Running a rooted G2 here, and I just installed the new US Bank app (com.usbank.mobilebanking). Upon initial launch, it requests root. If I deny the request, it looks like it would still work, but I'm concerned about what they would attempt to do with it if granted, and why they feel a need to do so. I haven't pulled logcat info yet, but I have a screenshot of the superuser request as proof.
Any thoughts? Here's mine:
Where did you download it from?
What permissions does it list?
LOL...
this had me cracking up...
I dont think I would be installing this one..
funny... nice catch
Most likely the same **** as the Blizzard Authenticator. With a rooted device, you can steal the applications /data and restore it onto another device, thus stealing *your* settings.
An application CAN refuse to run if it finds your device is rooted, whether you accept or deny the root request, and there is nothing stopping the application reporting back IMEI/IMSI and any other default stuff.
For clarification, this is the official app from US bank. I was informed about it from my bank when I logged in from the computer, and they provided a qr code pointing at com.usbank.mobilebanking on the market. I'm working on a cyanogenmod build machine, and I'm gonna look into figuring out a way to change the way superuser works to provide a third option to give the app a fakeroot style environment with a full transcript of commands run, and their output. I'm inclined to doubt my bank would pull anything really stupid with it, but then, you'd think sony would have been smarter than to rootkit peoples machines with audiocd's so many years ago too... At the least, there should be an easier way to answer the question "what is that app trying to do with a root shell?"
Ended up looking at it through dedexer. It seems a company called mcom created at least parts of the app, and their library has functions for detecting and logging to logcat rooted device status and weather the input method is custom or not. I suspect that these mcom functions are called based on policy from the bank in charge of a particular app, because I can't seem to get it to request root anymore. It appears that when it did, all it would have done is immediately destroyed the root shell and logged a warning to logcat.
fwiw, the way I was able to do it looked something like this:
$ java -jar ddx1.15.jar -d mobilebanking classes.dex
$ cd mobilebanking
$ grep -r \"su\" *
A custom su with fakeroot and logging via a third option would be neat though... I might still work on that.
acolwill said:
Most likely the same **** as the Blizzard Authenticator. With a rooted device, you can steal the applications /data and restore it onto another device, thus stealing *your* settings.
An application CAN refuse to run if it finds your device is rooted, whether you accept or deny the root request, and there is nothing stopping the application reporting back IMEI/IMSI and any other default stuff.
Click to expand...
Click to collapse
While I still have a method to figure out what an app would do with root fresh in my mind, I'm gonna take a look at that there Blizzard Authenticator... I've never used it, as Blizzard is on my do not trust list, and I think this might be interesting....
Blizzard's auth seems to do the same basic thing. It has a function called "isDeviceRooted" which seems to return true any time the su command can be run, though it nags the user for having root.
I started working on a custom su setup which allows you to log what programs try to do as root. So far, that entails recompiling the su binary, as well as busybox. It's in rough shape yet, so current "release" will just be a pastebin dump here:
http://pastebin.com/fiqQPeFq <- patch to su.c to use a logfile
http://pastebin.com/37NJyxQh <- new busybox config with support for the 'script' command used by my custom su, along with a few other small changes.
If you can compile it, you should be able to figure it out as well. Once I can make it a little cleaner (eg, logging as a checkbox on the accept/deny screen, instead of always being done), I'll make a more proper release, but maybe someone will find it useful here.
Related
I modded the Superuser Whitelist app to look better, because I thought it looked pretty ugly, and was really disruptive taking up the whole screen. It also shows actual app names instead of package names and UIDs. For some su binaries, this won't work, because it's not signed properly (it's signed with the Sirius Apps key), but it should work with any su binary that doesn't care. (it works on my custom rom with the su binary from JF1.5, and that's all I know)
(some screenshots attached)
Download: http://www.siriusapplications.com/superuser-cool-version.apk
Disclamer: This may not work at all, or blow up your phone, but it works for me. The source is taken from http://code.google.com/p/superuser/ with a few mods.
So do you think this will work on the HTC Hero (the actual phone, not just the rom)? Im building a rom and would love to include this.
chuckhriczko said:
So do you think this will work on the HTC Hero (the actual phone, not just the rom)? Im building a rom and would love to include this.
Click to expand...
Click to collapse
if the normal superuser works then this one will
Liken the overall design
great job
isaacwaller said:
I modded the Superuser Whitelist app to look better, because I thought it looked pretty ugly, and was really disruptive taking up the whole screen. It also shows actual app names instead of package names and UIDs. For some su binaries, this won't work, because it's not signed properly (it's signed with the Sirius Apps key), but it should work with any su binary that doesn't care. (it works on my custom rom with the su binary from JF1.5, and that's all I know)
(some screenshots attached)
Download: http://www.siriusapplications.com/superuser-cool-version.apk
Disclamer: This may not work at all, or blow up your phone, but it works for me. The source is taken from http://code.google.com/p/superuser/ with a few mods.
Click to expand...
Click to collapse
Awesome. Im gonna package this into my rom when I test it and it works. I will also cross post this thread over into the Hero community (GSM and CDMA) so everyone can benefit from this awesome app. Thanks!
Installed, but it doesn't replace superuser. Is there way to replace?
pilnik11 said:
Installed, but it doesn't replace superuser. Is there way to replace?
Click to expand...
Click to collapse
I've come to the same issue. I replace the superuser.apk file in /system/app but it still shows the old one. Any ideas?
i think my "sp" is better.but it's just a new icon...
And another one.
Code:
http://www.4shared.com/file/153947578/b29fb305/superuser2-signed.html
A little thought:
I would SERIOUSLY recommend against using software like this without having FULL ACCESS to the SOURCE, and actually compiling it yourself.
Note: I am *NOT* saying anything bad about the OP, just that this kind of thing REALLY requires a lot of caution and there is really no way to verify the identity of anyone here.
The reason is that by definition, a superuser whitelist APP will itself be able to control who does and does not have root access.... including ITSELF. And with root, you have no limits to your havoc.
lbcoder said:
A little thought:
I would SERIOUSLY recommend against using software like this without having FULL ACCESS to the SOURCE, and actually compiling it yourself.
Note: I am *NOT* saying anything bad about the OP, just that this kind of thing REALLY requires a lot of caution and there is really no way to verify the identity of anyone here.
The reason is that by definition, a superuser whitelist APP will itself be able to control who does and does not have root access.... including ITSELF. And with root, you have no limits to your havoc.
Click to expand...
Click to collapse
That's a good point. I tend to be trusting which could be a bad thing. Could the OP please send us the source to verify it's legit? Nothing against you as lbcoder said, just to be on the safe side.
I dumped the source onto GitHub: http://github.com/isaacwaller/a-cooler-superuser
(I am in NO WAY proud of this source code - it is messy, hacky, and terrible. I just wanted to quickly whip up something.)
First of all this isn't a "what is root!??!!??" nor a "OMG I BRICKED MY PHONE SOMEONE HALP!" type of question.
This is more of a "I want to understand what's going on under the hood" type of question.
I'm asking this because I haven't seen the answer anywhere and it'd probably take me several days putting together a bunch of tidbits of information about this to understand it.
What does getting root on an Android device involve? I've used 1-click tools, flashed kernels that include root (CF-Root, for example), used adb and nvflash. What goes on at the OS level?
Thanks in advance to any helpful soul that replies!
pretty much its granting sysadmin rights to your phone.
It gives you admin level access to the operating system. You can customize apps, looks, performance and a good host of other things including backups, flashing ROMs etc..
Thanks guys, but like I said, I know what rooting is and what it's for. I have both of my android devices rooted (Galaxy S and Asus Tablet).
What I want to know is, when you root a device, what's modified, what does rooting actually involve, under the hood.
Root is a Linux term. In Linux based operating systems there is a predefined user account called root. When a device I shipped to you, the manufacturer has prevented you from being able to be root user for safety, and to prevent you to add, remove or modify things at a system level. When you perform the procedure of rooting your device, you change the su binary in the system directory, usually through a security exploit, to remove these restrictions that the manufacturer has bestowed upon your device, and now you have full access to anything on your phone
Hope this is helpful, and I case you do not read my awesome signature, please hit the thanks button to show your appreciation if this helped
Root is a Linux term. In Linux based operating systems there is a predefined user account called root. When a device I shipped to you, the manufacturer has prevented you from being able to be root user for safety, and to prevent you to add, remove or modify things at a system level. When you perform the procedure of rooting your device, you add su binary in the system/bin directory, usually through a security exploit, to remove these restrictions that the manufacturer has bestowed upon your device, and now you have full access to anything on your phone
Hope this is helpful, and in case you do not read my awesome signature, please hit the thanks button to show your appreciation if this helped
Thanks again but, again that's not what I'm asking. OK here goes again:
- I know what rooting is
- I know what root is for
- Both my phone and my eePad are rooted
- I know what su is. I've used Linux and UNIX
What I want to know is, what is actually modified on the android OS when rooting the phone!
Is the kernel modified?
are permissions modified?
Is it an API thing?
Sent from my Transformer TF101 using Tapatalk
Rooting usually consists of 2 parts, the vector and payload:
All those rooting apps use various exploits to insert the payload. On devices that can install custom recoveries without rooting (ie unlocked bootloaders) they can merely use the recovery to directly install the payload.
There's dozens of vectors including making a 'superboot' kernal which include the payload and installs it on the first boot (i think?)
The payload is minimally the SU binary and the superuser app. Both are made by the same guy.
On the Dell Streak (which has an unlocked bootloader) rooting is just flashing an update.zip containing the SU binary and superuser app. A simple copy to /system. Newer rooting apps also include patches to plug up the exploit that they used themselves. Gingerbreak includes a dummy /system/bin/profile that plugs up the exploit used to install itself(?)
If the kernel is modified it's prob at runtime and not a hard patch, if it modifies it at all (i dont know), my assumption is that the linux kernal in android retains hooks that SU uses to link up with the system and normally it's simply not enabled by not including a SU binary. The superuser app of course just more or less a front end to SU (settings and logging)
Unlocked bootloader devices are likely the most reliable to root since they dont depend on exploit vectors, as updates plug them up they have to find a new vector or modify them, which means that there are open vectors that actual malware can use. Using a custom recovery to flash is the intended purpose of having an unlocked bootloader.
I'm very new to this so please forgive this old man. I'm 60 years old and bought a brand new Viewsonic G Tablet. Then after getting it I searched the internet on how to make it better. Seems everything depends upon "rooting" the device. I spent the day and now it's 11pm searching the net, watching youtube videos and reading about but no one actually gives you a step by step answer. I'm hoping one of you fine people help me out, please.
I guess I was wrong. Not one person has stepped forward to help me. Thank you so very much. I know what rooting is but what I don't know is how to root my Viewsonic G Tablet 2.2. You'd think I was asking for the code to a Swiss Bank Account. LOL With PC's I'm a wiz, or was until I reached 55 or so and then things were just going so fast and over my head. But when it comes to this, I'm like a brand new student trying to learn Japanese. All I need is for someone to please give me a step by step instruction on how to do it. If you'd like, I'll Paypal you some money for helping me.
Thank you
Philip Bock CSM US Army (Retired)
Thanks Manil! That's what I was looking for! It seems that most devices have a locked bootloader, and now I understand why it takes a bit longer (more than a few hours) to root each new device,
Sent from my Transformer TF101 using Tapatalk
pabock said:
I'm very new to this so please forgive this old man. I'm 60 years old and bought a brand new Viewsonic G Tablet. Then after getting it I searched the internet on how to make it better. Seems everything depends upon "rooting" the device. I spent the day and now it's 11pm searching the net, watching youtube videos and reading about but no one actually gives you a step by step answer. I'm hoping one of you fine people help me out, please.
I guess I was wrong. Not one person has stepped forward to help me. Thank you so very much. I know what rooting is but what I don't know is how to root my Viewsonic G Tablet 2.2. You'd think I was asking for the code to a Swiss Bank Account. LOL With PC's I'm a wiz, or was until I reached 55 or so and then things were just going so fast and over my head. But when it comes to this, I'm like a brand new student trying to learn Japanese. All I need is for someone to please give me a step by step instruction on how to do it. If you'd like, I'll Paypal you some money for helping me.
Thank you
Philip Bock CSM US Army (Retired)
Click to expand...
Click to collapse
I searched for "Viewsonic G Tablet 2.2 root" and found this http://droidpirate.com/2010/11/27/how-to-root-your-viewsonic-g-tablet/
Looks promising, no garantees though.
Hello,
I have a question about how the "superuser"-app works behind the scenes.
As far as i know: The "superuser"-app can be used to grant root-permissions only to the programs, that I want. All other programs are still not running in root. Is this right?
If I'm right on that... Why does only the app super-user does have root after rooting the phone via e.g. the zergrush-exploit and other apps still not have root permissions although the phone has been rooted? Isn't there a security gap ?
In my point of view it could be possible, that any other app could take the root-rights just like the app "superuser" does it. If I'm not right, I don't get it, why only "superuser" gets root and all other apps can't get root unless "superuser" gives them root...
Isn't it a security gap? I just don't get it... how is this achieved?
Is it absolutely (or nearly absolutely) safe, that no other programs can get root-permissions when I use "superuser"? As I already said before, I'm really curious about, why or how this can be achieved and "guaranteed"...
Thanks in very much advance.
Kind regards
mr. salt
I think it's barely possible, that I'm the only one who is interessted how this app is working or wondering about the same security issues, which come along with my questions above?
I would appreciate an sophisticated answer very much!
greetings
mr. salt
sea_salt said:
Hello,
I have a question about how the "superuser"-app works behind the scenes.
As far as i know: The "superuser"-app can be used to grant root-permissions only to the programs, that I want. All other programs are still not running in root. Is this right?
If I'm right on that... Why does only the app super-user does have root after rooting the phone via e.g. the zergrush-exploit and other apps still not have root permissions although the phone has been rooted? Isn't there a security gap ?
In my point of view it could be possible, that any other app could take the root-rights just like the app "superuser" does it. If I'm not right, I don't get it, why only "superuser" gets root and all other apps can't get root unless "superuser" gives them root...
Isn't it a security gap? I just don't get it... how is this achieved?
Is it absolutely (or nearly absolutely) safe, that no other programs can get root-permissions when I use "superuser"? As I already said before, I'm really curious about, why or how this can be achieved and "guaranteed"...
Thanks in very much advance.
Kind regards
mr. salt
Click to expand...
Click to collapse
Ok let me see if I can explain this the best way I can. When you root your phone you are giving yourself the ability to run apps that require root. This ability is turned off by default in android. Now lets compare this to Linux, when you run an app as root you have t run the sudo command and then enter your password each and every time you want to run it with rooted rights. SuperUser is an app that when prompted will remember the selection you choice so you dont have to allow it every time you run the app and with out opening a terminal to type the commands to allow it to run as root.
You are looking at the app of super user more as a stand alone app instead of being a front end UI for the commands that you would have to run to get the same out come.
As for the security, to be honest the best security is common sense. As it is a simple fact that PC, phone, internet, server ect security is only as good as the hacker trying to get into it. If he/she really wants your info they are gonna get it. Take a look at what happened to the US DOD and they have a far more secure setup then anything on the market.
NOTE: I cannot guarantee that this method will pick up Droiddream. However, according to my sources, this method will theoretically notify you in real time when you install an app infected with Droiddream.
That aside, here's my setup:
Profile: Action>File>File Modified "/system/bin/profile"
Task: Airplane Mode>On (to prevent any personal information disclosure); Flash "*** WARNING: Droiddream detected!!! (Tasker)"; Wait>5 secs; Goto>Action 1.
Explanation: Droiddream uses a root exploit rageagainstthecage to try to gain root access within app. This is needed to install a script to /system/bin which the malware can then execute, allowing the malware to inspect personal information tied to the phone (who knows what). By having Tasker detect the installation of the script, it will notify you immediately to take action. We *could* include a Tasker-based uninstaller here, you would need root access though. Sources say that if we put an empty /bin/profile in place with the right permissions (aka no permissions), this will disable Droiddream. Feel free to add on to this if you wish. My goal, however, is simplicity, and no additional apps.
Hopefully this helps many, and please do reply with your findings! Also hit thanks if you liked my method! Thank you!
--
Pics attached:
DroidDream is long dead, few if any devices in the wild are currently impacted by the exploits it uses.
Your "source" appears to be the information I published publicly during the initial analysis of DroidDream
aarongillion63 said:
NOTE: I cannot guarantee that this method will pick up Droiddream. However, according to my sources, this method will theoretically notify you in real time when you install an app infected with Droiddream.
That aside, here's my setup:
Profile: Action>File>File Modified "/system/bin/profile"
Task: Airplane Mode>On (to prevent any personal information disclosure); Flash "*** WARNING: Droiddream detected!!! (Tasker)"; Wait>5 secs; Goto>Action 1.
Explanation: Droiddream uses a root exploit rageagainstthecage to try to gain root access within app. This is needed to install a script to /system/bin which the malware can then execute, allowing the malware to inspect personal information tied to the phone (who knows what). By having Tasker detect the installation of the script, it will notify you immediately to take action. We *could* include a Tasker-based uninstaller here, you would need root access though. Sources say that if we put an empty /bin/profile in place with the right permissions (aka no permissions), this will disable Droiddream. Feel free to add on to this if you wish. My goal, however, is simplicity, and no additional apps.
Hopefully this helps many, and please do reply with your findings! Also hit thanks if you liked my method! Thank you!
--
Pics attached:
Click to expand...
Click to collapse
jcase said:
DroidDream is long dead, few if any devices in the wild are currently impacted by the exploits it uses.
Click to expand...
Click to collapse
Ok, I'm glad to hear that it's been fixed. I've been looking through security articles/lists for a good amount of time today and didn't foresee that it's been fixed. Hopefully it doesn't come back.
Sent from my SCH-I605 using XDA Free mobile app
aarongillion63 said:
Ok, I'm glad to hear that it's been fixed. I've been looking through security articles/lists for a good amount of time today and didn't foresee that it's been fixed. Hopefully it doesn't come back.
Sent from my SCH-I605 using XDA Free mobile app
Click to expand...
Click to collapse
It has been fixed for many many years
Exodus, a popular, albeit closed-source, crypto wallet app recently stopped working on my device. After a few days of back-and-forth troubleshooting via support, they somehow realized that my device is both rooted and running a custom, open source, community-supported ROM. They told me this was no longer allowed because it is far less secure than running the proprietary ROM. I countered with both personal testimony (back when I had a Blu phone, and a year later they got kicked off Amazon due to spyware streaming customer data out without consent) and common fact that OEM ROMs are almost always packed full of bloatware and spyware. I countered that installing a reputable open source ROM with only those apps I want and need is better. I argued that root gives me the ability to use AFWall to block outbound access to apps that I don't want having having access to the Internet without my permission. I could have argue that continuing to use a 1-2 year old phone that no longer receives security updates when I could use an open source ROM that does is better. I also provided a few public articles showing how frequently apps from the Play Store and other "OEM" stores are caught abusing their users' trust and performing malicious action. My point was that it's not correct to just automatically assume that having root and using a non-OEM ROM is less secure. That's a falsehood. But that said, I am interested to know what the XDA community thinks about that. And if the XDA community has any facts about custom, open source, community-supported ROMs being more secure than OEM ROMs, I am interested to further arm myself. And of course, I am completely willing to be instructed by the XDA community that indeed Exodus is right and using a custom ROM and having a rooted phone is completely, inherently, automatically more insecure than using an OEM ROM full of bloatware and spyware, not having root so that any rag-tag app can stream data back to home base, and falling behind with security patches because the vendor is either too slow to release or decides my device is no longer worth supporting.
You can't blame them for not troubleshooting unknown firmware. You changed the playing field.
Less mainstream use and support* is one of the disadvantages of custom roms and rooting.
I run stock and use other methods to kill bloatware. Zero brick risk, little down time and they run well.
I'm not saying don't root etc... but you knew the job was dangerous when you took it.
*this can have potentially far reaching and multifaceted implication$
@blackhawk I'm pretty sure it wasn't broken on my phone. One day I opened the app and it said I needed to update to continue using it. So I thought maybe the app just had failed to automatically update from the Play Store. But shortly thereafter I found it wouldn't update. That led to opening support ticket with them which eventually led to them saying it no longer works on rooted devices. Their argument was that they were attempting to protect me. My rebuttal was that I don't want their protection, I want my freedom back. They should focus on making their app as secure as possible and then, if they discover I am running it on a rooted phone, then give me a warning box and force me to accept it but don't just take away my freedom.
The irony of their stance is that they still provide the Linux program. And who doesn't have root access on their Linux computer? Or their Mac or Windows computer, for that matter? I can completely understand if they don't wish to troubleshoot the installation of the Debian package or even the use of the zip on every Linux version out there. I wouldn't either! But that's completely different than saying, "Oh, you have root access to your Linux/Mac/Windows computer? We can't let you use our program anymore." That makes zero sense, and it's the same nonsensical argument they are making for rooted Android phones.
I run stock N10+'s because they're easier to troubleshoot, maintain and it doesn't trip the Knox efuse. I have to add a package disabler and do some optimizing but it's child's play for me to do it at this point.
Unfortunately if you root you're going to have to suck it up and do the work needed to optimize it.
Same thing I do with stock but with more tools at your disposal... after the learning curve.
It's this learning curve, the chance of bricking and the damage that can be inadvertently done to the OS with no access restrictions are some of the downsides. Rooting takes time to learn and perfect. With unlimited power, blah, blah, blah.
I rather just do basic infrequent troubleshooting and have fun... my current load is over 1.5 yo, still fast and stable.
I don't update the firmware because that breaks things. No updates needed once you optimize it and find any needed work arounds... it's good to go. Anything from Pie up is pretty secure; they have some vulnerabilities but in practice this isn't an issue... unless you do something stupid.