SuperSU v2.77 BETA - Note7 (Exynos) shenanigans

Unfortunately SuperSU did not work on the Note7 (Exynos) out-of-the-box. As its release has been delayed in my country, we've had to resort to remote debugging, which is slow and frustrating. But, thanks to the ever helpful Dr.Ketan and SeraphSephiroth we finally got it working.

New exploit protections
As isn't uncommon with Samsung, they've built-in some new (and arguably ineffective to actual exploits) protections directly to the kernel code, that cannot be turned off by just modifying the boot image ramdisk.

This time, they've decided to kernel panic in case a 'priviliged' process (uid or gid below or equal to 1000, so this includes root and system processes) creates another process that isn't stored in /system or rootfs. SuperSU itself does this, but so do a great many root apps. Any time this happens: immediate reboot.

I'm not going to elaborate why in my opinion this is a fairly useless protection exploit-wise, but needless to say it is fairly bothersome for the normal root user, which is probably a lot more relevant for the average reader here.

Unfortunately - unlike many of the security features developed by Google - this feature is not easily disabled by modifying initramfs (boot image ramdisk), and requires further trickery to bypass.

Maybe a better bypass is yet to by found, but for the time being, I have resorted to patching the check inside the kernel itself when the systemless SuperSU boot image is created. This prevents the user from needing a custom source-built kernel, but it's questionable how long this hex patch will work. The code that performs this patch is fairly trivial - it may keep working the rest of the Note7's lifetime, or stop working the next update.

In other words, this could end up being resource intensive to support, or not. We don't know yet. We have to wait and see what Samsung is going to do.

Bearer of bad news
We know S and Note development are generally strongly related, so we should assume to see the same 'protections' appear in the S7 sooner or later as well. This is probably the (ugly) way forward.

Aside from the binary/hex patch SuperSU employs (see common/hexpatch inside the ZIP), there are some more ways to get around this protection.

If you're compiling kernels from source, it seems that setting CONFIG_RKP_NS_PROT=n gets rid of these protections. You may want to disable other RKP and TIMA settings as well, but that is the one directly relating to this issue.

This protection also disables itself in recovery mode, so simply copying a boot image with these protections to the recovery partition and rebooting into recovery (which will then just launch Android) will work beautifully as well.

The test CFARs I have made so far for the Note7 have not worked, so since both TWRP and SuperSU ZIPs are already available for this device, I'm dropping CFAR development until I have a device in-hand.

SuperSU BETA thread:

TWRP flashable ZIP:
SuperSU is the Superuser access management tool of the future ;)

!!! SuperSU requires a rooted device !!!

SuperSU allows for advanced management of Superuser access rights for all the apps on your device that need root. SuperSU has been built from the ground up to counter a number of problems with other Superuser access management tools.

Features include:

- Superuser access prompt
- Superuser access logging
- Superuser access notifications
- Per-app notification configuration
- Temporary unroot
- Deep process detection (no more unknowns)
- Works in recovery (no more segfaulting)
- Works when Android isn't properly booted
- Works with non-standard shell locations
- Always runs in ghost mode
- Wake on prompt
- Convert to /system app
- Complete unroot
- Backup script to survive CyanogenMod nightlies
- Icon selectable from 5 options + invisible
- Theme selectable from 4 options
- Launch from dialer: *#*#1234#*#* or *#*#7873778#*#* (*#*#SUPERSU#*#*)
NOTE: Not all phones take both codes. On some phones you need to use single *# instead of double *#*#

The Pro version additionally offers:

- OTA survival mode (no guarantees)
- Full color-coded command content logging (input/output/error)
- Per-app logging configuration
- Per-app user override
- Grant/deny root to an app for a set amount of time
- PIN protection
- Per-app PIN protection
- Adjust auto-deny countdown

The discussion and support thread can be found on XDA-Developers here:

This is meant to replace Superuser (if installed), you use either one or the other. You cannot combine them. Statements that this breaks Superuser are therefore completely nonsensical.


Superuser access management runs through a so called "su binary". There can be only one of these at a time. So if you install SuperSU, your previous superuser access management solution will no longer operate. So if you want to switch back: (1) Open that application, and search for an option for it to install/update/replace the "su binary". (2) Confirm root-using apps are using the superuser solution you want. (3) Uninstall SuperSU.

Want to help translate SuperSU ? See !

These are completely optional and more like donations. They do not unlock any functionality.
See available APKs
There's a more recent version available below!

This release may come in several variants. Consult our handy FAQ to see which download is right for you.

August 28, 2016
Android 2.1+
All Releases
January 1, 2018
October 1, 2017
September 18, 2017
August 13, 2017
May 29, 2017
May 25, 2017
May 24, 2017
March 23, 2017