Hello.
I am looking for some information on temporary rooting devices.
My current goal is to gain access to a root adb shell without actually modifying the device permanently. Be able to run a app with elevated privileges that will not modify the phone/tablet in any way and then exit and be back to stock with no changes to the device.
I have been looking at different oneclick root scripts and it seems across many different devices rageagainstthecage-arm5.bin is ran to gain root.
Does it do permanent changes at that point or does it just get access to a root shell to install busybox and su for permanent root after reboot?
If it is just used to gain a root shell, then my goal is to use this within a script to gain root access, run my app with elevated privileges and once finished, close out with no lasting effects to the device. So I will have to do the same process again if needing to run the app again.
If someone can comment on the process of gaining a root shell on android devices I would apprecaite it. I'm sure there is not a simple bin that can be ran on all 2.1 or newer devices but from the research I been doing tonight, seems it has been used on HTC's and Samsungs to gain root.
However if rageagainstthecage-arm5.bin does more than just hack itself root temporarly then that will not work for my issue.
If there is a different area in XDA Forums I should be asking this, please refer me there.
Greatly apprecaite all help on this.
MobileMedic
Just root it. Doesnt cause damage
Sent from my Nexus S using XDA App
Perm root would be the direct and simple answer to my needs. However it is not what we are looking for. I basically need to be able to remote control a device for the user and help them correct any issues they are having. There is no simple option for doing this as no one has written a "Log Me In" type app for android. And any that are written are for rooted phones. However, Mary-Jo and JimBob who call for help won't have rooted devices only stock. I am not allowed to root the devices because technically its voiding the warranty (even a flash back to stock would be just fine of a fix, but End Users are not that smart sometimes)
So having a Temp root option to be able to run remote control app is my only solution I can see at this time.
Any help would be greatly appreciated.
Hmmm. I root phones for customers as its my job. I understand a bit more where ur ciming from now.
sent from my boosted nexus S
I know how to root devices but whenever someone ask me what is rooting i am not able to explain it :-\ anyone got idea about how to explain rooting
Sent from my GT-I9100 using xda premium
ankur.co.in said:
I know how to root devices but whenever someone ask me what is rooting i am not able to explain it :-\ anyone got idea about how to explain rooting
Sent from my GT-I9100 using xda premium
Click to expand...
Click to collapse
Rooting is opening the operating system to be alerted.
Sent from my Rooted Gameboy
Rooting allows you to run special applications like SuperUser, SetCPU. Allows you to flash custom kernels and ROMs like cyanogen mod. Also you free up memory that extra apps use.. In easy language, you get full access to everything..
Sent from my GT-I9300 using xda premium
If you want the most complete, hands-on way to control what your phone is capable of...it's best to root it. Rooting gives you access to manipulate your phone in a way that carriers try to keep you from doing.
Sent from my SGSIII running some "Goodness" 4.0 (Team Nocturnal) using xda app-developers app
Allow you to backup & access apps/info/data etc that no root phone cant.
ankur.co.in said:
I know how to root devices but whenever someone ask me what is rooting i am not able to explain it :-\ anyone got idea about how to explain rooting
Sent from my GT-I9100 using xda premium
Click to expand...
Click to collapse
Rooting is the act of gaining superuser access(root permissions) to the root(main files) of the device's operating systems, letting apps run at kernel level. Rooting allows for overclocking, however, in Jelly Bean, root is not required to overclock. Overclocking is the most frequently used root application. Root also lets you change system files.
Here is rooting for all you noobs
Basically every linux system has an administrator capable of making changes to the computer and access all the files that make the system up. On Mobile phones however, this is locked down for security/warranty reasons etc.
This is a great start, we know that the admin (root) access is there, we are just locked down from using it. So the point of rooting is not to install Super User, it is to trick the system into giving us adb shell as root and therefore allowing us to mount the /system partition as Read/Write (instead of read only).
That is what allows us to change the value of ro.secure in the kernel, which sets the flag that allows us a root shell, instead of a regular (non-privileged) shell. Then we push the SU binary and SU app to the system, which gives us choice as to what apps are allowed su rights and what is not. In other words, we don't need the SU app to obtain root access. It is just for data protection.
It sounds so simple, but it is not. Since the /system partitions cannot be mounted as read/write by default, and ro.secure=1, we cannot have a root shell and therefore not able to change ro.secure=0. Therefore, it is secure.
In order to gain the root shell we have to find an exploit that will trick the system. We use an exploit (hack, vulnerability) to trick the android OS into giving us a root shell in adb. For example on of them (in simple terms is...)
1. We kill adbd ***(this is the parent) It spawns a shell (adb) based on its rights*** keep this in mind.
2. When it adbd starts up, it must run as root. When its done, it will set its id back to a non root user
3. The program (SuperOneClick for ex) races adbd by spawning a process that tries to change its id at the same time (slightly first).
4. Since we are busy changing the id of our fake process, the kernel wont be able to change adbd since it is busy and therefore adbd continues to run as root.
5. Now we can spawn a root shell, because the root rights are passed from adbd to the shell, which is now root.
6. Sucess! Now lets set everything up!
This has been answered about as well as it can. For future reference, please try searching before posting as extremely basic questions like this do not warrant creating a thread. Closed.
Hi all,
According to you, is rooting your device or unlock its bootloader a way for making it less secure, more vulnerable to attacks ?
Is it a false idea or a real subject ?
iwanttoknow said:
Hi all,
According to you, is rooting your device or unlock its bootloader a way for making it less secure, more vulnerable to attacks ?
Is it a false idea or a real subject ?
Click to expand...
Click to collapse
Yes it definitely is less seure
IronRoo said:
Yes it definitely is less seure
Click to expand...
Click to collapse
Thanks for your reply.
Coud you please give us more details ?
Do you mean that it can be hacked ?
What device's components are less secure when the it's rooted ?
iwanttoknow said:
Thanks for your reply.
Coud you please give us more details ?
Do you mean that it can be hacked ?
What device's components are less secure when the it's rooted ?
Click to expand...
Click to collapse
Yes, basically everything is less secure. Eg
quote "By gaining root access, you get total control over the entire system. With the right skills and tools, you can read and modify almost any parameter on your device. This is the reason why some apps, as as SuperSU, require root access in order to work properly. However, this type of access is a double edged sword as with root access nothing is there to prevent malicious applications from wreaking havoc on your system: system files can be corrupted or deleted, personal information can be skimmed, and you could even soft brick your device."
https://www.androidpit.com/5-reasons-not-to-root-your-device
And possible even just having su binary installed is an issue, though it's not clear to me whether this has been confirmed, it seems precautionary to me, if it's just a LinageOS issue or more devices are vulnerable, however this weeks update to Linage OS is trying to address this. Anyhow the fix seems to have some extra benefits
https://lineageos.org/Changelog-9/
Also, just to be clear, you are still able to be hacked even if you are not rooted, but it's a whole lot more difficult.
iwanttoknow said:
Thanks for your reply.
Coud you please give us more details ?
Do you mean that it can be hacked ?
What device's components are less secure when the it's rooted ?
Click to expand...
Click to collapse
Also just to be a tad bit more correct in nature,
Rooting or unlocking your bootloader do NOT necessarily mean your device is any less secure than it is when you first turn it on after purchase.
Many people tend to misunderstand what rooting a phone is intended for, and most of the popular "One-Click" methods are simple apps you download install and run on your phone to acquire root access through a process called "Privlidge Escalation" which gains permission as root by simply climbing a chain that eventually lets it give you access to all your phones internals,
Thus in theory, any given app could be injected with that same code & then used to MALICIOUSLY root your device (without your knowledge or control) which would obviously be a MAJOR security flaw *Cough Cough* on Google's end *Cough Cough* but since it is generally only used by geeks who want to use a phone properly they don't look too much deeper past that. However rooting your device by yourself, unlocking your bootloader by yourself, controlling root permissions via SuperSU or like application ensures if anything TRIES to gain root access YOU being the owner of YOUR device can deny the possible threat instead of never being aware of it........
Thanks for your reply.
What is *Cough Cough* ?
BTW I understand that a malicious application can take control of my device without I know it, if it's not rooted, by using the same code as applications rooting your device.
Do I have well understood what you wrote ?
But how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application...
It's a veritable vicious circle.
?
The question you should be asking yourself is this. Why do I want to root my device?
Though, any device may have vulnerabilities which can be exploited to gain root like mentioned. If you want to keep your device secure, do not install or use anything from an unknown source.
samehb said:
The question you should be asking yourself is this. Why do I want to root my device?
Click to expand...
Click to collapse
My main raison to root my device (if I did), would be to have a finest control on it.
But it's seems to be a difficult goal... like security in general.
?
iwanttoknow said:
My main raison to root my device (if I did), would be to have a finest control on it.
But it's seems to be a difficult goal... like security in general.
?
Click to expand...
Click to collapse
SuperSU will automatically deny anything asking it to provide root access by default . When you have an app for rooted phones installed and you run it for the first time you will get a pop-up from the SuperSU app to say "Yes, go ahead" or "No!" to anything before it even runs. So for me I always try to get devices with a way to root available because its the only way I know if stuff is trying to gain root access without my permission & watch it's actions.
@LilAnt530
Thanks for your reply.
My previous device was rooted and I used SuperSU.
But as I wrote before, "how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application..."
iwanttoknow said:
@LilAnt530
Thanks for your reply.
My previous device was rooted and I used SuperSU.
But as I wrote before, "how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application..."
Click to expand...
Click to collapse
Oh okay dude apologies the Open Source alternative to SuperSU is Phh's SuperUser & you can find it in the magisk related forum. SuperUser is only questioned as "Malicious" because ChainFire keeps the source closed from what I understand, so I believe it was Phusssion who came to light abt showing us systemless root methods with his open source root management app . You may need to root your phone with an unsafe method, & install Magisk Manager & deploy a magisk install to get the open source variant to work though, not 100% sure
It seems that it will be more and more difficult to root a mobile with new Android's versions.
iwanttoknow said:
It seems that it will be more and more difficult to root a mobile with new Android's versions.
Click to expand...
Click to collapse
I agree! And it also feels like its becoming a very heavy marketing plot aspect instead of another thing that made Android great. Like are we just supposed to pay ridiculously for the Pixel to obtain root? & for the record, that "Essential" phone, is still sorta essentially too expensive......
iwanttoknow said:
@LilAnt530
Thanks for your reply.
My previous device was rooted and I used SuperSU.
But as I wrote before, "how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application..."
Click to expand...
Click to collapse
Phh superuser with Magisk is a 100% open source method for managing root access on your device
Also discussed there: https://forum.xda-developers.com/showthread.php?t=2687933
Primokorn said:
Also discussed there: https://forum.xda-developers.com/showthread.php?t=2687933
Click to expand...
Click to collapse
Thanks I was trying to find one of those lol. As ive seen this question asked hundreds of times within recent months across forums
iwanttoknow said:
Hi all,
According to you, is rooting your device or unlock its bootloader a way for making it less secure, more vulnerable to attacks ?
Is it a false idea or a real subject ?
Click to expand...
Click to collapse
Rooting is a way to access the root-user on Android. It is the exact same as logging in as the root user in UNIX based operating systems. The windows equivalent of 'root' user, is an administrator account. Only difference is, within other UNIX based operating systems, the root user account is easily accessible. In android, it is blocked, so you need to do some process to gain access to the root user account. This process is known as "rooting".
Now, with administrative privileges, you gain the ability to modify the system, which is very useful, if kept in the right hands. But GOD FORBID, you get some nasty malware, such as a trojan or virus on your rooted device, that piece of malware now has access to administrative privileges, and can virtually do ANYTHING it wants to your system.
If you get some malware while the device does not have root access, the scenario is a lot less serious, as the malware cannot access system files, UNLESS there is an exploit designed SPECIFICALLY for that device or software version.
Now, unlocking bootloader in theory is a security flaw.... but then again, freedom is always inversely proportional to security... you have to sacrifice a bit of one to acquire the other. Theoretically, if all the custom operating systems you install are from trusted sources, and there is no embedded backdoors or spyware, or rootkits, or trojans, it is perfectly alright, software vulnerabilities, it is alright. But you simply cannot trust what these developers of custom roms actually embed into their roms, without actually examining the code itself.
I would recommend if you root and unlock the bootloader, install a custom recovery software such as TWRP. That way, in case your device gets compromised by hackers/malware, you can completely reformat the drive, and flash the stock firmware, thereby removing the malware.
Hope this helps.
Hope this helps.
---------- Post added at 09:31 AM ---------- Previous post was at 09:28 AM ----------
iwanttoknow said:
It seems that it will be more and more difficult to root a mobile with new Android's versions.
Click to expand...
Click to collapse
Yes, but the difficulty isn't because of the operating system necessarily. It is mostly because the phone manufacturers lock the bootloader, which makes the process of getting root very difficult. In addition to that, certain exploits that we use to gain root access are also being patched in the newer Android versions.
BIG_BADASS said:
Rooting is a way to access the root-user on Android. It is the exact same as logging in as the root user in UNIX based operating systems. The windows equivalent of 'root' user, is an administrator account. Only difference is, within other UNIX based operating systems, the root user account is easily accessible. In android, it is blocked, so you need to do some process to gain access to the root user account. This process is known as "rooting".
Now, with administrative privileges, you gain the ability to modify the system, which is very useful, if kept in the right hands. But GOD FORBID, you get some nasty malware, such as a trojan or virus on your rooted device, that piece of malware now has access to administrative privileges, and can virtually do ANYTHING it wants to your system.
If you get some malware while the device does not have root access, the scenario is a lot less serious, as the malware cannot access system files, UNLESS there is an exploit designed SPECIFICALLY for that device or software version.
Now, unlocking bootloader in theory is a security flaw.... but then again, freedom is always inversely proportional to security... you have to sacrifice a bit of one to acquire the other. Theoretically, if all the custom operating systems you install are from trusted sources, and there is no embedded backdoors or spyware, or rootkits, or trojans, it is perfectly alright, software vulnerabilities, it is alright. But you simply cannot trust what these developers of custom roms actually embed into their roms, without actually examining the code itself.
I would recommend if you root and unlock the bootloader, install a custom recovery software such as TWRP. That way, in case your device gets compromised by hackers/malware, you can completely reformat the drive, and flash the stock firmware, thereby removing the malware.
Hope this helps.
Hope this helps.
---------- Post added at 09:31 AM ---------- Previous post was at 09:28 AM ----------
Yes, but the difficulty isn't because of the operating system necessarily. It is mostly because the phone manufacturers lock the bootloader, which makes the process of getting root very difficult. In addition to that, certain exploits that we use to gain root access are also being patched in the newer Android versions.
Click to expand...
Click to collapse
Thanks a lot for your detailed answer.
If you need security, just root and install supersu or magisk.
If you have xposed framework, then try a nice fire wall like Xprivacy
As far as I can tell both SuperSU and Magisk are trusted and reliable, people wouldn't be using them, if they were untrustworthy. And I agree with Big's comments, freedom and ability to manipulate what you want in the device comes with a significant security issue. You are going to have to be careful about this either way.
Is there an elegant way to disable the ability of a smartphone user to install and uninstall applications?
We have the following situation. Our company purchased smartphones for employees so that they communicate with customers on corporate phones, rather than by personal ones. All they need is a telephone connection, the Viber and corporate mail. As a system administrator, I want to configure the devices for these sevices only. If I make a rooting of the smartphones, can I make some changes that disable ability to install and uninstall apps from files and Google Play? And will I be able to easily turn this ability back on in the future to install some application for user?
Smartphone's model Lenovo A Plus, Android version 5.1.
One way would be to remove package installer app from system partition. I am not sure though, just give it a try
naagdevta said:
One way would be to remove package installer app from system partition. I am not sure though, just give it a try
Click to expand...
Click to collapse
Thank you for answer! I must say, I'm new to android, although I have experience in administering FreeBSD (both systems are unix-like). Can you give me a resource from which I could learn about administering and tweaking android?
yurybx said:
Thank you for answer! I must say, I'm new to android, although I have experience in administering FreeBSD (both systems are unix-like). Can you give me a resource from which I could learn about administering and tweaking android?
Click to expand...
Click to collapse
https://forum.xda-developers.com/go...urce-guides-info-threads-linked-read-t2784527
These guides are mostly for nexus 5 but once you go through them you will get a fair idea about everything. Then you can search things for your specific device model.
naagdevta said:
https://forum.xda-developers.com/go...urce-guides-info-threads-linked-read-t2784527
These guides are mostly for nexus 5 but once you go through them you will get a fair idea about everything. Then you can search things for your specific device model.
Click to expand...
Click to collapse
Thank you very much!
I began to get acquainted with the process of obtaining root-access, and was surprised when I found out that there are no standard unix files "passwd" and "master.passwd" in the android. This means that I can not set a password for root-access, and the user will be free to use root-access. How to solve this problem? Maybe I need a custom firmware or a special app? But which one exactly?
yurybx said:
I began to get acquainted with the process of obtaining root-access, and was surprised when I found out that there are no standard unix files "passwd" and "master.passwd" in the android. This means that I can not set a password for root-access, and the user will be free to use root-access. How to solve this problem? Maybe I need a custom firmware or a special app? But which one exactly?
Click to expand...
Click to collapse
Supersu or magisk, they get automatically installed when you flash their zip file from custom recovery to root the phone. But not all phones have custom recovery or firmware. Mostly it depends on popularity of device, if your phone is popular many developers would be working on it.
naagdevta said:
Supersu or magisk, they get automatically installed when you flash their zip file from custom recovery to root the phone. But not all phones have custom recovery or firmware. Mostly it depends on popularity of device, if your phone is popular many developers would be working on it.
Click to expand...
Click to collapse
I managed to block the ability to install and uninstall programs by disabling the packageinstaller and daemon installd. Thank you for suggestion!
i have samsung M11 i am interested in rooting, the warranty is over ( 1 year). Samsung updates will be given for the next 3 years or so.
i would like to root it but then i wouldnt receive updates from samsung. but i could switch to something else like lineage or something but i heard a lot of apps cant be used.
TLDR: should i root my phone and how to get apps such as netflix on lineage os
Rooting a device's Android IMHO is playing with fire, opening the door for malware of any kind which can cause lasting damage to Android OS.
so i should just immediately switch to something like lineage?
Neerbon said:
so i should just immediately switch to something like lineage?
Click to expand...
Click to collapse
after rooting*
To clarify things: Rooting a device's Android OS - it doesn't matter which one - means to add to it an user with elevated rights ( comparable to Administrator in Windows OS) who is named Superuser ( aka ROOT).
jwoegerbauer said:
To clarify things: Rooting a device's Android OS - it doesn't matter which one - means to add to it an user with elevated rights ( comparable to Administrator in Windows OS) who is named Superuser ( aka ROOT).
Click to expand...
Click to collapse
so if you root your device its like opening every app with admin privileges in windows?
Again:
You can't root a device which is merely an accumulation of metal, glass, plastic, etc., you only can root device's OS what is Android.
Rooting is the process of allowing users of the Android OS to attain privileged control ( known as root access ) over various Android subsystems.
Android uses permissions in the file structure, every file, folder and partition, which has a set of permissions. These permissions decide who can view, write and execute a file - certain users have access, while users who don't have the right permissions are blocked from having access. Rooting Android lets you get the permission as Super Administrator User in Android system. Once you get it done, you can do anything in Android system.
BTW: There may be apps that require root rights to successfully run. IMO those must be classified as highly dangerous.
My recommendation: Become familiar with Android OS.