This is probably a hell of a way to make a first post, but whatever.
So, in preparation for the wall of text upcoming, a tl;dr: kingoroot for windows (and probably the android app as well) calls "dumpsys iphonesubinfo" over adb for no discernible reason, obtaining the IMEI of every phone one attempts to root with kingoroot. In addition, the application tries to obtain some other nasty things, like the phone's GSM baseband version number and battery information, all of which are entirely useless for something claiming to just root a phone.
Ok, so first for some backstory. I recently got a prepaid ZTE paragon from best buy for 5 dollars. The hardware is pretty good for the price:
-Qualcomm 410
-1 GB RAM
-sd card slot
- IPS screen
Unfortunately, the phone is running Android 4.4.4 out of the box. Because of this, every trustworthy rooting app I could find failed on the phone, as all of the relevant bugs have been patched. So, I turned to China to give me my su jollies, and indeed, Kingoroot managed to root my phone with little trouble. This got me curious: what exactly was that windows executable doing on the phone anyway? And that's where this all begins....
I first tried to sniff the adb traffic between the computer and the phone. Unfortunately, there is no way to do this: adb sessions are isolated from one another, and so there is no real way to see what the Kingo adb thread was doing from a different shell. So, I went one level deeper and scanned ALL of the USB packet traffic on the computer with USBPcap. After opening up the hex dump, this worked a treat: I could see plaintext in the packets corresponding to adb shell commands. After several hours of skimming through the several megabyte dump, I could see roughly what the Kingo app was doing on the phone: It determines some system information (the model number, whether or not the phone is already rooted, some more unsavory stuff I'll get onto later), then copies over the apk of the splash screen that you get on your phone. When you click the button to root the phone, the executable copies over a lot of files to /data/local/tmp (some root essentials like the su binary and busybox, the main exploit binary called "kingo", and some scripts to ensure root persistence after the main root), chmods busybox, the root exploit, and su to give execution rights, and runs "./kingo kingo", which after several seconds creates a temporary instance of the su binary which you can call over adb at that point. (Interestingly, this must be run as "./kingo kingo" to work; anything else causes a segfault. Some form of password protection, maybe?) It then runs some scripts and rearranges some files with this newfound root access to maintain persistence, deletes all the files it brought over, and quits.
My main interest here was determining the root exploit Kingo were using to root the phone, and so after factory resetting the phone, I rooted it again using the app and copied over any files I could see in /data/local/tmp from a second adb instance. This gave me the set of files Kingo was using to root the phone, and after another reset, running the magic exploit offline indeed gave me temporary root access to the device (I haven't fully figured out how to make persistence work, but that is not the main issue here). So, after some hunting around on the internet to see if anyone else had gotten any information on this magic executable, I found some threads here on XDA claiming that Kingo was stealing some information about your phone and sending it to the Chinese mafia or something. Naturally, I was somewhat upset by this: I was running this in my good Windows VM! Now I have to reset it! But this again piqued my interest, and so I went to see if Kingo really was doing anything malicious.
For those who are unfamiliar with the story, Kingo was caught obtaining the IMEIs of phones which were rooted with the app. This upset a lot of people, and so with version 1.2.2, the Kingo developers claimed to have removed the ability to capture phone IMEIs. (Of course now, I know this is a pile of ****, but let's keep going.) So, first things first, I pulled out my packet log of the rooting endeavor and searched for my ZTE's IMEI. And with this, I found in the packet log:
Code:
529 17.074812 5.2 host USB 58 URB_BULK in:
Device ID = 865895021744484
Oh dear....
(Note that I'm not planning on using this phone for any networking over the cellular modem. I don't really care if this phone's IMEI is stolen. That is actually the phone's IMEI, btw)
Looking a little higher into the packet log revealed that Kingoroot was calling "dumpsys iphonesubinfo" over adb shell to obtain this information, and looking around some more revealed the following gems:
Code:
535 17.102832 host 5.2 USB 56 URB_BULK out
getprop gsm.version.baseband
and
Code:
547 17.124868 host 5.2 USB 43 URB_BULK out
dumpsys battery
Now I don't know about you, but I can't for the life of me figure out why a rooting program needs access to my IMEI, my GSM baseband version (!) and my battery information just to root the phone. To add insult to injury, all of this is done after
Code:
388 13527122 5.2 host USB 108 URB_BULK in
Qdevice::ro.product.name=P821A21;ro.product.model=Z753G;ro.product.device=faerie;
was sent over by the phone, indicating that all of the identifying device information that should have been sent was already sent.
This is only the shady stuff kingo is doing before the root happens too! After root privileges have been obtained, there is an unsettling amount of time taken until the application claims to be done and when it appears to actually be done.
I haven't looked through the whole packet log yet, but just from a brief look at the post-root adb commands packet 15710 has the executable calling "getprop", and who knows what the Chinese mafia are going to do with all of that information!
So, in conclusion, I set out to figure out how KingoRoot for windows roots android phones, but also determined that Kingo never really stopped doing shady **** as they claimed. To anyone who wants to take a look at the files I found for themselves, here (www (dot) filedropper (dot) com (slash) kingo)(I still can't post urls) is a link to everything I found during my little experiment. In that zip is the USB packet log for others to find some interesting information in (just open in wireshark) , the files kingo uses to root my Android 4.4.4 phone (I humbly defer to people who know more about binary reversing than I do to figure out what the hell that binary does), and some instructions to rooting a ZTE paragon z753g with this binary should you happen to have such a phone yourself. I realize that disclosing a root executable is not a particularly good idea, but considering the process to obtain it is so straightforward, I don't think not providing it is stopping anyone who wants to do something nefarious. If someone tells me to take it down, I will, however.
In addendum, I have a couple requests of anyone reading this. If you have a phone you don't particularly care about, download USBPcap, ADB, and the kingoroot executable and get the USB packet log during the whole interaction and the contents of /data/local/tmp (just copy that directory to a known safe place, like /sdcard/Download). Im curious if
1) Kingo actually uses different exploits for different phones and
2) the IMEI and baseband firmware version are always sent over
Finally, if anyone out there is good at binary reversing, I am curious about what exploit the "kingo" file is using to root the phone. When I look again at this process, nothing particularly screams that this actually requires the debugging bridge to work; presumably a rogue .apk could do the same thing. (Or worse yet, an ACE exploit like Stagefright) Although the Kingoroot Android app did not root the phone I used for this experiment, I have reason to believe that the same or a similar exploit is being used there, as opening a simultaneous adb shell reveals su privileges being obtained at a certain point of the process, although presumably the process fails because the persistence creating scripts didn't work for some reason.
So, in actual conclusion, Kingoroot is untrustworthy, panic and run
Thanks for this thread.
Kingoroot didn't root the phone, but stole the IMEI. This is 100% theft.
---------- Post added at 05:56 PM ---------- Previous post was at 05:35 PM ----------
zzazzdsa said:
This is probably a hell of a way to make a first post, but whatever.
So, in preparation for the wall of text upcoming, a tl;dr: kingoroot for windows (and probably the android app as well) calls "dumpsys iphonesubinfo" over adb for no discernible reason, obtaining the IMEI of every phone one attempts to root with kingoroot. In addition, the application tries to obtain some other nasty things, like the phone's GSM baseband version number and battery information, all of which are entirely useless for something claiming to just root a phone.
Ok, so first for some backstory. I recently got a prepaid ZTE paragon from best buy for 5 dollars. The hardware is pretty good for the price:
-Qualcomm 410
-1 GB RAM
-sd card slot
- IPS screen
Unfortunately, the phone is running Android 4.4.4 out of the box. Because of this, every trustworthy rooting app I could find failed on the phone, as all of the relevant bugs have been patched. So, I turned to China to give me my su jollies, and indeed, Kingoroot managed to root my phone with little trouble. This got me curious: what exactly was that windows executable doing on the phone anyway? And that's where this all begins....
Click to expand...
Click to collapse
Does Helium Backup work on this phone? I also bought this phone for $5.
I don't really need to root this phone. I just need to disable some System apps for my privacy.
Some members want root at any cost. You're not posting anything that's not already known.
But as with anything, flash at your own risk. That is the bottom line in this hobby.
Read, research, decide. The responsibility is on members to flash what they want. So, use it or dont. Not much more to say. :good:
And SU ??
Sent from my SM-A700FD using Tapatalk
Awesome post. Thanks!
Two comments/questions:
1. I bought two of these phones for my girls (3 years old and 1 year old). I want to load some games and some videos. I need to root so that I can load apps onto the SD card, etc. Should I worry about using Kingoroot or just go for it? They aren't going to be doing email.. at most taking pictures probably. Maybe Dropbox access. Pandora. So some (of mostly my) credentials going over the air.
2. The link you didn't post (see what i did there?) doesn't work any more. Care to upload it elsewhere? Feel free to PM me if you want.
Edit: I should also say this.. these are the only android phones I've ever owned. But I do consider myself very tech savvy (few programming languages, very comfortable at a unix command line, etc). So if there's any newbie android advice for securing a phone for kid use I'm happy to hear it!). Thanks
I have only used KingRoot on a Blu device and then which, gave to my father.
Thanks for all the work, another vendor of my list.
couldn't get Kingo to work
So inspired by the above post I tried Kingo and it didn't work. After much screwing around with Windows in VirtualBox I got Kingoroot installed and it even said it rooted it - but I couldn't get anything (i.e. SuperUser) to work correctly. Mind sharing your method for getting it to work?
@zzazzdsa You gotta do some research on Kingroot
They claim on their website that they parented up with XDA....
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Newyork! said:
@zzazzdsa You gotta do some research on Kingroot
They claim on their website that they parented up with XDA....
Click to expand...
Click to collapse
Nope. Lol
No affiliation. But anyone can put anything out there on the interwebz.
So i haven't had much time to play around with this some more, but I can post a rough guide to making a sniffing setup if you want to play along at home.
First, you're going to need a windows computer. It doesn't matter if it's virtualized, it just needs to have USB support enabled (via native support in VMware or the PUEL extension pack in VirtualBox)
Second, you will need to download adb for windows, USBPcap, and wireshark. All of those can be found with minimal googling. Once you have installed all three, you are ready to go.
Plug in your phone, enable adb on the phone, start USBPcap and an adb shell, and then start kingoroot.
Let kingoroot do its thing. While it is rooting the phone, pay close attention to the directory /data/local/tmp over adb. If anything interesting appears there, copy it over to a safe directory, like the emulated SD card.
Once the phone is rooted, close USBPcap, open wireshark, and comb through the packet log with a fine-toothed comb to find plaintext adb commands which will make the exploit work. A useful tip: the packet log will be extremely long, but almost all of the length will be due to the packet capture picking up file transfers as well. You can filter out these long file transfer sequences without losing any useful information.
zzazzdsa said:
So i haven't had much time to play around with this some more, but I can post a rough guide to making a sniffing setup if you want to play along at home.
First, you're going to need a windows computer. It doesn't matter if it's virtualized, it just needs to have USB support enabled (via native support in VMware or the PUEL extension pack in VirtualBox)
Second, you will need to download adb for windows, USBPcap, and wireshark. All of those can be found with minimal googling. Once you have installed all three, you are ready to go.
Plug in your phone, enable adb on the phone, start USBPcap and an adb shell, and then start kingoroot.
Let kingoroot do its thing. While it is rooting the phone, pay close attention to the directory /data/local/tmp over adb. If anything interesting appears there, copy it over to a safe directory, like the emulated SD card.
Once the phone is rooted, close USBPcap, open wireshark, and comb through the packet log with a fine-toothed comb to find plaintext adb commands which will make the exploit work. A useful tip: the packet log will be extremely long, but almost all of the length will be due to the packet capture picking up file transfers as well. You can filter out these long file transfer sequences without losing any useful information.
Click to expand...
Click to collapse
How did you get kingoroot to root your ZTE Paragon? I thought this phone cannot be rooted.
Get a virtual Windows machine running. Download the pc app at kingoapp com. Plug in, root. The problem is getting apps like super su to work given lack of /system write access. get that figured out and I'll give you a few gold stars. Because from what I can tell that's all that's holding me back from moving my apps to the sd card.
OMG LOL!
Then What? They are going to sell my imei number
With as much due respect for someone I've never met: so what? It's a $5 phone. If they get your imei and something bad happens I'll personally refund your $5.
If you're really nervous about that run your virtual machine thru a mitm proxy and filter out anything that looks like your imei.
Sounds like a very shady enterprise overall.
Wasn't planning on using it anytime soon but thank you for the heads up.
Just goes to show, when in doubt come here first.
Hi, my only concern is many novice use wifi at work is there a risk to hijacking a system via
Wifi, if the imei is the security password key used
By many phone services that allow access to towers.
Sweet i didnt know that thanks for the information.
Imei is not a security password.
It's used to identify the phone when programming a number to it (which then gets stored on your sim card)
Verizon won't even tell you the imei associated with a line unless your the account holder.
Curious what the mobile app installation of kingroot saves.
Sent from my unknown using XDA Free mobile app
wonderful article
iam the victim of the kingroot imei stealing
Related
I have recently bought an Incredible S, and it is a great device, but I would like to gain root access for certain apps. The development forum is dead, I presume anyone with the knowledge and inclination as avoided this phone (and is waiting on the dual cores) so I decided to look for myself, but I am stuck. Either the people who usually discover root on these devices don't like documenting processes and methods, or I am loking in totally the wrong place. Can anyone give me pointers on where to start looking or where I can find info on where to start looking, or am I just barking up the wrong tree and sounding really thick?
Hey people,
I need to root my phone to.
I used z4mod and universal androot, both apps failed to root my phone.
So i hope someone succeed to root his or her incredible s, and post it here.
- Bert
unrevoked.com
just enable usb debugging, plug your phone into pc via usb, start unrevoked3 and wait. It will do all the work for you
There is no support for the HTC incredible S
i think there is a difrence between the HTC droid incredible and HTC incredible S,
so im not taking any risk trying to root my phone as an HTC droid incredible
vindicat said:
unrevoked.com
just enable usb debugging, plug your phone into pc via usb, start unrevoked3 and wait. It will do all the work for you
Click to expand...
Click to collapse
UnrEVOked does not support Inc S at the moment.
Sent from my HTC Incredible S using XDA Premium App
Alright, i'll try to make this simple, because i'm betting not a lot of people know what goes into rooting these devices.
Root is not like buried treasure. No X on a map. In fact, there is no map. We're not hitting up a command prompt on windows, crawling through thousands of bits to find the access codes so we can find the root the creators left for us.
Now that we know what it isn't, it's time to explain what it is.
Finding root is a lot like finding a back door... that's been painted to look like the rest of the outside wall... and all of its cracks sealed... and its doorknob non-existant. You'd have to look from the inside to know where it is, and even THEN you don't know if you can even OPEN the door from the outside.
What devs (or aspiring devs) attempt to do is look for the telltale signs that a phone software vendor has modified from the original stock AOSP. This means that the phone will be attempting to do something unique, something that vanilla android does not. TouchWiz, MotoBlur, etc are all examples of these.
Devs look through the changes, trying to find examples where vendors have hijacked root access (or system access) to perform a task. On Droid3, for example, we found a script that reinstalls stock sample games onto the phone. We attempted to shell-inject some code into a variable to install superuser into an executable directory. Unfortunately, the attempt failed.
In short, you're looking for signs that some root access is happening outside of vanilla android. After that, you need to find a way to hijack it. Checking files for executable permissions, finding out where files can be executed, etc are all examples of searching for root.
Your eventual goal will to be to get the su binary into an executable location. On the Droid3, this was /data/tmp, a temporary filesystem with executable permissions (but no write access for apps or shell.) Our goal was to use some exploit to push su into that directory and execute it. (We still have not achieved this.)
If you really want to learn the process that goes into rooting, check this thread out: http://forum.xda-developers.com/showthread.php?t=1193893
It is 60 pages of root theory where we are still [at time of post] attempting to gain root. We wade through our ideas, our attempts, our successes and our failures. (we have lots of those. )
Good luck, though i think you might be getting in over your head... I sure am already.
I have installed an Android Application which was developed by the friend of mine. It had installed on my Android phone (HTC G2, with Android 2.2). I need to locate the application forlders, and especially SQLite database which was created along with the application, because I need to copy it to my PC. I did seach on SD card but I did not found it, so I assume it must be on the device RAM, but I really don't know the structure and how the apps are organized. I might suspect the SQLites data filename, but that all I know at the moment.
Can somebody pint me to some utility which will allow to find the database, and the application path, and most of all to copy it to the PC ???
Thanks - Arthur
The database and any other "data" used by the app will be located in /data/data/ then inside a directory that corresponds to the app's package name. If we use the Kindle app as an example, the path to it's data would be: /data/data/com.amazon.kindle
unfortunately I checked this foldeor on RAM as well as SD and couldn't find it. device /data folder is empty, and SD gas some other stuff bot not this App.
aklisiewicz said:
unfortunately I checked this foldeor on RAM as well as SD and couldn't find it. device /data folder is empty, and SD gas some other stuff bot not this App.
Click to expand...
Click to collapse
I should have also said, you need to be rooted in order to see the contents of the /data directory. Without root access, it will be shown as empty because you do not have permission to view or modify. If your phone is rooted, you can use Root Explorer, Terminal Emulator, or adb to access /data and copy, modify, create, or delete files there.
Thank you for your time. That would explain why I do not see it.
OK, I have HTC G2 from T-Mobile, I think it has Android 2.2
Nothing was changed or updated on this phone since I bough it last fall. I'm not with T-Mobile anymore so I do not wat to mess up with the phone unless I'm really sure what am I doing. The only nice thing is that the phone is unlocked now. The reason I ask those questions is because I am working on some tool, which is a desktop program wchich supposed to sync SQLite data from device to the PC.
What I want to do is to connect the device through USB cable, then have it mapped is it normally does (i.e. drive H. Then access the SQLite file from the desktop application by opening the database through that link and syncing the records. Not sure but I hope this approach would work. If it cannot work that way then eventually I want to copy the SQLite dB file to the PC sync database and then copy it back to the device. I already have a desktop App which work on SQLite localy so now I want to access the device, having the same dB file residing on my android phone instead on my local HD.
What could be the reason that the installed APP doesn't want to move to SD ???
I would appreciate any suggestions...
What is required to root the phone? I've herd there are some risks. Besides I probably have to find some other solutions as none of the App users would want to root their devices (or have a knowledge how to do it).
aklisiewicz said:
Thank you for your time. That would explain why I do not see it.
OK, I have HTC G2 from T-Mobile, I think it has Android 2.2
Nothing was changed or updated on this phone since I bough it last fall. I'm not with T-Mobile anymore so I do not wat to mess up with the phone unless I'm really sure what am I doing. The only nice thing is that the phone is unlocked now. The reason I ask those questions is because I am working on some tool, which is a desktop program wchich supposed to sync SQLite data from device to the PC.
What I want to do is to connect the device through USB cable, then have it mapped is it normally does (i.e. drive H. Then access the SQLite file from the desktop application by opening the database through that link and syncing the records. Not sure but I hope this approach would work. If it cannot work that way then eventually I want to copy the SQLite dB file to the PC sync database and then copy it back to the device. I already have a desktop App which work on SQLite localy so now I want to access the device, having the same dB file residing on my android phone instead on my local HD.
What could be the reason that the installed APP doesn't want to move to SD ???
I would appreciate any suggestions...
What is required to root the phone? I've herd there are some risks. Besides I probably have to find some other solutions as none of the App users would want to root their devices (or have a knowledge how to do it).
Click to expand...
Click to collapse
Took me a bit to get back to you but figure better late than never...
Here is a good FAQ on rooting among other things specific to the G2(the US variant of the Desire Z). In order to root your G2, this guide looks to be good as he's simplified and automated a good bit of the process, should be safe, and seems to work. You'll need to install the two apps he mentions in step 1 and download the zip file he mentions in step 2 which is attached at the bottom of the post then just follow the instructions.
As for the database stuff, if you end up needing to access the /data directory you'll have to be rooted. Also, moving the app to the sdcard won't really help you with having access to the app's files. Froyo built-in App2SD just moves the apk file to a hidden directory on /sdcard (.android_secure) but the app data, cache and all that stuff will still be on internal memory. But to answer why the app won't move to the sd card, I'm guessing it's because the app itself must allow for it to be moved since by default, an app doesn't have this enabled unless the app dev gives it that ability.
To communicate with the phone, even with root access, you'll probably have to do so through adb commands or use an adb shell to be able to run shell commands on the phone. This would require adb be set up on the user's computer. If you want to play around with adb, there's a nice guide called ADB for Noobs that goes through setting it up and starting out using it. I can't say I've really done anything with SQLite databases on Android and certainly not then syncing it to a computer so I could be off-base or overlooking a workaround.
Thank you for your valuable information. You guys are really great help, and I appreciate your time. I will study the links provided.
In the meantime my main concern is to access SQLite database, as I need to get to the records, or at least be able to copy it back and forth between device an PC. I guess the database file would be something like MyDatabase.db , but I have no cule how to find it and copy it. As you have said it might be in some system protected directory. The main issue is that I will ne a solution which would work on every standard device (no the rooted one), so I need something very easy for the user to setup and follow. I have seen a utility that allow to manipulate SQLite records directly on device, but again thsi tools requires to root the phone (which I'm reluctant to do) because ot the above reasons. If you could help my to resove this I would be very graceful!
Arthur
aklisiewicz said:
Thank you for your valuable information. You guys are really great help, and I appreciate your time. I will study the links provided.
In the meantime my main concern is to access SQLite database, as I need to get to the records, or at least be able to copy it back and forth between device an PC. I guess the database file would be something like MyDatabase.db , but I have no cule how to find it and copy it. As you have said it might be in some system protected directory. The main issue is that I will ne a solution which would work on every standard device (no the rooted one), so I need something very easy for the user to setup and follow. I have seen a utility that allow to manipulate SQLite records directly on device, but again thsi tools requires to root the phone (which I'm reluctant to do) because ot the above reasons. If you could help my to resove this I would be very graceful!
Arthur
Click to expand...
Click to collapse
Unless there is some trick I don't know about you are going to have to be rooted to get access to the database. I found a couple links discussing this: here and here. The second link does mention that the app with the database you want to access could be written to store the database on the sdcard where it would then be accessible but that would be unsecure since anything could read/modify it there.
Thanks, looks like I have to do more research on my own. It is hard to believe for me that Google would not allow to access the same database from different Apps. I've seen there is a Java class ContentProvider which seems to allow that, so I will study this, perhaps it will help. Thank for you help.
Arthur
There are a few of these guides around, but I thought to write my own. Hope it will be helpful! I'll keep the most up-to-date version on my site.
Rooting Android: What Is it?
If you've heard about "rooting" your Android phone, and are confused by what exactly it does, or don't understand the instructions you found on an obscure forum or blog post somewhere, this guide might help you make sense of things.
What Is "Root"?
"Root" is the name of the default administrative user in Unix. The user named "root" can do absolutely anything: edit or delete any file, start or stop any system service, and also add, remove or change the privileges of other users, so that they, too, could perform the same operation.
So, user "root" can actually bestow administrative privileges on any Android user, including the default one you use normally on the phone.
When you buy an Android phone, it normally does not let you login as user "root".
What Can User "Root" Do?
Your phone is really a general-purpose hand-held computer. People have written apps for it that can do the things like this:
Turn it into a wireless internet router, connecting to your 3G/4G network on one end, and broadcasting a wifi hotspot on another. You can thus connect your laptop to the internet from anywhere. "Tethering," but without cables!
Lets you overwrite any of the Android system files, customizing it to your heart's content. This lets you customize the built-in fonts, colors, keyboards, etc.
Lets you install newer versions of Android, beyond what your phone's vendor has provided.
Why stop at standard Android? Because Android is an open source operating system, people have been able to modify it to add features far and beyond what Google has put in it, as well as offering better performance in some situations. With administrative privileges, you can just flash an entire new Android ROM to your phone. A very popular one is CynaogenMod, which is based on Android 2.3.
Install various networking servers and clients, such as QuickSSHd to allow logging in to your phone over the internet, or CifsManager, which lets you access Windows shared drives from your phone.
Who knows? People might think of new users for these hand-held computers, uses that would require full access to all features of the phone.
Why Won't My Phone Normally Let Me Login As "Root"?
First, for reliability -- as far as you're concerned.
Imagine if your phone automatically gave you administrative access. This means that any app you install can do anything it wants to it. Obviously, unacceptable.
An alternate solution is available in newer versions of Windows and other desktop operating systems, which require you to enter a special administrative password whenever a program is trying to access secure parts of your computer. This is annoying enough on a desktop computer: on a phone, it would again be unacceptable.
So, it makes sense -- for your sake -- to disallow any administrative privileges.
Second, for reliability -- as far the phone vendor is concerned.
A smartphone, unlike a PC, is an expensive consumer device with an explicit support contract. People normally and frequently return phones to the shop if they stop working properly, or call customer support to get assistance. There's a huge cost for the vendor to maintain this support network.
Think for a minute what would happen if any phone user could login as "root" and delete any system file: you would have broken phones everywhere, frustrated consumers, and clogged support networks. Indeed, "rooting" a phone pretty much voids your warranty as far the vendor is concerned.
I Understand the Risks and Am Willing to Void the Warranty, So Why Can't I Login As "Root"? It's My Phone!
Even if logging in as "root" were an advanced feature, hidden away somewhere in the menus with thousands of warnings about possible dangers, you can bet that many non-advanced users would find it. When their phone breaks, you bet they will be angry, and will not care that the warnings were there. As far as they would be concerned, this "root" thing is a feature of their phone, and if it can break the phone then it shouldn't even be there.
And there's a third party who has a business interest in denying you "root": the telecommunication carriers. Their business model is designed around typical consumer uses of the phone, and they do not want it to be too powerful. For example, a "rooted" phone can let you tether it to a laptop, so that your laptop gets its internet access. But, carriers typically sell special "laptop sticks" for that purpose specifically, and these usually are more expensive than phone plans, because they take into account the much heavier bandwidth that laptop users tend to use. If everybody could "root" their phone and tether it, this product -- and source of revenue -- would be irrelevant.
So, Phones Don't Come with a "Root" User?
Android is based on the Linux operating system, which requires the "root" user to function. It's there. However, the vendor has tried to hide all the normal ways to access it. The "root" user is there, it's just "locked."
What Is "Rooting"?
In the context of Android phone, rooting means more than just letting you log in as the "root" user: it means installing a set of tools so that any of your programs can access "root" when then need to and you allow them.
The result is that "rooted" phone works just like Windows, in that it will ask you for permission (but not a password) whenever an app is trying to get administrative privileges.
Fortunately, once you gain access to the "root" user, it's very easily to install a set of standard apps that let you implement this feature, specifically the Superuser app.
How Do I Root My Phone?
Nothing in software can be truly locked down, and hackers have found ways to get "root" access on any Android phone on the market. There are quite a few holes.
But, these methods vary a lot and are different per phone. It's easier on some phones than others. It's often risky, too, because a misstep could potentially "brick" your phone -- making it so that you cannot boot into Android. "Unbricking" is possible in some cases, but not in others. Take care!
Search the internet, and you will likely find various blog and forums posts with instructions for rooting your particular phone model.
This is not a guide for rooting your particular phone model. Instead, it is a general description of what rooting is and how it works. It can help you understand the rooting instructions you find.
Any Downsides?
Well, first of all, there is the risk of bricking your phone. You might want to make sure that someone you know with the same model phone as you have has used the method before. Or, read about it in the internet forums, and make sure that lots of other people have used this method successfully.
Also, you may void your warranty: of course, this would only happen if customer support looks closely at your phone and notices that it has been rooted. It's a good idea to look at these rooting guides to see if there is an easy way to un-root the phone, or at least return it to factory settings.
Finally, there's the issue of "firmware updates" coming from your carrier. Sometimes they will work fine with rooted phones (as long as custom Android ROM has not been installed on them), but depending on the rooting method it may mean that won't work fine anymore. "Not working fine" can mean that the upgrades simply won't run, but it can also mean that the upgrades would fail terribly and brick your phone. Generally, if you have rooted your phone and are getting an "Update Available, Do you want to download?" message from your carrier, don't just say "yes," instead check the forums to see the experience of other people with rooted phones with this update. Generally this problem seems rare, a result of a very poor upgrade package from the vendor -- the usual case is that the upgrade simply won't work.
Don't worry too much: with a rooted phone (and a good Recovery program, see below) you will likely be able to install the upgrade yourself, and possibly better upgrades to more advanced versions of Android than your vendor provides.
How Rooting Works
First, let's understand how the locking down happens.
Your phone actually has more than just Android installed on it. There are, at minimum, three and usually four "partitions" in which entirely different programs are installed. Android is just one of them.
The Boot Loader
The first partition has the boot loader, the very first program see when you turn on the phone normally. The boot loader's main job is simply to boot other partitions, and by default it just boots the Android partition, commonly called the ROM (described below). So, you don't really see the boot loader for very long.
However, all phones allow for a special way of turning them on -- for example, holding the volume up button while pressing the power on button -- that shows the boot loader menu.
When you're there, you can actually choose if you want to boot into the Android partition, or you can boot into the Recovery partition (described in detail below).
The interesting thing about the boot loader is that it is very, very simple. It has no mechanism for users and privileges. One way to look at it is that it always is "root," and in fact can't be anything else.
Sounds like a good place from which to unlock your phone! Unfortunately, most boot loaders are too simple.
One exception is the boot loader found in Google's Nexus phones, and in a few other developer-friendly phones. These boot loaders can actually communicate with a PC over USB, and support writing data to partitions ("flashing" them), as well as booting from them. With this feature, you can flash an unlocked Android ROM to the Android partition, and you're done! Well, the challenge is just to find such a ROM that works well with your phone...
Most phones don't have such a flexible boot loader. However, getting into the boot loader menu is important, because it lets you boot into the Recovery partition, detailed next.
The Recovery Partition
As its name can tell you, this partition is mostly for customer support: the Recovery program can be used to return the Android partition to its factory settings, which can solve a lot of problems with faulty phones, or phones that were infected by bad apps. It can also format the SD card partition.
Some Recovery programs can also install special phone upgrades from the SD card, that write directly to ("flash") the Android ROM partition. Obviously, free access for anyone would allow rooting, so vendors make sure that Recovery would only accept official upgrades. But, one way to root a phone would be for hackers to find a way to create such an "upgrade" that the Recovery program would accept.
There's quite a lot of variation in Recovery programs out there: every vendor has their own idea of which recovery features would be useful for their customer support team. Boot into yours and take a look! It's harmless, unless you actually choose one of the recovery options...
Like the boot loader, the Recovery program is always in "root". A hacked Recovery program could let you flash an unlocked Android ROM, or run any "upgrade" you like. So, in addition to just "recovering" an unusable phone, it can help you "recover" the "root" user that has been locked from you!
A good Recovery program is very useful for customizing your phone, beyond just rooting it. By far the most popular Recovery program is Clockwork Recovery, also called ClockworkMod.
Some rooting methods begin by finding a way to flash ClockworkMod to your Recovery partition, from which you can then run an "upgrade" that roots your phone. Other rooting method find another way in, but still recommend you flash ClockwordMod as soon as possible, because it's just so useful for customizers.
You will not find a homepage or an "official" way to download ClockwordMod: carriers obviously do not want you get have easy access to it. But, search around, and you will find one appropriate for your phone. The ROM Manager app can also flash it for you, assuming you are already rooted.
The SD Card
This is another partition, entirely for you. It is not protected in any way, and you have full access to reading and writing files on it.
For many phones, this partition does not exist unless you physically install an SD card. Some phones have a built-in SD card.
The Android ROM
Finally, the most important partition on your phone! When the boot loader starts the Linux operating system (the "kernel") that sits underneath Android, one of the first subsystems to come up is the security system. From then on, the "root" user will be used to start various user-level subsystems required for the phone to function.
Eventually, the default user will be started, and that will be used to run your apps: the status and notification bar that appears on the top of the screen, the settings manager, the virtual keyboards, etc. Finally you get the home launcher, from which you can launch all the other apps on your phone. None of these programs run as "root", so you are effectively locked from administrative privileges.
The Linux operating system can set security permissions per file. So, indeed large parts of this partition are restricted to be read-only by any user except "root". So, if you boot into Android, none of the apps you run will be able to change these system files. The rest of the partition is readable-and-writeable, and generally functions just like the SD card partition, though it's usually much smaller.
Of course, if you boot into Recovery instead, you will be able to write to these files, because you are "root" there. That's why ClockworkMod is so useful for rooting your phone!
Most Android apps run on yet another layer, a virtual machine called Dalvik, which is a heavily modified version of the Java virtual machine found on previous generations of cell phones, as well as on desktop computers, servers, and many other devices. Definitely, everything you install from an app store will run on Dalvik. Dalvik is a tightly controlled environment in which privileges are carefully controlled per program, beyond what the Linux operating system provides. Not only do apps not have administrative access to the phone, but they can be limited in access to wifi, cellular access, and your data.
Except... that Android does provide a way for apps to request administrative privileges. In locked phones, this is automatically and silently denied. However, the Superuser app can hook into these requests and let any app switch to the "root" user, from which they have full administrative access. A friendly dialog box will pop up, asking you if you want to give the app full permissions. Say yes, and there you go!
A phone in which the Superuser app is running properly is rooted.
Summary: Rooting Methods
The rooting instructions you find will likely be one of these, or a combination of these steps:
Phones with boot loaders that can be unlocked (such as Google's Nexus) will let you flash other partitions. You can flash a whole Android ROM that is already rooted, such as CynaogenMod, and you're done! Or, if you don't want to replace your entire Android ROM, you can flash ClockworkMod into the Recovery partition, and move from there to the next method.
Some rooting methods start with a hacked way to flash ClockworkMod into the Recovery partition. With ClockworkMod, you can run your own special "upgrade" from the SD card. This "upgrade" will vary a lot per phone model, but at the minimum it will involve installing the Superuser app. For some phones, it will modify a few Linux configuration settings to make sure that Superuser app can login as "root." Other, more heavily locked-down phone models might require replacing certain locked parts of Linux and the Android system, sometimes much of the Linux "kernel" itself.
Other rooting methods use the phone's existing Recovery program, but the hackers found a way to create an "upgrade" that can fool the Recovery program into believing it's official. From there on, it's identical to the previous step.
Some rooting methods start straight from Android. Hackers found a way to login as root while Android is running. Of course, logging in as root is not the same rooting, but once you are logged in as root you can run a similar "upgrade" as is used in the previous steps.
Need More Help?
Don't ask me, please! Seriously, I spent a lot of time writing this long article specifically so I would not have to keep answering questions about the process. There are many internet forums and bloggers that welcome questions from noobs. I've generally found the Android hacker community to be extremely generous and welcoming.
Happy rooting!
Nice - but clarification requested
I like the article as it answers some questions.
One thing I'm curious about - you seem to use the terms Recovery Partition and Recovery Program interchangeably. Is that your intent? I'm not trying to split hairs - I just want to understand. I would have expected booting into the recovery partition loads the recovery program.
Also, you talk about how vendors choose features of their recovery program. CWM is then a replacement for the vendor supplied recovery program, correct? If you root then install CWM, are you in effect replacing the recovery program after rooting (as opposed to forcing CWM to overwrite the existing recovery program via flash)?
Thx
Thanks!
A very useful guide for android beginners like me!
Sorry for the bump . This post deserves a thanks and a bump
Thanks! A very useful guide for beginner. I've forwarded this to my colleague who just switched from Windows to Android phone.
Much appreciation!
Thank you so much. I have just purchased a rooted phone & have a ton of questions. Have spent hours here tonight searching for basic info. Finally found this & it really helped this total "noob".
Thank you again.
thanks (very2 usefull) from iphone4 user
Good work..
Sent from my Galaxy Mini using xda-premium
Thanks. It helped very much
how to root sony xperia u
How to root sony xperia U..?
please give me detailed and simple procedure to follow...
i would also happy to know should i have pc drivers to run this rooting process..?
thanks
Thx for taking the time to write the article helped me understand a lot of things
Hi folks,
I'm relatively new to XDA and similarly new to smartphones. My old dumbphone broke down and finally got an android device, samsung galaxy note, I really liked the huge screen.
I've been using linux for 2 decades now and chose an android device because everyone was telling me how it is linux-based which sounded like a good selling point. I'm quite pleased actually but have a few questions all of them related to my expectations that the OS will be linux-like:
1. I've been reading about rooting the phone and the like, but nobody explained the basics: why is it a special procedure to root the phone, why isn't it simply multi-user like any desktop linux? You could log in like a normal user or like root and that would be it. I guess there are serious reasons for the current design but it certainly doesn't seem natural at all.
2. In linux I can always figure out what the UI does in terms of the command line, so for instance if I use something on the UI (click an icon or bring up a menu) I can almost always do the same from the command line. This way I really know what's going on and if needed I can customize things. Case in point: right now I have to tap the phone a couple of times until I get to the broadband data transfer ON/OFF switch. It would be really neat to have an icon on the home screen that would do this. But I can't figure out what "command" needs to get executed to bring up the data transfer ON/OFF switch, so I really don't know how to create such an icon. This is just an example, I could come up with others easily, stuff I'd like to do, but can't figure out what happens under the hood. And it seems people create all sorts of simple trivial apps for these kinds of simple trivial tasks, when it should be possible to hack something up really fast. Any pointers on how to see what a UI interaction does and how to replicate it in a slightly different context? For example the broadband data transfer ON/OFF switch on the home screen?
3. I'm missing bash and top, ping, kill, cat, ls, etc, etc, Is there such a thing? (I already found connectbot but it would be nice to have scp and ssh inside a shell).
4. On my linux notebook I have a bunch of ad servers in /etc/hosts redirected somewhere else so they don't consume my bandwidth and don't clutter the webpage I'm trying to read. Can I have something similar on the phone? Is there something like an editor? I normally use vi, would be great to have that on the phone.
5. What controls the startup applications on boot? There are a bunch of stuff I bet I don't need but can't tell the phone to not start them. I guess I need to "root" the phone for this, but see question 1 Something related, I heard it's not possible to delete the factory installed bloatware without "rooting" the phone, is that true?
I guess that's it if anyone would make me feel as at home on the android phone as I feel at home on a linux desktop/notebook/etc I would be really grateful!
Cheers,
Daniel
1) Because the phone manufacturers lock Avg. Joe out of the system files to keep them from doing potential harm to the software. It saves your carrier millions per year in technical support costs.
2) Hold your finger down on an open section of the homescreen to open up a menu that will allow you to create shortcuts to important commands. You may also wish to install a custom Launcher that has more customizable features compared to whatever stock Launcher your carrier put on it.
Addendum: Root your phone, then install "Terminal Emulator" from the Play Store. Type in "su" and you'll then have superuser access to your phone's command line. From that point, it's pretty much exactly what you'd expect from Linux.
3) See Addendum to 2.
4) You could do it yourself, or let others do it for you. Root your phone, then install "AdFree" from the Play Store. Set up AdFree to automatically update and you're good to go.
5) 2 ways to get rid of bloatware, either root and use the Terminal to delete it yourself, or root and install a custom ROM that already has it removed. I highly, highly suggest rooting and switching to Cyanogenmod 9 as soon as possible. Go to your phone's specific forum on this site for instructions for practically everything you could ever want to do with your phone.
Note to 5: Your carrier sticks its bloatware into your system files, instead of in your user accessible app data. To change system files in any way, you'll need root access to your phone.
Here's a link to the development section for the Galaxy Note, please read all the rules and very thoroughly read all instructions before actually doing anything to change your device in any way:
http://forum.xda-developers.com/forumdisplay.php?f=1349
sreza said:
1) Because the phone manufacturers lock Avg. Joe out of the system files to keep them from doing potential harm to the software. It saves your carrier millions per year in technical support costs.
Click to expand...
Click to collapse
I see, makes some sense for them, but I'm wondering if Microsoft can afford to have an Administrator account exist on Windows, why can't android be shipped that way (rhetorical question).
Addendum: Root your phone, then install "Terminal Emulator" from the Play Store. Type in "su" and you'll then have superuser access to your phone's command line. From that point, it's pretty much exactly what you'd expect from Linux.
Click to expand...
Click to collapse
Looks like this is what I have to do
I highly, highly suggest rooting and switching to Cyanogenmod 9 as soon as possible.
Click to expand...
Click to collapse
On the cyanogenmod website I don't see samsung galaxy note listed as a supported device.
http://forum.xda-developers.com/forumdisplay.php?f=1349
Click to expand...
Click to collapse
Thanks, this is very helpful.
Another n00b question: how the hell does one quit the default browser? It looks like there is no way to close the last remaining window.
fetchinson said:
I see, makes some sense for them, but I'm wondering if Microsoft can afford to have an Administrator account exist on Windows, why can't android be shipped that way (rhetorical question)
On the cyanogenmod website I don't see samsung galaxy note listed as a supported device.
Another n00b question: how the hell does one quit the default browser? It looks like there is no way to close the last remaining window.
Click to expand...
Click to collapse
Because Windows can't afford to alienate power users by locking down their system. If they did, they'd be Apple. Also, remember that it's not Google that's locking you out of root, it's the phone manufacturer/carrier; which aren't exactly known for being bastions of ethics...
Windows is actually starting to lock you out of functions with Windows 8, the ARM version of Win8 can't sideload applications.
Cyanogenmod might not be officially supported for the Note, but there's probably a few devs on the Note's forum that are unofficially making a port. Try this ROM:
http://forum.xda-developers.com/showthread.php?t=1552554
There is a way to close the final window if you go into the browser menu and close it, but it's really not necessary. Android will auto-close old background tasks if you start to run low on memory. You may also want to look into downloading a different browser from the Play Store. I've never bothered, but I've heard good words about Opera Mobile. Dolphin HD is absurdly popular, but at it's heart it's basically the stock browser reskined, which offends my sensibilities, lol.
Also, if you're on ATT, you may want to check out these instructions on how to get unlimited data on smartphones for $15 per month:
http://forum.xda-developers.com/showthread.php?t=1446373
Thanks for all the useful info!
While looking further around on the phone I stumbled upon another thing which would be quite trivial on ordinary linux: how do I see the creation/acces/modification times for any file? I've installed Terminal Emulator from github, "ls" works, but not "ls -al".
Also, how do I check if there is any network access at all or if an application tries to access the network or not? On linux I would run the program though strace and that would show me all system calls so I would see what the application is up to. For instance the S Note application (it's a samsung note taking application for the Note) takes a long time when I save a note, which makes me think maybe it wants to sync the file to a samsung cloud service or something like that. How do I check what takes so long for this app, in particular if it wants to access the network or just plain slow?
fetchinson said:
Thanks for all the useful info!
While looking further around on the phone I stumbled upon another thing which would be quite trivial on ordinary linux: how do I see the creation/acces/modification times for any file? I've installed Terminal Emulator from github, "ls" works, but not "ls -al".
Click to expand...
Click to collapse
With the terminal, I'm not sure, but you could download one of many file managers from the Play Store and view the files' properties through that.
Edit: I have Terminal Emulator from the Play Store, and "ls -al" works fine for me (see screenshot). I'm also using Bash for my shell, so that could be it. Also, see about Busybox below.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Also, how do I check if there is any network access at all or if an application tries to access the network or not? On linux I would run the program though strace and that would show me all system calls so I would see what the application is up to. For instance the S Note application (it's a samsung note taking application for the Note) takes a long time when I save a note, which makes me think maybe it wants to sync the file to a samsung cloud service or something like that. How do I check what takes so long for this app, in particular if it wants to access the network or just plain slow?
Click to expand...
Click to collapse
You can probably find an app in the Play Store with that functionality. Wireshark is in there, so I'm sure something like strace has been done.
Also, look into installing Busybox from the Play Store. It provides a lot of the normal Linux terminal commands you might be missing.
EndlessDissent said:
Edit: I have Terminal Emulator from the Play Store, and "ls -al" works fine for me (see screenshot). I'm also using Bash for my shell, so that could be it.
Click to expand...
Click to collapse
Sweet! So how did you get Bash? Is it something working together with Terminal Emulator or a separate application (whatever the appropriate android lingo is )? If I search the play store for "bash" I don't really get anything resembling a shell, but probably I'm just overlooking something obvious. Installing this would be a great start.
EndlessDissent said:
Also, look into installing Busybox from the Play Store. It provides a lot of the normal Linux terminal commands you might be missing.
Click to expand...
Click to collapse
Thanks, this looks great too!
Going the Other way
Hi
Android and it UI's is not like any X11 based desktop, but buying an android devices is what got me into using linux as my main desktop and I tend to think as them as one and them same at a command line level at least.
If you comfortable with building from source you can cross compile any tools you are missing.
They numerous time saving widgets and the like on google play. i.e wifi toggling which sit right on your main screen.
You'll find that most utilities and useful stuff has been ported to android.
If you want to use vim I would download "terminal ide" which is an IDE which runs on android, if your familiar with java you can create application directly on the devices
it also contains bash, busybox and more.
Busybox is a multicall binary. Androids native one is called toolbox and can be found in /system/bin. If you want to port your favourite bash scripts over then there's script managers which will run scripts at startup etc.
Obviously with these optimized binary all the help and in the case of android toolbox, any command not need by the system is general left out. It's not meant for as a general purpose shell.
Trivia: splitting up you parameters when using toolbox can sometime help e.g "ls -l -a" works where as "ls -al" didn't
You can remount the root and /system as read writable, a man of twenty years linux doesn't need the dangers of that explaining.
There's a plethora of Root tools for removing system packages and general tweaking, google play is you friend in this case.
If the android UI really does not live up to your expectations than you always install Ubuntu.
When you rooted your device and unlocked you bootloader and basically voided any manufacturers warrenty (not something I care about, but I t seems important to some people ) that came with the device you just got a computer with a different cpu architecture, so the opportunities are limitless with what you can do with it
Have Fun!
T
Believe it or not, this netbook comes already rooted, but how to access it is hidden. The original adventure is posted below if you're interested,but I'll put the tl;dr up top.
You'll need to side load the app USB Debug by tatibana. This will shortcut to the hidden developer options. Slide the developer options on. You may or may not need to reboot, I was too focused on USB Debug to notice the SuperUser Options... The default is Always Deny. Set to Always Allow, then you can replace with your choice su manager (I installed Chainfire's SuperSU).
That's it. The rest below is my original posts up to this point, including getting a Linux working prior to figuring out root. Enjoy the read.
Edit 2: You can pick up new posts from this point by going directly to post #11.
Original Post:
---
Okay, this one is a bit puzzling and I haven't found any good info in searches. This is an Android netbook with Jellybean. Pointer control is a single point touch pad which makes zooming out on several apps impossible; I wish to attain root so I can install desktop Linux in parallel and use some desktop apps in place of some Android apps. I know I could use something like qemu but I'd rather install root and use arm binaries than take a performance hit using non-root methods.
This netbook comes with an installed su binary and busybox 1.19.4 but trying to invoke su results in
su: uid 10084 not allowed to su
Settings is also a bit crippled; no Developer Options section means no option to invoke USB Debugging. Anyone have any good ideas?
---
Sent from my C5155 using XDA Free mobile app
addendum
There also is no physical volume or photo buttons, and no obvious way to get into fastboot mode. My guess is that the original OS image was made in root mode, then the CV dev created a default user with almost no permissions, then backed it out effectively locking it out of root forever. I have also discovered that the busybox doesn't have access to the network as this user 10084, negating half its usability. No Play Store either (using Amazon instead), though I can (and have) install to my phone and copy to this if necessary.
This has a cool little form factor and I think has so much potential for a cheap device if I could just bust this major barrier. Does anyone know any sh or setuid tricks that might fake this thing into a root mode, or at least manage to give me enough permissions to edit /system files?
system seems to be owned by user 1003 and group 120, if that helps.
---
Mmmmmm, tasty foot...
So apparently this is normal behavior for the stock android su (see guys, I'm learning >P ); only the user shell (and root) can use su. This thing using a shared uid for apps might or might not have an effect, don't know yet. The normal way around it is to adb shell and su in, then overwrite with a custom su binary such as ChainsDD. I don't know if I have that option since there's no USB Debugging option, and I'm too tired to find out tonight. I will update this adventure later.
USB failed, but not anything to do with adb, didn't even get that far. The netbook failed to even register to the desktop (Linux)... lsusb didn't show anything. I don't know if it's a cable thing (tried direct A-A patch and the MiniUSB charge port- charge port predictably didn't support data and neither standard port showed any reaction) or a hardware limitation.
I also took a crack at adb over wifi but as usual it was the catch 22 of needing root to invoke adbd into tcpip to attain root.
Still open to suggestions... please?
---
Sent from my C5155 using XDA Free mobile app
Developer Options?
This is driving me up a new wall. Based on what I have been reading all day, Developer Options are a core function and cannot be removed, only hidden. This thing has not been giving me much confidence in that statement, however. I have been through the settings over and over again with a fine tooth comb and the whole thing eludes me.
This is Android 4.1.1. The 4.2+ trick (7 clicks on Build Number) doesn't work, and it's not in the App settings either, nor is there any sections renamed "Advanced" or the like. It may not be an end-all but I feel it would at least be a step in the right direction. I might be able to use an exploit such as Poot or Framearoot, which are currently ineffective.
I also haven't had any luck with getting into a recovery boot mode, not sure it's possible with this keyboard (I suspect it's soft driven; inactive until the kernel and modules are loaded). This seems to be just one shut down after another. I need more ideas, pointers, whatever. Don't forget, it can also help the next sap stuck with this model...
I decided to not lose sight of my original reasoning and move forward anyway with an app that claims to install Linux without root. I installed Gnuroot Wheezy which taught me some more f'd up things about this netbook but it at least in concept is working. What more things I have learned...
One of the issues with running Linux without root is the inability to use the external SD-card, at least native, because you can't mount an external partition/file that hasn't already been set up in the mount scripts outside of userspace. Gnuroot uses a chroot off the secure asec in /data. With about 3G user space available on this netbook, you'd think that wouldn't be a problem... but it is, because of another setup issue with this netbook...
See, while the external SD card does mount to /sdcard,/mnt/sdcard, that is NOT where Android app setup calls SDcard... there is a so called internal SDcard that is really a fake vfat via fuse mount off /data mounted to /mnt/local. This means it does no good to move my plethora of other apps to the "SD Card," actually, it makes the problem worse on this device. I imagine it was done so you could swap SD cards without affecting your apps, good move for flexibility but poor for expandability.
For those who would try it, that's also a big hint for getting it working. This device does not have access to the Play market*, so you will have to move helper apps from another Android device over. Don't bother with 3rd party repositories, you will not get everything you need. The biggest issue is the WheezyX obb file. It on install ONLY from the Play store will be located in /sdcard/Android/obb/champion.gnuroot.wheezyx/main.2.champion.gnuroot.wheezyx.obb , on this netbook the file must be moved to /mnt/local/Android/obb/champion.gnuroot.wheezyx or it will not be recognized, and because of the play store issue, can't be downloaded and gnuroot will exit with error.
Anyway, so now WheezyX is actually running and I am attempting to install an Openbox/LXDE desktop... the problem I am hitting now is the space limitation... It said it needed about 330 MB space and I had 360MB available on start... I'm now about 1/4 through and the netbook has come to a dead crawl due to... yep, very little space left (about 55 MB free on /data)... WTF! I feel like I am just not meant to win at like anything...
---
*Edit: Once rooted, the play store can be installed to the system partition and does work pretty good.
---
Sent from my C5155 using XDA Free mobile app
Some success with Linux
Well, it took quite a bit of monkeying and persistence but I do have desktop Linux running via the above described method. I found Synaptic was useful for finding packages but as the GNURoot author warned, for the love of all that's holy, use apt-get to actually install the packages. It seems trying to install a desktop environment via Synaptic totally overthrew the system. Also try installing only a few packages at a time and clean up after each one, especially where space is a premium.
What's left now is experimenting with vnc viewers a/o X11 environments. I'm presently using PocketCloud but it doesn't seem to like this keyboard (right shift = 6, no down arrow, Ctrl is sticky- forget combo keys; at least the included soft-keyboard does work, just a productivity killer) and getting a right mouse click is almost impossible, so I want to see if I can do better.
The environment is OpenBox with lxpanel and the background is set with qiv. I am confident now that providing space wasn't such an issue I could run pretty much any basic Linux program I want. I have not tested audio and I already know just being vncserver that motion video is a bad idea; this was mostly proof of concept until I can open up some space. I may now see how far I can take this (e.g. link large trees to the SD card, such as bin directories; since it's already running fake-root, I'm not too worried about user permissions. I may also experiment with fuse).
Edit:
This does not mean I don't still want to get a true root. If nothing else, even if I can't take Linux off the internal storage, root will allow me to force Android apps on to the external SD; either solves the current space issue and thus is still desirable. I'm just not as stuck in the mud now. Ideas still very much appreciated.
Done and done.
Just a quick update to say the project isn't dead, just dormant. I have successfully turned on USB debugging thanks to a shortcut app called "USB Debug" by Tatibana. Thank you
---
Sent from my C5155 using XDA Free mobile app
Framaroot, Universal Androot, and Poot have all failed.
:banghead:
Have yet to see if physical USB will now work... I don't exactly live alone.
---
Sent from my C5155 using XDA Free mobile app
SUCCESS!!!!!
IDFBT! I must have not been paying enough attention before or something, or maybe it was one of the half dozen greyed out options before... not sure, but after I was again unable to connect via direct USB, I decided to double check the developer options to make sure noting was reset by the last reboot.... and there in bright white last in the top section... Superuser Options (set to Always Deny)! I set it to Ask and tested, but it promptly rebooted as soon as I tried to su, and again on that boot, so I had to set to Always Allow. Amazon doesn't have SuperSU and last I knew ChainsDD Superuser is still adrift in the doldrums, so I'll have to sideload (as usual), but, I just wanted to share. This netbook does come rooted, you just need to turn on the hidden developer options, reboot, and go back and allow SuperUser.
Will report more as I progress. Banzai!!!
Adventures in Linux land
Well, I had mentioned before how space was an issue. Thanks in part to Link2SD, I managed to curb that problem.
Problem still though was my base graphical Linux install was taking 1G of my /data space. Since I made 2G available on the Link2SD ext4 (/data/sdext2) partition, I found I had about 1.3G available after moving most apps over, I decided I'd try a manual data move. I was slow with this since I didn't know how Link2SD or the system was going to handle it. That turned out to be a good thing.
When using Link2SD, one thing that should be obvious is to never move essential apps off the internal storage. These would be things like Link2SD itself, a Terminal emulator, and your superuser manager (e.g. SuperSU); basically, things you absolutely cannot lose access to even temporarily.
Okay, so, to test the behavior, I went into the emulator..
su
cd /data/sdext2
mkdir Linux
That's all. I then did a normal power off and restart. When rebooting, an "Android is Updating..." box came up and went away in a few seconds. The launcher came up and I waited for everything to load normally. Then I started getting a rash of "App is not installed" messages... uh oh. The only reason this turned out to not be a big deal is Link2SD and SuperSU were still on internal storage, and Link2SD is designed to deal with this problem. I simply launched Link2SD, clicked the tab bar on the upper left, and selected "Relink all application files," after which it requested a reboot, and I complied.
With a semi-disaster averted, I went back into /data/sdext2 to see if the Linux directory was still there. Hallelujah it was. Next was finding the GNURoot wheezyx root. This turned out to be fairly easy:
/data/data/champion.gnuroot/app_install/roots/wheezyx . I decided for potential future expansion to move the whole roots directory. Being cautious as I try, I do a copy.
su
cd /data/data/champion.gnuroot/app_install
cp -a roots /data/sdext2/Linux/
(... go make a sammich ...)
rm -R roots
(... go make and eat dinner ...)
ln -s /data/sdext2/Linux/roots roots
This appeared to work at first, until I tried to install something (abiword). I discovered that the permissions were not copied to the lib directories (android security quirk?). This would probably not be an issue if this were a true root install but being a fake root app install, it effectively prevented the installation of libraries. This was fixed simply by doing a chown and chmod on the lib directories.
Contined from above:
cd roots/wheezyx
chown 10102.10102 lib
chmod 771 lib
chown 10102.10102 usr/lib
chmod 771 usr/lib
*note: the app id number may be different on your copy. This will be fairly obvious with a simple ls -lh .
After that, the install completed and this thing is running pretty good. I am now considering this a complete success. While technically solved, I'll keep this thread open for questions or updates (for as long as the mods don't mind).
---
Sent from my C5155 using XDA Free mobile app
Screencap op
Assuming the uploads work this time, attached are some screencaps. Enjoy.