Hi there,
I would like to ask the following question although I think it will fail due to some reason, but perhaps it's interesting to get the answer - at least for me! Okay, I'm not very familiar with android but I know UNIX / Linux for quite a long time - since the 1980s What I do know is:
root user id is always 0 on any UNIX system (also on android)
a UNIX filesystem mounted on an UNIX system will accept the user permissions set on the mounted filesystem
an executable file, owned by root and the "sticky bit" set, will run under root permission
only thing to do is to change from effective user id to real user id during this executable is running
with this the question comes up. Why isn't it possible to have an external UNIX filesystem (e.g. SD card) mounted where an executable binary file is placed, owned by root and sticky bit is set? Then you only would have to mount this FS and run the binary to get root permission on any android device, without having special app breaking into your device ?
I'm quite sure, this won't work - otherwise this would be done every time, cause it would be so easy. So the question is not - does this work, the question would be - why would this not work out?
- And thanks for keepin' me away from friggeling around with life Linux CDs trying to set up an external filesystem 'n stuff, 'cause I do not have a Linux up and running anymore- I'm just a user - hackin' times have passed quite a time ago for me :angel:
Related
Hi all,
As a noob, I try to learn about rooting.
But, I am a little bit more geeky than the average user. So I want to understand in bigger depth what is going on when "you root" the phone.
I have made my search around and I have a certain question:
Does rooting include (in all cases) the change of rights on the /system directory, no matter what the phone is?
Is this the 'heart" of the rooting process or am I missing something (or a lot) here?
this is as far as I know.
your phone is a mini PC running a flavor of linux. In each linux PC, there's the system admin, "root". When you root, what you do is to unlock that root user in order to execute stuff as "root". not as a regular user.
The unlocking is done via exploits in the phone / model. Thats why the process differ in phones and models.
Hope you got it. ( and hope I got it )
Hello there, thanks for the answer.
I know about Unix-oid OSes, because I have been working for a long time with them.
I wanted to understand if the ultimate goal for "rooting" is the permissions' change of the /system directory (or there is something that I didn't know). The vulnerabilities that the techies exploit is something that comes first. When they exploit these vulns, then they are ready to chmod. And then, voilĂ .
This is what I want to be sure about.
This is a simple guide how to install openSUSE chroot on your MicroSD card and use it
What do you need? You'll need armv7 device (for example ASUS Transformer ;-) ). But even my old Nexus One is armv7, so this guide is a little bit more general.
Now a little bit of requirements on Android system itself. You'll need root on your device and you'll need decent enough busybox. Both of that is usually part of unofficial ROMs. There might be some differences and some troubles, but let's be optimistic.
I would say that best way to install openSUSE is to repartition your MicroSD card. In Tranformer, you can keep it always inside tablet no matter whether you have dock connected or not.
Let's start repartitioning. I would suggest to take your card out of your device, put it into card reader and repartition it in your computer, where you can use nice tools like gparted. Create one ext4 partition that will hold your root. I would recommend to create it as your second partition. Some programs (like recovery programs) expects first partition to be FAT, so you'll run into some troubles otherwise. Create your partition as big as you want, but my recommendation would be at least 1G. Depending on what do you plan on doing, it can be more (mine is 5G).
So I hope that you created partition successfully by yourselves, now it's time to get openSUSE for your device. Where to get that? On openSUSE download servers. What you want to get is file starting with LimeJeOS-openSUSE-Factory-ARM-rootfs.armv7l and ending with -tbz.tar.bz2. These images gets rebuild automatically, so the part that I left out changes over the time as you get newer and newer versions ;-) But don't worry, you can use zypper to upgrade too ;-)
Lets put it on the card. Tarball you just downloaded actually contains another tarball and checksum. I know, not fun, but no big deal either. So get to the inner tarball, mount second partition of of your sdcard and unpack the inner tarball to it. Unpack it as a root! This can be important as as ordinary user you might not have the rights to create some files and some rights might get dropped in the process. This may result in not working system. So do the unpacking as a root. Just a hint how to do it in command line (might need some paths adjustements according to your system):
Code:
tar -C /mnt/sdcard-ext2 -xjf /home/user/download/Lime*.tbz
In the end, you should see some directories like bin and etc directly on this partition. If you do so, you are almost ready!
Now generaly the hard part, but easy if you have Transfomer and if you are putting openSUSE on your MicroSD card as I told you. Take this script and if needed adjust it. If you put openSUSE on second partition of your MicroSD, you are ready to go, otherwise you need to change DEVICE variable to point to the correct partition.
Now run the script in the terminal. It will put you inside openSUSE basic chroot. You can look around, there is not much of software in the beginning, but you can use zypper to install everything you need ;-)
Enjoy openSUSE on Transformer! As always, if you have no idea what are you doing, you can damage your device and I take no responsibility for any damage. If you run into some troubles, drop by on opensuse IRC channel #opensuse-arm on Freenode and there are people willing to help. You can find me there as well, my nick is |miska|. Oh, and one last think, root and user password is 'linux' ;-)
Hi everybody.
I bought recently (mid-November 2012) a Polaroid easy2 tablet. It is an MIDR477 model, made in China by Baolaili and based on a MIPS 74Kc processor. It is the "low-end" resistive model but I cared little for it is supposed to become a "smart terminal" in a data acquisition system. I needed to break into the system (I am a Linux person and prefer to do Perl and C programming) to make it suitable for my application.
It turned out to be easy to get the root shell, I rooted it successfully with the help in this forum, thanks to the contributors.
The file system, accessible through the /dev/block/actX devices is actually easy to mount and modify and after a short while I managed to modify permanently the init scripts. The one of interest was init.rc that changes the path and libraries default. I still have a problem due to the non-standard paths (and my limited knowledge in Linux administration), while changing successfully the paths and other variables, I cannot get any external program to run. As an example, when I try to do a simple 'ln -s /<original path> /<link>', it is never executed from the init.rc. Can someone tell me what I am doing wrong ?
Additionally, if there is in the Android boot sequence a better way to gain control, I would be very grateful to know it (my goal is to be able to set-up the system to run unattended).
Edit: My assumption was that init.rc was a script that executed, it seems to be a file parsed by init. No wonder why it did not work properly. Still looking for an entry point that is not a java component ...
re-Edit: (I'll make a thread on my own ) ... I finally dug the answer in this forum, if anybody is interested in the boot process :
3w.androidenea.com under /search?updated-max=2009-10-16T13:47:00%2B02:00&max-results=7&start=21&by-date=false
sorry for the restriction ...
the answer I was looking for is in the "The init process and init.rc" section.
Best regards.
Hi,
I've got the same tablet, but I can't find a way to root this device.
Can you help me find a thread where this is explained.
Ty,
Dimitri
doorknob314 said:
Hi,
I've got the same tablet, but I can't find a way to root this device.
Can you help me find a thread where this is explained.
Ty,
Dimitri
Click to expand...
Click to collapse
Hi Dimitri.
All this is from memory. I found on this forum a thread about a similar product that actually gives the password for the root shell (something like connect123, can't remember). After installing the adk and the adb shell (took me a while and it was under linux), I uploaded an unlocked busybox (be careful about the proc, it is not the usual type: MIPS 74Kc). I think that at that point the rooting app started functioning. I still have superuser installer but that was not the one originally used. Sorry not to be able to help more but as the tablet is unlocked, I quickly forgot about the process.
Regards.
Thank you, i hope i can find an answer with your information
Hey there,
I have an idea which might work but before I try that out, I would like to hear if the idea is possible and that I don't forget/don't know something essential.
FYI; it's not my first linux encryption with dmcrypt. I do also encrypt a private PC and type in the password remotely with SSH (dropbear server). But I'm not exactly a professional in this things and have to search and read... for much hours.
Also, the encryption is for saving the data from strange people. After a reboot it should be impossible for them to get any useful data.
The idea (short):
Encrypt the userdata partition to prevent access if not mounted. If the phone has been forcefully shutdown, it should be impossible to get the data. The password entry should happen in a shell right after starting the phone, before any ROM (e. g. CM11) is booted.
The idea (long):
- Install debian (armhf) on the device and use dmcrypt from there.
- The first problem would be that it's installed on /data or /data/media (same partition; userdata). So it has to be "somehow" be written to the /system partition.
- Next problem would be that this might be too big (the whole debian system). So we need a dmcrypt that works on android(-kernel) and isn't that big. This should start (at best) via an initramfs (as much as I understand this is a system which boots before the actual system, packed in a compressed file).
- After this we need to get that initramfs started. Actually not a problem for the better linux-pros. It should be possible to start an initramfs which boots afterwards another kernel (2ndinit if we have no other choice).
- If all things are working until this point, the rest should be easy. We need keyboard-support and display-support with a simple shell, where we see that a password is asked.
The biggest issue is that the /system partition is not encrypted at this point. So a modification of some files would break the filesystem-encryption-security. This is just a "simple" encryption idea for those who don't want give files unwanted to other.
If you are a target of some "mysterious" people, this encryption is kind of pointless. (Much more work would have to be done for a more perfect encryption system. - Don't ask me for this, I only know simple things. -- A perfect encryption is actually not possible as long as we don't verify the correct kernel, which is impossible because "a" kernel have to be booted first, which might be compromised already.)
What do you think?
Hi all.
I'll make my apologies if this post is in the wrong place or against any rules, if so sorry for creating more work for the mods!
I dabble in Linux, so bear with me here. I am not a complete noob, but to some of you folks here, I am certainly in the gutter of the pecking order
So I got a cheap Amazon Kindle Fire 7" 2019 model, and thanks to this forum have used diplomatic's mtk-su tool to get superuser (su/root) on adb and Termux, which has allowed me to get rid of a lot of Amazon bloat and data collection, and system apps that just aren't useful, replace the launcher and generally make this tablet useable.
I have not, as of yet, installed a modified boot loader/twrp/magisk stuff. I am trying to avoid that route, as there is quite a chance of me messing up and I am destructive when trying to take things apart (maybe unplug battery required).
On to network interface security.
I've installed NetGuard, read a lot and understand the idea behind how it works. Dump unwanted traffic to a sinkhole VPN connection.
I would like to utilise iptables. After using mtk-su in termux, I can access and create rules and these apply instantly. All seems to work as expected, however, as we all know iptables rules are not persistent and a reboot clears them all out and replaces with the stock ruleset - which is a bit too open and has strange stuff in it.
Q:
Run a my_rules script on startup.
So I can write a .sh script with the iptables rules I want applied. It won't have root permission and won't run, but if executed at boot time by another script? ( .rc ) which does have permission to do root things, the script should run, rules be applied and I can be happy.
For one thing, I am not sure quite where to add my script. I have read somewhere that the .rc files I can see are actually created from a secure/encrypted/compressed store which is uncompressed at boot time. So editing an .rc file which is freshly created is pointless.
Secondly, I guess import <name of script -no.sh extension->? won't work, and will probably need service <name of script> and oneshot or another command.
Am I going to have to go the twrp/magisk route? Do I really need to make changes to more than I can access with root and a terminal on the running device?
Thank you for your time and patience to read this post.
I am obviously not reading enough!
It seems the /system/ folder is all read-only. I can't even "cp /system/bin/install-recovery.sh /system/bin/install-recovery_bak.sh" to back up the existing.
Will try mounting /system as rw, maybe.
*edit*
OK, a major problem is that /system is not writable. mount -o remount,rw /system or /dev/block/dm-0 looks like it works but the location still cannot accept new files created or changes to existing files.
There seems to be a watchdog or something running which prevents changes to the mounting here.
So, I conclude this is what people mean by rooting - booting a modified system which allows access to these such places. Having su in a terminal /adb is all great, but still can't do everything - opens up the opportunity of going further and changing boot loader, twrp and magisk though.
Sigh, I was hoping to avoid that path.
I can, at least, launch a small shell script which would leverage mtk-su to run and write my iptables rules into the running system. But this would be a manual exercise and I am bound to forget to apply it.
If mods wish to delete this thread, I have no objection. but maybe it might help someone else in my situation to understand a little more or maybe not.
I think I am showing how much of a noob I am here. Sorry.