Thursday, September 15, 2011

Root Samsung Galaxy SL (i9003) Gingerbread 2.3.4 (XXKPH)

I had hard time finding how to root the Samsung Galaxy SL, 2.3.4, XXPKH. There were many blogs and website talking about rooting, but because XXKPH was the latest version and it was 2.3.4, most of the methods mentioned in there does not work. 

The most basic method is to use the SOC (Super One Click) and it does not work with XXKPH, because the kernel exploit cannot be done by Ginger break, and it seems they have closed the loophole which ginger break was using. The original Ginger break method was mentioned in this website, and he has clearly mentioned that it has to be using the usb debugging mode on adb. SOC also uses the same method, and it should be the only way to do it.

Now how do we proceed, I read in a Spanish website for i9000 that the kernel must be replaced with a kernel which can be exploited and then exploit using SOC and replace back the original kernel after installing SU (super user app). I found it something convincing and then tried the method on XDA developer where he talks about flashing the fixed binary and then normal boot again. I was scared to try this before as I do not want to use any modified binary as the XXKPH is very stable, and battery life and GPS are working awesome for me. Any change would only deteriorate the performance, as these people may have done somethign which they are not very sure of.

Here goes the method for XXKPH
  • After Flashing to new Firmware , Go to Downloading Mode By pressing volume down + menu button + power button and Flash the Phone Using the PDA file GT-I9003_PDA_XXKPE-fixed.tar
  • Root USing SOC (Latest version of SOC can be downloaded from here)
    • While rooting, you may find that it it stuck at step #6, may be you can disconnect the cable and connect back, and it should do the trick !! (happened with me)

  • Flash PDA with the normalboot.img.tar attached below
Note: With the absolutely beautiful ADB exploit I use, titled rageagainstthecage (ratc), absolute ALL devices can be rooted. This is because it exploit is ADB which all devices use. There is an issue though. Some devices have a NAND lock which does not allow you to write to the /system mount. Because of this, you can't copy su, sqlite or busybox to /system/bin. This creates some issues but there is a work around. For things that don't need access to /system (like enabling non-market apps) I can use the ratc exploit to make those changes. If your device cannot use su in /system/bin then you can simple select a checkbox (as of v1.5) that says to use ratc. 

There are 3 levels of "root" we can define:
Level 1: Shell Root (with ratc rooting the adb shell but no /system write access)
Level 2: Temporary Root (/system/bin/su installed but lost on reboot)
Level 3: Full Root (/system/bin/su installed and sticks)

Some devices have a NAND lock. SuperOneClick will only give a Shell root until you remove this lock.

Gingerbreak uses rageagainstthecage,  is a root exploit via a fork bomb. Some antivirus program may raise alert for malicious content while unzipping, and here is the explanation for it. 

It IS a potentially malicious payload, BUT it is being used with owner's consent to root the phone. The DreamDroid malware use exactly same payload - they are trojans, but this is a helpful tool. It IS a dangerous tool in the wrong hands, but this is a root exploit, so you should exercise common sense and a little understanding of what it does and how it works.


  1. hey thanks a lot i was finding it really diff to find a way 2 root xxkph..hey can u like give a step to step guid to do how to flash with pda and etc

  2. What's that you did not understand, if you have already flashed XXKPH yourself, then it must be very easy, anyways, let me know if there is any confusion. My blog also has post on how to flash XXKPH, if needed please refer to that. And you can always post question here. I would reply

  3. m already on xxkph from the day it was launched actually m not a lot familiar with rooting..flashing with d above file (GT-I9003_PDA-XXKPE-fixed.tar) is through odin right? should anything be clicked or unclicked in it?like while flashing the firmware??...and after rooting can b unrooted directly through superone click?

  4. You need to only replace PDA, and once before rooting, and once after rooting.

    Before rooting, replace it with the _fixed.rar and after rooting replace with normalboot.img.tar

    Nothing additional buttons needs to be clicked.
    for more details on flashing check this link

  5. can u tell me how do i unroot the phone?

  6. hey can u tell me how to unroot it??

  7. @Parth, all i know is, you need to re-flash with the original binary, it will be un-rooted, no other way out.

  8. actually i have to give my phone to the service ppl...rooting does void warranty right??do i need to reflash it or juz send it this way

  9. Just give as it is, they would not get to know, may be you can uninstall the su app, which you can install later as well.

  10. thanks a lot...i ll give it shot...btw hey u any app or way to actually increase the battery life f the phone??

  11. What do you think of this method at

    Please let me know. I have GT I9003 XXKPH. I am wondering what is the best way to root it.

  12. @Hemnath, This is modified ROM, so you never know what and all has been modified, so try at ur own risk (esp, privacy)