Another root method, Android boot.img hack

First, the principle of cracking

The Android phone gets root, in fact, to get/system and/data partition access to read and write. The permissions of the two partitions are configured, typically in the root partition's init.rc file, to modify this file to permanently gain root privileges.

As we all know, the majority of the market Android mobile phone file system has three partitions, respectively, is/,/system,/data. The root partition (/) is packaged as ramdisk.img and then packaged with kernel zimage as boot.img. BOOT.IMG exists as raw data in Emmc/nand and cannot be read or written except using the burn-write tool. Because of this, the root partition (/) is loaded from memory to ram each time it is powered on, so the root partition (/) is hard to crack without the machine.

How to crack it? We recommend the method is: To obtain boot.img, decompression boot.img get ramdisk.img, and then by Ramdisk.img decompression to get the root directory (/), modify the Init.rc file, then packaging, and finally get the new boot.img. Finally, use the burn write tool to write boot.img to the phone.

Note: Now mobile phone manufacturers have to provide upgrade packages, access to boot.img and scatter file is not a difficult thing. In addition, all MTK mobile phone manufacturers are using flash tools tools. This method has a high real-combat nature.

Second, the necessary tools

1. Linux runtime Environment. All the hack operations are done under Linux.

2. split_bootimg.pl. This tool is used to decompose boot.img

3. Mkbootfs. Used to generate BOOTFS.

4. Minigzip. Lightweight zip compression tool.

5. Mkimage. Used to generate tools with an Identity header (512 bytes), some manufacturers do not use the tool, such as Qualcomm.

6. Mkbootimg. The tool used to generate boot.img.

Third, the crack step

1. Get boot.img.

2. Execute the $./SPLIT_BOOTIMG.PLBOOT.IMG, boot.img decompression to Zimage and Ramdisk.img, the name is Boot.img-kernel, boot.img-ramdisk.gz. Please remember the board name here, which needs to be used when packing.

3. Execute $DD if=boot.img-ramdisk.gz skip=1 bs=512of=ramdisk.gz, which obtains uramdisk mirroring from RAMDisk.

4. $mkdir root, $cd root, $gzip-dc. /*-ramdisk.gz| Cpio–i, these three commands eventually extract ramdisk.img.gz to the root directory.

5. Modify the permissions of the/system,/data partition under the root directory. Permission cracking is at this step.

6. $./mkbootfsroot |./minigzip >new_ramdisk.img

7. $./mkimage new_ramdisk.img rootfs>u_new_ramdisk.img

8. $./mkbootimg--kernel boot.img-kernel--ramdisku_new_ramdisk.img--board [board Name]--output new_boot.img. Note Board name see 2nd step description.

9. Burn and write boot.img to the phone.

Ten. ok!

Another root method, Android boot.img hack