Related
Thats the problem...Android Device Manager is useless cuz there is already a pattern...I tried almost 100 times and there is no "forgot your password?" option...I need at least do a copy of my pictures.
Is there any solution to this? I feel like a real idiot...I was trying a different pattern and I forgot It...I cant believe it...
I think there's a file not sure if it is directly under /data/system or one of it's sub directories, but basically what I did was to boot to TWRP , use the built it file manager and delete that file. I could then access my phone. I will search maybe I kept the file name somewhere.
EDIT:
Just remove this file /data/system/gesture.key
and reboot.
wizardwiz said:
I think there's a file not sure if it is directly under /data/system or one of it's sub directories, but basically what I did was to boot to TWRP , use the built it file manager and delete that file. I could then access my phone. I will search maybe I kept the file name somewhere.
EDIT:
Just remove this file /data/system/gesture.key
and reboot.
Click to expand...
Click to collapse
How I do that? my phone is not rooted, the bootloader is locked and debugging mode is off :S
Jerber said:
How I do that? my phone is not rooted, the bootloader is locked and debugging mode is off :S
Click to expand...
Click to collapse
That could be a problem. I think that it might be done using adb but not sure if it can be done without root/bootloader secured
If cracking an Android device were as easy as deleting a file then I doubt that there's much value in any security on a device at all, no?
Surely this has to be a reinstall of the ROM...? Maybe with no-wipe to preserve the data?
Genuine question - I don't know for sure.
dahawthorne said:
If cracking an Android device were as easy as deleting a file then I doubt that there's much value in any security on a device at all, no?
Surely this has to be a reinstall of the ROM...? Maybe with no-wipe to preserve the data?
Genuine question - I don't know for sure.
Click to expand...
Click to collapse
Testing it would be really easy. just set a pattern and then delete that file.
Lets us know is it is that easy to hack it or not.
Since obviously you know better, share your findings with us.
dahawthorne said:
If cracking an Android device were as easy as deleting a file then I doubt that there's much value in any security on a device at all, no?
Surely this has to be a reinstall of the ROM...? Maybe with no-wipe to preserve the data?
Genuine question - I don't know for sure.
Click to expand...
Click to collapse
The phone has to have an unlocked bootloader and twrp installed, so you already compromised its security yourself. You could relock the bootloader, flash a stock recovery and encrypt the phone, that would solve the issue.
"Since obviously you know better, share your findings with us."
Look, guy, just because you're a senior member there's no need to be offensively sarcastic.
Maybe you didn't get as far as my last comment: "Genuine question - I don't know for sure."
dahawthorne said:
"Since obviously you know better, share your findings with us."
Look, guy, just because you're a senior member there's no need to be offensively sarcastic.
Maybe you didn't get as far as my last comment: "Genuine question - I don't know for sure."
Click to expand...
Click to collapse
Not being Sarcastic at all. Making a point. If you got offended, sorry about that.
I posted what I have , after testing it myself. Had the same issue on Lollipop.
Further more, I will share another piece of Info in here.
When You are able to access any Solaris/Linux server using a console , and boot it from DVD, you can simply edit the /etc/shadow file and reset even the root password. Does that mean Unix/Linux aren't secure OS's ?
When you have access to OS level files you can practically hack every OS.
Same goes here. When you have unlock bootloader and modified recovery you can access system files that otherwise would be inaccessible. if he can have access to that file and remove it, he will gain access to his system.
Well, I tried everything that I could because my phone is no rooted, and the bootloader is locked, plus, the debugging mode is off too... so I was close to give up, BUT finally I remembered that my phone was connected to Airdroid!; if Airdroid is connected to the phone It can bypass the lockscreen and you can access to the internal memory anyways with the Airdroid website!, so I did a full backup of all my pictures and then I did a factory reset!, the copy was a kinda slow but I didn't care of course!. What a relief!!!
So, I really recommend use Airdroid (and have the app connected of course), it saved my life!, I was really frustrated about this, I cant believe Google doesnt provide the old way the restore the pattern like in Kitkat and Jelly Bean.
wizardwiz said:
I think there's a file not sure if it is directly under /data/system or one of it's sub directories, but basically what I did was to boot to TWRP , use the built it file manager and delete that file. I could then access my phone. I will search maybe I kept the file name somewhere.
EDIT:
Just remove this file /data/system/gesture.key
and reboot.
Click to expand...
Click to collapse
It worked like a charm!
I have a fingerprint enabled phone. forgot my pattern, followed your suggestion and presented in my phone are data/system/gesture.password.key and gesture.pattern.key so I deleted the pattern.key (guided by forgotten pattern) I rebooted and my apps were optimized and voila the phone is unlocked.
However, I tried accessing the fingerprint menu on my phone but refused access. I then used root explorer, browse to aforementioned location, copied and renamed gesture.password.key to gesture.pattern.key as it was before deletion.
went back to the security setting of my phone, setup pin option (scared of forgetting the pattern again) and phone screen locked. I try using my fingerprint to unlock (which I am accustomed to) and voila! it says pin required for additional security. entered Pin and the fingerprint menu became functional again and all previously stored fingerprints remained unaltered....QED
Hello All! I am me2151.
I am here to tell you some kind of good news.
We have achieved a temporary root shell using a modified recowvery script. Originally Recowvery installed a custom "recovery" but I have modified it to instead create a temporary root shell using the System_Server SELinux context and disable the flashing portion of the script. Yes we are still limited until we can get Kernel or Init context but I am working on that as well.
This exploit will be useful down the line because of one major thing. WE CAN INSERT KERNEL MODULES!!! But they need to be signed. So I am releasing this out here so we can take the next step into our full root! We also have rw to the /data partition and changes save over a reboot.
If we can get someone to sign a kernel module that the system accepts we can set SELinux to permissive.
This exploit SHOULD work for all variants.
NOTE: This should only be used by devs who know what they are doing.
Instructions(this should work on MacOS and Linux only!):
Download linked file below.
Extract to either adb directory OR a directory you have adb access in.
Give execute permissions to temp.sh.
Run temp.sh.
When you are all done with your exploring and stuff type "Reboot" to reboot normally.
https://drive.google.com/open?id=0B8CP3g3AqMuHcmNJUUJWLUJUelE
Credit:
@jcadduono - For recowvery, and pointing me in the right direction on IRC.
@brenns10 - Wrote the lsh used in the exploit to spawn the shell.
The group over here for ideas and solutions.
Very cool work! Glad to see people putting my shell (such as it is) to good use. Wish I had a V20 to try it out
I don't think you'll ever be able to sign a kernel module (SHA512 hash). You'd probably have better luck signing your own boot image.
Here's a theory to toy with:
I think the way to do it would be to gain read access to /init binary allowing you to dirtycow /init with the same init binary but change a very specific (but not vital to system integrity) set of instructions to point back to the setenforce code with a value of 0 without disturbing the rest of the binary/instructions. This way, init should continue running without crashing and taking down the whole system, and you can do something that might trigger that specific instruction set - which would then result in selinux becoming permissive.
This is beyond me, unfortunately. This method would also be very device specific until someone also finds an intelligent way to read init, modify instructions, then dirtycow it back.
I think system server context might be able to read init?
Once you get your permissive selinux, you'll also have to deal with Unix capabilities limitations (find a way around them).
jcadduono said:
I don't think you'll ever be able to sign a kernel module (SHA512 hash). You'd probably have better luck signing your own boot image.
Here's a theory to toy with:
I think the way to do it would be to gain read access to /init binary allowing you to dirtycow /init with the same init binary but change a very specific (but not vital to system integrity) set of instructions to point back to the setenforce code with a value of 0 without disturbing the rest of the binary/instructions. This way, init should continue running without crashing and taking down the whole system, and you can do something that might trigger that specific instruction set - which would then result in selinux becoming permissive.
This is beyond me, unfortunately. This method would also be very device specific until someone also finds an intelligent way to read init, modify instructions, then dirtycow it back.
I think system server context might be able to read init?
Once you get your permissive selinux, you'll also have to deal with Unix capabilities limitations (find a way around them).
Click to expand...
Click to collapse
if system_server can read init then thats a serious flaw.... Question for you. you said it would be very device specific. does that mean its unique for each individual phone or each model?
EDIT:Unfortunately we only have access to the init.rc not the binary it self.
@jcadduono I appreciate your input and direction in this matter another idea we have been toying with is
We have the aboot boot recovery and system dump. From the tmob variant would it be possible to make a tot from that for our devices changing the props to match our device, build, and carrier info? We can also pull apks from /system/apps and /privapps to our ext sdcard
@me2151, @jcadduono, @brenns10: Great work guys, keep it up. Good to see some people are trying for root. What model/s are being tested, or should this theoretically work on all models? Whilst you probably aren't doing it for the cash, there is a bounty I hope someone can claim soon, for a functonal root alone (not boot unlock) posted on this board.
RoOSTA
roosta said:
@me2151, @jcadduono, @brenns10: Great work guys, keep it up. Good to see some people are trying for root. What model/s are being tested, or should this theoretically work on all models? Whilst you probably aren't doing it for the cash, there is a bounty I hope someone can claim soon, for a functonal root alone (not boot unlock) posted on this board.
RoOSTA
Click to expand...
Click to collapse
It should work on all models. I personally use a sprint model(LS997). I think it MAY have been tested on VZW as well.
I can confirm that work on H990DS
Sent from my MI PAD using XDA-Developers mobile app
We know from earlier LG phone releases that the laf partition when bypassed in some way (corrupted, etc) aboot will boot to fastboot when going into download mode. It was my thought that the bootloader could be unlocked from there. However corrupting laf eliminates device recovery. Catch-22.
I think the best way to proceed is to get a working .TOT first which is just a waiting game. That would ensure device recovery and replacing the bootloader in the .TOT and signing it with something unlockable.
This is a great way to explore the locked phones in the meantime, thanks.
ATT Pretty Please
me2151 said:
Hello All! I am me2151.
I am here to tell you some kind of good news.
We have achieved a temporary root shell using a modified recowvery script. Originally Recowvery installed a custom "recovery" but I have modified it to instead create a temporary root shell using the System_Server SELinux context and disable the flashing portion of the script. Yes we are still limited until we can get Kernel or Init context but I am working on that as well.
This exploit will be useful down the line because of one major thing. WE CAN INSERT KERNEL MODULES!!! But they need to be signed. So I am releasing this out here so we can take the next step into our full root! We also have rw to the /data partition and changes save over a reboot.
If we can get someone to sign a kernel module that the system accepts we can set SELinux to permissive.
This exploit SHOULD work for all variants.
NOTE: This should only be used by devs who know what they are doing.
Instructions(this should work on MacOS and Linux only!):
Download linked file below.
Extract to either adb directory OR a directory you have adb access in.
Give execute permissions to temp.sh.
Run temp.sh.
When you are all done with your exploring and stuff type "Reboot" to reboot normally.
https://drive.google.com/open?id=0B8CP3g3AqMuHcmNJUUJWLUJUelE
Credit:
@jcadduono - For recowvery, and pointing me in the right direction on IRC.
@brenns10 - Wrote the lsh used in the exploit to spawn the shell.
The group over here for ideas and solutions.
Click to expand...
Click to collapse
At the moment all I am using root for is to add a line within my build.prop to disable Tethering checks, so I can tether at full 4G speed and not get throttled. Would this be possible using the method above, or would build.prop immediately get replaced at the reboot?
Thanks, and keep up the good work!
NRadonich said:
At the moment all I am using root for is to add a line within my build.prop to disable Tethering checks, so I can tether at full 4G speed and not get throttled. Would this be possible using the method above, or would build.prop immediately get replaced at the reboot?
Thanks, and keep up the good work!
Click to expand...
Click to collapse
no. it is a tcp root shell that can only do a few things such as kernel modules.. only section we were able to write to and have it stick was the /data partition which wont help you in this scenario
elliwigy said:
no. it is a tcp root shell that can only do a few things such as kernel modules.. only section we were able to write to and have it stick was the /data partition which wont help you in this scenario
Click to expand...
Click to collapse
So if we can write to data partition then in theory can we adb push to it using this? I ask because I'd like to install some tbo apps that normally would require flashing. But if we could push them we would be solid
markbencze said:
So if we can write to data partition then in theory can we adb push to it using this? I ask because I'd like to install some tbo apps that normally would require flashing. But if we could push them we would be solid
Click to expand...
Click to collapse
Unfortunately its a tcp shell. not a pure adb shell. so we cannot push or pull to those directories
Wow great progress keep up the good work. You guys are helping those assholes from LG sell more phones. Obviously some people have not made the switch because the lack of root. Root users are very influential leaders to get others to try out a new device.
Sent from my LG-LS997 using XDA-Developers mobile app
Works on the LG G5 also...
Hey guys, with the expectation of many that 'root is coming' to the other v20 models...are we likely to see the same type of root format that applied to the LG G4, where you have to (either) download or rip your own image to a PC. Use commands to insert root, then reflash to the device?
Any root is better than nothing, I know...but I ask because with the amount of software updates for the G4 (v10c software through to v10k before MM came out), meant the sheer amount of times you'd have to go through this process to keep your phone up to date whilst maintaining root was extremely frustrating - as it also meant xposed and related settings/apps needed to be reinstalled each time you performed an OTA update and re-flashed root.
Is this going to be a side effect of dealing with a locked bootloader? PS: If I sound dumb, it's probably because I am.
RoOSTA
roosta said:
Hey guys, with the expectation of many that 'root is coming' to the other v20 models...are we likely to see the same type of root format that applied to the LG G4, where you have to (either) download or rip your own image to a PC. Use commands to insert root, then reflash to the device?
Any root is better than nothing, I know...but I ask because with the amount of software updates for the G4 (v10c software through to v10k before MM came out), meant the sheer amount of times you'd have to go through this process to keep your phone up to date whilst maintaining root was extremely frustrating - as it also meant xposed and related settings/apps needed to be reinstalled each time you performed an OTA update and re-flashed root.
Is this going to be a side effect of dealing with a locked bootloader? PS: If I sound dumb, it's probably because I am.
RoOSTA
Click to expand...
Click to collapse
it shouldnt be an expectation as weve made it clear we do not have root and are hitting hurdles.. we have been advised we need to atack selinux and or the bl but at this point were wanting to try to use debug firmware which hoprfully would allow a bl unlock..
unfortunately nobody can creat a .tot with the debug firmware at al and theres no way at all to flash the images..
we need to somehow leverage an exploit to gain a temp adb root shell before we could even attempt anything and this has not been done in a way thats useful to us..
unfortunately we need more experienced devs at this point.
LG Australia (and as such, Taiwan) have effectively confirmed their H990DS v20 mobile phone's bootloader is confirmed as being unlockable. However (and for no apparent reason) they will not confirm why one region have released a variant of the phone with the bootloader unlock and why they are refusing this to others phones/regions. Because of course, they have zero training and information about anything related to their company expect for goods released in a specific region. That comes from a 'product expert'
Titanium Backup
Howdy,
Just reading through the thread, I understand that it's not quite a "full" root, but would it be enough to run Titanium Backup? I'm hoping to move away from root access with my V20 but it would be really helpful if I could do it temporarily, restore some application and data backups, reboot and uninstall Titanium.
Tim
Hi all,
According to you, is rooting your device or unlock its bootloader a way for making it less secure, more vulnerable to attacks ?
Is it a false idea or a real subject ?
iwanttoknow said:
Hi all,
According to you, is rooting your device or unlock its bootloader a way for making it less secure, more vulnerable to attacks ?
Is it a false idea or a real subject ?
Click to expand...
Click to collapse
Yes it definitely is less seure
IronRoo said:
Yes it definitely is less seure
Click to expand...
Click to collapse
Thanks for your reply.
Coud you please give us more details ?
Do you mean that it can be hacked ?
What device's components are less secure when the it's rooted ?
iwanttoknow said:
Thanks for your reply.
Coud you please give us more details ?
Do you mean that it can be hacked ?
What device's components are less secure when the it's rooted ?
Click to expand...
Click to collapse
Yes, basically everything is less secure. Eg
quote "By gaining root access, you get total control over the entire system. With the right skills and tools, you can read and modify almost any parameter on your device. This is the reason why some apps, as as SuperSU, require root access in order to work properly. However, this type of access is a double edged sword as with root access nothing is there to prevent malicious applications from wreaking havoc on your system: system files can be corrupted or deleted, personal information can be skimmed, and you could even soft brick your device."
https://www.androidpit.com/5-reasons-not-to-root-your-device
And possible even just having su binary installed is an issue, though it's not clear to me whether this has been confirmed, it seems precautionary to me, if it's just a LinageOS issue or more devices are vulnerable, however this weeks update to Linage OS is trying to address this. Anyhow the fix seems to have some extra benefits
https://lineageos.org/Changelog-9/
Also, just to be clear, you are still able to be hacked even if you are not rooted, but it's a whole lot more difficult.
iwanttoknow said:
Thanks for your reply.
Coud you please give us more details ?
Do you mean that it can be hacked ?
What device's components are less secure when the it's rooted ?
Click to expand...
Click to collapse
Also just to be a tad bit more correct in nature,
Rooting or unlocking your bootloader do NOT necessarily mean your device is any less secure than it is when you first turn it on after purchase.
Many people tend to misunderstand what rooting a phone is intended for, and most of the popular "One-Click" methods are simple apps you download install and run on your phone to acquire root access through a process called "Privlidge Escalation" which gains permission as root by simply climbing a chain that eventually lets it give you access to all your phones internals,
Thus in theory, any given app could be injected with that same code & then used to MALICIOUSLY root your device (without your knowledge or control) which would obviously be a MAJOR security flaw *Cough Cough* on Google's end *Cough Cough* but since it is generally only used by geeks who want to use a phone properly they don't look too much deeper past that. However rooting your device by yourself, unlocking your bootloader by yourself, controlling root permissions via SuperSU or like application ensures if anything TRIES to gain root access YOU being the owner of YOUR device can deny the possible threat instead of never being aware of it........
Thanks for your reply.
What is *Cough Cough* ?
BTW I understand that a malicious application can take control of my device without I know it, if it's not rooted, by using the same code as applications rooting your device.
Do I have well understood what you wrote ?
But how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application...
It's a veritable vicious circle.
?
The question you should be asking yourself is this. Why do I want to root my device?
Though, any device may have vulnerabilities which can be exploited to gain root like mentioned. If you want to keep your device secure, do not install or use anything from an unknown source.
samehb said:
The question you should be asking yourself is this. Why do I want to root my device?
Click to expand...
Click to collapse
My main raison to root my device (if I did), would be to have a finest control on it.
But it's seems to be a difficult goal... like security in general.
?
iwanttoknow said:
My main raison to root my device (if I did), would be to have a finest control on it.
But it's seems to be a difficult goal... like security in general.
?
Click to expand...
Click to collapse
SuperSU will automatically deny anything asking it to provide root access by default . When you have an app for rooted phones installed and you run it for the first time you will get a pop-up from the SuperSU app to say "Yes, go ahead" or "No!" to anything before it even runs. So for me I always try to get devices with a way to root available because its the only way I know if stuff is trying to gain root access without my permission & watch it's actions.
@LilAnt530
Thanks for your reply.
My previous device was rooted and I used SuperSU.
But as I wrote before, "how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application..."
iwanttoknow said:
@LilAnt530
Thanks for your reply.
My previous device was rooted and I used SuperSU.
But as I wrote before, "how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application..."
Click to expand...
Click to collapse
Oh okay dude apologies the Open Source alternative to SuperSU is Phh's SuperUser & you can find it in the magisk related forum. SuperUser is only questioned as "Malicious" because ChainFire keeps the source closed from what I understand, so I believe it was Phusssion who came to light abt showing us systemless root methods with his open source root management app . You may need to root your phone with an unsafe method, & install Magisk Manager & deploy a magisk install to get the open source variant to work though, not 100% sure
It seems that it will be more and more difficult to root a mobile with new Android's versions.
iwanttoknow said:
It seems that it will be more and more difficult to root a mobile with new Android's versions.
Click to expand...
Click to collapse
I agree! And it also feels like its becoming a very heavy marketing plot aspect instead of another thing that made Android great. Like are we just supposed to pay ridiculously for the Pixel to obtain root? & for the record, that "Essential" phone, is still sorta essentially too expensive......
iwanttoknow said:
@LilAnt530
Thanks for your reply.
My previous device was rooted and I used SuperSU.
But as I wrote before, "how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application..."
Click to expand...
Click to collapse
Phh superuser with Magisk is a 100% open source method for managing root access on your device
Also discussed there: https://forum.xda-developers.com/showthread.php?t=2687933
Primokorn said:
Also discussed there: https://forum.xda-developers.com/showthread.php?t=2687933
Click to expand...
Click to collapse
Thanks I was trying to find one of those lol. As ive seen this question asked hundreds of times within recent months across forums
iwanttoknow said:
Hi all,
According to you, is rooting your device or unlock its bootloader a way for making it less secure, more vulnerable to attacks ?
Is it a false idea or a real subject ?
Click to expand...
Click to collapse
Rooting is a way to access the root-user on Android. It is the exact same as logging in as the root user in UNIX based operating systems. The windows equivalent of 'root' user, is an administrator account. Only difference is, within other UNIX based operating systems, the root user account is easily accessible. In android, it is blocked, so you need to do some process to gain access to the root user account. This process is known as "rooting".
Now, with administrative privileges, you gain the ability to modify the system, which is very useful, if kept in the right hands. But GOD FORBID, you get some nasty malware, such as a trojan or virus on your rooted device, that piece of malware now has access to administrative privileges, and can virtually do ANYTHING it wants to your system.
If you get some malware while the device does not have root access, the scenario is a lot less serious, as the malware cannot access system files, UNLESS there is an exploit designed SPECIFICALLY for that device or software version.
Now, unlocking bootloader in theory is a security flaw.... but then again, freedom is always inversely proportional to security... you have to sacrifice a bit of one to acquire the other. Theoretically, if all the custom operating systems you install are from trusted sources, and there is no embedded backdoors or spyware, or rootkits, or trojans, it is perfectly alright, software vulnerabilities, it is alright. But you simply cannot trust what these developers of custom roms actually embed into their roms, without actually examining the code itself.
I would recommend if you root and unlock the bootloader, install a custom recovery software such as TWRP. That way, in case your device gets compromised by hackers/malware, you can completely reformat the drive, and flash the stock firmware, thereby removing the malware.
Hope this helps.
Hope this helps.
---------- Post added at 09:31 AM ---------- Previous post was at 09:28 AM ----------
iwanttoknow said:
It seems that it will be more and more difficult to root a mobile with new Android's versions.
Click to expand...
Click to collapse
Yes, but the difficulty isn't because of the operating system necessarily. It is mostly because the phone manufacturers lock the bootloader, which makes the process of getting root very difficult. In addition to that, certain exploits that we use to gain root access are also being patched in the newer Android versions.
BIG_BADASS said:
Rooting is a way to access the root-user on Android. It is the exact same as logging in as the root user in UNIX based operating systems. The windows equivalent of 'root' user, is an administrator account. Only difference is, within other UNIX based operating systems, the root user account is easily accessible. In android, it is blocked, so you need to do some process to gain access to the root user account. This process is known as "rooting".
Now, with administrative privileges, you gain the ability to modify the system, which is very useful, if kept in the right hands. But GOD FORBID, you get some nasty malware, such as a trojan or virus on your rooted device, that piece of malware now has access to administrative privileges, and can virtually do ANYTHING it wants to your system.
If you get some malware while the device does not have root access, the scenario is a lot less serious, as the malware cannot access system files, UNLESS there is an exploit designed SPECIFICALLY for that device or software version.
Now, unlocking bootloader in theory is a security flaw.... but then again, freedom is always inversely proportional to security... you have to sacrifice a bit of one to acquire the other. Theoretically, if all the custom operating systems you install are from trusted sources, and there is no embedded backdoors or spyware, or rootkits, or trojans, it is perfectly alright, software vulnerabilities, it is alright. But you simply cannot trust what these developers of custom roms actually embed into their roms, without actually examining the code itself.
I would recommend if you root and unlock the bootloader, install a custom recovery software such as TWRP. That way, in case your device gets compromised by hackers/malware, you can completely reformat the drive, and flash the stock firmware, thereby removing the malware.
Hope this helps.
Hope this helps.
---------- Post added at 09:31 AM ---------- Previous post was at 09:28 AM ----------
Yes, but the difficulty isn't because of the operating system necessarily. It is mostly because the phone manufacturers lock the bootloader, which makes the process of getting root very difficult. In addition to that, certain exploits that we use to gain root access are also being patched in the newer Android versions.
Click to expand...
Click to collapse
Thanks a lot for your detailed answer.
If you need security, just root and install supersu or magisk.
If you have xposed framework, then try a nice fire wall like Xprivacy
As far as I can tell both SuperSU and Magisk are trusted and reliable, people wouldn't be using them, if they were untrustworthy. And I agree with Big's comments, freedom and ability to manipulate what you want in the device comes with a significant security issue. You are going to have to be careful about this either way.
Many thanks for reading my post. I really apriciate your time .
I think I recently installed an app that used a rootkit to temporarily give itself root acces. The bootloader of my device is still locked (Huawei Ale-L21, I know the phone is old ).
After I found out, I deleted the app and factory recet the phone. I checked with root checker and my phone doesn't have root acces anymore.
Is it possible that the app has injected code into the system partion of my phone that will remain after a factory recet. I haven't found any traces on the data partion of my device and haven't noticed any suspicious activity after the factory reset. The app also didn't convert itself to a system app. And to reitterate, the bootloader of the phone still seems locked.
My main concern would be that malicious code could get acces to for example my camera without me knowing. Is this a realistic threat to worry about.
My second question would be: does malicious code manifest itself as a system app persé or could it affect my device in another way without me noticing.
Agin thanks to everyone who took the time to read and (hopefully) answer my questions.
HumboBumbo said:
Many thanks for reading my post. I really apriciate your time .
I think I recently installed an app that used a rootkit to temporarily give itself root acces. The bootloader of my device is still locked (Huawei Ale-L21, I know the phone is old ).
After I found out, I deleted the app and factory recet the phone. I checked with root checker and my phone doesn't have root acces anymore.
Is it possible that the app has injected code into the system partion of my phone that will remain after a factory recet. I haven't found any traces on the data partion of my device and haven't noticed any suspicious activity after the factory reset. The app also didn't convert itself to a system app. And to reitterate, the bootloader of the phone still seems locked.
My main concern would be that malicious code could get acces to for example my camera without me knowing. Is this a realistic threat to worry about.
My second question would be: does malicious code manifest itself as a system app persé or could it affect my device in another way without me noticing.
Agin thanks to everyone who took the time to read and (hopefully) answer my questions.
Click to expand...
Click to collapse
You will probably need to flash your stock firmware
Rootkits, the worst of the trojans... go full nuke with the reflash option.
Note that a factory reset leaves the phone's system partition (the "ROM") untouched. If there were made any changes to the system partition (such as rooting), those will remain.
Only re-flashing phone's Stock ROM helps to get rid off of changes made to the system partition.
jwoegerbauer said:
Note that a factory reset leaves the phone's system partition (the "ROM") untouched. If there were made any changes to the system partition (such as rooting), those will remain.
Only re-flashing phone's Stock ROM helps to get rid off of changes made to the system partition.
Click to expand...
Click to collapse
Here's one of those:
xHelper malware: What it is, how it works and how to prevent it | Malware spotlight | Infosec Resources
Research shows malware spreading and directed specifically at mobile users. Check Point’s 2019 Mid-Year Trends Report shows that cyberattacks targeting
resources.infosecinstitute.com
The newer OS's aren't vulnerable to this one but it shows how insidious these rootkits can be.
@blackhawk
Because you tagged me:
I have never had the embarrassment of a phone I had or still have got infected with malicious software ( rootkits ).
I know how to protect myself from this.
And I never have bricked a phone because I know how to proceed correctly when it comes to rooting Android.
jwoegerbauer said:
Note that a factory reset leaves the phone's system partition (the "ROM") untouched. If there were made any changes to the system partition (such as rooting), those will remain.
Only re-flashing phone's Stock ROM helps to get rid off of changes made to the system partition.
Click to expand...
Click to collapse
I recently read up about bootloaders but would a locked bootloader not check the signature of the rom, so that if changes were made to the system partion the phone wouldn't boot or something allong those lines. Apologies if that is not how it works, I'm only just recently starting to learn about it.
blackhawk said:
Rootkits, the worst of the trojans... go full nuke with the reflash option.
Click to expand...
Click to collapse
Could you mabey rephrase that? I don't fully understand what you mean.
blackhawk said:
Here's one of those:
xHelper malware: What it is, how it works and how to prevent it | Malware spotlight | Infosec Resources
Research shows malware spreading and directed specifically at mobile users. Check Point’s 2019 Mid-Year Trends Report shows that cyberattacks targeting
resources.infosecinstitute.com
The newer OS's aren't vulnerable to this one but it shows how insidious these rootkits can be.
Click to expand...
Click to collapse
Would a virus like this show up in the apps section in your settings or do you think it wouldn't be noticable in any way?
Hello, is there a way to root the phone where everything works now (Bluetooth, Face ID, etc.)?
I would very much like to see this answered. I've seen some application-specific instructions such as this reddit thread for enabling Samsung Health, and I've read about hiding the fact that the phone is rooted from apps by using MagiskHide, but it's not clear whether this works for all apps and features or just some. There's also this recently updated guide to rooting that claims:
Magisk is a highly advanced way of rooting android systemless-ly. This means that Magisk root android without changing or modifying the system partition. Hence you can receive OTA updates, run apps that require to pass Google’s SafetyNet tests.
Click to expand...
Click to collapse
However, many hacks that sound good when you read about them in advance run into snags and gotchas once you actually get into implementing them, and I'm hesitant to just give it a try and see how it works out when tripping Knox is irreversible and if things stop working you can't get them back by flashing the stock ROM.
I'd be grateful if anyone who has actual experience on this subject could vouch for being able to re-enable all lost functionality after rooting or to not lose it in the first place, or whether even some lost functionality can be enabled (and if so, what have you been able to get working and what haven't you? I don't know about OP, but to me the most important ones are Secure Folder and Samsung Health).
Also, does anyone have experience with retaining Knox-sensitive functionality on rooted S9 Exynos with Android 11 (either rooting after upgrading to 11, or rooting first and retaining root when upgrading)?
@bis225
IMO noone needs Magisk to root a device's Android. Rooting Android means having the SU-binary present on Android - a ~100KB file - nothing else. Copying SU-binary onto Android allows you to temporariy give you root access when needed.
jwoegerbauer said:
@bis225
IMO noone needs Magisk to root a device's Android. Rooting Android means having the SU-binary present on Android - a ~100KB file - nothing else. Copying SU-binary onto Android allows you to temporariy give you root access when needed.
Click to expand...
Click to collapse
I'm not sure I understand what you're saying. Are you telling me that you can simply copy the file onto an unrooted phone, and voila, you can gain root access?? Can you point to information about what to do and how this works? It runs contrary to everything I've ever read on the subject.
To the best of my understanding, in order to install su binary unto an unrooted phone you need to install a custom recovery, and use that to flash the su binary onto the phone. I thought the idea of Magisk was to provide root access without modifying system files so that SafetyNet can't detect that the system has been modified. Unless I'm missing something there's no disadvantage to rooting with Magisk, only advantages, but regardless, I don't see how it makes a difference with respect to this topic. Installing a custom recovery is what trips Knox and prevents some features and apps from working, so it doesn't really matter what root method you use if you have to use a custom recovery to install it.
If you know of a way to root a Galaxy S9 without using a custom recovery or tripping Knox and that can't be detected by SafetyNet, please elaborate.
Rooting Android simply means to add a ( hidden ) user called root ( AKA super-user ) who has ALL rights to Android's file system.
For example from within ADB you activate this user and let run him any command what requires to have ALL rights - assumed the SU-binary is located in /sdcard
Code:
adb shell "/sdcard/su -c '<command-here>'"
AFAIK Magisk installs the SU-binary in /data/adb/magisk/busybox, but I may err.
@jwoegerbauer
But I didn't ask what rooting means. Unfortunately, this doesn't answer any of my questions.
I think I clearly expressed that neither a Custom Revovery nor Magisk itself is needed to have root, that simply copying SU-binary to Android's user-space is enough.
If you want to root via Magisk then do it.
Personally never would do it this way.
jwoegerbauer said:
I think I clearly expressed that neither a Custom Revovery nor Magisk itself is needed to have root, that simply copying SU-binary to Android's user-space is enough.
If you want to root via Magisk then do it.
Personally never would do it this way.
Click to expand...
Click to collapse
This really seems contrary to everything I've read, and this Stack Exchange thread specifically explains why that wouldn't work, but if you say you have experience with this and it works for you, I'm certainly willing to give it a try and see how far it gets me. Do you know where a copy of the su binary can be obtained? All my searches for su binary lead to the supersu APK and instructions for installing it by flashing, or something along those lines. I can't find an su executable that can just be copied to internal storage as-is anywhere.