Author Topic: Why rooting Android depends on phone and manufacturer?  (Read 4935 times)

0 Members and 2 Guests are viewing this topic.

Offline spark

  • Serf
  • *
  • Posts: 30
  • Cookies: 3
    • View Profile
Why rooting Android depends on phone and manufacturer?
« on: September 16, 2012, 12:01:16 pm »
Hi everybody
As the title says, Why rooting Android depends on phone and manufacturer?
If we assume that rooting is running an exploit to get root in an unmodified version of android, then having administrative privileges we remount /system as read-write to install the SU binary and superuser.apk package. This seems to be just OS dependent, or am i missing some thing?

Offline puddi

  • Voted Best Avatar
  • VIP
  • Royal Highness
  • *
  • Posts: 662
  • Cookies: -2074
  • Stop being a fag today!Join #puddimasterrace @ IRC
    • View Profile
Re: Why rooting Android depends on phone and manufacturer?
« Reply #1 on: September 16, 2012, 12:08:20 pm »
well ofcrouse it's different for each manufacter. some require bootloader unlocking. take windows for instance, how the hell do you think we root it?

Do you got a cool story you would like to share bro?

The following users thanked this post: puddi

Offline spark

  • Serf
  • *
  • Posts: 30
  • Cookies: 3
    • View Profile
Re: Why rooting Android depends on phone and manufacturer?
« Reply #2 on: September 16, 2012, 12:29:50 pm »
Ok but if we take Samsung for example that ships mostly unlockable, why almost every model have a specific rooting procedure?
Does this mean that the "cryptographic signature verification" implemented on bootloader differs even within samsung models?





"EDIT: spelling mistake"
« Last Edit: September 16, 2012, 12:35:26 pm by spark »

Offline techb

  • Soy Sauce Feeler
  • Global Moderator
  • King
  • *
  • Posts: 2350
  • Cookies: 345
  • Aliens do in fact wear hats.
    • View Profile
    • github
Re: Why rooting Android depends on phone and manufacturer?
« Reply #3 on: September 16, 2012, 12:44:58 pm »
You have to understand everything that happens on a computing device is hardware level. The physical chips used to store bootloaders and store memory are different. The registers on these chips are all set up different, bootloader gets loaded on different registers in RAM along with OS. The procedures to manipulate the registers for unlocking are specific to each chip. Fucking with one register location in one phone will be different on another, so if or when you mess with the wrong location you can corrupt the bootloader or OS and brick your device
>>>import this
-----------------------------

Offline spark

  • Serf
  • *
  • Posts: 30
  • Cookies: 3
    • View Profile
Re: Why rooting Android depends on phone and manufacturer?
« Reply #4 on: September 16, 2012, 12:58:04 pm »
OK
Thank you guys for the quick response



Offline p_2001

  • Royal Highness
  • ****
  • Posts: 684
  • Cookies: -64
    • View Profile
Re: Why rooting Android depends on phone and manufacturer?
« Reply #5 on: September 16, 2012, 01:08:14 pm »
Htc.. Has hardware locked. Nand memory is locked. Well certain partitions...

Samsung.. The problem is the kernel. This kernels are protected.
For Samsung rooting is straight.. Instal new kernel.


Rooting isn't exactly an exploit.. It is just an enhancement.

We used exploits but now it is so mainstream..

Like htc provide an unlock key for a bootloader.
But voids warranty.


All in all rooting is difficult because to escalate privileges you need to somehow instalan application without the os running.

To do that you use a custom recovery and to do that you need to unlock boot loader.

The adb shell in Android sdk gives you root access from the pc. From which you install an a recovery, which in turn installs the su app to give root from phone.

The other way is to instal a custom ROM but that to requires an unlocked bootloader.
"Always have a plan"

Offline spark

  • Serf
  • *
  • Posts: 30
  • Cookies: 3
    • View Profile
Re: Why rooting Android depends on phone and manufacturer?
« Reply #6 on: September 16, 2012, 02:42:06 pm »
The adb shell in Android sdk gives you root access from the pc. From which you install an a recovery, which in turn installs the su app to give root from phone.
If the adb shell is rooted, we can directly install the su app. But by default it is not and we need a work around like the RATC exploit  http://thesnkchrmr.wordpress.com/2011/03/24/rageagainstthecage (know it's too mainstream  but i am just beginning my investigation on rooting  :D )
is that correct?

Offline s3my0n

  • Knight
  • **
  • Posts: 276
  • Cookies: 58
    • View Profile
    • ::1
Re: Why rooting Android depends on phone and manufacturer?
« Reply #7 on: September 16, 2012, 03:13:13 pm »
You can root an android phone without running an exploit by copying busybox and su to android memory through Linux and changing permissions of those files to root.
Easter egg in all *nix systems: E(){ E|E& };E

Offline p_2001

  • Royal Highness
  • ****
  • Posts: 684
  • Cookies: -64
    • View Profile
Re: Why rooting Android depends on phone and manufacturer?
« Reply #8 on: September 16, 2012, 03:20:17 pm »
If the adb shell is rooted, we can directly install the su app. But by default it is not and we need a work around like the RATC exploit  http://thesnkchrmr.wordpress.com/2011/03/24/rageagainstthecage (know it's too mainstream  but i am just beginning my investigation on rooting  :D )
is that correct?

Actually for my htc... I unlocked the boot loader
And used the adb shell..
adb
Su
And it worked!
i don't know about other phones.
but using adb su is called temp root.
"Always have a plan"

Offline spark

  • Serf
  • *
  • Posts: 30
  • Cookies: 3
    • View Profile
Re: Why rooting Android depends on phone and manufacturer?
« Reply #9 on: September 16, 2012, 03:33:08 pm »
You can root an android phone without running an exploit by copying busybox and su to android memory through Linux and changing permissions of those files to root.
You need to be already root to change permissions of other files to root.
And the exploit or whatever the trick is, aims to give you temporary administrative privileges to continue messing around with the system.

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: Why rooting Android depends on phone and manufacturer?
« Reply #10 on: September 16, 2012, 03:47:07 pm »
There are different versions of one phone (mostly), ones with 4G, or only 3G. Some provider has its own overlay. As well as the manufacturer does (htc sense, touchwiz etc.). and providers can set their own locks etc.
~Factionwars

Offline s3my0n

  • Knight
  • **
  • Posts: 276
  • Cookies: 58
    • View Profile
    • ::1
Re: Why rooting Android depends on phone and manufacturer?
« Reply #11 on: September 16, 2012, 04:05:56 pm »
You need to be already root to change permissions of other files to root.
And the exploit or whatever the trick is, aims to give you temporary administrative privileges to continue messing around with the system.

Since you are uploading files from Linux (your PC) to the android phone, the permissions are copied to the android. If you connect the android phone to your Linux PC, then you can change whatever data there is on the android, including the permissions of files etc.
Easter egg in all *nix systems: E(){ E|E& };E

Offline spark

  • Serf
  • *
  • Posts: 30
  • Cookies: 3
    • View Profile
Re: Why rooting Android depends on phone and manufacturer?
« Reply #12 on: September 16, 2012, 05:41:04 pm »
Since you are uploading files from Linux (your PC) to the android phone, the permissions are copied to the android.
No, consider for instance copying file with 4405 permissions (setuid flag on) to the android file system, and you will find that permissions have changed  (no setuid flag)..
Also the destination file is naturally not owned by the same user as the source file.
In fact you need to adjust permissions from a shell instance of your device.


Offline s3my0n

  • Knight
  • **
  • Posts: 276
  • Cookies: 58
    • View Profile
    • ::1
Re: Why rooting Android depends on phone and manufacturer?
« Reply #13 on: September 16, 2012, 07:18:48 pm »
No, consider for instance copying file with 4405 permissions (setuid flag on) to the android file system, and you will find that permissions have changed  (no setuid flag)..
Also the destination file is naturally not owned by the same user as the source file.
In fact you need to adjust permissions from a shell instance of your device.



Well, I have done it this way, so my phone is evidence that this method works.
Easter egg in all *nix systems: E(){ E|E& };E