Root Android principle. Based on (zergrush)

From:

Http://bbs.gfan.com/android-2996211-1-1.html

If you need root users, please download them at the address above.

 

A. Control the mobile phone to create a temporary folder, write the zergrush script to this folder, and modify the permission of this file to make it executable (this step does not require the root permission );

1. ADB shell Rm-r/data/local/tmp
2. ADB shell mkdir/data/local/tmp
3. ADB push. \ zergrush/data/local/tmp
4. ADB shell chmod 755/data/local/tmp/zergrush

Copy code

B. Control the mobile phone and run the zergrush script on the mobile phone (this step does not require the root permission );

1. ADB shell/data/local/tmp/zergrush

Copy code

C. when the zergrush script is running, it will "Uninstall the SD card" (the mobile phone will prompt "SD card can be safely removed") and find a breakthrough to obtain temporary root permissions, then it will automatically disconnect and re-Connect "USB debugging" (now the temporary root permission has been obtained );



D. after USB debugging and re-connection of the mobile phone, control the mobile phone "remount" so that the/system partition of the mobile phone can be mounted as Writable, so that we can modify the system file in the mobile phone.

1. ADB wait-for-Device
2. ADB remount

Copy code

E. write the files necessary to obtain permanent root permissions to the/system partition of the mobile phone and integrate them into the system (the mobile phone is completely root, but there is no permission management interface, therefore, the root function cannot be used normally );

1. ADB push. \ SU/system/bin
2. ADB push. \ SU/system/xbin
3. ADB shell chmod 4755/system/bin/su
4. ADB shell chmod 4755/system/xbin/su

Copy code

Note: At this time, the mobile phone is completely root. If You Want To Perform Batch Processing for Automatic Cleaning of system programs, you can add code after this.

F. set the default installation location to "mobile phone memory" (the red text in the following code), and then clean up and install the superuser permission management program (the mobile phone is already completely root and has the permission management interface, can be used normally );

1. ADB uninstall com. noshufou. Android. Su
2. ADB uninstall com. noshufou. Android. Su. Elite
3. ADB shell PM setinstalllocation 0
4. ADB install. \ superuser.apk
5. ADB install. \ superuserelite.apk

Copy code

G. Clear and install the rootexplorer (this program is mainly used to test whether the root program is successful after a restart );

1. ADB uninstall com. speedsoftware. rootexplorer
2. ADB install. \ rootexplorer.apk

Copy code

H. Delete the Temporary Folder (which cannot be used) that is passed into the zergrush script at the beginning to save space;

1. ADB shell Rm-r/data/local/tmp

Copy code

I. restart the mobile phone. the purpose of the restart is to test whether the root permission is normal after the restart, the second is to re-mount the SD card to the mobile phone. (because Step C zergrush uninstalls the SD card and exploits the vulnerability, the SD card cannot be mounted. You can only restart the mobile phone to re-mount it );

1. ADB reboot

Copy code

J. A successful page is displayed. All operations have been completed.