Chainfire Discusses SuperSU and Problems With The Note 7

We may earn a commission for purchases made using our links.

Earlier today Chainfire took to Google+ to discuss progress with the Note 7 and SuperSU, explaining that as the Note 7’s release has been delayed in some countries he has had to work via remote debugging. Thankfully, with the aid of Dr.Ketan and SeraphSephiroth it is now working. However it is not all good news.

“As isn’t uncommon with Samsung, they’ve built-in some new (and arguably ineffective to actual exploits) protections directly to the kernel code, that cannot be turned off by just modifying the boot image ramdisk.

This time, they’ve decided to kernel panic in case a ‘priviliged’ process (uid or gid below or equal to 1000, so this includes root and system processes) creates another process that isn’t stored in /system or rootfs. SuperSU itself does this, but so do a great many root apps. Any time this happens: immediate reboot.” – Chainfire

This in itself is an issue not just for Note 7 root users but also for the closely linked (development wise) S7. Unfortunately the method of bypassing this in his own words is “fairly trivial” meaning that we cannot know now how long this method will continue to work for. Likewise, until Samsung make their move we are also unable to tell how much time, energy and resources will be required to continue support for the device. So far test CF-Auto-Roots have been unsuccessful and until he can get his hands on a unit, he will be dropping development. About a 100 CF-Auto-Roots have been updated yesterday and today — Chainfire XDA (@ChainfireXDA) August 26, 2016

To ensure accuracy the following is a direct excerpt from his post:Aside from the binary/hex patch SuperSU employs (see common/hexpatch inside the ZIP), there are some more ways to get around this protection.

If you’re compiling kernels from source, it seems that setting CONFIG_RKP_NS_PROT=n gets rid of these protections. You may want to disable other RKP and TIMA settings as well, but that is the one directly relating to this issue.

This protection also disables itself in recovery mode, so simply copying a boot image with these protections to the recovery partition and rebooting into recovery (which will then just launch Android) will work beautifully as well.

As mentioned above a lot of future development for the device relies heavily on how Samsung react and adapt in the coming updates, but for now you can find the official SuperSU Beta for the Note 7 thread here, and a TWRP flashable zip here.