You’ve got your Smartphone. It’s new, shiny and neat. You can go online from it while you’re out and about and download cool apps to keep you company whenever you get bored. But can you download any app you want? What about custom themes? And did you ever feel like altering or replacing system applications and settings on your phone because they’re not so user friendly? Well, the thing is you can’t do whatever you want with your Smartphone. For security reasons, phone manufacturers and mobile network operators impose software limitations. However, these limitations can be overruled by rooting your Android phone.
If you want the most complete, hands-on way to control what your phone is capable of…it’s best to root it. Rooting gives you access to manipulate your phone in a way that carriers try to keep you from doing.
Rooting is the act of gaining superuser access (root permissions) to the root (main files) of the device’s operating systems, letting apps run at kernel level. Rooting allows for overclocking, however, in Jelly Bean, root is not required to overclock. Overclocking is the most frequently used root application. Root also lets you change system files.
Basically every linux system has an administrator capable of making changes to the computer and access all the files that make the system up. On Mobile phones however, this is locked down for security/warranty reasons etc.
This is a great start, we know that the admin (root) access is there, we are just locked down from using it. So the point of rooting is not to install Super User, it is to trick the system into giving us adb shell as root and therefore allowing us to mount the /system partition as Read/Write (instead of read only).
That is what allows us to change the value of ro.secure in the kernel, which sets the flag that allows us a root shell, instead of a regular (non-privileged) shell. Then we push the SU binary and SU app to the system, which gives us choice as to what apps are allowed su rights and what is not. In other words, we don’t need the SU app to obtain root access. It is just for data protection.
It sounds so simple, but it is not. Since the /system partitions cannot be mounted as read/write by default, and ro.secure=1, we cannot have a root shell and therefore not able to change ro.secure=0. Therefore, it is secure.
In order to gain the root shell we have to find an exploit that will trick the system. We use an exploit (hack, vulnerability) to trick the android OS into giving us a root shell in adb. For example on of them (in simple terms is…)
1. We kill adbd ***(this is the parent) It spawns a shell (adb) based on its rights*** keep this in mind.
2. When it adbd starts up, it must run as root. When it’s done, it will set its id back to a non root user
3. The program (SuperOneClick for ex) races adbd by spawning a process that tries to change its id at the same time (slightly first).
4. Since we are busy changing the id of our fake process, the kernel wont be able to change adbd since it is busy and therefore adbd continues to run as root.
5. Now we can spawn a root shell, because the root rights are passed from adbd to the shell, which is now root.
6. Success! Now let’s set everything up!
There are many ways to root any device but if you’re using a device manufactured by a popular company like Samsung, HTC, Sony, LG or if you own a Nexus then you should look for the rooting procedures on this android hacking community called the XDA, also refrain from asking silly or stupid questions on the XDA as the senior members there are pretty cranky!
Thanks for reading!!
- Rooting (himanshudangerous.wordpress.com)
- Android User Rights (daniweb.com)
- How To Root Your Android Smartphone (ihacklover.wordpress.com)
- How to root your Android phone or tablet – #Tech (execdaily.wordpress.com)