Flashing and Rooting a Samsung Galaxy S4 from Linux

I recently found need to update the OS on an old Samsung Galaxy S4 (GT-I5905) from the stock Android 7 to Android 11 (if you're interested, it was for this).

I decided to use LineageOS as the phone's new Android distro and also installed Magisk to root the phone so that I could install a custom CA certificate into the system root store.

This short post details the process of using a Linux laptop to flash Lineage OS onto a Samsung Galaxy S4 before loading the Google Apps, rooting with Magisk and installing a custom CA certificate (you don't need to do that bit).

If you're running Windows or a Mac, the process should be much the same, but you'll need Windows/Mac versions of the tools instead.

Note that this process will wipe any existing data, so be sure to take a backup first.

You'll need your phone, a Linux laptop and a USB cable.

Getting adb

We'll be pushing images to the phone using adb, so the first thing to do is to fetch a copy of that

mkdir workdir
cd workdir
wget https://dl.google.com/android/repository/platform-tools-latest-linux.zip
unzip platform-tools-latest-linux.zip

We also need to enable USB debugging on the phone itself. If you haven't already, you'll need to first enable developer settings:

  • Settings
  • More
  • About Device
  • Scroll down to Build Number
  • Tap it until a notification is shown saying Developer mode has been enabled

Then, go to the developer settings

  • Settings
  • More
  • Developer Options

Tick the box next to USB debugging

If you connect your phone to your laptop with a USB cable you should now be able to run

./platform-tools/adb devices

and see your device listed - the phone will likely pop up a prompt asking if you want to trust the laptop, accept if so.

Getting the Linux version of Odin

It's only relatively recently that a Linux version of Odin became available. Grab the zip from this thread and save into the workdir

Unzip it

unzip odin.zip

List available devices

./odin4 -l

Installing Lineage Recovery Image

We can't install an OS whilst booted into the stock one, so we first need to load the LineageOS recovery image and boot into that in order to flash the main OS.

Grab a copy of the Lineage recovery image and wrap it in a tarball for ODIN

wget https://mirrorbits.lineageos.org/full/jfltexx/20230715/recovery.img
tar -cf recovery.tar recovery.img

To load this, the phone needs to be put into download mode:

  • Power off the phone
  • Hold Home, Volume Down and Power to boot into recovery mode
  • When prompted, press the button correlating to Continue

Verify again that the device is visible to ODIN

./odin4 -l

It's time to flash the recovery image

./odin4 -a recovery.tar

As soon as you've run the command, pick the phone up: It's going to reboot when loading is complete and you need to be ready to catch it.

As soon as the phone starts rebooting, hold the Volume Up and Home buttons to enter recovery mode. You should see the purple LineageOS logo.

Choose Factory Reset and then Format data / factory reset

Installing LineageOS

Once the wipe has completed, hit the back arrow and then

  • Apply Update
  • Apply from ADB

Now, on your laptop fetch a lineageOS build (you can check the latest here)

wget https://mirrorbits.lineageos.org/full/jfltexx/20230715/lineage-18.1-20230715-nightly-jfltexx-signed.zip

Use ADB to sideload the image

./platform-tools/adb sideload lineage-18.1-20230715-nightly-jfltexx-signed.zip

If you want Google Apps like Play/Gmail etc you need to add those separately. There are links to the different downloads here.

When you hit the mirror, there are two things that you need to know

  • The platform (arm for the GT-I5905)
  • The android version (11 if you're installing Lineage 18.1)

Download the corresponding zip file into the workdir and then sideload it

./platform-tools/adb sideload MindTheGapps-11.0.0-arm-20220217_095902.zip

Rooting by Installing Magisk

It's now time to root the phone by also sideloading Magisk.

Go to the Magisk releases page and find the latest release. Download the .apk attached to the release notes.

Change the filename extension to .zip and sideload it

mv Magisk-v26.1.apk Magisk-v26.1.zip
./platform-tools/adb sideload Magisk-v26.1.zip

The phone will prompt to say it couldn't verify the signature. Hit Yes to continue loading it.

First Boot

Once all your sideloads are done, press the <- button, then choose Reboot System Now.

The phone will reboot into your new Lineage install - the first boot takes quite a while, so don't worry if all you're seeing is a pulsating squiggle, the normal Android setup flow will eventualyl trigger.

Once the setup flow is complete, re-enable developer settings

  • Settings
  • About phone

Scroll down to Build Number and tap repeatedly.

Come back out and go into System, tap Advanced Options and scroll down to Developer options.

This time there are two options to enable

  • USB debugging
  • Rooted debugging

Once Rooted debugging is enabled you should be able to establish a root shell from your laptop

adb root
adb shell
su
whoami

If you want apps to be able to request root, you'll need the Magisk Manager app. From your phone's browser go back to https://github.com/topjohnwu/Magisk/releases and download and install the same .apk that you fetched before.

Bonus: Installing a custom CA as a System Cert

I needed root privileges for what I was working on because the app I was working with doesn't trust user installed CAs. With root access we can copy certificates over to the system trust store.

On the phone, fetch a copy of the CA certificate to install and then

  • Settings
  • Security
  • Encryption and Credentials
  • Install a certificate
  • CA Certificate
  • Accept the warnings
  • Enter or set a pin
  • Select the certificate to install

This will have installed the certificate into the user trust store, the next step is to escalate privileges and copy it over.

From your laptop:

adb root
adb shell
su
# Verify the certificate is there
ls /data/misc/user/0/cacerts-added/

# Remount the filesystem read/write
mount -oremount,rw /

# Move the cert to system trust
mv /data/misc/user/0/cacerts-added/* /system/etc/security/cacerts

# Reboot the phone
reboot

When the phone comes back up the CA will be trusted as if it were any other system certificate.

Share this post on Twitter Share this post on Reddit Share this post on LinkedIN Share this post via Whatsapp Share this post via Telegram Share this post via QQ Share this post via Email