Root For S7/S7Edge Oreo And Nougat

[mohamed.sakhiri]

Cracks me up when noobs are on parade. lol Apparently some folks still don't know the one and only JRKruse.

Anyway, just to clear things up for others... there are three different boot.img (kernel) versions.

Stock - comes with the regular stock firmware
Combi - a special combination firmware for testing purposes, especially for older apps, ADB enabled by default, NOT for rooting
Eng-Boot - a special kernel with SElinux permissions for testing and rooting purposes, ADB enabled by default, but will NOT unlock the bootloader

Now, the latest so called G93x "Eng-boot" Rev.B/11 found on various sites, is unfortunately just a mislabeled combi boot, NOT for rooting.
I have emailed all those sites which host this wrong file, but apparently they're not interested in correcting it, so don't get too happy.

Whenever the real Eng-Boot Rev. B/11 comes out, rest assured I will post it, but not before unpacking and checking its version string, which should look something like this.
"ro.bootimage.build.fingerprint=samsung/heroqlteuc/heroqlteatt:8.0.0/R16NW/G930VVRSBCTA1:eng/test-keys"
and NOT like this:
"ro.bootimage.build.fingerprint=Verizon/heroqltevzw/heroqltevzw:8.0.0/R16NW/G930VVRSBCTA1:user/test-keys"
Notice the difference at the end of the lines between "eng/test-keys" vs "user/test-keys"

Also, any Eng-Boot made for G93x A/P/T/V/U should work on any G93x A/P/T/V/U model as long as it has the same Rev.#
In other words, an Eng-Boot file released for the G930A should be flashable onto any G930x A/P/T/V/U model with the same Rev.#
Hope that helps.


Recently I have run across something that caught my eyes, SUPPOSEDLY there's a G930R4 root solution available at https://eftsu.com/ which should run on any US G930x model A/P/T/V/U Rev.B, since they are all Qualcomm based. From the "Model:" menu select SM-G930R4 and download the file SM-G930R4_G930R4TYSBCTA2_8.0_a3cf7.8EFT, then flash it with their special encrypted flashing tool https://eftsu.com/EFTSU_Flash.exe
You will also have to install EFTSU Manager https://play.google.com/store/apps/details?id=com.easy.eftsumanager for SuperUser/permissions management.

Please note that I have NOT tested it since currently I don't have a G930x available, so if anyone wants to try, please report back.
If it doesn't work or boot-loops, simply re-flash it with the latest stock firmware Rev.B or higher, and do a factory reset from the recovery menu.
Currently looks like it's only available for the G930x models and not yet for the G935x, but that may change at any time.

Tried it, not working, says finished on the program but on download mode it dosen't flash and only says "Secure check failed : boot"
Seems like we got no hope except an eng boot

 

[billa]

Tried it, not working, says finished on the program but on download mode it dosen't flash and only says "Secure check failed : boot"
Seems like we got no hope except an eng boot

Thanks for testing it, as I noted in my post, I didn't have a chance to try it... at least now we know.
It was supposed to be an Eng-Boot for the G930R4 model, but it would have been too good to be true. he-he

 

[zfk110]

Interesting idea, I will look into it... assuming it needs an eng-boot which unfortunately is still not available for the latest firmware Rev.B/11.
Combination firmware is available, but that does not have shell root or SELinux permission.

Oh, I see... using the AudioCoreDebug exploit to send "chmod -R 0777 /persist" in order to create a "persists" folder with root privileges, followed by SafeStrap/FlashFire.
Looks like it might be doable with combi alone, I will give it a shot.
Course it also needs a prerooted S7 ROM for this to actually work, and I know you're not interested.
Would it work if I flashed the various partitions saved by "dd if= ... of=" from a previously rooted S7 with boot Rev.A/10 ?
Would this also have the 80% battery issue and other oddities?

Some people still believe that the S7 series was the greatest Samsung ever made... course it's subjective. lol

Were you able to do it?

I'm going to try this here to downgrade

https://forum.xda-developers.com/galaxy-s8/how-to/guide-skipping-kg-prenormal-oneui-t3911862

 

[jrkruse]

Were you able to do it?

I'm going to try this here to downgrade

https://forum.xda-developers.com/galaxy-s8/how-to/guide-skipping-kg-prenormal-oneui-t3911862

Were you able to do it?

I'm going to try this here to downgrade

https://forum.xda-developers.com/galaxy-s8/how-to/guide-skipping-kg-prenormal-oneui-t3911862

Lol you really don’t think a guide for the s8 exynos with unlocked bootloaders is going to work on s7 do you?


Sent from some device I modified

 

[zfk110]

Lol you really don’t think a guide for the s8 exynos with unlocked bootloaders is going to work on s7, do you?


Sent from some device I modified

You are the master of these phones if you think it won't work then I wont try, but I have been looking/waiting for this phone to be rooted, I just thought it might work, but I couldn't find sboot.bin and cm.bin files on stock firmware I was able to run Linux, and I was able to unzip Modem.bin though

 

[billa]

Were you able to do it?

I'm going to try this here to downgrade

https://forum.xda-developers.com/galaxy-s8/how-to/guide-skipping-kg-prenormal-oneui-t3911862

As JRKruse said, it won't work on bootloader locked Qualcomm devices.
Also, don't waste your time trying to downgrade, it's only possible on bootloader unlocked Exynos models.
Till a real Rev.B/11 Eng-Boot comes out, there's nothing you can do which might never happen, that's just the nature of rooting phones.
Your best option is to sell your Qualcomm based phone and buy an Exynos model which is fully rootable including custom recovery, Magisk, root-hide, etc.

 

[mike2246]

Will this work with a SM-G930T1 (MetroPCS) and can I flash Magisk instead of SU?

 

[billa]

Will this work with a SM-G930T1 (MetroPCS) and can I flash Magisk instead of SU?

Please read the guide below carefully on which models/revisions can be rooted.
https://forum.xda-developers.com/showpost.php?p=81410291&postcount=1850

*** This root should work on ANY model G930/G935 A/P/T/V/U with bootloader version Rev.A/10 or lower. ***
*** DO NOT update to the latest firmware with bootloader Rev.B/11 or higher, it's not rootable at this time, and cannot be downgraded! ***

If your current firmware has a bootloader Rev.B/11 or higher (ex. G930UUESxCSI1 "x" is the 5th digit from right to left is "B-Z"), then there's no way to root it or downgrade it, don't waste your time you'll just have to wait till a solution comes out. If your current firmware has a bootloader Rev.A/10 or lower (ex. G930UUESxCSI1 "x" is the 5th digit from right to left is an "A" or lower "0-9"), then it's rootable.

So, it will work on your G930T1 as long as the bootloader version is Rev.A/10 or lower (cannot be Rev.B/11 or newer).
All Qualcomm devices have a locked bootloader, therefore you cannot flash a custom recovery nor Magisk on any revision.

 

[vipercoyote]

Ok I have a Sprint S7Edge, will I be able to root?
Model Sm-G935P

Software - G935PVPSBCTA1

Hardware Version- REV0.7

 

[theonlytnb]

Thanks

thank you very much for clearing all that up for us newbs I just wonder where these mysterious root files come from. Samsung, or a root fairy in the sky? I am anxious because I have about 20 s7 with google locks I got from a company that just didnt clear out the old info, and all are on latest firmware, and I dont want to the high price it would cost to remove frp by server. So its been a long wait. Will keep checking back. Thanks

Cracks me up when noobs are on parade. lol Apparently some folks still don't know the one and only JRKruse.

Anyway, just to clear things up for others... there are three different boot.img (kernel) versions.

Stock - comes with the regular stock firmware
Combi - a special combination firmware for testing purposes, especially for older apps, ADB enabled by default, NOT for rooting
Eng-Boot - a special kernel with SElinux permissions for testing and rooting purposes, ADB enabled by default, but will NOT unlock the bootloader

Now, the latest so called G93x "Eng-boot" Rev.B/11 found on various sites, is unfortunately just a mislabeled combi boot, NOT for rooting.
I have emailed all those sites which host this wrong file, but apparently they're not interested in correcting it, so don't get too happy.

Whenever the real Eng-Boot Rev. B/11 comes out, rest assured I will post it, but not before unpacking and checking its version string, which should look something like this.
"ro.bootimage.build.fingerprint=samsung/heroqlteuc/heroqlteatt:8.0.0/R16NW/G930VVRSBCTA1:eng/test-keys"
and NOT like this:
"ro.bootimage.build.fingerprint=Verizon/heroqltevzw/heroqltevzw:8.0.0/R16NW/G930VVRSBCTA1:user/test-keys"
Notice the difference at the end of the lines between "eng/test-keys" vs "user/test-keys"

Also, any Eng-Boot made for G93x A/P/T/V/U should work on any G93x A/P/T/V/U model as long as it has the same Rev.#
In other words, an Eng-Boot file released for the G930A should be flashable onto any G930x A/P/T/V/U model with the same Rev.#
Hope that helps.


Recently I have run across something that caught my eyes, SUPPOSEDLY there's a G930R4 root solution available at https://eftsu.com/ which should run on any US G930x model A/P/T/V/U Rev.B, since they are all Qualcomm based. From the "Model:" menu select SM-G930R4 and download the file SM-G930R4_G930R4TYSBCTA2_8.0_a3cf7.8EFT, then flash it with their encrypted flashing tool https://eftsu.com/EFTSU_Flash.exe
You will also have to install EFTSU Manager https://play.google.com/store/apps/details?id=com.easy.eftsumanager for SuperUser/permissions management.

Please note that I have NOT tested it since currently I don't have a G930x available, so if anyone wants to try, please report back.
If it doesn't work or boot-loops, simply re-flash it with the latest stock firmware Rev.B or higher, and do a factory reset from the recovery menu.
Currently looks like it's only available for the G930x models and not yet for the G935x, but that may change at any time.

 

[jrkruse]

thank you very much for clearing all that up for us newbs I just wonder where these mysterious root files come from. Samsung, or a root fairy in the sky? I am anxious because I have about 20 s7 with google locks I got from a company that just didnt clear out the old info, and all are on latest firmware, and I dont want to the high price it would cost to remove frp by server. So its been a long wait. Will keep checking back. Thanks

Install combo firmware that will accomplish what you are trying too do


Sent from some device I modified

 

[theonlytnb]

?

Install combo firmware that will accomplish what you are trying too do


Sent from some device I modified

I am not aware of how flashing the combination file would lead to me being able to remove frp. If I flash the combo, factory reset, and then flash stock rom the google lock still remains. Is there something I am missing?
I have tried creating adb enabled file using the combination file but just causes bootloop. when I try to use z3x and flash combo file under pda tab with just sboot and engboot there is no sboot file shown in z3x. Not sure if thats clear. Also tried flashing combo file, enabling usb debugging and *#0808# to put it in ad+modem etc but then after flash stock still no adb enabled. all that to say I have definitely used the search button but seem to be stuck.
thanks much,
Newb

 

[DragonFire1024]

I am not aware of how flashing the combination file would lead to me being able to remove frp. If I flash the combo, factory reset, and then flash stock rom the google lock still remains. Is there something I am missing?
I have tried creating adb enabled file using the combination file but just causes bootloop. when I try to use z3x and flash combo file under pda tab with just sboot and engboot there is no sboot file shown in z3x. Not sure if thats clear. Also tried flashing combo file, enabling usb debugging and *#0808# to put it in ad+modem etc but then after flash stock still no adb enabled. all that to say I have definitely used the search button but seem to be stuck.
thanks much,
Newb

If you've already flashed the ENG boot.img/kernel, you should have adb access. Plug phone into PC, let it boot to setup wizard. When done, type codes below

adb shell

if adb starts with a root shell, you can continue below with the codes:

pm list packages setup

A list of packages should appear, listing the names of the setup wizard packages. You want to disable the Samsung/sec setup wizard(s):

pm disable com.xxx.xxx.setupwizard

replace the X's with appropriate package name. Now look at the scree of your phone and hit enter to disable the wizard. If the setup screen disappears, then you will see the Android stock setup. If it DID NOT disappear, disable the next Samsung/sec setup wizard. If Samsung setup disappears, and the Android setup appears, you can now disable the Android setup wizard as well using 'pm disable'. Now clear the data of each package you disabled by using 'pm clear com.xxx.setupwizard'.

If successful, you will has been brought to either the home screen or the settings application. If you're not in the settings application find it and tap on it. Scroll to the accounts area, and tap on it. If there are any accounts listed in the accounts menu remove them. Re-enable your setup wizards once the accounts are removed, and factory reset the device again. If the setup wizards reappear once you enable them, just use ADB to reboot to recovery:

adb reboot recovery

Wipe everything, perform a factory reset and you should be good to go. If you choose not to do a factory reset, then you will have to manually input codes into the settings database that will allow you to get access to navigation bar buttons, the status bar and other items. Until you run those setup wizards you won't have access to your home button or status bar and various other things. So that's why a factory reset is required.

 

[jrkruse]

I am not aware of how flashing the combination file would lead to me being able to remove frp. If I flash the combo, factory reset, and then flash stock rom the google lock still remains. Is there something I am missing?
I have tried creating adb enabled file using the combination file but just causes bootloop. when I try to use z3x and flash combo file under pda tab with just sboot and engboot there is no sboot file shown in z3x. Not sure if thats clear. Also tried flashing combo file, enabling usb debugging and *#0808# to put it in ad+modem etc but then after flash stock still no adb enabled. all that to say I have definitely used the search button but seem to be stuck.
thanks much,
Newb

Its full combination firmware not just the combo boot img or recovery img


Sent from some device I modified

 

[billa]

I am not aware of how flashing the combination file would lead to me being able to remove frp. If I flash the combo, factory reset, and then flash stock rom the google lock still remains. Is there something I am missing?
I have tried creating adb enabled file using the combination file but just causes bootloop. when I try to use z3x and flash combo file under pda tab with just sboot and engboot there is no sboot file shown in z3x. Not sure if thats clear. Also tried flashing combo file, enabling usb debugging and *#0808# to put it in ad+modem etc but then after flash stock still no adb enabled. all that to say I have definitely used the search button but seem to be stuck.
thanks much,
Newb

Here's the full combination for the G930x/935x.
Keep in mind, this is only used for testing, and to remove FRP, it will NOT help with rooting, unless someone builds a pre-rooted rom to be flashed via FlashFire.

If your bootloader is up to Rev.A/10 then use this.
G930x
https://androidfilehost.com/?fid=4349826312261741726
G935x
https://androidfilehost.com/?fid=4349826312261606695

If your bootloader is already on Rev.B/11 then use this.
G930x
https://androidfilehost.com/?fid=4349826312261741725
G935x
https://androidfilehost.com/?fid=4349826312261737776

You can flash the Rev.B/11 combination onto any bootloader up to Rev.B/11, but then you won't be able to root it (no solution yet for Rev.B/11).
Once you flash the Rev.B/11 combination, there's no going back to Rev.A/10 for rooting.
So if your bootloader is up to Rev.A/11, and would like to root it later down the line, then use the first file.
Also, you can flash these combination files regardless of the carrier versions A/P/T/V/U.

 

[theonlytnb]

Cant enable adb

Thank you all. I actually already have the combo file. When I flashed the combo file I could not find OEM unlock anywhere in the settings. I wonder if they took it out. I toggled usb debugging and dialed *#0808# and selected modem + adb and then reflashed stock adb still was not enabled and frp lock was still on. What I really cant figure out is how to enable adb on the frp locked s7 running bit11. Once I get adb enabled I have pretty good tools for removing frp, but cant get adb enabled on this one, as I have never used anything but root files to enable adb. When I flash the Eng boot for bit 11 it causes a boot loop. When I tried to create an adb enabled file using tools and the combo file it also caused a boot loop. So am at a loss here. Thank you all for your time. All the s7 I have are on 11. I could be wrong but I dont see oem unlock option in the developer settings after flashing combo file. I know how to enable the developer settings thats pretty basic, just dont see it there. Thanks again.

Here's the full combination for the G930x/935x.
Keep in mind, this is only used for testing, and to remove FRP, it will NOT help with rooting.

If your bootloader is up to Rev.A/10 then use this.
G930x
https://androidfilehost.com/?fid=4349826312261741726
G935x
https://androidfilehost.com/?fid=4349826312261606695

If your bootloader is already on Rev.B/11 then use this.
G930x
https://androidfilehost.com/?fid=4349826312261741725
G935x
https://androidfilehost.com/?fid=4349826312261737776

You can flash the Rev.B/11 combination onto any bootloader up to Rev.B/11, but then you won't be able to root it (no solution yet for Rev.B/11).
Once you flash the Rev.B/11 combination, there's no going back to Rev.A/10 for rooting.
So if your bootloader is up to Rev.A/11, and would like to root it later down the line, then use the first file.
Also, you can flash these combination files regardless of the carrier versions A/P/T/V/U.

 

[billa]

Thank you all. I actually already have the combo file. When I flashed the combo file I could not find OEM unlock anywhere in the settings. I wonder if they took it out. I toggled usb debugging and dialed *#0808# and selected modem + adb and then reflashed stock adb still was not enabled and frp lock was still on. What I really cant figure out is how to enable adb on the frp locked s7 running bit11. Once I get adb enabled I have pretty good tools for removing frp, but cant get adb enabled on this one, as I have never used anything but root files to enable adb. When I flash the Eng boot for bit 11 it causes a boot loop. When I tried to create an adb enabled file using tools and the combo file it also caused a boot loop. So am at a loss here. Thank you all for your time. All the s7 I have are on 11. I could be wrong but I dont see oem unlock option in the developer settings after flashing combo file. I know how to enable the developer settings thats pretty basic, just dont see it there. Thanks again.

Just do a factory reset with the combi, then flash the stock firmware, no need to enable anything, it's simple as that.
Again, if you wish to be able to root it, flash it with the RevA/10 stock, unless it's already on the Rev.B/11 combi.

 

[theonlytnb]

Just do a factory reset with the combi, then flash the stock firmware, no need to enable anything, it's simple as that.
Again, if you wish to be able to root it, flash it with the RevA/10 stock, unless it's already on the Rev.B/11 combi.

When I do a factory reset after combo flash, and then reload stock frp is still on and adb still not enabled
Thanks

 

[jrkruse]

Thank you all. I actually already have the combo file. When I flashed the combo file I could not find OEM unlock anywhere in the settings. I wonder if they took it out. I toggled usb debugging and dialed *#0808# and selected modem + adb and then reflashed stock adb still was not enabled and frp lock was still on. What I really cant figure out is how to enable adb on the frp locked s7 running bit11. Once I get adb enabled I have pretty good tools for removing frp, but cant get adb enabled on this one, as I have never used anything but root files to enable adb. When I flash the Eng boot for bit 11 it causes a boot loop. When I tried to create an adb enabled file using tools and the combo file it also caused a boot loop. So am at a loss here. Thank you all for your time. All the s7 I have are on 11. I could be wrong but I dont see oem unlock option in the developer settings after flashing combo file. I know how to enable the developer settings thats pretty basic, just dont see it there. Thanks again.

The oem unlock is in developer settings which you have to enable by tapping 5 times on build number wipe data while still on combo firmware. When flashing stock don’t flash user data in odin


Sent from some device I modified

 

[theonlytnb]

gotcha. I was not able to find OEM unlock in the developer settings. I was able to turn them on tapping the build number five times, but oem unlock wasnt on option that I saw. I wonder if its just not there or perhaps I missed it. IS there a way to create or flash a file that enables adb? Besides the combo? Cuz not seeing oem unlock.
Thanks

The oem unlock is in developer settings which you have to enable by tapping 5 times on build number wipe data while still on combo firmware. When flashing stock don’t flash user data in odin


Sent from some device I modified