information android privilege escalation - Security Discussion

prejudice are very interested to know at least the basic things well or paths that I should tackle to find a way to charge your phone the victim files a shell which will do the same job that would odin connecting via usb .. my basic understanding I think I have to sh and a bit of exploits on Android also know that every phone it takes its proper CF-AUTO-ROOT .. I just wanted to open this topic only to infrormarmi or if you also have any ideas, advice, guides maybe.

Related

The Path to Developer

Dumbest question yet:
I have no coding or developement background, but have recently become fascinated by the android os and what you, the developers, are able to do with it. I am toying with the idea of obtaining root and running jf's mod, but feel as if I am disrepecting all of the work that all have contributed by simply following a list of instructions, and not truly understanding what each step and its outcome means.
What steps can I take to fully understand your (the community) work and to someday contribute something of my own.
Classes, recomended reading, recomended os to switch to (currently mac 10.4), coding languages in what order?
Please help turn an advanced casual user into a baby, even fetus, even embryo, of a developer.
there's an android 'boot camp' in Georgia next month if you have 3500 to throw down. i too have jumped on the wannabeadeveloper wagon. i'm sure there will be books coming out in the near future on beginning android development. i kind of just jumped right into it all, downloaded the sdk, got root, and tried to become more familiar on how it works. get the engineers bootloader if you are going to be working on your phone. and I dont know if its the best os to switch to but i just killed xp and installed ubuntu 8.10 on my comp so i can become more familiar with codes and commands. i'm sure real devs could probably help you out more, but check out some guides, read some tutorials.
fattywarbucks said:
but feel as if I am disrepecting all of the work that all have contributed by simply following a list of instructions, and not truly understanding what each step and its outcome means.
Click to expand...
Click to collapse
Just having read the directions is probably respect enough. If you want to actually understand the computer science behind the hacks, you should check out some books on Linux fundamentals and shell scripting from your local library.
If you want to develop applications for Android, then you could either get some books on teaching yourself Java or sign up for an Intro to Java course at your local community college.
p.s.: it was a very good question and not at all dumb.

Basic Android SDK Tutorial For Beginners (Windows) - 02/24/2011

Setting Up Android SDK for Windows Platforms
If anything doesn't work, or you don't follow directions based on this guide, I will not be held responsible for any outcomes. You are choosing to do this 100% on your own, I am only providing the information to get started. At this point, you are taking your actions into your own hands and are warned about your decisions.
The purpose of this is to familiarize you with setting up Android SDK for Windows. After reading through this tutorial, hopefully you will be able to feel a little more comfortable with setting it up and using it. I will tell you how to set it up, and after that, if you are a little more comfortable you can place the folders wherever you like for a little more convenience for yourself, but as for this tutorial, I am going to have a set destination for everything. So let's begin.
Index:
Download Links.......................................................................................................................................Part I
What Is Android SDK?.............................................. ................................................................................Part II
Setting Up Android SDK............................................... ............................................................................Part III
Basic Command Examples.......................................... .............................................................................Part IV
Summary of Android SDK............................................... ..........................................................................Part V
Part I: Anroid SDK Download Links.
In order for you to get Android SDK set up and running properly, you must first make sure you have the right files. Below this short description, I have included the download links. This tutorial will show you how to setup Android SDK for the Windows platform. I'm going to be completely honest and say that it's the only platform I know how to set it up for, as it's the only platform I have used personally for Android SDK. You can search online for setting up the SDK with other platforms.
Links:
Android SDK Windows Installer.exe
Android SDK Mac OS X (intel) .zip
Android SDK Linux (i386) .tgz
Part II: What is Android SDK?
Android SDK is a very useful tool that allows developers and users alike to take more control of their devices. Was there ever a time, where you wanted to add/remove something from your phone, but it just wouldn't let you?. Have you ever needed to test something that wasn't working, and you needed to find out why? Ever encountered the most famous of lines "Permission Denied"? All of those questions have been asked by many, and with this tutorial, I'm hoping to at least answer some of the many questions surrounding Developing on an Android device. There are many uses for Android SDK, which I hope to cover in this instructional "blog" without boring you guys to death lol. Without getting to indepth at this point as to what SDK does, let's just go over a FEW benefits of using SDK.
1. Debugging. SDK helps you in so many ways, one of the most beneficial being debugging. If you're developing an app for your device, and you are running into constant force closes, then you can fire up SDK and try to find out why.
2. Testing. If you don't feel quite comfortable with testing certain things on your own device, Android SDK also allows you to use an emulator on your computer with real life interactions to show you exactly what would happen if you added/removed something from your device.
3. Rooting. Most of the Rooting techniques we have for the Epic consists of One Click methods brought to you by smart Dev's that like to make things easier for you. Before that, we had to manually push the files to the phone, and put them in the correct places. Sometimes, people don't get so lucky with the One Click method and must revert back to the "Prehistoric Method" lol.
4. Installing Apks. If you have an app that you want to put on your device, but don't have the convenience of adding it with an application manager of some sort, then you can always use the SDK to do so.
5. Adding/Removing Files. A lot of times, certain files managers don't show you everything you need to see in order to do particular things you want to do. With Android SDK, as long as you know the directory, you can move the files. Some times, you may need to set permissions before hand, but that is also capable with SDK.
There are MANY more options for the Android SDK, but I want to keep it short and sweet and not bore you guys too much lol.
Part III: Setting Up Android SDK.
THIS METHOD IS ONLY FOR WINDOWS USERS!
Ok, you've downloaded the correct package for windows, and you're ready to set up Android SDK on your computer. What now?
The windows installer.exe SHOULD check for Java on inital install and install it if you don't have it on your system already. The following statement is basically just for users who have problems after install should it not install Java for your system. If you do not have Java on your computer, you will need to download it at this point. Click here on JDK to download the Java Development Kit. This kit will allow you to run Android SDK through its various Java options.
THIS STEP IS OPTIONAL, YOU DO NOT NEED TO DO THIS FOR SDK TO FUNCTION PROPERLY!
Optionally, if you are planning on developing through Eclipse, then you will also need to install any plugins for it that require Android SDK to operate with Eclipse. The plugin is called the Android Development Tools or ADT Plugin. If you are new to Eclipse, but would like to start learning to develop applications and more, and don't have it on your machine yet, you can download it from here. You MUST make sure that the version of Eclipse that you are installing is suitable for Android. Eclipse recommends versoin 3.4 or higher, and I personally use Eclipse: Galileo, which can be found here.
Now that you have downloaded and installed the Java requirement and Eclipse (only if you chose it, it is NOT required), it's time to actually setup the Android SDK on your computer. When installing SDK to your system, it will allow you to set the path to where it is being installed. Personally, to have the most ease when using it, I chose to place it directly on the C: Drive. Make a note of the directory when installing should you want to use the ADT plugin for Eclipse later on. Just click on the installer.exe that you downloaded for Android SDK, and follow the on screen prompts to get it installed.
OPTIONAL ECLIPSE INSTALL, PLUGIN DIRECTIONS
If you choose to install Eclipse, here are a few steps to get the Anroid Development Tools (ADT) Plugin setup for doing so. Android Development Tools (ADT), is designed to give you a powerful, integrated environment in which to build Android applications. It extends the capabilites of Eclipse to let you quickly set up new Android projects, create an application UI, debug your applications using the Android SDK tools, and even export signed (or unsigned) APKs in order to distribute your application. In general, developing in Eclipse with ADT is a highly recommended approach and is the fastest way to get started with Android.
If you'd like to use ADT for developing Android applications, install it now. Read Installing the ADT Plugin for step-by-step installation instructions.
At the end of the Android SDK install, you are given the option to “Start SDK Manager (to download system images, etc.), go ahead and allow SDK to start. You are presented with a list of packages that will be installed. The list is rather long and contains packages for developing on all versions of Android going back to Android 1.5. If you would like to install all of these packages, go ahead, but they are not necessary for ADB. If you only plan on using ADB, click “Cancel”. Keep in mind, you can always add packages if you decide you would like to develop.Once you hit cancel, you are now in the Android SDK and AVD Manager. In the left pane select “Available Packages” and in the right pane expand “Android Repository” by clicking the “>” next to it. The only package we need for ADB is “Android SDK Platform-tools”. Put a check in the box for that package and select “Install Selected” and in the next window click “Install”. You are prompted to restart ADB, go ahead and click “Yes”. Now, you can close all windows.
One last thing we need to do is to add ADB to our PATH so that ADB will run from any command prompt. To do this Go to Start-->Control Panel-->System and select Advanced System Settings in Windows 7 or Advanced Tab in XP. Click Environment variables. Under the “System Variables” section, find PATH and double click. In the Variable Value box, at the end put C:\Program Files\Android\android-sdk-windows\platform-tools seperating the previous entry with a semi colon. For x64 you would use C:\Program Files(x86)\Android\android-sdk-windows\platform-tools.
Now we just gotta check to make sure that it was all installed correctly. To test if we have been successful, plug your phone into your PC, allow the drivers to see your phone, and then open a command prompt. At the command prompt type adb devices . You should see ADB return with your device number.
Part IV: Some Basic SDK Commands.
There are plenty of commands that you can use through SDK, but I will give you a couple to help you with what you need to do. Before you can use any of the commands, you will first need open Windows command prompt to CD to the directory to which you installed your SDK. As I said before, I installed mine to my C: Drive directly, so for me to CD to that directory, the command looks like this.
cd C:/SDK/Tools
To make it even easier, you can hold "Shift" and right click on the "Tools" folder of your SDK and it should bring up a menu in which you can choose "Open Command Prompt". It will then be directly CD'd to that directory without you having to do any thinking .
Now that you are CD'd to the SDK/Tools Directory, you can start performing actions. You MUST! have the drivers for the Samsung Epic 4G installed to do this. If you do not already have the drivers installed (which you should if you have your phone rooted, allowing SDK to work) then you can download them from here provided by noobnl of XDA-DEVELOPERS. If you already have the drivers, then simply skip that step, and head right to the next, which is allowing debugging on your phone. To perform this simple task, on your phone, navigate to Menu>Settings>Applications>Development and select USB Debugging. Now plug your phone in, because it's time to get started. Here are a few basic commands to help you on your way.
1. adb shell - The adb shell command allows you to control your phone as root from your command prompt terminal. When you type "adb shell", you will then be prompted on your phone from Superuser to either allow or deny access. Should you click deny, you will have to restart your phone, reconnect your phone to your computer via USB cable, and start again, so MAKE SURE you click allow. Once you click allow on your phone, your command prompt will return with the pound symbol (#). If it does, you are now controlling your phone as a root user from your computer. You can do a lot of things from this point here which I will cover in another tutorial later, for now, we will just stick to the basics.
2. adb push - The adb push command allows you to transfer files from your computer to your phone without having to mount your sdcard to your phone, copy the file to your phone, then disconnect, and have to use a file manager to manually put the file where you want it. In order to push ANY files to your phone, you MUST have the file in your SDK/Tools folder already. Here is an example of a file you can push to your phone. We will use adding the AOSP Lockscreen to your device as our example.
**First, you will need to download the AOSP Lockscreen.zip from XDA. It will come with a flashable folder, but this method I am about to show you will be for the folks that don't really feel like booting into clockwork and would rather use the access of their computer.
**Second, decompile the AOSP Lockscree.zip and place the android.policy.jar file inside your SDK/Tools folder. Once inside your SDK/Tools folder, it's time to move to the next step.
**Third, with the file from the AOSP Lockscreen in your SDK/Tools folder, it's time to type the command to get it to move from your computer to your phone. Type the following command to do so:
adb push android.policy.jar /system/framework/android.policy.jar
**Finally, with the file pushed to your phone now from your computer, you can safely reboot your phone to enable the changes. To reboot your phone the easiest way, simply type adb reboot. When your phone boots up again, the changes should be made and you should now be enjoying your new AOSP Lockscreen.
3. adb pull - The adb pull command can be used to pull various items from your phone. A simple example of this command would be: adb pull /system/framework/framework-res.apk /Desktop/Android/. You can pull just about anything from your phone, but when I say just about, i mean exactly that. Just about anything. There are certain things you will NOT be able to pull, such as items that are packed inside compressed files (I.E. anything inside a Kernel).
4. ddms - The ddms command allows you to debug your phone in one of the many ways. You can also use the ddms command to take screenshots of your phone should you want to show it off .
5. adb reboot/adb reboot recovery/adb reboot download - These commands are pretty self explanitory. Without having to use the 3 finger death grip, you can use these commands to reboot your phone to your preference whether it be a simple reboot, rebooting to recovery, or rebooting to download mode.
NOTE: If you are using Clockworkmod 3.0.0.5/6 ported by Dameon87, you will need to check to make sure the redirector is working. If the redirector is not baked in, then you MUST use the 3 finger death grip to boot into recovery otherwise it will boot you to the wrong recovery. Clockworkmod 3.0.0.5/6 supports Edify scripting, while Clockworkmod 2.5.5 uses Amend scripting. If you try to use an Amend script in Clockwork 3.0.0.5/6, which only supports Edify Scripting, it will return you with an error saying that it does not support it any longer. This is why it is important to find out if the redirector is baked in or not.
Part V: Summary of Android SDK
Well to bring it all to an end, I would first like to say thanks for taking the time to read this and I sincerely hope this helps you guys with setting up Android SDK for the first time. Just to recap, we went over Downloading the Android SDK, finding a little out about SDK, Setting up Android SDK (as well as installing Java if needed, and Eclipse if you chose to), and some Basic Commands of Android SDK to get you started. I will be writing up an Eclipse tutorial and a more advanced Android SDK tutorial a little later with more commands and help to get you developing in no time. Thanks again for taking the time to read this, and if I have helped you in any way, please, hit the thanks button .
If you have any questions, feel free to either write me a message here on XDA, or joining me in the Team Viper chat. You can access the chat by clicking here and following these simple instructions.
***When the page pops up, first you will need to enter your nickname. Please choose your nickname from XDA so I may better be able to help you.
***Next you will have to choose your channel. Click the dropdown box and choose "other". When the box pops up prompting you to enter the channel, enter #viper as your channel.
***Finally click on the join button and you should be brought right to Team Viper's chat.
Thank you to all the members of Team Viper who helped me throw this together and other members of XDA who have provided either information, downloads, or just a helping hand with the making of this tutorial. Also thanks to Team Whiskey for further easing the transition to using ADB.
Huge thanks for the tutorial. I only wish this was posted this past weekend. I spent about 3 hours on Monday installing SDK and reading fragmented stuff online about how to use it. It was a good learning experience, but I would have spent far less time if I saw this. Thanks again
MAN this is awesome. now my biggest problem will be trying not to spend time reading and learning while at work...BIG THANKS!!!
BT keep up the GREAT work, in behalf of us all!
BT is the King of the Epic Forums..thank you so much for all your hard work and dedication ....Cant wait to see the next installment of ViperRom
If I may add, if you want a full list of the commands while in adb, just type 'adb' and hit enter. It will display a ton of commands that you can use in abd, including the push, pull, reboot, etc. commands.
There are probably more commands that just aren't listed using that command, but I found it very useful as I was perusing.
Thanks for the heads up, I totally spaced on that... ill add it to the OP.
I'm sure this is all great information to have here, but wouldn't a simple link back to Google's Android development pages been easier - it's pretty much the exact same information and even has images and video links.
WolfKaBaL said:
I'm sure this is all great information to have here, but wouldn't a simple link back to Google's Android development pages been easier - it's pretty much the exact same information and even has images and video links.
Click to expand...
Click to collapse
Never fails... I do something here to make it easier than linking to another site and there's always that one guy who just can't be happy for whatever reason... my apologies for doing this... please, let me know who it killed from my efforts to make it easier on you and ill send my respects. I didn't know it was going to kill someone.
Exactly
BT ignore them type cats man we all know you and team viper among others do great work here i can honestly say without you guys,dameon,mammon88 i wouldnt be contributing my own rom you guys offer and willingly give help FREE help at that lol so ignore them man its always one negative person law of nature we need balance even in XDA lol
computerkid23 said:
BT ignore them type cats man we all know you and team viper among others do great work here i can honestly say without you guys,dameon,mammon88 i wouldnt be contributing my own rom you guys offer and willingly give help FREE help at that lol so ignore them man its always one negative person law of nature we need balance even in XDA lol
Click to expand...
Click to collapse
Lol I just feel like every time I say something on here, Michael Jordan creeps up behind me and sings in my ear "Anything you can do, I can do better.... I can do anything better than you"
I'm not trying to disrespect your efforts, and I do respect all the work you do on the roms and tools. But when it comes to stuff like this, I simply feel it's best left to the creators - eg: Google. Their repository of information is going to remain up-to-date and correct 99.9% of the time. Anything you post here will have to be continually updated as things change. Essentially you're fragmenting the information. That's the point of a central repository - to keep all the information together and current.
Also as far as the "making it easy" - and again, I mean no offence, but it is a lot easier to sort through and read the original documentation on Google's site simply because of formatting. [This is 100% a personal opinion though.]
In general though, if given the option to have to either link here to this post, or link back to Google and their posts, I'm pretty sure the better option is to link to the original content.
As for all the people dying and what-not.. not sure where you're getting at there, a little over-dramatic maybe? - All I'm doing is letting people know the content has been replicated - had you started off the post with a link to Google's documentation, and then continued with saying "to sum it all up, here's a quick reference" then everything is fine.
I'm not trying to troll or anything, but to a certain degree flooding the forums with redundant information becomes a waste of space, time, and effort (for the creator and the readers) - especially in the developer's section, as I think knowing of and how to use the SDK should be prerequisite for participation.
Personally I disagree. Having been to googled sdk page, this seems more comforting and real world. Maybe its because, psychologically I feel I can get his help if I get stuck. I'm hearing first hand that he has done it. Same with the rest of the info in this forum. Knowing if you repeat these steps you will see these results. After all, theres nothing new here, just building off other peoples concepts/skills/code/designs/etc.
even if its just for me, the only idiot who needed help, I hope BT is glad he posted. Thanks man! Keep it up.
Sent from my SPH-D700 using XDA App
I personaly am glad BT posted this here, I always find his instructions clear and concise, and I don't see how it's in anyone's way, you don't have to click on it. hopefully the remainder of this thread will deal with questions and issues regarding the matter at hand, the Android SDK I myself have it installed but probably not fully set up.... and this thread will help. thanks BT!
WolfKaBaL said:
I'm not trying to disrespect your efforts, and I do respect all the work you do on the roms and tools. But when it comes to stuff like this, I simply feel it's best left to the creators - eg: Google. Their repository of information is going to remain up-to-date and correct 99.9% of the time. Anything you post here will have to be continually updated as things change. Essentially you're fragmenting the information. That's the point of a central repository - to keep all the information together and current.
Also as far as the "making it easy" - and again, I mean no offence, but it is a lot easier to sort through and read the original documentation on Google's site simply because of formatting. [This is 100% a personal opinion though.]
In general though, if given the option to have to either link here to this post, or link back to Google and their posts, I'm pretty sure the better option is to link to the original content.
As for all the people dying and what-not.. not sure where you're getting at there, a little over-dramatic maybe? - All I'm doing is letting people know the content has been replicated - had you started off the post with a link to Google's documentation, and then continued with saying "to sum it all up, here's a quick reference" then everything is fine.
I'm not trying to troll or anything, but to a certain degree flooding the forums with redundant information becomes a waste of space, time, and effort (for the creator and the readers) - especially in the developer's section, as I think knowing of and how to use the SDK should be prerequisite for participation.
Click to expand...
Click to collapse
You're entire post is a matter of opinion ...what you find easier others may not ....that's like saying that if you had to choose between chicken or a hamburger for dinner, you'd go with hamburger so everyone should... Some people may just like chicken. But thanks for your OPINION.
BThomas22x said:
Never fails... I do something here to make it easier than linking to another site and there's always that one guy who just can't be happy for whatever reason... my apologies for doing this... please, let me know who it killed from my efforts to make it easier on you and ill send my respects. I didn't know it was going to kill someone.
Click to expand...
Click to collapse
his mommy didnt hug him enough
and thanks bt navigating said link was kinda of confusingly setup. much simpler and straight forward
Thanks for posting this here. I dl the sdk kit a few months ago and it was a bit confusing. The site gave me information overload and I just gave up. Now I think I will try it again (being a nurse I am no stranger to technology) as I would like to develop some apps for critical care nurses.
Edit: Subscribed
Sent from Bonsai v 5.0.3
Nice Job
Thanks for posting this guide it will help many people along the adb path.
WolfKaBaL said:
I'm not trying to disrespect your efforts, and I do respect all the work you do on the roms and tools. But when it comes to stuff like this, I simply feel it's best left to the creators
Click to expand...
Click to collapse
your opinion matters not. What's best for THIS community is that this dev (and a damn good one at that) has put together a concise and easy to follow guide. He's also here to answer questions and help those that don't quite know how to use the SDK... can u get that over on google's site ?
right.
dorkboy said:
- eg: Google. Their repository of information is going to remain up-to-date and correct 99.9% of the time. Anything you post here will have to be continually updated as things change. Essentially you're fragmenting the information. That's the point of a central repository - to keep all the information together and current.
Click to expand...
Click to collapse
pretty sure BThomas won't mind updating as necessary, and if not, anyone that gets through this guide can go find the updated information on their own.. so, the problem is ........ ??
right..
Also as far as the "making it easy" - and again, I mean no offence, but it is a lot easier to sort through and read the original documentation on Google's site simply because of formatting. [This is 100% a personal opinion though.]
Click to expand...
Click to collapse
u find sorting through information and digging for reference easier.. others find a step by step guide to be easier to navigate.. personally, a GPS navigation works similarly to a 'step by step' guide.. so this portion is trolling.
douchenozzle said:
In general though, if given the option to have to either link here to this post, or link back to Google and their posts, I'm pretty sure the better option is to link to the original content.
Click to expand...
Click to collapse
and you're the expert, right ??
platypus said:
As for all the people dying and what-not.. not sure where you're getting at there, a little over-dramatic maybe? - All I'm doing is letting people know the content has been replicated - had you started off the post with a link to Google's documentation, and then continued with saying "to sum it all up, here's a quick reference" then everything is fine.
Click to expand...
Click to collapse
I wasn't aware that BThomas needed your approval for posts, thanks for pointing that out
troller said:
I'm not trying to troll or anything, but to a certain degree flooding the forums with redundant information becomes a waste of space, time, and effort (for the creator and the readers) - especially in the developer's section, as I think knowing of and how to use the SDK should be prerequisite for participation.
Click to expand...
Click to collapse
if you feel SDK should be a pre-requisite for participation, then how would developers get started ?? There's a dev in each of us.. the problem is that most of us don't have a good starting point because often times it's overwhelming the way google has collected the info.
This guide is an AWESOME way for someone to begin as a dev and I thank BThomas a ton for the effort putting it together.
Sorry for the 'bashing' in my post, but this guy pissed me off.
[/pissed_off]
People don't come here just to be linked to other sites. The central repository for us, is HERE. Although reading the manual should be included, I'd much rather have real world knowledge from someone who knows what they're doing.
My opinion, of course
Sent from my SPH-D700 using XDA App

[Q] What does it take to find a root exploit?

Sorry if this is a common question, but I failed to find anything. Feel free to close this thread if I am asking something that has been asked multiple times.
I want to learn what to look for when trying to find root exploits. I just don't know where to begin. I thought a reasonable process would be to look at all of the old root exploits and see where they looked and get a rough idea of what to look for from those. The problem is all the root exploits come in a one click .exe or an .apk so it is impossible to learn from what they do. Does anyone have suggestions? And just for the record, I am not some young kid who has no experience or knowledge of linux, oo programming, scripting languages, assembly language, etc. I will be finishing up my final year of college and will be in need of a hobby when I graduate
I'd actually like to know about this too, or at least what could I do to help the expert developers obtain root on new devices. (I have a Droid 3) It'd be a learning experience - if only we knew where to start looking to learn how.
andmaf said:
Sorry if this is a common question, but I failed to find anything. Feel free to close this thread if I am asking something that has been asked multiple times.
I want to learn what to look for when trying to find root exploits. I just don't know where to begin. I thought a reasonable process would be to look at all of the old root exploits and see where they looked and get a rough idea of what to look for from those. The problem is all the root exploits come in a one click .exe or an .apk so it is impossible to learn from what they do. Does anyone have suggestions? And just for the record, I am not some young kid who has no experience or knowledge of linux, oo programming, scripting languages, assembly language, etc. I will be finishing up my final year of college and will be in need of a hobby when I graduate
Click to expand...
Click to collapse
A root exploit is usually found in a program that is pre-installed on the phone, and has write access to the usually read-only parts of the phone's memory. People mess around with these programs until they find a loophole that allows them to use the programs write access to write whatever they want to the phone.
One of the Evo 4G's root methods involved opening Flash Lite's settings page and running a script within it that gave you root access. (Source)
Those are the easier roots though. Found by pure luck, when someone says "Hey, what happens if I try and do X while the phone is doing Y?"
Some of them are more complicated. For example, the current Evo 3D root (My phone) was found by a team of professional developers who intentionally crashed the phones kernal, and found a bug in the kernal itself that allowed files to be pushed through it.
Brush up on how exploits are found and exploited in the desktop world - it's the same stuff for mobile. Usually called "privilege escalation".
Be warned, though, it is extremely tedious and difficult. It can be pretty dull.
It takes a lot of time, just like finding an exploit on a linux program. But it's too harder, since the great part of the OS is written in java
Thanks for the replies. I thought that it might be similar to privilege escalation on a linux box. I did not know that some of the exploits were found through programs that were already installed on the phone...that is very interesting.

Looking for the source

A couple of weeks ago I bought myself my first android device (a cheap LG GT540), and since then I've been playing a lot with it.
Noticed that android hackers community is quite big and there are lots of tools which can do kind of anything, but sadly I'm kind of disappointed because I'm having some issues in understanding HOW things work: in order to root my device, install custom ROMs, resize partitions and so on, I had to use a few tools that I have no idea of what they're doing.
To me it looks like that in this forums it's much easier to find a GUI that does everything you need, rather than understanding what needs to be done and how to do it. IMHO this is bad for a community of hackers.
In particular I'd like to understand how the following tools work (both for personal knowledge, and because some of these only work on windows, and I'd like to port it on Linux), and if available, I'd love to put my hands on their source code:
SwiftBootloaderBuilder: it's a tool used to resize flash partitions. I'm prone to think that it might just be a frontend for fastboot, but hum, the fastboot binary I own seems to be missing the capability of handling partitions...
KDZ: it's a tool to upgrade the firmware which I had to use in order to install on my device a custom ROM with fastboot enabled. How the heck does it work? This tool forced me to find and use a windows system to hack my GT540...
Android Developers is a great place to get started understanding how Android works. There you will find much of what you need to know to get a BASIC understanding of Android. If you follow the guides and advice you can create a basic apk that does little except teach you. CyanogenMod wiki is also a great place to learn. One thing about Android is that is is very much like Linux built for specific hardware. Many, and I do mean many, of the same principles apply to both systems. Digital signatures, ownership privileges, file permissions, compiling from source, git, gerrit, google code etc, are all things that a developer runs into everyday working with open source software of any kind. Go to every place I mentioned, sign up, and start asking more questions. Learn C++ and JAVA. Join freenode irc and find some friends who will answer questions while you learn. XDA is the least resource for the development community. XDA is the expression of ALL the other resources. I am new to this also, and have done what I suggest, except the programming languages, which I am working on. Use root explorer to look at your device file system. Ask the developers of the tools you mentioned to help you understand them. A LOT goes on behind the scenes, but it takes a little direction and determination. Cheers!

[Q] Noob trying to become a dev.

This thread may be pointless but I don't care. I can't find a straight general answer.
I am kind of new to Android modding but have ok skills with coding and decent skills with Linux (I know how to survive in a shell).
What are good code examples or what are the best methods(exploits) used to privilege escalate a shell?
Do I need to find a hole in the Linux kernel or try to hijack an active process running as root?
What is needed to crack the bootloader? I know I'm asking a lot and most of my terms used may be wrong but I find it hard to take that next step. Would I find answers by reading an Android developers book?
Please, where do I start???
There are many options in the development criteria, the two main consist of OS Development (Roms) and Application Development.
Judging by what you're stating, I think you're trying to work towards OS Development? Correct me if I'm wrong.
I know I'm being a bit cheap by not typing out everything needed, as I will have to put some time into that... But the official CyanogenMod wiki shows you how to set up a building environment on Mac, Windows and Linux.
From there they explain in detail on what shell commands you must use to run exploits and such. They also explain what specific components and files do and how you can modify and update them from what I have previously seen. The site also shows you how to build a ROM for your device itself, using the CyanogenMod source of course, the method applies to all source to be honest.
Here's a link to the website - http://wiki.cyanogenmod.org/w/Main_Page
If this wasn't what you were asking for let me know so I can explain furthermore.
Krish.
Sent from my Nexus 5 using Tapatalk

Categories

Resources