NOTICE: This content was originally posted to Google+, then imported here. Some formatting may be lost, links may be dead, and images may be missing.
Unfortunately SuperSU did not work on the Note7 (Exynos) out-of-the-box. As its release has been delayed in my country, we've had to resort to remote debugging, which is slow and frustrating. But, thanks to the ever helpful Dr.Ketan and SeraphSephiroth we finally got it working.
New exploit protections
As isn't uncommon with Samsung, they've built-in some new (and arguably ineffective to actual exploits) protections directly to the kernel code, that cannot be turned off by just modifying the boot image ramdisk.
This time, they've decided to kernel panic in case a 'priviliged' process (uid or gid below or equal to 1000, so this includes root and system processes) creates another process that isn't stored in /system or rootfs. SuperSU itself does this, but so do a great many root apps. Any time this happens: immediate reboot.
I'm not going to elaborate why in my opinion this is a fairly useless protection exploit-wise, but needless to say it is fairly bothersome for the normal root user, which is probably a lot more relevant for the average reader here.
Unfortunately - unlike many of the security features developed by Google - this feature is not easily disabled by modifying initramfs (boot image ramdisk), and requires further trickery to bypass.
Maybe a better bypass is yet to by found, but for the time being, I have resorted to patching the check inside the kernel itself when the systemless SuperSU boot image is created. This prevents the user from needing a custom source-built kernel, but it's questionable how long this hex patch will work. The code that performs this patch is fairly trivial - it may keep working the rest of the Note7's lifetime, or stop working the next update.
In other words, this could end up being resource intensive to support, or not. We don't know yet. We have to wait and see what Samsung is going to do.
Bearer of bad news
We know S and Note development are generally strongly related, so we should assume to see the same 'protections' appear in the S7 sooner or later as well. This is probably the (ugly) way forward.
Workarounds
Aside from the binary/hex patch SuperSU employs (see common/hexpatch inside the ZIP), there are some more ways to get around this protection.
If you're compiling kernels from source, it seems that setting CONFIG_RKP_NS_PROT=n gets rid of these protections. You may want to disable other RKP and TIMA settings as well, but that is the one directly relating to this issue.
This protection also disables itself in recovery mode, so simply copying a boot image with these protections to the recovery partition and rebooting into recovery (which will then just launch Android) will work beautifully as well.
CF-Auto-Root
The test CFARs I have made so far for the Note7 have not worked, so since both TWRP and SuperSU ZIPs are already available for this device, I'm dropping CFAR development until I have a device in-hand.
Links
SuperSU BETA thread: http://forum.xda-developers.com/apps/supersu/2014-09-02-supersu-v2-05-t2868133
TWRP flashable ZIP: http://download.chainfire.eu/999/SuperSU/BETA-SuperSU-v2.77-20160827190633.zip
Wow that's dumb
wat ineffective saucery, samsung will need 2 take lessons in defense against the dark arts if they r 2 defeat lord chainfiredemort
Great!
Note I717 days woot
Works also great on Galaxy S7 herolte and LG G4 H815 , thank you Chainfire!
I have an ATT Nexus 6, can I root. I want to move my device to a std Android version and remove ATT overload.
+Robert Rivera yes you can. To remove the at&crap simply wipe try /OEM partition
Lc
Do you need me to send you this Qualcomm Note 7?
x
Typical Samsung ??
Qualcomm Note 7?
+Robert Rivera You have a nexus so yes supersu works perfect but what overload are you talking about ATT don't touch Nexus firmwares.
+Chainfire FYI... We have discovered this version does not work on the Moto G 2015, recovery log all looks good, like it flashed but no SuperSU app and no root, and version 2.76 continues to perform correctly. We flash using the "SYSTEMLESS=true" parameter in /data/.supersu of TWRP recovery environment.
Ok on notes 4 with XRom v2 + kernel Emotion? Thx??
Gimana caranya unr oot hp andromax G2 mohon infonya
Systemless root not work on lenovo a7000 with android 6.0 , installed with TWRP recovery and original stock boot image the result fail... Can some one help with this
+Wisnu Afrianto Use SuperSU 2.76, the current stable version, with the systemless 'echo' command in TWRP terminal, should clear up the problem.
If it is possible to load a kernel module on Samsung devices (I have no idea if modules are supported or if the modules need to be signed, etc.) then something like the wp_mod module I used to do for HTC devices might be easier to maintain than hacking the kernel binary. https://github.com/flar2/wp_mod
Samsung typically disables kernel modules on their Exynos devices, and uses module signing on their Snapdragon ones.
it doesn't full unroot in official miui8 redmi note 3 snapdragon, once flashed there is no turning back
+Aaron Segaert I just had someone run a binary that checks for this on the US variants of the note 7. The load_module() function is definitely present, and they must be signed (see lkmauth) usually you can NOP the lkmauth checking function out if you find the address by decompressing the zimage since the check is just a BNE instruction, thus allowing for unsigned modules. The problem is /dev/mem isn't enabled on stock devices, so unless there's a way to use mknod or something else so we can mmap /dev/mem, I don't know if this solution would work for devices without a custom kernel.
Also binary patching using xxd on Android is fairly straightforward, not sure what method +Chainfire uses though.
Any link for twrp zip for v2.78
+Chainfire I'm sure I'm just being to lazy to read but do I have any options for my at&pee note4?
Other than temp root
Let's seek out the light , don't fail to join the brotherhood of the Illuminati .fame , wealth , money , riches and power shall become your title in just three days .if interested contact our supreme headquarters through whatsapp, on +15876000458, and just say Hail Satan for your online initiation. Hail satanas. +15876000458 think well and follow your heart and know that forward ever backward never. (Kurumanka dangazi) distance is never a problem ?666/?\
Root honor u19 no rotry?
????
Good app
علي بي احمد بي
any update as of 9-27-2016?
After installation I get a network error compiling android nougat number n3e71b root
جيدجدا
me ok