Important:
- This guide assumes your bootloader is already unlocked.
- Only for devices that support Generic Kernel Images (GKI).
- For best results, start with a stock device.
This guide will help you bypass root detection (e.g., Holmes, Native Test, and Native Detector) by patching your kernel with KernelSU Next and installing additional modules to hide root access effectively.
- Bootloader: Must be unlocked.
- Device Compatibility: Your phone must support Generic Kernel Images (GKI).
- Essential Tools & Files:
- PC: With Android Platform Tools
- KernelSU Next APK: Download the latest build
- init_boot.img: The appropriate image for your Android version/device.
- Kernel Files: Find the matching kernel version on TheWildJames's repository.
Tip: Use the browser’s search function (e.g., search “5.10.214”) to locate the correct file. - Terminal/CMD: For executing fastboot commands.
- Optional: Knowledge of custom kernel building if you prefer patching manually.
-
Verify Your Kernel Version:
- Navigate to System Settings to identify your kernel version (e.g.,
5.10.214-android13-4-XXXXXXXXXXXXXXXX). - Important: Use kernels that match your Android version (Android13 vs. Android14).
- Navigate to System Settings to identify your kernel version (e.g.,
-
Obtain the Correct Kernel File:
- If you cannot build your own kernel, visit TheWildJames's repository and locate the latest files matching your kernel version.
- Select: The
.zipfile (preferred over.imgas it only replaces the kernel).
-
Install KernelSU Next:
- Download and install the latest
KernelSU Next.apk. - Pro Tip: Searching “apk” in your browser can speed up the download process.
- Download and install the latest
-
Patch the init_boot.img:
- Obtain the appropriate
init_boot.imgfor your device. - Transfer it to a folder on your phone.
- Open KernelSU Next, tap the downward arrow, select your
init_boot.img, and patch it. - Check: The log for the name/location of the patched image (usually saved to the Downloads folder).
- Obtain the appropriate
-
Transfer Patched Image to Your PC:
- Move the patched
init_boot.imgfrom your phone to your computer.
- Move the patched
-
Prepare Your PC:
- Open your Platform Tools folder and launch a terminal (or CMD on Windows).
-
Boot Your Phone into Bootloader Mode:
- Connect your phone via USB and boot into bootloader mode.
-
Flash the Patched Image:
- Run the following commands:
fastboot flash init_boot_a <path_to_patched_init_boot.img> fastboot flash init_boot_b <path_to_patched_init_boot.img>
- If you experience a bootloop, reflash the original
init_boot.img.
- Run the following commands:
-
Verify Root:
- Boot back into Android.
- Open KernelSU Next to ensure that root access is active.
- Flash Additional Modules via KernelSU:
- Tap the modules icon (bottom-right) in KernelSU.
- Download and install the following modules:
- Optional:
- If you’re eligible, install LSPosed Internal (LsP IT) by following the instructions in the official Telegram group.
- Windows users can use "Git Bash" to check eligibility.
-
For Advanced Users – Custom Kernel Building:
- Patch your kernel using SUSFS4KSU.
- Alternatively, download the patched kernel from TheWildJames’s releases.
- Use magiskboot to check your kernel size:
<magiskboot.exe> unpack <path_to_stock_boot.img>
- Note the KERNEL_SZ value to select the appropriate kernel file (e.g.,
iz4.zipfor iz4 kernels).
-
Flash with Horizon Kernel Flasher:
- Download Horizon Kernel Flasher.
- Open KernelSU and grant Horizon Kernel Flasher root access (tap the shield icon).
- Launch Horizon Kernel Flasher, select your kernel, and flash it.
- If a bootloop occurs, reflash your stock
boot.imgusing:fastboot flash boot <path_to_stock_boot.img>
-
Install SUSFS Module:
- Via KernelSU, install the latest SUSFS module.
- Reboot your device.
-
Set Up HMA:
- Download the HMA APK and install it.
- Activate HMA via the LSPosed notification.
- Follow the HMA Setup Guide for further configuration.
-
Configure Tricky Store:
- Grant your preferred root explorer access (like with Horizon Kernel Flasher).
- Navigate to
data/adb/tricky_storeand replacekeybox.xmlwith your valid keybox.- Purchase a keybox from this source or use free options like TSupport Advance or Integrity Wizard.
- Note: Free keyboxes often pass DEVICE integrity but may fail STRONG integrity tests.
-
Update Your Target Apps List:
- Install Termux.
- Grant Termux root access via KernelSU.
- Run the following command in Termux:
su -c "cat /data/system/packages.list | grep -v '@system' | sed 's/ .*//' > /data/adb/tricky_store/target.txt; echo -e 'com.google.android.gsf\ncom.google.android.gms\ncom.android.vending' >> /data/adb/tricky_store/target.txt;" - This updates
target.txtwith your installed apps plus essential Google services. Keep this list updated.
To verify that your root is hidden, use these apps:
- Native Detector: Detects root and identifies issues.
- KeyBox Checker by VD_Priv8: Validates your keybox.
- Holmes: Checks root status (note: it does not specify what fails).
- Native Test: Another root detection tool.
- ApplistDetector: Ensures no LSPosed apps are left visible.
For more options, check out this collection of root detection apps.
If you find this guide useful, please consider supporting the developers behind these tools:
- sidex15: Developer of the SUSFS4KSU module
PayPal: sidex15 - TheWildJames: Custom kernel maintainer
Contact: [email protected] - Tiann: Developer of KernelSU
Donate via: GitHub Sponsors - simonpunk: Developer of SUSFS
Email: [email protected] | BTC:bc1qgkwvsfln02463zpjf7z6tds8xnpeykggtgk4kw - Irena (re-zero001): Developer of LSPosed Irena
- Nullptr Dr-TSNG: Developer of HMA and Zygisk Next
Donate via: GitHub Sponsors - Chiteroman: Developer of Play Integrity Fix
- 5ec1cff: Developer of Tricky Store
Your support helps keep these projects alive and thriving.
You now have a robust root-hiding solution! Follow each step carefully and enjoy enhanced security and functionality on your device.
Happy modding and stay secure!