How to make root permanent on 6.0? - Verizon Galaxy S 5 Android Development

Steps necessary to permanently enable user root?
Let's say I have remote root access to my CID 11 G900V phone on the stock android 6.0.
What do I need to do to allow user to have root and persist through reboots/checks?
No promises yet,
only have uid=0(root) gid=0(root) context=u:r:init:s0
on the remote side accessing the phone.
R&D:
5.0 post-root performs:
Set permissive for init
Set permissive for init_shell
Set permissive for s_init_shell
type s_init_shell does not exist
Set permissive for kernel
Set permissive for shell
Set permissive for toolbox
type toolbox does not exist
Set permissive for toolbox_exec
type toolbox_exec does not exist
TOY

smokerbond said:
Steps necessary to permanently enable user root?
Let's say I have remote root access to my CID 11 G900V phone on the stock android 6.0.
What do I need to do to allow user to have root and persist through reboots/checks?
No promises yet,
only have uid=0(root) gid=0(root) context=u:r:init:s0
on the remote side accessing the phone.
Click to expand...
Click to collapse
There are essentially two ways: one requires modification of the kernel and one requires modification of the /system partition. Neither can work for Android 6.0 with a locked bootloader. The reason we don't have root available for 6.0 ROMs on locked bootloader phones is not because we can't get root, but because there is no way to keep it. Your method may still be helpful though to accomplish small tasks with temporary root.
Edit:
If you can manage to disable dm-verity like has been done in the link below, the /system partition can be modified and superSU/permanent root can be theoretically installed.
http://forum.xda-developers.com/lg-g5/how-to/guide-adb-root-rw-dm-verity-off-sprint-t3523499

Hariiiii said:
There are essentially two ways: one requires modification of the kernel and one requires modification of the /system partition. Neither can work for Android 6.0 with a locked bootloader. The reason we don't have root available for 6.0 ROMs on locked bootloader phones is not because we can't get root, but because there is no way to keep it. Your method may still be helpful though to accomplish small tasks with temporary root.
Edit:
If you can manage to disable dm-verity like has been done in the link below, the /system partition can be modified and superSU/permanent root can be theoretically installed.
http://forum.xda-developers.com/lg-g5/how-to/guide-adb-root-rw-dm-verity-off-sprint-t3523499
Click to expand...
Click to collapse
Interesting, thanks for the info.
Still working on disabling SELinux right now.
I understand why the kernel cannot be modified (the bootloader checking for specific kernel) but why can I not change /system?

smokerbond said:
Interesting, thanks for the info.
Still working on disabling SELinux right now.
I understand why the kernel cannot be modified (the bootloader checking for specific kernel) but why can I not change /system?
Click to expand...
Click to collapse
Dm-Verity. I believe it works through the kernel checking several key directories including /system for any modifications on boot.

Related

Help with SELinux - rooting a new device

Evening all,
I have a Vivo V3 Max (www.vivoglobal.com) which runs Android 5.0.1 (no Marshmallow ROM yet!). It has never been able to be rooted and I am on a mission to do it.
The progress I've made so far is as follows:
1. Got a custom TWRP recovery image flashed and working on the phone so I can boot into recovery. This recovery has full root access to everything.
2. Modified the boot image so that ADB runs as root (insecure mode). This allows me to have a full root shell via ADB when the phone has fully booted as normal. Also modified the fstab to make /system world writable.
3. Installed various "recovery flashable ZIPs" to no avail - it puts all the files (su in /system/xbin etc) in the right place but still no root access.
4. Manually created the required files and symlinks myself, which resulted in the same as 3) above.
I am now at the stage where I realise that it's SELinux not allowing the full root to go through in normal userspace. I can run setenforce 0 (and also su 0 setenforce 0) via ADB to make SELinux permissive, but still I get "/system/bin/sh: su: Operation not permitted" when running SU from a Terminal Emulator app.
Is there anyone out there who can help me with the SELinux side of things to allow /system/xbin/su to run? Also tried systemless with Magisk but same result. Vivo do not release kernel sources for any of their products so I'm stuck with what I have. I do at least have read/write access to all partitions on the device though, so if theres any modifications I can make then I'm happy to try them. I have a full NAND backup of the entire thing.
I have tried using supolicy etc to inject rules, but I'm not really sure what I should be injecting.
Any seasoned developers willing to help me out? My background is in PHP, C#, VB.NET and Windows Servers but I'm OK with Linux too.
Many thanks!
I have attached the output on supolicy --dumpav in case it is useful.
Just a quick update on this... I managed to find a ROM for a very similar device hardware-wise, which was pre rooted. After tweaking the boot image to allow it to run on my device, I could see that /system/xbin/su still had no permission to run. This was despite the fact that the security policies from the other device was copied directly to mine, and on that other device full root access is possible using the exact same ROM that I ported.
I am therefore left with the conclusion that it doesn't matter how many rules I inject to sepolicy or how many domains I modify, the kernel is the limiting factor here. Since Vivo do not release the kernel sources for any of their devices I guess I'm screwed. Would this be against the GPL and is something I can take up with Vivo? I'm gutted...

Root any device just using ADB Shell.

In this post, I'm not telling any tricks or methods. I am just providing my thoughts and possibilities. Recently I was trying to root my phone and I did a little bit of research on it. By the way, note one thing here that my phone is part of the Android One project and made by Xiaomi, so it's much harder to root than any other phone. If you have also tried to root your phone, then you might have also heard these words... (Magisk manager, Superuser, Busybox, SU Binary, TWRP Custom recovery, root file, System file, Custom Rom), etc. In this thread, if I am right you can root your phone just by using ADB Shell. Rooting your phone means...
Rooting (Android)
From Wikipedia, the free encyclopedia
Rooting is the process of allowing users of smartphones, tablets, and other devices running the Android mobile operating system to attain privileged control (known as root access) over various Android subsystems. As Android uses the Linux kernel, rooting an Android device gives similar access to administrative (superuser) permissions as on Linux or any other Unix-like operating system such as FreeBSD or macOS.
Rooting is often performed with the goal of overcoming limitations that carriers and hardware manufacturers put on some devices. Thus, rooting gives the ability (or permission) to alter or replace system applications and settings, run specialized applications ("apps") that require administrator-level permissions, or perform other operations that are otherwise inaccessible to a normal Android user. On Android, rooting can also facilitate the complete removal and replacement of the device's operating system, usually with a more recent release of its current operating system.
Root access is sometimes compared to jailbreaking devices running the Apple iOS operating system. However, these are different concepts: Jailbreaking is the bypass of several types of Apple prohibitions for the end-user, including modifying the operating system (enforced by a "locked bootloader"), installing non-officially approved (not available on the App Store) applications via sideloading, and granting the user elevated administration-level privileges (rooting). Many vendors such as HTC, Sony, LG, Asus, and Google explicitly provide the ability to unlock devices and even replace the operating system entirely. Similarly, the ability to sideload applications is typically permissible on Android devices without root permissions. Thus, it is primarily the third aspect of iOS jailbreaking (giving users administrative privileges) that most directly correlates to Android rooting.
Rooting is distinct from SIM unlocking and bootloader unlocking. The former allows removing the SIM lock on a phone, while the latter allows rewriting the phone's boot partition (for example, to install or replace the operating system).
Source: Wikipedia
So, as much as I've noticed (I could be wrong) mainly all rooting processes does one of those two things,
1. Edits your boot.img
or
2. Adds a SU binary file to your system & more specifically to your system/bin file.
So if that's true and every Android phone or at least the same brands or same models or at least same Android versions or maybe all of them requires the exact same SU binary file(Superuser binary file). Now, if you don't want to change your boot.img there is only one is remaining and that is adding the SU binary file. Now you might ask how to do that...
Just use your ADB shell to give writing system files permission to your file manager. And then put the SU file to your system.
So, that's all I was just trying to say. Now if I am right please let me know and thanks for reading until now. And also if I am right, please someone provide me the SU binary file of Xiaomi MI A3, code name: laurel_sprout . Thank you once again, All developers, take care of your health. For further inquiries and helping me out, message me on XDA personally.
Writer: Samiullah Ridoy.
Samiullah Ridoy said:
...
Just use your ADB shell to give writing system files permission to your file manager. And then put the SU file to your system.
...
Click to expand...
Click to collapse
Absolutely errleading ( i.e. wrong ) statement:
1. To mount Android's partition /system as RW - so you can copy SU-binary onto it - you need superuser ( SU ) rights.
2. Modern Android versions have SELinux enabled, and most also DM-verity and/or AVB. These safety-features lock the /system partition to get tampered, what at least with regards to SELinux and/or DM-verity only can be disabled by superuser ( SU ).
3. With regards to AVB one has to unlock device's bootloader, too, in order to disable this lock.
@Samiullah Ridoy
As above post said,
-You can't simply give writing system files permission.
-Only emulators have that ability(since they are not production builds)
Here is your device specific guide at Mi A3 forum https://forum.xda-developers.com/t/...-root-mi-a3-with-magisk-without-twrp.3958509/
Rooting your device is same as any other device if we use Magisk rooting method. It does not take additional steps to root your specific device.
Thanks
You need to disable DM-verity.
You can do it from ADB. You need to modify Stock boot image file. Patch it and disable DM-Verity.
HemanthJabalpuri said:
@Samiullah Ridoy
As above post said,
-You can't simply give writing system files permission.
-Only emulators have that ability(since they are not production builds)
Here is your device specific guide at Mi A3 forum https://forum.xda-developers.com/t/...-root-mi-a3-with-magisk-without-twrp.3958509/
Rooting your device is same as any other device if we use Magisk rooting method. It does not take additional steps to root your specific device.
Thanks
Click to expand...
Click to collapse
I have already seen that post & I don't want to do it that way. You said, " You can't simply give writing system files permission. ", I've already mentioned but saying it once again that I could be wrong but we can give writing system files permission by using these code...
Code:
adb shell pm grant [package name] android.permission.WRITE_SETTINGS
adb shell pm grant [package name] android.permission.ACCESS_MEDIA_LOCATION
adb shell pm grant [package name] android.permission.WRITE_INTERNAL_STORAGE
Tell me if I am wrong & thanks for your compliment.
Samiullah Ridoy said:
I have already seen that post & I don't want to do it that way. You said, " You can't simply give writing system files permission. ", I've already mentioned but saying it once again that I could be wrong but we can give writing system files permission by using these code...
Code:
adb shell pm grant [package name] android.permission.WRITE_SETTINGS
adb shell pm grant [package name] android.permission.ACCESS_MEDIA_LOCATION
adb shell pm grant [package name] android.permission.WRITE_INTERNAL_STORAGE
Tell me if I am wrong & thanks for your compliment.
Click to expand...
Click to collapse
I didn't tried those but I am sure those are NOT for writing read-only partitions.
Those are for accessing internal storage and changing settings like brightness I think.
jwoegerbauer said:
Absolutely errleading ( i.e. wrong ) statement:
1. To mount Android's partition /system as RW - so you can copy SU-binary onto it - you need superuser ( SU ) rights.
2. Modern Android versions have SELinux enabled, and most also DM-verity and/or AVB. These safety-features lock the /system partition to get tampered, what at least with regards to SELinux and/or DM-verity only can be disabled by superuser ( SU ).
3. With regards to AVB one has to unlock device's bootloader, too, in order to disable this lock.
Click to expand...
Click to collapse
Absolutely correct.
It seems to me OP has never tried this, simply has copied from other sources. That is why the nonsense.

Questions about rooting without unlocking bootloader?

Phone is Samsung A50 (A505F), Android 11,
1) As title.. how do you do that? I will keep stock ROM.
Only want to root to debloat, and add other apps that require root.
2) Also if you use kingroot, does it unlock the bootloader?
3) If you relock a bootloader does it remove root?
Will relocking erase user data?
Thank you
Generally speaking - with regards to this thread's title:
Rooting phone's Android works without unlocking it's bootloader. Rooting Android simply is adding an user called "superuser ( AKA root )" to Android.
Reason why people unlock bootloader is to be able to flash custom ROMS.
rossrosh007 said:
1) As title.. how do you do that?
2) Also if you use kingroot, does it unlock the bootloader?
Is the kingroot app required to be installed at all times to keep root?
3) If you relock a bootloader does it remove root?
Will relocking erase user data?
Phone is Samsung A50 (A505F)
Thank you
Click to expand...
Click to collapse
Rooting without unlocking bootloader only works on
4.2 jellybean
4.4 KitKat
5.0 lollipop
5.1.1. lollipop
All of the other version of android will not work because in android 6 marshmallow google patched root without unlocking bootloader so this means if u are on Android 6 marshmallow it will not work also if u are on Android 6 marshmallow and higher don't brother with kingroot or all of that one click root because that will not work I would recommend magisk to root your phone
@rossrosh007
Hint: Add Samsung A50 (A505F) to this thread's title thus mainly owners of such a device get addressed.
Austinredstoner said:
Rooting without unlocking bootloader only works on
4.2 jellybean
4.4 KitKat
5.0 lollipop
5.1.1. lollipop
All of the other version of android will not work because in android 6 marshmallow google patched root without unlocking bootloader so this means if u are on Android 6 marshmallow it will not work also if u are on Android 6 marshmallow and higher don't brother with kingroot or all of that one click root because that will not work I would recommend magisk to root your phone
Click to expand...
Click to collapse
I'm on Android 11.
Ok, so I have to patch boot.img with magisk or magisk manager (I don't know the difference)? On GitHub the latest version is just magisk v22.
So to use magisk unlocking bootloader is required... I'll be keeping stock ROM. So will I be able to relock bootloader after patching and rooting?
jwoegerbauer said:
Generally speaking - with regards to this thread's title:
Rooting phone's Android works without unlocking it's bootloader. Rooting Android simply is adding an user called "superuser ( AKA root )" to Android.
Reason why people unlock bootloader is to be able to flash custom ROMS.
Click to expand...
Click to collapse
I'm on Android 11, and I'll keep stock Rom.
How can I flash SuperSU without custom recovery or unlocking bootloader?
If I have to unlock bootloader, can I relock it after flashing SuperSU?
rossrosh007 said:
I'm on Android 11, and I'll keep stock Rom.
How can I flash SuperSU without custom recovery or unlocking bootloader?
If I have to unlock bootloader, can I relock it after flashing SuperSU?
Click to expand...
Click to collapse
Don't confuse SuperSU ( what is an application which lets you manage root permissions for apps which require root access) and SU ( AKA superuser and/or root ): Totally different things.
SuperSU app relies on presence of SU applet.
Installing SU applet doesn't require phone's bootloader gets unlocked, but it's required Android's DM-VERITY feature permanently gets disabled before, this because content of /system partition gets altered.
Look also inside here:
SuperSU: Installation Guide (Rooted and Unrooted Devices)
There are two ways to install SuperSU. If you have a Rooted Device then you can simply download this APK file and install it on your device. For unrooted de
www.squto.com
jwoegerbauer said:
Don't confuse SuperSU ( what is an application which lets you manage root permissions for apps which require root access) and SU ( AKA superuser and/or root ): Totally different things.
SuperSU app relies on presence of SU applet.
Installing SU applet doesn't require phone's bootloader gets unlocked, but it's required Android's DM-VERITY feature permanently gets disabled before, this because content of /system partition gets altered.
Look also inside here:
SuperSU: Installation Guide (Rooted and Unrooted Devices)
There are two ways to install SuperSU. If you have a Rooted Device then you can simply download this APK file and install it on your device. For unrooted de
www.squto.com
Click to expand...
Click to collapse
Ok. SuperSU app is the permission manager.
How do I go about implementing superuser without unlocking bootloader on Android 11?
Unlocking BL is required when using magisk. I'll be keeping stock ROM, so will I be able to relock BL after patching boot.img with magisk? Will root/superuser stay if I relock BL?
Some threads say the magisk patched boot.img is considered tampered and the DM-verity will cause issues when relocking BL. Unless you sign it... Is that true? (Different users saying true and false, so I don't know what is what)
1. You install matching SU applet by means of ADB. The SU applet can get fetched from here
LineageOS Downloads
download.lineageos.org
2. Can't tell you what is right or wrong: never made use of Magisk or TWRP.
jwoegerbauer said:
1. You install matching SU applet by means of ADB. The SU applet can get fetched from here
LineageOS Downloads
download.lineageos.org
2. Can't tell you what is right or wrong: never made use of Magisk or TWRP.
Click to expand...
Click to collapse
Fair enough on point 2
The SU from LineageOS not a problem to use on Samsung stock Rom? I mean that SU applet not developed to be compatible with LineageOS only or something?
Any instruction on how to apply this SU applet will be useful. (I'm searching through the forum as well)
Only to clarify things:
SU is a Linux command, Android is based on Linux kernel, hence SU applet compiled for mobile's CPU architecture always works, regardless of mobile's brand / model / Android release.
As I already mentioned here, you can install SU by means of a ADB command-sequence which typically looks like this
Code:
adb disable-verity
adb reboot
adb shell "mount -t auto -o rw,remount /system"
adb push <SU-BINARY-LOCATION-ON-PC-HERE> /system/bin
adb shell "chown root:root /system/bin/su"
adb shell "chmod 06755 /system/bin/su"
adb shell "chcon '/system/bin/su' u:object_r:su_exec:s0"
jwoegerbauer said:
Only to clarify things:
SU is a Linux command, Android is based on Linux kernel, hence SU applet compiled for mobile's CPU architecture always works, regardless of mobile's brand / model / Android release.
As I already mentioned here, you can install SU by means of a ADB command-sequence which typically looks like this
Code:
adb disable-verity
adb reboot
adb shell "mount -t auto -o rw,remount /system"
adb push <SU-BINARY-LOCATION-ON-PC-HERE> /system/bin
adb shell "chown root:root /system/bin/su"
adb shell "chmod 06755 /system/bin/su"
adb shell "chcon '/system/bin/su' u:object_r:su_exec:s0"
Click to expand...
Click to collapse
True, it's all Linux based, but thought the directories might be different manufacturer to manufacturer. With the verify functions and all... Didn't want to modify a wrong directory and get bricked.
Nice, thanks for the help and ADB commands. Also just came across LADB (on-phone ADB shell), will give it a go on that.
Will update back.
Austinredstoner said:
Rooting without unlocking bootloader only works on
4.2 jellybean
4.4 KitKat
5.0 lollipop
5.1.1. lollipop
All of the other version of android will not work because in android 6 marshmallow google patched root without unlocking bootloader so this means if u are on Android 6 marshmallow it will not work also if u are on Android 6 marshmallow and higher don't brother with kingroot or all of that one click root because that will not work I would recommend magisk to root your phone
Click to expand...
Click to collapse
rossrosh007 said:
I'm on Android 11.
Ok, so I have to patch boot.img with magisk or magisk manager (I don't know the difference)? On GitHub the latest version is just magisk v22.
So to use magisk unlocking bootloader is required... I'll be keeping stock ROM. So will I be able to relock bootloader after patching and rooting?
Click to expand...
Click to collapse
Hope you can give me some insight on this. Would be good to learn.
jwoegerbauer said:
Only to clarify things:
SU is a Linux command, Android is based on Linux kernel, hence SU applet compiled for mobile's CPU architecture always works, regardless of mobile's brand / model / Android release.
As I already mentioned here, you can install SU by means of a ADB command-sequence which typically looks like this
Code:
adb disable-verity
adb reboot
adb shell "mount -t auto -o rw,remount /system"
adb push <SU-BINARY-LOCATION-ON-PC-HERE> /system/bin
adb shell "chown root:root /system/bin/su"
adb shell "chmod 06755 /system/bin/su"
adb shell "chcon '/system/bin/su' u:object_r:su_exec:s0"
Click to expand...
Click to collapse
Can I install supersu.apk (root access manager) after this?
If I need to revert things back to how they were (unroot, enable dm-verity) ... How do I do that?
rossrosh007 said:
Can I install supersu.apk (root access manager) after this?
Click to expand...
Click to collapse
SuperSU APK is just like any other Android application. It only will properly work if SU is runing as Android service, means gets started at Android's boot up
Code:
# su daemon
service su_daemon /system/bin/su --daemon
seclabel u:r:sudaemon:s0
oneshot
on property:persist.sys.root_access=1
start su_daemon
what requires Android's boot file init.rc must got patched accordingly.
frequently conversing - with thoughts to this thread's headline:
I am rooting the phone's Android products externally, unfastening its bootloader. Rooting Android only is combining a user-designated "superuser ( AKA motive )" toward Android.
Special purpose how? Somebody unlock bootloaders is to be capable of flashing system ROMS.
jwoegerbauer said:
Only to clarify things:
SU is a Linux command, Android is based on Linux kernel, hence SU applet compiled for mobile's CPU architecture always works, regardless of mobile's brand / model / Android release.
As I already mentioned here, you can install SU by means of a ADB command-sequence which typically looks like this
Code:
adb disable-verity
adb reboot
adb shell "mount -t auto -o rw,remount /system"
adb push <SU-BINARY-LOCATION-ON-PC-HERE> /system/bin
adb shell "chown root:root /system/bin/su"
adb shell "chmod 06755 /system/bin/su"
adb shell "chcon '/system/bin/su' u:object_r:su_exec:s0"
Click to expand...
Click to collapse
I've just found this thread and wanted to understand something. Does adb disable-verity work without unlocking bootloader?
Do you mean that if you install su on the system via adb on the above sequence then the system is essentially rooted no matter whether you unlock the bootloader or not?
Earlier it was mentioned that you need to run a service in order for the superuser apps to work and this requires the boot.img to be modified and this needs the bootloader to be unlocked. Will superuser apps like superuser apk work just with su on the system?
I mean can I just soft start the daemon with a terminal app without adding it as a startup service?
Again: Rooting Android is adding an user named SUPERUSER to Android OS - not to get confused with Android's default user named root - an user who has elevated rights ( comparable to Administrator in Windows OS ).
The SuperSU app what you're referring to is a manager app that runs a database where apps which request superuser right are stored.
The SuperSu service ( read: sudaemond ) is a complete other thing, it serves another purpose: it's needed to have SuperSU app working.
It's not possible to add any binary or user or rooting app without unlocking your bootloader. All partitions except /data are not writable.
More nonsense is hardly possible.

I want a complete guide on how to install android 10 on TB-X304L. OEM unlocking is greyed out and it shows an error if I try a method given by @hk96

The problem I have is that the 'enable OEM unlocking' option is greyed out on my tablet. I've tried this method but I keep getting this error. I didn't find anything helpful on the internet. Please help me if you can.
Look inside system file build.prop for entry
Code:
ro.oem_unlock_supported
If it's value is 0 then unlocking bootloader isnt supported.
If Android is rooted then you can try to change this entry to
Code:
ro.oem_unlock_supported=1
More info here:
Locking/Unlocking the Bootloader | Android Open Source Project
source.android.com
jwoegerbauer said:
Look inside system file build.prop for entry
Code:
ro.oem_unlock_supported
If it's value is 0 then unlocking bootloader isnt supported.
If Android is rooted then you can try to change this entry to
Code:
ro.oem_unlock_supported=1
More info here:
Locking/Unlocking the Bootloader | Android Open Source Project
source.android.com
Click to expand...
Click to collapse
Well I am unable to root with those 1 click rooting apps. Is there any other way to root it? The PC way is not gonna work because it needs twrp and twrp requires me to unlock OEM
To root a device's Android TWRP isn't needed at all: Rooting is the act of unlocking the Android OS to gain complete control over the device through which you can access hidden files, change the ROM or install certain special apps. Rooting Android OS simply means to add Superuser functionality to it.
Here is what you have to do to root your device's Android: Replace Android's Toybox binary - what is a restricted version by default - by unrestricted Toybox v0.8.5. This can get achieved by means of ADB.
jwoegerbauer said:
To root a device's Android TWRP isn't needed at all: Rooting is the act of unlocking the Android OS to gain complete control over the device through which you can access hidden files, change the ROM or install certain special apps. Rooting Android OS simply means to add Superuser functionality to it.
Here is what you have to do to root your device's Android: Replace Android's Toybox binary - what is a restricted version by default - by unrestricted Toybox v0.8.5. This can get achieved by means of ADB.
Click to expand...
Click to collapse
I am not a developer and new to all these things. I would appreciate if you could provide any video or article on how to do it. Thanks in advance!!
Shutupboomer said:
I am not a developer and new to all these things. I would appreciate if you could provide any video or article on how to do it. Thanks in advance!!
Click to expand...
Click to collapse
I was able to find this method of rooting through adb:https://forum.xda-developers.com/t/universal-guide-root-any-android-device-manually.2684210/
try it out and please reply if this method worked for you as i also want to try.
update: the rooting manually method didnt work. however, i found another way to get temporary root access on the lenovo tab 4 10. the lenovo tab 4 10 uses kernel version 3.18.71 which can be exploited by cve-2019-2215. download the zip i have attached and then copy the su98-memory-kallsyms file without the extention to /data/local/tmp if you want to do it through adb or to the /data/data/_________ folder where _______ is the terminal emulator you want to use with it and chmod it. then you can just do ./su98-memory-kallsyms and it will give you a root shell.
there is even an app included that does this and provides root access to all the apps. you can however whitelist some apps by puting them in the /data/local/tmp/su98-whitelist.txt. and the apps which werent allowed root access will be automatically put in the su98-denied.txt from where you can put them in the whitelist.
WARNING: this version of su98 was not specifically compiled for lenovo tab 4 10 and is a bit unstable. sometimes when performing a root task, it will freeze your tablet and you will need to restart. this is particularly annoying for me as my powr button is broken and i need to remove and reconnect the battery every time.

How do I temporarily root a samsung device running android 9 without twrp recovery?

I have used magisk to patch the file and android platform tools (fastboot or stuff like that) but it does not work. I dont want to install twrp as i dont really trust custom recoveries as much and i dont want to use odin for the same reason. Is this impossible or is there a way but i am just doing it incorrectly. Please reply asap!
Never installed Magisk nor TWRP, why should I have done it?
To answer your question: A temporary root can get achieved by putting a suitable su into directory /data/local/tmp and making it executable.
https://forum.xda-developers.com/attachments/su-binaries-zip.5566949/
xXx yYy said:
Never installed Magisk nor TWRP, why should I have done it?
To answer your question: A temporary root can get achieved by putting a suitable su into directory /data/local/tmp and making it executable.
https://forum.xda-developers.com/attachments/su-binaries-zip.5566949/
Click to expand...
Click to collapse
The data partition is not accessible without having root first. How are they to place su in data partition to gain temp root without first gaining root to place su in data partition? How can they root the device by using a method that requires root in the first place to achieve what you are telling them?
I think the code
Code:
adb push <PATH-TO-SU-ON-PC> /data/local/tmp
always works , because this path ( /data/local/tmp ) is always present and writable on Android dev device and Emulator.
At least it always worked for me since I'm rooting Android this way.
xXx yYy said:
I think the code
Code:
adb push <PATH-TO-SU-ON-PC> /data/local/tmp
always works , because this path ( /data/local/tmp ) is always present and writable on Android dev device and Emulator.
At least it always worked for me since I'm rooting Android this way.
Click to expand...
Click to collapse
do i unroot my device by rebooting it?
p.s. will doing this solution create a possibility of bricking my device?
Technically seen you can't root / unroot a device, but only Android OS.
As with Android OS root ( sometimes called superuser ) is the same as Administrator with Windows OS. Simply adding an user with elevated privileges never will brick an Android device.
Become familiar what root is the world of Linux OS - take note that Android OS merely is a port of it.
xXx yYy said:
Technically seen you can't root / unroot a device, but only Android OS.
As with Android OS root ( sometimes called superuser ) is the same as Administrator with Windows OS. Simply adding an user with elevated privileges never will brick an Android device.
Become familiar what root is the world of Linux OS - take note that Android OS merely is a port of it.
Click to expand...
Click to collapse
so running that command will give me legit root privileges and i can do the things an admin can do without any malware or damage?
Droidriven said:
The data partition is not accessible without having root first. How are they to place su in data partition to gain temp root without first gaining root to place su in data partition? How can they root the device by using a method that requires root in the first place to achieve what you are telling them?
Click to expand...
Click to collapse
so should i really use magisk to root my device?
moutsu said:
so should i really use magisk to root my device?
Click to expand...
Click to collapse
No, try what was suggested by placing su in the data/local/tmp. If that doesn't work, try using magisk to root your device.
xXx yYy said:
I think the code
Code:
adb push <PATH-TO-SU-ON-PC> /data/local/tmp
always works , because this path ( /data/local/tmp ) is always present and writable on Android dev device and Emulator.
At least it always worked for me since I'm rooting Android this way.
Click to expand...
Click to collapse
I've never seen a device rooted by such simple means, in my experience, it has always required root to even access data partition, especially if trying to push/pull files to/from data via adb.
I mean, if it were really that easy, why would all these rooting tools snd methods that exist on XDA have ever been needed to be created?
What devices have you rooted using this method? Can you provide information that explains and confirms what you say?
Hmmmm...
Short checked on my SM-R860 Android 11...
Code:
freshbs:/ $ cd /data/local/tmp
freshbs:/data/local/tmp $ ls
freshbs:/data/local/tmp $ ls -a1l
total 6
drwxrwx--x 2 shell shell 3452 2022-03-25 01:20 .
drwxr-x--x 4 root root 3452 2022-03-25 01:20 ..
Need more time or drinks to place something here...
Waiting for other results...
Best Regards
@Droidriven
Fellow member @adfree has proven that even with Android 11 directory /data/local/tmp worlwide exists and is writeable.
Sometimes it really makes sense to understand what OP wants to achieve: He just wants to know how Android can be temporarily rooted.
xXx yYy said:
@Droidriven
Fellow member @adfree has proven that even with Android 11 directory /data/local/tmp worlwide exists and is writeable.
Sometimes it really makes sense to understand what OP wants to achieve: He just wants to know how Android can be temporarily rooted.
Click to expand...
Click to collapse
I do need to know how an android can be temporarily rooted so I can give certain apps on my phone root access to recover some stuff I accidentally deleted. However, I do need a bit of clarification on what su file I need to put into the directory as the filed you linked was a zip file.
I would also like a method on how to unroot my device.
Dear moutsu...
IMHO instead blabla... IMHO it makes sense to start from scratch with FULL infos.
I can see only bla bla Samsung Device...
Please give full details...
A
Model Name...
Example:
SM-G920F is Android 7 for instance...
B
Is Phone alive... then give full details about Firmware Version.
Easiest way for most infos...
Type:
*#1234#
Type or make Photo or Screenshot...
Best Regards
@xXx yYy
Thank you very much. But...
I clicked through your profile and find some more puzzle parts of your idea...
Learning to root my old Galaxy S4
I have an old Samsung Galaxy S4. It's been off the network for a while and its system clock has drifted. However, adb works and I can use the old phone as a sandbox environment to learn about low level Android fundamentals. I would like to learn...
forum.xda-developers.com
After this I was drunken enough to try few things with my SM-R860...
WITHOUT success...
Later I will add my ADB output... for better understanding...
IMHO I am not total Noob in Rooting something...
Also I have "some" experiences in recover halfdead devices to backup beloved data...
I am sure you have forgotten about Samsung additional Security check... like Knox crap etc...
So my conclusion...
Your method is good to know...
But chance for success in "newer" Samsung devices is not 100 %...
Maybe you can give Samsung model name... where this work?
I could check SM-G920F with Android 7 just for fun... if I have time...
Thanx in advance.
Best Regards
regardless it is writeable to adb shell only (uid 2000), chown is forbidden anyway. even if you set SUID bit that wouldn't make much sense in /data/local/tmp
furthermore, even if you could place su binary in /system (which requires unlocked bootloader + dm-verity patch) it still requires privileged daemon in background where su want connect apps (but not exist).
so this method never worked, except for some ancient android devices where remount /system was possible from adb root.
and we haven't spoke about selinux, yet
Magisk does all this, but requires* unlocked bootloader - which triggers factory reset. So unless you have some nice exploit like dirty-cow or mtk-su, temporary root is simply impossible.
edit: TWRP is not able to decrypt samsung encryption btw. So if you want have access to userdata partition on locked bootloader the only way would be (samsung signed) so called "combination ROM" (with same bootloader level) to be flashed from Odin via HOME_CSC or heimdall.
if your device is ancient old you might lucky bootloader is unlocked, userdata partition is not encrypted at all, and ROM is just signed with test keys. in that case you can flash anything on recovery partition. philz touch recovery even provided flashable zips that signed with test keys, these zips can be flashed straight from stock recovery without PC. I remember temporary zips exist, that only boot into custom recovery without actually installing it.
edit2: *except some Mediatek devices with AVBv1 where one can flash magisk patched boot.img on locked bootloader
My last 2 cents here ( I no longer participate this thread ):
The su ( read: switchuser ) command is used to run an Android system function as a different user. It is the easiest way to switch or change to the administrative account ( read: superuser ) in the current logged in session.
Most versions of Android disable the superuser ( mostly mistakenly called root user - take note that root user in Android is the user with ID 0 who is by default present on all Android versions, is the user of session when Android gets started ) account by default making the system more secure. But, this also restricts the Android user from running specific system related commands.
Using su to temporarily act as a superuser allows you to bypass this restriction and perform system related tasks with different users.
The synthax of su command is
Code:
su [options] [username [[arguments]]
If a username isn't specified, su defaults to the superuser. Now, the logged-in user can run all system commands. This will also change the home directory and path to executable files.
If the su is used to temporarily act the logged-in user as superuser then the su binary can be located anywhere in Android's filesystem, e.g. /data/local/tmp, /storage/emulated/0, etc.pp, it must not be located in Android's system partition.
xXx yYy said:
My last 2 cents here ( I no longer participate this thread ):
Click to expand...
Click to collapse
yes, that's maybe better. teach yourself about android first. android is not linux
What special privileges "/system/xbin/su" does have w.r.t. root access?
This answer says: Because of the way directory/file permissions are configured on Android, you need to have the su binary on your /system partition in order for it to work. Putting elsewhere...
android.stackexchange.com
what is your current bootloader level? combination ROM is available (haven't checked these download links)
https://www.samsungfirmwares.info/samsung-sm-j415gn-combination-firmware-file-rom
my expectation ro.debuggable=1 is enabled
adb root will work on eng build
aIecxs said:
yes, that's maybe better. teach yourself about android first. android is not linux
What special privileges "/system/xbin/su" does have w.r.t. root access?
This answer says: Because of the way directory/file permissions are configured on Android, you need to have the su binary on your /system partition in order for it to work. Putting elsewhere...
android.stackexchange.com
Click to expand...
Click to collapse
Yeah, I get where they were coming from but.....
Nah. It just doesn't work that way for everybody. Like all things android, it really just depends on what device you have and how crappy its hardware/software and security is. Lower end/cheap and old stuff doesn't have as much time invested in making them secure to save on development and distribution costs.
Unfortunately, Samsung just isn't one of those brands that are easily rooted these days, unless you buy specific models with specific firmware/binary combinations.

Categories

Resources