As I’ve discussed before when we fixed the “low-space” warning, the Samsung Dart Android phone is an entry-level device with an older version of the Android operating system which can, if properly managed, be a perfectly fine little phone for practically no money. And I also in that post mentioned that I’d someday get around to writing a step-by-step on how to root and SIM-unlock the phone. Well, today’s the day.
OfficeDepot had this little phone on clearance for under $40, so I couldn’t resist putting one together for the Mrs. who is currently using my old feature phone. And while I’m doing everything all over again, I figured I might was well detail the procedure so that anyone who bought one from OD this weekend could quickly root the phone, preparing it for the procedure described in my previous post, as well as SIM-unlock the phone so it can be used on AT&T’s network, or a network elsewhere in the world.
One thing before we begin; the whole “to root, or not to root” question seems to me to be silly. It is my humble opinion that it should be illegal to sell any device, be it phone, tablet, or computer, without the device rooted. Sounds ominous, but all “root” means is administrator; the “root” account is the account on a un*x-like device (linux, Android, whatever) that has administrator access to the device. It is exactly parallel to the Administrator account in Windows. Think about this for just one moment…if you were sold a Windows computer, but Microsoft refused to allow you administrator access which would mean you couldn’t install applications, control the hosts file, your networking, and pretty much anything else, wouldn’t you be furious? So how comes we all lay down and let Apple, Google, and yes, even now Microsoft do exactly the same thing? Without root, you do not own your device! You paid for it, but the company who manufactured it controls it completely, and you are forever at their mercy. You really want to trust any company that much?
So now that the whole “should I root” question is disposed of, let’s get started, right after the jump.
First off, we need to download a few files to your friendly neighborhood Windows machine:
SuperOneClick: Head on over to ShortFuse and pick up the latest copy of SuperOneClick. For now, just download it and remember where you put it. (If this link fails, or the file is missing from that website, check the comments below for an alternate source.)
The Android SDK: Go to the Google Android website and download the software development kit (SDK…get it?). We need some stuff from there, but don’t do anything with it yet, we’ll get there. (I should mention the file we need to talk to the phone is included in SuperOneClick, but it’s easier to describe the procedure through the SDK.)
Samsung Dart USB Drivers: Download the USB drivers for the Dart directly from Samsung.
Go to the website linked, select the “Download” tab, find the single EXE download available, accept that Samsung is providing this to you and it they screw it up you can’t blame them, and download the file.
A Hex Editor: Any HEX (hexadecimal) editor will do; the one I’m linking to is a nifty little one called XVI32 – it’s free, and works quickly and easily. Note we don’t need this to root the device, but do need a HEX editor to SIM-unlock the phone. This is another ZIP file, just extract the files someplace you can find them (Again, I stuck these files in a folder inside my “My Applications” directory. I make it a habit to place any non-installer Windows applications in that folder so I know where to look.)
(Quick aside for those who don’t understand computer-types mumbling about HEX. Hexadecimal is how computers count. See, each bit, or each “switch,” can be either on or off. Eight of these switches are ganged together – think of a row of eight light switches – into a byte of computer memory. Turns out that 11111111 binary equals 255 decimal. Which means any number that can be held in those eight bytes of memory can be represented by two hexadecimal decimal places, from 00 to FF. And before you look at FF and think it isn’t a number, I want you to pretend you have eight fingers on each hand for a total of sixteen. If we all had eight instead of five per hand, we wouldn’t be counting by tens, we’d be counting by sixteens; 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F…and when we add one to F, we’d get 10, pronounced “one-oh.” Ok, enough glazing over of the eyes and back to the practical.)
Now that we have downloaded what we need, let’s begin. First off, extract the Android SDK to any directory. It’s a big file (~450MB), so depending on your connection speed, it might take a little while to download, but where you extract the ZIP file doesn’t matter so long as you remember what you did with it. I stuck mine in a folder named “android-sdk” inside my “My Applications” directory in my user directory, so it looks like C:\Users\Charlie|My Applications\android-sdk\ – but it really doesn’t matter where it’s at so long as you remember where you put it.
Next install the USB Drivers; this is a standard installer file (requiring administrative access!), so it will place the drivers in the appropriate place.
Finally, extract SuperOneClick to your computer; again, make sure you remember where you put it, but since this is a Windows application (EXE), it’ll run from pretty much anywhere. Now we’re ready to perform the root exploit on the phone, something that as I mentioned shouldn’t even be necessary…SuperOneClick is going to “break into” the phone you purchased to give you administrative access to it.
Ok, now that the required software is available, let’s root this puppy. First off, fire up the phone, no SIM card required at this step. Disallow Google’s location service (a quick web search will tell you why this is a really creepy thing), and get to the main screen. Tap the Menu button (far-left on the bottom row) and select “Settings” from the menu. Go to Applications -> Development and click on the checkbox next to “USB Debugging.” You will get a tersely-worded warning box about how this is for development only, just tell it OK since we need USB Debugging for ADB to connect (you can safely turn it off if you’d like when we’re finished). Now connect your phone via USB (the Dart comes with a microUSB cable) to your Windows computer, and hang out while the driver software you installed earlier is installed – it’ll take a while, don’t panic, and will install a fistfull of drivers including modem and serial port connectors. Do not mount the microSD card to your Windows desktop!
Once that finishes, launch SuperOneClick (you do remember where you put it, right?), click the “Donate Later” button on the splash screen, then click the “Root” button, sit back, and watch. SuperOneClick will perform all kinds of gyrations, and finally ask if you want a root test; you can safely tell it “No” at this point, because the next thing we do will give us all the test we need.
Since a picture is worth a bunch of words and some folks tend to be more visually-oriented, a short video with an example of what you’ll see:
Close SuperOneClick (but if you have a few extra bucks to spend, send some the author’s direction later for letting you root the phone so easily) and disconnect the phone from your computer. At this point, I power-cycle the phone (turn it off, then turn it back on), and then reconnect it to the computer.
Next, open a command prompt. Navigate to the directory where you extracted the Android SDK, then cd (change directory) into the “platform-tools” directory. You are going to type the following commands into the command window:
cat /dev/block/bml5 > /sdcard/bml5.img
adb pull /sdcard/bml5.img
Let’s walk through that before you do the typing. You are going to initiate a “shell” connection to your phone using the adb.exe…think of it as a command prompt, but on your phone instead of your computer. You should receive the “$” prompt in return, the standard user prompt in un*x, like the “>” prompt in DOS. Next you ask for superuser permissions with the “su” command…again, you are talking to your phone, not your computer, so you are running (possibly for the first time in your life) a un*x-work-alike. When you hit the return after “su” your prompt should change from “$” to “#” – only the Super User account on a linux machine gets that special prompt to warn you that you are now wearing the Super User’s “special hat”…if you don’t get it here, you should start over to see if perhaps you did something wrong.
Next the weird command “cat /dev/block/bml5 > /sdcard/bml5.img” – this is saying to the phone, “type out the information you’ll find at /dev/block/bml5 and send it to a new file at /sdcard/bml5.img.” Notice that unlike Windows, un*x-like machines use a forward-slash as a path separator, not a backslash. Next we exit from the su prompt, and then exit from the shell. Now you’ll get a “normal” DOS-like “>” prompt. One more command, this time a Windows command: “adb pull /sdcard/bml5.img” tells the adb program to pull from your phone a copy of the file you created, and stick it in the same directory as adb. If everything reports successful (adb should tell you it successfully copied a file ~9MB in size), close the command prompt.
A video of this procedure:
Now we need to find inside that file the super-secret code we’ll use to unlock the phone. Install the hex editor you’ve chosen (for XVI32 you can just follow along, if it’s not we’ll assume you know enough about this to work through with us); if it is XVI32 just extract the files in the ZIP file to a directory where you can find it, and run the EXE file. File->Open, navigate to the directory where you placed the SDK, into the platform-tools directory, and you should see a file in there named bml5.img…open it.
Your hex editor is now filled with…er…hexadecimal numbers. You want to search for the “number”:
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30 30 30
Easiest way, at least in XVI32, is to carefully copy that hex string from the first FF to the last 30; when you open the Search->Find menu item, it will already place it in the HEX field. Perform the search, and the first “hit” should have, in the text side, eight numbers immediately prior to the string. Mine will almost certainly be different than yours, but that’s ok; we can easily verify this number is the correct one. Write it down, then find next (F3 works as well); you’ll see eight zeros prior to the find. Search again, another eight zeros. But search again, and you’ll find your magic eight-digit number again. Next two searches should be eight zeros, but the third should show you your number again. Finding the same number three times in your file tells you it’s the right one.
One more video:
Now go to your phone, and stick in a “foreign” SIM card (an AT&T SIM works fine in the U.S.). When you power-up your phone, you’ll get a warning that the phone is SIM-locked, and when you swipe to get to what should be the menu, you’ll have a text field and accept/decline buttons. (In a “fresh” Dart, the Swype keyboard will annoyingly pop up a help file – dismiss this so you can continue.) Carefully type in the eight-digit number…the numbers become hidden quickly, so check each one is correct before they hide – if you get confused as to which number you’re on, delete them all and start over since you have a limited number of tries. Once you’ve typed-in the entire number, hit the accept button.
Your phone should report, “Network Unlock Successful” and continue its boot, eventually connecting to the AT&T network. Congratulations…your Samsung Dart is rooted, and SIM-unlocked! (If it doesn’t, try only once more…again, you have a small number of attempts.)
Any questions, just ask in the comments!