Related
Hi All!
Let's say I would like ( or rather I'm forced to ) build a customized Android ROM. Among all related things that are well described there is a one "black hole" to me..
I need to replace Android Market with a custom market application and block unknown sources setting ( to always disabled ). Root access must also be disabled.
For me it seems that not having root access along with Unknown Sources disabled excludes writing a custom market application, because as far as i know custom market app will need to invoke Package Installer.
Did anyone came across such problem ?
For now i only need to estimate the complexity of this task so i would appreciate ANY clues on this one..
regards
Also interested in the solution, have a similar problem.
First, you should leave Unknown sources always on enabled. If you're worried that you might suck in a malware app, install an antivirus.
Second, I installed several custom ROMs so far, and the only problem I noticed with market is that it does not show the phone model (GT-i5800) anymore, but just "phone". Other than that, apps install fine, payed apps can be purchased and this is the stock Vending.apk, not modded.
Third, don't even consider not rooting your phone if you make a custom ROM (even this sentence is a contradicition...), coz if you don't have root, you can't dump the factoryfs.rfs, making it impossible to create a Custom ROM in layman's terms...
Got any questions, just ask!
So ever since I heard about rooting Android devices I innediately done some research on how to do it and I did it. I have had this root on my Samsung Grand Duos for a while now and all I have done is have a few apps (Lucky patcher, Freedom, and Exposed with 1 plugin or w.e) and I am pretty sure I can do far more than just that, so that's why I made this thread. I have a few questions I would like to be answered if you know anything about it.
1) What are customs ROMs and what can I use them for?
2) I am a developer and I have helped make some apps for both iOS and Android, would my root be useful in any way?
3) When I tried to upgrade my version of Android it told me that my version was modified, is there any way I can upgrade to the latest version? And would it remove my root?
4) Is root only compitable with specific versions? Like when a new version comes out, can you root it immediately or do you have to wait for something to do the root process again?
5)My device storage is pretty small and it makes it a pain in the ass to install apps, is there any way that I can edit that? (I am probably going crazy with this. lol)
Thank you.
Bump, would still like some help.
1) 3) 4) a custom Rom is a modified android, mostly based on clean aosp. The example CyanogenMod: you can choose between different Android versions. And with a custom ROM you have great efforts such like theming engine, overclocking or other nice features that are really useful but uncommon in stock ROMs. So I recommended anyone who decides to root his phone to flash a custom ROM neither a stock root
A lot of the info is available on XDA forums, tutorials, and on Google so I suggest you start doing some research as it will help you understand wholly much better...
1 - Custom roms are what nico331999 explained. Modified android firmware made for each specific phone model by developers. Its their take on android and most come with many extra features, themes, launchers, based on different android versions, etc. Cyanogenmod is one the popular ones, but there are a lot more. You would have to search the forums for your specific phone. In order to install a custom rom, root is not enough there are other things you would have to do which you will again need to find out for your phone. Generally speaking you have to unlock the bootloader, install a custom recovery, then flash a custom rom along with gapps.
2 - If you develop apps which utilise root access you can allow them sort of 'admin' access to everything on your phone, so you can perform any task with the app which requires such access. One example is replacing system level apps.
3- If you install a custom rom it will have its own version of Android, usually they are updated versions. You can download the FTF file for the most updated firmware version for your phone and then flash it on your phone. You'll be able to search online for instructions and downloads. A new firmware will remove your root and you will need to root it again. You can search for pre rooted firmwares though to avoid that step.
4 - Yes, you have to search for a rooting method for each firmware version of each phone. Developers (great guys) figure out these methods and post them online for the world!
5 - If your device has SD card support you can install many apps on the SD card to save some space using apps such as Apps2SD or Links2SD. You can move all your media to your SD card. If your device doesn't support SD cards I suggest you move as much data as possible to your computer, and maybe use cloud storage at the same time. Also, since you have rooted your phone, you can use an app like Titanium to uninstall bloatware (unused apps which you cannot usually uninstall).
All of this stuff seems like a handful when you first get into it, but you need to get out there and start researching these topics for it to all fall together in place...
I have to add something with apps to SD: some manufacturers (especially Samsung) have a very weird external storage handling (called emulated storage) which doesn't allow you to move your whole apks. It only saves user data.
ishaang said:
A lot of the info is available on XDA forums, tutorials, and on Google so I suggest you start doing some research as it will help you understand wholly much better...
1 - Custom roms are what nico331999 explained. Modified android firmware made for each specific phone model by developers. Its their take on android and most come with many extra features, themes, launchers, based on different android versions, etc. Cyanogenmod is one the popular ones, but there are a lot more. You would have to search the forums for your specific phone. In order to install a custom rom, root is not enough there are other things you would have to do which you will again need to find out for your phone. Generally speaking you have to unlock the bootloader, install a custom recovery, then flash a custom rom along with gapps.
2 - If you develop apps which utilise root access you can allow them sort of 'admin' access to everything on your phone, so you can perform any task with the app which requires such access. One example is replacing system level apps.
3- If you install a custom rom it will have its own version of Android, usually they are updated versions. You can download the FTF file for the most updated firmware version for your phone and then flash it on your phone. You'll be able to search online for instructions and downloads. A new firmware will remove your root and you will need to root it again. You can search for pre rooted firmwares though to avoid that step.
4 - Yes, you have to search for a rooting method for each firmware version of each phone. Developers (great guys) figure out these methods and post them online for the world!
5 - If your device has SD card support you can install many apps on the SD card to save some space using apps such as Apps2SD or Links2SD. You can move all your media to your SD card. If your device doesn't support SD cards I suggest you move as much data as possible to your computer, and maybe use cloud storage at the same time. Also, since you have rooted your phone, you can use an app like Titanium to uninstall bloatware (unused apps which you cannot usually uninstall).
All of this stuff seems like a handful when you first get into it, but you need to get out there and start researching these topics for it to all fall together in place...
Click to expand...
Click to collapse
Thanks a lot, ishaang, you were a lot of help to me.
Hi,
I'm fond of my non-root software, just because there is a number of apps that I use on regular basis that do not allow root.
Is it going to be at all possible to build a "custom rom" that will be able to run those applications that typically just FAIL when root is detected, by simply not forcing root on the device?
Look forward to hearing from you.
mikber18 said:
Hi,
I'm fond of my non-root software, just because there is a number of apps that I use on regular basis that do not allow root.
Is it going to be at all possible to build a "custom rom" that will be able to run those applications that typically just FAIL when root is detected, by simply not forcing root on the device?
Look forward to hearing from you.
Click to expand...
Click to collapse
Well, it depends on a couple things:
First, there are different ways that apps can detect root. Some apps simply try to gain access to root. But more advanced apps, a notable one being Android Pay, also check if the firmware running on the device has passed Google's CTS tests, which only original 100% stock firmware can pass.
So is your device 100% stock non-modified, or is it a custom ROM with no root access? This will help determine if the apps you use are of the more simple kind, or of the advanced kind.
At this present moment I'm running the Sony Concept software and realistically I would love to continue to be running the latest OS, but unless something like Sony Concept continue to exist the only way to run 7.0 in the future will be a custom Rom. Almost all custom Roms require Root, is there hope that one gets developed that will run similarly to the Concept Software project, I.e. No need for root or nada and thereby allowing me to use my apps (banking etc) that do a scan against root + custom software
Devices & Linux Versions I or other Testers have Successfully Gained Root on:
(Likely All) MTK CPU Based Android devices UP TO 11 (Maybe 12? I haven't tested) (I.e LG, Sony, Select Samsung devices)
Android Devices with LINUX KERNEL VERSIONS - 5.8 - 4.14 - Maybe More? (Needs Testing)
-THIS GUIDE IS NOT BEGINNER FRIENDLY - BASIC UNDERSTANDING OF PYTHON, UNIX/LINUX ETC WILL BE REQUIRED!-
If you have been holding off updating your device, well here's some good news, your device may still be vulnerable to a method to gain root access (and subsequently, possibly the ability to edit Build.prop and therefore allow the ability for OEM unlocking on USA based devices.) <- correct me if I'm wrong, but this should be possible, and once done, should persist across updates, correct?
As of the time of writing this, there is not currently a simplified APK method, but, still this process is relatively straight forward.
Alot of the methods used HAVE been patched from what I understand, but there have got to be plenty of devices out there still which are not updated. This project aims to compile all current, former and future Root methods into an APK that will do all the leg-work. If its able to find a working method, the GUI will pop a root shell for the end user. This SHOULD work, regardless of the setting of the "OEM UNLOCK" option in the dev options. A bypass, essentially.
Regardless, The project linked below uses a myriad of known exploits & vulnerabilities and looks to find one that will work.
Methods used are:
Nearly all of GTFOBins
Writeable docker.sock
CVE-2022-0847 (Dirty pipe)
CVE-2021-4034 (pwnkit)
CVE-2021-3560
It'll exploit most sudo privileges listed in GTFOBins to pop a root shell, as well as exploiting issues like a writable docker.sock, or the recent dirty pipe (CVE-2022-0847). More methods to root will be added over time too.
There is also an alternative (Dirty Pipe) injection method the uses @topjohnwu 's Magisk , this should be implemented into the apk. See this Github repo, Here.
I would imagine this could be implented in a way to target devices that have stopped being supported for updates, aswell, that do not have TWRP, such as the SM-T307U.
One big note - I am betting there are still ALOT of devices that are in inventory at retailers that remain on the vulnerable OS. So keeping that in mind, I'd say this is worth building.
What needs to be done:
TESTING!
Build APK - HELP NEEDED WITH THIS!
Deploy
Main Goals:
Get bootloader unlock ability for devices normally not unlockable (I.e North American Samsung Galaxy S22, Etc)
Above can be achieved by getting temp root via methods detailed here or otherwise, then editing build.prop, altering the below settings (The settings may be worded differently or simply not present at all, depending on device and Firmware version):
sys.oem_unlocking_allowed to 1
ro.oem_unlock_supported to 1 (most devices are set to 1 by default.)
ro.boot.flash.locked to 0
ro.secure to 0
ro.debuggable to 1
I think there may be one or two more that pretaint to Flash.locked. I.e flash.locked.other--or something very close.
Locally, gain temp root (System preferred, but any root will do.) on as many device types as possible.
Give device control back to end user.
Stay up-to-date on new exploits for root access & update apk accordingly.
STAY ETHICAL!!!! This is, in the end, a research project. Meaning all work preformed in the context of this project could result in a damaged or bricked device. By participating in this project you acknoledge these risks and accept them, and agree to not hold me, XDA, or anyone else responsible if you do some dumb ****. - k0mraid3
Github Project link: HERE for my fork & HERE for the original project.
My fork will incorporate the original project, as well as other found root access methods, such as the magisk injection method mentioned above - my repo is mainly used as a hub for the APK's dev - i don't have enough time to work on it at the moment but all are welcome to help.
July 15th 2022 (UPDATE) (SAMSUNG DEVICES ONLY): A new Escalation method has been found via the Galaxy app store (Versions BEFORE Galaxy Store 4.5.41.8). No details known yet, but it is said to be very easy. See CVE-2022-33708 (July132022). Unknown if downgrading the app to 4.5.0.0 will enable the method again or not.
Cred: liamg
One method to run Traitor on device - Thanks @DevinDking for sharing this.
Steps to get script on phone.
//
#!/bin/sh
set -e
dir=/data/local/tmp
adb=${adb:-"adb"}
$adb push traitor ${dir} //This puts file on phone make sure to run the terminal where its located
$adb shell chmod 755 ${dir}/traitor"
//
Now to run script start a new terminal
//
adb shell
#!/bin/sh
set -e
dir=/data/local/tmp
adb=${adb:-"adb"}
${dir}/traitor //script opens
//
But I assume this wouldn't work right, and isn't right.
Idk trying my best here xD
Click to expand...
Click to collapse
Tools & References:
Linux (and Android, FTMP) Privilege Escalation Techniques
Dirty Pipe - Magisk Injection
Traitor - Main Repo
GTFOBins
CVE Database (Public Database for exploits, vulnerabilities, etc.)
Windows Subsystem For Linux (Great for Dev)
ADB App Control - Cred @Cyber.Cat
Leaked Samsung Source Code ***Mod Edit: Link Removed***
Crontab Root Template script (File Attached - you still must edit crontab with "crontab -e" and point it to this file, see comments for guide, I will add one to post later)
Android Image Kitchen Used to create custom image's etc.
MTK Client
MTK Meta Utility (Source-???)
Will add more as time goes on and more found.
Interesting Attack vectors -
GFX Componets of a system.
Issues with Linux itself (i.e Dirty Pipe)
Privilage escalation via any means (I.e GTFOBins)
unprotected system process - Hijack them if possible (i.e RILService Mode, and a wide range of other OEM apps left on devices after ship)
7/24/22 - Samsung, LG & Other OEM's obfuscating (Intentionally Hiding) Fastboot and ADB Bootloader interfaces on PC
So over the last week or so i dived head first into USB Dev - ill save you the time and sum it up.
Vendors and OEM's are actively obfuscating the USB connection between your smartphone and the PC to keep you from Rooting. As far as im aware, there is no Universal way to fix this as each OEM screws with the USB drivers differently. THIS needs to be a point of focus for the rooting community. However, i have found a few tools for Dev if you wish to screw with this. (I'll upload them tonight)
7/24/22 - MTK (MediaTek) based Exploits
I Will try to compile a few methods for FORCING Bootloader Unlock on MTK based Devices as well as a way for manipulating said devices. I will attach two tools to this thread, these tools are EXTREMELY POWERFUL and can completely **** up your device. When i say REALLY F*CK UP your device, I mean to the point you cant even access recovery, Download OR bootloader mode. I'm Talking a blank DEAD device. So use with caution.
With that said, lets talk about the tools. You will need a basic understanding of Python to make use of MTK Client
First up, we have MTK Meta Utility (Currently Version 44) (Download Below)
Next we have MTK Client (Github Link)
So what can you do? Well, you can crash the Preloader to Brom with MTK Meta Utility while at the same time using MTK Client to send any payload you like to the device via Fastboot.
I know, vague right now, but ill add detail over the coming days.
I will continue to update the below list as new methods are discovered.
If you find Guides, tutorials or new exploits, please link them in the comments so I can include them in future development!
Telegram Channel: Here.
Information on Vulnerabilities, exploits & methods - CVE-2022-0847 (Jfrog) - The Story Of "Dirty Pipe" - XDA - Dirty Pipe - PWNKIT (CVE--2021-4034) - CVE-2021-3560 - Docker Breakout / Privilege Escalation - CVE-2022-33708 (July132022) - CVE-2022-33701 (July122022) - CVE-2022-22268 (Unlock Knox Guard with DEX) (JAN2022) - MTK Client -
Dev Team & credit to -
@topjohnwu - LiamG - @wr3cckl3ss1 - bkerler -
UPDATED - 7/29/22
There is also a new vulnerability exploit by Zhenpeng Lin that allows for privilege escalation on Pixel 6 and and Galaxy S22 devices running 5.10 kernel.
Don't update... destroyer of worlds
I feel like I'm missing something because wouldn't their normally be a million responses of hype, hope and nay-saying going on here? Has this been shot down already?
olivehue512 said:
I feel like I'm missing something because wouldn't their normally be a million responses of hype, hope and nay-saying going on here? Has this been shot down already?
Click to expand...
Click to collapse
Lol, everybody already updated the patch
blackhawk said:
Lol, everybody already updated the patch
Click to expand...
Click to collapse
This is just sad panda. I'm gonna skip next update anyways unless it comes with an actual other phone that is BL unlocked. I feel like everyone wants this so bad it can't be that far out before it happens.
Does the Magisk injection method work after July patch? I was reading through the work they did to get it done. Props to those guys.
sierratango88 said:
There is also a new vulnerability exploit by Zhenpeng Lin that allows for privilege escalation on Pixel 6 and and Galaxy S22 devices running 5.10 kernel.
Click to expand...
Click to collapse
Has it got a fancy number yet?! Eager to try this!!!! Maybe it can be put in with the others.
olivehue512 said:
I feel like I'm missing something because wouldn't their normally be a million responses of hype, hope and nay-saying going on here? Has this been shot down already?
Click to expand...
Click to collapse
Well, because they are known and accepted vulnerabilities and exploits. A very few have even been marked as "WONTFIX" such as the TTY method.
olivehue512 said:
This is just sad panda. I'm gonna skip next update anyways unless it comes with an actual other phone that is BL unlocked. I feel like everyone wants this so bad it can't be that far out before it happens.
Does the Magisk injection method work after July patch? I was reading through the work they did to get it done. Props to those guys.
Click to expand...
Click to collapse
Honestly, it's worth a shot but I doubt it.
One of the goals behind building the APK compilation of all these different tactics is to enable the end user to "give it a shot" easily on different devices, without having to know how to run all of this manually. Basically imagine an apk that just tries all the above methods and if ones successful the gui will pop a root shell open. From there, the possibilities are endless. Edit Build.prop, SELinux, Verity, Etc.
FYI even you applied the July update, seems like the Kernel version is still from June 21st, is still 5.10xxxx so we could still benefit from this exploit. Very interested in how we can get root here in the US.
K0mraid3 said:
Has it got a fancy number yet?! Eager to try this!!!! Maybe it can be put in with the others.
Click to expand...
Click to collapse
There hasn't been a CVE assigned to it yet that I am aware of.
xgerryx said:
FYI even you applied the July update, seems like the Kernel version is still from June 21st, is still 5.10xxxx so we could still benefit from this exploit. Very interested in how we can get root here in the US.
Click to expand...
Click to collapse
Go to the Github linked and try the different methods, see if you can pop a root and nano build.prop to allow OEM unlocking?
sierratango88 said:
There hasn't been a CVE assigned to it yet that I am aware of.
Click to expand...
Click to collapse
GREAT news for us! LEts get this temp root! lol
Looks like another new one! CVE-2022-33708
Another Samsung Exclusive - CVE-2022-33701
So, ive just spent my entire friday and friday night MANUALLY testing all the GTFOBins & reproducing some of the newer CVE's on Samsung Galaxy S7 Edge (Android 9) -Galaxy tab A 8.4, (Android 11), Galaxy S21 & S22 (Android 12) --- A little bit of progress made. Again, ill need someone with better working knowledge on APKs & Java to really move forward. All i can say so far, is this all must be awk for sammie, because cronie is looking promising
"crontab -e"
interesting find. not "New" but still new-ish enough some may be able to use. CVE-2022-22268 (Unlock Knox Guard with DEX)
New to this all but not rooting. Anyone recommend a way tutorial on how to try these methods on Win 11?
I don't have a deep understanding of Linux, I have tried, debian and unbuntu. I get traitor to run but it's detecting the Linux kernel and not my phones. How can I get the program to search for vulnerability on my phone not my Linux. I would love a more in depth guide and I'd love to give feedback on methods.
DevinDking said:
I don't have a deep understanding of Linux, I have tried, debian and unbuntu. I get traitor to run but it's detecting the Linux kernel and not my phones. How can I get the program to search for vulnerability on my phone not my Linux. I would love a more in depth guide and I'd love to give feedback on methods.
Click to expand...
Click to collapse
i had the same issue but cant remember how i worked that out. let me see if i can find out what i did on win11
Hi All!
I've recently got P40 Pro and I like it very much. Now I need some software to be installed - maps, chats, banking etc.
However almost all of these apps need Google services or HMS. I'll try to avoid using these frameworks by using MicroG and Aurora store.
My goal is to have some set of required apps and don't have bloatware (like Huawei AI apps).
So I also going to find browser, phone, file manager and others on F-droid and use them instead of pre-installed apps. And disable those via ADB.
There are tons of information I need to read to do that, and I'll surely will read.
BUT, most manuals have big disclaimer which says "Do everything on your own risk, you can brick the phone!". And that's what I definitely don't want to.
So my questions are - what is the set of safe operations? What predefined applications can be safely removed via ADB? How to make backup that will restore phone if something goes wrong?
I believe there should be some thread with same concerns, but I could not find it. If somebody could point me to it, I'll be very grateful! Thank you in advance!
The first and main thing is "Everything Do at your Own RISK" if you want to go through android modding or making changes in the system you should not fear from resetting or formatting the system first and other thing is that installation of any unstable or unsupported mod can brick your device to get recover from these situations you should have knowledge about adb and fastboot,oem unlock and bootloader,custom recovery,root,magisk and custom roms to get the full back of your android in current state needs root for root you have to unlock your bootloader and for unlocking bootloader you need fastboot tool or your device oficial bootloader unlocker tool then you can backup you droid by the most common tool titanium backup or simply by backu option in your custom recovery
I think having a fully capable ROM bootloader (EDL mode, MTK, Allwinner, RockChip...) is most important.
There are still times that your system is wedged and you'll need either ROM mode test points or flash disable.
That's when the boot chain is broken enough to not work, but not broken enough to be recognized as broken.
If things are totally broken it will go to ROM bootloader mode all by itself.
Thank you for your advises!
I could not find P40Pro in TWRP devices list, and AFAIK, to unlock bootloader it needs to be disassembled. Is that correct?
To get used to rooting, custom ROMs, flashing and things I'll better get some cheap used phone - this one is way pricey for savage experiments, especially when you're completely noob. So rooting isn't an option for me for now.
At the moment I 'm debloating phone with "adb shell pm disable-user" and following lists:
[GUIDE] EMUI 11 Complete Debloating Guide & Bloatware List
This de-bloating guide will help you start using EMUI 11 as clean as possible. Please list packages in the comments section that you know is a bloatware and I didn't include in the spreadsheet. This guide assumes that you're using Windows 10 as...
forum.xda-developers.com
P40 Pro debloating guide
Hey everyone, I've spent the last couples days going through all the installed packages, cross-referencing different debloating guides and testing my changes. I'm running the latest EMUI 10.1.0.158 (C636). RECOMMENDATIONS: if you can, follow...
forum.xda-developers.com
[GUIDE] List of bloatware on EMUI safe to remove
Hi all, i was working on a guide on the vast amount of packages that we find already installed on EMUI by default and safe to remove because i'm sure that it would be useful for users like me, users that doesn't like to have space occupied on...
forum.xda-developers.com
Next step - involve Android profiles to isolate spying apps, which I still need, from each other and from contact list
I also looking for decent replacement for buit-in file-management, phone, messaging and contacts apps. And, maybe, launcher, I don't know if it's needed and secure. So far I found:
Emerald Dialer | F-Droid - Free and Open Source Android App Repository
Make calls, view call log
f-droid.org
Silence | F-Droid - Free and Open Source Android App Repository
Encrypted SMS/MMS conversations made easy!
f-droid.org
Koler | F-Droid - Free and Open Source Android App Repository
uniquely stylized phone app with customizable features
f-droid.org
But haven't installed or tried yet. I'd gratefully accept recomendations for those app categories.
Dont waste your time. On this phones you cannot unlock the bootloader and definitely you cannot have access to the root. Also debloating is a non-sense: you can do more bad things than good things. The phone is powerful enough to not need debloating. It is not a Galaxy S2.