Flashing and Rooting a Samsung Galaxy S4 from Linux
I recently found need to update the OS on an old Samsung Galaxy S4 (GT-I5905) from the stock Android 7 to Android 11 (if you're interested, it was for this).
I decided to use LineageOS as the phone's new Android distro and also installed Magisk to root the phone so that I could install a custom CA certificate into the system root store.
This short post details the process of using a Linux laptop to flash Lineage OS onto a Samsung Galaxy S4 before loading the Google Apps, rooting with Magisk and installing a custom CA certificate (you don't need to do that bit).
If you're running Windows or a Mac, the process should be much the same, but you'll need Windows/Mac versions of the tools instead.
Note that this process will wipe any existing data, so be sure to take a backup first.
You'll need your phone, a Linux laptop and a USB cable.
Getting adb
We'll be pushing images to the phone using adb
, so the first thing to do is to fetch a copy of that
mkdir workdir
cd workdir
wget https://dl.google.com/android/repository/platform-tools-latest-linux.zip
unzip platform-tools-latest-linux.zip
We also need to enable USB debugging on the phone itself. If you haven't already, you'll need to first enable developer settings:
Settings
More
About Device
- Scroll down to
Build Number
- Tap it until a notification is shown saying
Developer mode has been enabled
Then, go to the developer settings
Settings
More
Developer Options
Tick the box next to USB debugging
If you connect your phone to your laptop with a USB cable you should now be able to run
./platform-tools/adb devices
and see your device listed - the phone will likely pop up a prompt asking if you want to trust the laptop, accept if so.
Getting the Linux version of Odin
It's only relatively recently that a Linux version of Odin became available. Grab the zip from this thread and save into the workdir
Unzip it
unzip odin.zip
List available devices
./odin4 -l
Installing Lineage Recovery Image
We can't install an OS whilst booted into the stock one, so we first need to load the LineageOS recovery image and boot into that in order to flash the main OS.
Grab a copy of the Lineage recovery image and wrap it in a tarball for ODIN
wget https://mirrorbits.lineageos.org/full/jfltexx/20230715/recovery.img
tar -cf recovery.tar recovery.img
To load this, the phone needs to be put into download mode:
- Power off the phone
- Hold
Home
,Volume Down
andPower
to boot into recovery mode - When prompted, press the button correlating to
Continue
Verify again that the device is visible to ODIN
./odin4 -l
It's time to flash the recovery image
./odin4 -a recovery.tar
As soon as you've run the command, pick the phone up: It's going to reboot when loading is complete and you need to be ready to catch it.
As soon as the phone starts rebooting, hold the Volume Up
and Home
buttons to enter recovery mode. You should see the purple LineageOS logo.
Choose Factory Reset
and then Format data / factory reset
Installing LineageOS
Once the wipe has completed, hit the back arrow and then
Apply Update
Apply from ADB
Now, on your laptop fetch a lineageOS build (you can check the latest here)
wget https://mirrorbits.lineageos.org/full/jfltexx/20230715/lineage-18.1-20230715-nightly-jfltexx-signed.zip
Use ADB to sideload the image
./platform-tools/adb sideload lineage-18.1-20230715-nightly-jfltexx-signed.zip
If you want Google Apps like Play/Gmail etc you need to add those separately. There are links to the different downloads here.
When you hit the mirror, there are two things that you need to know
- The platform (
arm
for the GT-I5905) - The android version (
11
if you're installing Lineage 18.1)
Download the corresponding zip file into the workdir and then sideload it
./platform-tools/adb sideload MindTheGapps-11.0.0-arm-20220217_095902.zip
Rooting by Installing Magisk
It's now time to root the phone by also sideloading Magisk.
Go to the Magisk releases page and find the latest release. Download the .apk
attached to the release notes.
Change the filename extension to .zip
and sideload it
mv Magisk-v26.1.apk Magisk-v26.1.zip
./platform-tools/adb sideload Magisk-v26.1.zip
The phone will prompt to say it couldn't verify the signature. Hit Yes
to continue loading it.
First Boot
Once all your sideloads are done, press the <-
button, then choose Reboot System Now
.
The phone will reboot into your new Lineage install - the first boot takes quite a while, so don't worry if all you're seeing is a pulsating squiggle, the normal Android setup flow will eventualyl trigger.
Once the setup flow is complete, re-enable developer settings
Settings
About phone
Scroll down to Build Number
and tap repeatedly.
Come back out and go into System
, tap Advanced Options
and scroll down to Developer options
.
This time there are two options to enable
USB debugging
Rooted debugging
Once Rooted debugging
is enabled you should be able to establish a root shell from your laptop
adb root
adb shell
su
whoami
If you want apps to be able to request root, you'll need the Magisk Manager app. From your phone's browser go back to https://github.com/topjohnwu/Magisk/releases and download and install the same .apk
that you fetched before.
Bonus: Installing a custom CA as a System Cert
I needed root
privileges for what I was working on because the app I was working with doesn't trust user installed CAs. With root
access we can copy certificates over to the system trust store.
On the phone, fetch a copy of the CA certificate to install and then
Settings
Security
Encryption and Credentials
Install a certificate
CA Certificate
- Accept the warnings
- Enter or set a pin
- Select the certificate to install
This will have installed the certificate into the user trust store, the next step is to escalate privileges and copy it over.
From your laptop:
adb root
adb shell
su
# Verify the certificate is there
ls /data/misc/user/0/cacerts-added/
# Remount the filesystem read/write
mount -oremount,rw /
# Move the cert to system trust
mv /data/misc/user/0/cacerts-added/* /system/etc/security/cacerts
# Reboot the phone
reboot
When the phone comes back up the CA will be trusted as if it were any other system certificate.