Welcome to the game, S10 😏 pic.twitter.com/K2kciv9MPg— John Wu (@topjohnwu) March 19, 2019
[TWRP as well] BREAKING: Samsung Galaxy S10 root guide available for global Exynos models
NOTICE: We’ve created an archive of all major developments related to the Samsung Galaxy S10 lineup. We are continuously updating that page with latest S10e/S10/S10+ news so that you don’t need to search for information related to the device on daily basis. Head here to access that page.
New updates are being added at the bottom of this story…….
‘root’, ‘su’, ‘sudo’
Readers, who prefer to use Linux or other *nix based operating systems as a daily driver, should be familiar with the above terms. If you love to tinker with your Android phones, I should say the words may not sound alien to you too.
The concept of rooting in the Android world changes a lot with time. The first root access was purely accidental, as HTC engineers mistakenly included a background root shell in the HTC Dream/T-Mobile G1.
From physically modding the hardware to flashing a zip file – the modding community members always try (and most the cases, get successful) to achieve the true freedom by getting root access in their Android Powered devices.
Samsung used to be a very community friendly OEM, as their earlier phones came with unlockable bootloaders. The South Korean smartphone maker also mandates GPL by sharing the necessary kernel source codes in time.
However, with the introduction of Samsung Knox in 2014, they started to make things difficult. Typical modding procedures often irreversibly blow a hardware fuse (also known as ‘tripping Knox’), and Samsung refuses to give any warranty on such conditions.
Knox is Samsung’s guarantee of security, and a secure device gives you the freedom to work and play how, where, and when you want. Samsung Knox consists of a highly secure platform built into Samsung devices and a set of solutions that leverage this platform.
Moreover, the OEM decided to sell their flagship Galaxy S and Note series of phones in the USA with a permanently locked bootloader. Thus The whole rooting scene for the popular Samsung devices is getting squeezed day by day.
Anyway, the global models (except Hong Kong) of Galaxy S10 are powered by Samsung’s in-house Exynos platform and feature an unlockable bootloader. The combination allows developers to procure root access, but the process is kinda difficult for a number of reasons.
for all twrp works like normal. why he is not released? because root still dont works and magisk dev is working on it (he have my twrp).
John mentioned that Samsung’s current bootloader implementation blocked the standard way of patching the boot image using Magisk.
Sad announcement: after a few days of experimenting and kernel source digging, I came to the conclusion that systemless Magisk is only possible on the recovery partition on the S10. Samsung's bootloader restricts what is possible on normal booted scenarios.— John Wu (@topjohnwu) March 20, 2019
Not only that, the introduction of VaultKeeper was another major roadblock.
The complications including but not limited to: data encryption is tied to bootloader software status; vaultkeeper blocking unsigned images in download mode; Magisk has to be installed into recovery partition which makes things EXTRA tricky....— John Wu (@topjohnwu) March 31, 2019
Nevertheless, John successfully defeated all those complications. He has just shared a complete user guide to root the Galaxy S10 (Exynos).
Late night Canary release! Check this new page for rooting Samsung Galaxy S10!https://t.co/W9E9sk86a0— John Wu (@topjohnwu) April 6, 2019
He mentions that in the current implementation, Magisk has to be installed in the recovery partition. This makes it one of a kind, as the general rooting methods deal with modifying the boot image (system image in early days).
Samsung also changed the bootloader unlocking mechanism. Going to Developer options, toggling OEM unlocking and then booting to Download mode (Power + Bixby + Volume Down button combo) to unlock and wipe may not be enough to properly unlock the bootloader.
At this stage, the VaultKeeper service forces the bootloader to reject any unofficial partitions. To circumvent this lock, users need to follow these steps:
– Go through the initial setup. Skip through all the steps since data will be wiped again later when we are installing Magisk. Connect the device to internet in the setup though!
– Enable developer options, and confirm that the OEM unlocking option exists and grayed out! The VaultKeeper service will unleash the bootloader after it confirms that the user has the OEM unlocking option enabled. This step is to simply make sure the service gets the correct info, and also double check that our device is in a correct state
– Your bootloader now accepts unofficial images in download mode, a.k.a actual bootloader unlocked :D.
Afterwards, when the phone is ready to take non-Samsung binaries, proceed as follows:
- Download the firmware for your device.
- Unzip the firmware and copy the AP tar file to your device. It is normally named as AP_[device_model_sw_ver].tar.md5
- Install Magisk Manager from the Canary Channel
- In Magisk Manager: Install → Install → Select and Patch a File
- Select the AP tar file. Magisk Manager will patch the whole firmware file and store the output to [Internal Storage]/Download/magisk_patched.tar
- Copy the tar file to your PC, and boot your device to download mode.
- Flash magisk_patched.tar as AP in ODIN
Important: Uncheck “Auto Reboot” in Options!!!!
- Magisk is now successfully flashed to your device! But there are still several steps before you properly use the device.
- We now want to boot into the stock recovery to factory reset our device.
Full data wipe is mandatory! Do not skip this step.
Press Power + Volume Down to exit download mode, and as soon as the screen turns off, immediately press Power + Bixby + Volume Up to boot to recovery partition. Just as mentioned in the previous section, since we want to boot into stock recovery, continue pressing the volume up button until you see the stock recovery screen.
- In the stock recovery menu, use volume buttons to navigate through menus, and the power button to select the option. Select Wipe data/factory reset to wipe the data of the device.
- This time, we can finally boot to the system with Magisk. Select Reboot system now, and immediately press Power + Bixby + Volume Up. After seeing the splash screen, release all buttons so it can boot to the system.
- The device will automatically reboot for the first time it boots. This is completely normal and done by design.
- After the device is booted up, do the usual initial setup. The following steps will need internet connection.
- You shall see Magisk Manager in your app drawer; if not, manually install the APK you downloaded in step 3 and continue to the next step. The app would be a stub and it shall automatically upgrade to the full Magisk Manager when you open it.
- Magisk Manager will ask to do additional setups. Let it do its job and the app will automatically reboot your device.
- Voila! Enjoy Magisk 🙂
Interested readers may take a look at this XDA thread, where the developer has posted the technical insights of the whole procedure. In a nutshell, Magisk now patches 3 different partitions to get the rooting mission done:
- vbmeta: replace with empty vbmeta image to disable partition verification
- boot: remove the signature of the image to prevent soft bricks
- recovery: this is where Magisk is actually installed
Improperly restoring them to stock may brick your $1,000 phone, so do read the guide carefully before trying it out.
Note that, installing Magisk will trip Knox and the warranty will immediately be void. Flashing back the stock firmware can not help you to reclaim the previous status.
Now that Google already released the Android Q Generic System Image (GSI) binaries, obtaining root status on Galaxy S10 is a significant progress in the aftermarket development. Hopefully S10 users will soon get a chance to play with vanilla AOSP.
Are you planning to root your shiny new Galaxy S10e/S10/S10+? Let us know by commenting below.
Update (April 8)
After the arrival of the rooting guide from the developer of Magisk, Samsung Galaxy S10e, S10 and S10+ (Exynos) users now get unofficial TWRP support. Take a look at this article for further info.
PiunikaWeb is a unique initiative that mainly focuses on investigative journalism. This means we do a lot of hard work to come up with news stories that are either ‘exclusive,’ ‘breaking,’ or ‘curated’ in nature. Perhaps that’s the reason our work has been picked by the likes of Forbes, Foxnews, Gizmodo, TechCrunch, Engadget, The Verge, Macrumors, and more. Do take a tour of our website to get a feel of our work. And if you like what we do, stay connected with us on Twitter (@PiunikaWeb) and other social media channels to receive timely updates on stories we publish.