Android OS Forum banner

[KERNEL] [GUIDE] Root Your Stratosphere! :-)

173K views 231 replies 79 participants last post by  msasasgs 
#1 · (Edited by Moderator)
First of all, mad props goes out to jcase, imnuts, and tbh, as well as the #charge irc channel for providing the stock kernel and support needed to get this working! Couldn't do it without you guys!

Okay, first the standard disclaimers: THIS WILL VOID YOUR WARRANTY! We are flashing a MODIFIED stock kernel to get root. (And yes, there is a mechanism Samsung put into it's bootloader to tell if you flashed a custom kernel! It's a tradeoff for openness that I am willing to live with!
Also, batteries not included, some assembly required, may make your cat go bald, could pillage your villagers, give you Bieber fever, etc.

Also, this post is for reference or entertainment purposes only. If you decide to use this info to root your phone, and you end up borking it, I'm not responsible. Neither is RootzWiki, jcase, imnuts, or anyone else but yourself.

This is not for the faint of heart, so if you have questions or need assistance, please feel free to ask in this thread. I had to do a metric crap ton of research just to figure out how to do all this, so I know what its like to have to get your mind rapped around this stuff. (At least you guys don't have to compile the kernel, just flash the one I made. Lucky you!
I had to learn how to compile the kernel over the past few days and this was my first attempt. Yay me.
) I also took some non-standard ways to get this on the phone, so please bear with me if I take extra steps that could be streamlined.

Now, without much further ado, here it is:

ROOT YOUR STRATOSPHERE!


Setup: I'm using Windows XP 32-bit, but unlike most devs, I use Heimdall in order to flash firmware to my phone. (Long story short: I've had less issues with using Heimdall than I have with Odin - that, and Odin only works in Windows where as Heimdall works in Windows/Linux/Mac. But, its up to you, feel free to use whatever tool you want as long as you know what you are doing with these files.)

Also, make sure you have adb set up and working. You'll need this to push the actual superuser binaries. Download and more info on adb at Android Developers.

First things first: Let's get your system set up to flash the kernel to the phone.

NOTE: If you have data encryption turned on, its been warned that you might want to turn it off before attempting this. Not sure if this is related to custom kernels or not, but better be safe than sorry. (And I think its off by default, mine wasn't on... so if you didn't turn it on, you should be fine.)

Download Heimdall 1.3.1 and extract the zip contents to a folder. Make sure to install the C++ distributable mentioned in the download section or the tool won't run (Windows only).

Put your phone in download mode. There are many ways to do this, easiest being holding the Vol - key while powering the phone on. It will warn you about flashing custom firmware, yadda yadda. Accept it anyway, then you'll see a green Andy that says "Download Mode Do Not Turn Off Target". Now plug your phone in. (Linux/Mac users can skip the rest of this paragraph. Yay us Windows users.) Set up the drivers from the zagig.exe app in the Drivers folder. The dropdown box will say something like 'Gadget Serial'. Click 'Install Driver'. I can't remember if I had to replug the phone or not, or reboot the machine, but you might want to for good measure if it isn't working.

Next, download the zip attached to this post below and unzip its contents to a working folder. To make things easier, just extract the zip contents to the same directory that heimdall is living in. You should have the following files from the zip:

Code:
<br />
root-zImage<br />
su<br />
busybox<br />
Superuser.apk<br />
Now, fire up a command window in this directory. I use the command-line utility in order to push the kernel instead of the GUI, but if you know how to use the GUI, be my guest.

First make sure the device is detected. Type:
Code:
heimdall detect
If it works, you'll get 'Device detected'. Now you are good to go:

Code:
heimdall flash --kernel root-zImage
You'll see it say uploading kernel, and a progress bar will appear on the phone. It goes pretty quick. On success, you'll see the phone reboot, and then a new yellow '!' triangle will flash under the SAMSUNG logo on the boot screen. This means the system detected a custom kernel. If you see/hear the boot animation, then you were successful! You are now sporting a working insecure kernel ready for rooting!


Wait for the phone to boot back up and make sure everything is in working order. Make sure USB Debugging is on. (Settings->Applications->Development)

Now, in the command window, make sure your phone can be seen:
Code:
F:\Downloads\heimdall-suite-1.3.1-win32>adb devices<br />
List of devices attached<br />
3235A3CA0D8400EC		device
now, remount the file system.

Code:
F:\Downloads\heimdall-suite-1.3.1-win32>adb remount<br />
remount succeeded
Push the following files to the phone:
Code:
F:\Downloads\heimdall-suite-1.3.1-win32>adb push su /system/bin<br />
F:\Downloads\heimdall-suite-1.3.1-win32>adb push busybox /system/bin<br />
F:\Downloads\heimdall-suite-1.3.1-win32>adb push Superuser.apk /system/app
Change the permissions on su and busybox:
Code:
<br />
F:\Downloads\heimdall-suite-1.3.1-win32>adb shell chmod 4755 /system/bin/su<br />
F:\Downloads\heimdall-suite-1.3.1-win32>adb shell chmod 4755 /system/bin/busybox
Now, download something from the market that needs root privileges to test. I bought Root Explorer, so I used that to test. I also tried to su from ConnectBot in a local connection and it also worked for me.

If you get the Superuser Request popup, then you are rooted!! Congrats!

If you want to put the stock kernel back on, or just want to have it for safety sake, I attached it in a zip by itself as well. Flash it using the same method listed above. Thanks again goes to jcase and tbh for providing that.

I'll be updating this post with images and pictures, or cleaning parts up as I get time and some feedback.

LET THE DEVELOPING BEGIN!!

Files:
Stratosphere Root.zip: md5: ead3a6a2b36a25a32692dec71e6bfc7f
Stock Kernel.zip: md5: 97d8df7945b5035d480547424cbcaa35
 
See less See more
5
#4 ·
I seen mention of some kernels that do that, but I wasn't sure. So I went with the method I knew about.

But, by all means, I will chat with you about how to do it. Now that I have my feet wet, I will want to dabble with this stuff more. Ahhh! It's taking over my brain! :p
 
#13 ·
^ Thanks! That's quite helpful to know. I'm more familiar with the Moto and HTC rooting side of things having grown into smartphones via the Droid & Droid X as well as currently using the TBolt. In following P3droid, I've seen a lot about "Odin" and other stuff related to the Charge, but a complete wet-behind-the-ears Noob when it comes to Samsung. I appreciate the time you took to lay out the background so we can know what's what. And, of course, there's always eBay to get a replacement phone when/if the need arises.

Totally agree on the warranty stuff. Just seems that there's been so much abuse of warranty coverage by those who don't follow directions, trash their phones, then have gotten replacements.

Anyway, thanks for putting in all the work on Stratosphere, as this phone seems to have more potential now that root has been accomplished!
 
#14 ·
No problem. I wanted to see this phone get some development love since I heard people bashing it in favor of the GS2. Some people just don't understand that a keyboard is more valuable to some users than 2 cores and a gig of RAM. I always look for new functionality when I upgrade my hardware, not just because its "faster". I will always be a qwerty nerd! :)

I had a Droid 2 and Thunderbolt before this, so I was up on the rooting of them, even thought I never looked into "how" the rooting worked. Well, I had to in order to get this to work. I had to learn to set up a kernel development environment in Linux, download the ARM compiler, learn how Samsung sets up their kernel (which is way different than the standard Android way that Moto and HTC use), and then learn to reverse engineer the stock kernel in order to compile a new one. It's been a learning experience, that's for sure.... and I know I still have a long ways to go.
 
#15 ·
Awesome, had to register for this site just to thank you.
However, I also have some questions. What exactly did you do to the kernel here? I haven't loaded it yet, but from your description / instructions it looks like it has a root shell via ADB without any authentication? (I know that a locked down phone doesn't let you "adb push" to secure locations like /system/bin.)

Given that su and superuser.apk are still required, I'm guessing that it shouldn't be a security problem in normal operation (i.e. root-required apps are still going to have to prompt rather than have some backdoor to self-elevate)? I'm not 100% familiar with the difference between an ADB shell access and local access on the phone, is there absolutely no possible way (short of USB cable or possibly bluetooth ADB debug connection to the phone) to get an unauthenticated rootshell?

I'm a fan of rooting, but I'm security-conscious as well.
 
#16 ·
Awesome, had to register for this site just to thank you.
However, I also have some questions. What exactly did you do to the kernel here? I haven't loaded it yet, but from your description / instructions it looks like it has a root shell via ADB without any authentication? (I know that a locked down phone doesn't let you "adb push" to secure locations like /system/bin.
All I did was rip out the root system image from the stock kernel that was provided to me, and changed ro.secure to 0 in the default.prop file. When ro.secure is 1 (like when all phones are shipped), it makes adb run in user mode. When its 0, it runs in root mode. This is why you can run adb remount to remount the /system parition in read-write mode and push over the root binaries.

Given that su and superuser.apk are still required, I'm guessing that it shouldn't be a security problem in normal operation (i.e. root-required apps are still going to have to prompt rather than have some backdoor to self-elevate)? I'm not 100% familiar with the difference between an ADB shell access and local access on the phone, is there absolutely no possible way (short of USB cable or possibly bluetooth ADB debug connection to the phone) to get an unauthenticated rootshell?

I'm a fan of rooting, but I'm security-conscious as well.
I'm not sure if any on-board apps can access adb to get root privileges, but I don't think they can (someone can correct me if I am wrong.) If you are worried, you can always flash the stock kernel back to the phone to disable root adb and then you'll only be able to get root through su.
 
#18 ·
DemoMan, it should work on w7 x64 from what I can see. Try installing it, it should let you know one way or the other. Given that it supports 64-bit Mac and Linux, I'm guessing Windows is covered as well.

knightcrusader, I appreciate the info. I haven't ever tried to build Android from source so I didn't realize that the ADB settings were built into the kernel (I always figured it would be something you could tweak in /etc or /system somewhere instead).
 
#21 · (Edited by Moderator)
Is anyone here willing to help me by making an image of their system partition after they get rooted? I was trying to remove busybox's symlinks from /system/bin and I removed something I shouldn't have and now my phone is having issues. The image I *thought* I made is empty. :-(

If so, reply here or PM me and I'll give you the details on how to do it. (It won't harm your phone, I promise.)

Thanks guys!

EDIT: JonK from Android Central got me back up and running. Thanks!
 
#22 · (Edited by Moderator)
To Rohndogg1 and any other that may know, I am having a problem using ADB. I am no pro at this by any means, when I use any ADB commands I can&#39;t use them in C:\User\Sparks\Downloads\heimdall-suite-1.3.1-win32>. I have to go where my SDK is installed C:\Program Files (x86)\Android\android-sdk\platform-tools>. Am I doing somthing wrong? And when I use C:\Program Files (x86)\Android\android-sdk\platform-tools>adb devices, it doesn&#39;t list anything just "List of attached devices" and is blank under it. I am not so familiar with SDK so I&#39;m guessing my mistake lies within that.

-Debugging is on, all previous steps worked without a hitch.

Thanks, Matt.

C:\Users\Sparks>cd C:\Users\Sparks\Downloads\heimdall-suite-1.3.1-win32

C:\Users\Sparks\Downloads\heimdall-suite-1.3.1-win32>adb devices

&#39;adb&#39; is not recognized as an internal or external command,
operable program or batch file.

C:\Users\Sparks\Downloads\heimdall-suite-1.3.1-win32>cd C:\Program Files (x86)\A
ndroid\android-sdk\platform-tools

C:\Program Files (x86)\Android\android-sdk\platform-tools>adb devices
List of devices attached

C:\Program Files (x86)\Android\android-sdk\platform-tools>

**Using Windows 7
 
#42 · (Edited by Moderator)
And when I use C:\Program Files (x86)\Android\android-sdk\platform-tools>adb devices, it doesn&#39;t list anything just "List of attached devices" and is blank under it. I am not so familiar with SDK so I&#39;m guessing my mistake lies within that.
If you're still having trouble, try installing PDAnet and follow all the steps, it should fix the issue for you.

As an added bonus, PDAnet is also a fairly reliable method to tether your phone.


If anyone has any more questions, please ask. I will be more than happy to help.
 
#29 ·
Any other advice? I updated the samsung drivers advised above. When I use the commands "adb devices" do I need anything running in the background? Right now it goes

"C:\Program Files (x86)\Android\android-sdk\platform-tools>adb devices
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
List of devices attached

"
Sorry for the newbisim, Thanks.
 
#39 ·
I am unable to get my phone to show up when I do adb devices. please help!!

I have tried this on an XP machine and a Windows 7 Machine.

I navigate to c:\program files (x86)\android\android-sdk\platform-tools> adb devices and nothing shows up

if I try do do adb devices in any other place other then the path listed above it states that adb is not a recognized command.
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top