Better Mobile App

Unroot Galaxy S2 - need kernel

Hello,
I'm going to send my Galaxy S2 in for repairs but I need to un-root it first.
I'm searching for the official Vodafone Australia kernel DUKJ1
http://forum.xda-developers.com/showthread.php?t=1113928
The kernel is there but because multiupload is down I cannot download it. I have tried Check Fus downloader but it does not have DUKJ1. Is there any other way I can get the kernel?
Also do I even need to un-root it as I have used the usb jig to reset the binary counter?

Um, actually, Checkfus does have KJ1 for Voda AU. This is the most recent firmware available for Voda AU via Kies (I just checked this with my own copy of Checkfus).
Download the entire rom and extract the kernel zImage.
If you leave a rooted kernel on it & whomever repairs the phone notices this, there's a fair chance your warranty will be deemed to have been voided. Frankly, you might as well flash the entire KJ1 rom package from Checkfus (for all whomever repairs it knows, you probably updated OTA via Kies), then do a factory reset then double check to make sure there's no trace of any apps that required root left on the phone.
Then jig it again just to be doubly sure.
Then done. Send it in for warranty service.

MistahBungle said:
Um, actually, Checkfus does have KJ1 for Voda AU. This is the most recent firmware available for Voda AU via Kies (I just checked this with my own copy of Checkfus).
Download the entire rom and extract the kernel zImage.
If you leave a rooted kernel on it & whomever repairs the phone notices this, there's a fair chance your warranty will be deemed to have been voided. Frankly, you might as well flash the entire KJ1 rom package from Checkfus (for all whomever repairs it knows, you probably updated OTA via Kies), then do a factory reset then double check to make sure there's no trace of any apps that required root left on the phone.
Then jig it again just to be doubly sure.
Then done. Send it in for warranty service.
Click to expand...
Click to collapse
What version of Checkfus do you have as I can't find it. I select Android then GT-1900T but KJ1 is nowhere to be seen?
Thanks.

2.1. Android/I9100T/Australia (Vodafone). Tells you original firmware was KF2, then hit check firmware. Tells you KJ1 is latest released on 8/11/2011.
Are you sure you're using the PC version & not the phone app ?
Eye_Blake said:
What version of Checkfus do you have as I can't find it. I select Android then GT-1900T but KJ1 is nowhere to be seen?
Thanks.
Click to expand...
Click to collapse

I got it working, thanks alot.
To re jig it I flashed the old bootloader, should I re flash the new bootloader or leave the old one?

No worries
Unless you have a specific reason for flashing the new bootloader (I.E. something not working without it), leave it. The less you mess around with bootloaders the better.
Eye_Blake said:
I got it working, thanks alot.
To re jig it I flashed the old bootloader, should I re flash the new bootloader or leave the old one?
Click to expand...
Click to collapse

The reasons I planned on sending the phone in for repair/replacement were that is would turn on and off by itself sometimes, would open voice talk by itself almost constantly and would make the charging 'beep' noise when not plugged in.
Since unrooting none of these problems have happened again, should I still send it in for repair/replacement? Why would unrooting fix these problems?

Hard to say. Was the phone just rooted, or were you running a custom rom ? If the latter it may have been something in the rom causing the issues.
Up to you. Maybe run it for a week or two (or whatever) & see how it goes. You've unrooted it, you can jig it if you haven't already & send it in for warranty service whenever you like.
Obviously jigging it & going back to stock is never a guarantee of warranty service (given you've voided the warranty by rooting it in the first place), but most people who have done this have been fine so far as warranty service is concerned. I have seen a few exceptions over the past few months on here, but it's hard to say whether those people followed all the steps before sending it in or not.

That would be a good idea!

MistahBungle said:
Hard to say. Was the phone just rooted, or were you running a custom rom ? If the latter it may have been something in the rom causing the issues.
Up to you. Maybe run it for a week or two (or whatever) & see how it goes. You've unrooted it, you can jig it if you haven't already & send it in for warranty service whenever you like.
Obviously jigging it & going back to stock is never a guarantee of warranty service (given you've voided the warranty by rooting it in the first place), but most people who have done this have been fine so far as warranty service is concerned. I have seen a few exceptions over the past few months on here, but it's hard to say whether those people followed all the steps before sending it in or not.
Click to expand...
Click to collapse
It was just rooted. Yeah that's a good idea, I'll see if it plays up in the next week, thanks!
Do you think they will replace it or just repair it?

No idea. That's entirely up to them. But unlikely to replace outside the first few weeks unless the phone was unfixable if previous experiences on here are anything to go by.
Eye_Blake said:
It was just rooted. Yeah that's a good idea, I'll see if it plays up in the next week, thanks!
Do you think they will replace it or just repair it?
Click to expand...
Click to collapse

MistahBungle said:
Hard to say. Was the phone just rooted, or were you running a custom rom ? If the latter it may have been something in the rom causing the issues.
Up to you. Maybe run it for a week or two (or whatever) & see how it goes. You've unrooted it, you can jig it if you haven't already & send it in for warranty service whenever you like.
Obviously jigging it & going back to stock is never a guarantee of warranty service (given you've voided the warranty by rooting it in the first place), but most people who have done this have been fine so far as warranty service is concerned. I have seen a few exceptions over the past few months on here, but it's hard to say whether those people followed all the steps before sending it in or not.
Click to expand...
Click to collapse
Any proper guide to be done before send to repair?.. i've just sent my phone to service today. Battery temperature warning problem. Re-flash stock rom with stock kernel. Everything goes back like factory settings

Just the usual steps I.E. flash stock firmware, do a wipe/factory reset, use jig to reset the flash counter, double check that the reset worked & there are no traces of old apps on the phone which required root that could tip off whomever fixes the phone that you'd rooted it. Some say you should first (while the phone is still rooted) go into CWRecovery and format cache, data, system, & sd card. Then flash stock firmware and then use the jig. Depends on how paranoid you are I guess.
As I said to the previous poster, there are no guarantees of warranty service after you root or flash non-stock firmware on your phone (you shouldn't expect same), however if you follow these steps you should get warranty service. But there are always exceptions.
whose_ni said:
Any proper guide to be done before send to repair?.. i've just sent my phone to service today. Battery temperature warning problem. Re-flash stock rom with stock kernel. Everything goes back like factory settings
Click to expand...
Click to collapse

MistahBungle said:
Just the usual steps I.E. flash stock firmware, do a wipe/factory reset, use jig to reset the flash counter, double check that the reset worked & there are no traces of old apps on the phone which required root that could tip off whomever fixes the phone that you'd rooted it. Some say you should first (while the phone is still rooted) go into CWRecovery and format cache, data, system, & sd card. Then flash stock firmware and then use the jig. Depends on how paranoid you are I guess.
As I said to the previous poster, there are no guarantees of warranty service after you root or flash non-stock firmware on your phone (you shouldn't expect same), however if you follow these steps you should get warranty service. But there are always exceptions.
Click to expand...
Click to collapse
Lucky for me. My phone just back from service and they replace broken parts. ..i didn't jig to reset the counter..

Yep. You were lucky.
whose_ni said:
Lucky for me. My phone just back from service and they replace broken parts. ..i didn't jig to reset the counter..
Click to expand...
Click to collapse

[Q] ROOT for Galaxy S2 ICS 4.0.3 questions

Hi,
I've had a look around and can't find a thread that answers my question completely. I just want to gain root access to phone, I have no intention of flashing a custom firmware. My phone is a Galaxy S2 I9100 running Vodafone Australia's stock 4.0.3 ICS.
As I am new to rooting, I have browsed through this page but still have questions:
http://forum.xda-developers.com/showthread.php?t=1103399
I want to be able to easily restore my phone to its stock, unrooted state for warranty purposes. I'm not quite sure how to do this, Is there a way to backup my phones kernel as it is now, and be able to flash back to the stock kernel if something were to go wrong?
Also, My kernel version is 3.0.15-I9100TDULP9-CL422302 ..... The key letters being LP9? So then which one of these 2 would I flash?
CF-Root-SGS2_XW_KPN_LP9-v5.4-CWM5.zip OR
CF-Root-SGS2_DX_SIN_LP9-v5.4-CWM5.zip
Or would either work?
(Yes still going, sorry!) I also saw something called a Binary Flash Counter which counts the amount of times a phone has been modified? Would I be affected by this by just gaining root access? And if so how do I prevent that? (My ultimate aim is to root, but still keep warranty)
Thanks in advance for any help, its really appreciated.

mkirpy22 said:
Hi,
I've had a look around and can't find a thread that answers my question completely. I just want to gain root access to phone, I have no intention of flashing a custom firmware. My phone is a Galaxy S2 I9100 running Vodafone Australia's stock 4.0.3 ICS.
As I am new to rooting, I have browsed through this page but still have questions:
http://forum.xda-developers.com/showthread.php?t=1103399
I want to be able to easily restore my phone to its stock, unrooted state for warranty purposes. I'm not quite sure how to do this, Is there a way to backup my phones kernel as it is now, and be able to flash back to the stock kernel if something were to go wrong?
Click to expand...
Click to collapse
To get back to stock look for your firmware in Intratech's thread. It also provides links for kernel only downloads.
Also, My kernel version is 3.0.15-I9100TDULP9-CL422302 ..... The key letters being LP9? So then which one of these 2 would I flash?
CF-Root-SGS2_XW_KPN_LP9-v5.4-CWM5.zip OR
CF-Root-SGS2_DX_SIN_LP9-v5.4-CWM5.zip
Or would either work?
Click to expand...
Click to collapse
From the thread you were referencing:
The XX and OXA identifiers are not that important. Usually a "KG1" kernel is a "KG1" kernel, and that is that. Sometimes (pretty rare) it happens there will be multiple different kernels with the same name in different firmwares, that are actually different. If this happens, they are usually only very minor changes and you should expect them to still be fully compatible. I include the "XX" and "OXA" identifiers so the very advanced users can deduce from which full firmware I have taken the kernel file.
Click to expand...
Click to collapse
(Yes still going, sorry!) I also saw something called a Binary Flash Counter which counts the amount of times a phone has been modified? Would I be affected by this by just gaining root access? And if so how do I prevent that? (My ultimate aim is to root, but still keep warranty)
Click to expand...
Click to collapse
Yes you will be affected (if rooting with CF-root method) and no, you can't prevent it. However you can reset things. The easiest way to do this is to use TriangleAway from the Play store.

Best thing to do if you want a backup that's as close to stock as possible is to root your phone & then do a Nandroid backup in CWM before doing anything else to the phone (flashing custom roms, other kernels, etc). That will give you a backup that is essentially stock other than the rooted kernel.
If you want to guarantee warranty service, don't mess with your phone (yes, I'm serious). Once you start messing with it, you should lose any expectation of warranty service should the worst happen (rooting your phone/running non stock firmware voids your warranty). Having said that, many people who have rooted their phones and/or run non-stock firmware have been able to get warranty service by going back to stock & resetting the flash counter either with a jig or Triangle Away before sending it in for service. However, this is never a guaranteed, rolled gold 100% certainty.
FXRB is right, before you root your phone, either download your current firmware from Intratech's thread, or use the PC version of Checkfus to download it. This will save you problems if you need to go back to stock in say, 12 mths, and you forget which firmware was originally on the phone.

Unrooting Sprint Samsung s2 ics 4.0.4 fh13
I rooted my phone but would like to unroot it back to previous or stock. Please help with any information to unroot. Thanks.

hispeed10 said:
I rooted my phone but would like to unroot it back to previous or stock. Please help with any information to unroot. Thanks.
Click to expand...
Click to collapse
1. Reset binary counter using Triangle away app.
2. Download Stock firmware for your country/region here: http://www.sammobile.com/firmware/
3. Flash the firmware via Odin.
Done

hispeed10 said:
I rooted my phone but would like to unroot it back to previous or stock. Please help with any information to unroot. Thanks.
Click to expand...
Click to collapse
In addition to what Jokesy said, you say you have a Sprint Samsung s2 ics 4.0.4 fh13. The Sprint variant is the Epic 4G Touch, and has a different forum located at http://forum.xda-developers.com/forumdisplay.php?f=1281.
This forum is for the I9100, which is a GSM phone, and doesn't even work on Sprint's CDMA network.
For your own sake and future sanity, please go to and stay in that forum, and avoid flashing anything from this forum for the I9100.

I rooted my phone pushing CWM.zip and SU-busybox in recovery mode.
First CWM.zip And then su-busybox in the Clockwork orange mod. Its rooted and no yellow triangle.

How the new GT-I9500 Binary Counter security works.

I am writing this to provide further understanding on how Samsung is preventing tools such as Triangle Away from tricking the Service Centers employees into thinking that your phone only ever ran Samsung approved binaries/roms.
This protection is enabled on newer Exynos based devices such as the GT-I9500, the Qualcomm chipset based devices seem to have been spared from it at the moment, most likely because the eMMC hardware is different.
The GT-I9500 bootloader is now setting the /sys/block/mmcblk0boot0/ro_lock_until_next_power_on flag at boot.
This is an eMMC feature that effectively locks the partition to read only until the eMMC hardware is restarted (basically until you reboot your phone)
While the /sys/block/mmcblk0boot0/ro_lock_until_next_power_on is software triggered, the lock itself is enforced by the eMMC hardware, once it is set, there is no getting around it.
Because this is set in the bootloader long before a kernel starts, and therefore long before we get to run our own code, and that the partition is locked by the eMMC hardware afterward, the only way to write the counter back is to do it at the bootloader level before the flag gets set, this means either exploiting the bootloader or replacing it by an older (engineering) version that would not set that particular flag (however an older bootloader may not support future components of the phone as they get replaced in the future, such as a newer OLED panel for instance)
Seems like a lot of trouble just to be keeping a warranty intact.
I hope this post shed some more light on the matter, this may also give you an idea of what awaits in the future in terms of security on future handsets.

mathieulh said:
I am writing this to provide further understanding on how Samsung is preventing tools such as Triangle Away from tricking the Service Centers employees into thinking that your phone only ever ran Samsung approved binaries/roms.
This protection is enabled on newer Exynos based devices such as the GT-I9500, the Qualcomm chipset based devices seem to have been spared from it at the moment, most likely because the eMMC hardware is different.
The GT-I9500 bootloader is now setting the /sys/block/mmcblk0boot0/ro_lock_until_next_power_on flag at boot.
This is an eMMC feature that effectively locks the partition to read only until the eMMC hardware is restarted (basically until you reboot your phone)
While the /sys/block/mmcblk0boot0/ro_lock_until_next_power_on is software triggered, the lock itself is enforced by the eMMC hardware, once it is set, there is no getting around it.
Because this is set in the bootloader long before a kernel starts, and therefore long before we get to run our own code, and that the partition is locked by the eMMC hardware afterward, the only way to write the counter back is to do it at the bootloader level before the flag gets set, this means either exploiting the bootloader or replacing it by an older (engineering) version that would not set that particular flag (however an older bootloader may not support future components of the phone as they get replaced in the future, such as a newer OLED panel for instance)
Seems like a lot of trouble just to be keeping a warranty intact.
I hope this post shed some more light on the matter, this may also give you an idea of what awaits in the future in terms of security on future handsets.
Click to expand...
Click to collapse
So are you saying there is no way that we can reset the counter going forward or are you saying That one of our Smart XDA Developers are going to crack it ?

matrix.bharath said:
So are you saying there is no way that we can reset the counter going forward or are you saying That one of our Smart XDA Developers are going to crack it ?
Click to expand...
Click to collapse
Nah, i saw too many complicated things get Cracked,Hacked... Moded... its only a matter of time
basicly a bootloader exploit is a solution but on the other hand its always too risky to flash them as not every I9500 is 100% identical to another some behave in a good way other make trouble depends on the chip.
still the best solution is to disable that mechanism protection so that the counter is never set. in one way you won't mind any custom ROM installation and you can be happy counter doesn't raise up the one thing is the users which are already running custom and have a binary lock these can't do a thing for now, the only issue here is the SU being place on the system partition triggers is, and basicly any app such as TriangleAway requires it so even if you think to restore stock and it works you can't reset counter since it needs root --> and again LOCK.

I wouldn't worry about it ...

> still the best solution is to disable that mechanism protection so that the counter is never set. in one way you won't mind any custom ROM installation and you can be happy counter doesn't raise up the one thing is the users which are already running custom and have a binary lock these can't do a thing for now, the only issue here is the SU being place on the system partition triggers is, and basicly any app such as TriangleAway requires it so even if you think to restore stock and it works you can't reset counter since it needs root --> and again LOCK.
well, not really correct. you can temproot system, using some android exploit.
you install stock after using triangleaway on rooted rom = counter is 0
if you temproot wthout kernel flash - counter is 0

So if I'm reading this correctly, there is no way at this stage to reset counter.
I have a faulty i9500 that I need to send back under warranty but I have flashed a custom ROM.
Does this mean I have a brand new S4 that is useless & no way to fix it?

KTM690 said:
So if I'm reading this correctly, there is no way at this stage to reset counter.
I have a faulty i9500 that I need to send back under warranty but I have flashed a custom ROM.
Does this mean I have a brand new S4 that is useless & no way to fix it?
Click to expand...
Click to collapse
Read post #4 ...
Sent from my GT-I9500

Gillion said:
Read post #4 ...
Sent from my GT-I9500
Click to expand...
Click to collapse
I did, but not sure what Chainfire meant by "I wouldn't worry about it ..."
Hopefully he means he will have a fix shortly

Hope, ChainFire could resolve :fingers-crossed:

KTM690 said:
I did, but not sure what Chainfire meant by "I wouldn't worry about it ..."
Hopefully he means he will have a fix shortly
Click to expand...
Click to collapse
If he said we don't need to worry everything is under control

Chainfire said:
I wouldn't worry about it ...
Click to expand...
Click to collapse
Please break the suspense .. is there a way ?

actually, i've posted similar article sometime ago:
http://forum.xda-developers.com/showthread.php?t=2290238
But since i've asked for workaround, moderators threw away my thread to Q/A section and made that topic orphaned >8-E
Engineering bootloader works fine and allows to write to boot block and reset the counter.
Not sure what Chainfire means. Is there a way to cycle power on eMMC to reset the flag? Otherwise, only engineering bootloader will allow to reset counter and flags.

I've got the feeling. This is the last ever Samsung phone I've bought I will happily move to other manufacturer now. No reason to love Samsung phones now. HUGE DISAPPOINTMENT.. Spent like $800 for this device and it has very very less REAL DEVELOPMENT ROOM.. No sources, crap architecture engineering, unfinished ROMS.. Nothing is good..
hardware is damn good but Samsung failed it

Rahulrulez said:
I've got the feeling. This is the last ever Samsung phone I've bought I will happily move to other manufacturer now. No reason to love Samsung phones now. HUGE DISAPPOINTMENT.. Spent like $800 for this device and it has very very less REAL DEVELOPMENT ROOM.. No sources, crap architecture engineering, unfinished ROMS.. Nothing is good..
hardware is damn good but Samsung failed it
Click to expand...
Click to collapse
To be honest, the same things happen on the htc one, if you want to unlock its bootloader, you forfeit its warranty. Nothing new here.
Sent from my GT-I9505 using xda premium

sorg said:
actually, i've posted similar article sometime ago:
http://forum.xda-developers.com/showthread.php?t=2290238
But since i've asked for workaround, moderators threw away my thread to Q/A section and made that topic orphaned >8-E
Engineering bootloader works fine and allows to write to boot block and reset the counter.
Not sure what Chainfire means. Is there a way to cycle power on eMMC to reset the flag? Otherwise, only engineering bootloader will allow to reset counter and flags.
Click to expand...
Click to collapse
Oh ! I never saw that thread before. I was just wondering back then why TA wouldn't work on the phone and started looking.
It's nice to see that someone else has researched this issue
To be quite honest with you though, I use the GT-I9505 as my daily driver.
Sent from my GT-I9500 using xda premium

Honestly, i don't see a reason to always keep the counter at 0.
For the warranty purpose there is a way to revert everything back:
1) flash official firmware through Odin
2) flash custom recovery with accessible mmcblk0boot0.
3) backup whole mmcblk0boot0
4) flash engineering bootloader
6) in any hex editor: reset the counter and flags in mmcblk0boot0 dump.
7) in recovery: flash the mmcblk0boot0 with your zero-counter dump. Don't reboot yet!
8) in recovery: flash recovery partition with official recovery. Don't reboot yet!
9) perform the factory reset.
10) reboot.
Now you have innocent I9500 device

sorg said:
Honestly, i don't see a reason to always keep the counter at 0.
For the warranty purpose there is a way to revert everything back:
1) flash official firmware through Odin
2) flash custom recovery with accessible mmcblk0boot0.
3) backup whole mmcblk0boot0
4) flash engineering bootloader
6) in any hex editor: reset the counter and flags in mmcblk0boot0 dump.
7) in recovery: flash the mmcblk0boot0 with your zero-counter dump. Don't reboot yet!
8) in recovery: flash recovery partition with official recovery. Don't reboot yet!
9) perform the factory reset.
10) reboot.
Now you have innocent I9500 device
Click to expand...
Click to collapse
Wowww Great.. Can you Give us some detailed setup i or Ash will Probably make a Tutorial Video of it with the right info, for now its all thanks to you.. can you also provide links to the above Custom Recovery Files etc. that are needed to get the above working?

matrix.bharath said:
Wowww Great.. Can you Give us some detailed setup i or Ash will Probably make a Tutorial Video of it with the right info, for now its all thanks to you.. can you also provide links to the above Custom Recovery Files etc. that are needed to get the above working?
Click to expand...
Click to collapse
That's rough walk-through, using some quick-made kernel and perform most steps in command line through adb in shell. I believe there are some kernels with mmcblk0boot0 are floating around. It needs to be polished and easier to repeat for generic user. I'm sure someone will make more user-friendly guide with all necessary files.

sorg said:
Honestly, i don't see a reason to always keep the counter at 0.
For the warranty purpose there is a way to revert everything back:
1) flash official firmware through Odin
2) flash custom recovery with accessible mmcblk0boot0.
3) backup whole mmcblk0boot0
4) flash engineering bootloader
6) in any hex editor: reset the counter and flags in mmcblk0boot0 dump.
7) in recovery: flash the mmcblk0boot0 with your zero-counter dump. Don't reboot yet!
8) in recovery: flash recovery partition with official recovery. Don't reboot yet!
9) perform the factory reset.
10) reboot.
Now you have innocent I9500 device
Click to expand...
Click to collapse
Great work sorg.
Any chance of a noobs guide to this?

Bytheway, is it possible to flash bootloader(sboot.bin) on cwm recovery?
I've tried to include bl in rom zip
Sent from my SHV-E300S using XDA Premium HD app

[Q] Getting customized without touching the binary counter...

Im thinking this:
If one wants to get root and custom firmwares onto the Mega (I9205 in my case), then the only way that i can imagine right now is to flash one of the prerooted firmwares and then flash CWM with Mobile Odin from within the system afterwards (I know Mobile Odin does not officialy support the Mega yet).
Is there any other way to get root and CWM without touching the binary counter and having to risk using "Triangle away" ?

According to some more experienced users, mega does not have a binary counter. It shows "customised" rather than a counter.
To flash a stock rom with stock recovery is sufficient to restore to its stock state.

dchsub said:
According to some more experienced users, mega does not have a binary counter. It shows "customised" rather than a counter.
To flash a stock rom with stock recovery is sufficient to restore to its stock state.
Click to expand...
Click to collapse
Thank you very much for your reply. If this is true, then that is really good news and a fair decision on Samsungs behalf, to make it that way.

Yes just the stock rom flashing from Odin will make it back in warranty and Real factory Default
IN case of Mega we don't need any triangle away/Binary counter reset kernel.

brunte said:
Thank you very much for your reply. If this is true, then that is really good news and a fair decision on Samsungs behalf, to make it that way.
Click to expand...
Click to collapse
I naively think, to make it easier to restore to stock state will decrease the chance to go service for those who will flash anyway. Triangle away can sometimes soft brick a samsung device.

[SM-N900*] CF-Auto-Root

PLEASE TEST IF YOU HAVE THE multitouch issue BEFORE ROOTING, AS ROOTING WILL VOID YOUR WARRANTY Read this post: http://forum.xda-developers.com/showpost.php?p=46293575&postcount=279. I have not had time to look into this myself unfortunately, as I'm travelling. Better safe than sorry.
Check your device model ! Settings -> About device -> Model number. See the third post for exact supported model numbers. If your device is a totally different model, it will not work (may even brick) !
CF-Root is the root for "rooting beginners" and those who want to keep as close to stock as possible. CF-Root is meant to be used in combination with stock Samsung firmwares, and be the quickest and easiest way for your first root.
Donate
CF-Root has been available for many devices (Galaxy S1, Galaxy Tab 7", Galaxy S2, Galaxy Note, Galaxy Nexus, Galaxy S3, and many more) and has clocked over 16 million downloads. This is not even counting custom ROMs that already include it. Don't be a leech, buy me a beer (and use the "Thanks" button!). Imagine if every CF-Root user has donated me $1...
What's installed
- SuperSU binary and APK
- Stock recovery
Installation and usage
Flash the CF-Auto-Root package as PDA in ODIN (details on how to do that are in next post), and your device should reboot into a modified recovery (signified by a large red Android logo) and it will install SuperSU for you and restore the stock recovery, and reboot back into Android.
If you don't get to the red Android logo, boot into recovery manually ("adb reboot recovery", or boot while holding Power+VolUp+Home).
Did you see the red Android logo during rooting, but SuperSU does not appear? This may sometimes occur due to left-over files and settings, however, you can usually install SuperSU from Google Play at this stage and it'll just work.
Flash counters and KNOX warranty
Using this root method sets current binary and system status to custom. Additionally, it will also trigger the KNOX warranty void status.
This device store the traditional flash counter. Nor is is possible with Triangle Away to reset the current binary status. You will need to flash a stock kernel and stock recovery to reset the binary status.
The KNOX warranty status change is permanent, and a service center may deny warranty based on this flag - even if the other flags are reset correctly. The KNOX flag being tripped may also prevent certain Samsung KNOX features from working (enterprise security features). If this is something you care about, use a root method not based on custom kernels or recoveries, like a modified system partition. These are possible, but I don't personally make them, so look around!
Why isn't this just called CF-Root
The traditional CF-Root's included a custom recovery (CWM, TWRP, etc) and were meant for devices that had a single kernel/recovery combination. CF-Auto-Root doesn't include a custom recovery and is meant for devices that have kernel and recovery separate (so you can manually install any custom recovery you wish). The Auto part comes from the fact that a large part of the process is automated (though it constantly needs adjusting)
Not included - Triangle Away
Unfortunately, Triangle Away cannot currently be used on this device to reset the binary status or KNOX warranty void. It can still usually reset the system status, but that is of limited use.
Not included - adbd Insecure TODO: STILL UNDER DEVELOPMENT. Hopefully I'll get this to work soon.
As this CF-Root does not include a custom kernel, adb shell does not have root access by default (you can still get it by typing su inside the shell), nor is adb remount supported, nor will adb push and adb pull work on system files. adbd Insecure can be used to remedy this situation. (No idea what this is about ? Don't worry about it !)
CF-Auto-Root homepage
http://autoroot.chainfire.eu/
CF-Auto-Root main thread
[CENTRAL] CF-Auto-Root
For requests for new roots and generic discussion - please keep device specific discussion in the thread you are viewing now.

Follow these instructions to the letter. Do not touch any buttons or checkboxes that are not listed below to touch!
- Download and unzip the CF-Auto-Root-....zip file (see posts below this one)
- If you end up with a recovery.img and cache.img file, you've extracted twice. You need to end up with a .tar.md5 file - don't extract that one
- (USB) Disconnect your phone from your computer
- Start Odin3-vX.X.exe
- Click the PDA button, and select CF-Auto-Root-....tar.md5
- Put your phone in download mode (turn off phone, then hold VolDown+Home+Power to boot - if it asks you to press a button to continue, press the listed button, or run adb reboot download command)
- (USB) Connect the phone to your computer
- Make sure Repartition is NOT checked
- Click the Start button
- Wait for Android to boot
- Done (if it took you more than 30 seconds, you need practise!)
NOTE: Sometimes the device does *not* boot into recovery mode and root your device. Just do the entire procedure again if this happens. If it still will not install root and such, make sure that in Odin "Auto Reboot" is not checked. Then after flashing, pull the battery, and boot with VolUp+Home+Power button to boot into recovery manually. This will start the install process.
New to Samsung? Unfamiliar with Odin? Think all the above is a hassle? Get used to it. It's very simple, and us Samsung folk use Odin (or Mobile ODIN ) for everything! It's so very very convenient once you get used to it. Notice the 30 second comment above? For experienced users, the entire process indeed takes only 30 seconds!
You may now optionally want to install and run Triangle Away to reset the flash counter.

Download
SM-N900 (International Exynos): CF-Auto-Root-ha3g-ha3gxx-smn900.zip
SM-N9005 (International Qualcomm): CF-Auto-Root-hlte-hltexx-smn9005.zip
(only works on 4.4 bootloaders, if you're still on 4.3 use the old version which you can find here: http://d-h.st/J32)
SM-N900T (T-Mobile US): CF-Auto-Root-hltetmo-hltetmo-smn900t.zip
SM-N900P (Sprint): CF-Auto-Root-hltespr-hltespr-smn900p.zip
SM-N900R4 (US Cellular): CF-Auto-Root-hlteusc-hlteusc-smn900r4.zip
SM-N900W8 (Canadia): CF-Auto-Root-hltecan-hlteub-smn900w8.zip
SM-N900S (Korea): CF-Auto-Root-hlteskt-hlteskt-smn900s.zip
SM-N9002 (China): CF-Auto-Root-hlte-h3gduoszn-smn9002.zip
SM-N9006 (China): CF-Auto-Root-hlte-h3gzc-smn9006.zip
SM-N9008 (China): CF-Auto-Root-hlte-h3gzm-smn9008.zip
SM-N9009 (China, untested): CF-Auto-Root-hlte-h3gduosctc-smn9009.zip
Untested versions: please let me know if they work!
Other models
T-Mobile US thread: http://forum.xda-developers.com/showthread.php?t=2467369
Sprint thread: http://forum.xda-developers.com/showthread.php?t=2469904
CF-Auto-Root is not yet available for all carrier-specific Note3's. Link me to stock firmwares for these devices as they appear, and I might be able to make a device-specific CF-Auto-Root.

What is happening Chainfire? The dev are working on some solution for the knox efuse? I am thinking about a software which can restore that flag or a software which skips triggering while rooting.. for this you guys need to sign the modified stuff which is hard. How you see the things at the moment? This is the only thing what is holding me back to buy the note 3 at the moment...

wooohooo... finally.. waiting for SM-n900 version

Waiting your great work for the Exynos model as well...
You asked for a stock firmware link here is one for N900 model: http://www.hotfile.com/dl/247435453/e638485/N900XXUBMI5_N900OJVBMI1_XFU.zip.html
Actually I need for N9000Q model but on Sammobile there were just N900 model, i hope those are same since both of them are for the same device (Exynos).

waiting sm-n9000Q root

Here is some mirrors for N900 stock firmware:
https://disk.yandex.ru/public/?hash=6S6f3t8/YXndZY264OWRBWExcagIsZ3qpLlgSQchtXE=
http://uploaded.net/file/heepon2s
http://hotfile.com/dl/248328141/19b7fd7/SER-N900XXUBMI5-20131001102120.zip.html

Many thanks man ????
Sent from my SM-N9005 using XDA Premium 4 mobile app

Thanks Chainfire, just in time for my N9005 arriving from Vodafone tomorrow

I hope someone could find a solution to reset Knox counter. I need root but also my warranty
Inviato dal mio SM-N9005 con Tapatalk 4

mouse100 said:
I hope someone could find a solution to reset Knox counter. I need root but also my warranty
Inviato dal mio SM-N9005 con Tapatalk 4
Click to expand...
Click to collapse
I was gonna hold off from rooting, but then just thought to myself, any time my previous Samsung phones have had a fault, like with the charging port, or head phone socket, I've just bought the part from eBay and fixed it myself. The only time it's gone back to Samsung was when my Note 2 had the sleep of death.
In which case, they would not be able to tell anything from it as the emmc screwed itself over. In light of this I probably will root it now the big guy @Chainfire has done his magic.
I'm currently still waiting for a response from Samsung about whether warranty on the hardware would still be void if the Knox counter read anything other than 0x0.
Sent from my SM-N9005 using Tapatalk 4

RavenY2K3 said:
I was gonna hold off from rooting, but then just thought to myself, any time my previous Samsung phones have had a fault, like with the charging port, or head phone socket, I've just bought the part from eBay and fixed it myself. The only time it's gone back to Samsung was when my Note 2 had the sleep of death.
In which case, they would not be able to tell anything from it as the emmc screwed itself over. In light of this I probably will root it now the big guy @Chainfire has done his magic.
I'm currently still waiting for a response from Samsung about whether warranty on the hardware would still be void if the Knox counter read anything other than 0x0.
Sent from my SM-N9005 using Tapatalk 4
Click to expand...
Click to collapse
No everyone is able to repair their own smartphone with hw parts, like you however please post samsung answer about warranty if Knox counter is voided. I think it's important for everyone to understand their policy about this.
Galaxy Note 3 | SM-9005 | Tapatalk

mouse100 said:
No everyone is able to repair their own smartphone with hw parts, like you however please post samsung answer about warranty if Knox counter is voided. I think it's important for everyone to understand their policy about this.
Galaxy Note 3 | SM-9005 | Tapatalk
Click to expand...
Click to collapse
Lol, it honestly isn't difficult in the slightest. Think of it as a jigsaw puzzle. Samsung's are one of the easiest manufacturer of devices to repair. "If" Sammy are so kind to respond to me, I'll be posting the reply as soon as it comes through.
Sent from my SM-N9005 using Tapatalk 4

RavenY2K3 said:
I was gonna hold off from rooting, but then just thought to myself, any time my previous Samsung phones have had a fault, like with the charging port, or head phone socket, I've just bought the part from eBay and fixed it myself. The only time it's gone back to Samsung was when my Note 2 had the sleep of death.
In which case, they would not be able to tell anything from it as the emmc screwed itself over. In light of this I probably will root it now the big guy @Chainfire has done his magic.
I'm currently still waiting for a response from Samsung about whether warranty on the hardware would still be void if the Knox counter read anything other than 0x0.
Sent from my SM-N9005 using Tapatalk 4
Click to expand...
Click to collapse
For me warranty still important. Because last time i use galaxy note 1, while change rom from cm10 to miui my note bricked. Then samsung replace my board to new one without pay anything
Sent from my SM-N900 using xda premium

monyozt said:
For me warranty still important. Because last time i use galaxy note 1, while change rom from cm10 to miui my note bricked. Then samsung replace my board to new one without pay anything
Sent from my SM-N900 using xda premium
Click to expand...
Click to collapse
That's what my point is about, sort of, if you brick your phone to the point where you get absolutely no output whatsoever, they wouldn't be able to tell what had happened anyway, and would have to change it.
Sent from my SM-N9005 using Tapatalk 4

Will this method work with my phone
Model SM -N9005
Baseband - N9005XXUBMI6
Build - JSS15J.N9005XXUBMI7
I got the phone through Vodafone and i believe it has thier own firmware on there as it had Vodafone bundled apps on it.
And can i just check all this about KNOX warranty... It doesnt stop the phone working in anyway at all..... all it does it void the warranty? can i still use KNOX?
Thanks Guys

Amazing thank u so much waitin for n900 version
Sent from my SM-N900 using Tapatalk 4

DTMHibbert10 said:
Will this method work with my phone
Model SM -N9005
Baseband - N9005XXUBMI6
Build - JSS15J.N9005XXUBMI7
I got the phone through Vodafone and i believe it has thier own firmware on there as it had Vodafone bundled apps on it.
And can i just check all this about KNOX warranty... It doesnt stop the phone working in anyway at all..... all it does it void the warranty? can i still use KNOX?
Thanks Guys
Click to expand...
Click to collapse
No, if you root you can also not use Knox anymore. May be never!

Thanks Dude! waiting for SM-n900 version
Envoyé avec Gnote 3 SM-N 900