Android applications. Samsung i9000 series (4). How superoneclick obtains root permissions

Android applications. Samsung i9000 series (4). How superoneclick obtains root permissions

 

Papaya 20110408

 

I. Preface

After self-testing and analysis, the author concludes that the root permission is the most intuitive for Android phones.
The most effective method is the superoneclick method!
It has nothing to do with what jpe, jpd, jp8, and so on of the i9000 baseband version.
It has nothing to do with i9000android 2.0, 2.1, 2.2, and so on.
It has nothing to do with specific Android phones.
Whether you are from Samsung, Moto, or HTC ......

What is it about? I understand it as the Linux kernel version! Of course, ordinary users do not have to worry about it!
In subsequent articles, we will discuss the underlying concept of cracking root, which is beyond the understanding of common users.

Here, I just want to introduce the simple principle of superoneclick getting root permissions!

Ii. Tips

For more information about how to obtain root permissions, see
Android app. Samsung i9000 series (3). You do not need to brush your machine to easily obtain root permissions.
This article: http://blog.csdn.net/liwei_cmg/category/241839.aspx

Iii. Principles

We already know the concept of ADB (Android debug Bridge), whether it's moto or Samsung.
Android phone connected to the computer via USB, installed driver, Android will be seen in the Device Manager
Such as composite ADB interface. Superoneclick is the called ADB interface.
Similarly, mobile assistant 91 also uses ADB.

For more information about how to connect Android mobile phones to a computer using USB, see:
Android Application. Samsung i9000 series (1). Version selection and USB connection


Iv. Basic Steps for superoneclick to extract root permissions

F: All files in the/own/phone/Samsung/tools/superoneclick directory

2010/10/16 577,335 adb.exe
2010/10/18 339,885 adblinux
2010/10/18 171,656 adbmac
2010/10/16 96,256 adbwinapi. dll
2010/10/16 60,928 adbwinusbapi. dll
2010/10/16 1,062,992 busybox
2010/10/16 5,392 rageagainstthecage // Step 1
2010/10/16 24,120 sqlite3
2010/10/16 26,264 su // Step 2
2010/11/04 379,392 superoneclick.exe
2010/10/16 196,521 superuser.apk // step 3


After connecting to the computer, run superoneclick.exe on the computer.
On the page, click the root button to start the automatic extraction of root permissions!

The procedure is as follows:

Step 1: store the rageagainstthecage file in the mobile phone/data/local/tmp and execute
--------------------------------------------------------------------------------

1) put the file under/data/local/tmp, and other directories cannot be executed. The command is as follows:
F:/own/phone/Samsung/tools/superoneclick> ADB push rageagainstthecage/data/local/tmp

2) use ADB shell to modify the rageagainstthecage File Permissions
F:/own/phone/Samsung/tools/superoneclick> ADB Shell
$ CD/data/local/tmp
CD/data/local/tmp
$ Chmod 777 rageagainstthecage

3) Run rageagainstthecage using the ADB shell.
$./Rageagainstthecage

[*] CVE-2010-EASY Android Local Root Exploit (c) 2010 by 743c

[*] Checking nproc limit...
[+] Rlimit_nproc ={ 2410,241 0}
[*] Searching for ADB...
[+] Found ADB as PID 19374
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money
7-4-3-C@web.de so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] We also accept donations> 1000 USD!
[*]
[*] ADB connection will be reset. Restart ADB server on desktop and re-login.
$

Exit shell and use ADB shell again. The prompt is #, which is already in the computer shell.
The root permission is obtained. If it is not #, repeat (./rageagainstthecage ),
Until prompt #.

F:/own/phone/Samsung/tools/superoneclick> ADB Shell
#

Step 2: Change/system to read/write, and copy Su to/system/bin/
--------------------------------------------------------------------------------

1) If Step 1 appears successfully at the # prompt, modify/System
# Mount-O remount RW/System
#

2) open a command line window and copy Su to/system/bin.
F:/own/phone/Samsung/tools/superoneclick> ADB push SU/system/bin

The su file function is to implement the permission switching between normal users and root Super Users!


Step 3: copy the authorized Android software package (superuser.apk) to your mobile phone and install
--------------------------------------------------------------------------------

This process is very simple. I will not go into details, that is, ADB push and ADB install. Authorization management
Is to manage which programs can use Su. This means to manage the use of super user permissions.


Step 4: restart your mobile phone
--------------------------------------------------------------------------------

In fact, it is just a restart test.

 

V. Summary

In the process of extracting root permissions, there are only two important files:

Rageagainstthecage
Su

Rageagainstthecage is responsible for directly cracking and obtaining root permissions before you can modify/system /.
If Su is only placed in the/data/local/tmp directory, it does not have the permission to run it.

$ LS-l Su
Ls-l Su
-Rwxrwxrwx shell 26264 Su
$./Su
./Su
Permission denied
$

Therefore, put Su in the/system/bin directory. For future mobile apps!
The running principle of rageagainstthecage and Su is not a problem discussed in this article.