Related
I'm thinking of creating a small archive of files, that when extracted to the SD card root, and applied, will root the phone and apply a firmware in only three steps.
It will only contain four files - the RC29 DREAIMG.nbh file necessary for downgrading, an update.zip that contains the latest SPL and Radio, the latest Cyanogen Recovery image, and a simple script that applies root, SPL/Radio, and your favorite firmware.
I'm not sure if it will work, but constructive criticism and ideas are welcome.
_______________________________________
First method: Root from SD card
This method puts all the necessary files on an SD card, and does not require a computer after that.
Basically, in a zip file, you have the RC29 DREAIMG.nbh, update.zip, and root script.
You extract this to the root of a FAT32-formatted SD card.
You reboot with camera+power, apply the DREAIMG.nbh, reboot.
Once the phone is booted, type in "sh /sdcard/root.sh".
From the exposed root terminal, it will begin the following:
Write the Cyanogen recovery image to flash, move image to system/recovery.img, remove image file
Place commands in /cache for recovery to apply the radio/spl combo package and if it exists, a custom firmware, in the correct order
reboot recovery, performing the above tasks automatically.
Benefits include:
- No telnet app required, not opening up a telnetd, more secure
- Only one command to enter
- No(?) risk on flashing the Hero-compatible radio/SPL out of order and bricking that way, as both are flashed at the same time
- Automates several of the processes in rooting, allowing for a quicker root
- Can be placed on a special "rootkit" sdcard, and used to quickly root your friend's phone in a matter of minutes, anywhere
_______________________________________
Second method: Root from PC
Another method I thought of uses no manual copying to the sdcard, but requires a PC with fastboot(?) and adb.
First, it pushes the RC29 DREAIMG.nbh to the sdcard, and issues a reboot to bootloader.
You press a few keys to write the image, and reboot.
--OR--
First, it pushes an update.zip containing the update just before T-Mobile patched the root kernel exploit, then it puts the commands to flash it and reboots into recovery. After that flashes, it reboots again.
From this point on, it's all automatic.
The script waits for the device to be ready, and adb install's the auto-root exploit apk, and launches the intent through adb shell am start [...]
At this point, the WiFi settings are probably not capable of downloading the Cyan recovery in the case of those of us without data plans, so it will need to be pushed.
Once the autoroot apk flashes the recovery, we must write parameters to flash the radio/spl combo package, and the custom firmware (if applicable), to /cache, and reboot.
At this point, the radio, SPL, and firmware should be pushed and written, so the script exits.
_______________________________________
If this sounds stupid, doesn't make sense, will auto-brick your phones, start global thermonuclear war, make all random numbers generated by your phone divisible by three, cause your meticulously placed lineup of G1 dominoes to collapse prematurely, or boot up the LHC and wind up creating a black hole, I am terribly sorry, but it's an idea I had at 2 in the morning, and it took me this time to research some things and write this post. It's about 5:30 AM now.
This is only an experimental concept. Some things might not be completely thought out. I'm tired, and hungry. I may create a proof-of-concept implementation of this, if I knew a bit more about the syntax of describing intents to launch in 'am', or the command syntax of the package:/META-INF/com/google/android/update-script file.
dont forget that for root from SDcard, EU users need a goldcard, so its still not that easy..
even for insta root from PC, you still need to downgrade, and for that we'll need a goldcard.
why not just use 1click root?
First you have one click root which does give you access to recovery with security off so possible to somehow go from there instead of downgrading and all that hassle. I personally to do not care to see the advancement of this app for the simple fact that there are already a wave of people that can not read and expect hand holding every second of the way and you want to make it even easier to confundle their minds.............are you nuts....
I already have a rooting sdcard for rooting other people's phone that contains one click recovery flasher, cyan 4.04 and the hard spl and it takes me 10 mins to do it just cause off the first boot up takes so long
also you cant have your pc reading the sdcard at the same time that the phone is
The concept is good but...theres many complications to have it done automatically.
I sure would like to see something like this. I have a G1 that I rooted the long way and a MT3G rooted with the one click method. I have enough knowledge to follow instructions and read, I partitioned my own card, so the G1 was doable. I dont have the time or the knowledge to go the long route with the MyTouch gold card ADB route and would love to be able to flash Hero ROMS when I get the bug. I have Cyan's latest on the MT now and its awesome like all his stuff but I would have played with Drizzy's ROMs. For someone like me with a little ability but far less than most people on here, something like this would be the bomb!
not sure if its possible or anything, but there should be some way for the script to check if the phone has a pvt board or not, and if not, it prevents the new spl from being flashed, should reduce noob bricks.
Leave root the way it is I think the harder it is to root your phone the less peaple are going to do it. I spent alot of time reading before I rooted, not so much to learn how to do it, but to decide if I wanted to make the jump. During this reading process I learned the ways of XDA, use search, where to place the right questions and where NOT to and finally read first then ask. With an autonatic root I would have loaded it then freaked out if something went wrong and started posting root questions all over the place. Leave well enough alone... Learning to root give you the right to pursue other adventures.
maybeoneday said:
Leave root the way it is I think the harder it is to root your phone the less peaple are going to do it.
Click to expand...
Click to collapse
Frankly, I didn't root my phone to feel special, so I don't see any benefit whatsoever in less people doing it.
I don't think this will work though. There's too many variables. As described it will only root US phones. UK phones would need RC7, so you'd have to include both and check if the current OS is CRC1 or CRC37 (or respective older/newer versions). But European phones outside the UK (like my German G1) will be on CRC37 too, and those won't take RC7 without a goldcard, so you'd have to automate goldcard creation as well. I'm sure the complications don't end here.
Also, shoving Haykuro's SPL onto inexperienced/unsuspecting/ignorant users' devices is just begging for trouble. Just use HardSPL - the rooting kit won't be able to run Hero-ROMs right away, but at least that won't brick the phone if flashing some rom downgrades the radio. (E.g., I know some official updates do that.)
1 click root is so simple and idiot proof (and im a total panzy noob lol)
i don t think there is any simpler way to do this lol
Frenchtom, nothing is idiot proof, have you been over to the q and a section, if there is a way to do something and good instructions, it will get screwed up cause of people not taking the time to read the complete directions and then read them twice to make sure they comprehend them
Okay, thanks for your input, everybody.
I did know about 1-click root, however I thought that depended on a kernel vulnerability that was already patched in the OTAs. I was looking at a more universal(ish) method, and I did not know about the "goldcard" issue. I did know that UK phones would need RC9, but I failed to include that as I really just wanted to get to bed.
Also, I don't think that root is anything "special", i.e. some sort of elitist egotist symbol that says "I haz root fone and I better than u". Seriously, more people should be allowed to use the more advanced features of their device at their own choosing, knowing that there are risks involved.
People who walk up to someone, say "I got a root phone", shows off some massive demo of awesomeness (i.e. Hero), and doesn't teach others to root the G1 themselves (or worse, charges for instructions that could be found free here) are really the antithesis of an open-minded community of developers adding more features as they feel, for what little donation money they get and the credit of doing something cool for other G1 users.
I do however agree that pushing features that can potentially insta-kill the device on the average person and their grandma, people that wouldn't know what the benefits of root are, and people who would never even have known that their G1 ran Linux (or what Linux is, for that matter), is just asking for trouble. A fair balance between educating people about the phone's internals and making easy-to-install root packages and stuff should be kept.
I learned a lot about Windows Mobile and embedded software when I first flashed a custom ROM to my HTC Wizard years ago. And I actually had a fear that if any small detail were left out, or if I breathed on the phone the wrong way, the flash would fail, white-screen, and brick out.
The G1 is no different, even though the flashing process has come a long way, we still have an IPL, SPL, bootloader mode, many different variations, board revisions, regional changes and operator customizations/lockdowns (I had a Cingular 8125 G3 btw), and many versions of Consumer, Engineering, and HardSPL that have to be treated very, very carefully, just like on the Wiz.
Anyway, anyone's free to try and build a better mousetra--- err, rootkit using my ideas. And thanks plenty to the dedicated developers here, the more enlightened users for helping me find out why this wouldn't work, all the users, without whom, we wouldn't have a reason to develop, and the 17%-or-so of you that dislike my idea.
When I learn a bit more, I might get into making something useful for Android.
repack dreamimg.nbh with everything, so one just has to flash the one image
Oh I am not saying that I think I am special just cause I have a rooted phone, I am also a person that is on here always trying to help walk someone through any issues that may arise,just saying making easier for people to break something because they did not read the instructions is quite common and think that it should take a little bit of work so that you learn in the process
I am fairly new to android. I have been seeing different words that sort of confused me. Like for example, ROM, could anyone explain what this is? Also, what is rooting?
Thank you?
Imaano said:
I am fairly new to android. I have been seeing different words that sort of confused me. Like for example, ROM, could anyone explain what this is? Also, what is rooting?
Thank you?
Click to expand...
Click to collapse
ROM: Read Only Memory, a program used to make changes to anything from the look of the home screen, to icons to custom boot animation
Getting root or rooting your phone is the process of modifying the operating system on your device to grant you complete control over it.
This means you can overcome limitations that the carriers and manufacturers put on your phone, extend system functionality, and even upgrade it to a custom flavor (ROM) of Android
a rom is basically the operating system, instead of being installed like windows it is flashed, it can have built in stuff installed depending on who puts it together, the kernal is what makes it al work with your phone like drivers and all that, rooting is giving you super user access, aka admin rights. without super user rights u cant get access to core system files, after rooted u get a higher level of access to the system. Certain programs from market require root access like rom manager which allows you to make a nandroid back which is exact back up of everything on phone, and u can also enable sideloading allowing you to install apps straight from your sdcard, instead of just from the market.
So would rooting enable my device to download applications from outside the market?
it depends if bubby included it in the one click check his thread out and it will tell u.
just read up in dev section make sure u know what everything is, and there is also a file to get back to stock as you got phone, but depends on what you wanted just root and side loading still same rom that came with phone? if thats it just do gold card and bubbys 1click root. there are other roms that you could try out aswell but like i said check out dev section first and get familiar a little with whats going on.
Ok so theres this security exploit or 4 actually that mainly involve sideloading a specially designed apk called quadroot, i assume that you already have an idea what this is if you're reading this if not then google it. I read that alot of the time root access exploits are found by finding apps that have root access and exploiting them to install su to the system partition. In this case you could potentially create your own. So my question is why isn't this being persued as a viable option? Pleas let the people who know what their talking about speak and if you have no legitimate knowledge of your own (im talking google cut paste) then just syfm please.
that-squirrel said:
Ok so theres this security exploit or 4 actually that mainly involve sideloading a specially designed apk called quadroot, i assume that you already have an idea what this is if you're reading this if not then google it. I read that alot of the time root access exploits are found by finding apps that have root access and exploiting them to install su to the system partition. In this case you could potentially create your own. So my question is why isn't this being persued as a viable option? Pleas let the people who know what their talking about speak and if you have no legitimate knowledge of your own (im talking google cut paste) then just syfm please.
Click to expand...
Click to collapse
Interesting. Will look into it. Will update if I find anything.
*UPDATE*
Checked it out. Useless because we still have locked bootloader. We need SYSTEMLESS root. Anything besides that is useless.
I was under the impression that the bootloader being locked only pertains to trying to install unsigned images, the method used for rooting mm in the same manner as lp would require a modified boot.img and no one has a working system image dump for mm being the reason no one can modify the boot.img. if a app was designed to escalate root access to install super su to the system partition and gain root access that way even temporary we could copy the entire system and make a permanent solution.
Hello All! I am me2151.
I am here to tell you some kind of good news.
We have achieved a temporary root shell using a modified recowvery script. Originally Recowvery installed a custom "recovery" but I have modified it to instead create a temporary root shell using the System_Server SELinux context and disable the flashing portion of the script. Yes we are still limited until we can get Kernel or Init context but I am working on that as well.
This exploit will be useful down the line because of one major thing. WE CAN INSERT KERNEL MODULES!!! But they need to be signed. So I am releasing this out here so we can take the next step into our full root! We also have rw to the /data partition and changes save over a reboot.
If we can get someone to sign a kernel module that the system accepts we can set SELinux to permissive.
This exploit SHOULD work for all variants.
NOTE: This should only be used by devs who know what they are doing.
Instructions(this should work on MacOS and Linux only!):
Download linked file below.
Extract to either adb directory OR a directory you have adb access in.
Give execute permissions to temp.sh.
Run temp.sh.
When you are all done with your exploring and stuff type "Reboot" to reboot normally.
https://drive.google.com/open?id=0B8CP3g3AqMuHcmNJUUJWLUJUelE
Credit:
@jcadduono - For recowvery, and pointing me in the right direction on IRC.
@brenns10 - Wrote the lsh used in the exploit to spawn the shell.
The group over here for ideas and solutions.
Very cool work! Glad to see people putting my shell (such as it is) to good use. Wish I had a V20 to try it out
I don't think you'll ever be able to sign a kernel module (SHA512 hash). You'd probably have better luck signing your own boot image.
Here's a theory to toy with:
I think the way to do it would be to gain read access to /init binary allowing you to dirtycow /init with the same init binary but change a very specific (but not vital to system integrity) set of instructions to point back to the setenforce code with a value of 0 without disturbing the rest of the binary/instructions. This way, init should continue running without crashing and taking down the whole system, and you can do something that might trigger that specific instruction set - which would then result in selinux becoming permissive.
This is beyond me, unfortunately. This method would also be very device specific until someone also finds an intelligent way to read init, modify instructions, then dirtycow it back.
I think system server context might be able to read init?
Once you get your permissive selinux, you'll also have to deal with Unix capabilities limitations (find a way around them).
jcadduono said:
I don't think you'll ever be able to sign a kernel module (SHA512 hash). You'd probably have better luck signing your own boot image.
Here's a theory to toy with:
I think the way to do it would be to gain read access to /init binary allowing you to dirtycow /init with the same init binary but change a very specific (but not vital to system integrity) set of instructions to point back to the setenforce code with a value of 0 without disturbing the rest of the binary/instructions. This way, init should continue running without crashing and taking down the whole system, and you can do something that might trigger that specific instruction set - which would then result in selinux becoming permissive.
This is beyond me, unfortunately. This method would also be very device specific until someone also finds an intelligent way to read init, modify instructions, then dirtycow it back.
I think system server context might be able to read init?
Once you get your permissive selinux, you'll also have to deal with Unix capabilities limitations (find a way around them).
Click to expand...
Click to collapse
if system_server can read init then thats a serious flaw.... Question for you. you said it would be very device specific. does that mean its unique for each individual phone or each model?
EDIT:Unfortunately we only have access to the init.rc not the binary it self.
@jcadduono I appreciate your input and direction in this matter another idea we have been toying with is
We have the aboot boot recovery and system dump. From the tmob variant would it be possible to make a tot from that for our devices changing the props to match our device, build, and carrier info? We can also pull apks from /system/apps and /privapps to our ext sdcard
@me2151, @jcadduono, @brenns10: Great work guys, keep it up. Good to see some people are trying for root. What model/s are being tested, or should this theoretically work on all models? Whilst you probably aren't doing it for the cash, there is a bounty I hope someone can claim soon, for a functonal root alone (not boot unlock) posted on this board.
RoOSTA
roosta said:
@me2151, @jcadduono, @brenns10: Great work guys, keep it up. Good to see some people are trying for root. What model/s are being tested, or should this theoretically work on all models? Whilst you probably aren't doing it for the cash, there is a bounty I hope someone can claim soon, for a functonal root alone (not boot unlock) posted on this board.
RoOSTA
Click to expand...
Click to collapse
It should work on all models. I personally use a sprint model(LS997). I think it MAY have been tested on VZW as well.
I can confirm that work on H990DS
Sent from my MI PAD using XDA-Developers mobile app
We know from earlier LG phone releases that the laf partition when bypassed in some way (corrupted, etc) aboot will boot to fastboot when going into download mode. It was my thought that the bootloader could be unlocked from there. However corrupting laf eliminates device recovery. Catch-22.
I think the best way to proceed is to get a working .TOT first which is just a waiting game. That would ensure device recovery and replacing the bootloader in the .TOT and signing it with something unlockable.
This is a great way to explore the locked phones in the meantime, thanks.
ATT Pretty Please
me2151 said:
Hello All! I am me2151.
I am here to tell you some kind of good news.
We have achieved a temporary root shell using a modified recowvery script. Originally Recowvery installed a custom "recovery" but I have modified it to instead create a temporary root shell using the System_Server SELinux context and disable the flashing portion of the script. Yes we are still limited until we can get Kernel or Init context but I am working on that as well.
This exploit will be useful down the line because of one major thing. WE CAN INSERT KERNEL MODULES!!! But they need to be signed. So I am releasing this out here so we can take the next step into our full root! We also have rw to the /data partition and changes save over a reboot.
If we can get someone to sign a kernel module that the system accepts we can set SELinux to permissive.
This exploit SHOULD work for all variants.
NOTE: This should only be used by devs who know what they are doing.
Instructions(this should work on MacOS and Linux only!):
Download linked file below.
Extract to either adb directory OR a directory you have adb access in.
Give execute permissions to temp.sh.
Run temp.sh.
When you are all done with your exploring and stuff type "Reboot" to reboot normally.
https://drive.google.com/open?id=0B8CP3g3AqMuHcmNJUUJWLUJUelE
Credit:
@jcadduono - For recowvery, and pointing me in the right direction on IRC.
@brenns10 - Wrote the lsh used in the exploit to spawn the shell.
The group over here for ideas and solutions.
Click to expand...
Click to collapse
At the moment all I am using root for is to add a line within my build.prop to disable Tethering checks, so I can tether at full 4G speed and not get throttled. Would this be possible using the method above, or would build.prop immediately get replaced at the reboot?
Thanks, and keep up the good work!
NRadonich said:
At the moment all I am using root for is to add a line within my build.prop to disable Tethering checks, so I can tether at full 4G speed and not get throttled. Would this be possible using the method above, or would build.prop immediately get replaced at the reboot?
Thanks, and keep up the good work!
Click to expand...
Click to collapse
no. it is a tcp root shell that can only do a few things such as kernel modules.. only section we were able to write to and have it stick was the /data partition which wont help you in this scenario
elliwigy said:
no. it is a tcp root shell that can only do a few things such as kernel modules.. only section we were able to write to and have it stick was the /data partition which wont help you in this scenario
Click to expand...
Click to collapse
So if we can write to data partition then in theory can we adb push to it using this? I ask because I'd like to install some tbo apps that normally would require flashing. But if we could push them we would be solid
markbencze said:
So if we can write to data partition then in theory can we adb push to it using this? I ask because I'd like to install some tbo apps that normally would require flashing. But if we could push them we would be solid
Click to expand...
Click to collapse
Unfortunately its a tcp shell. not a pure adb shell. so we cannot push or pull to those directories
Wow great progress keep up the good work. You guys are helping those assholes from LG sell more phones. Obviously some people have not made the switch because the lack of root. Root users are very influential leaders to get others to try out a new device.
Sent from my LG-LS997 using XDA-Developers mobile app
Works on the LG G5 also...
Hey guys, with the expectation of many that 'root is coming' to the other v20 models...are we likely to see the same type of root format that applied to the LG G4, where you have to (either) download or rip your own image to a PC. Use commands to insert root, then reflash to the device?
Any root is better than nothing, I know...but I ask because with the amount of software updates for the G4 (v10c software through to v10k before MM came out), meant the sheer amount of times you'd have to go through this process to keep your phone up to date whilst maintaining root was extremely frustrating - as it also meant xposed and related settings/apps needed to be reinstalled each time you performed an OTA update and re-flashed root.
Is this going to be a side effect of dealing with a locked bootloader? PS: If I sound dumb, it's probably because I am.
RoOSTA
roosta said:
Hey guys, with the expectation of many that 'root is coming' to the other v20 models...are we likely to see the same type of root format that applied to the LG G4, where you have to (either) download or rip your own image to a PC. Use commands to insert root, then reflash to the device?
Any root is better than nothing, I know...but I ask because with the amount of software updates for the G4 (v10c software through to v10k before MM came out), meant the sheer amount of times you'd have to go through this process to keep your phone up to date whilst maintaining root was extremely frustrating - as it also meant xposed and related settings/apps needed to be reinstalled each time you performed an OTA update and re-flashed root.
Is this going to be a side effect of dealing with a locked bootloader? PS: If I sound dumb, it's probably because I am.
RoOSTA
Click to expand...
Click to collapse
it shouldnt be an expectation as weve made it clear we do not have root and are hitting hurdles.. we have been advised we need to atack selinux and or the bl but at this point were wanting to try to use debug firmware which hoprfully would allow a bl unlock..
unfortunately nobody can creat a .tot with the debug firmware at al and theres no way at all to flash the images..
we need to somehow leverage an exploit to gain a temp adb root shell before we could even attempt anything and this has not been done in a way thats useful to us..
unfortunately we need more experienced devs at this point.
LG Australia (and as such, Taiwan) have effectively confirmed their H990DS v20 mobile phone's bootloader is confirmed as being unlockable. However (and for no apparent reason) they will not confirm why one region have released a variant of the phone with the bootloader unlock and why they are refusing this to others phones/regions. Because of course, they have zero training and information about anything related to their company expect for goods released in a specific region. That comes from a 'product expert'
Titanium Backup
Howdy,
Just reading through the thread, I understand that it's not quite a "full" root, but would it be enough to run Titanium Backup? I'm hoping to move away from root access with my V20 but it would be really helpful if I could do it temporarily, restore some application and data backups, reboot and uninstall Titanium.
Tim
Hi all,
According to you, is rooting your device or unlock its bootloader a way for making it less secure, more vulnerable to attacks ?
Is it a false idea or a real subject ?
iwanttoknow said:
Hi all,
According to you, is rooting your device or unlock its bootloader a way for making it less secure, more vulnerable to attacks ?
Is it a false idea or a real subject ?
Click to expand...
Click to collapse
Yes it definitely is less seure
IronRoo said:
Yes it definitely is less seure
Click to expand...
Click to collapse
Thanks for your reply.
Coud you please give us more details ?
Do you mean that it can be hacked ?
What device's components are less secure when the it's rooted ?
iwanttoknow said:
Thanks for your reply.
Coud you please give us more details ?
Do you mean that it can be hacked ?
What device's components are less secure when the it's rooted ?
Click to expand...
Click to collapse
Yes, basically everything is less secure. Eg
quote "By gaining root access, you get total control over the entire system. With the right skills and tools, you can read and modify almost any parameter on your device. This is the reason why some apps, as as SuperSU, require root access in order to work properly. However, this type of access is a double edged sword as with root access nothing is there to prevent malicious applications from wreaking havoc on your system: system files can be corrupted or deleted, personal information can be skimmed, and you could even soft brick your device."
https://www.androidpit.com/5-reasons-not-to-root-your-device
And possible even just having su binary installed is an issue, though it's not clear to me whether this has been confirmed, it seems precautionary to me, if it's just a LinageOS issue or more devices are vulnerable, however this weeks update to Linage OS is trying to address this. Anyhow the fix seems to have some extra benefits
https://lineageos.org/Changelog-9/
Also, just to be clear, you are still able to be hacked even if you are not rooted, but it's a whole lot more difficult.
iwanttoknow said:
Thanks for your reply.
Coud you please give us more details ?
Do you mean that it can be hacked ?
What device's components are less secure when the it's rooted ?
Click to expand...
Click to collapse
Also just to be a tad bit more correct in nature,
Rooting or unlocking your bootloader do NOT necessarily mean your device is any less secure than it is when you first turn it on after purchase.
Many people tend to misunderstand what rooting a phone is intended for, and most of the popular "One-Click" methods are simple apps you download install and run on your phone to acquire root access through a process called "Privlidge Escalation" which gains permission as root by simply climbing a chain that eventually lets it give you access to all your phones internals,
Thus in theory, any given app could be injected with that same code & then used to MALICIOUSLY root your device (without your knowledge or control) which would obviously be a MAJOR security flaw *Cough Cough* on Google's end *Cough Cough* but since it is generally only used by geeks who want to use a phone properly they don't look too much deeper past that. However rooting your device by yourself, unlocking your bootloader by yourself, controlling root permissions via SuperSU or like application ensures if anything TRIES to gain root access YOU being the owner of YOUR device can deny the possible threat instead of never being aware of it........
Thanks for your reply.
What is *Cough Cough* ?
BTW I understand that a malicious application can take control of my device without I know it, if it's not rooted, by using the same code as applications rooting your device.
Do I have well understood what you wrote ?
But how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application...
It's a veritable vicious circle.
?
The question you should be asking yourself is this. Why do I want to root my device?
Though, any device may have vulnerabilities which can be exploited to gain root like mentioned. If you want to keep your device secure, do not install or use anything from an unknown source.
samehb said:
The question you should be asking yourself is this. Why do I want to root my device?
Click to expand...
Click to collapse
My main raison to root my device (if I did), would be to have a finest control on it.
But it's seems to be a difficult goal... like security in general.
?
iwanttoknow said:
My main raison to root my device (if I did), would be to have a finest control on it.
But it's seems to be a difficult goal... like security in general.
?
Click to expand...
Click to collapse
SuperSU will automatically deny anything asking it to provide root access by default . When you have an app for rooted phones installed and you run it for the first time you will get a pop-up from the SuperSU app to say "Yes, go ahead" or "No!" to anything before it even runs. So for me I always try to get devices with a way to root available because its the only way I know if stuff is trying to gain root access without my permission & watch it's actions.
@LilAnt530
Thanks for your reply.
My previous device was rooted and I used SuperSU.
But as I wrote before, "how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application..."
iwanttoknow said:
@LilAnt530
Thanks for your reply.
My previous device was rooted and I used SuperSU.
But as I wrote before, "how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application..."
Click to expand...
Click to collapse
Oh okay dude apologies the Open Source alternative to SuperSU is Phh's SuperUser & you can find it in the magisk related forum. SuperUser is only questioned as "Malicious" because ChainFire keeps the source closed from what I understand, so I believe it was Phusssion who came to light abt showing us systemless root methods with his open source root management app . You may need to root your phone with an unsafe method, & install Magisk Manager & deploy a magisk install to get the open source variant to work though, not 100% sure
It seems that it will be more and more difficult to root a mobile with new Android's versions.
iwanttoknow said:
It seems that it will be more and more difficult to root a mobile with new Android's versions.
Click to expand...
Click to collapse
I agree! And it also feels like its becoming a very heavy marketing plot aspect instead of another thing that made Android great. Like are we just supposed to pay ridiculously for the Pixel to obtain root? & for the record, that "Essential" phone, is still sorta essentially too expensive......
iwanttoknow said:
@LilAnt530
Thanks for your reply.
My previous device was rooted and I used SuperSU.
But as I wrote before, "how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application..."
Click to expand...
Click to collapse
Phh superuser with Magisk is a 100% open source method for managing root access on your device
Also discussed there: https://forum.xda-developers.com/showthread.php?t=2687933
Primokorn said:
Also discussed there: https://forum.xda-developers.com/showthread.php?t=2687933
Click to expand...
Click to collapse
Thanks I was trying to find one of those lol. As ive seen this question asked hundreds of times within recent months across forums
iwanttoknow said:
Hi all,
According to you, is rooting your device or unlock its bootloader a way for making it less secure, more vulnerable to attacks ?
Is it a false idea or a real subject ?
Click to expand...
Click to collapse
Rooting is a way to access the root-user on Android. It is the exact same as logging in as the root user in UNIX based operating systems. The windows equivalent of 'root' user, is an administrator account. Only difference is, within other UNIX based operating systems, the root user account is easily accessible. In android, it is blocked, so you need to do some process to gain access to the root user account. This process is known as "rooting".
Now, with administrative privileges, you gain the ability to modify the system, which is very useful, if kept in the right hands. But GOD FORBID, you get some nasty malware, such as a trojan or virus on your rooted device, that piece of malware now has access to administrative privileges, and can virtually do ANYTHING it wants to your system.
If you get some malware while the device does not have root access, the scenario is a lot less serious, as the malware cannot access system files, UNLESS there is an exploit designed SPECIFICALLY for that device or software version.
Now, unlocking bootloader in theory is a security flaw.... but then again, freedom is always inversely proportional to security... you have to sacrifice a bit of one to acquire the other. Theoretically, if all the custom operating systems you install are from trusted sources, and there is no embedded backdoors or spyware, or rootkits, or trojans, it is perfectly alright, software vulnerabilities, it is alright. But you simply cannot trust what these developers of custom roms actually embed into their roms, without actually examining the code itself.
I would recommend if you root and unlock the bootloader, install a custom recovery software such as TWRP. That way, in case your device gets compromised by hackers/malware, you can completely reformat the drive, and flash the stock firmware, thereby removing the malware.
Hope this helps.
Hope this helps.
---------- Post added at 09:31 AM ---------- Previous post was at 09:28 AM ----------
iwanttoknow said:
It seems that it will be more and more difficult to root a mobile with new Android's versions.
Click to expand...
Click to collapse
Yes, but the difficulty isn't because of the operating system necessarily. It is mostly because the phone manufacturers lock the bootloader, which makes the process of getting root very difficult. In addition to that, certain exploits that we use to gain root access are also being patched in the newer Android versions.
BIG_BADASS said:
Rooting is a way to access the root-user on Android. It is the exact same as logging in as the root user in UNIX based operating systems. The windows equivalent of 'root' user, is an administrator account. Only difference is, within other UNIX based operating systems, the root user account is easily accessible. In android, it is blocked, so you need to do some process to gain access to the root user account. This process is known as "rooting".
Now, with administrative privileges, you gain the ability to modify the system, which is very useful, if kept in the right hands. But GOD FORBID, you get some nasty malware, such as a trojan or virus on your rooted device, that piece of malware now has access to administrative privileges, and can virtually do ANYTHING it wants to your system.
If you get some malware while the device does not have root access, the scenario is a lot less serious, as the malware cannot access system files, UNLESS there is an exploit designed SPECIFICALLY for that device or software version.
Now, unlocking bootloader in theory is a security flaw.... but then again, freedom is always inversely proportional to security... you have to sacrifice a bit of one to acquire the other. Theoretically, if all the custom operating systems you install are from trusted sources, and there is no embedded backdoors or spyware, or rootkits, or trojans, it is perfectly alright, software vulnerabilities, it is alright. But you simply cannot trust what these developers of custom roms actually embed into their roms, without actually examining the code itself.
I would recommend if you root and unlock the bootloader, install a custom recovery software such as TWRP. That way, in case your device gets compromised by hackers/malware, you can completely reformat the drive, and flash the stock firmware, thereby removing the malware.
Hope this helps.
Hope this helps.
---------- Post added at 09:31 AM ---------- Previous post was at 09:28 AM ----------
Yes, but the difficulty isn't because of the operating system necessarily. It is mostly because the phone manufacturers lock the bootloader, which makes the process of getting root very difficult. In addition to that, certain exploits that we use to gain root access are also being patched in the newer Android versions.
Click to expand...
Click to collapse
Thanks a lot for your detailed answer.
If you need security, just root and install supersu or magisk.
If you have xposed framework, then try a nice fire wall like Xprivacy
As far as I can tell both SuperSU and Magisk are trusted and reliable, people wouldn't be using them, if they were untrustworthy. And I agree with Big's comments, freedom and ability to manipulate what you want in the device comes with a significant security issue. You are going to have to be careful about this either way.