Root access development - Android Q&A, Help & Troubleshooting

Before you read this trough : This is not a question about how to root my phone or add root access to an app. This is about how I can add root acess to my phone. I mean like ading root acess to a phone where no root is yet released. If anyone knows a github repo with the commits of adding root to the phone, please tell me. Thanks!

CTXz said:
Before you read this trough : This is not a question about how to root my phone or add root access to an app. This is about how I can add root acess to my phone. I mean like ading root acess to a phone where no root is yet released. If anyone knows a github repo with the commits of adding root to the phone, please tell me. Thanks!
Click to expand...
Click to collapse
you don't want to root device (for example: kingo root, Iroot, etc) u want to compile su file or what??

Paget96 said:
you don't want to root device (for example: kingo root, Iroot, etc) u want to compile su file or what??
Click to expand...
Click to collapse
I currently don't look to compile for a specific device but I want it as basic knowledge when it comes to the case of a new device that has no root yet.

CTXz said:
Before you read this trough : This is not a question about how to root my phone or add root access to an app. This is about how I can add root acess to my phone. I mean like ading root acess to a phone where no root is yet released. If anyone knows a github repo with the commits of adding root to the phone, please tell me. Thanks!
Click to expand...
Click to collapse
"How I can add root access to my phone" = root your phone? There's not much difference between the two sentences. Unless you mean adding the root path to the device without installing SuperSU or any other SU app?

popthosegaskets said:
"How I can add root access to my phone" = root your phone? There's not much difference between the two sentences. Unless you mean adding the root path to the device without installing SuperSU or any other SU app?
Click to expand...
Click to collapse
Look. You have a phone that doesn't have root access. So what I would do is go to xda, find a root IMG to flash on my phone and then flash it. That would give me root access to the phone. The thing is, if there is no flashable IMG I would develop one by myself. Now I can't find any tutorials or sources of how to build a image like that.
Sent from my SM-G800F using XDA Free mobile app

1. Such methods would depend on your phone, not all phones go through .img file flash.
2. Usually I would associate .img files as kernel. So I assume you want to flash a custom kernel?
3. If you indeed want to flash a custom kernel, you still need root on the ROM before the custom kernel can have root access.

CTXz said:
Look. You have a phone that doesn't have root access. So what I would do is go to xda, find a root IMG to flash on my phone and then flash it. That would give me root access to the phone. The thing is, if there is no flashable IMG I would develop one by myself. Now I can't find any tutorials or sources of how to build a image like that.
Sent from my SM-G800F using XDA Free mobile app
Click to expand...
Click to collapse
There are several steps to go about to developing a rooting procedure for a device when none has been released yet. The first key step would be to identify whether the device has a looked bootloader. If it does then you will need to resort to an exploit to gain root access rather then flashing a pre-rooted boot.img for example unless you can figure you a way of bypassing the img signature check which in many cases using an exploit is easier. A good basic place to start looking for exploits is here. You will then have to do research on how to exploit the security flaw which involves knowledge of Assembly, C, and Linux. If the bootloader is unlocked you can attempt to make a superboot or autoroot type boot.img which I would suggest taking an existing .img of those types and disasembling them to learn how they were created. Let me know if you still have any questions.

Related

[Q] Has anyone managed to install new Google Now/Search without root?

Not sure if it's possible, but it's the only thing I'm looking to be able to do with my phone right now since I can't root ( HBoot 1.15 problem ).
Could the manual steps outlined HERE work if I'm using a stock phone with now unlock or root? It just seems like there's no need for root with any of these steps, maybe I'm wrong?
Steps:
Manual:
Download The Google Now Apk. [Link below]
Open up Root Explorer and go to your downloaded apk.
Rename the apk to "GoogleQuickSearchBox.apk"
Now go to [System - App] mount R/O and rename "GoogleQuickSearchBox.apk" to "GoogleBackUp.bak"
Now copy the downloaded apk [The one you renamed to "GoogleQuickSearchBox.apk"] to [System - App]
Reboot
Click to expand...
Click to collapse
Why can't you root?
You can still root with the new HBOOT, you just can't get S-OFF, which is not the same thing. And those instructions you quoted won't work without root since Root Explorer requires root.
Yes sorry rather then ask I should have told them that. Use HTC dev unlock, fastboot flasg recovery and then flash root installer. My guide doesn't have any tutorials but it explains just about everything you should know about your phone, its worth a read. I explain soff, HTC dev unlock, recovery, ROM, radios, you name it and I probably already added it. I even have very specific troubleshooting scenarios and I explain the cause (and solution for the harder problems)
I don't want to HTCDev unlock. I'll wait for S-Off for 1.15. I can access the root of my device over this program on my computer without being rooted... Just figured I'd ask.
Root access and accessing the root of your phone are not the same thing. Also for this particular phone, the internal memory is considered the internal SD card, this is not the root filesystem. HTC just uses a screwy workaround. You can unlock and root or remove root relock and restore to stock at anytime and you can do most of what's possible with soff there's no reason to not do so even if waiting for soff
Hmm root some how slipped my mind, I guess I'm off to add an explanation of superuser permissions to my guide
eXplicit815 said:
I don't want to HTCDev unlock. I'll wait for S-Off for 1.15. I can access the root of my device over this program on my computer without being rooted... Just figured I'd ask.
Click to expand...
Click to collapse
yes but you cant copy with out root.
You have to root. And I'd suggest dev unlocking now anyway. You can always soff later if it's found
Sent from my EVO using Tapatalk 2
Yes i have done it
what you have to do is download 2 apks, but first tell what device, is it ics 4.0.3+ etc.

Is root absolutely necessery for flashing ports?

Hi everybody. I learned so much from this forum (and also from others) in one year and tried to share my knowledge to those who try to learn like me.
Now i would like to share one of my experiences. i dont know if someone wrote about this, yet i could not find anywhere in this forum. When we share a "port" for example "s4 keyboard for s3", we say that we need root access in order to use this port. But when i think, if this apk files replace themselves with the original ones and rom thinks that they are the originals, why should we need root access? Of course we need recovery to flash them but do we absolutely need root? And i flashed 3 separate ports (keyboard, launcher and callrecord) into a fresh installed 4.3 MK6 stock rom without root and they worked... and still do... (scripts have to delete odex files automatically)
Installing a recovery will increase the binary counter and since your binary is up why not rooting right? But those who dont want to root their phone but still want to use the visuality, can install a recovery and flash the ports without rooting... Tested and proven...
You need root access for applications/ports that will need to be installed in system directories (that only the superuser can alter). Some directories/partitions are read-only, so you have to mount the them as writable too. It all depends on the application.
alex.sg said:
You need root access for applications/ports that will need to be installed in system directories (that only the superuser can alter). Some directories/partitions are read-only, so you have to mount the them as writable too. It all depends on the application.
Click to expand...
Click to collapse
If editing apps from rom then yes. But if you are flashing them through recovery you dont need root access for read and write permitions. Script also does that itself. Thats what im talking about
Galaxy S3 tapatalk 2 ile

Use Janus vulnerability to get root access?

Hello,
let's assume I have a super-secure Android phone that's known for not being rootable. Let's also assume, I've successfully tried the Janus vulnerability and was able to replace the classes.dex of a system app with a slightly modified one.
As far as I understand it, using the Janus vulnerability, you can only replace the classes.dex but no resources. So whatever is in the classes.dex can only work with the resources already there.
Now the big question: Is there any classes.dex that doesn't depend on specific resources and that I could use to get e.g. a root shell?
I'll try to change a System app to gain higher rights, but i doubt this will be enough to write to system.
github.com/wegeneredv-de/CVE-2017-13156
Use Janus vulnerability to get root access ?
No, I think you can't really. It is maybe possible to root using this exploit by editing a system app because system apps have more rights than "normal" apps which are installed in /data partition. If you really want to use janus exploit to root your phone, try to find a privilege escalation exploit and edit an app to make it execute the exploit. But I think "normal" rooting methods are more efficients. You can install any app on your phone or update any apps, so you don't need Janus. Executing privilege escalation exploit is the only way to root your phone with no (not at 100% true, you can root your phone using recovery, but it is not the subject)
I hope I have helped you,
Have a n1ce day,
Luca
PS : Don't hesitate to thanks me
Yes, you can. You can edit the system upgrade app to make it install a special package (that should be signed by recovery) to root your phone I think.
lucahack said:
Yes, you can. You can edit the system upgrade app to make it install a special package (that should be signed by recovery) to root your phone I think.
Click to expand...
Click to collapse
There's no easier way? Something like copying a "su" binary to somewhere and setting a few filesystem permissions?
mbirth said:
There's no easier way? Something like copying a "su" binary to somewhere and setting a few filesystem permissions?
Click to expand...
Click to collapse
The easiest way is to flash supersu in a custom recovery to root. (link to supersu flashable : https://s3-us-west-2.amazonaws.com/supersu/download/zip/SuperSU-v2.82-201705271822.zip )
lucahack said:
Yes, you can. You can edit the system upgrade app to make it install a special package (that should be signed by recovery) to root your phone I think.
Click to expand...
Click to collapse
I've been looking into that for awhile. I thought it was possible using dirtycow also maybe.
How would a special package still be usable and signed by the recovery?
Wouldn't modification break the recovery signing?
Delgoth said:
I've been looking into that for awhile. I thought it was possible using dirtycow also maybe.
How would a special package still be usable and signed by the recovery?
Wouldn't modification break the recovery signing?
Click to expand...
Click to collapse
If you extract your ota certs from a valid OTA and sign the injected update.zip with those valid signatures it may be possible. That's the latest I've been looking into but the updater binaries are so complicated I don't know how it will work. I think the best option is smali edit within an app like testmode.apk on the K1 that can manipulate system properties and shared preferences. Once you can allow the properties to allow insecure adb or debuggable = true or secure = false you can do the rest of the work in adb. But BB probably has protections that will nullify on reboot.
jcrutchvt10 said:
If you extract your ota certs from a valid OTA and sign the injected update.zip with those valid signatures it may be possible. That's the latest I've been looking into but the updater binaries are so complicated I don't know how it will work. I think the best option is smali edit within an app like testmode.apk on the K1 that can manipulate system properties and shared preferences. Once you can allow the properties to allow insecure adb or debuggable = true or secure = false you can do the rest of the work in adb. But BB probably has protections that will nullify on reboot.
Click to expand...
Click to collapse
I have the Verizon test keys for the G925V 4CPI2 6.0.1, but my s6 edge is currently out of commission until I can find the signed bootloader binaries to upload to the device over the serial port. SDB and SDC are completely gone. I need to inject the data, but don't know the map of the sboot.bin
I had the same idea though. I'm glad I wasn't the only one. It got lost in the cracks because of other projects going on. I saw some malware one time that would install itself by piggybacking on the ota system update process, when you scheduled the update to occur five minutes from the current time. And that process I do believe relied on using a modified CSC or Cache once the process started.

How could I root my phone using TWRP File explorer?

I have TWRP install on my device, and I tried installing Magisk and SuperSU to root it, but neither would install. I don't want to say what my device is because I don't want answers based on my device. I've heard that rooting is all about getting a SU file into a root directory, and I want to try that before getting any other help with rooting my device.
TWRP has a root file explorer I can use to move files into root directories (I also tested it by moving one file into /system, restarting my phone into Android, then restarting it back to TWRP, with the file still being there), I guess the file wasn't being interfered with and stayed where and the way it was. To root my device, what files do I have to place in what root directories?
YousufSSyed said:
I have TWRP install on my device, and I tried installing Magisk and SuperSU to root it, but neither would install. I don't want to say what my device is because I don't want answers based on my device. I've heard that rooting is all about getting a SU file into a root directory, and I want to try that before getting any other help with rooting my device.
TWRP has a root file explorer I can use to move files into root directories (I also tested it by moving one file into /system, restarting my phone into Android, then restarting it back to TWRP, with the file still being there), I guess the file wasn't being interfered with and stayed where and the way it was. To root my device, what files do I have to place in what root directories?
Click to expand...
Click to collapse
Bro the newest root methods patch the boot img of your phone placing files for root is deprecated and if magisk isn't patching your boot img on your device the issue is not with magisk a screenshot of what twrp shows when you try to flash magisk would help out and why would u want supersu its deprecated
([emoji3590]09-09-18[emoji813])
YousufSSyed said:
.. I don't want to say what my device is because I don't want answers based on my device...
Click to expand...
Click to collapse
Because Samsung, Google, Motorola and the other manufacturers do things differently, the steps for rooting will vary from one device to another.
Sent from my Rockchip RK3288 Chromebook using XDA Labs
I should've mentioned that I don't have much experience with tampering android (if I didn't make that clear with my lack of knowledge). I didn't know supersu is deprecated, I'm trying to root my Galaxy S8 950U on Pie, and yes I've heard it's extremely difficult / impossible although I did manage to get TWRP on it. Is there a way to root my device with the TWRP explorer, if possible?
YousufSSyed said:
I should've mentioned that I don't have much experience with tampering android (if I didn't make that clear with my lack of knowledge). I didn't know supersu is deprecated, I'm trying to root my Galaxy S8 950U on Pie, and yes I've heard it's extremely difficult / impossible although I did manage to get TWRP on it. Is there a way to root my device with the TWRP explorer, if possible?
Click to expand...
Click to collapse
Edit:
Looks like your best option is to follow
https://www.google.com/amp/s/forum....msung-galaxy-s8-root-snapdragon-t3659305/amp/
Sent from my PH-1 using XDA Labs
---------- Post added at 01:58 AM ---------- Previous post was at 01:40 AM ----------
The complexity of the previous root method suggests to me that you not going to find an easy solution.
I think you should start a thread in the
https://www.google.com/amp/s/forum.xda-developers.com/galaxy-s8/help
Describe how you got TWRP, or share link to instructions you followed.
Then perhaps others S8 owners can help with the next steps.
Sent from my PH-1 using XDA Labs

Can't install SuperSU with TWRP

Hi everyone. I'm trying to root my Alcatel 1T 7 8067, by using TWRP 3.2.1 and zip SuperSu images, but rooting was unsuccessful.
The last successful root that I got with that method, was on a marshmallow android device (a CATS60), with no issues; but on my recent device (with oreo go), when I try to install supersu by TWRP option "install", it begins to install, and the process log shows apparently an error: "Patching Sepolicy -----Failure, aborting", and when I reboot to system, there is no root access.
As result of those failed attempts, I have tried by installing old versions of supersu with apparent success, but then, when I try to boot the device, it enters into a bootloop.
So I think, that unsuccessful rooting is related to that Sepolicy error ¿Am I right?
I've noticed that there's no SU folder inside /system folder, so, as I understand, it means supersu wasn't installed (I can see that by using the TWRP's file explorer).
So ¿What can I do with that issue?
I've read that Magisk can solve this problem. Following tutorials about, I tried by flashing a magisk patched boot image, but supersu installation issue still continues.
I must say, that I prefer supersu over magisk, because is more familiar to me, but in general what I need, is a system root, a real root access; not a systemless root; and based on my experience, I only can get that with supersu.
@Camilo Gil I don't really understand your point "real root access".
On my Magisk rooted devices I can access any system file and even change it externally and write it back into system.
I used SU previously but as further development has stopped I had to switch anyway.
superSU? do you live in 2010? get rid of that old stuff and use magisk, SupeSu is totally useless in android 7+
bmwdroid said:
@Camilo Gil I don't really understand your point "real root access".
On my Magisk rooted devices I can access any system file and even change it externally and write it back into system.
I used SU previously but as further development has stopped I had to switch anyway.
Click to expand...
Click to collapse
By real root access, I want to mean, that SU binaries are installed on /system folder. As I understand, if that requirement is given, all apps that need root access, can fully work, without any limitations. Recently, I tested magisk, supposedly my device already had root access. Then I installed ES file explorer to give it root access, and it was granted on magisk but root access couldn't be activated in the app. That never happened me before.
As I understand, that's because ES file explorer couldn't find SU binaries, because magisk root method is systemless root.
I hope I would explain myself right.
tutibreaker said:
superSU? do you live in 2010? get rid of that old stuff and use magisk, SupeSu is totally useless in android 7+
Click to expand...
Click to collapse
¡More o less! I live in 2018, or at least that was the last date when I rooted a device (CAT S60, android 6.0). I don't trust on Magisk, just because I couldn't give root access to ES file explorer. That never happened me before. And I know there are many more file explorers; I know that Es file explorer is kinda deprecated, and root explorer works fine; but I want a root access on which any app that needs root access, and that I want to install obviously, can work without any limitation. My firsts impressions of magisk root is that it cannot provide that service.
Now, what you say that supersu is useless, it's worrying to me, because I can't see any other alternative for root access.
¿Why do you say it's useless?
Camilo Gil said:
¡.... I want a root access on which any app that needs root access, and that I want to install obviously, can work without any limitation. My firsts impressions of magisk root is that it cannot provide that service......
Click to expand...
Click to collapse
Yes it can but in a different way.
You're asked once to grant root privileges for each app that needs it and if you let it have root that's it.
Or you grant root temporarily and will be asked every time for this app.
Apps that don't need it don't get it.
You can change your decision afterwards as well.
Btw I use Total Commander with LAN plugin to access my NAS.
bmwdroid said:
Yes it can but in a different way.
You're asked once to grant root privileges for each app that needs it and if you let it have root that's it.
Or you grant root temporarily and will be asked every time for this app.
Apps that don't need it don't get it.
You can change your decision afterwards as well.
Btw I use Total Commander with LAN plugin to access my NAS.
Click to expand...
Click to collapse
With magisk, I grant root access to ES file explorer, but I can't enable it on the app. As I read, that's because ES File Explorer can't find SU folder in system folder (which actually happens on system root), and because of that, some apps like es file explorer, won't detect systemless root or better, to them, systemless root is detected as non root access.
I read that even supersu must be installed as systemless root, because if installed as system root (or what I refer as "real root") on android 7+, causes bootloops. On my particular case, system root causes an endless boot. As I understand, that happens because supersu can't set /system folder to R/W, on android 7+.
On the other hand, I know there are several alternatives to ES file explorer, for instance Root Explorer, Total Commander, etc. But it's just I'm accustomed to it. But also I read that systemless root not only can cause issues with ES File explorer, but also with Viper4android and some other Xposed modules.
PS 1: We should suggest to google, that release an official rooted android version, specially addressed for us, the medium skilled and advanced android users (that normally we like to root android and get the most of it).
PS 2: So finally ¿is there any way to have a working system root access in oreo, or systemless root is the only option?
Camilo Gil said:
... because if installed as system root (or what I refer as "real root") on android 7+, causes bootloops.
Click to expand...
Click to collapse
I can't remember on which LOS version or when I used it the last time before switching to Magisk.
Camilo Gil said:
On my particular case, system root causes an endless boot. As I understand, that happens because supersu can't set /system folder to R/W, on android 7+.
Click to expand...
Click to collapse
Idk
Camilo Gil said:
On the other hand, I know there are several alternatives to ES file explorer,
Click to expand...
Click to collapse
There seem to be several with that name so just tell me it's full correct name and I will install it on my Magisk rooted LOS14.1=Nougat tablet and see if I get problems with it.
Camilo Gil said:
... Viper4android and some other Xposed modules.
Click to expand...
Click to collapse
don't use them so can't tell
Camilo Gil said:
PS 1: We should suggest to google, that release an official rooted android version, specially addressed for us, the medium skilled and advanced android users (that normally we like to root android and get the most of it).....
Click to expand...
Click to collapse
afaik the pure Vanilla is the base from which most custom ROMs are built by the devs and imo most ROMs you can get are not rooted as it's of course a safety hazard.
bmwdroid said:
afaik the pure Vanilla is the base from which most custom ROMs are built by the devs and imo most ROMs you can get are not rooted as it's of course a safety hazard.
Click to expand...
Click to collapse
I know a rooted android is a security and stability hazard of the device. But evidently who wants to root his/her device, is fully warned about its potential consequences. So google could publish a prerooted version, previously warning about its use, warning that its use is exclusively under user responsability, and maybe disclaiming liability for damages. I guess there's no problem if users of that (at the current moment) imaginary OS , are aware of the risk that they are taking by using it. At least, I would use it if could (and as it doesn't exist, it's because I'm trying to root my current one).

Categories

Resources