<-- Articles Index / How to root the Samsung Galaxy S3 SCH-S968C (H1 and H2 basebands)
How to root the Samsung Galaxy S3 SCH-S968C (H1 and H2 basebands)
*LEGAL DISCLAIMER: The information in this tutorial is intended for educational purposes only. Following the
instructions herein may void a device's warranty and/or otherwise render the device UNUSABLE ("bricked").
Extreme caution and care should be taken anytime you flash images to your cell phone's bootloader or install
pre-boot software using various recovery tools. This website makes no warranties express or implied. Use at
your own risk!
NOTE:For questions, comments, or to report dead links, please use the
What is "rooting" and why "root" a phone?
"Rooting" a device is the act of gaining complete access to the device, allowing you to modify the system in ways
in which the average user would be restricted. The name is derived from the ability to execute a process or app
in the context of the user with the highest permissions ("root") on cell phones running Linux (such as Android).
This is equivalent to "Jailbreaking" an iPhone or other Apple iOS device.
A cell phone carrier (or company) might not want its users to have full control of a device to enforce certain
parts of their terms and conditions of service. A customer that does not have full control of a device might
not be able to switch phone carriers. Lack of full control also prevents the user from running certain apps
such as those that allow "tethering". "Tethering" essentially turns your phone into a portable Wifi hotspot for
other devices to access the internet and companies know people will use more bandwidth than normal under such
configurations. Other reasons include keeping the proprietary modifications made to the Android build running
on your phone a secret (despite that the core OS itself is open-source) or to prevent users from uninstalling
"stock" apps that cannot normally be uninstalled. Such apps are those that may be used to track the user easily
and to provide valuable marketing revenue which is used to offset the cost you actually paid for the phone. Or,
perhaps you paid full price for the phone and they wish to track you anyway :)
Whatever the good reasons a cell phone company might want to prevent a user from rooting a device the user
paid money for and owns, gaining this level of control has many legitimate reasons. Rooting your phone is
almost essential if you are a developer or would like to diagnose hardware problems with your device.
Rooting however is not illegal depending on your reasons for doing so.
Mainly, its what you do with your rooted device that could
violate your terms of service. The US Copyright Office announced a Digital Millennium Copyright Act (DMCA) exemption in
followed by a renewal of the excemption in 2012 to allow the "jailbreaking of smartphones" for another 3 years.
Congress renewed the exemption again as follows:
Computer programs that enable smartphones and portable all-
purpose mobile computing devices to execute lawfully obtained
software applications, where circumvention is accomplished for the
sole purpose of enabling interoperability of such applications with
computer programs on the smartphone or device, or to permit
removal of software from the smartphone or device.
Please be aware that the process described below may be against the terms and conditions you have with your
phone service carrier, will likely void your warranty (if you have one), and may render your device
UNUSABLE. Please exercise extreme caution! Read all the steps first before you commit to do anything and if at
any point you are uncomfortable with the process, STOP.
Original Article Date: April 18, 2016
Section #1 - Determine your build Version
This tutorial was written specifically for the Samsung Galaxy S3 SCH-S968C phone usually used with a
Straight Talk / Total Wireless / Tracfone service plan. These are CDMA-V (Verizon) phones.
The "SCH" prefix in the model means Verizon. The model ending in "C" means Straight Talk/TRACFONE.
The steps for rooting most devices are specific to that device's
hardware. If you have the phone just described, you need to check your firmware version.
Navigate to your phone's Settings menu and scroll down to "About device"
Verify your model number is SCH-S968C
If your baseband version ends in "H1", proceed to section #2
If your baseband version ends in "H2" (e.g. S968CUDUANH2) , proceed to section #3
Section #2 - Android OS build prior to August 7, 2014
If your phone's baseband ends in H1, you should see a date in "Kernel version" prior to August 7, 2014.
These devices contain security vulnerabilities that essentially provide an open
back-door to gain root access. Your phone can be rooted in seconds with a number of programs that exploit the specific
vulnerabilities in this build version. The two top choices in the community are a Windows program
Cydia-Impactor and the
TowelRoot app. Any one of these methods will root your phone in seconds
and you are done!
Section #3 - Android OS build on or after August 7, 2014
If your phone's baseband ends in H2, there are no known security vulnerabilities (at the time of this writing)
that can be easily exploited to gain a quick back-door entry into your phone.
Luckily, a method was discovered on September 27th 2015 first reported by in the
that reliably works with these devices. The steps below were compiled from the remainder of that blog thread
along with my own experience. Credit for goes to Bumpum (for discovering it), Droidriven (for a breakdown of
the process) and canodroid15 and Fenix2002 for their input and verification.
Before this method was discovered, those that had an "H2" baseband device had "downgrade" to the factory "H1"
version (available on the internet) which was then rooted with the method described above. Not only was this a
riskier process due to having to completely wipe the factory OS and installing the older version, many reported
hardware problems (random inability to make calls, or lost internet connections) using the older build. This
indicated that the hardware on these devices might not be 100% compatible with the older "H1" build. You also
lost all of your data. You might be better off to do your research and buy a newer phone that is known-rootable
than to try and root this device with the old method.
Luckily the method explained below will not require you to factory reset your device, use a different build of
the device's operating system or otherwise lose any data. The phone should be left unchanged, except it will be
rooted. Although there are always risks of losing data while tampering with your phone, I consider the method outlined
below relatively safe compared to what people were doing before it was discovered.
This method uses the recovery console to install the "rooting" program before the OS boots, bypassing the
protections. Once booted, the installed root program (SuperSU) will be your back-door anytime you need root
Let's get started!
Step #0 - Prerequisites:
An external microSD memory card to store the SuperSU binary and optionally backup your
I don't think this is absolutely required as the TWP recovery console can install the SuperSU binary
directly from a folder from the internal memory storage, but its a good idea to have one to make
a backup image of the device BEFORE you root the device, so you can restore your device in case
something goes wrong! Since the internal storage for this device is 16 GB, you want a microSD
card of at least a 16 GB.
Back up any important data on the device. You shouldn't lose anything in this process, however its a good practice to backup
important data. Anytime you are flashing images, there is always the risk of "bricking" your device.
Ensure USB Debugging is enabled on the device: Settings -> Developer Options -> USB debugging -> CHECKED
A Windows machine with the Samsung USB Driver for Mobile Phones
installed to run the Odin flash tool. If you have a Mac you can reportedly use the JOdin or
Heimdall open-source tools instead of Odin. Besides the Odin specifics in this tutorial, you
should still be able to follow the same steps and root your device with your Mac.
The original "stock" USB cable that came with the device. This is highly recommended, but
obviously not an absolute requirement.
Step #1 - Download Files
You'll need to download the files below to root this device. Please report any dead links using the
contact form link at the top of this page.
An officially-leaked Windows tool used for flashing Samsung devices. Later versions of Odin may
not work with older devices. This version (as well as others in the 3.10 series) is confirmed
to work with this device. Simply unzip the contents of this archive into its own directory.
Odin is started by simply running the EXE.
This is the app that will actually root your device. You won't have the proper
permissions to install this with your device running normally. The trick is installing
it before the operating system boots. IMPORTANT NOTE: you need the ZIP version, not the APK version!
This is a custom TWRP (Team Win Recovery Project) v18.104.22.168 recovery console replacement for the
factory-installed one. The factory recovery console won't let you install
what we're going to install and does not have the features to properly image your device for an
so you're really solving two problems instead of one by installing this. This is a
"d2tfnvzw" version built specifically for the SCH-S968C hardware and is the only one recommended
at this time. Information can be found about the more general "d2vzw" image
but the "TFN" (CSC code) version needed by this device is not available on that site.
Once flashed onto your device, this tool allows you to install SuperSU before the device boots
(rooting the device) and also gives you the option to backup and restore images of your device's
internal filesystems, should you ever need to revert to them in an emergency. After you
download this file, make sure the size and hash match below:
Step #2 - Charge, unplug and power-off the device
To ensure your device doesn't die at a critical moment during this process, its a good idea to
charge your device first. When done charging, unplug it from your computer or charger and power it off.
Step #3 - Copy the SuperSU ZIP to the external SD card
The UPDATE-SuperSU-vX.XX-XXXX.zip file you downloaded above should be copied to the your microSD external memory card.
I found it easier to use my computer to copy the file onto the card than to download it from the device itself, but use
whatever method you find the easiest. After the file has been copied to the memory card, ensure it is plugged in to the
device (a slot near the battery).
Step #4 - Start Odin
Ensure no other programs that interface with your Android device are running on your PC (such as
Samsung Kies or ADB), then start Odin - but don't plug the device in just yet.
Step #5 - Boot Device in "download" mode
Turn the device on by pressing and holding the following button sequence until you see activity on the
screen: "Volume Down" + "Home" + "Power".
Shortly thereafter, you should be at a "warning" screen. As prompted, press the
"Volume Up" button to enter "download" mode (A screen with a giant Android logo). The first time
you do this, you'll see the following information on the download screen (different than in the image
PRODUCT NAME: SCH-S968C
CUSTOM BINARY DOWNLOAD: No
CURRENT BINARY: Samsung Official
SYSTEM STATUS: Official
QUALCOMM SECUREBOOT: ENABLE
Do not turn off target!!
Step #6 - Connect Device to PC
Connect the device to the PC using the USB cable. If the device is properly recognized in Odin,
you'll see a blue comm# box and the log will display <ADDED!>. If you do not, some
troubleshooting tips are to ensure you are using the "stock" USB cable that came with the device. You
can also try using a different USB port and ensuring no other programs are using or attempting to use
the Android device.
Step #7 - Select the TWRP Recovery Console image
After the device is properly recognized in Odin, click the "AP" button and then select the
TWRP-d2tfnvzw-sch-s968c.tar.md5 file you downloaded above.
Step #8 - Disable Autoreboot
The "AP" checkbox should now be checked. Clicking on the "Options" tab, ensure the "autoreboot"
option is UNCHECKED. You want this option off because if the OS boots normally after flashing the new
recovery console, it may recognize that the factory version has been tampered with and reload it. In my
experience though, the newly flashed recovery console persisted after multiple reboots before I actually
rooted the device.
Step #9 - Flash the new Recovery Console
Click START in Odin and wait for flash operation to complete. You should see multiple log messages and a green
"PASS" when the flash operation is complete. The entire process takes about 10 seconds. Your log should
look something like the one below:
<OSM> Enter CS for MD5..
<OSM> Binary Check MD5.. Do not unplug the cable..
<OSM> Please wait..
<OSM> Checking MD5 finished Sucessfully..
<OSM> Leave CS..
<ID:0/004> Odin engine v(ID:3.1100)..
<ID:0/004> File analysis..
<ID:0/004> Get PIT for mapping..
<ID:0/004> Firmware update start..
<ID:0/004> NAND Write Start!!
<ID:0/004> RQT_CLOSE !!
<ID:0/004> RES OK !!
<ID:0/004> Remain Port .... 0
<OSM> All threads completed. (succeed 1 / failed 0)
Step #10 - Disconnect Device from PC
Unplug the USB cable from the Device and you can close Odin.
Step #11 - Start Device in new Recovery Console
The Android logo will still be on you device's display.
Press and hold the "Volume Up" + "Home" + "Power" buttons to start the
newly flashed TWRP recovery console. Continue holding the buttons until you see activity on the screen.
If the device boots normally without entering the recovery console (see images below), simply turn the
phone off and repeat the button sequence. If you don't see any of the TWRP screens below (i.e. the
original factory recovery console appears because it was restored by the normal boot process), go back
to Step 5 and re-flash the recovery console and when you get back to this step, open the battery cover,
pull the battery, wait about 10 seconds, and reinstall battery to force the device to turn off without
Then press and hold the "Volume Up" + "Home" + "Power" sequence.
NOTE: My device did not restore the factory recovery console during the normal boot process. I could
continue to access the TWRP console before and after rooting the phone. This is because current
versions (including 22.214.171.124 and later) of the TWRP recovery console patch the stock ROM to prevent the OS
from reverting back to the factory recovery console.
Step #12 - Backup your Device
This step is optional, but especially at this point, you should create an image of your device's
internal memory before you try to root the device. To do this, use the "backup" option from the
recovery console's main menu to create an image of your stock firmware. Ensure you select "Micro
SDcard" for the "Storage" option so the backup image is stored on the removable SD card. This image can
be used in an emergency to restore your device to where it was before you tried to root it should
something go wrong. To restore just boot to the recovery console and select the "restore" option.
Step #13 - Install SuperSU
From the recovery console's main menu, select "Install" and choose the
UPDATE-SuperSU-vX.XX-XXXX.zip file you copied to the microSD external memory card
("external_sd" path). You will see the following warning:
This operation may install incompatible software and render your device unusable.
Continue with the install anyway because you did a backup, didn't you?
NOTE: If you try and reboot the device without having installed SuperSU,
you will be prompted to install it before rebooting, however the SuperSU that is
apparently built-in to the recovery console didn't root the device for me after
the reboot, so use the SuperSU you downloaded as explained above.
Step #14 - You're Rooted!
If SuperSU is successfully installed, reboot the device and you should be rooted.
The system finalizes the installation of SuperSU on the first reboot of the device, so you may notice
some messages about finishing the installation.
Your device and all of your data should be the same as before you rooted it besides having a new
(but better) recovery console for emergencies and SuperSU showing up in your app list.
Congratulations, you can now enjoy full control of the device!
To verify you have root privileges,
run the "su" command from the free
Terminal Emulator app (running directly on the device)
or run it from an ADB shell from your host computer (ADB comes with the
Android SDK). This command opens a
shell with "root" privileges which can be exited with the "exit" command.
If you don't get any errors, your device has been successfully rooted.
Another method is to install the free
Samsung Phone INFO app
which will tell you if you are rooted at the top of the "ANDROID" information page.