FP5 w/ dev build "rooted" but no su binary present, no root access for apps

tl;dr: I followed the rooting guide from the official docs, installed a dev build and “rooted” it by enabling root debugging in the developer settings, but this is not enough to give root access to the apps that need it, since both busybox and su are missing, AFAICS.

Where do I go from here? Is there an easy way to gain root access for apps that will survive OTA system updates?

Hi folks,

I recently bought a Fairphone 5 with /e/OS preinstalled directly from Murena and I’m still in the process of transferring data from my old phone and setting everything up the way I want it.

My plan was to use NeoBackup to help with this – and to generally keep backups and prevent data loss. I have used it for a few years now and want to continue using it. I have a few apps that keep data locally and don’t do automatic backups in the background, so I need a proper backup app for that.

Like every backup app on Android, NeoBackup needs root access to circumvent Android’s (otherwise great) app isolation features. I would also like to continue using AdAway and try out AFWall+, so I definitely need root. Here’s where my troubles begin…

I quickly found the following rooting guide in the official /e/OS docs:

I was surprised to learn that there’s no easy way to gain root access on the preinstalled stable /e/OS build and somewhat annoyed to read that I’d have to install a dev build to do so, esp. since this meant having all my hitherto transferred data erased. But at least it would allow me to re-lock the bootloader after and I didn’t need to fiddle about with patching images and such as per the Magisk route. So I did it, unlocked the bootloader, ran the installation script, relocked the bootloader, booted into the successfully installed dev build, checked that it is indeed a dev build, unlocked Developer Settings and enabled “Root Debugging” therein.

I was led to believe by the official rooting guide that this would be enough to let NeoBackup, or any app, gain root access. To my annoyance, that is not the case, since the critical su binary (as well as busybox and probably other stuff) is missing from the image.

On my old FP3, I used LineageOS and went through the whole rigamarole of rooting with Magisk by patching the image and all that jazz. I found it a fairly involved process and – crucially – it meant that I lost root on every OTA system update, which made me not want to install those and led to my procrastinating on such updates until I’d have the time to install them and do all the patching stuff afterwards so my backups don’t break.

In addition, I had to run around with a phone with an unlocked bootloader in my pocket for years :frowning:

I would have hoped to avoid this with /e/OS, especially since the rooting guide suggests that installing a dev build and enabling Root Debugging is all that is needed and I’ve done all that now and got nothing out of it.

Is there an easy way to gain root access from this point forward? Can I just install su and busybox somehow or sideload some package with adb?

Or will I have to go through all of the stuff with Magisk and patching the image again… and forever after every OTA system update… just to get proper backups working?

Not quite every backup app: if you have a machine - real or virtual - running linux, then Android Backup and Restore Tools project will work with rooted debugging, and does not need full root. See this post for guidance on how to use the tool. Doesn’t help with other apps the need root, but it’s still a really useful tool for migrating between phones without needing root


Oh, thank you very much @petefoth, that’s very interesting.

From reading the linked resources, it seems like this could certainly help with transferring data from my old device.

But it’s hardly the solution I’d want to use in perpetuity to keep my data safe. Having to connect the phone and starting a process that will shut it down and reboot into recovery is a bit disruptive for my taste, but most of all: it’s manual.

I want a backup solution that will automatically do its thing in the background so I don’t have to worry about it. Set it and forget it. Otherwise, I just know I’ll forget it and eventually lose important data. NeoBackup + Syncthing together give me what I need, in this regard.

Plus, as I mentioned, there’s AdAway and AFWall+, so I’m afraid root is still a requirement for me.

But thanks anyway, @petefoth!

1 Like

After waiting almost 24h for a reply that actually addresses my questions about rooting and not getting one, I did some more reading myself and tried the widely documented Magisk sideloading method.

The resources I found did not agree on whether one needs to have a custom recovery installed for this to work or not. They did agree on one point however: the sideloading would either abort, or it would run through and in the latter case the device would be successfully rooted.

(Unlike the rather disappointing outcome one gets when following the official “rooting” guide.)

So I downloaded the latest Magisk APK, renamed it by changing the extension to zip, rebooted the phone into recovery mode and ran adb sideload Magisk-v27.0.zip.

It seemed to go through without a hitch and the last message on the screen of the phone was something to the effect of “installation finished with status 0”.

Return value 0 means “all OK” in the Linux world, so I assumed it had worked.

After restarting the phone, however, I was greeted with the following message:

Your device is corrupt and it will not start.

After that, I was only able to reboot the phone into fastboot mode. Even the recovery wouldn’t come up anymore. Selecting it just leads to a reboot into bootloader/fastboot mode.

Even selecting “Power Off” would lead to a reboot into that mode.

This certainly looked bad, but all hope was not lost, or so I thought, because I knew from installing the dev build that this mode is where you go to unlock the bootloader and install an /e/OS build.

So I ran fastboot flashing unlock and fastboot unlock_critical in that order and it looks like it worked: The fastboot mode screen now lists the device as unlocked.

Next I ran the ./flash_FP5_factory.sh script again and it started well:

*** Fairphone 5 flashing script ***

INFO: The procedure will start soon. Please wait...
Note that this will detect and flash only on Fairphone 5 device.
INFO: You are using a Linux distribution.
INFO: Looking for connected device(s)...
INFO: One Fairphone 5 in fastboot mode found (serial number: ********).
Sending 'bluetooth_a' (3356 KB)                    

… but it seems to have gotten stuck at that last line with no further progress at all for several minutes.

So, what does this mean?

Have I allowed myself to be goaded by the incomplete rooting guide and lack of support in this forum into following the path down to a bricked device?

It would certainly appear so!

But where to go from here?

Do I now own a very expensive bit of e-waste (in part thanks to having chosen /e/OS) or is there some way to unbrick this phone?

Hi @gabe, welcome to the /e/ forum: I am sorry to read your story.

You sound as if you know a lot about the subject of root access (as your title). /e/OS does not expect or require root, maybe this is part of the thinking behind the “low level root” documentation page.

A script can fail for many reasons … if that is the full output … the implication is that the script is failing at almost the first flash transaction Edit confirmed below…

I downloaded the script

from e-1.21-t-20240324389105-dev-FP5
the first flash transaction is

flash_image_ab_or_abort  "${sn}" bluetooth "${IMAGES_DIR}/bluetooth.img"

However the script should

# Flash an image to a partition. Abort on failure.

I would be prepared to wait at least 10 minutes to give the script a chance to report – or else I would suggest a new thread.

If you can reach fastboot mode the phone is not bricked (in my view) yet.

Second edit. Of course, switch off and on again by battery removal is an option on FP5 :slight_smile:

1 Like

Hi @aibd, than you for taking the time to respond.

Thank you!

Thank you! I was expecting to get some mockery and derision, so I’m pleasantly surprised. This speaks well for the community.

Well, I sure thought so! I’ve been running around with a rooted phone in my pocket for the last 8 years or so… :blush:

But it looks like I did it wrong this time! :frowning:

I know, they make that quite clear in their docs. None of the custom ROMs do, these days.

I assume they know that there are some valid reasons why people may still want or need to have root access to their devices, even today.

The problem with that guide is that it does not actually provide what everyone else would consider “root access”. Rooted Debugging is fair and well – and you can then run adb root; adb shell from a computer and do stuff as root user on your phone via this patch – but it does not give root access to any of the apps actually running on the phone, which is what everybody else means when they talk about rooting.

And this “rooting guide” treats enabling rooted debugging as equivalent with rooting via Magisk, which is definitely not the case.

So that doc page is bad and misleading and it should either be removed or rewritten.

Yes, it is the first flash command. I let the script “run” for over an hour and a half, but it never got unstuck.

I then tried to flash TWRP recovery (there’s a guide for that in the /e/ docs, too!), but that also got stuck immediately at sending the first image to the device.

I will start a new thread about this. Thanks for the suggestion.

Let’s hope you’re right!

Yes, that’s nice about Fairphone. I’ve tried it, of course, and it didn’t help. Hadn’t mentioned it, though.

Could it be that fastboot flashing unlock and fastboot unlock_critical has resulted in Factory reset and disabling of USB debugging ?

With the device in fastboot mode can you reach it with fastboot devices ? This might fit with Sending 'bluetooth_a being impossible.

I don’t know, but it seems unlikely to me.

Yes, unlocking the bootloader resets the installed OS (incl. settings to default) and deletes all the user data, but a successful facory reset should then also allow the phone to boot again, which it cannot.

And since this was so clearly unsuccessful, I wouldn’t even want to speculate how far into the actual OS it got.

Yes, it shows up when I run fastboot devices.

That’s why I thought I might be able to reflash…

I’m not sure I understand what you mean. Do you mean it would fit if it didn’t show up?

I would have thought the installation shell script should abort a bit earlier, in such a case, but I dind’t look into it, TBH.

EDIT: Here’s the new topic.

Agreed. I expressed it badly and my jump in logic was wrong.

I had meant failure with fastboot devices would likely lead to failure at the first flash operation of the script – but that is not a valid conclusion … it also had escaped my memory

INFO: One Fairphone 5 in fastboot mode found (serial number: ********).

Apologies for repeated edits @gabe

So far I agree

but a successful facory reset should then also allow the phone to boot again, which it cannot.

The factory reset was arguably unsuccessful due to the device had already warned

just after adb sideload Magisk-v27.0.zip

I tested with my Motorola. I can switch off USB debugging. Reboot to bootloader, I see on the device Fastboot Flash Mode (Secure)

:~$ fastboot devices
ZY323MXJFR	 Motorola Fastboot Interface

I still wonder … could the phone be without USB debugging enabled but still shows in available fastboot mode but no data can be sent to it ?

Not just arguably, it was definitely unsuccessful, that’s what I’m saying.

Given this fact, I don’t really see the point in speculating about what this unsuccessful reset may or may not have accomplished on the device w/r/t resetting a certain setting.

And that makes sense, doesn’t it?

The “USB Debugging” setting applies to debugging the phone via adb shell when the regular OS is running.

But we’re now talking about the phone being in fastboot mode where, to my understanding, it behaves completely differently.

For a start, you use a different tool, fastboot to communicate with the phone in this state.

And if I’m not mistaken, it even shows up with a different ID under fastboot devices when in fastboot mode, than it does under adb devices when running either recovery or the regular OS.

I’m really not sure USB Debugging is to blame, but either way… how could I check, when I can’t even boot it?

It’s sort of academic to me, at this point.

That is true.

USB Debugging is also required when setting the phone up for flashing a Custom ROM.

Sure … and I am being rather tentative in the way I express myself. Edit I am reading online that USB debugging should not be required for fastboot. I am quite prepared to admit that I may have introduced a diversion that does not apply.

Perhaps having someone with Fairphone experience review my assertion. Unfortunately my troubleshooting experience is with Samsung where we don’t have fastboot.

As a customer you can expect support from helpdesk@e.email.

Would you like to share that link, did it specifically refer to Fairphone ?

Can you find something that will work in fastboot ? What about

fastboot getvar all

Sorry for the long delay.

Oh, that’s right, I forgot.

This is the doc I meant:

But now I can’t recall whether that’s the one I actually used, or whether it was the one from TWRP’s page, because that latter one has the instruction how to disable Android Verified Boot (AVB), which I definitely tried at some point.

Generally speaking, I did try a few more things over the weekend, but haven’t kept notes.

It was all the same though: I couldn’t flash anything to the phone and its state remained unchanged.

FWIW, I’ve given up the effort and contacted both Fairphone and Murena support directly.

if you plan to install /e/ from recovery, you wil need this file :
that is different than the one needed for the tranditional fastboot method :

1 Like

I cannot boot into recovery, so this is probably not much use to me:

But it is interesting!

I wonder… is there some documentation about this?

1 Like