Hi there,
I am an android application developer and I'd like to write an application, which is rooting the phone.
There was a time(Android 2.2 and older), when rooting was not really a big thing.
Changing the rwx permissions of two files by running two "chmod" terminal commands was enough on nearly every device to root them.
But then it went more difficult.
There may not be such a simple solution like above, but I keep hoping that it is still possible programmatically. Here is an idea:
We could use Assembler and native C to generate a Puffer overflow by calling a Unix system call like here(http://peterdn.com/post/e28098Hello-World!e28099-in-ARM-assembly.aspx).Then we could get some code, which would be able to change the file permissions coz it's running in Kernel mode, into the Kernel this way.
What do you think of my idea? Write it down! I don't expect code or does anybody here know a Linux kernel exploit
But ideas where we have to look for those would be great.
Questions should be posted in Q&A forums, not Development forums.
http://forum.xda-developers.com/announcement.php?a=81
See rule #15
Thread moved.
Related
In response to d_dan's thread I have decided to start putting together a glossary for android related terms/abbreviations. Feel free to reply with ones you would like added/modified as the list I'm beginning with is rather short. I will monitor the thread regularly and incorporate them into the original post, contributions will be duly credited.
GLOSSARY:
adb : Android Debug Bridge, a command-line application included in the SDK. Allows you to run certan commands on the phone from your computer over USB as well as pull/push files.
BART : Backup And Restore Tool, similar to Nandroid but with more customization options for advanced users.
Cook : To create a ROM for a certain device.
Emulator: A program that pretends its certain hardware/software running on another device.
Flash : To write a ROM/Radio/SPL/etc to a device.
Nandroid: A backup/restore tool that creates an image of your phone's software guts which can be reapplied if something goes wrong.
Radio : Clarification on this requested, I know it has something to do with the connectivity to your provider. WARNING: Mucking around with it can brick your phone in certain situations!
recovery: Booted into by holding the "Home" button while booting the phone, a custom recovery image allows Nandroid backups, console access, wipes and much more.
SDK : Source Developer Kit, Contains tools to create things for Android, also includes adb and an android emulator.
SPL : Secondary Program Loader, loads the android OS. WARNING!: Mucking around with it can brick your phone in certain situations!
Terminal: A way to run certain commands on your phone, like CMD on a windows platform.
Much appreciated.
Thanks
Correct me if im wrong, the radio is the Baseband Firmware, and serves as the IPL, or Initial Program Loader, which initiates the SPL, aka Secondary Program Loader...
-BMFC
Sent from my T-Mobile G1 using the XDA mobile application powered by Tapatalk
spamcakes said:
SDK : Source Developer Kit, Contains tools to create things for Android, also includes adb and an android emulator.
Click to expand...
Click to collapse
SDK traditionally stands for "Software Development Kit". The Android SDK provides the tools necessary to debug various android components, as well as a handful of pre-compiled libraries which are primarily used in developing applications.
Also, the words "Cook", "Chef", "Baked", "Cooking", "Kitchen", and "ChickenWings" should be avoided.
We have SOURCE, we do not need to "cook" anything, we can build the platform the same way the carriers do.
ctso said:
Also, the words "Cook", "Chef", "Baked", "Cooking", "Kitchen", and "ChickenWings" should be avoided.
We have SOURCE, we do not need to "cook" anything, we can build the platform the same way the carriers do.
Click to expand...
Click to collapse
Although ports have some heavy-ass cooking going on
So many htc phones would be better with sense source. (that example of sense because it's the most popular redo of android these days)
Also, a thread like this shouldn't be in "chef central" because people in here should already be chefs, amirite?
But otherwise, I love this concept.
Edit: and honestly, I'm cool with those cheesy terms because they were made and developed on XDA, so thats good stuff.
What about terminal commands or whatever they are called?
Great idea. I've been lurking for quite some time now. Most of these terms I have been able to figure out without this glossary by continuing to read, read, read and search, search, search. The term I have not been able to figure out is odexed/deodexed. Anybody who could help me with these definitions will be greatly appreciated.
Edit: Please disregard my question. I was finally able to find a helpful post on the subject.
Hi Everyone,
I am trying to code my first android app, which is an app that will copy some files from the app's asset folder to /system/app, adjust permissions and let the user know the process has been finished. I am a systems person, not a programmer, so know all of the details as to what has to get done. I create some scripts in /assets, and have the files I want to copy in /assets as well.
How do I go about programming this? Is this the right method I'm looking at doing?
danifunker said:
Hi Everyone,
I am trying to code my first android app, which is an app that will copy some files from the app's asset folder to /system/app, adjust permissions and let the user know the process has been finished. I am a systems person, not a programmer, so know all of the details as to what has to get done. I create some scripts in /assets, and have the files I want to copy in /assets as well.
How do I go about programming this? Is this the right method I'm looking at doing?
Click to expand...
Click to collapse
Can I have the files? I'll try to do this for you
Sent from my Galaxy Nexus using Tapatalk
Better to help him instead of doing it for him, that way he learns more and gets his hands dirty. =p
Hehe, thanks for the response guys!
Anyways, tycoon177, thanks for signing up to help me!
I have zipped up everything I have related to the project, it is pretty simple, I just want to copy some files from the progrsm into /system/app, I have created an install and an uninstall script (although I haven't tested them just yet, not sure how I would do that right now) and have placed those scripts in the /assets/scripts folder. The goal is to copy the files into the proper locations, in order for the Kobo Vox to get access to the Android market. I have devised some instructions and posted them in the following forum page ( http://www.mobileread.com/forums/showthread.php?t=160948&page=1 ), but a lot of users seem to be messing up their system (they aren't a technical bunch) so I figured I should try and learn java and build an app for all of this...
Unfortunately this is a little beyond my abilities, but my intro to Java course starts tonight hehe.
Anyways, the project name is called OogleVox, it won't need to be going onto the Android Market, and will probabably just be an apk download from one site or another.
The link to the source code is here:
http://www.multiupload.com/ASI47S2BM4
Thanks again for your help!
danifunker said:
Hehe, thanks for the response guys!
Anyways, tycoon177, thanks for signing up to help me!
I have zipped up everything I have related to the project, it is pretty simple, I just want to copy some files from the progrsm into /system/app, I have created an install and an uninstall script (although I haven't tested them just yet, not sure how I would do that right now) and have placed those scripts in the /assets/scripts folder. The goal is to copy the files into the proper locations, in order for the Kobo Vox to get access to the Android market. I have devised some instructions and posted them in the following forum page ( http://www.mobileread.com/forums/showthread.php?t=160948&page=1 ), but a lot of users seem to be messing up their system (they aren't a technical bunch) so I figured I should try and learn java and build an app for all of this...
Unfortunately this is a little beyond my abilities, but my intro to Java course starts tonight hehe.
Anyways, the project name is called OogleVox, it won't need to be going onto the Android Market, and will probabably just be an apk download from one site or another.
The link to the source code is here:
http://www.multiupload.com/ASI47S2BM4
Thanks again for your help!
Click to expand...
Click to collapse
I don't know what Kobo Vox is, but for android, in general, the /system partition is read only, and on most devices the MMC or eMMC is locked so that it can't even be remounted read/write. Also, any user app won't be able to gain the required permissions to write to /system/app even if the partition was unlocked and mounted read/write. If you are rooted and security allows you write access to the MMC/eMMC, then you'd need su to gain the required permissions from the OS.
Gene Poole said:
I don't know what Kobo Vox is, but for android, in general, the /system partition is read only, and on most devices the MMC or eMMC is locked so that it can't even be remounted read/write. Also, any user app won't be able to gain the required permissions to write to /system/app even if the partition was unlocked and mounted read/write. If you are rooted and security allows you write access to the MMC/eMMC, then you'd need su to gain the required permissions from the OS.
Click to expand...
Click to collapse
Thanks Gene Poole, I know this app will require root permissions, which will require a run as su. That's going to be a requirement for the app
Questions or Problems Should Not Be Posted in the Development Forum
Please Post in the Correct Forums
Moving to Q&A
Sorry, I did not figure this out..
Sent from my Galaxy Nexus using Tapatalk
tycoon177 said:
Sorry, I did not figure this out..
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Thanks for trying! I'm taking a Java course at school now, maybe I'll be able to figure this one out in due time.
If you want to write app before learning java you could use basic4android. You could use its phone library to execute the commands direct and as you can also issue adb commands etc with it you could also have your app more interactive whereby it could check for things you know cause problems and react accordingly.
The site is basic4ppc.com I think, it would allow you to quickly and easily code an app and as with eclipse and other ide's it produces native standalone apk files signed and ready for use.
Dave
Sent from my LG P920 using Tapatalk
First off, before I get into it; nay sayers and trolls please keep the thread clear. Hopefully we can figure something and more minds together normally equal victory.
Last night an idea hit me, I use a hack with Windows that allows admin permissions and I don't have enough info about android apks to say that it wont work.
In Windows (yes I know they are way different) if you can figure a way to temp change one sys program to be command prompt, you can add users, change admin passwords, delete logs and the such. Basically you own the box at that point. Im not going to go into the details cause as far as I know M $ hasnt fixed it and I dont want them to.
So if we can find an apk with root writing permissions and can change it to be a term emulator we should be able to chmod root.
I have made some attempts, using the hidden menu apk. I figure it can change the prop file it should have root privileges; with no luck. Maybe I am not repackaging the apk correctly or something?
If someone that knows more about apks thinks it may be a possibility lets get to cooking!
The Command Prompt trick you're talking about is very well known. It's been around since Vista and has yet to be patched and unlikely to be due to the nature of how it works.
Thanks Pirate, I know what versions it works with. But I guess no one knows how we can possibly accomplish the same in android.
Zer0C0oL said:
Thanks Pirate, I know what versions it works with. But I guess no one knows how we can possibly accomplish the same in android.
Click to expand...
Click to collapse
If you did, wouldn't you end up in a bootloop due to dm-verity, or is this not modifying /system?
Lifehags said:
If you did, wouldn't you end up in a bootloop due to dm-verity, or is this not modifying /system?
Click to expand...
Click to collapse
The way I understand the DMVerity mechanism is it rebuilds its trust chain every time a legitimate system change is made. When you perform a PRL update, the app makes a change to the system. This does not equal bootloops and I believe we can accomplish the same via this hack, if apk permissions can be loaned.
In the M$ hack you can't leave the change in place as it messes up other processes. Basically you use it to add a user with admin permissions/ open a backdoor and then cover your tracks: which one step is reverting the swap so there are no system issues for the users to find.
Alas, I fear the people this post should be reaching are the ones working towards claiming the bounty and for that reason collaboration will be non-existent.
@Zer0C0oL, please note that unless you are a developer working on a recovery, ROM or a Kernel, you should not be posting the development section. Please refer to this announcement if you have any questions.
I've moved this thread to the How-To section where it belongs.
Cheers :good:
Zer0C0oL said:
First off, before I get into it; nay sayers and trolls please keep the thread clear. Hopefully we can figure something and more minds together normally equal victory.
Last night an idea hit me, I use a hack with Windows that allows admin permissions and I don't have enough info about android apks to say that it wont work.
In Windows (yes I know they are way different) if you can figure a way to temp change one sys program to be command prompt, you can add users, change admin passwords, delete logs and the such. Basically you own the box at that point. Im not going to go into the details cause as far as I know M $ hasnt fixed it and I dont want them to.
So if we can find an apk with root writing permissions and can change it to be a term emulator we should be able to chmod root.
I have made some attempts, using the hidden menu apk. I figure it can change the prop file it should have root privileges; with no luck. Maybe I am not repackaging the apk correctly or something?
If someone that knows more about apks thinks it may be a possibility lets get to cooking!
Click to expand...
Click to collapse
I'm pretty sure it may be possible however impossible to avoid tripping knox.
I am trying to access an Arduino from my Xiaomi Pocophone F1. The phone is running LineageOS 16 and is rooted.
I am trying to use this code project as a start:
https://www.instructables.com/id/Arduin-Adroid-USB-Serial-Communication/
It uses the slightly old "Physicaloid" library I got from here:
https://github.com/ksksue/PhysicaloidLibrary
I imported the project and the Physicaloid library into AndroidStudio, and I can start the app. But every attempt to connect to the Arduino fails.
I am struggling with the permission for using the USB Host feature in my app, I guess. The app "USB Device Info" shows me a recognized USB2.0-Serial device when I plug the Arduno in. But it seems no intent is created and so I cannot request the permission "on the fly" via an intent filter. And I also don't know how to explicitly request the permission. I tried to create a permission xml file "android.hardware.usb.host.xml" in /system/etc/permissions (copied there via "Root Explorer") with the following content (as I have read in several locations on the web):
Code:
<?xml version="1.0" encoding="utf-8"?>
<permissions>
<feature name="android.hardware.usb.host"/>
</permissions>
Then I try to request the permission by name "android.hardware.usb.host", but that does not seem to work, either.
Am I on the right track? What would be the right track?
PLEASE MOVE BACK TO ANDROID DEVELOPMENT - THIS IS ABOUT CREATING CODE - NOT Q&A; NOT TROUBLESHOOTING; BUT CODE DEVELOPMENT - THANK YOU VERY MUCH !!!!!!!!!!!!!!!!!!!!!!!!!!!!
If there is a tutorial about logging for Android development in the "Software Development & Hacking" section, why is a posting related to permissions not in the correct spot?
I am wondering wheter @SacredDeviL666 is a human being or just a forum bot.
pegnose said:
PLEASE MOVE BACK TO ANDROID DEVELOPMENT - THIS IS ABOUT CREATING CODE - NOT Q&A; NOT TROUBLESHOOTING; BUT CODE DEVELOPMENT - THANK YOU VERY MUCH !!!!!!!!!!!!!!!!!!!!!!!!!!!!
If there is a tutorial about logging for Android development in the "Software Development & Hacking" section, why is a posting related to permissions not in the correct spot?
I am wondering wheter @SacredDeviL666 is a human being or just a forum bot.
Click to expand...
Click to collapse
A bot i believe....
Development forum is to share a dev's work and not for troubleshooting or assistance which goes in Q&A.
When you have developed something then you can share in the dev sections
Nice, man. Asking about a dev issue in a sub-forum where people post who don't know how to save battery or do backups and stuff.
You are a really cool elite circle here. Exclusivity is always a nice touch. Thank you so much.
So no one knows this?
Never mind, problem solved.
I have a HTC Desire 650 running android 6 and I am trying to root it and also keep the original recovery.
I have found this thread: https://forum.xda-developers.com/t/root-htc-desire-650.3713325/ and apparently someone built a twrp for it. Doesn't that need a root in the first place to extract the kernel source?
Anyway, are there any apps or known vulnerabilities that would allow me to root the phone or at least extract the recovery image?
The problem is that I couldn't find any stock rom images or anything else for this phone. I was only able to unlock the bootloader.
Dan Ti said:
I have a HTC Desire 650 running android 6 and I am trying to root it and also keep the original recovery.
I have found this thread: https://forum.xda-developers.com/t/root-htc-desire-650.3713325/ and apparently someone built a twrp for it. Doesn't that need a root in the first place to extract the kernel source?
Anyway, are there any apps or known vulnerabilities that would allow me to root the phone or at least extract the recovery image?
The problem is that I couldn't find any stock rom images or anything else for this phone. I was only able to unlock the bootloader.
Click to expand...
Click to collapse
Hello and good morning, @Dan Ti
Prior to your next posting please read the guidances that are stuck on top of every forum like
Note: Questions go in Q&A Forum
If you are posting a Question Thread post it in the Q&A forum. Technical discussion of Android development and hacking. No noobs, please. Device-specific releases should go under the appropriate device forum...
forum.xda-developers.com
and the others. I've moved your thread to Android Q&A.
Thanks for your cooperation!
Regards
Oswald Boelcke
Senior Moderator
Only to clarify things:
1. Recovery is a small and independent operating system that is set up in its own partition in many Android smartphones and tablets.
The "Recovery mode" is useful for you if you want to access the Android system of your smartphone or tablet beyond the conventional settings.
Since the recovery system is on its own partition next to the actual operating system and is thus intact even after a virus attack, it is often used for system repair.
2. Android's bootloader is a program that is responsible forbooting Android device.
3. Rooting is how you get complete access to everything in the Android OS, and those elevated permissions allow you to change it all. Root, at least the way I'm understanding it, is the superuser.
When you root your Android, you're simply adding a standard Linux function that was removed by OEM. A small file called su is placed in the system and given permissions so that another user can run it. It stands for Switch User, and if you run the file without any other parameters, it switches your credentials and permissions from a normal user to that of the superuser. You are then in complete control and can add anything, remove anything, and access functions on your phone or tablet that you couldn't reach before. This is pretty important and something you should think about before you begin.
To root Android OS it's neither necessary to unlock devices bootloader nor to install TWRP: this is an obviously not eradicable old nurse's tale!