System-less root experiment
Posted on 2015-10-30, 87 comments, 832 +1's, imported from Google+/Chainfire

NOTICE: This content was originally posted to Google+, then imported here. Some formatting may be lost, links may be dead, and images may be missing.

I posted some boot images (and basic how-to to make your own) for all the 6.0 Nexuses and a special installer ZIP (TWRP) for SuperSU on XDA.

Together, they allow root without modifying /system. It's an experiment, but it works out rather cleanly. See the linked thread for further details.

EXPERIMENT: Root without modifying /system - Post #2 - XDA Forums

René Bour commented on 2015-10-30 at 12:21:

Fantastic, thanks!

Andrew Morykin commented on 2015-10-30 at 12:24:

This should retain Android Pay, right?

Nicholas Kelley commented on 2015-10-30 at 12:30:

Fantastic concept.

Lennyball commented on 2015-10-30 at 12:52:

All hail Chainfire, the modder god!

Chainfire commented on 2015-10-30 at 12:58:

+Andrew Morykin if it does, then it's by accident and not by design, and Android Pay will be updated to block it.

Lennyball commented on 2015-10-30 at 13:01:

+Chainfire Oh, umm... There I have a question: How would apps check for root then? The usual method with checking for a su file doesn't work, then.

Chrisada Sookdhis commented on 2015-10-30 at 13:02:

Looks very promising!!

Bryant Moeller commented on 2015-10-30 at 13:10:

+Frieder Zimmer what about it? This is for nexus devices. Google doesn't care if you root

Timothy Richardson commented on 2015-10-30 at 13:12:

+Bryant Moeller if Google doesn't care if you root, then why did they put a E-Fuse in the 6P?  Why are they locking down things like on M where you have to allow access to files, etc.  Just my 2 cents, and if they REALLY didn't care if you ROOTED, they wouldn't make it so Android Pay wouldn't work IF rooted.

Nicholas Kelley commented on 2015-10-30 at 13:15:

+Timothy Richardson Google probably doesn't care, or root just straight up wouldn't work.  Google's partners in the financial industry care.

Timothy Richardson commented on 2015-10-30 at 13:16:

+Nicholas Kelley good point except that even if Google cared about root people would still find a way.

Kevin Hughes commented on 2015-10-30 at 13:17:

+Max Müller  You shouldn't be checking hard coded paths for a su file. This method looks like the su command will still be there.

Robert W commented on 2015-10-30 at 13:29:

What voodoo magic is this?

Tobias Franz commented on 2015-10-30 at 13:30:

+Chainfire​ keep on the good work! You are the best! :)

Bryant Moeller commented on 2015-10-30 at 13:34:

+Timothy Richardson​ lol. If you think Android pay doesn't work because google doesn't want you to root you need to think about that

Bryant Moeller commented on 2015-10-30 at 13:36:

+Timothy Richardson the question before that rant of nonsense was about the warranty. Rooting does and will not void the warranty on a nexus device.

Matthew Arnold commented on 2015-10-30 at 13:48:

+Bryant Moeller Is that a change in policy? Rooting my original Nexus 7 voided my warranty which I found out the hard way when I had a problem with it. I've heard of people getting warranty work done on a formerly rooted device. In my case, they looked at Google Play and saw that I had installed root apps and refused to honor my warranty.

Brian Z commented on 2015-10-30 at 13:59:

+Matthew Arnold well that's some bullshit then on their part.

Checking for root apps on Google play. You know how many dumb asses who don't even know what root is have downloaded root apps on the play store?

Hell I even installed root apps on fully stocked devices via Googles auto restore app crap. I'd raise freaking hell if they tried that crap

Timothy Richardson commented on 2015-10-30 at 14:00:

Um what?  Motorola doesn't VOID warranty for root or unlocking bootloader.  

Mars v. commented on 2015-10-30 at 14:18:

+Jan Helmlinger coolie woolie

Bryant Moeller commented on 2015-10-30 at 14:22:

+Matthew Arnold No, thats not a change in policy. 

You can go ask nexus support yourself. They'll tell you they dont care if you root and it wont affect the warranty.

Don't believe everything you read on shitty android blogs. They feed into the misinformation out there

Alexander M. commented on 2015-10-30 at 14:42:

In your guide you write:

"- /system should never be remounted r/w, I hope I didn't miss anything here"

What this mean ? That in future we can't mount system r/w at all ?

Without mounting system r/w how can we edit build.prop, remove bloatwares and other basic things ?

I hope I have got it wrong.

Matthew Arnold commented on 2015-10-30 at 14:47:

+Bryant Moeller In my case, I'm working on firsthand information. Google rejected my warranty claim because it was rooted even though rooting was not the source/cause of the problem.

Timothy Richardson commented on 2015-10-30 at 14:48:

+Matthew Arnold why didnt you warranty it through Motorola?

Chris H. commented on 2015-10-30 at 15:01:

+Matthew Arnold buddy, you can re-flash stock images then file for the warranty claim. That's the whole point of Nexus devices.

James Mason commented on 2015-10-30 at 15:06:

+Max Müller - Checking for root considered harmful.

Laurent Dinclaux commented on 2015-10-30 at 15:18:

Not sure I like the idea. Needs a new boot img for each update, much more complicated than flashing a Zip.

adhi chronique commented on 2015-10-30 at 15:28:

Does it work on android one?

Matthew Arnold commented on 2015-10-30 at 15:36:

+Haowen H. I understand that. That's what I had done before making the warranty claim. The person I spoke with at Google looked on my Google Play apps, saw I had installed root apps, and for that reason refused my warranty repair. Maybe it's arbitrary, I don't know. This was back in the fall of 2012 though so it's all water under the bridge now.

Chris H. commented on 2015-10-30 at 15:41:

+Matthew Arnold probably a bad rep, you can also unlink* installed/downloaded apps from ur Google account.

Timothy Richardson commented on 2015-10-30 at 15:55:

+Matthew Arnold  which Nexus was that?  

Kevin McCarley commented on 2015-10-30 at 16:09:
Matthew Arnold commented on 2015-10-30 at 16:17:

+Timothy Richardson Original (2012) Nexus 7. +Haowen H. I didn't think about that. I'll have to remember that if I get a Nexus in the future that needs repair.

Billy Reynolds commented on 2015-10-30 at 16:20:

Will you be adding a Nexus 4 boot image?

Matthias S. commented on 2015-10-30 at 17:20:

This is very interesting!

Chainfire commented on 2015-10-30 at 17:34:

+Alexander M. It means only that SuperSU itself should never remount /system r/w. You (the user, and your apps) can still do so whenever you want. On some devices, remounting only once can prevent OTA, I just try to make sure SuperSU is not the cause for that.

Chainfire commented on 2015-10-30 at 17:40:

+Laurent Dinclaux A new boot image is only needed when you update the firmware itself. SuperSU can update without updating the boot image. On several devices a modified boot image is already needed for root either way, so might as well not mess up /system if we don't have to.

Obviously patching the boot image will be automated and in the end the experience will be the same as flashing one of the old SuperSU ZIP files - if this experiment is succesful.

Note that the old way with modifying /system is still fully supported. I can't predict what those who try to hack the US locked bootloader devices may or may not need, so I leave all avenues open.

Nate Tinner-Williams commented on 2015-10-30 at 22:14:

I apologize if this is too noob to even be responded to, but where do I find a stock /system for the Nexus 6 and how do I flash it? Does this mean I can just flash back to the stock-based custom ROM I was running a few hours ago and flash the boot image and new SuperSU from there?

John Engilis commented on 2015-10-31 at 00:45:

Love this idea... I don't have a Nexus, but have a LG G4 (H811) with stock system available and modfiable boot.

I'm game to mess around on it if you're up to experimenting with this model. Let me know if you're interested.

Ashish Solanki commented on 2015-10-31 at 03:12:

What does it means? Does it mean that you can get system updates even though you have rooted? ?

Sagi Ben commented on 2015-10-31 at 05:59:

+Alexander M. When you mount /system as r/w you change some values in ext4 meta data, like, mount count field. On dmverity world each block on the raw device has a signature which is being verified at device boot. If one of the is wrong the device won't boot. Regarding bloatwares, in latest Android a new partition was introduced named /oem

Sagi Ben commented on 2015-10-31 at 06:41:

+Chainfire​ Regarding : "transparently placing files in /system without modifying the actual partition" I think you can use fuse (

it is also being used in Android for sdcard.

One question : How this rooting method can handle devices which their boot image is signed ?

Matthias S. commented on 2015-10-31 at 08:36:

My aunt bought the Samsung Galaxy S6, so it would be a dream to boot once with root, then throw out all the Samsung crap, after reboot, its save to use again for "an aunt".

Stephen Hale commented on 2015-10-31 at 09:22:

+Chainfire​ +Sagi Ben-Akiva​ regarding "transparently placing files in /system" could this be implemented in such a way that root apps attempting to modify /system instead modify a linked userspace

Chainfire commented on 2015-10-31 at 10:21:

+Sagi Ben-Akiva +Stephen Hale Seriously? This has been discussed repeatedly in the SuperSU forums. It is the ideal solution - heck, I even mention overlayfs/unionfs in my posts - but there is currently not a package that is available/working on all the platforms SuperSU supports.

Why not search/read before you write?

Luigi Apicella commented on 2015-10-31 at 14:44:

+Chainfire Nexus 6 here :D

Has the systemless boot version forceencrypt disabled (like the standard mod) or do I have to use an additional patch afterward like FED-Patcher?

宁致远 commented on 2015-11-01 at 02:16:

Do i need to reflash the stock boot.img before every ota?

Azusa Nakano commented on 2015-11-01 at 03:44:

thx, it works well with my phone

DARREN 123 commented on 2015-11-01 at 18:35:

Cool as sky won't detect it either then

Eric Andresen commented on 2015-11-03 at 15:04:

Anyone get busybox working with this?

rubens martins commented on 2015-11-04 at 14:06:

Como configurar o Supersu corretamente.

Syed Tufail Ahmed commented on 2015-11-05 at 15:51:

Does this mean successful OTA installation in spite of being rooted?

SmithDoom commented on 2015-11-06 at 05:45:

+Chainfire​ how would one go about modifying the build.prop with this root method?

Luigi Apicella commented on 2015-11-06 at 07:55:

+Morgan Risch you can use /data/local.prop instead ;-)

Sonu Chauhan commented on 2015-11-06 at 11:06:

I love it

Miguel Silva commented on 2015-11-06 at 21:28:

Thanks for the great work!

Braňo Bruno commented on 2015-11-08 at 16:22:

Hi.Please make root for LP 5.1.1 for Sony Xperia.

Miguel Silva commented on 2015-11-08 at 18:45:

+Branislav Švec  you just need to install custom recovery and download a file from chainfire website.

Braňo Bruno commented on 2015-11-08 at 19:16:

I cant install recovery.i need root

Rajendra Chaudhary commented on 2015-11-10 at 08:55:

i need root only bro

Edoardo Maria Acabbi commented on 2015-11-10 at 15:50:

does the modified image work ok with MRA58N?

Edoardo Maria Acabbi commented on 2015-11-10 at 15:50:

and by the way thanks for the awesome work

nirujan immanuvel commented on 2015-11-10 at 16:23:


Aguz Romy commented on 2015-11-12 at 14:13:

Ujuuj i7i u7j 77jujhjjnjhjjjjjjj Ku iu7 enal Putra uiuu

Christian Koch commented on 2015-11-12 at 17:14:

+Chainfire how long should uninstalling #SuperSU within the app itself take? It is currently in the "Uninstalling, please wait" message for about 15 minutes.

I just wanted to install the currently OTA #security #updates and therefore uninstalled #TWRP and now trying to unroot. Updating without TWRP but with SuperSU resulted in an error. Any advice?

I can't remember anymore which SuperSU version I have. Probably 2.52 or 2.56 on #Marshmallow  

EDIT: Nevermind, I killed SuperSU via App-Manager and retried.

Jonathan Alfonso commented on 2015-11-12 at 17:34:

+Chainfire Very nice work! I'm interested to know, will there be Nexus 4 support, or build instructions for the matter? Thanks!

Jack Daniels commented on 2015-11-14 at 04:22:

+Matthew Arnold

I think back in 2012 the companies were dusputing whether or not rooting a device should be legal or not. I believe they decided to leave it up to the service providers. Other then that all devices are basically experimental due to rapid growth in technology. My advice is to consider the price. You usually get what you pay for.

Bobby McCants commented on 2015-11-17 at 15:18:

+Chainfire​ after doing this method I have root but super user app isn't showing.

That One Guy commented on 2015-11-17 at 20:16:

Chainfire I got a question I just rooted my gala

Xy note 3 and downloaded titanium back up but it says I need a hypershell and I have no idea where or what that is. Can u help a brother out. Thanks

don x Files commented on 2015-11-17 at 20:24:

+Paul Richards I think that's the premium version of titanium? But I'm not a dev. Just helping.

Joel Guyomard commented on 2015-11-20 at 09:34:

Good day chainfire. I have rooted my sm-p605 with p0605xxucnf2 since month and all working well (as all you are doing). Now I would like to update my note 10-1 to lollypop keeping root, what shall I do?

don x Files commented on 2015-11-26 at 02:41:

I broke my s5 screen I need amdigitizer I bought the glass..ty truly

Azathoth Nie commented on 2015-12-02 at 05:41:

I only have one question.Will OTA still work after I root my Nexus 6P in the new way? +Chainfire

don x Files commented on 2015-12-04 at 23:26:

Hay looking for a cracked galaxy s5

Romolo Ianni commented on 2015-12-07 at 14:33:

is it stable on nexus 5? can I install for mra58n ?

tim barrett commented on 2015-12-10 at 12:58:

How about my low end at&t zte maven lol... I'd love to try...broke many phones, fixed many ;-)

Ptrck Caresosa commented on 2015-12-21 at 00:35:

Can't wait to update my note 4 to Android M. Not rooted till this moment. :(

Ali Ahmed commented on 2016-02-18 at 22:30:


eric benjamin commented on 2016-03-01 at 23:49:

+Chainfire​ does ur system less root work on lg g4 h811

Johnny Neptune commented on 2016-03-14 at 14:38:

+Chainfire please may I have a direct the channel to contact you about perhaps one of the most surgically precise and customized creative conceptualisation I have ever developed in my life, and it was specifically for you?.. An email address?

don x Files commented on 2016-04-02 at 22:45:


don x Files commented on 2016-04-02 at 22:52:

Can anyone tell me except hurting your device?why is root dangerous to developers?doesn't give super hacker abilities or anything?I guess I'm not educated enough?but root only hurt my own stuff,,like twenty tablets!but most where trying to root?only 5 playing with ROMs,,,but sorry for the lengthy letter?

Tshepang Sibeko commented on 2016-07-22 at 17:21:

Plz add a cf auto root for samsung galaxy j1 ace SMJ100F

don x Files commented on 2016-11-23 at 10:39:

All the icyption sounds like a hider or follower or are all these people right i tell everyone and your momma haha ya ya! i buy it i break it warranties void haha but fake windows isnt cutting it as a os its just an adroid period.the idea was stolen from windows io!admit its fake.and i think a recall on it should take place for faulty on off switches giggle giggle ha haå

don x Files commented on 2016-11-24 at 00:17:

No disrespect to chainfire but some troll lead me to this post talking smack one of these post it gangsters say it again mf! Sorry for intrupting your channel chains......

phil lighbothe commented on 2017-11-21 at 11:48:

Hi! Very interesting article! Thanks. Check also my interesting blog here

DAN BESTY commented on 2018-07-29 at 19:01:

Waiting for infinix zero4+

This post is over a month old, commenting has been disabled.