How To: Root Latest Samsung GalaxyTab (Verizon) Update (EC02)

| April 21, 2011 | 54 Replies

If you were one of the many that took the update from Verizon to EC02 on your Samsung Galaxy Tab you probably lost root permissions. Luckily, if you were rooted prior to taking this update, this walkthrough will give you root permissions back (I noticed that after flashing the update, su and busybox were thankfully left is /system/bin !). Unfortunately SuperOneClick and z4Root will just lock up and force close after the update.

There will be TWO sets of instructions, so pay attention. Steps 1-5 are for those still on DJ11. This tutorial also REQUIRES the use of Heimdall. (The Odin equivalent which is VERY easy to use if you follow these instructions, I will show you how.) No matter what steps you need to start on, you MUST download Heimdall and install C++.

This set of instructions(Steps 1-5) is for those WHO HAVE NOT YET TAKEN THE UPDATE. If you HAVE taken the update, skip ahead to Step 6. If you are still on DJ11, START HERE!

Note that myself and/or Gizmoninja.com are not responsible for anything you may do to your device. If you know your battery is running low, read through this and get yourself familiar with the process before turning on your tab. If your battery fails during flash process you may be entirely screwed so make sure you are fully charged. You’ve been warned.

Step 1. Download the zip and unzip the contents to your Desktop (or where ever you would like). These are stock restore files (DJ11) for Download Mode (Volume down and power) Also download the wpa_supplicant and update.zip. Download all these files to the same directory so they are easy to find. I just use the Desktop.

Restore Files —> http://bit.ly/gZDhLu

wpa_supplicant—> http://bit.ly/g2Niri

update.zip—> http://bit.ly/h4atqV

Step 2. Download Heimdall from Here:
http://www.glassechidna.com.au/products/heimdall/
Also just below version 1.1.1 is Microsoft C++ This also needs installed on your machine because it has .dll files Heimdall uses.

Step 3. Power off your Tab. With your USB connected to your PC, hold volume down on your Tab, and plug USB into Tab. This will Launch Download Mode. Unzip heimdall and go into the drivers folder where you will see zadig.exe. Run this. At the top you see options. Click “list all devices”, then in the dropdown select Android USB composite device (or whatever it says). Click start and let heimdall download the drivers. Once its finished, close zadig and launch heimdall front end. (leaving Tab plugged in and in download mode obviously)

THIS IS THE IMPORTANT PART!!!!!! DO NOT SCREW THIS UP!!

Unzip the stock files if you haven’t already.

Now its common sense.
The zImage goes in both the Kernel AND Recovery slot. (they even tell you where things go with little descriptions)
The system.rfs goes in Factoryfs
The Param.lfs goes in Param.lfs
The cache goes in the cache slot.

DO NOT EVER EVER EVER PUT ANYTHING IN ANY OTHER LOCATION. THESE ARE THE ONLY FILES YOU NEED. **Note, if heimdall fails at the very beginning, just try unplugging and turning off the tab, close, and relaunch heimdall-frontend.exe. It will eventually start. Sometimes you just need the right combo of plugging in launching the program…

After you have the files in place click “Start” to flash. ALWAYS make sure your battery is sufficiently charged or you will have MAJOR problems. What this did was return you to STOCK EVERYTHING DJ11. This is necessary to flash the update.zip we downloaded earlier.

After this runs you will more then likely boot loop. Power down, wait a few seconds and hold power and up volume to boot into recovery. (NOTE, do NOT hold power too long, just long enough to turn it on, then continue holding up volume until you see recovery. WIPE DATA AND CACHE. Tab should boot.

Step 4. You should now be back to 100% stock DJ11, and guess what, you’re still rooted! The next step is to push the wpa_supplicant (For some reason this file makes the update.zip fail) to /system/bin using ADB. If you want, you can get root explorer on your Tab and put the wpa_supplicant on your SDcard. Then, use root explorer to copy this file to /system/bin (its ok to overwrite the one that is already in there). If you don’t want to bother with Root Explorer, do the following. Place wpa_supplicant into your tools folder with ADB.

Tab plugged into PC, with USB Debugging ON from your ADB folder (mine is C:tools) Type:

C:tools: adb push wpa_supplicant /sdcard

C:tools: adb shell

$ su (may need to check the Tab to “allow” permission)

# mount -t rfs -o remount,rw /dev/block/stl9 /system

#cd /system/bin

#cat /sdcard/wpa_supplicant > wpa_supplicant

#exit

$exit

Step 5. Place the update.zip file you downloaded on the root of your sdcard and unplug from PC. Power off your Tab. Boot into recovery. Hold volume up, press and hold power for about 3 seconds then release WHILE still holding up volume until you see stock Android recovery. Apply update.zip from sdcard.

This should start the update process, if it doesn’t reboot on its own, select reboot device from recovery. Once you’ve booted, you will be updated to the newest update from Samsung. Notice Superuser is still in your app drawer. (if it is not don’t panic)

*NOTE If you boot and it requests you to activate and won’t activate, do this to bypass activation. On the screen it asks you to activate use the volume toggle. Press volume up once, volume down twice, volume up three times, and volume down four times. It will then allow you to skip activation.

Step 6. Next we are going to download the Stock rooted images of EC02, and the VOODOO zImage.

Stock EC02 —>http://bit.ly/i9i7Vw

VOODOO zImage —> http://bit.ly/goYbcp

We are now going to flash the rooted EC02 files via Heimdall. This will be the same process as Step 3, except we will use the new EC02 files.

Power off your Tab. With your USB connected to your PC, hold volume down on your Tab, and plug USB into Tab. This will Launch Download Mode. Unzip heimdall and go into the drivers folder where you will see zadig.exe. Run this. At the top you see options. Click “list all devices”, then in the dropdown select Android USB composite device (or whatever it says). Click start and let heimdall download the drivers. Once its finished, close zadig and launch heimdall front end. (leaving Tab plugged in and in download mode obviously)

THIS IS THE IMPORTANT PART!!!!!! DO NOT SCREW THIS UP!!

Unzip the EC02 files if you haven’t already.

Now its common sense.
The zImage (from the zip file, NOT the voodoo zImage you just downloaded) goes in both the Kernel AND Recovery slot. (they even tell you where things go with little descriptions)
The factoryfs.rfs goes in Factoryfs
The Param.lfs goes in Param.lfs
The cache goes in the cache slot.

DO NOT EVER EVER EVER PUT ANYTHING IN ANY OTHER LOCATION. THESE ARE THE ONLY FILES YOU NEED. **Note, if heimdall fails at the very beginning, just try unplugging and turning off the tab, close, and relaunch heimdall-frontend.exe. It will eventually start. Sometimes you just need the right combo of plugging in launching the program…

After you have the files in place click “Start” to flash. ALWAYS make sure your battery is sufficiently charged or you will have MAJOR problems. What this did was fix root for EC02.

After this runs you will more then likely boot loop. Power down, wait a few seconds and hold power and up volume to boot into recovery. (NOTE, do NOT hold power too long, just long enough to turn it on, then continue holding up volume until you see recovery. WIPE DATA AND CACHE. Tab should boot.

*NOTE If you boot and it requests you to activate and won’t activate, do this to bypass activation. On the screen it asks you to activate use the volume toggle. Press volume up once, volume down twice, volume up three times, and volume down four times. It will then allow you to skip activation.

Step 7. This is the final step. Instead of flashing recovery VIA Rom Manager (since the recovery in Rom Manager is not updated to the latest kernel source), we will be flashing @khasmek (aka Boushh from XDA) EC02 VOODOO kernel which will also give us a fully working ClockWorkMod recovery!

Again, we will be using heimdall to flash the zImage we downloaded in step 6 (NOT the stock zImage that was in the zip) Please make sure this file is zImage only on your PC. Flashing anything with an extension (zImage.txt, zImage.zImage, etc) will not take.

Power off Tab and disconnect from PC. Hold volume down and plug into PC to get into download mode. Launch Heimdall-Frontend.exe (drivers should still be installed, if not re-installing the same way from the previous steps will work, but you should not need to do this again). Put your modified zImage in the kernel slot AND recovery and hit start. This will flash a custom kernel AND @khasmek VOODOO recovery! First boot may take a while due to External 4 partition conversion. This is normal. If you bootloop for ANY reason, wipe data and cache. By the way, this kernel is also overclocked to 1.4Ghz. Must use SetCPU otherwise stock speeds of 1Ghz will be default.

*Note: Remember, do not use ROM Manager to flash a recovery or you will have to follow steps 5 on again to restore your Tab (You will have to boot into recovery manually until someone fixes stock ClockworkMod Recovery, I can’t stress enough not to use Rom Manager until you hear otherwise). By the way, these instructions ALSO double as a RESTORATION guide!!! If you get stuck anywhere, past step 5, simply start over at step 5 to recover your Tab. If you get stuck BEFORE step 5, start over at step 1!! Great right?!

So thats the entire process start to end. Again use this as a rooting OR a restore guide. Enjoy!

Mirror for all files: Galtab.rar

Sources:

http://forum.xda-developers.com/showthread.php?t=803682 To gain Temp ADB root on new update THANKS CLShortFuse!

http://forum.xda-developers.com/showthread.php?t=941781 For CWR and custom EC02 kernel THANKS @KhasMek Aka Boushh!

http://forum.xda-developers.com/showthread.php?t=850359 THANKS RotoHammer!

Me for writing this tutorial and fixing root permissions on EC02 update.

Was this helpful? Let us know!

If You have any problems at all join freenode IRC Channel #Androidchat for help.

Tags: , , , , , , , , , , , , , , , , , , , ,

Category: Android News, How To's, Mobile News, Tech News

About the Author ()

Married father of two. My wife would say I’m obsessed with Android. She would be right. Grew up in Erie, PA, I’m a lover of all tech in general. Avid gamer primarily on the PS3. Look for more articles and reviews from myself here at Gizmoninja.com.

  • Kupe says:

    Thanks for this tutorial. Works like a champ.

    • Kupe says:

      One additional finding. Since applying this fix, screen rotation no longer functions. I’m still looking into it.

  • Beno says:

    Fantastic tutorial!!!! You saved me!! I was already using voodoo kernel at 1.4ghz but not on EC02. I installed an app called Wifi Web Login (Demo) and it totally borked my tab. Couldn’t uninstall it.. it would just reinstall itself. Couldn’t delete the .apk from data/app with root explorer because it cancelled my root access somehow. Caused force closes on a dozen different root-required apps as soon as it booted up. COULDN’T restore a full backup I did with voodoo recovery two weeks ago. Something about the cache was screwing everything I tried up. Could not wipe cache no matter what I tried. Anyway… thank you VERY much for these instructions and links. Worked like a charm!

  • Chris says:

    Saved me from a soft brick!!
    thank you so much for this noob friendly guide ;-)

  • Tweek says:

    Thanks so much for this. I have been having trouble doing anything with the scattered tutorials on xda and this really saved me time and alot of frustration.

    Please get this stickied over on xda and save some people time!

  • Thomas says:

    I’m getting the same problem as others, where the orientation is always in portrait mode and doesn’t switch. I’ve tried it multiple times and it persists through it, only default kernel seems to fix it, and I really want to have a custom kernel.

  • webrover83 says:

    Nice walk-thru. I’m finally able to use my BT Keyboard and Mouse w/ my VZW Pad.

    Screen orientation is fubar, but I can live w/ it.

  • Tristan Goget says:

    Works great. Screen rotation bug is the only downer…. Anyone find a fix for the screen rotation? I can’t even find an app or way to manually flip the screen….

  • XNav99 says:

    When using zadig, the only device that is available is my smart card reader. My tab shows the “Downloading…. Do not turn off target” screen. Any ideas?
    Thanks

    • Mike Madsen says:

      You need to join IRC Freenode channel #androidchat

      Did you go to the options and click “show all devices”

    • Mike Madsen says:

      Try booting back up and making sure all drivers from the TAB are installed. Enable USB debugging, let drivers isntall, DISable USB debugging, let drivers install.. etc. did you have the drivers already installed so the PC could read the tab prior to trying any of this?

  • XNav99 says:

    I can’t log into any chat. Not sure where to go. Thanks for trying to help. I’ll give it another shot later. Thanks again

  • XNav99 says:

    Does anyone know exactly where to go, once at freenode.net, to join the chat? I am aware that “#androidchat” is the channel, but I don’t know how to get to that channel. Thanks

  • gotcha says:

    i followed instructions but still stuck in boot loop. i get to recovery and it says:

    E:Can’t mount /dev/block/mmcblk0p1
    (Invalid argument)
    E:Can’t mount CACHE:recovery/command
    # MANUAL MODE #
    E:Can’t mount /dev/block/mmcblk0p1
    (Invalid argument)
    E:Can’t mount CACHE:log/recovery.log
    E:Can’t open CACHE:log/recovery.log
    E:Can’t mount /dev/block/mmcblk0p1
    (Invalid argument)

  • Tim says:

    Hi, thanks for the write up. I did all of teh above and was able to reflash, however I am stuck now at the VZW logo screen and get 3 quick vibes. After that it reboots the VZW logo instead of rebooting entirely. I wiped data and cache after the reflash too. No luck. Any thoughts?

  • Bill says:

    Question: If these are the Heimdall files to flash EC02, why bother with flashing the DJ11 files and just flash the EC02 files?

  • bnoo says:

    Vzw shipped to me a new 7inch 3g samsung galaxy tab on contract. Original stock unit now has ec02 already installed. Does this mean locked bootloader will stop heimdall from reverting back to where unit is rootable? thanks

    • Mike Madsen says:

      You should be able to downgrade to DJ11 with the heimdall files. But I’m not positive. If you ever have the time and can jump on #androidchat on freenode we can talk about it.

  • Mike Madsen says:

    Bill, I don’t see why it wouldn’t work either, but since I did not test, I did not want to post same. If you did that, and it worked for you, please feel free to post that it worked for you. May save some people some time! Thanks for the comments guys!

    (I also did this for restore reasons… some people are still on old firmware, just with ROMS, and I wanted them to have a way to revert.)

  • Bill says:

    Mike, I flashed the EC02 files and it worked perfectly! I’m still rooted, all of my programs are working, the screen rotates like it should; seems to be fine. The device build says it’s EC02 so now to try a bluetooth keyboard!

  • Bill says:

    Hi Mike et al,
    I was able to pair and use my “old” ThinkOutside/iGo folding bluetooth keyboard with my Tab! Thanks for the great tutorial!

    Bill

  • Matt says:

    Unfortunately the wpa_supplicant link as well as the other download link doesn’t work anymore. Does anyone have these files to repost?

  • Mike Madsen says:

    Ok, so if you are just looking to update to EC02, you should be able to just flash the EC02 images in Heimdall rather then going through the whole update process. No need to restore back to DJ11 first. Therefore, anyone looking to just update to rooted EC02, start at step 6, and thats it :)

  • Droidvader says:

    Hi

    the wpa_supplicant file is non-existent. can you please re-upload…

    TIA

  • Matt says:

    Unfortunately I have a RJ11 image that I need to update to EC02 and it seems that the problem is with wpa_supplicant now. Any luck on getting the link back up?

  • enver says:

    wpa_supplicant links doesnt work :(

  • Matt says:

    I got the wpa_supplicant off of another EC02 device that has the stock rom and I’ve followed your directions and everything seems to be fine but I’m having the dreaded problem where none of the applications will download from the Market (stuck in “Starting download” mode) and Google talk won’t connect either. I’ve tried every forum post related to this but no matter what I get the following error in Logcat:
    D/NativeCrypto( 3539): Calling create_ssl…
    D/NativeCrypto( 3539): Calling SSL_set_fd…
    D/NativeCrypto( 3539): Calling fcntl…
    D/NativeCrypto( 3539): Calling sslCreateAppData…
    D/NativeCrypto( 3539): Calling SSL_connect…
    D/NativeCrypto( 3539): SSL_connect: result -1, errno 11, timeout 30000, error_string Try again
    D/NativeCrypto( 3539): Calling SSL_get_error…
    D/NativeCrypto( 3539): error = SSL_ERROR_WANT_READ || error = SSL_ERROR_WANT_WRITE
    D/NativeCrypto( 3539): Calling sslSelect…
    D/NativeCrypto( 3539): Inside sslSelect => fd = 51, data->fdsEmergency[0]
    D/NativeCrypto( 3539): Doing select() for SSL_ERROR_WANT_READ…
    D/NativeCrypto( 3539): Returned from select(), result is 1
    D/NativeCrypto( 3539): if (MUTEX_LOCK(data->mutex) == -1)
    D/NativeCrypto( 3539): leave sslSelect
    D/NativeCrypto( 3539): if (selectResult == -1)…
    D/NativeCrypto( 3539): Calling SSL_connect…
    D/NativeCrypto( 3539): SSL_connect: result -1, errno 11, timeout 30000, error_string Try again
    D/NativeCrypto( 3539): Calling SSL_get_error…
    D/NativeCrypto( 3539): error = SSL_ERROR_WANT_READ || error = SSL_ERROR_WANT_WRITE
    D/NativeCrypto( 3539): Calling sslSelect…
    D/NativeCrypto( 3539): Inside sslSelect => fd = 51, data->fdsEmergency[0]
    D/NativeCrypto( 3539): Doing select() for SSL_ERROR_WANT_READ…
    D/NativeCrypto( 3539): Returned from select(), result is 1
    D/NativeCrypto( 3539): if (MUTEX_LOCK(data->mutex) == -1)
    D/NativeCrypto( 3539): leave sslSelect
    D/NativeCrypto( 3539): if (selectResult == -1)…
    D/NativeCrypto( 3539): Calling SSL_connect…
    D/NativeCrypto( 3539): SSL_connect: result 1, errno 0, timeout 30000, error_string Unknown error: 0
    D/NativeCrypto( 3539): A new session was negotiated
    D/NativeCrypto( 3539): returning… 0
    D/NativeCrypto( 3539): Inside sslSelect => fd = 51, data->fdsEmergency[0]
    D/NativeCrypto( 3539): Doing select() for SSL_ERROR_WANT_READ…
    D/KeyguardViewMediator( 2758): handleTimeout
    D/NativeCrypto( 3539): Returned from select(), result is 1
    D/NativeCrypto( 3539): if (MUTEX_LOCK(data->mutex) == -1)
    D/NativeCrypto( 3539): leave sslSelect

  • Erron Reed says:

    New links coming shortly..standby

  • Steven Phillips says:

    Does anyone know if there is a .zip rom that can be flashed through rom manager instead? I’m just a lot more confident using rom manager than using heimdall

  • Erron Reed says:

    Hey everyone, there is a mirror placed in the link for all files.

  • kurt says:

    probably a dumb question but i’m tab is stuck on the cwm voodoo recovery i cant go anywhere else when it boots up. does anyone know how i would fix this?
    thanks

    • Mike Madsen says:

      No not a dumb question. This post doubles as a restore tutorial as well. If you know what version you are on, download the STOCK heimdall files, follow the directions, and you’ll be fine. Be sure to wipe data/factory reset in stock recovery AFTER you run the restore files…

  • Matt says:

    In regards to the Voodoo zImage kernel you have posted, where is the source for it?

  • Maj says:

    I tried this process.

    After rebooting, I get the boot up sound but a black screen.

    If I power off, hold volume up and power on while holding volume up, all I get is a black screen.

  • Eduardo says:

    Dear Colleagues,

    I have a SCH-I800 GT and 02 weeks ago I tried to flash a Gingerbread Android version and the device stuck at the Samsung logo.
    I was able the stock ROM DJ-11 as above but the search, menu and home buttons stopped working and the system very slow. So, I root to EC02 e system speed is okay but the buttons still not working. I can affirm that this is software problem because on the boot recovery mode it works. Any idea how can I fix this?

    Many thanks,

    Eduardo Galetti

    • Mike Madsen says:

      I do not know what you did to your device as what you are explaining has nothing to do with root in this article. please seek help from the thread you installed the “gingerbread android” version from. Or, use one of my files to restore and wipe data in factory recovery.

  • corwin says:

    Hello, I’m at the stage where I need to get ROM manager but I can’t because I’m in a constant “force close” loop that never ends. Please tell me how to get past this or around it.
    Thanks.

    • Mike Madsen says:

      endless forceclose loop? Try wiping data in recovery. Thats all i can suggest. If you still have the issue, try starting over, or reflashing EC02

  • Josh says:

    I realize I’m a noob, but here goes…

    I’m starting w/ Step 6. I launch Heimdall, and I’m not seeing any of the fields decribed to place the files downloaded in the EC02 zip. My Heimdall Flash tab looks like the one in this image:
    http://www.wuala.com/monofurioso/Public/heimdall.JPG/

    None of the other tabs have the appropriate fields as described either. Did Heimdall change since this article was posted? Am I making a rookie mistake?

    • Alan says:

      you need to use the add button with an appropriate pit file. The fields are now a pull down where you select the type of partition you would like to create

  • Alan says:

    I am having permissions issues with the WPA_supplicant file. I am recovering from a soft brick after getting stuck at the bootloader after using the clockwork bootstrap. Using Heimdall I have successfully flashed to stock recovery but I ALWAYS bootloop. When booting into recovery, trying for the adb push or shell results in “error: insufficient permissions for device” any idea how i can force this? It is also throwing errors when trying to su or sudo.
    Thanks in advance! GREAT TUT!

    • Mike Madsen says:

      ADB shell in stock recovery is not going to work. you need to flash a CWR in heimdall and boot into that if you want ADB shell to work. once you do that you should be able to fix permissions using CWR instead of ADB…

  • Jmoff311 says:

    Hey I started from step one because I seemed to have soft bricked my tab by flashing some faulty rom on it. I am able to do everything with flashing using heimdall but after it is done flashing I don’t get boot loops, nor can i get into recovery mode to wipe data/cache. I seemed to have tried everything but I just don’t know what to do. Please help!

  • Mike Madsen says:

    if you aren’t even getting a stock recovery you aren’t doing something correctly. Especially after a heimdall flash. either try again or check with the ROM Dev of the ROM you flashed… i’m hearing more and more of people that are having a ahrd time recovering after flashing a honeycomb ROM or something similar. unfortunately i’m not sure what is going on. the restore files are 100% stock and should in theory work unless the ROM that was loaded up severely borked something. remember.. when trying to get into a stock recovery after a heimdall flash remember to hold volume up while power is off, press the power button for about 2 seconds and release while still holding volume up… sometimes getting into stock recovery can be kind of tricky if its not done perfectly…

  • Jay McLaughlin says:

    Hey Mike, any chance we can get another mirror to these files? I realize this must be a pain but none of the links I’ve tried contain the wpa_supplicant file. Much thanks for all the hard work!

  • babak says:

    hi
    i have big problem ,after flash dj11 firmware,my tab stuck at AirPlan mode,no baseband no imei….touch key not working and also not charging……
    solved not working touch key by update via AIR…OTA update…but stille have other problem

    and after power on i don’t have boot animation,only 2sec show samsung TAB and i leseten sound and need press 2 power key for see slide to unlock
    please help me by any idea

    i800 have a officially gingerbread rom???

    …thanks

    • Mike Madsen says:

      Um, what? What exactly is your issue? You have Verizon Tab right? Try doing just the steps for EC02… I’m not quit sure what your problem is do to the language barrier… please try and explain what you did and what your problem is a little clearer. Thanks!

  • havoc74 says:

    What did you use to root DJ11? I cant seem to update from that.

  • havoc74 says:

    Hey Mike, I posted a reply the other night requesting information on how you rooted DJ11 so I can unroot. My post seems to be gone now. Anyway, I have a Verizon Galaxy Tab 7″ and I followed your guide (which is great btw). I downloaded the .rar as it seems to be the only one that is completely working. After I’m done with DJ11, my tab downloads the update and starts to install, then aborts about 30% in with a (Status 7) msg. I read on a couple other forums it may have to do with the fact that it is rooted. I also read that a fresh new SD card my work, so I bought one today and I am going to test it now. But, if you would be so kind as to tell me which method you used to root DJ11 I would be greatly appreciative. Thank you in advance :)