[ 3 / biz / cgl / ck / diy / fa / ic / jp / lit / sci / vr / vt ] [ index / top / reports ] [ become a patron ] [ status ]

2023-11: Warosu is now out of extended maintenance.

/diy/ - Do It Yourself

File: 499 KB, 2048x1536, IMG_20130817_112848.jpg [View same] [iqdb] [saucenao] [google]

517497

"rooting" Android OS secureanon Fri Aug 30 21:15:41 2013 No.517497 [Reply] [Original]

I'm posting this here as a long shot.

I've got an Android powered device, and I want to root it. However, there are no "roots" or "root hacks" available for it. Sucks.

So this got me wondering what specific changes are being made to the OS in order to be able to "su" or "sudo"?

I've been all over xda-developers, and xda-university, trying to figure this out, to no avail. There are plenty of explanations to the benefits of rooting, what the effects of rooting are, and many many "roots" for specific devices, but very little explanation of where these actually come from and how they're made.

So I'm not asking for a workable exploit for a particular device, I'm trying to figure out how to get root on Android OS.

If any /diy/kes know the direction to point me in, please tell me. I'm getting more and more into Linux, so I feel like I'd be pretty familiar with Android's inner machinations. Whether there's a website or a bagillion dollar book with a gazzilion pages, I'm just pretty desperate to know how to root Android powered devices from scratch.

>>

Anonymous Fri Aug 30 21:36:12 2013 No.517504

>>517497
Open it and find the processor and the chipset. Search for firmware for the specific CPU model(Probably an Allwinner).

Rooting uses a bug in some software to raise the user from common user to root, just that simple. The thing is that the bug is mostly model related, though generic devices share same methods.

>>	Anonymous Fri Aug 30 23:02:40 2013 No.517532 One thing I was never sure about, is it possible to install some other os like debian on one of these android devices? I don't see why these chinese manufacturers would bother with hardware DRM but I don't know.

>>	Anonymous Fri Aug 30 23:15:39 2013 No.517537 How did sorting that huge IP range go?

>>	Anonymous Sat Aug 31 07:13:09 2013 No.517678 >>517532 Yes it is possible, but it is somewhat hard. Give Project Vivaldi a look.

>>

secureanon Sat Aug 31 09:00:10 2013 No.517691
File: 495 KB, 2048x1536, IMG_20130831_084642.jpg [View same] [iqdb] [saucenao] [google]

>>517504
>Open it and find the processor and the chipset. Search for firmware for the specific CPU model(Probably an Allwinner).
Okay I'll try that.
>Rooting uses a bug in some software to raise the user from common user to root
That's what I gotta figure out a little better. My goal now isn't really to root any specific device, but to be able to write my own root exploits for any device.

>>517532
>>517678
Not exactly the same as what you're talking about, but I use the app Android on Linux to help with installing a Linux distro into a chroot jail. I usually have under-powered devices, and I've found that the ARM version of BackTrack 5 is the most stable for me, but there's also an LXDE Debian that worked really well.

>>517537
Pic related!!!
I've got all the info I need, and now I'm trying to work sorting it out around all the other stuff I'm doing. Tuesday I'm installing a new server rack, two new UPSes and extra batteries, and then sorting out our clients existing servers. In the meantime, my company will be building and configuring a new server farm for the client... plus we're understaffed, so I'm also working on things like users who lost their files, adding email boxes, fixing printers... the bitch work of IT. But, on the bright side, my college buddy is starting there next week, so I'll be able to get back to mapping the network, and then going to other clients to put out their fires.

Thanks /diy/!

>>

Mr. X Sat Aug 31 12:19:10 2013 No.517729 [DELETED]

[DELETED]

>>517691
Glad to hear that everything is working out for you. You're turning that turd into something nice.

If youre doing pen testing with Backtrack 5, look into Kali Linux. It's pretty much a spinoff of BT, but its polished. I think they might even have a Raspberry Pi version, which is ARM

>>

Anonymous Sat Aug 31 12:50:39 2013 No.517742

>>517691
Glad to hear that everything is working out for you. You're turning that turd into something nice.

If youre doing pen testing with Backtrack 5, look into Kali Linux. It's pretty much a spinoff of BT, but its polished. I think they might even have a Raspberry Pi version, which is ARM

>>

Anonymous Sat Aug 31 13:09:10 2013 No.517757

>>517497

generally speaking Android rooting requires a means to drop a binary for su onto the device so you can use it to elevate privileges.

What stops you is the write protection on the /system partition in the flash. Exploits work by finding a privilege escalation in the kernel to get that write access.

You may not need a kernel exploit to drop su. What does your fastboot menu look like?

>>	Anonymous Sat Aug 31 17:54:39 2013 No.517897 >>517757 > What does your fastboot menu look like? Well, this thing can't plug into a computer, so I've no idea how to find that. :(

>>	Anonymous Sat Aug 31 19:06:10 2013 No.517938 >>517897 You know how to solder? All the SOCs I've seen had a USB or 2 in them, maybe yours is jut not soldered.

>>	Anonymous Sat Aug 31 19:26:40 2013 No.517942 Most cheapo android laptops either use an Allwinner a10 or a VIA wm805 or wm505

>>

secureanon Sun Sep 1 09:51:37 2013 No.518190
File: 361 KB, 1536x2048, IMG_20130901_094307.jpg [View same] [iqdb] [saucenao] [google]

>>517938
>>517942
I opened this little panel on the back (no time to really open the whole thing today) and right away I see what looks like some sort of interface, maybe for when the factory loaded their firmware and bloatware...

Does anything in there look useful? USB? JTAG? Anything like that?

>You know how to solder?
Yep, so that's a possible avenue of attack.

Still would have to know things like which binaries to replace, what partitions should be remounts as rw, etc.