The time finally came when I needed to fiddle with my phone. You may wonder what on earth can be done with phone? Most are now sealed mono-units and even with a terminal emulator App the commands for Linux (which is underneath Android) don’t work….or do they?
As we know from Linux we need to invoke the magic word ‘sudo’ or ‘su’ to enable commands to run or to bring us the information we’re requesting, the same is true for Android but how do we do this? Typing SU into a suitable App won’t get us anywhere because an out-of-the-box phone is not ‘rooted’. To us in the Linux world we understand this meaning, to be root, in the Microsoft realm it’s called ‘administrator’. This in it’s self is the fundamental difference between Linux and Windows. On a Linux OS we’re always outside root, or as a ‘guest’ for Windows, however most windows PC’s run as admin all the time and hence the ease with which they can be hacked or infected.
So to get this mythical root access we’ll need to change some of the code of Android, we’re going to exploit a security bug in Lollipop to give us this root access. This is normally easily done by flashing (writing) a custom recovery which contains a suitable patch to grant root. Recovery is a bootable menu which allows you to load new software, to do a factory wipe or repair your OS – hence recovery. I’ll be using a modified TWRP from TheWhisp on XDA, others are ClockworkMod and Philz-recovery. Now I mentioned ‘this is normally easily done’ but some manufactures such as Sony, Asus and HTC ‘bootlock’ their phones and that’s a whole different hurdle to overcome in another post, in the case of Samsung they have a clever trick to make this hard, the stock Samsung ROM sees that the system folders have been modified and overwrites them to stock at boot rendering your hard work useless! Buggers!
Well that’s fine and dandy but I want root access, I want to remove all that bloatware that Samsung thinks I’ll need, I want to fiddle with my brand new phone and make it mine! We’re going to be rooting a Samsung Alpha 5 (SM500FU) using Linux (so no Odin) but the overall process remains similar for any Android device, you will need to read up on specific tricks or software needed for your device, the XDA forums are a great source. So let’s start:
The first thing is to read up fully on your device, there may be issues like bootloops that can be easily avoided, patches to solve issues and of course the latest revisions. For the Alpha5 we know about the OS overwriting the recovery.img, that as of 10th Dec 2015 our modified TWRP won’t give us root, WHAT?! but that’s the point of all this! Yes, but thanks to Chainfire we can flash superSu from our shiney new custom recovery to gain it….don’t worry.
First charge your phone to 100% just good practice. We’re going to need Heimdall (Odin for Linux) and I run it from the command line as it’s quicker and simpler, I compiled mine from GIT (source) to get V1.4.1:
sudo apt-get install git
apt-get install build-essential cmake zlib1g-dev qt5-default libusb-1.0-0-dev libgl1-mesa-glx libgl1-mesa-dev
git clone git://github.com/Benjamin-Dobell/Heimdall.git
mkdir -p Heimdall/build
cmake -DCMAKE_BUILD_TYPE=Release ..
sudo cp bin/* /usr/local/bin
And finally to check it works: sudo heimdall-frontend which we can close now we know it’s all working.
Now we need the correct recovery image which will be a .tar file, I got mine HERE, put it somewhere you can find it again. If the file ends ‘.tar.md5’ rename it without the ‘.md5’ so that Archive manager can open it. Now extract the recovery.img and open a terminal in the folder which contains the recovery.img We now need the SuperSu.zip file from HERE, this file needs to be copied onto your external sdcard, don’t put it in a folder just straight onto the card on it’s own. Once that’s done power-off your phone and unplug the USB.
Thanks to the Alpha5 and Heimdall both being picky the following is the way I got my PC/Heimdall/Alpha5 to talk to each other. This seems to work regardless of which USB I was plugged into:
With our terminal still open in the folder with our recovery.img in:
sudo heimdall detect this will return that no device can be found or detected and is a final check that Heimdall is available.
Connect your phone. Press and keep holding the Volume-down+Home+Power buttons all at the same time until the phone vibrates, then release all the buttons and you will enter a screen warning you that you’re up to no good, ignore this and press Volume-up to enter ‘download mode’, now in the terminal:
heimdall flash –RECOVERY recovery.img –no-reboot
And WAIT………………….there should be an output in the terminal saying things like ‘downloading PIT file’, if successful it will end by saying it’s reattached the kernel and returns you to command prompt (the :~$ sign). On the phone there will be a progress bar moving across the screen, wait until it’s finished moving and then I like to wait a little longer to make sure the write has been completed before doing:
Press and hold the Volume-up+Home+Power buttons without releasing until the phone buzzes and enters our spanking new custom recovery. At this point and after several hours there was much cheering and rejoicing……….Do a full backup. Really, do a full backup!
Now at last for the point of the exercise, Root access. Still in recovery go to ‘install from zip’ and open up your external sdcard and select the SuperSu.zip file, hit install or with TWRP ‘swipe to confirm’ and hey presto root! Now reboot system to start deleting all those annoying apps you never wanted, well actually the first thing you’ll need is a superuser app to grant and manage root access, I use this one.
Now the caveats – If you’re going attempt to root your phone I’d like to assume you know you’re way around basic computing. Read up. It worked with my phone (SM500FU running stock 5.0 Lollipop) and desktop (debian based latest), yours will be different. Be prepared that when it all goes wrong (it will at some point) you will be in a world of hurt, but don’t panic, stop and google without touching your phone. During this process I ended up for a while with no recovery at all! Couldn’t find anything or anyone else who’d had the same, but I calmly retraced my steps, compiled Heimdall from source and through trail and error got Heimdall to ‘talk’ to my phone again resulting in the process above and a happy rooted phone.
At some point I’ll flash a custom ROM and will write and tell y’all about it, happy flashing!