The original blog: http://hubingforever.blog.163.com/blog/static/171040579201372915716149/
Create a directory under system \ extras (for example, Android4.0 \ system \ extras) of Android source code, such as su_robin directory
The su_robin directory contains three files: Su. h file#ifndef SU_h #define SU_h 1#ifdef LOG_TAG#undef LOG_TAG#endif#define LOG_TAG "robin"#define REQUESTOR "com.noshufou.android.su"#define REQUESTOR_DATA_PATH "/data/data/" REQUESTOR#define REQUESTOR_CACHE_PATH "/dev/" REQUESTOR#define REQUESTOR_DATABASES_PATH REQUESTOR_DATA_PATH "/databases"#define REQUESTOR_DATABASE_PATH REQUESTOR_DATABASES_PATH "/permissions.sqlite"/* intent actions */#define ACTION_REQUEST REQUESTOR ".REQUEST"#define ACTION_RESULT REQUESTOR ".RESULT"#define DEFAULT_SHELL "/system/bin/sh"#ifdef SU_LEGACY_BUILD#define VERSION_EXTRA"l"#else#define VERSION_EXTRA""#endif#define VERSION "3.1.1" VERSION_EXTRA#define VERSION_CODE 17#define DATABASE_VERSION 6#define PROTO_VERSION 0struct su_initiator { pid_t pid; unsigned uid; char bin[PATH_MAX]; char args[4096];};struct su_request { unsigned uid; int login; int keepenv; char *shell; char *command; char **argv; int argc; int optind;};struct su_context { struct su_initiator from; struct su_request to; mode_t umask;};enum { DB_INTERACTIVE, DB_DENY, DB_ALLOW};#endifNote that many things here are redundant.
Su. c file
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include "su.h"int main(int argc, char *argv[]){ LOGI("hello !robin-su begin %d !",getuid()); printf("hello !robin-su begin"); int uid=0; int gid=0;if(setgid(gid) || setuid(uid)) {LOGI("robin su: permission denied\n");fprintf(stderr,"su: permission denied\n");return 1;} char command[1024]; LOGI("hello !robin-su end %d !",getuid()); printf("hello !robin-su end"); /* Default exec shell. */ execlp("/system/bin/sh", "sh", NULL); fprintf(stderr, "su: exec failed\n"); return 1;}
Android. mk File
LOCAL_PATH := $(call my-dir)include $(CLEAR_VARS)LOCAL_MODULE := surLOCAL_SRC_FILES := su.cLOCAL_STATIC_LIBRARIES := \ liblog \ libc \LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)LOCAL_MODULE_TAGS := eng debugLOCAL_FORCE_STATIC_EXECUTABLE := trueinclude $(BUILD_EXECUTABLE)Compile the Android source code to generate the rom. If you do not know how to compile the Android source code, please refer to the pull push command to push it to the system \ xbin directory on your mobile phone, switch to the root user by executing the system's original su, and execute the chmod 6777 sur command on the sur file on the opponent's machine. Change the file attribute to rwsrwsrwx, as shown in the following figure, rwsrwsrwx root 58960 sur. Then, you can switch to the root user by executing the sur that was originally carried by the system. For details about the chmod 6777 sur command, refer to the basic chmod command and refer 《 chmod command advanced (SetUID and SetGID) for more information about setuid, see use of setuid () and setgid!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
