that one has to understand how the particular computer works.

Now, when one of these phones powers up; there's obviously a sequence of events. None of the pieces are completely independent; they interact.

First of all; a caveat. I'm not an Android expert; nor; for that matter; a mobile phone expert; but I have worked with computers for over 50 years now. And in general; computers tend to follow the same logical steps. The hardware powers on; the initial boot sequence (usually a hardware function) loads a "bootstrap" (which in the case of a mobile phone is probably the bootloader firmware section; or a portion of it) ; and then passes control to the code just loaded. So the question then becomes; how do we make use of this?

I wonder if the answer isn't in how the engineering boot image "works". Obviously, the boot loader continues to manage to load it; *even though* folks root it. Now; signing usually involves keys. But realistically the only way to verify that the key actually matches the code is if some "checksum" methodology is used to ensure that code itself hasn't been altered. Yet in the case of the engineering boot image; once rooted; it *has* been altered. Yet it still passes the signing check from the bootloader each time the phone is power cycled. How?

Another question is about the bootloader itself. Does it remain in memory (and have a function) after the basic phone firmware is loaded? Or is it "overlaid" by the code it loads and thus disappears once the phone software is initialized? If so; why couldn't one of those "engineering boot images" perform a similar function *after* it gets loaded? IE; read a custom rom image from device or extermal storage (maybe from a SD card?) and load it on top of it's code originally loaded by the bootloader; and then transfer control to it? Just like the bootloader itself does; but without the signing checks? *IF* you can root an engineering boot image; then it seems like you could add this functionality to it. Yes; it might take longer for a phone to completely initialize after power on; but is that a significant concern?

There's also the question as to whether there are any *other* Snapdragon-based (QC) phones using this same chip *outside* the US that don't have locked bootloaders; but are still signed (if the initial bootloader image is forced to be signed by the Snapdragon chip itself)? If so; could one of their images be flashed in place of the ones used in the US?

And one more. Just why can't a bootloader be "down rev'ed" once it's "upgraded"? It's just code. What does installing a "new" version actually *do* that can't be "undone" if you totally replace that code with a previous version? I understand that this might make the boot image that it would then try to load incompatible; but that can be re-written as well.

Just a few "outside of the box" questions.

 

[johnwaldon1]

Hello,
Forgive me if this question might be noobish:

I am G930TUVSBCTA2.
Can I root ?

 

[Seattleweather]

Hello,
Forgive me if this question might be noobish:

I am G930TUVSBCTA2.
Can I root ?

No, not at this time.
*** This root should work on ANY model G930/G935 A/P/Rx/T/V/U with bootloader version Rev.A/10 or lower. ***
*** DO NOT update to the latest firmware with bootloader Rev.B/11 or higher, it's not rootable at this time, and cannot be downgraded! ***

 

[johnwaldon1]

No, not at this time.
*** This root should work on ANY model G930/G935 A/P/Rx/T/V/U with bootloader version Rev.A/10 or lower. ***
*** DO NOT update to the latest firmware with bootloader Rev.B/11 or higher, it's not rootable at this time, and cannot be downgraded! ***

Darn.
Thanks for replying.

Let us pray:
O Lord, please grant us root soon.
Amen.

 

[Rebnasty]

Hullo,
Forgive yet another newbie question (first time playing around with rooting / modifying an S7) but in the case of my two S7's that I want to try this with, am I correct in assuming that the bootloader version is the last two/three numbers and letters in the baseband? Nope. Looked here: Samsung Build Versions and if I read this right...

Ex: Phone 1 - G930AUCUBCTB1 - Rev.B/1
Phone 2 - G930UUESBCTA3 - Rev.A/3

Both phones are Rev.C/11 (????) If I'm reading this right, neither of these can be rooted at this time?

 

[Seattleweather]

Hullo,
Forgive yet another newbie question (first time playing around with rooting / modifying an S7) but in the case of my two S7's that I want to try this with, am I correct in assuming that the bootloader version is the last two/three numbers and letters in the baseband? Nope. Looked here: Samsung Build Versions and if I read this right...

Ex: Phone 1 - G930AUCUBCTB1 - Rev.B/1
Phone 2 - G930UUESBCTA3 - Rev.A/3

Both phones are Rev.C/11 (????) If I'm reading this right, neither of these can be rooted at this time?

Both B
G930AUCUBCTB1
G930UUESBCTA3

 

[Hi-Tek Redneck]

hey yall.. im looking for some direction.. had s7 got root and set up how i wanted just to find out my carrier (cricket) didnt support it bc of no 4g volte.. bought a new phone from them (a01 galaxy) and was looking for help with root/rom details here: https://forum.xda-developers.com/t/galaxy-a015az-cricket-root-rom.4231777/

 

[billa]

And one more. Just why can't a bootloader be "down rev'ed" once it's "upgraded"? It's just code. What does installing a "new" version actually *do* that can't be "undone" if you totally replace that code with a previous version? I understand that this might make the boot image that it would then try to load incompatible; but that can be re-written as well.

The answer is that the bootloader is fused electronically, you can only flash an equal or higher version bootloader/firmware.
It's a hardware protection implemented by most phone manufacturers, and there's no known way around it.
If there was, we would have root on all bootloader versions by simply downgrading it, but no can do.
Don't lose too much sleep over it, lots of very smart guys have tried already to no avail.
The only way, is by unlocking the bootloader which is protected with a 256bit AES key, so good luck.

hey yall.. im looking for some direction.. had s7 got root and set up how i wanted just to find out my carrier (cricket) didnt support it bc of no 4g volte.. bought a new phone from them (a01 galaxy) and was looking for help with root/rom details here: https://forum.xda-developers.com/t/galaxy-a015az-cricket-root-rom.4231777/

VoLTE won't work on the "U" unlocked firmware even if it's flashed with Cricket/ATT firmware, unless it has an original ATT IMEI (yeah ATT blows!). There's no way around it, it's controlled by the network.

 

[Hi-Tek Redneck]

The answer is that the bootloader is fused electronically, you can only flash an equal or higher version bootloader/firmware.
It's a hardware protection implemented by most phone manufacturers, and there's no known way around it.
If there was, we would have root on all bootloader versions by simply downgrading it, but no can do.
Don't lose too much sleep over it, lots of very smart guys have tried already to no avail.
The only way, is by unlocking the bootloader which is protected with a 256bit AES key, so good luck.





VoLTE won't work on the "U" unlocked firmware even if it's flashed with Cricket/ATT firmware, unless it has an original ATT IMEI (yeah ATT blows!). There's no way around it, it's controlled by the network.

Thanks, Cricket sucks in the fact that they wouldnt even let me check the firmware and build number on the phone until it was purchased..
Does Anybody know of a reasonably priced phone I could look for that can be fully Rooted/Rom without all the google/samsung (big brother watching BS) ?? Was looking at the librem phones from purism, but they are way outta my price range..
OR-- would it be a possibility to still do something with either my S7 or the A01 through a different carrier??

 

[ahmadbilal505050]

Please bring root for bootloader VB or 11

 

[sasuke3369]

Oreo Root For The S7/S7E (Will work on V8 Bootloader) Is Finally Here!!​

A big thanks goes out to @klabit87 he is 99 percent the reason we have root! Also @stang5litre and stang5litre test group and @gustco for eng boot.img



Downloads

S7_Oreo_Nougat_Adb_Advanced_Root_V12.zip Recommended Root Zip

This zip gives you the option to install some cpu tweaks and will also. Install the entropy tweak that the SEFix app does. The tweak sets entropy to high by default I also include the SEFix app if you want to change the settings. I also set the swappiness settings to very high. If you want to change these settings you can download the speedup swap app from playstore. The above zip also removes knox and changes the fstab.qcom file to disable dm-verity on system files and remove all file encryption which makes it seem to work better and make it compatible with my no root roms that has to have this done to allow safestrap to work. Installing the above zip requires a data wipe unless you have already installed it or you are coming from my non rooted roms



S7_Oreo_Su_Binary_Only_ADB_Root.zip Alternative Root Zip

This root zip is only for oreo an only installs the su binary to the system/xbin folder giving you root privelages it has no tweaks and does not change the fstab.qcomn file to remove dm-verity and system file encryption. There is no SuperSU app installed either but you will have root privelages.



View attachment 4562919

If you need to reinstall the SuperSu app only use this one







Directions:

This works for Oreo And Nougat Roms

As always there is a chance of bricking your phone

1. Download and extract S7_Oreo_Nougat_Adb_Advanced_Root.zip

2. Reboot your phone to download mode

3. Inside the S7_Oreo_Nougat_Adb_Advanced_Root folder you will find an Odin_Firmware folder. Use Odin and flash the Eng Boot Image for your

phone

4. Once phone is rebooted and connected to computer click on the cmd-here.exe and type root.bat in the command window and hit enter

5. Follow directions on the comand window

6. You can only use system root on Oreo

7. Once root is done and root bat closes leave your phone alone for a few minutes it may reboot a couple of times

8. Sprint Users This should work for you as well just let me know if your phone reboots with eng boot.img installed like it did on nougat while try too run the root.bat. I may need to change some things

9. With this system root do not update su binary if in anyway you get something asking you to update binaries ignore it. You can also disable notifications about updating binaries. This will not affect su app

10. Don't flash any superuser zips in recovery that are not made by me

Bugs

The usual root bugs that were present in nougat are still present in oreo

This has not been tested much so new bugs may arise



Volte And Hotspot Fix

View attachment 4555265





Credits:

- @Raymonf for modified odin

- @afaneh92 for safestrap

- @me2151 for help and finding alternative flash methods

- @tytydraco for some instructions

- @mweinbach for some instructions

- @Craz Basics for help

- @partcyborg for help and guides other devices root methods

- @elliwigy for being great help when I need it

- @stang5litre

- @jds3118

- @Krog18

If I missed you please pm me



Donations

If you would like to donate please send all donations to @klabit87 PayPal Link Here and give a thanks!

Hi, I'm new here I have an s7 g930v and I flashed g930u firmware on it. But when gaming device performance is not so good, gpu seats at 113mhz which makes games like pubg unplayable. I'm on binary b 11, any help on how to root.
Okay if maybe there's no rootable method can I at least adb push some thermal.conf file to system partition?

 

[tdurdenn]

g930V

Will this work? I cant tell if i got right bootloader.