This Repository Contains an Online Copy of the Guide Section of my FOSS Root Checker Project for Easy Access from Computers.
| GitHub Releases | SourceForge | Appteka |
|---|---|---|
 |
 |
 |
Important
This Project is not Affiliated with Google, Magisk, and other Open Source / Closed Source Referenced in this Project. Certain Brands mentioned are for General Information Only.
Caution
Please BE CAREFUL what apps you are giving Root Permissions to. I am not responsible for Data or Money Theft by Malware on your Device.
Rooting an Android device means gaining full administrative (superuser) control, similar to an administrator on a computer, by unlocking deep system access restricted by manufacturers.
- Bloatware Removal ✅
- System-wide Adblocking ✅
- Advanced Theming and Modification ✅
- Full Data Backups ✅
- Unlimited Google Photos Backups ✅
- Unlocking Higher FPS in Games ✅
- Sound Enhancement ✅
- Running FULL BLOWN Linux on Android using chroot ✅
- Battery Longevity (ACC) ✅
And Many Others.......
- Usually Voids Warranty ❌
- Increased Security Risks ❌
- Loss of Hardware Encoding ❌
- No Official Updates (OTA) ❌
- Data loss ❌
- Risk of Bricking Device ❌
Important
Now with that out of the way, let me inform you about some ADDITIONAL STUFF that you WILL FACE during your modding journey.
The Bootloader is the first piece of software that runs every time you turn on your Android device. It acts as a security guard and a guide, directing the hardware on how to start up and which operating system to "hand off" control to. This is locked by default to ensure stability and prevent malware from infecting the device.
Bricking refers to a device becoming completely non-functional, usually due to a corrupted software update or a failed firmware modification.
A soft brick is a "recoverable" state. The device might be stuck in a boot loop (constantly restarting at the logo) or booting straight into recovery mode.
- The Cause: Usually a minor software error, incompatible app, or a bad module.
- The Fix: Can often be fixed by a factory reset, clearing the cache, or reflashing the original firmware using a computer.
A hard brick is much more serious. The device shows no signs of life—no lights, no vibration, and the screen remains black.
- The Cause: This happens when the bootloader or the kernel is corrupted or deleted.
- The Fix: This often requires specialized hardware tools to bypass the main software, or in many cases, a physical replacement of the motherboard. Tools such as SP Flash Tool and mtkclient can sometimes fix this, but FASTBOOT is not accessible during this time.
Device Mapper Verity is a transparent integrity-checking feature of the Linux kernel. Its sole job is to ensure that the data on critical partitions (like /system, /vendor, or /product) has not been modified even by a single bit. This is why it is sometimes disabled while modding.
The system creates a "Hash Tree" (Merkle Tree):
- It hashes every 4KB block on the partition.
- It then hashes those hashes.
- It keeps doing this until only one hash remains at the very top.
This final single hash is called the Root Hash. This hash is digitally signed by the manufacturer and stored in a read-only area (the VBMeta partition).
When Android wants to read a file, the kernel reads the 4KB block from the disk and calculates its hash. It compares it against the "parent" hash in the tree, all the way up to the Root Hash. If the math doesn't match perfectly, it knows the block was tampered with. This is when you get the "dm-verity corruption" and "System is Destroyed" warnings.
From my experience with rooting: Use Magisk if you are not sure. It works on almost every device, can be flashed via PC or Custom Recovery (like TWRP or OrangeFox), and does the job very well.
Unless your device is old, DO NOT USE EXPLOITS! I have soft-bricked my own device doing that, so please be careful!
Caution
This process will wipe all user data. Ensure you have a backup before proceeding. Also Xiaomi, Oppo and Realme have Additional Steps. Vivo, iQOO and certain Manufacturers don't support Bootloader Unlocking.
Details
$ adb reboot bootloader• For most devices :
$ fastboot flashing unlock• For some older devices :
$ fastboot oem unlock- Unlocking doesn't brick device immediately ✅
- Safe and Easy to Use ✅
- Not available on all devices ❌
- Xiaomi Devices need permission from Xiaomi Community and then Mi Unlock Tool is used ❌
- Oppo and Realme Devices use 'Deep Testing' or 'In-Depth Test' for Fastboot Permissions ❌
Caution
Please BE CAREFUL as it doesn't work on very new device and can cause 'System is Destroyed' and 'dm-verity corruption' Ensure that your device has no Replay Protected Memory Block (RPMB) before proceeding.
Details
Hardware-level bypass for locked MediaTek chipsets.
First install USBdk if using Windows (Recommended).
NOTE : For Each Step, Run the Command, Press both Volume Buttons and Connect Phone to PC.
$ python mtk.py r vbmeta_a,vbmeta_b vbmeta_a.img,vbmeta_b.img
$ python mtk.py r vbmeta vbmeta.img # For Old Devices$ python mtk.py da seccfg unlock$ python mtk.py da vbmeta 3$ python mtk.py e metadata,userdata$ python mtk.py reset- Easy to Recover with Backups ✅
- Can fix Hard-Bricks ✅
- Fast and Easy to Use ✅
- Does not Support QualComm and UniSOC Devices ❌
- High Chances of Bricking ❌
- Doesn't work on very new devices ❌
- Fastboot may not be usable as on Realme Devices ❌
Link : mtkclient by @bkerler
Caution
- Use Official Sources Only
- Don't use 'One-Click Root' Apps
- UNLOCK Bootloader first
- FASTBOOT devices ONLY ( Excludes Samsung & Odin )
Details
First, obtain your stock boot.img or init_boot.img, patch it using the Magisk App, and then flash it.
Flash to Active Slot:
$ fastboot flash boot_a patched.img
$ fastboot flash init_boot_a patched.imgFlash to Inactive Slot (If Needed):
$ fastboot flash boot_b patched.img
$ fastboot flash init_boot_b patched.imgFor Older Devices:
$ fastboot flash boot patched.img- Truly Systemless ✅
- Widest Module Support ✅
- Works on pretty much anything ✅
- Best possible documentation and compatibility ✅
- Easily Detectable as it leaves Traces ❌
Link: Magisk by @topjohnwu
Warning
If your kernel version is below 5.10, this device doesn't support KernelSU OFFICIALLY. You will have to compile your device's kernel and integrate KernelSU into it YOURSELF!
Details
First, obtain your stock boot.img or init_boot.img, patch it using the KernelSU App, and then flash it.
Flash to Active Slot:
$ fastboot flash boot_a patched.img
$ fastboot flash init_boot_a patched.imgFlash to Inactive Slot (If Needed):
$ fastboot flash boot_b patched.img
$ fastboot flash init_boot_b patched.imgFor Older Devices:
$ fastboot flash boot patched.img- Fully Systemless ✅
- Very hard to detect by Banking Apps ✅
- Leaves no Traces ✅
- Only Supports devices with Generic Kernel Image (GKI) ❌
Links:
Warning
Not all Devices support APatch! Please ensure that your kernel has kallsyms. DO YOUR OWN RESEARCH!
Details
First, obtain your stock boot.img and patch it using the APatch App and then flash it.
Flash to Active Slot:
$ fastboot flash boot_a patched.imgFlash to Inactive Slot (If Needed):
$ fastboot flash boot_b patched.imgFor Older Devices:
$ fastboot flash boot patched.img- Fully Systemless ✅
- Very hard to detect by Banking Apps ✅
- Leaves no Traces ✅
- Doesn't need a GKI Device ✅
- Doesn't work on every device ❌
Link: APatch by @bmax121
Caution
This allows you to Bypass Root Checks used by Banking apps for YOUR FINANCIAL SAFETY! Please be cautious while hiding Root.
Now that your device is unlocked and rooted, it’s time to hide this status! Certain apps—like banking apps and games with anti-cheat—check for the presence of Zygisk, Magisk, the "su" binary, and more for user safety.
However, with the power of Systemless Rooting and Modules, your device can provide a software-level lie to all apps, making them believe the system is completely stock and locked.
- If using Magisk: Enable Zygisk in the app settings.
- If using KernelSU, APatch, or Magisk (with built-in Zygisk OFF): Flash one of the following modules:
This module spoofs Hardware Backed Attestation (via TEE) by injecting a valid KeyBox.xml. When combined with Tricky Addon and its WebUI interface, the process becomes much easier.
Instructions:
- Obtain the
.zipfiles for both modules and flash them. - After rebooting, tap the Action button under Tricky Store.
- In the WebUI, select all relevant apps and tap Set Valid Keybox.
Used to hide root status, all traces of Zygisk, and root paths. It effectively fakes the "Locked" status of your bootloader.
This assigns a valid fingerprint of a locked device systemlessly. Flash one of these modules and tap the Action button after rebooting.
Haha, what an irony! 💀 A FOSS app recommending closed-source modules! Peak logic. If you prefer keeping it open-source, check these out:
- TEESimulator by @JingMatrix
- NoHello by @MhmRdd
- Tricky Store OSS by @beakthoven
- Zygisk Assistant by @snake-4
Please be aware: There are fraudulent repositories on GitHub that are cloning this project's name and using AI-generated readmes, but they contain completely random and unrelated files in each release. These are NOT official versions of this project.
ALWAYS ensure you are downloading or cloning this project ONLY from its official and legitimate source:
https://github.com/Chill-Astro/Android-Rooting-Guide
Check here for more details. I am trying my best to report these people.
View Details
If your download contains any of the following, DELETE IT IMMEDIATELY:
- Suspicious Windows Executables: Files ending in
.exe,.bat, or.dll(e.g.,luau.exe,StartApp.bat). - Compressed Archives: This Repository HAS NO RELEASES, so don't expect a
.zipor.7zcontaining Windows binaries. - Hidden Scripts: Text files like
asm.txtused to execute malicious code on your PC. - The Following Folder Structure is used by Malware (Shown in a VM) :
- Magisk by @topjohnwu : For Rooting pretty much anything these days.
- KernelSU by @tiann : For Kernel-Level Rooting on GKI Devices.
- APatch by @bmax121 : For Easy Kernel-Level Rooting.
- mtkclient by @bkerler : For allowing MTK Devices to be Rooted Easily ( Including my Phone ).
- Shamiko by @LSPosed : For hiding root traces and faking bootloader status.
- Tricky Store by @5ec1cff : For spoofing Hardware Backed Attestation.
- Tricky Addon by @KOWX712 : For making the Tricky Store process accessible via WebUI.
- Zygisk Next by @Dr-TSNG : For providing a standalone Zygisk implementation.
- ReZygisk by @PerformanC : For an alternative Zygisk implementation.
- Zygisk Assistant by @snake-4 : For helping hide Zygisk from detection.
- Play Integrity Fix by @KOWX712 : For maintaining Google Play Integrity standards.
- Play Integrity Fork by @osm0sis : For the widely used community fork of the integrity fix.
- TEESimulator by @JingMatrix : An open-source alternative for TEE spoofing.
- NoHello by @MhmRdd : An open-source alternative for hiding root.
- Tricky Store OSS by @beakthoven : For providing an open-source version of Tricky Store.
- KernelSU Next by @KernelSU-Next : For the continued development and community fork of KSU.
- SkiSU Ultra by @SkiSU-Ultra : For providing specialized kernel-level rooting features.
- TWRP & OrangeFox : For the custom recoveries that make flashing these modules possible.
Appreciate my effort? Why not leave a Star ⭐ ! Also if forked, please credit me for my effort and thanks if you do! :)