Shared publicly  - 
Root for Galaxy S4's Google Edition 4.3 leak

RE: JWR66N.S005.130625 only

So here it finally is: the first root for the S4 GE 4.3 leak, and also the first 4.3 root in general.

It required quite a few mods to SuperSU, but it seems all features are fully operational. There'll probably be some issues somewhere ;)

It remains to be seen if all of the protections that have been circumvented have been Samsung's doing (as is normal for Samsung pre-release leaked firmwares), or if some of them are actually normal for Android 4.3.

For example, Android processes have their binding set of capabilities 0'd out. I've not personally seen that before on other firmwares, so I'm not sure if that's Samsung's doing or something 4.3. It prevents processes from performing certain actions - even if the process manages to execute code as root user - like mounting the system read/write. Just to be clear, this root does not suffer from this issue.


This experimental version of SuperSU especially for this specific firmware leak. In theory it should also work on those protected engineering firmwares from Samsung that have gone around lately, but I have not tested it on any of those. Let's keep it to the leaked S4 4.3 firmware for the first test, shall we ?


For this root, SuperSU is running in daemon mode (new feature), and launched during boot.

The daemon handles all su requests, and while this should mostly work just fine, some apps may expect their su session to be running on the same branch on the process tree as the app that launched the session.

Titanium Backup is an example of such an app. It may incorrectly detect the path to your internal storage for backups, and thus crash on backup/restore. You can fix this by going into preferences and selecting a folder under /storage/emulated/legacy as backup/restore path, not under /storage/emulated/0.

In this download the daemon is spawned by , some other root apps use this, some recoveries delete it, etc. If you lose root, just reflash the package. You could change it so the daemon is launched by another (non-Java-related) process if you want.


Please do not mirror this download, do not repost the file elsewhere. Link to this post on G+, not the download.

Report problems in the thread on XDA, and mention that you're running the 4.3 leak !

This is a flashable ZIP, I've only tested it with TWRP, but I'm assuming CWM will also work.

EDIT: CWM users, you need to uncheck the option to "disable stock recovery flash", if it shows up.

EDIT#2: Link updated with TiBu fixed version


Why no CF-Auto-Root and a flashable ZIP instead ? Because you needed a custom recovery to flash the leak in the first place, so you will have one already, and I'm waiting for other 4.3 firmwares to see if this will be a new standard, before modifying CF-Auto-Root to use it.
Herman Hedokingbe's profile photo康华平's profile photoPierre-André Facia's profile photoاحمد الدليمي's profile photo
Awesome! Now its time to try 4.3. Was waiting for root first. Thanks chain fire. Your a beast.
Omg this is amazing thank u, i'm testing it right now
Works great using CWM!

If you're ever in Amsterdam, beer's on me :)
Yeah I think aosp is changing the way they deal with security. In the aosp master branch there's not root at all right now. 
Nick 11
Gotta love the Android Dev community, rooting an OS that hasn't even been announced. Impressive
+Chainfire "Because you needed a custom recovery to flash the leak in the first place, so you will have one already,"

Wasn't the SamMobile leak an ODIN Image actually?
Great news Chainfire! Thanks for your work!
Okay. Lets bet for how long they need to figure out to drop privileges before calling ;)
4.3 is such a battery hog. I went back to 4.2
+Chainfire i cannot use lucky patcher seems to have the root permitions but it doesn't work :/
Kuan Lu
The 4.3 root is finally there, well done!
Thanks Chainfire for your work!
As always, like a boss, you deliver!
Galaxy s4, should work on all variants except gt-i9500 8 core
Good :D
Works fine on SHV-E300S which is one of SGS4 in South Korea
Titanium Backup is not working for me. Any tips?

Already wipe data from TB, re-installed. Root access is working with others apps.
Cheers, thanks to this I was able to get off this battery draining ROM. 
Where do I locate "disable stock recovery flash" to uncheck it?
Yea. TiBu won't restore my apps.
Helium backup too... asks for Permission, its Ok. But loading isn't loading. I'll try ask to +ClockworkMod 
Should I flash this or the 4.3 ROM first?
+Daniel Neto Helium is working fine in my tests. Are you sure the ZIP got installed correctly ?
Where do I locate "disable stock recovery flash" to uncheck it if I'm using cwm?
+Connor Barnes your raging noobness is hurting my head :(  Clockwork will ask you if you want to disable stock recovery flash after you flash this su zip.  Just select no. 
I have tried to contact the author of Titanium Backup by the way, see if we can figure out what the issue is. I'm sure he'll get back to me and even if he doesn't, that the problem will be fixed.
I just wanted to have everything in line before I went ahead and messed around. Better safe than sorry.
+Chainfire thanks for your attention. I'll check later. Definitely isn't an issue in SuperSu. Testing at Gnex 7 (4.2.2) and getting the same.

Thanks for your support.

working great no fc coming from 4.2.2 .. thanks bro
Is this for every carrier of the gs4? I have a T-Mobile gs4
FYI, the issue with TiBu has been found, will release a fix tomorrow. Nap time now!
Great! It works fine, thanks!!!
MD5 : B8C2077B3C6FFB0D0B2C40628EEEE875

as of 7/3 9:52PM EST
I can't imagine the Android world without +Chainfire... You're a gem for the community... Thank you. 
I didn't even know there was a 4.3 was leaked 
TiBu be fixed. Reread post. Important info.
Can this be flashed from stock on a Sprint phone?
Don't work..installed 4.3ge deoxed with philz touch then this file.. Super user app i con appears in tue app menu, but titanium isn't able to find root privileges.clicking on che su icon i can read program is not installed
Sol S
With 4.3GE and TWRP, the file fails to install in TWRP.  Help would be appreciated.
Damon M
I'm def a noob but please help I'm on 4.3 but when I try to manually CWM and flash the download, it just resets my phone. 
Damon M
Is there another way to manually enter CWM?
Will this work on vzw s4 with latest firmware?
Sol S
@Matt: I resolved that issue with a reboot.
i have the same problem as +Perry Randle .
I noticed that i can get root access with Superuser.apk via shell but no app nor SuperSu can get su-access. Can you help us?
flash root with TWRP Recovery. It seems that CWM has problems with rooting Android 4.3
+Michael Beetz I have the same problem as Perry Randle and i tried every combination. TWRP, CWM, Odexed and Deodexed ROM. I just can't get it to work either way. For me there are 2 possibilites i can get to: SuperSu tells me that there is no binary, or SuperSu gets stuck and android offers me to kill it after sometime. For now i give up and either go back to 4.22 or wait out a few days without SU.
Thanks for this SU, the only one working on the N4 running Android 4.3. However many users are experiencing 2 issues:
- rapid drain while the 'daemonsu' process takes 70% of CPU until next reboot.
- Standard sd-card path is not accessible to root user: /storage/emulated/0 must be replaced with /storage/emulated/legacy

Would you have time to take a look at this? If you need logs or anything let me know.

Related post on XDA:
i can't reproduce your sdcard problem.
i dont have a folder: /storage/emulated/0
there is just /storage/emulated/legacy in my case.

please reflash the ROM with TWRP Recovery and wipe userdata and cache. make sure you backup your data. Battery problem is in investigation
Thanks Michael for looking into this. Note however that path /storage/emulated/0 is the path provided by getExternalDirectory() API, but under root user, only /legacy shows up. If you open a shell without root, it will show both /0 and /legacy, but /legacy is not accessible. That's what most users have seen so far, but maybe I'm using CWM instead of TWRP, but could that really cause this?

As for the battery issue, I didn't find a consistent way to reproduce the daemonsu process going bersek and consuming 70% of CPU. Not even sure it's the first source of drain. Yesterday I unplug device fully charged, didn't check for the daemon, didn't use it much and at noon, 14% was left!? Most of the times, everything goes ok though.
ahhh now i understood. that's really weird and i can confirm this.
but /legacy is accessible with and without root in the terminal for me. can you look for the rights the legacy folder has with "ls -l"?
i experienced battery drain because wifi was turned on but he didn't connect to the hotspot properly. that caused battery drain for me? perhaps it has to do something with this?
Actually you're right, emulated is accessible by non-root. must have gone confused by the fact that legacy (under root only) links to /mnt/shell/emulated/0, whereas it's a real folder without root!
Interesting, I use Android Tuner to turn off WiFi while in standby, but I'll double check again, yesterday there was no hotspot, so it may well be that WiFi was on but would not connect to anything! WiFi was definitely on while using the device, maybe that's when it quickly drained the device. Felt the device was warmer that usual, another thing many users noticed, while many didn't.
i will check it, too. today it connected to wifi without problems. If we are lucky the official 4.3 release is today. then all of the problems should go away ;)
Just installed the official image, rooted, SD path issue remains, not sure about drain and daemon process going bersek though.
Thanks for the XDA links, but this redirects here for the 4.3 version.

Even though I've dealt with it in my app, wouldn't it be better to fix the bug in a single place instead of having work-around in all root apps? Sooner or later other SU implementations will be available without this issue.

In other words you're saying root apps should use root access for everything they do, even when user wants to select a path on SD card. Good luck with that.
+Chainfire Noticed another oddity on 4.3, probably related to this SD path missing: if root user mounts /system RW, only root sees it RW, all existing apps continue to see it RO. Didn't use to be that way, but I'm pretty sure it's the new 4.3 security model. Might also explain the SD card not being mounted for root, however that one should be easy to fix within SU binary? All this seems to only be valid on a fuse file-system. When using vfat SD card (or sdcardfs on the SGS4) mount points are valid for every users.
Managed to root my Nexus 4 with the official Google build (pushed via fastboot) with this. Flashed the file, rebooted and I had superuser privileges!
Success in Nexus 7 with JWR66V & the latest TWRP.
i can confirm what +Cedric Counotte said in regards to root seeing RW and apps continuing to see it RO.  it happens temporarily from time to time.
OMFG. This is amazing. Thanks Chainfire.
+Roberto Gómez Same here, just rooted stock JB4.3 on my nexus 4. Now nexus 7 to go...
Great work +Chainfire . Flashed it on my Nexus 7 and using your path-trick in TiBu everything is up and running :)
For some weird reason it doesn't work for my Galaxy Nexus (yakju) on 4.3 :/
Nexus 7 just installed 4.3, SuperSU patch, and TiBu. Once the Box sync completes, will test massive restore. (after changing the backup path to .../legacy)
Perfect! I just upgraded to the pro version!
After the Nexus 7 it also works flawlessly on my 4, you're the man! Happy I donated to you :)
Can I use this method for galaxy nexus gsm 4.3?
On My nexus 7 with 4.3 I did get it to work, but with TWRP Recovery and have to flash it twice(the 1st didn't work, rebooted to recovery flash it again and it worked).
Now it's rooted ;)
Worked fine on my Nexus 4. Thanks!
Gracias...perfecto en nexus 7 4.3
I Downloaded 4.3 Google edition ROM for my s4 on AT&T. I can't get into recovery...what is the next step for me?
Thanks, I was pretty happy with stock 4.3 but being back on Cyanogenmod (10.2) makes me feel fuzzy.
+Andrei AndreaS Guitchev There are lots of functions that Cyanogenmod packs in that Stock doesn't.  My favorites are the smart unlocking options and the ability to set a 'quiet time' so I don't get notifications.  I've been using Cyanogenmod for so long that 'Stock' just didn't fulfill my needs anymore.
+Andrei AndreaS Guitchev I've installed CM10.2 on my S4 and my old S2X and haven't had any issues. I have more random reboots on my new Nexus7 than anything ever. Ah well. 
titanium backup worked..Awesome was about to loose hope...Thanks a lot man...
Worked perfectly on my Nexus 7 (2012). Thanks!
Can anyone confirm if this work for Samsung Galaxy S4 i9505 XXUEMI5?
I am rooted and I just bought the Pro version but I cannot see a backup location of \storage\emulated, and if I try going to \mnt\shell it says this folder is not accessible. How can I change the backup path so i can restore my TB backups on a 4.3 rom if backed up on a 4.2.2 rom? Please help. Thanks.
I upgraded my Galaxy S4 from 4.2.2 to 4.3  off  course after backing up everything (Tit) and  I use the instructions to the letter I flash CF-Auto (CF-Auto-Root-ja3g-ja3gxx-gti9500.tar) then flashed cofface_S4_recovery_en_V3.0.tar then using CW I flash UPDATE-CWM-SuperSU-v1.65 and philz_touch_5.08.8-i9500, after all that I reboot things seemed ok until I a massage appeared stating that” supersu is attempted  to access my system  without authorization . this attempt has been blocked . delete  application obtained  from unauthorized sources may improve security.”  And when I try to access supersu the following message has appear “ There is no SU  binary installed, and SuperSU cannot install it. This is a problem! If you just upgraded to Android 4.3, you need to manually re-root- consult the relevant forums for your device!” and I tried again but no success.
I am opened for any suggestion please, thank you 
Hi M.K. Fathaly.
Try to flash again UPDATE CWM SUPERSU again
Add a comment...