Safe root and unlock of Samsung Galaxy Mini using Ubuntu Linux


These instructions show how to use 'rageagainstthecage' and 'adb' in order to root (and then unlock) a Samsung Galaxy Mini without requiring Windows. They would likely work with any phone that the 'rageagainstthecage' hack works on.


I bought a Samsung Galaxy Mini (GTS5570) Android phone and I wanted to root it so I could easily tether and so I could unlock it for when I travel.

If you have a Mini that's running the Froyo version of Android, then you can root it with SuperOneClick. The Gingerbread version uses Odin.

Both of these are Windows executables and hence of little use to me. (Allegedly you can run SuperOneClick on Linux with 'mono' but it didn't work for me.)

I did some more research and found that there were earlier versions for root/unlocking that involved manually using ADB and the shell, but they had evidently bricked some phones. After reading through some of the instructions, I think I know why.

The general gist is that there's a tool that let's you temporarily get root access over an ADB shell. From there you can remount the /system mount so that it's writable and then add the su/root files. Problem is the directions I found were full of specific information that could break your phone if any of the filesystem setup was different (as was mine). I've further made the unlocking directions even safer than the current set making it's rounds on the net.

Amended directions here:

Based off of ideas in:

Rooting the Samsung Galaxy Mini


Search for these if you don't have them.
  1. adb tool
  2. USB debugging enabled on phone (settings->applications->development->USB debugging)
  3. Rageagainstthecage-arm5.zip


  1. Charge your phone for safety. You don't want to lose power during these steps.
  2. Get temporary root access
  3. Add 'su' to get permanent root access
  4. Verify that it worked
  5. Get unlock code


Prompts: 'linux%' is my Linux prompt. '$' is the regular adb shell user. '#' is the root adb user.

Temporary Root Access

This assumes the existence of '/data/local/tmp' as a temporary directory in the adb shell, if it doesn't exist you can just use a different writable path (my guess is that /sdcard would probably work).
  1. Unzip Rageagainstthecage-arm5.zip
  2. Turn on USB Debugging on the phone (Settings -> Applications -> Development)
  3. Connect phone via USB
  4. linux% adb devices
    This should show your Mini. Otherwise you need to add to/create a file in /etc/udev/rules.d/ such as 99-android.rules:

    SUBSYSTEM=="usb", ATTR{idVendor}=="04e8", MODE="0666", GROUP="1000"

    (These values should work for the Samsung Mini - I got them using 'lsusb'). Then restart udev: "sudo /etc/init.d/udev reload" and then restart adb: "sudo adb kill-server"

  5. linux% adb push rageagainstthecage-arm5.bin /data/local/tmp
  6. linux% adb shell
  7. $ cd /data/local/tmp
  8. $ chmod 0755 rageagainstthecage-arm5.bin
  9. $ ./rageagainstthecage-arm5.bin
    (This takes time - let it run until it exits the connection)

Add 'su' to get permanent root access

  1. linux% adb shell
    (If rageagainstthecage worked, you should now see a '#' prompt signifying root access instead of a '$')
  2. Remount the read-only system filesystem as read-write. The original instructions were very specific:
    # mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system
    This assumes the type (yaffs2 - which mine wasn't) and the partition (also different on mine). You mount the wrong partition as system and you're likely to screwup that partition and thereby brick your phone. Instead, let's figure out the correct partition and let mount figure out the correct filesystem type:
  3. # mount
    Search the output of 'mount' to see what's mounted as system. You'll see lines like:
    /dev/stl13 /data rfs rw,nosuid,nodev,relatime,vfat,llw,check=no,gid/uid/rwx,iocharset=utf8 0 0
    /dev/stl12 /system rfs ro,relatime,vfat,log_off,check=no,gid/uid/rwx,iocharset=utf8 0 0

    In this case, the second line tells us that '/dev/stl12' is mounted as /system. It's a 'vfat' - but mount already knows that. So for this phone I'd do:
    # mount -o remount,rw /dev/stl12 /system
    Make sure to put the correct /dev/ for your phone in the line above.
  4. # exit
  5. Now back in Linux (either exit the adb shell or in another window) we install onto /system the files we need to always get root access.
  6. linux% adb push c:\droidroot\Superuser.apk /system/app
  7. linux% adb push c:\droidroot\su /system/bin
  8. linux% adb push c:\droidroot\busybox /system/bin
  9. Then back on the adb shell (either back in the adb window or run adb shell again) we set the permissions properly.
  10. # chmod 4755 /system/bin/su
  11. # chmod 4755 /system/bin/busybox
  12. The instructions also mentioned:
    # mv /system/recovery-from-boot.p /system/recovery-from-boot.p.disabled
    But it's probably unnecessary - I didn't have that file so it didn't seem to matter.
  13. Now we remount the /system as read-only. Repeat the 'mount' command above replacing 'rw' with 'ro' - my command was:
    # mount -o remount,ro /dev/stl12 /system
  14. Cleanup:
    # rm /data/local/tmp/rageagainstthecage-arm5.bin
  15. And we're done:
    # exit

Verify that it worked

There are a number of ways to verify that you have root. Check the Android Market for something like "Root Checker" or just get an application that requires root access to run.

Unlocking the Samsung Galaxy Mini

The unlock code is hidden in /dev/bml5.img I've seen some attempts to mount this with the same problems about specifying specific devices in the instructions. We'll get around this by just searching for the unlock code in the image.
  1. Back on the device:
    linux% adb shell
  2. If we see the '$' then get to the root prompt '#' with 'su'
  3. Copy the bml device to a file to look at it.
    # cat /dev/bml5 > /sdcard/bml5.img
  4. # exit
  5. And get a copy of it on our linux box:
    # adb pull /sdcard/bml5.img
  6. On our linux box, we search the bml5 image for a series of 8 numbers. The first one we see seems to be the unlock code (it was on mine and others). An easy way to search for it, courtesy perl:
    linux% perl -ne 'print "Found $1\n" if /([0-9]{8})/m' bml5.img
    The first line returned is probably our unlock code.
  7. Test the unlock code (and unlock the device) by putting in a sim from a different network (you may need to reboot the device) and it will ask you for the unlock code.
  8. I've seen the claim that you can test if it's unlocked by dialing '*#7465625#' (which spells 'simlock') though it just gave me the message 'rejected' on mine, and my phone is definitely unlocked and working on other providers.

Back to Solutions.

DaveSource.com - Dave's geek site GetDave.com - all the current Dave Pointers. MarginalHacks - I have an elegant script for that, but it's too small to fit in the margin.