2012-01-10:
Safe root and unlock of Samsung Galaxy Mini using Ubuntu Linux

Abstract

Motivation

If you have a Mini that's running the Froyo version of Android, then you can root it with SuperOneClick. The Gingerbread version uses Odin.

Both of these are Windows executables and hence of little use to me. (Allegedly you can run SuperOneClick on Linux with 'mono' but it didn't work for me.)

I did some more research and found that there were earlier versions for root/unlocking that involved manually using ADB and the shell, but they had evidently bricked some phones. After reading through some of the instructions, I think I know why.

The general gist is that there's a tool that let's you temporarily get root access over an ADB shell. From there you can remount the /system mount so that it's writable and then add the su/root files. Problem is the directions I found were full of specific information that could break your phone if any of the filesystem setup was different (as was mine). I've further made the unlocking directions even safer than the current set making it's rounds on the net.

Amended directions here:

Based off of ideas in:

• androidforums posting
• syria4sort posting

Rooting the Samsung Galaxy Mini

Requirements:

1. adb tool
2. USB debugging enabled on phone (settings->applications->development->USB debugging)
3. Rageagainstthecage-arm5.zip

Overview:

1. Charge your phone for safety. You don't want to lose power during these steps.
2. Get temporary root access
3. Add 'su' to get permanent root access
4. Verify that it worked
5. Get unlock code

Details:

Temporary Root Access

1. Unzip Rageagainstthecage-arm5.zip
2. Turn on USB Debugging on the phone (Settings -> Applications -> Development)
3. Connect phone via USB
4. linux% adb devices
   This should show your Mini. Otherwise you need to add to/create a file in /etc/udev/rules.d/ such as 99-android.rules:

   SUBSYSTEM=="usb", ATTR{idVendor}=="04e8", MODE="0666", GROUP="1000"

   (These values should work for the Samsung Mini - I got them using 'lsusb'). Then restart udev: "sudo /etc/init.d/udev reload" and then restart adb: "sudo adb kill-server"

5. linux% adb push rageagainstthecage-arm5.bin /data/local/tmp
6. linux% adb shell
7. $ cd /data/local/tmp
8. $ chmod 0755 rageagainstthecage-arm5.bin
9. $ ./rageagainstthecage-arm5.bin
   (This takes time - let it run until it exits the connection)

1. linux% adb shell
   (If rageagainstthecage worked, you should now see a '#' prompt signifying root access instead of a '$')
2. Remount the read-only system filesystem as read-write. The original instructions were very specific:
   # mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system
   This assumes the type (yaffs2 - which mine wasn't) and the partition (also different on mine). You mount the wrong partition as system and you're likely to screwup that partition and thereby brick your phone. Instead, let's figure out the correct partition and let mount figure out the correct filesystem type:
3. # mount
   Search the output of 'mount' to see what's mounted as system. You'll see lines like:

   /dev/stl13 /data rfs rw,nosuid,nodev,relatime,vfat,llw,check=no,gid/uid/rwx,iocharset=utf8 0 0
   /dev/stl12 /system rfs ro,relatime,vfat,log_off,check=no,gid/uid/rwx,iocharset=utf8 0 0
   ...

   
   In this case, the second line tells us that '/dev/stl12' is mounted as /system. It's a 'vfat' - but mount already knows that. So for this phone I'd do:
   # mount -o remount,rw /dev/stl12 /system
   Make sure to put the correct /dev/ for your phone in the line above.
4. # exit
5. Now back in Linux (either exit the adb shell or in another window) we install onto /system the files we need to always get root access.
6. linux% adb push c:\droidroot\Superuser.apk /system/app
7. linux% adb push c:\droidroot\su /system/bin
8. linux% adb push c:\droidroot\busybox /system/bin
9. Then back on the adb shell (either back in the adb window or run adb shell again) we set the permissions properly.
10. # chmod 4755 /system/bin/su
11. # chmod 4755 /system/bin/busybox
12. The instructions also mentioned:
    # mv /system/recovery-from-boot.p /system/recovery-from-boot.p.disabled
    But it's probably unnecessary - I didn't have that file so it didn't seem to matter.
13. Now we remount the /system as read-only. Repeat the 'mount' command above replacing 'rw' with 'ro' - my command was:
    # mount -o remount,ro /dev/stl12 /system
14. Cleanup:
    # rm /data/local/tmp/rageagainstthecage-arm5.bin
15. And we're done:
    # exit

1. Back on the device:
   linux% adb shell
2. If we see the '$' then get to the root prompt '#' with 'su'
3. Copy the bml device to a file to look at it.
   # cat /dev/bml5 > /sdcard/bml5.img
4. # exit
5. And get a copy of it on our linux box:
   # adb pull /sdcard/bml5.img
6. On our linux box, we search the bml5 image for a series of 8 numbers. The first one we see seems to be the unlock code (it was on mine and others). An easy way to search for it, courtesy perl:
   linux% perl -ne 'print "Found $1\n" if /([0-9]{8})/m' bml5.img
   The first line returned is probably our unlock code.
7. Test the unlock code (and unlock the device) by putting in a sim from a different network (you may need to reboot the device) and it will ask you for the unlock code.
8. I've seen the claim that you can test if it's unlocked by dialing '*#7465625#' (which spells 'simlock') though it just gave me the message 'rejected' on mine, and my phone is definitely unlocked and working on other providers.

Back to Solutions.