First off, I'm not responsible for any damage to Your devices, I'm sharing my experience and it should not be taken as a replacement for manual and common sense. You're following the guide at Your own risk!!
The purpose of this document is to help understand me the process of flashing. The issue with a lot of guides is that they describe only the necessary steps, and provide pre-patched archives and images, pre-downloaded binaries, which is not a very assuring or secure way of approaching things. I will try to describe where to get original binaries, how to patch the original image.
Don't treat the document as an oracle, go check and verify things. Cautious is the way!
During the process, the device will reset to the factory settings, so be sure that You're ready for wiping all of the phone data. My backup application of choice is SmsContactsBackup, but pick Your own poison. Make sure the backups are moved to Your PC or at least external SD card.
You can probably do it with half charged phone, but my question is... Why take any risks? Be cautious! Do it!
You probably know this, but I'll add it just in case.
- To enable Developer Options enter Settings, About phone, Software information and tap Build number a number of times, until You get notified that Developer Options are now enabled
- To enable USB debugging, enter Settings, Developer Options and toggle on USB debugging
- To actually use the USB debugging connection, You will need to authorize the connection when You connect the device with a cable
- To enable OEM unlock, enter Settings, Developer Options and toggle on OEM unlock (confirm the dialog and insert the security code if needed)
As a general rule, make sure that all Your downloads come from trustworthy sources. Otherwise You might download something that's patched with malware.
In my case adb is available in AUR, in Your case You might need to SDK platform tools.
pacaur -S android-tools android-udev
Now connect Your phone with usb cable and verify that Your device is available.
$ adb devices
List of devices attached
5203b7c55b3a2499 device
Again in my case heimdall is available in the reposityory, but You might need to look for packages for your distro or compile it from source yourself.
sudo pacman -S heimdall
Get proper TWRP from the devices page, in our case it should be a3y17lte. Go into Samsung, Samsung A3 2017, Primary (Europe), select latest version, download twrp*.tar.
While You're at it, do check it with sha256, because invalid download at this stage can be troublesome, to do so, also download the sha256 for twrp*.tar and then verify your download.
sha256sum -c twrp-*-a3y17lte.img.tar.sha256
Extract the TWRP into a clear location for later.
mkdir twrp
tar -C twrp -tf twrp-*-a3y17lte.img.tar
This is crucial, because otherwise Your phone will get stuck on firmware verification and will never load the system completely, what it does it replaces binaries used by the system to always report positive for certain paths.
Get it from Kali Nethunter builds
You will need to make sure it's available in TWRP for installation. You may push it imidietely to an external SD card...
adb push no-verity-opt-encrypt-6.1.zip /storage/<your-sd-card>/
...or after flashing TWRP recovery.
adb push no-verity-opt-encrypt-6.1.zip /external_sdcard/
Firmware is required for Magisk, but also it is a necessary fail-safe in case something goes wrong. You can use this firmware to restore Your phone back to normal.
You will require CSC code, which can be obtained using *#1234# in your phone dialler.
Then You should seek to download related firmware, here's the methods I've found:
- (recommended) With use of SamloaderKotlin Bifrost (cross-platform, uses reverse-engineered decryption library).
- With use of SamFirm (deprecated since 2017, fails on Linux).
- With use of Frija (continuation of SamFirm, fails on Linux).
- With use of a site like updato.com, which are at best shady, contain different info about versions, outdated version, require registration, slow speeds.
- There should be possibility of dumping down your partitions using TermuX and dd, but that's a last resort.
Following Magisk install page we need to determine if our firmware has boot image and vbmeta image. To do that we will explore the firmware.
The Magisk apk is available at Magisk github releases page to Your phone
To install:
- The traditional way - download apk on the phone and install it.
- ADB way - download apk to Your PC and upload it using
adb install Magisk-*.apk
We want to check whether boot and vbmeta images are provided in the firmware packages. For me this produced a list of files, that did contain boot.img and did not contain vbmeta.
$ unzip SM-A320FL_*_A320FLXXS9CTK1_DBT.zip -d firmware # Extract Your image.
$ tar -tf firmware/AP_*.tar.md5 # List files in the AP archive
boot.img.lz4
recovery.img.lz4
system.img.lz4
userdata.img.lz4
meta-data/
meta-data/fota.zip
Extract the boot image.
cd firmware
mkdir ap
tar -C ap -xf AP_A320*.tar.md5
cd ap
lz4 -d boot.img.lz4
lz4 -d recovery.img.lz4 # needed for restoring original recovery
Now upload the boot image to Your phone for patching.
adb push boot.img /storage/<your-sd-card-name>/
And then patch it in the installed Magisk app on Your phone:
- Open the Magisk app.
- Select Magisk Install.
- Use default options, next.
- Select
recovery.imgand patch it. - Watch the magisk happen!
Now You can download the patched image back to the PC.
adb pull /sdcard/Download/magisk_patched-*.img ./
Reboot into download mode.
adb reboot download
Device will shutdown and enter a mode with a giant arrow and "Downloading..." sign.
Now let's make sure that the device is detected properly:
$ heimdall detect
Device detected # expected output
Partition layout is taken from PIT file which You can download and use with heimdall-frontend. You should give it a try if Youre curious. Most likely they will be the same as ones used below.
Now we should be able to flash the a3y17lte TWRP recovery image and magisk patched boot image. Phone will download the image and stay in download mode. Successful download will look something like this:
$ heimdall flash --BOOT magisk_patched-*.img --RECOVERY twrp/recovery.img --no-reboot
Heimdall v1.4.2
Copyright (c) 2010-2017 Benjamin Dobell, Glass Echidna
http://www.glassechidna.com.au/
This software is provided free of charge. Copying and redistribution is
encouraged.
If you appreciate this software and you would like to support future
development please consider donating:
http://www.glassechidna.com.au/donate/
Initialising connection...
Detecting device...
Claiming interface...
Setting up interface...
Initialising protocol...
Protocol initialisation successful.
Beginning session...
Some devices may take up to 2 minutes to respond.
Please be patient!
Session begun.
Downloading device's PIT file...
PIT file download successful.
Uploading RECOVERY
100%
RECOVERY upload successful
Uploading BOOT
100%
BOOT upload successful
Ending session...
Releasing device interface...
Now this is the tricky part, because You will have to switch to recovery mode without booting the system. To do so, You will have to quickly switch from one key sequence to the other:
- To reboot while in download mode press together
Home + Volume Down + Powerbuttons. - When the screen goes blank, quickly switch to
Home + Volume Up + Powerbuttons, and hold them until You see TWRP logo.
You will be in the recovery, You can confirm the dialog. ADB is now active so if You forgot to push no-verify-opt-encrypt into the device, now is a good time.
We will want to do a couple of things:
- Wipe delvik cache - select Wipe, Advanced, choose Delvik Cache and Cache, confirm
- Wipe data - select Wipe, Format Data, confirm
- Install no-verify-opt-encrypt - select Install, navigate to no-verify-opt-encrypt.zip and install it.
You should be able to reboot into system safely now (unless You want to remove TWRP, then see section below).
- To reboot select Reboot, choose System.
Optionally I got rid of the TWRP, since I won't need it anymore. To do so, before You reboot into system (or after Youre done with booting the phone), switch to download mode again (Home + Volume Down + Power buttons while rebooting). And flash the original recovery image.
heimdall flash --RECOVERY firmware/ap/recovery.img
Now we can boot into the system. safely, this will take some time, as the firmware is populating the system for the first boot. It shouldn't take more than 10 minutes though.
Magisk should be available in the apps list with a blank icon. When You launch it, it will ask for internet connection and for a reboot. Give it both. After the reboot it should change the icon.
That's it, now You have rooted Your phone! Here's a little winning song to celebrate!
There are two issues I've encountered, so here they are and how I've fixed them.
Pulsating SAMSUNG logo while booting is fine, however if it's going for more than 10 minutes, most likely You failed to execute one of the steps and the system detected the firmware as tampered.
To fix it, You will need to flash original images back and try again:
-
Force reboot the phone with
Volume Down + Powerbuttons, hold them until screen goes black. -
Quickly switch to download mode
Volume Down + Power + Homebuttons. -
Flash the original firmware back to the phone.
heimdall flash --BOOT firmware/ap/boot.img --RECOVERY firmware/ap/recovery.img -
Let the phone boot back to the system and try again.
This message will be displayed after boot, blocking your access to the system, and will force You to reboot. I've encountered it when I flashed the patched boot image, but didn't install no-verify-opt-encrypt patch.
- Some sources report that this can be fixed by rebooting the phone and letting firmware restore itself.
- You can definitely fix it by restoring firmware to the original like in the issue above