Better Mobile App

[Q] How does "Android Root" works ?

Hello XDA-Forum users,
I ask you a question: How does Android Root works ?
I mean, for example, How does it works in Nexus One ?
This would be an understanding question to know more about how I get root from my Phone (Nexus One, for example) from scratch, from sources.

upupupupupup

Rooting basics:
http://lifehacker.com/5342237/five-great-reasons-to-root-your-android-phone
For details on how to do it on your device, Google or use the forum search. Lots of rooting information that is device dependent out there.

It basically gives your phone permission to do almost anything. It is similar to giving a user in Windows Administrator rights. It is called super user. You can do many things such as removing unwanted apps and overclocking.

This is not what I mean, I asks for an explaining in which the question is "How the root is possible? What active the root ?" Probably a kernel exploit, or stuff like that, to understand the underground passage to take it, from an hack view.
So, How works a root utility (such SuperOneClick) to set gid to 0 ?

Valid question, I am also interested in learning this.
In other words, if I were to perform the rooting manually, where can I find such info?

And some of the question is why su must be in some diredctories, and can't be run from /data/local/tmp for example?

Someone can enlighten us?

diego.stamigni said:
Someone can enlighten us?
Click to expand...
Click to collapse
The general approach is taking advantage of bugs in the android OS
The process works something like this
User crafts some special data that contains a "payload" (the script/executable that we want to run)
User runs a system process that has root privileges and gets it to open the special data
The bug causes the system process to get confused by the data, and ends up running the embedded script
The embedded script runs with the same privileges as the system process, and thus can stuff that normal users aren't allowed to do (e.g. installs the SU app)
Commonly, things such as buffer overflows are used

So after gaining root access, which apps can run as root?
Or the user becomes root(as in desktop), and can run all types of apps?
Can root app(run as root) access everything?? Or app permission still applies?
Is it that system exploit is always used to run root apps?
can someone explain in technical details? not how to root.
are rooting programs open source??

What is the root procedure
Bayint Naung said:
So after gaining root access, which apps can run as root?
Or the user becomes root(as in desktop), and can run all types of apps?
Can root app(run as root) access everything?? Or app permission still applies?
Is it that system exploit is always used to run root apps?
can someone explain in technical details? not how to root.
are rooting programs open source??
Click to expand...
Click to collapse
Hi guys!
I have the same question and after searching and asking find this!
it is good!!
hope it works!
http://stackoverflow.com/questions/...hat-are-the-pre-requisites-for-it-to-work-wha
also look at the suggestedpages at the right of this page!

[Q] what does rooting actually do ?

hi. i can't believe i'm the first person to ask this but i've searched as best i can through these forums, and on google, and cannot find a definitive answer. there are lots of pages giving high level descriptions of rooting a phone like "gives admin access", "allows access to the root filesystem", etc. but, when you root a phone, what actually happens ? does it simply make the "su" binary available so that apps can call it to access the root user ? eg. i've got a samsung galaxy s2, if i install an insecure kernel, then add su to /system/xbin, and then reinstall a stock kernel, is that technically a rooted phone ? this is actually what i did on my phone, although i installed superuser and busybox from the market after adding su. i am aware that there are various threads in the sgs2 forums on how to root, i'm just using my phone as an example, i'm just trying to understand generically what is meant when someone says a phone has been rooted. cheers.

Full control over your system
Ability to alter system files. You can replace many parts of the "Android Core" with this including:
Themes
Core apps (maps, calendar, clock etc)
Recovery image
Bootloader
Toolbox (linux binary that lets you execute simple linux commands like "ls") can be replaced with Busybox (slightly better option)
Boot images
Add linux binaries
Run special apps that need more control over the system
SuperUser (lets you approve or deny the use of root access to any program)
Task Manager For Root (Lets you kill apps that you otherwise could not kill)
Tether apps (like the one found at [android-wifi-tether.googlecode.com])
<there are more but I cannot think of any right now>
Backup your system
You can make a folder on your sdcard and backup all of your .apk files to your sdcard (helps if an author decides to "upgrade" you to a version that requires you to pay to use the version you just had)
Relocate your (browser/maps/market) cache to your /sdcard
Relocate your installed applications to your /sdcard
Reboot your phone from the terminal app easily (su <enter> reboot <enter>)
Copied and pasted from google... it is your friend.

thanks for the response however, i'm trying to understand what actually changes on the phone when you root it, rather than simply the benefits of rooting a phone.

Carrot Cruncher said:
thanks for the response however, i'm trying to understand what actually changes on the phone when you root it, rather than simply the benefits of rooting a phone.
Click to expand...
Click to collapse
Unrooted phone is like logging on as user in a computer. By rooting you have "administrative" rights, just like using sudo command in Ubuntu. Some binaries which are important in gaining administrative rights are installed in the phone.
sent from my nokia 3210

If you come from Windows, you're familiar with the Administrator account. A user that can do everything on the system, as opposed to other users than only have limited privileges. In Linux, that account is called "root". That's all there is to it. It's a user that can do everything on the system.
@Panos_dm: Actually, it's *not* like using sudo. Sudo gives elevated privileges to your existing user account, whereas "root" is a whole separate account.

Nope, sudo actually switches users

i'm a linux user and have been a linux admin in the past so understand the difference between su and sudo. sorry to sound pedantic but i'm still not clear on exactly what happens when you root a phone, i.e. what exactly happens during the rooting process ?

It opens your phone to a whole new array of possibilities.
Sent from my HTC Sensation 4G using xda premium

Carrot Cruncher said:
but i'm still not clear on exactly what happens when you root a phone, i.e. what exactly happens during the rooting process ?
Click to expand...
Click to collapse
In a gist? The "su" binary and the Superuser.apk app get installed. Sometimes doing so requires exploiting a vulnerability via a trigger. Rageagainstthecage is a common trigger. I once had a link that explained what exactly rageagainstthecage does, but I don't have it anymore.
If you really want to know all the details, here's the script I used to root my Defy: http://pastebin.com/G3m9v4FQ
Hmm, I see the script contains a link to the explanation of what rageagainstthecage does. Cool.

many thanks for confirming my understanding of the process.

Layperson’s dictionary of rooting terms : New to Android? Must Read!

WARNING:I AM NOT THE AUTHOR. I FOUND IT ON ANDROID AUTHORITY AND I FOUND IT GOOD SO I'M SHARING IT! THANX TO THEM
So, you’re new to the Android community. First off, welcome to the wonderful world of customizing your phone! Android’s all about the power to make your phone truly yours and if you dig deep enough, you’ll find a hundred ways to make your phone unlike anyone else’s on the planet. Or, at least, nearly unlike anyone else’s. The more you customize, the slimmer the chance people will have the exact same settings. If you’re a stickler for individuality, you’ve made the right choice by getting an Android. But, the moment you loaded up Android Authority, you already feel overwhelmed by new words.
What’s a ROM? What does root mean? What are all these funny words people keep throwing at each other and what is the meaning of life? We’re kidding on the last one, sort of, but just like any newbie, getting into the world of Android is intimidating. You can still your racing heart and wipe those sweaty palms on your pants because Android Authority’s got your back covered. We’ve put together a list of some of the high-sounding words that newbies frequently encounter and compile the words into some sort of easy-to-digest layperson’s dictionary of rooting terms. Come across a word that you don’t understand? Check out our list, it should be here.
ADB
The acronym for Android Debug Mode. Whenever your Android device is connected to your computer, ADB is the command line tool that helps your computer communicate with your device. ADB is part of the Android Software Developers Kit (SDK) and is often used in root tools, whether or not you’re typing the commands in yourself. Unless the instructions call for installing the SDK and running ADB commands, you won’t need to mess with it.
AOSP
Short for Android Open Source Project, you’re likely to see this in ROM descriptions. AOSP usually indicates that the ROM is based on the Android source code provided by Google itself, and not on some other ROM project or a company’s firmware.
Bloatware
Like it says on the tin, bloatware is software or apps that you don’t need, but come pre-installed to a device’s /system partition. What this also means is that you can’t remove them unless the device has been rooted. Usually, these are apps are sponsored by a company and are included by a carrier for profit. For example, the Photobucket app included on the G2 by T-Mobile is deemed by many to be bloatware, although, arguably, some folks do find the app useful. Bloatware is a subjective thing. Some person’s bloatware is another person’s lifeline.
Bootloader
A number of ROMs require your bootloader to be unlocked, but what in the world is it? The bootloader is the lowest level of software on your phone, running all the codes necessary to start up your operating system. Most bootloaders come locked, which prevents users from rooting their phones. This is because manufacturers want you to use the version of Android they’ve provided. With a locked bootloader on Android phones, you cannot flash custom ROMs. Unlocking your bootloader doesn’t mean rooting your phone, but it does allow you to root and to flash custom ROMs.
Boot loop
When your system re-cycles over and over without entering the main OS, your system is stuck in a boot loop and the phone is said to be boot looping. This may happen if you do not follow instructions. At other times, boot loops are caused by defects in the software code. Usually developers who are aware of this problem include boot loop patches that must be flashed after you flash the custom ROM.
Brick
You’ve probably heard this one a few times. It’s usually the result of tampering with the insides of your device and doing irreversible damage. A brick can be the result of a faulty flash or firmware update, a mod gone wrong, or being struck by lightning. Brick refers to a device that no longer functions, generally caused by a failed firmware or SPL update. Since the device no longer works as intended, it is often referred to as a “brick” or “paper-weight”, since that is all it is good for. Since any modification to the device’s software could potentially brick it, following instructions is very important.
BusyBox
BusyBox is an application that provides a standard set of UNIX tools. The default toolbox provided by Android is limited, so BusyBox is required to allow rooted ROMs or apps to use more advanced UNIX features.
Dalvik cache
Sometimes in flashing ROMs, wiping the Dalvik Cache through Recovery Mode is important, but just what is the Dalvik Cache? The dalvik-cache directory holds all of the pre-compiled *.dex files created from installed apps. These files are static and do not change unless the app is updated.
Deodex
This term is most often seen on a custom ROM’s list of features. When a ROM has been deodexed, it means that its apps have been prepared for modification. Deodexed ROMs have apps that have been repackaged in a certain way. Developers of custom ROMs choose to deodex their ROM packages, since it lets them modify various APKs, and it also makes theming possible after the ROMs have been installed.
Flash
Flashing is the term used to install something on your device, whether it’s a ROM, a kernel, or something else that comes in the form of a flashable ZIP file. It is the process of applying a firmware image or a ROM, to your device and usually entails a very specific order of steps. If you don’t follow instructions, you may end up bricking your device.
Fastboot
Fastboot is a boot menu that you can do stuff from before Android is launched. From this menu, you can choose to boot into Recovery Mode, and more. Fastboot is a protocol used to directly update the flash filesystem in Android devices from a host over USB. It allows flashing of unsigned partition images. It is disabled in almost all production devices since USB support is disabled in the bootloader.
Firmware
A phone’s firmware is basically its operating system. A “firmware update” means that the operating system, the software that controls the phone, is updated. “Stock firmware” means that the firmware is unmodified: it’s the version of the operating system the phone’s manufacturer delivers.
HBoot
When you switch your phone, HBoot is loaded immediately and is mainly responsible for checking and initializing the hardware and starting the phone’s software. HBoot can also be used for flashing official software releases, as well as a few other things.
IMEI
The International Mobile Equipment Identity (IMEI) number is a number unique to every GSM, WCDMA, and iDEN mobile device, as well as some satellite devices. The IMEI number is used by the GSM network to identify valid devices and therefore can be used to stop a stolen device from accessing the network. For example, if a mobile device is stolen, the owner can call her or his network provider and instruct the provider to “ban” the device using its IMEI number. This renders the device useless, whether or not the device’s SIM is changed. The IMEI can be displayed by dialing *#06#. When a procedure asks you to take note of your IMEI, make sure to store it in a safe place.
Kernel
The kernel is the heart of any Linux-based operating system. A kernel acts as the brain of the system and controls how the hardware and software interact. It also decides which activity your Android device should carry out at any particular instant.
NANDroid backup
Most how-to guides include this and all developers demand you to take a few seconds before flashing their ROM to make a NANDroid backup. NANDroid is a set of tools and scripts that will enable users who have root on access their Android device to make full system backups, in case something goes wrong or you would like to out an experimental ROM or theme. NANDroid will backup (and restore) the /system, /data, /cache, and /boot partitions. This backup can be restored later, whenever you want. NANDroid backups are created from the Recovery Mode, often with ClockworkMod Recovery.
Opensource
This term refers to software whose source code anyone is allowed to view, modify, or redistribute. In the context of Android, opensource refers to the approach of the design, development, and distribution of software. This offers accessibility to a software’s source code for modification, improvement, bug-fixing, and security-enhancement. The CyanogenMod project is based on this principle.
Overclocking
This term is used when users want to increase the speed of their device’s CPU or GPU. Overclocking can be done by installing special kernels designed for this purpose.
Radio
The radio on your device handles communication and sending and receiving voice and data. Flashing new radio firmware can improve your radio hardware’s reception and bring other benefits. You can flash radio firmware through Recovery Mode, just like how you would a custom ROM.
Recovery
Recovery is the software on your phone that allows you to make backups, flash ROMs, and perform other system-level tasks. The stock recoveries don’t do much, but if you can install a custom recovery such as the extremely popular ClockworkMod Recovery, you’ll have increased control over your device. Other popular custom recoveries also include 4EXT Recovery and TWRP Recovery.
ROM
In the context of Android, a ROM (acronym for “read-only memory”) or, more specifically, a “custom ROM” is a modified version of Android. Developers may give it extra features, a different look, enhanced performance, and others. It may even be a version of Android that hasn’t even been officially released yet. Some of the popular custom ROMs you may have heard of are CyanogenMod, Android Open Kang Project (AOKP), and MIUI.
ROM Manager
ROM Manager is an immensely popular app for root users, allowing users to flash ClockworkMod Recovery, install ROMs from their SD card, perform backups, and even download new ROMs over-the-air.
Root
Root refers to “administrator” or “full” access to the device. That is, your device earns enhanced privileges and can grant you more control in customizing it. The term referring to the process of gaining such administrative access is “rooting.”
With root access, you can mount the device’s internal memory partition as read/write, allowing you to do various things like USB or Wi-Fi tethering and uninstalling annoying bloatware. You can also enjoy certain applications that require root access, overclocking or underclocking the CPU, and more.
Some phones are easier to root than others. Certain phones require a tedious process to gain root access while other phones and firmware have easy and painless one-click methods. You can get root access by either installing the Superuser application or by flashing a custom ROM that already has root access included. Check out our section dedicated solely for guides on how to root your Android device.
Rooting, unfortunately, also voids your warranty, so you must be extra careful with whatever you do to your phone after you’ve rooted it.
RUU and SBF
ROM Upgrade Utilities (RUU) and System Boot Files (SBF, for Motorola phones) are files direct from the manufacturer that change the software on your phone. RUU and SBF are how the manufacturers deliver over-the-air upgrades and modders often post leaked RUU and SBF files for flashing when updates haven’t been released yet. They can also be handy when you’re downgrading your phone, especially when a rooting method is not yet available for the newest software version. You can flash RUUs directly from your HTC device, but Motorola users will need a Windows program called RSD Lite to flash SBF files.
S-OFF
HTC phones use a security feature called Signature Verification in HBOOT, the bootloader on HTC devices. S-ON (security on) will read-lock your /system and /recovery partitions, blocking you from performing certain root-level actions directly from Android. By default, your phone has S-ON, which blocks you from flashing radio images. You can disable this security measure with S-OFF (security off), although you risk bricking your phone in the process but will allow you to flash new radios. Rooting doesn’t require S-OFF but many rooting tools give you S-OFF in addition to root access.
Superuser
Since Android is a Linux-based operating system, Linux has something called root access. By rooting your Android phone, you gain superuser access. The superuser, or root user, is a special user account for system administration. Superuser is also the name of an app, which lets you grant or deny superuser privileges to other apps.
Wipe
Usually refers to wiping data and cache partitions of the device. Usually before flashing a custom ROM, developers will instruct users to perform a wipe. Not performing a wipe may result in problems with the ROM’s performance.
Zipalign
You’re likely to see this term on the list of a custom ROM’s features. Zipalign is a tool that optimizes the way an Android app (APK) is packaged. The Android device can interact with an application more efficiently, and in doing so, has the potential to make the app and the entire Android system perform much faster. Zipaligned applications are launched more quickly, and they use less amounts of RAM.
Congratulations! You’re now equipped with some basic rooting and Android knowledge. Now you can dive into XDA Developers and feel less like a noob. Using your newly acquired knowledge, you can make better informed decisions when looking for a ROM to power your Android device with. Good luck and happy hunting!
Got a rooting term that’s bugging you? Let us know in the comments and we’ll try adding it to our dictionary.
References
Diablo67. (2012, January 27). Android terms, slang & definitions (Read this before posting questions!) [Msg 1]. Message posted to http://forum.xda-developers.com/showthread.php?t=1466228
Gordon, Whitson. (2012, February 21). The always up-to-date guide to rooting the most popular Android phones. Retrieved from http://lifehacker.com/5789397/the-always-up+to+date-guide-to-rooting-any-android-phone
paul-ac. (2011, July 22). [Android ROM dictionary] Newbe friendly [Msg 1]. Message posted to http://forum.xda-developers.com/showthread.php?t=1180477
PolicyWonk. (2011, December 10). Root terms defined – ROM, shell, S-ON, etc. [Msg 1]. Message posted to http://androidforums.com/precedent-all-things-root/461024-root-terms-defined-rom-shell-s-etc.html
Static. (2011, July 30). Rooting dictionary [Msg 1]. Message posted to http://www.theandroidsource.com/questions-answers-forum/536-rooting-dictionary.html
TechCredo. (2011, February 11). Android ROM and rooting dictionary: All the terms explained. Retrieved from http://www.techcredo.com/android/android-rom-and-rooting-dictionary-all-the-funny-words-explained
ALL THE CREDIT GOES TO THEM! THANK YOU GREAT PEOLE
EDIT: 125+ VIEWS AND NO COMMENTS? :O

unlocking fastboot

Android root security considerations

hello,
sorry if this isn't the right place to ask this question, and please redirect me, this is a fairly huge site.
I know this question has been asked many times, but I didn't see a clear answer to it from security experts, or it is from several years ago and things might have changed.
My question is double:
first of all, nowadays, how does the process of rooting an android phone work (please detail if there are various alternatives) ? Does it rely on a security hole, or is it a kind of attack (such as physical access to the device) that is not part of the security perimeter of android ? In the first case, why is it that it's not fixed, as there are open bounties for the android system ? Note that I'm just talking about the android system itself (such as a Nexus Phone), with the latest patches.
Second related question: What would be the security risk of rooting an android phone ? If I am not mistaken, these could be grouped in at least two issues: the rooting process itself, and the aftermath.
a. Regarding the rooting process, is there any open source procedure (or at least closely reviewed) to root a nexus phone that could guarantee that there's no malware installed in the process ? (see also first question)
b. From what I understand, having a rooted android is no different than having a linux OS with a root account. Are there any (free, open source?) apps that can monitor (what commands have been launched, etc) and prevent apps from getting access to the root account without my agreement ? (so that it is linux OS where any account that requires root privileges must go through 'sudo' and ask the user to enter their password).

Please tell me if I'm asking in the wrong part of the site.

Qualcomm Vulnerability - Possible Root?

Looking through AndroidCentral, I ran across this and knowing our phones use Qualcomm's chipset (Snapdragon) is it possible someone could write up a app to root our phones?
http://www.androidcentral.com/quadrooter-5-things-know-about-latest-android-security-scare

Yes, is posible, i consider GmsCore, and Gapps, the primary crappy apps that haves ocult root activities.
Someday i found an activity in googlplayservices.apk named as RootActivity on the 365 activities inside the GMSCore.apk
After this i confirmed, the crappy google is the creator of root services without superuser/su
This is why i consider "if my phone or device haves no root, the phone or device is not mine, and someday, will die".
But root a device, requires long years working with Linux or CentOs in a computer. Because all is the same on android.
The simplest way i do "sometimes", is install dr web and scan my app list for confirm thus crappy event.
We download apks sometimes, we need to know what these apk do.
WidgetWindow.apk or sugarmintcandy.widgetwindow.apk
Was an app found by dr web scanner that reported that this app access internet, without permission declared in Manifest.xml
Of course, i decompiled the apk, writed the INTERNET.permission tag and recompiled again.
If some app access internet without permission, why not some another will not gain root without permission too?
This is an android error , not the apk's creators.
:thumbup:
Sent from my XT687 using xda premium

Which means?
Dethfull said:
Yes, is posible, i consider GmsCore, and Gapps, the primary crappy apps that haves ocult root activities.
Someday i found an activity in googlplayservices.apk named as RootActivity on the 365 activities inside the GMSCore.apk
After this i confirmed, the crappy google is the creator of root services without superuser/su
This is why i consider "if my phone or device haves no root, the phone or device is not mine, and someday, will die".
But root a device, requires long years working with Linux or CentOs in a computer. Because all is the same on android.
The simplest way i do "sometimes", is install dr web and scan my app list for confirm thus crappy event.
We download apks sometimes, we need to know what these apk do.
WidgetWindow.apk or sugarmintcandy.widgetwindow.apk
Was an app found by dr web scanner that reported that this app access internet, without permission declared in Manifest.xml
Of course, i decompiled the apk, writed the INTERNET.permission tag and recompiled again.
If some app access internet without permission, why not some another will not gain root without permission too?
This is an android error , not the apk's creators.
:thumbup:
Sent from my XT687 using xda premium
Click to expand...
Click to collapse

The "patches" are applied only by recompiling the rom and updating to the new by the manufacturer
I installed the app
I foud 4 CVE errors in my Gpu
But i still cannot clarify the risk level of this.
I believe, this risk, comes installing an affected apk ONLY
Dr. Web light antivirus inspects and detects dangerous apks after installing.
I may update my rom only if Motorola send the patches and ONLY IF is a high level risk and strictly necessary
Sent from my XT687 using xda premium

They are saying these CVE errors are new, and the menaces may be initiated in 4 months, and we need to contact the Manufacturer "imploring new rom"
Hm imploring, haha, lamenatable.
I am on a semi custom stock rom, if they fixes my rom, i will need begin again
But xt687 is out of the list.
Hahaha, i will "implore".
Sent from my XT687 using xda premium
---------- Post added at 08:02 PM ---------- Previous post was at 07:54 PM ----------
The checkpoint site that "discovered"
This CVE error, is promotting "download apps from goglebley site", well...
I downloaded the widgetWindow from there, still are there and EVERYWHERE is the same.
I say against them:
Stay donloading all apks that you want from where you want because java and linux is not their property!
Be aware after installing apks CHECKING WITH CISecurity or Dr web antivirus...
:thumbup:
Sent from my XT687 using xda premium

Using this exploit would be a temp root situation I believe. We would still have to unlock the bootloader to have root after we reboot.
I haven't looked into these enough. Plus the fact I'll be switching to the note 7 soon means I'll still be looking to see if these will work or not to try and gain root.

I understand the bootloader issue. However with us obtaining root it might help us get closer to finding what is needed to get the bootloader unlocked correct?

This could be interesting to hear more about. I'd love to upgrade to MM. But I'm not jumping off of 5.1.1 until that happens.
Kickin' it on my VS990

This screenshot is from my xt687 android 4.0.4 is not only the new devices, is more than these.
We have not affraid with this, even only, if we install UNCHECKED apks.
Nobody can install apps remotely, they can execute remotely only.
Sent from my XT687 using xda premium

Did this ever get any traction? I was just reading about QuadRooter and figured I'd give my device a scan. It says that I am vulnerable to CVE-2016-2059 and CVE-2016-2504. According to ZoneAlarm who put out the scanner, two vulnerabilities were fixed by a patch but two were not. I guess these are the two? So, CVE-2016-2059 is the Linux IPC router kernel, and CVE-2016-2504 which is the KGSL (Kernel Graphics Support Layer) according to codeaurora.org
Would be cool if we could root this bad boy afterall... (I'm on Android 6.0 with security patch level 2016-06-01, and build MRA58K -- VS99023A