Android system access to the principle of root authority detailed

Source: Internet
Author: User
Tags root access

Android Root access cracking analysis

Many friends of the new Android machine has not cracked the root permissions, can not use some high privileges of the software, as well as a number of highly privileged operations, in fact, crack the root of the mobile phone is relatively simple and safe, the principle of cracking root authority is in the phone/system/bin/or/ system/xbin/directory to place an executable "su", which is a binary file, equivalent to a computer EXE file, only in the system placed this "su" file is not to the phone's software or hardware caused any failure.

The following code is part of the code in the original SU of the Android system, and it can be seen that only the processes that allow Getuid () for aid_root and Aid_shell can log in using Su.

<span style= "FONT-SIZE:18PX;" ><strong>/* Until We have something better, only root and the shell can be use SU. * *
myUID = Getuid ();  
if (myuid!= aid_root && myuid!= aid_shell) {  
fprintf (stderr, "su:uid%d not allowed to su\n", myuid);  
return 1;  
} </strong></span>

Face in Superuser this Android program Su no longer has the above part, so any process can use Su to log in, some of the Android program to use root permissions may be used similar to (this is also a part of the Superuser code):

01.Process Process = Runtime.getruntime (). EXEC ("su");  
02.DataOutputStream OS = new DataOutputStream (Process.getoutputstream ());
03.os.writebytes ("mount-oremount,rw/dev/block/mtdblock3/system\n");
04.os.writebytes ("BusyBox cp/data/data/com.koushikdutta.superuser/su/system/bin/su\n");
05.os.writebytes ("BusyBox chown 0:0/system/bin/su\n");
06.os.writebytes ("chmod 4755/system/bin/su\n");
07.os.writebytes ("exit\n");

This is part of the code in the Superuser and Android apps mentioned above:

if (Setgid (GID) | | setuid (UID)) {  
fprintf (stderr, su:permission denied\n);  
return 1;  
}

It looks like this is the place for permission switching. For ordinary users to be able to use the SU,SU permission if so:

-rwsr-xr-x. 1 root root 34904 November 3 2010/bin/su

This is the same as the computer version of SU.

From the above analysis can be considered to crack the root of Android is the essence: in the system to add a user can be used to log the SU command. Of course, this first has to get root permission to do. A rageagainstthecage in a program that z4root Android's root permissions for Android may be a program that manages to get root privileges.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.