NOTE: For questions, comments, or to report dead links, please use the Contact Form.


What is "rooting" and why "root" a phone?

"Rooting" a device is the act of gaining complete access to the device, allowing you to modify the system in ways in which the average user would be restricted. The name is derived from the ability to execute a process or app in the context of the user with the highest permissions ("root") on cell phones running Linux (such as Android). This is equivalent to "Jailbreaking" an iPhone or other Apple iOS device.

A cell phone carrier (or company) might not want its users to have full control of a device to enforce certain parts of their terms and conditions of service. A customer that does not have full control of a device might not be able to switch phone carriers. Lack of full control also prevents the user from running certain apps such as those that allow "tethering". "Tethering" essentially turns your phone into a portable Wifi hotspot for other devices to access the internet and companies know people will use more bandwidth than normal under such configurations. Other reasons include keeping the proprietary modifications made to the Android build running on your phone a secret (despite that the core OS itself is open-source) or to prevent users from uninstalling "stock" apps that cannot normally be uninstalled. Such apps are those that may be used to track the user easily and to provide valuable marketing revenue which is used to offset the cost you actually paid for the phone. Or, perhaps you paid full price for the phone and they wish to track you anyway :)

Whatever the good reasons a cell phone company might want to prevent a user from rooting a device the user paid money for and owns, gaining this level of control has many legitimate reasons. Rooting your phone is almost essential if you are a developer or would like to diagnose hardware problems with your device.

Rooting however is not illegal depending on your reasons for doing so. Mainly, its what you do with your rooted device that could violate your terms of service. The US Copyright Office announced a Digital Millennium Copyright Act (DMCA) exemption in July 2010, followed by a renewal of the excemption in 2012 to allow the "jailbreaking of smartphones" for another 3 years. In October 2015, Congress renewed the exemption again as follows:



Please be aware that the process described below may be against the terms and conditions you have with your phone service carrier, will likely void your warranty (if you have one), and may render your device UNUSABLE. Please exercise extreme caution! Read all the steps first before you commit to do anything and if at any point you are uncomfortable with the process, STOP.




Section #1 - Determine your build Version
This tutorial was written specifically for the Samsung Galaxy S3 SCH-S968C phone usually used with a Straight Talk / Total Wireless / Tracfone service plan. These are CDMA-V (Verizon) phones. The "SCH" prefix in the model means Verizon. The model ending in "C" means Straight Talk/TRACFONE.

The steps for rooting most devices are specific to that device's hardware. If you have the phone just described, you need to check your firmware version.

• Navigate to your phone's Settings menu and scroll down to "About device"
• Verify your model number is SCH-S968C
• If your baseband version ends in "H1", proceed to section #2
  If your baseband version ends in "H2" (e.g. S968CUDUANH2) , proceed to section #3

Section #2 - Android OS build prior to August 7, 2014
If your phone's baseband ends in H1, you should see a date in "Kernel version" prior to August 7, 2014. These devices contain security vulnerabilities that essentially provide an open back-door to gain root access. Your phone can be rooted in seconds with a number of programs that exploit the specific vulnerabilities in this build version. The two top choices in the community are a Windows program named Cydia-Impactor and the TowelRoot app. Any one of these methods will root your phone in seconds and you are done!

Section #3 - Android OS build on or after August 7, 2014
If your phone's baseband ends in H2, there are no known security vulnerabilities (at the time of this writing) that can be easily exploited to gain a quick back-door entry into your phone.

Luckily, a method was discovered on September 27th 2015 first reported by in the xda-developers forums that reliably works with these devices. The steps below were compiled from the remainder of that blog thread along with my own experience. Credit for goes to Bumpum (for discovering it), Droidriven (for a breakdown of the process) and canodroid15 and Fenix2002 for their input and verification.

Before this method was discovered, those that had an "H2" baseband device had "downgrade" to the factory "H1" version (available on the internet) which was then rooted with the method described above. Not only was this a riskier process due to having to completely wipe the factory OS and installing the older version, many reported hardware problems (random inability to make calls, or lost internet connections) using the older build. This indicated that the hardware on these devices might not be 100% compatible with the older "H1" build. You also lost all of your data. You might be better off to do your research and buy a newer phone that is known-rootable than to try and root this device with the old method.

Luckily the method explained below will not require you to factory reset your device, use a different build of the device's operating system or otherwise lose any data. The phone should be left unchanged, except it will be rooted. Although there are always risks of losing data while tampering with your phone, I consider the method outlined below relatively safe compared to what people were doing before it was discovered. This method uses the recovery console to install the "rooting" program before the OS boots, bypassing the protections. Once booted, the installed root program (SuperSU) will be your back-door anytime you need root permissions.

Let's get started!

• Step #0 - Prerequisites:
  
  
  • An external microSD memory card to store the SuperSU binary and optionally backup your device. I don't think this is absolutely required as the TWP recovery console can install the SuperSU binary directly from a folder from the internal memory storage, but its a good idea to have one to make a backup image of the device BEFORE you root the device, so you can restore your device in case something goes wrong! Since the internal storage for this device is 16 GB, you want a microSD card of at least a 16 GB.
  • Back up any important data on the device. You shouldn't lose anything in this process, however its a good practice to backup important data. Anytime you are flashing images, there is always the risk of "bricking" your device.
  • Ensure USB Debugging is enabled on the device: Settings -> Developer Options -> USB debugging -> CHECKED
  • A Windows machine with the Samsung USB Driver for Mobile Phones installed to run the Odin flash tool. If you have a Mac you can reportedly use the JOdin or Heimdall open-source tools instead of Odin. Besides the Odin specifics in this tutorial, you should still be able to follow the same steps and root your device with your Mac.
  • The original "stock" USB cable that came with the device. This is highly recommended, but obviously not an absolute requirement.
• Step #1 - Download Files
  You'll need to download the files below to root this device. Please report any dead links using the contact form link at the top of this page.
  
  

  Samsung Odin 3.10.7 Alternate Link		An officially-leaked Windows tool used for flashing Samsung devices. Later versions of Odin may not work with older devices. This version (as well as others in the 3.10 series) is confirmed to work with this device. Simply unzip the contents of this archive into its own directory. Odin is started by simply running the EXE. Odin3_v3.10.7.zip / size=1,110,104 (1.1 MB) / md5=f7884c51b7277b82e7ed95b43a090a82
  SuperSU 2.65 Alternate Link SuperSU (Latest .ZIP version)		This is the app that will actually root your device. You won't have the proper permissions to install this with your device running normally. The trick is installing it before the operating system boots. IMPORTANT NOTE: you need the ZIP version, not the APK version! UPDATE-SuperSU-v2.65-20151226141550.zip / size=4,254,181 bytes (4.1 MB) / md5=419d48a14d8ae9f247cd9266e14ad8cf
  TWRP-d2tfnvzw-sch-s968c.tar.md5 Alternate Link		This is a custom TWRP (Team Win Recovery Project) v2.8.7.0 recovery console replacement for the factory-installed one. The factory recovery console won't let you install what we're going to install and does not have the features to properly image your device for an nandroid backup, so you're really solving two problems instead of one by installing this. This is a "d2tfnvzw" version built specifically for the SCH-S968C hardware and is the only one recommended at this time. Information can be found about the more general "d2vzw" image HERE, but the "TFN" (CSC code) version needed by this device is not available on that site. Once flashed onto your device, this tool allows you to install SuperSU before the device boots (rooting the device) and also gives you the option to backup and restore images of your device's internal filesystems, should you ever need to revert to them in an emergency. After you download this file, make sure the size and hash match below: TWRP-d2tfnvzw-sch-s968c.tar.md5 / size=8,970,302 bytes (8.6 MB) / md5=db8b3ac539b74b8a2d3bce64e557da1c

• Step #2 - Charge, unplug and power-off the device
  To ensure your device doesn't die at a critical moment during this process, its a good idea to charge your device first. When done charging, unplug it from your computer or charger and power it off.
• Step #3 - Copy the SuperSU ZIP to the external SD card
  The UPDATE-SuperSU-vX.XX-XXXX.zip file you downloaded above should be copied to the your microSD external memory card. I found it easier to use my computer to copy the file onto the card than to download it from the device itself, but use whatever method you find the easiest. After the file has been copied to the memory card, ensure it is plugged in to the device (a slot near the battery).
• Step #4 - Start Odin
  Ensure no other programs that interface with your Android device are running on your PC (such as Samsung Kies or ADB), then start Odin - but don't plug the device in just yet.
• Step #5 - Boot Device in "download" mode Turn the device on by pressing and holding the following button sequence until you see activity on the screen: "Volume Down" + "Home" + "Power". Shortly thereafter, you should be at a "warning" screen. As prompted, press the "Volume Up" button to enter "download" mode (A screen with a giant Android logo). The first time you do this, you'll see the following information on the download screen (different than in the image below):
  
  

  ODIN MODE PRODUCT NAME: SCH-S968C CUSTOM BINARY DOWNLOAD: No CURRENT BINARY: Samsung Official SYSTEM STATUS: Official QUALCOMM SECUREBOOT: ENABLE <android picture> Downloading... Do not turn off target!!

• Step #6 - Connect Device to PC
  Connect the device to the PC using the USB cable. If the device is properly recognized in Odin, you'll see a blue comm# box and the log will display <ADDED!>. If you do not, some troubleshooting tips are to ensure you are using the "stock" USB cable that came with the device. You can also try using a different USB port and ensuring no other programs are using or attempting to use the Android device.
  
  
• Step #7 - Select the TWRP Recovery Console image
  After the device is properly recognized in Odin, click the "AP" button and then select the TWRP-d2tfnvzw-sch-s968c.tar.md5 file you downloaded above.
  
  
• Step #8 - Disable Autoreboot
  The "AP" checkbox should now be checked. Clicking on the "Options" tab, ensure the "autoreboot" option is UNCHECKED. You want this option off because if the OS boots normally after flashing the new recovery console, it may recognize that the factory version has been tampered with and reload it. In my experience though, the newly flashed recovery console persisted after multiple reboots before I actually rooted the device.
  
  
• Step #9 - Flash the new Recovery Console
  Click START in Odin and wait for flash operation to complete. You should see multiple log messages and a green "PASS" when the flash operation is complete. The entire process takes about 10 seconds. Your log should look something like the one below:
  

  <ID:0/004> Added!!
  <OSM> Enter CS for MD5..
  <OSM> Binary Check MD5.. Do not unplug the cable..
  <OSM> Please wait..
  <OSM> Checking MD5 finished Sucessfully..
  <OSM> Leave CS..
  <ID:0/004> Odin engine v(ID:3.1100)..
  <ID:0/004> File analysis..
  <ID:0/004> SetupConnection..
  <ID:0/004> Initialzation..
  <ID:0/004> Get PIT for mapping..
  <ID:0/004> Firmware update start..
  <ID:0/004> SingleDownload.
  <ID:0/004> recovery.img
  <ID:0/004> NAND Write Start!! 
  <ID:0/004> RQT_CLOSE !!
  <ID:0/004> RES OK !!
  <ID:0/004> Remain Port ....  0 
  <OSM> All threads completed. (succeed 1 / failed 0)
  

• Step #10 - Disconnect Device from PC
  Unplug the USB cable from the Device and you can close Odin.
• Step #11 - Start Device in new Recovery Console
  The Android logo will still be on you device's display. Press and hold the "Volume Up" + "Home" + "Power" buttons to start the newly flashed TWRP recovery console. Continue holding the buttons until you see activity on the screen. If the device boots normally without entering the recovery console (see images below), simply turn the phone off and repeat the button sequence. If you don't see any of the TWRP screens below (i.e. the original factory recovery console appears because it was restored by the normal boot process), go back to Step 5 and re-flash the recovery console and when you get back to this step, open the battery cover, pull the battery, wait about 10 seconds, and reinstall battery to force the device to turn off without booting. Then press and hold the "Volume Up" + "Home" + "Power" sequence.
  
  NOTE: My device did not restore the factory recovery console during the normal boot process. I could continue to access the TWRP console before and after rooting the phone. This is because current versions (including 2.8.7.0 and later) of the TWRP recovery console patch the stock ROM to prevent the OS from reverting back to the factory recovery console.
  
  
• Step #12 - Backup your Device
  This step is optional, but especially at this point, you should create an image of your device's internal memory before you try to root the device. To do this, use the "backup" option from the recovery console's main menu to create an image of your stock firmware. Ensure you select "Micro SDcard" for the "Storage" option so the backup image is stored on the removable SD card. This image can be used in an emergency to restore your device to where it was before you tried to root it should something go wrong. To restore just boot to the recovery console and select the "restore" option.
  
  
• Step #13 - Install SuperSU
  From the recovery console's main menu, select "Install" and choose the UPDATE-SuperSU-vX.XX-XXXX.zip file you copied to the microSD external memory card ("external_sd" path). You will see the following warning:
  

      This operation may install incompatible software and render your device unusable.
  

  Continue with the install anyway because you did a backup, didn't you?
  
  NOTE: If you try and reboot the device without having installed SuperSU, you will be prompted to install it before rebooting, however the SuperSU that is apparently built-in to the recovery console didn't root the device for me after the reboot, so use the SuperSU you downloaded as explained above.
  
  
• Step #14 - You're Rooted!
  If SuperSU is successfully installed, reboot the device and you should be rooted. The system finalizes the installation of SuperSU on the first reboot of the device, so you may notice some messages about finishing the installation. Your device and all of your data should be the same as before you rooted it besides having a new (but better) recovery console for emergencies and SuperSU showing up in your app list. Congratulations, you can now enjoy full control of the device!
  
  To verify you have root privileges, run the "su" command from the free Terminal Emulator app (running directly on the device) or run it from an ADB shell from your host computer (ADB comes with the Android SDK). This command opens a shell with "root" privileges which can be exited with the "exit" command. If you don't get any errors, your device has been successfully rooted. Another method is to install the free Samsung Phone INFO app which will tell you if you are rooted at the top of the "ANDROID" information page.