This guide was written by experimenting with the Canadian (Telus) version of Galaxy S4. If you have a different phone, this guide can still be useful for understanding the principles behind the process – you’ll just need to make sure that you get the right bootloader image for your phone.
I am assuming that you are using a Linux computer in this guide.
Before We Begin
The strangest and most stressful thing that happened to me during this process is when the key combination for booting the phone into Recovery mode stopped working. Normally we boot into Recovery by turning off the phone and holding down Vol Up & Home & Power buttons. This worked fine for a while, and then suddenly stopped working. If this happens to you check out the Troubleshooting section below for a solution.
Install ClockworkMod (CWM) Recovery Bootloader
- Install firmware flash utility that speaks the Odin protocol (Samsung’s proprietary firmware flash software)
sudo add-apt-repository ppa:modycz/heimdall
sudo apt-get update
sudo apt-get install heimdall
- Power off the Galaxy S4 and connect the USB adapter to the computer but not to the Galaxy S4.
- Now boot the Galaxy S4 into download mode by holding down Vol Down & Home & Power. Accept the disclaimer. After this insert the USB cable into the device. Your phone is now ready to flash a new Recovery bootloader via the Odin protocol.
- Boot the phone again by holding Vol Up & Home & Power. If you find that your phone just keeps rebooting instead of going into CWM Recovery, please read the Troubleshooting section for a solution.
- CWM Recovery will present you with a text menu that you can navigate with the Volume keys, and select with Power key. Select the first option: “Reboot System Now”
- The Galaxy S4 now has ClockworkMod Recovery installed!
Backup the Stock Image
This is a good time to make a backup of your entire phone, just in case you need to get back to the stock configuration later. DO NOT SKIP THIS STEP!
- Reboot back into CWM Recovery by holding Vol Up & Home & Power during startup.
- Go to “backup and restore” -> “backup to /sdcard”. This will take a while, so just wait. At the end of this process, your backup will be stored in “/mnt/shell/emulated/clockworkmod/backup/” on the phone’s file system. You can’t access that from your phone directly yet, but you can use the “adb pull” (https://developer.android.com/tools/help/adb.html) to transfer it to your PC though. You’ll also be able to do it easily after we finish rooting the phone, so no need to do that now.
Rooting The Phone
NOTE: I had a lot of trouble with this ROM as of November 29th, 2013. The author told me that he’ll fix it, so it is likely that you will not experience any problems now. However, if you find that you follow the instructions, yet your phone is not getting rooted, see the Troubleshooting section for a solution.
- Copy “superuser.zip” into the root of your phone’s internal file system (by that I mean what the phone shows you as a root – in reality the root directory you see from the phone is actually mounted here: /mnt/shell/emulated/0). There are many ways to do this, such as mounting the phone over USB, over the network, using adb, etc. There are many tutorials out there that show you how to copy files from your computer to your phone.
- Shut down again. Boot into CWM Recovery by holding Vol Up & Home & Power.
- Navigate to “install zip from sdcard” -> “choose zip from sdcard” -> “0/”. You will find your ‘superuser.zip‘ here. Select it and confirm.
- You’ll get some text at the bottom and a Success message. Click ‘Back’ and select ‘Reboot’
- Your phone is now rooted! See next section for making sure that everything worked correctly.
Confirming Correct Operation
- You should have a new app installed called Superuser. This is where you can configure how other apps get access to root, as well as see the log of apps that requested root.
- Use the app to make sure that root access is granted. If it isn’t see the Troubleshooting section.
Install ROM Manager
ROM Manager is an extremely useful app that makes a lot of the operations we just did possible from a single click. It will also manage your backups, keep your CWM Recovery install up to date, and keep track of new ROMs, so you should install it:
Remember that backup we took in the beginning from CWM Recovery? Go to “Manage and Restore Backups”, and you’ll see your backup in the list. Select “Download Backups”, and you’ll be offered a download link to transfer your backup to your PC for safe keeping.
Recovery Boot Loop
Many S4 owners have a problem with their phones going into an endless loop of restarts when trying to boot into Recovery Mode.
Do the following: when your phone is off, press VOLUME UP button and POWER BUTTON at the same time. Keep holding it until the actual recover options appear on your phone screen. Do not let go when you see that little message show up on upper left screen. Keep holding it until you actually see the recovery options on your screen. Now, if you see that your phone is going into another restart without options appearing, just keep holding the VOLUME UP button and hold it until you see the recovery options show up on your screen.
superuser ROM failing to root the phone
I had this problem after downloading http://download.clockworkmod.com/superuser/superuser.zip on November 29th, 2013. Although it is very likely fixed now, the fact that you are reading this section suggests otherwise, so let’s give this a try.
First, let’s take a look at exactly what changes superuser.zip ROM makes to the file system in order to root the phone:
- Replacing the ‘su‘ binary with another that has some added functionality, and that has the setuid bit [http://en.wikipedia.org/wiki/Setuid] set on it. This is what allows the apps to elevate privileges.
- An Android app that acts as a front end to ‘su‘, and keeps track of which apps are allowed to use it, and which ones are not.
It appears that on Galaxy S4 (Canadian) with Android 4.2+ installed, there have been some kernel changes that make the seteuid system call fail like this:
seteuid (root) failed with 13: Permission denied
You can see this message if you use adb logcat while trying to elevate privileges.
As a result of this error, the phone does not get rooted. This problem is easy to fix, but it requires some code changes. There is some detailed info about this problem and the fix for it here: https://github.com/koush/Superuser/issues/196
The problem for me was that the official version of superuser.zip has not yet been updated with the fix for some reason. In any case, I have taken the patch from GitHub and updated the ROM. You can get the fixed version here: http://vace.homelinux.com/unprotected/superuser/fixed-superuser.zip
Follow exactly the same steps with this file as described above and everything should work out.