Home Android Android Rooting Process

Android Rooting Process

Android By · July 13, 2023 · 0 Comment

In order to root Android device, few steps will have to be performed. These steps are done in certain order, which when completed will provide root access.

Major steps involved in rooting are:

  • Unlocking Bootloader
  • Flashing Custom Recovery
  • Install Rooting Script

Unlocking Bootloader

The loader needs to be unlocked so that we can run our code during device boot. By default bootloader uses security feature (usually signing) to verify that the bootloader passes control to verified (company signed) executable/block device. This prevents us from running custom code after bootloader and thus this needs to be “unlocked”. Once bootloader is unlocked, we will be able to run our code directly after the bootloader.

References

Flashing Custom Recovery

Once we have unlocked bootloader, we can modify recovery partition and add additional files/executables with extended capabilities. Most commonly used custom recovery toolset is called TWRP (Team Win Recovery Project).

Custom recovery application extends the capabilities of native (maybe vendor-based) recovery tool and in some way standardizes them. We can backup system image, restore it, have terminal access, wipe partitions, etc…

References

Install Rooting Script

Rooting script is an Android patch-set, which is installed to existing Android OS and enables root access.
This is needed because even thought Android devices are quite capable, they are restricted by Android’s security model. If for example we wish to remove some pre-installed apps which are not removable, we cannot do that unless we root the device. The same is true for gaining more elevated permissions.
Other use-cases are installing custom kernel module, changing UI, tweaking locked system settings, etc…

Most common rooting scripst are Magist and MagiskSU. It is installed via custom recovery (e.g. TWRP) and once it’s installed, local root access is enabled.

Magisk is a framework for developers to create modules for modifying and Android system without actually altering system files. This systemless method has the advantage of being less likely to cause issues with system integrity checks like Google’s SafetyNet, which certain apps use to block access from modified devices. Magisk also includes features to hide its presence from specific apps, which is useful for running apps that block access on rooted devices.

MagiskSU is a part of Magisk and is the component that handles managing root access for individual applications. When an app requests root access, MagiskSU is the component that prompts the user to grant or deny that access. It’s comparable to other SU (Switch User) management tools like SuperSU, but unlike SuperSU, MagiskSU is integrated into the systemless framework of Magisk.

References

Rooting Android Emulator

The steps are in my case all needed to root Android emulator

cd ~/Temporary/
git clone https://github.com/shakalaca/MagiskOnEmulator.git
cd MagiskOnEmulator
wget "http://... Magisk-v26.1.apk"
mv Magisk-v26.1.apk magisk.apk

# Create AVD in Android Studio using debug image and then start it
~/Android/Sdk/emulator/emulator -avd Pixel_2_API_30 -writable-system -selinux disabled -qemu -enable-kvm&
adb root
adb shell avbctl disable-verification
adb disable-verity
adb reboot
adb wait-for-device
adb root
adb remount

bash patch.sh canary

adb reboot
adb wait-for-device
adb root
adb remount

curl "https://download.chainfire.eu/1220/SuperSU/SR5-SuperSU-v2.82-SR5-20171001224502.zip?retrieve_file=1" -o supersu.zip
unzip supersu.zip -d supersu
# Download supersu.apk from:
#  https://www.apkmirror.com/apk/codingcode/supersu/supersu-2-82-sr5-release/supersu-2-82-sr5-android-apk-download/download/?key=d4b9be630d3f48406d4936fef2789cecd39ce99d
adb install supersu.apk

adb shell "mount -t tmpfs -o size=15M tmpfs /system/xbin"
adb push supersu/x64/. /system/xbin/

Resources

Other Resources

Related Posts

Tapping and capturing screen on Android via ADB

Android By · September 25, 2024 · 0 Comment
Read more

Starting ADB server listening on different TCP Port

Android By · August 2, 2024 · 0 Comment
Read more

Usefull Android Posts

Android By · July 17, 2023 · 0 Comment
Create Foreground Service https://robertohuertas.com/2019/06/29/android_foreground_services/ Check that application is installed Check that application is running Read more

Creating Device Owner App With Background Installation Feature

Android By · July 17, 2023 · 0 Comment
I had a task to support background installation of Android apps on recent Android OS. My Googling/GPT skills identified that one way to do it on non-rooted device is to use PackageManager API along with marking the app as ‘device-owner’.... Read more

Useful Android ADB Commands

Android By · July 14, 2023 · 0 Comment
Get Android Version Start ADB Server On Specific Port List Processes Package Version Dump camera information Listing process logs Listing installed applications Read more

Making Android Service a System App

Android By · July 12, 2023 · 0 Comment
By default when Android application is installed for example via debugger, id only has permissions defined in it’s AndroidManifest.xml. But that’s actually not true, as some permissions cannot be given to regulary installed apps (e.g. android.permission.BROADCAST_SMS). To enable all posible... Read more

Android WIFI Debugging

Android By · July 12, 2023 · 0 Comment
To set-up Android WIFI debugging, perform the following steps. Connect Android and PC to same WIFI network. Then, in Android go to developer tools and enable wifi debugging. Then in debugging menu, select pair device, where you’ll get an IP... Read more

Simulate events in Android Emulator

Android By · June 29, 2023 · 0 Comment
I had to do some testing with application which expected certain boot events to occur to start properly. Since it was an emulator, boot event was never received and so I was not able to start all background services related... Read more

Leave a Reply

Your email address will not be published. Required fields are marked *