Is rooting mean really exploiting a Kernel vulnerability to gain root access?
If there are no vulnerabilities, no root access?
why doesn't Android allow root access by default like other Linux or windows...
silvercats said:
Is rooting mean really exploiting a Kernel vulnerability to gain root access?
If there are no vulnerabilities, no root access?
Click to expand...
Click to collapse
No, not really. Using a vulnerability is only needed when the manufacturer not allows you to root your device, i.e. using a locked bootloader not possible to unlock.
silvercats said:
why doesn't Android allow root access by default like other Linux or windows...
Click to expand...
Click to collapse
Because buying a phone, and the manufacturer guarantees not only the functionality of the hardware, but of the software as well. This is the difference compared to an ordinary computer. If you could modify the software in the device, the manufacturer would no longer be able to guarantee its function.
Another reason is DRM - for this to be work safely (for the rights owner), the device must be tamper proof. This is why many manufacturers allowing unlocking at the same time erases any DRM information from the phone.
Related
I used to work with WM 5 & 6 phones, had plenty of them and enjoyed them all until I discovered the HTC Magic. What a giant leap forward!! Especially when using Google Apps as we do. I am however a bit reluctant to root the magic as it doesn’t seem like a walk in the park. I really miss being able to backup SMS messages and all the other apps that only run on rooted devices.
So my question is if the HERO is a rooted device or not.
Does anybody have an answer to this question? I’m so tempted to preorder one
the answer to the question should be probably yes seing how people have the system dump files. so its just a matter of time
In the meantime, you can back up SMS and MMS with GBackup from Market - backs up to Gmail automatically - can also back up call log and pics...
Dayzz
Apologies for my ignorance but what does rooting the phone mean? I've just come from using a Windows mobile phone - which I have been using since the original SPV!
Root access comes from Unix - Linux operating system speak (which is what Android runs on). Root basically means administrator privileges. So if you can run under root access then you have privileges to change/modify/do anything.
In the phone out of the box you do not have root to protect the phone from modifications that could brick it. People who do modifications under root access need to either know what they are doing, or follow a script from someone who knows what they are doing.
Ofcourse it's not 'rooted' when you unpack it from the box.
Eventually I'll guess the Hero will be rooted, but when and how... we'll just have to wait.
dipje said:
Ofcourse it's not 'rooted' when you unpack it from the box.
Click to expand...
Click to collapse
Easy son... He asked, I provided.
barryallott said:
Easy son... He asked, I provided.
Click to expand...
Click to collapse
wasn't ment to be offensive in any way ...
barryallott said:
Root access comes from Unix - Linux operating system speak (which is what Android runs on). Root basically means administrator privileges. So if you can run under root access then you have privileges to change/modify/do anything.
In the phone out of the box you do not have root to protect the phone from modifications that could brick it. People who do modifications under root access need to either know what they are doing, or follow a script from someone who knows what they are doing.
Click to expand...
Click to collapse
But as in Unix /Linux you use an ordinary login for normal day to operations and su to to use root. You have to consciously change your privelidges which is safer!!
Simon
Lots of useful info on allsorts, including rooting and other hacks here
http://forum.xda-developers.com/showthread.php?t=542452
Daisy xx
Hi, I would like to have root access to my phone, but not necessarily with a custom ROM. I would also prefer to not change my bootloader.
What exactly is rooting? Is it replacing the whole system image with an image that gives the user root access? Or is it just like enabling sudo for the user? Or is a smaller part replaced? (I am somewhat familiar with electronics, computers and Linux, but I find the Android hacking a bit confusing )
Also, is it possible to run stock Android, only with root access? Will the access be lost when upgrading?
c3c0l0n said:
Hi, I would like to have root access to my phone, but not necessarily with a custom ROM.
DEV section rooting post /
What exactly is rooting?
root is the user account in Linux with all privileges. The root user can edit anything on the system. For safety reasons, users do not have all those privileges. When you root your phone, you will gain write access to areas of the phone you couldn't previously access and are allowed to run more commands in the terminal. Because applications do not get a lot of privileges, some of them require you to root the device in order for them to function properly (or fully).
Also, is it possible to run stock Android, only with root access?
Yes and Yes lost root on upgrade usually .
jje
Click to expand...
Click to collapse
Thank you. How is the rooting performed? Is only an ACL modified, or is a more fundamental part of the system changed (like the kernel, bootloader etc)?
I know that a custom ROM might be unstable/experimental, but does the same apply for rooting, or is the modification so small that one could expect the exact same stability as in the stock ROM?
c3c0l0n said:
Thank you. How is the rooting performed? Is only an ACL modified, or is a more fundamental part of the system changed (like the kernel, bootloader etc)?
I know that a custom ROM might be unstable/experimental, but does the same apply for rooting, or is the modification so small that one could expect the exact same stability as in the stock ROM?
Click to expand...
Click to collapse
All your questions are explained in detail in the Development section
Sorry, I did not find it. However, I read this without getting smarter. This video suggests that rooting is a process that does something with your phone without replacing everything. An exact list of what the rooting tools do would be perfect
Not all tools do the same thing. To get a specific answer, you will have to ask the person that came up with whatever rooting tool you are referring to. Some phones take more to root than others.
Hello XDA,
as Zimperium demonstrated, you are able to get root shell via stagefright exploit. So wouldn't it be really easy to create a root tool that works on almost all devices? Like "its not a bug, its a feature"
Greets Xorg
TheXorg said:
Hello XDA,
as Zimperium demonstrated, you are able to get root shell via stagefright exploit. So wouldn't it be really easy to create a root tool that works on almost all devices? Like "its not a bug, its a feature"
Greets Xorg
Click to expand...
Click to collapse
Sounds legit. If it were only that easy
Sent from my Nexus 5
TheXorg said:
Hello XDA,
as Zimperium demonstrated, you are able to get root shell via stagefright exploit. So wouldn't it be really easy to create a root tool that works on almost all devices? Like "its not a bug, its a feature"
Greets Xorg
Click to expand...
Click to collapse
I just thought the same if I heard about stagefright exploit.
But I read too, that the lib-stagefright is not the same on every android os. Some companys change the code a little bit or use another environment.
But I want to ask again inname of the ts:
Is it possible to root devices with help of the stagefright exploit?
Greeings by Idijt
I_did_it_just_tmrrow said:
Is it possible to root devices with help of the stagefright exploit?
Click to expand...
Click to collapse
If you can get root (as the OP says), you have rooted it
AlvaroGzP said:
If you can get root (as the OP says), you have rooted it
Click to expand...
Click to collapse
They "only" got root shell, SELinux may prevent you from pushing files(?)
It would be lovely if it's used to root a phone like the SM-G900H (Exynos S5). Nothing so far can root it without tripping knox flag.
TheXorg said:
They "only" got root shell, SELinux may prevent you from pushing files(?)
Click to expand...
Click to collapse
SELinux is enforced for root users? In theory, root has total control of the system. For example, file permissions do not apply to root.
AlvaroGzP said:
SELinux is enforced for root users? In theory, root has total control of the system. For example, file permissions do not apply to root.
Click to expand...
Click to collapse
Not completely true. In order to change file permissions you need root in order to do it
Sent from my Nexus 5
ShapesBlue said:
Not completely true. In order to change file permissions you need root in order to do it
Sent from my Nexus 5
Click to expand...
Click to collapse
Yes, but what I mean is that, without changing permissions, root can write to unwritable files and read unreadable files, effectively bypassing file permissions. Also, root can change permissions for files not owned by him, which normal users cannot.
AlvaroGzP said:
Yes, but what I mean is that, without changing permissions, root can write to unwritable files and read unreadable files, effectively bypassing file permissions. Also, root can change permissions for files not owned by him, which normal users cannot.
Click to expand...
Click to collapse
That's very true. But as you know that can only be achieved with root. I personally have the Stagefright fix and at this point don't have to worry about it thankfully
Sent from my Nexus 5
Do t worry about this really. It is a bunch of fear mongering mostly. Also even the patch from Google as been proven doesn't fix it completely. People that release these types of things have alternative motives.
Has a write-up ever been released on exactly how SuperSu works? After searching around for a while I found mostly guides on who to use the app, no the implementation details.
I did, however, find this official resource that is mostly directed at explaining how to use the root privileges programmatically, but explained things fairly well. The article gives information about SELinux, but not so much how its enforcement is circumvented.
There appears to be a lot of context switching to allow execution of certain events (from the point of view of those using SuperSu) otherwise denied under SELinux, but how did SuperSu get to the point at which it was able to "legally", as far as SELinux is concerned, patch SELpolicies?
It seems that the objective is to force the init process to spawn a new shell that runs the su daemon, but there does not appear to be any patching of the init process, but from the article linked:
On firmwares that use SELinux, su is generally implemented as a proxy to a daemon started from init
Click to expand...
Click to collapse
and
You might wonder why - if we're already running as the init context, as the root user ..
Click to expand...
Click to collapse
-------------------------------------------
tl;dr; How does SuperSu execute in the context of the init process?
Given as:
u:r:init:s0 - Highest init context
u:r:init_shell:s0 - Shell started from init
Click to expand...
Click to collapse
SuperSU does not provide root privilege. Root privilege exists or it doesn't. Someone more knowledgeable can explain it better than I can, but either you have access to the system partition (root), or you don't. What SuperSU and similar apps do is act as a gatekeeper for other apps that utilize root access. Primarily to allow or disallow apps, or certain functions within apps, to do whatever it is they do. And of course, it's also a safety precaution against malware, because malware with root access can cause serious damage.
As for the other questions, I'm not the one to reply; that stuff is beyond me.
OEMs use root/admin and then lock it away like on Linux so Its SuperSU tht is the admin and grants root*admin permission
Planterz said:
SuperSU does not provide root privilege. Root privilege exists or it doesn't. Someone more knowledgeable can explain it better than I can, but either you have access to the system partition (root), or you don't. What SuperSU and similar apps do is act as a gatekeeper for other apps that utilize root access.
Click to expand...
Click to collapse
This is likely misunderstood by many. You are thinking of the SuperSU app that can be downloaded from the app-store. In this regard, you are correct in that it manages root access. However, the application portion of SuperSU is only the front-end; there is an entire back-end solution to SuperSU that patches the system to achieve elevated permissions to be managed by the front-end in the first place. Check out the write-up linked in the OP.
arshad145 said:
OEMs use root/admin and then lock it away like on Linux so Its SuperSU tht is the admin and grants root*admin permission
Click to expand...
Click to collapse
This sounds like a plausible method, but I did not see any mention of this in the article linked in the OP. Could you provide further details or sources for your thought?
Android uses *linux* based kernel
So I know the root part is true but for the OEM just a guess ;p
---------- Post added at 19:07 ---------- Previous post was at 19:01 ----------
If you want to learn more about root just use a linux and go explore its deepest secret
Can be tricky to learn about the function of linux kernel but android is more or less the same
*Simplified description*
arshad145 said:
Android uses *linux* based kernel
So I know the root part is true but for the OEM just a guess ;p
---------- Post added at 19:07 ---------- Previous post was at 19:01 ----------
If you want to learn more about root just use a linux and go explore its deepest secret
Can be tricky to learn about the function of linux kernel but android is more or less the same
*Simplified description*
Click to expand...
Click to collapse
I have used Linux for some time now. It is not the architecture of Linux that I am curious about, though.
You are correct in that root access is locked away in most production phones. This is done simply by allowing the user of the phone to execute as a separate user with lower permissions. SuperSU somehow patches the system to execute a daemon in the same context as the init process, which presumably has the most privileged access from the set of contexts. I am wondering of the architecture of SuperSU such that it is able to achieve this execution.
Oh my sorry for misunderstanding :/
but no idea for SuperSU privilege accesses or loop
but if you debug it on pc u can find something?
*Hopefully*
:fingers-crossed:
---------- Post added at 19:29 ---------- Previous post was at 19:23 ----------
One thing am curious too
Why can't superSU gain permanent root unless bootloader is unlocked???
Like if there is OTA update root is gone unless bootloader unlocked ...
WHY?!
**Curious**
arshad145 said:
One thing am curious too
Why can't superSU gain permanent root unless bootloader is unlocked???
Like if there is OTA update root is gone unless bootloader unlocked ...
WHY?!
**Curious**
Click to expand...
Click to collapse
As far as I know, when a bootloader is "locked" is prevents any sort of reflash of the device unless you otherwise provide some kind of proprietary key (.e.g. to authenticate genuine OEM updates). So, you first need to unlock the bootloader in order to flash a custom recovery, which then gives you support for patching the system with the necessary SuperSU files.
Presumably, just as an educated guess, when you receive a genuine OTA the core patched files for SuperSU are overwritten, thus disabling your prior rootkit.
SuperSU is closed source. Just curious to see if anyone has any background knowledge of its implementation.
It seems not. Although this is disappointing, it was somewhat expected.
Hi everyone!
I would like to know some things... Is it possible to unlock OEM/bootloader of said device? Dev options doesn't have the option and looking on the internet i only found solution for kirin960 while my model has kirin985 hardware. Primarily i've been looking for a possibility to root my device but as far as i know it's impossible without unlocking OEM. There was a thread on 4PDA which mentioned that it's only possible now by paying for the unlock code which is a bit ridiculous in my opinion.
To root a device's Android unlocking device's bootloader is NOT required at all.
jwoegerbauer said:
To root a device's Android unlocking device's bootloader is NOT required at all.
Click to expand...
Click to collapse
The only way i know of is to root using Magisk, and https://topjohnwu.github.io/Magisk/install.html here it says that your bootloader needs to be unlocked. Is there another way i don't know of?
Edit - also says that huawei devices are not supported
A phone's Android is rooted when SU ( read: Superuser , root ) binary is present in Android OS.
Here is what you have to do to root your device's Android:
Replace Android's Toybox binary - what is a restricted version by default - by unrestricted Toybox v0.8.5, means what has SU-binary implemented.
This can get achieved by means of ADB.
jwoegerbauer said:
Replace Android's Toybox binary - what is a restricted version by default - by unrestricted Toybox v0.8.5, means what has SU-binary implemented.
This can get achieved by means of ADB.
Click to expand...
Click to collapse
Is there a tutorial on how to do that? I've spent some time looking on forums what is toybox exactly and how to install it but i couldn't really find something beginner friendly