Android Rooting Protocols

Target phone: Samsung G935U. The S7 is when Samsung started bootloader locking all US phones. Exploits are dependent on the physical architecture and the software of the target device.

There are two universal ways to root an Android device. One is by implementing exploits and the other is through flashing custom recovery. Generally speaking, there are no one-click root methods that are safe.

On older versions of Android, there were one-click root applications that would rely on exploits, however, these have all fallen out of fashion as patches render the available exploits useless.

Preparing the Device (Step 1)

In order to prepare our target device to be flashed with TWRP, we must first ensure the phone is in Developer Mode. Go into Settings and look for “Developer Options” – if this isn’t there, find “About Phone” and tap the “Build Number” button 7 times in a row.

When you return to the Settings folder, “Developer Options” should be there now. Enable this (if there is a toggle) and enable “USB Debugging”. This will allow us to use ADB on the stock ROM.

Additionally, enable “OEM Unlock” if the option is there. This will allow you to flash unsigned images to the device.

Establishing your working directory with Odin (Step 2)

We need to download the tool which will be used for flashing custom memory to the device’s different partitions. For most devices a tool called Fastboot is used. For Samsung devices, where Fastboot is not compatible, we use a Window’s only tool called Odin.

Action: Once we download the latest version of Odin, extract the zip file (e.g.: “Odin_3.12.3.zip”). Once extracted, we have an “Odin_3.12.3” folder which will be used as our working directory. All other files will be downloaded into this folder. In a command prompt shell, we can to navigate to our working directory. To do this, we use the command cd. Example: cd C:\Odin_3.12.3

TWRP (Step 3)

Team Win Recovery Project, or TWRP, is a custom recovery. A recovery is mini-OS that is stored on a separate partition of the device that can perform specific basic functions like flashing memory or wiping a device. TWRP is a full featured recovery OS that has backup and restore built into it. While devices have stock recoveries, they are programmed to flash only signed and verified files (e.g. manufacture specific files). A device’s stock recovery is what is used when it performs an Over-The-Air (OTA) update or factory reset.

Action: We need to download the appropriate TWRP .tar file and move it into our working directory: the “Odin_3.12.3” folder.

Android Platform Tools (Step 4)

Android platform tools is a package which contains multiple tools, notably the Android Debug Bridge (ADB).

Action: Download the Android Platform Tools package. Extract the “platform-tools_[…]-windows.zip” file which will create a “platform-tools” folder. We need to move this folder and its contents to our working directory: the “Odin_3.12.3” folder.

The Process (Steps 5 – 9)

Actions (Steps 5 & 6):

  1. Hold the Volume Down + Home/Bixby button + the Power button. This will put the target device into what is known as “download mode”. Accept any warnings that appear on the devices screen.
  2. Open “Odin.exe” from the “Odin_3.12.3” folder. Once Odin boots, the log should read “Added!” (located on the left) and have a blue COM bubble filled in above. This verifies that your device has been detected.

Action (Step 7):

  1. Select the “Options” tab and verify that “F. Reset Time” and “Auto Reboot” are both checked. Also

Action (Steps 8 & 9):

  1. Make sure the checkbox next to the “AP” button is selected. Select your TWRP file here (e.g.: “twrp-3.3.1-0hero2lte.img.tar”.
  2. Hold the Volume Up + Home/Bixby buttons while you select “Start” on Odin. This will enable Odin to auto reboot the device after it is finished flashing TWRP to it.

Note: If you find that it is too difficult to hold these buttons while simultaneously clicking Start on Odin, you can uncheck “Auto Reboot” under Options and click “Start”. Once Odin is finished flashing TWRP, you can then hold Volume Up + Home/Bixby + Power button to reboot. Keep holding these buttons until the TWRP bootup screen appears.

It was at this point where I received the error: SECURE CHECK FAIL: recovery – This indicates that we are working with a phone with a locked bootloader. In this case, it is a Verizon phone, and they are known for locked bootloaders:

TWRP

TWRP main screen.

If our bootloader was properly unlocked by enabling “OEM Unlocked” (Step 1) then upon booting into recovery mode TWRP will show up as seen in the above screenshot.

Flashing Magisk

Once in recovery mode and TWRP is running, we can flash Magisk. The Magisk framework is what roots the target device. There are two parts of this process: the root binary, which has to be copied to the system partition, and the application (Magisk Manager App) which allows you to adjust root settings and install modules.

Actions (Steps 10 – 12):

  1. Once the latest Magisk framework is downloaded we need to place it into our working directory (Odin_3.12.3 folder)
  2. In TWRP, click “ADVANCED” and then “ADB Sideload”. In our command prompt that we opened earlier (which is operating out of our working directory), run the command adb devices

In the above command prompt we see that we have navigated to the platform-tools folder located in our working directory (Odin_3.12.3).

Note: If device appears but is listed as “unauthorized”, try toggling USB debugging off and then back on. A prompt will appear on the phone asking if you wish to Allow USB Debugging from the connected computer. Select yes and run the command once again.

Actions (Steps 13 – 15):

  1. Run the following command: adb sideload Magisk-v[version number].zip in order to flash it to the target device. When TWRP displays the flash as complete, you may select “REBOOT”
  2. Upon a normal system startup, there should be a Magisk Manager application to configure root access.

Note: Any software updates will nullify this rooting process.