Android rooting

Last updated : 12/11/2024 (KernelSU Legacy)

Introduction

This one had it coming since the PrivMod guide got rewritten to kingdom come, especially since Magisk stopped supporting full installations via TWRP & KernelSU gets bundled into some custom ROMs & kernels. For this one, unlocked bootloader is mandatory.

Prerequisites

Required stuff :

• An Android device with unlocked bootloader (and maybe custom recovery)
• One of these root solutions apps (while both can be run at the same time, it's highly recommended to stick to one)
• Magisk
• KernelSU
• APatch

Magisk

The good old root method that is still maintained, before those kernel-based root methods found below got introduced to Android.

Old patch-in-the-recovery installation (viable between 22.0-25.2)

• Boot to TWRP recovery & go to "Install"
• Browse to directory containing magisk.apk (rename .apk file extension to .zip if recovery doesn't support it) & flash it like a flashable zip
• Reboot to system & manually install magisk.apk.

New patch-in-the-recovery installation (<22.0 & ≥26.0; only viable for device with boot ramdisk)

• Copy magisk.apk (if ≥26.0, skip if <22.0) & rename said copy's .apk file extension to .zip - for example : Magisk-v26.3.apk > Magisk-v26.3.zip. Magisk stopped the flashable apk thing after 25.2.
• Boot to TWRP recovery & go to "Install"
• Browse to directory containing magisk.zip & flash it.
• Reboot to system & manually install magisk.apk (or Magisk Manager apk if <22.0).
• Open the Magisk app. It will prompt for a reinstallation. For that, tap on "Install" button (or just tap OK on the reinstallation prompt) & choose Direct Install in method tab. Afterwards, select the "LET'S GO" option & wait until Magisk finishes re-installing itself; and reboot after this.

Official Installation guide :

• Install latest Magisk app & open it.
• In the app, check if device has ramdisk or not. This guide's next steps are only tested on the X3N (which has ramdisk), so maybe browse the official installation guide for everything else.
• Extract boot image (from custom ROM zip for stock kernel) & copy it to device (or its external storage) if it isn't extracted from there
If custom ROM zip contains only payload.bin in lieu of boot.img (commonly found on A/B devices, such as OnePlus 6); extract that file & extract boot.img from it using this Python script in terminal & move it into the phone (or its external storage).


• In the Magisk app, press the Install button in the Magisk card
• Choose "Select and patch a file" in method tab & select the extracted boot image. Afterwards, select the "LET'S GO" option & wait until Magisk finishes patching the image.
• Flash that patched boot.img to boot partition by whatever method you feel comfortable using & reboot to system afterwards. Of course, in the possible case you need to reflash your ROM (but not flash a different ROM), you can just skip everything else because you already have the patched boot image.

KernelSU

Officially, KernelSU ≥1.0.0 only works with GKI devices, and 0.9.5 compatibility with non-GKI devices seem mixed. backslashxx has forked KernelSU to support legacy devices.

Installation guide :

• Flash custom kernel and/or ROM with inbuilt KernelSU (for non-GKI (4.9 - 4.19) kernels); or a suitable kernel file from KernelSU's GitHub Releases (for 5.x / GKI devices)
If your custom ROM has inbuilt KernelSU, skip unless you have a custom kernel with inbuilt KernelSU that you want to flash.


• Boot to system & install KernelSU app. For official 0.9.5 KSU, install the 0.9.5 app first, then update to latest version; since installing only 0.9.5 may result in KernelSU not being properly detected.

APatch

Magisk's patched boot.img installations mixed with KernelSU UX. Ties me to stock kernel whenever I use it (at least in the one time I did it in Poco F1 on Lineage 18.1), so I only recommend APatch if you don't mind being on stock kernel (or if your custom kernel of choice can be used with APatch)

Installation guide :

• Extract boot.img from ROM zip (or custom kernel zip?)
• Install APatch app.
• Open APatch app & tap the "Click to install" button (which also shows Not installed or authenticated above it), then the "Select a boot image to patch"
• Select the boot.img you've extracted. APatch will ask for storage access at this point.
• Set your alphanumerical password of preference at the "SuperKey" card.
• Tap the "Start" button. If the patching works, your patched boot.img will appear in /storage/emulated/0/Download. Something like apatch-patched-[randomstuff].img.
• Flash that patched boot.img to boot partition by whatever method you feel comfortable using & reboot to system afterwards. Of course, in the possible case you need to reflash your ROM (but not flash a different ROM), you can just skip everything before this point because you already have the patched boot image.
• Open APatch app, tap the SuperKey button (the app will still show "Not installed or authenticated"), & put in your passwordSuperKey. If everything goes well KernelPatch should show as "Installed" or "Working". AndroidPatch will show up as Not installed, but tapping on the Install button makes it go away & allows you access to the Superuser section.

Known devices not working with APatch:

• Samsung Galaxy S9 (A12L AOSP - LineageOS & iodeOS) - Stuck on Samsung bootlogo after flashing boot.img.

Android Privacy Mod - Basic

Index - cellphone

Main Page