[TUT] Root your Android with towelroot by geohot

[iTpHo3NiX]

***[WARNING]***
Please know that this is detected as:  Andr.Exploit.Ratc by some virus scanners. This is an exploit based off of Pinkie Pie's CVE-2014-3153 Linux kernel futex local privilege escalation. This is a linux system wide vulnerability. This can be used by other applications for malicious purposes, so please understand this

***[DISCLAIMER]***
Please know that I am not responsible for any damage this may cause your device

Rooting your android device has never been easier. This root method will work on most devices with a Kernel Build Date before June 03, 2014.

1. Please be sure to have USB Debugging enabled and Unknown Sources checked
-Go to developer options, if developer options not available (4.2+) you need to go into "About Phone" and keep clicking on Build Number (about 7 times) and Developer Options will be enabled. Unknown sources will be under "Security" in your devices options.

2. Download and Install towelroot

***UPDATE***
Geohot has updated towelroot to v3 which should root ALL android phones

-Visit towelroot.com or follow the link below
Download:
http://towelroot.com/tr.apk

3. Run towelroot and click on the symbol. In about 15 seconds your device will reboot. be rooted.

***UPDATE***
towelroot no longer requires a reboot, just run and then install supersu. Also you can now use SuperSU from the play store without issues.

the play store supersu has now been updated so it is recommended to install supersu through the play store
4. Before you download any root options, you need to download SuperSU from chainfire, the playstore version is outdated and will not update the binaries, please be sure to use the following link
Download:
http://download.chainfire.eu/447/SuperSU/UPDATE-SuperSU-v1.99r4.zip
https://play.google.com/store/apps/details?id=eu.chainfire.supersu&hl=en

5. After extracting SuperSU (I prefer ES File Explorer from the[/b][/color] Play Store) the SuperSU apk is in the "common" folder. Click on the SuperSU.apk to install. Run it and then reboot your phone.

6. (Optional) For root verification, install Root Checker from the Play Store

You are now rooted with the latest SuperUser binaries. Have fun.

Please note that this *WILL NOT* unlock your bootloader.


Confirmed Working Devices List:

• AT&T GS5
• Verizon GS5
• GS4 Active
• Nexus 5
• Verizon GS4
• AT&T Note 3
• Verizon Note 3
• Moto G
• Galaxy S3

Not Working Devices List:

• Newest Moto and HTC don't currently work because /system is write protected.

NOTE:
If you successfully use this Application, please post your Android Model, Version, and Kernel to help compile a larger working/non working list. If it did not work, a logcat (via abd) can be helpful in debugging why it didn't work. Please post that here, so I can update this post.

Geohot's Release Thread at XDA:
http://forum.xda-developers.com/showthread.php?t=2783157

Towelroot didn't root my device, what can I do?

Modstrings!

== Introducing modstrings! ==
Modstrings are a way to modify the exploit parameters for your obscure phone.
This is only if your device can't be towelrooted.

Click "welcome to towelroot v3" 3 times and enter text.

1337 method(0-3), align(0-1), limit_offset(0-8191), hit_iov(0-7), temp_root(0-1)

method: which syscall is used in the blocking thread, try them all
align: which alignment to use for the iovs, try them all
limit_offset: 0 is probably the right value here, otherwise close to the samsung value and a multiple of 4
hit_iov: which iov to overwrite to cause block
temp_root: do a temp root putting su and daemonsu in /sbin, good for HTC and Motorola, doesn't fix exploit

To fix, align and method are probably your best bet(4*2=8 values), hit_iov maybe, limit_offset if you are desperate.

== Examples ==
Most phones:   "1337 0 1 0 4 0"
New Samsung:   "1337 0 1 7380 4 0"
Temp root:     "1337 0 1 0 4 1"

Updated on 6/27/14

[Architect]

Damn son, this works in like 5 seconds. Got root in about 10 seconds. Great work geohot, and thanks for the link DC.

[iTpHo3NiX]

Damn son, this works in like 5 seconds. Got root in about 10 seconds. Great work geohot, and thanks for the link DC.

Be sure to install the latest chainfire SuperSU so root apps can run around all willy nilly
http://download.chainfire.eu/447/SuperSU/UPDATE-SuperSU-v1.99r4.zip

Also this doesn't trip KNOX on Samsung devices and works like a charm. Currently running stock TouchWiz VZW klte (Galaxy S5) with Xposed Framework + XPrivacy + Pandora Patcher

I used ROM Toolbox PRO (JRummy Apps, actually paid for back in the day) and froze all the bloatcrap. I didn't want to freeze S Health, but for some reason it didn't play nice with their latest update...

*If you guys use this root method, put down your phone and kernel version and build date*
*If this doesn't work for you, post a logcat via adb so it can be debugged*

[Stackprotector]

Ah cool, though doesn't your phone restore the su bin's at reboot?

[Architect]

Nope, I will post pics of proof of my root, and build etc.

I had it rooted before but it says something different now, and also shows more privileges. The binary is different than the previous root obviously but it takes priority, so my Root Checker and SuperUser apps both show the new su binary.

Also, 'id' is now correct, id=0 gid=0 etc etc.

[iTpHo3NiX]

Nope I use Xposed and su isn't going anywhere with my reboots

[Kulverstukas]

Too bad it didn't work for me. Tried on GalaxyS2 and some LG phone.

[iTpHo3NiX]

Too bad it didn't work for me. Tried on GalaxyS2 and some LG phone.

Logcat? Kernel version/build date?

[Corrupted_Fear]

This is the first time something has actually worked for my Moto G, thank you so much!

[iTpHo3NiX]

This is the first time something has actually worked for my Moto G, thank you so much!

Kernel Version and build date?

[LsD]

Hey man Thanks for sharing this!
I've being waiting for a quick rooting method like this
DeepCopy I'm only interested in running apps as root right now, but, what are the benefits of having manual access to the Android bootloader?

 +1 for the the share

EDIT: sorry, build date and Kernel version will be posted once I get around to rooting

[iTpHo3NiX]

Hey man Thanks for sharing this!
I've being waiting for a quick rooting method like this
DeepCopy I'm only interested in running apps as root right now, but, what are the benefits of having manual access to the Android bootloader?

 +1 for the the share

EDIT: sorry, build date and Kernel version will be posted once I get around to rooting

An unlocked bootloader gives you access to the bootloader, you can change boot animations, install a custom recovery and flash roms, etc. This can also be done if a safestrap is available for your phone if the bootloader is locked.

I can look into more info if you let me know the carrier and phone model to give you specific device files that would come in handy (like restore files, roms, safestrap/custom recovery)

[LsD]

DEVICE: GALAXY SAMSUNG S3
I just rooted my device in one-click, it didn't seem like a reboot with necessary for that step. When attempting to install Super SU my phone rebooted into a recovery mode menu and told me that the SuperSU installation failed, and then I chose to reboot it from the menu and it appears to be installed/working! Thanks Deep

[techb]

Samsung Galaxy Tab 3 did not work. I haven't tried root the old way either,  via an xda post. I seen the towel root has made it to reddit, so I'm sure patches are either soon or in the near future.

Kernel: 3.4.5

Android: 4.1.2

Galaxy Tab 3 model: SM T210R

[iTpHo3NiX]

Samsung Galaxy Tab 3 did not work. I haven't tried root the old way either,  via an xda post. I seen the towel root has made it to reddit, so I'm sure patches are either soon or in the near future.

Kernel: 3.4.5

Android: 4.1.2

Galaxy Tab 3 model: SM T210R

CF Auto Root should work. It's chainfire's (recognized developer)

Do you have USB Debugging enabled? Did you use Root Checker to see if you have root? What's your kernels build date? WiFi or 3G model?