Active Topics

 


Reply
Thread Tools
Posts: 37 | Thanked: 68 times | Joined on Jun 2015 @ Munich, Germany
#1
First off: I'm new to rooting. Anyway, I tried some things.

The first thing I tried was to manually install SuperSU to /opt/alien. Everything was in place but the su binary didn't escalate privileges. After some looking I saw that there's a background process needed. Without said process you can't define rights and everything is denied by default. Ofc. the process needs to be started as root (and the methods it delivers with seems to work on real android only) - a catch 22.

So I thought about different methods. And I found one, right on the phone!

There's /opt/alien/system/bin/sh - Nothing special, just a shell you might think? Well, then open an android terminal and type in:
Code:
/opt/alien/system/bin/sh
Looks just like before? Good, that's expected but remember the shell prompt or, even better, remeber the output from
Code:
whoami
It should say something along the lines "Unknown user, bla".

Okay, now open a SfOS terminal and type:
Code:
devel-su
cd /opt/alien/system/bin
cp sh su
chmod 06755 su
then go back to the android terminal and type
Code:
/opt/alien/system/bin/su
You see the different prompt? Now look what surprise
Code:
whoami
gives you. Yes, you see right, you're root! But wait, how?
We simply copied the binary sh to su - It's the exact same file! That means the damn "shell" behaves as a root shell when called su!

So it is (easily) possible to get root rights under android, why does every root checker tell the device isn't rooted then?
Well, I guess this is because this "new" su executable doesn't understand any parameters but android apps (like root checkers) tend to try to execute "su -c something" which fails (su returns error code 1, checking app gets the error code and interprets it as: No root).

Okay, but now that we have at least manual root, shouldn't it be pretty simple to install, say, SuperSU?
The answer to that is: No. It was possible to install SuperSU before that, the problem is still the (early boot) daemon that has to be started somehow (as root - at every reboot).


Anyway, it looks like we're pretty close to a functional su on the phone (any maybe the very same solution works for the tablet, too?). Now let's brainstorm what to do next.

//EDIT: It isn't the name that makes sh to su but the file rights! Now my sh is root only... Does anyone have the original rights of that file at hand?

//EDIT²: Fixed. Copy mksh (not sh) to su and work with that, else you're just working with symlinks (meaning you change mksh). Also I tried working on some kind of chained su: A shellscript as su "binary" handling over to copied mksh to get real su which in turn handles over to another shellscript to finally execute as root. Hackish, complicated but doesn't look that bad on a first try:


//EDIT³: I managed to get in a state where half of the root checker apps tell the device is rooted:


If I find the time I'll document what I did (it's still the staged su but now it tries to handle corner cases + file permissions of alien dalvik have been adjusted (basically chmod -R a+r /opt/alien/data)).

Last edited by V10lator; 2016-11-01 at 14:26.
 

The Following 9 Users Say Thank You to V10lator For This Useful Post:
Reply


 
Forum Jump


All times are GMT. The time now is 11:58.