Wednesday, January 23, 2019

What are the steps for rooting an Android device, in general?


I'm aware that for different devices the particular procedures are different, but I guess there are principal similarities in the procedure.



So what are the basic steps to root your phone? What actually happens behind the scene, when someone follows any of the rooting guides available?


What is the magic that gives you root privileges to your phone? How are the user privileges handled afterwards?



Answer



There are a few parts to the process:




  1. Unlocking or bypassing any bootloader protection, allowing the system partition to be written




  2. Installing the relevant binaries to acquire root.





Both of these stages can vary from phone to phone, but here are a few examples:


Unlocking the bootloader


On many OEM phones, this traditionally involves exploiting a vulnerability in part of the system in order to rewrite certain partitions. Sometimes it will mean flashing a new bootloader, a new recovery (this is becoming common) or temporarily booting from an image over USB, in order to gain recovery access to the system partiton.


On the Nexus range of phones, and the development phones that were released by Google, it is as simple as running "fastboot oem unlock", though this will wipe the phone. Also, bowing to pressure from the development community, many manufacturers now offer an official route to unlocking the bootloader.


Installing the root binaries.


Once the system partition has been cracked then the rest is fairly straight-forward. It basically means installing the 'su' binary (this escalates to super user permissions), and an apk which provides an Android front end to 'su', and prompts the user when an app is requesting root permission.


There are several approaches to this second stage. The most common has been to use a pre-rooted ROM provided by the community. There is often a choice, from the stock ROM provided by the manufacturer and then tinkered with to add the binaries, through to a whole range of AOSP (Android Open Source Project) ROMs, such as CyanogenMod (one which I contribute to).


There are some other methods. For example, some phones (eg Galaxy Nexus) can use a "superboot" bootloader, which tinkers with your existing ROM as bard of the boot process. It is flashed to your phone using the fastboot program.



Typically there will be a single favoured approach for any particular phone.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

samsung galaxy s 2 - Cannot restore Kies backup after firmware upgrade

I backed up my Samsung Galaxy S2 on Kies before updating to Ice Cream Sandwich. After the upgrade I tried to restore, but the restore fails ...