Sick of network provider bloatware on your phone? Want your Android phone unlocked? Darren Yates shows you how to gain root access and install new ROMs.
The first question any hardcore Android user asks when they get hold of a new phone is: ‘How do you root it?’ Before you raise an eyebrow, rooting a phone is the process of gaining root access to the device’s operating system and allows you full control. It’s not a process without risk, but one many users gladly perform for the world of opportunities it opens up.
Everyone hates the bloatware that clogs up most network-locked phones, apps you neither want or need, but can’t delete because they’re baked into the OS. With a rooted phone, you can get rid of them fast. A rooted phone also lets you install custom community versions of Android called ROMs, which can bring all kinds of benefits — zero bloatware, smaller size, faster performance and a newer Android version not yet available from your phone provider.
As you’re about to discover, gaining root access is part of a preventative fix for one particular phone.
You can take it to the bank that rooting your phone will void your warranty. Although the odds are small, rooting gone wrong could damage your phone beyond repair (brick it). That said, some of the most popular phones are already at much greater risk of bricking themselves before you start doing anything remotely funky.
The Galaxy S2 Superbrick Bug
Samsung might well be the world’s most popular smartphone maker right now, but its huge-selling Galaxy S2 and S3 phones are at risk of bricking themselves by simply installing factory updates.
The S2 launched with Android 2.3 and received a 4.0.4 update. When combined with a fault found in the eMMC storage chip firmware, the S2 can superbrick itself (die an unrecoverable death) if you perform a data wipe/factory reset from the phone’s recovery mode and as some claim, even from its Android ‘factory reset’ function. It’s called the Superbrick Bug. If you have a Galaxy S2, you can check if you have the problem eMMC chip with the free eMMC Brickbug Check app on Google Play. If you have the chip and you’re using the official Samsung Android 4.0.4 update, tread very carefully.
What’s extraordinary is the bug exists with the official updates — no rooting or community ROMs are required. It’s also a frustrating problem that’s not guaranteed to occur on the first occasion you try a factory reset. You may not see it until the third or fifth or subsequent tries. When it happens, the phone becomes superbricked and has to be sent back to Samsung for repair.
If you’re interested in the gory detail, there’s a great back story written by CyanogenMod (CM) developer Andrew Dodd and his dealings with Samsung to find the fix. It wasn’t a happy experience. In fact, the lack of support from Samsung for the custom ROM community has seen some of the major community developers walk away from further Samsung work. Team Hacksung, the group behind the Samsung versions of the popular CM ROMs, has reportedly said it’s had enough of Samsung and won’t be supporting the new Galaxy S4. That forced the CM team to come out and deny rumours that it would also boycott the phone, saying it doesn’t yet have a stance one way or the other and won’t before the phone is released.
Galaxy S2 rooting the right way
You can still root and flash a new ROM on the Galaxy S2. In fact, until the official Android 4.1.2 update was released in Australia in late March, rooting your S2 was an important step in avoiding superbricking.
Technically, the bug lies inside the S2’s Android 4.0.4 kernel, caused by a function called ‘secure flash erase’ ( MMC_CAP_ERASE ). Unlike the original Android 2.3.6 OS that came with the S2, Samsung’s Android 4.0.4 release performs a low-level erase whenever you do a factory reset — that’s a bit like automatically flashing the BIOS on a motherboard when you’re just reinstalling the OS on the hard drive. In combination with the problem flash chips, it corrupts the \data partition, superbricking the phone. Given you can ‘factory reset’ your phone through the ‘Settings’ menu, it’s a dangerous fault to have.
There is a solution. First, root your phone and straight way, flash a new ‘insecure’ kernel that has the MMC_CAP_ERASE command removed. Doing anything else invites the superbrick bug for dinner.
An insecure kernel is one that offers Google’s computer ADB (Android Debug Bridge) root access to your phone — it’s a necessity if you want to run other ROMs and fix the superbrick bug. There are a few kernels to choose from: the three we suggest looking at are Siyah, Dorimanx or the Codeworkx kernel that comes with recent CM ROMs. Siyah is a good, no-fuss option while Dorimanx is a performance kernel. It’s basically for phoneheads for whom too much tweaking is barely enough.
Installing a custom ROM on an S2
Now that you’ve rooted your phone and presumably, installed a fixed superbrick-free kernel, you’re ready to head off into the world of custom community ROMs. Why would you want to? Well, for starters, you could find a newer version of Android for your phone than what’s officially available. For example, at we were going to press, Optus was releasing an Android 4.1.2 update for the Galaxy S2 while over at CyanogenMod, the latest Android 4.2.2 release was on offer.
Before you rush off, check the fine print — while you expect the stock ROMs to have all features working, it’s not always the case with community ROMs. There are two ways to build a ROM: you can base it on an official vendor stock ROM or you can build from Google’s Android Open Source Project (AOSP). CyanogenMod 10.1 (CM10.1) comes from the AOSP version of Android 4.2, but it lacks the code for Galaxy S2’s MHL connector, so video out doesn’t work. To get MHL working, you need a community ROM that’s based on a Samsung stock ROM, such as WanamLite.
Another issue is security. We spoke to NAB last year for a story about smartphone security and banking. Its recommendation was: don’t bank on a phone that’s been rooted. While Android is pretty solid when it comes to security in general, rooting your phone and installing a community ROM opens up risks. If you don’t bank with your phone, it’s unlikely to be an issue. The other thing is that ROMs from well-recognised sources like CyanogenMod should be quite safe, as anything even remotely dodgy would be quickly rounded up by users.
If you’re the nervous type when it comes to security, stick with an official stock ROM for peace of mind, but provided you stick to apps from Google Play and don’t do anything stupid, you shouldn’t have trouble.
Choose your ROM carefully
There are ROMs available for every phone, so it’s important you select a ROM that’s designed for your specific model. We can’t stress this enough. For example, ‘Galaxy S2’ is the generic name for up to five different models: the GT-I9100, GT-I9100G, GT-I777, SGH-T989 Hercules and Skyrocket. If you have a GT-I9100 (it’s shown on the Samsung splash screen when you boot up), you can’t use a ROM meant for the GT-I9100G because they’re not the same phone under the bonnet.
Back up before you flash
You also need to back up your phone before you flash a new ROM. Flashing ROMs requires your phone’s flash storage to be wiped, so you need to back up everything — files, apps, contacts, SMSs, emails, the whole shebang — as they won’t be there when you launch your new ROM.
First, install MyBackup Root from Google Play. It’s an easy-to-use app for backing up your data. For backing up apps, the best option is Titanium Backup. It’s also free from Google Play. Other apps like SMS Backup and Restore are worth a look and don’t forget Google’s own Sync option.
And most importantly, don’t leave your backups on the phone storage — copy them to your computer.
Installing a new ROM
Once you’ve done everything up to this point, installing a new ROM is reasonably straightforward and uses many of the same steps you performed in rooting your phone.
One last important point. If you’re upgrading to a new version of Android (going from 4.0 to 4.1 or 4.1 to 4.2), don’t try to restore your apps; you should reinstall them. Think of it like trying to copy your apps from a Windows XP box to a Windows 8 one — it won’t end well.
Galaxy S3’s Sudden Death Syndrome
Meanwhile, the Galaxy S3 has a different fault, ominously called the Sudden Death bug, but it’s related to the eMMC chip bug issue in the S2. You can use the eMMC Brickbug Check app to see if you have the problem eMMC chip. Basically, if you have the 16GB version of the S3, you’re running Android 4.1.1 or older and the VTU00M eMMC chip with 0xF1 firmware revision (FWrev), you’re ripe for a hit of Sudden Death.
The fault is in the eMMC chip’s firmware, which causes it to just suddenly die. It’s also said to affect some early first-generation Note II phones that use the same eMMC chip. The internet is littered with forums covering this, but the Whirlpool thread at forums.whirlpool.net.au/archive/2030080 is probably most relevant to Australian users. So far, more than 60 Whirlpool users have detailed their Galaxy S3 Sudden Death experiences.
The official fix appears in the 4.1.2 updates that have been pushed out by telcos since mid-January this year, so if you haven’t done so, make sure you download and install the update as soon as possible if your phone has all the Sudden Death factors. It also means you must stick to 4.1.2 or later Android versions to remain safe. Drop back to 4.1.1 or earlier and your phone is susceptible again.
For the latest information, check the XDA Developers Sudden Death thread.
Galaxy S3’s Exynos memory bug
Google has been pretty vocal of late in the face of security software vendors claiming Android is a security risk. However, Samsung Galaxy owners have special reason to be concerned through a bug relating to Samsung’s Exynos processor. It was discovered in mid-December 2012 that the Exynos memory module gives full read and write access to physical memory and offers the potential of numerous attack vectors for unscrupulous hackers. The bug covers a range of Samsung devices using the Exynos 4 processor including the Galaxy S2, S3, Note, Note II, the Galaxy Camera and Note 10.1.
To its credit, Samsung plugged up the hole in early January this year, so if you haven’t already, make sure your firmware is up to date. Although reports are that XXELLA firmware is required to patch Galaxy S3 phones, the latest firmware available from Australian telcos at the time of writing was the older XXELL2. However, we were able to test it with the ExynosAbuse-1.40.apk app from XDA Developers and the problem appears to have been fixed with this firmware release as well.
Rooting your Galaxy S3
Until it was fixed, the Exynos memory bug provided an easy way to root your Galaxy device. However, it can still be done and the simplest way is using Samsung’s ODIN phone flash tool and XDA Developer Chainfire’s CF-Auto-Root package.
The most important thing about CF-Auto-Root is you need to grab the right version for your phone — as we mentioned earlier, use the wrong one and it could spell disaster. You can download the files from autoroot.chainfire.eu. However, unlike most rooting tools, it aims to leave your phone as close to stock as possible. Note that this may increment the S3 flash counter, which counts how many unofficial firmwares have been installed, in case of warranty claims. Triangle Away from Google Play ($2.49) should be able to fix that.
Installing a new ROM on your Galaxy S3
If all you want to do is to root your Galaxy S3, our rooting step-by-step guide below is all you need. However, if you want to install a new ROM, there’s more you need to do.
First, back up your contacts, calendar, SMS, call log and so on, just as we described with the Galaxy S2. MyBackup Root is your best bet here, followed by Titanium Backup for your apps. Again, we wouldn’t recommend trying to copy your apps across to a new ROM — it’ll end in tears. Install them from scratch.
Warning: Any flashing of your smartphone will void your warranty. While the guides here were tested on real phones for this story, APC provides no warranty on this information. We also can’t provide any written or telephone support. Use at your own risk. For more information, search the XDA-Developers web site at forum.xda-developers.com.
Step-by-step: Rooting the Galaxy S2 & installing the Siyah kernel
After making sure your phone is fully charged, download the following tools: ‘Siyah Kernel S2-5.0.1’ — download the ZIP version; ‘Root/SuperSU installer’ — see the bottom of the post for ‘Root_SuperSU.0.96.Only-signed.zip’ (requires free signup); ‘ClockworkMod Recovery 4.0.15’. Copy the Root/SuperSU and ClockworkMod ZIP files to the root folder of an external microSD card and the Siyah Kernel ZIP file to the root of the Galaxy S2’s internal storage.
Boot your phone into ‘Recovery Mode’ (press the volume up, ‘Home’ and power buttons together until you see the Samsung screen) and choose ‘Apply update from external storage’ (press the power button).
Navigate to the ‘Root_SuperSU’ ZIP file (volume up/down) and select it with the power button. Confirm and let it rip. When you see the ‘Root complete!’ notification, press the volume up button to get back to the ‘../’ entry; select it and on the original screen, choose ‘Reboot system now’. Your phone is now rooted. You can stop at this point, but if you’re running the stock Samsung Android 4.0.4 OS, you could still be susceptible to superbricking. The rest of this guide will fix this issue.
Power off your phone again, reboot back into ‘Recovery Mode’ and choose ‘Apply update from external storage’. Locate the ‘recovery-clockwork-18.104.22.168’ zip file and select it. This will load a temporary version of ClockworkMod Recovery into your phone.
When ClockworkMod Recovery appears, select ‘Backup and Restore’. Allow it to create a system backup on your S2’s internal storage. When it’s done, reboot your phone and copy the backup onto your PC (you’ll find it in the \clockworkmod folder). Make sure you use Google Sync to make copies of your contacts, email and calendar, use MyBackup Root or Pro to back up personal data and Titanium Backup to back up your apps and copy them to your PC.
Power off your phone, reboot into ‘Recovery Mode’, choose ‘Apply update from external storage’ and run the ‘recovery-clockwork-22.214.171.124’ ZIP file again. This time, select ‘install zip from sdcard’, scroll down the folders until you see the ‘siyah-s2-v5.0.1’ ZIP file. Select it, confirm the installation and let it install. When it’s done, select ‘Reboot system now’. This will replace the stock Samsung/Android 4.0.4 kernel with the Siyah 4.0.4 kernel and replace the stock Android Recovery 3e with ClockworkMod Recovery 126.96.36.199.
Boot up your phone, head to ‘Settings’, select ‘About phone’ and scroll down to ‘Kernel version’. If you see ‘3.0.31-Siyah-s2-v5.0.1+’, your Galaxy S2 is superbrick-safe.
Step-by-step: Removing network bloatware
Because network bloatware is baked into the operating system, you must first root your phone. After that, follow these steps.
Start your phone, head to ‘Settings > Applications’, scroll down the list until you find an offending piece of bloatware and select it.
Press the ‘Force Stop’ button and then the ‘Uninstall’ button. Confirm the uninstall process and tap ‘OK’. Note that for some network-bundled apps, you may need to do this twice to get rid of the app and the menu icon. After that, it should be gone for good.
Step-by-step: Install CM10.1 (Android 4.2.2) on a Galaxy S2
Make sure you’ve rooted your phone and if you’re running the stock Samsung 4.0.4 Android release, that you’ve flashed in a new brick bug-free kernel. You should also perform a Nandroid (flash) backup of your current setup (the latest CWM Recovery can back up direct to an external SD card) and back up your system using a combination of MyBackup Root and Titanium Backup. See the previous guides for details. WARNING — flashing a new ROM may brick your phone. Following this guide worked for us, but you do this at your own risk.
Download the latest CM10.1 nightly update ZIP file from the CyanogenMod web site. WARNING — make sure you choose the ROM for your specific phone. Copy the ZIP file to the root folder of your S2’s SD card using your PC and Windows Explorer, along with gapps (Google Apps) from goo.im/gapps to the same root folder. Make sure the version you download matches the version of CyanogenMod you install.
Boot your phone into ‘Recovery Mode’ (press and hold the volume up, ‘Home’ and power buttons until you see the Samsung splash screen). When you see the ClockworkMod Recovery screen, select ‘Wipe data/factory reset’.
When completed, navigate back to ‘Install zip from sdcard’ and select it. Tap ‘Choose zip from sdcard’ and navigate to the CM10.1 ZIP file you copied earlier. Confirm the installation and let it go.
Next, follow step 3 again and install the ‘gapps.zip file’ now, or reboot now and install it later (do it later and you’ll get the new CM10.1 ‘Recovery Mode’).
When that’s done, navigate back out to reboot your phone. You’ll have CM10.1 with the Play Store app installed ready to go. You can also begin syncing/restoring your contacts and settings.
Step-by-step: Root your Galaxy S3 3G
Grab the right CF-Auto-Root version for your phone from autoroot.chainfire.eu. Make sure your Galaxy S3 phone drivers are installed on your Windows PC and that your phone is charged and ready to go. Unzip the file to a folder on your PC and you’ll see it contains the ODIN flash tool plus the root archive (‘TAR.MD5’) file.
Launch ODIN, click the ‘PDA’ button and load in the ‘TAR.MD5’ file.
Power off your Galaxy S3 and boot into ‘Download Mode’ (hold down the volume down, ‘Home’ and power buttons; let go when you see the warning screen) and confirm when asked. Plug your phone directly into your computer and make sure that the ‘Re-partition’ checkbox in ODIN is not checked. When you’re ready, press ODIN’s ‘Start’ button.
Within 10 seconds, you should see a big green ‘PASS!’ notification. At the same time, your phone should automatically reboot.
Allow your phone to boot and download Root Checker from Google Play. If you see the ‘Superuser Request’ screen, press ‘Allow’ and Root Checker should confirm your phone is now rooted.
Step-by-step: Flash CM10.1 onto a Galaxy S3
We’ll assume you’ve already rooted your phone using our guide and performed a MyBackup Root/Titanium Backup/Google Sync backup combo with copies of the backups on your PC. Here’s what you do next.
Download the CWM Recovery TAR file from (requires signup) and install it onto your phone using the ‘Root your Galaxy S3’ guide opposite, replacing the ‘CF-Auto-Root’ tar.md5 file with this ‘CWM Recovery .tar’ file instead. Note that this will permanently replace the Android Recovery 3e option with CWM Recovery.
Once you have CWM Recovery installed, turn off your phone, reboot it into ‘Recovery Mode’ (volume up, ‘Home’ and power buttons). When you see the menu, scroll down to ‘Backup and Restore’ and create a full Nandroid backup of your phone. Copy the backup onto your PC (you’ll find it in the \clockworkmod folder on your phone’s internal storage).
Download the latest version of gapps (Google Apps — Play Store) from goo.im/gapps and grab CyanogenMod 10.1 for the Galaxy S3 from www.get.cm/?device=i9300 (for GT-I9300 and I9300T only). Copy these to the internal storage of your S3.
Now follow steps 1 to 5 of the Galaxy S2/CM install guide on page 59. The process from here on is the same.
At the end, you can go to ‘Settings > About phone’ and see your new Android version information.
Rooting & flashing other phones
There’s no guaranteed one-size-fits-all way to root and flash any phone yet, but in the meantime, we suggest looking at this page at the forum.xda-developers.com website. This is the method we used to root the Galaxy S2 and it’s said to work for almost all Android 4.0+ (Ice Cream Sandwich) phones. As for ROMs, it’s not perfect, but CM is arguably the safest and most popular of community ROMs available. It supports a huge range of phones with daily updates for many of them — you can see the support list.
See also: How to unroot your Galaxy S3 and flash it back to stock ROM
For more how-tos, follow us on facebook, twitter or RSS.