There are many tutorials on how to obtain the android root permission. To help you better understand the root mystery, Ling Kefeng provides this article for you and hopes to help you.
Android applicationsProgramThe entry must be a Java program. The application initiator is a temporary user created by the system based on the permissions defined in androidmanifest. xml. Unlike Linux, the process is started as a login, so that the process has all permissions of the login. This is also one of the security mechanisms of Android.
The new permission mechanism also brings about new problems. Android assigns permissions to applications based on functions, although Java can access the file system. However, because the application itself is started by a temporary user, this temporary user has limited permissions. Therefore, the product <jailbreak/root machine> was born.
In fact, the root machine does not really allow your application to have root permissions. It works like sudo commands in Linux. Place a su program in the bin directory of the system, and the owner is root with SUID permission. All commands executed through su have the android root permission.
Su'sSource codeThere are also online users. If you are interested, go to Google.
Of course, it is not easy to use the temporary user permission to copy the/system/bin directory of Su and change the attributes. Here two tools and two commands are used. The tool is busybox. Unfamiliar users can go to Google. This is too famous for me.
Copy the busybox to a directory that you have access to and grant it 4755 permissions. You can use it to do a lot of things.
Of course, busybox can only not improve permissions. The program ratc is the one that can be found in the key root package in the program. The function of rooting is in the shell of ADB.
Introduction to ratc onlineArticleNot many. It is the abbreviation of rage against the cage. It is a real cracking program for elevation of permissions. Although I have not read the sourceCodeHowever, it is estimated that the source code of ADB is used. The principle is estimated to be similar to that of the simulator. (Because it runs successfully only after ADB connection ).
Run ratc before using busybox, so that the UID for running busybox will be 0, that is, Root.
First, change the system directory to readable: busybox Mount-O remount, RW/system,
Of course, you cannot change the file below, because the file owner in system is not you.
However, you can steal the bar chart and replace the directory in the system.
Run the command busybox Mount-T tmpfs NONE/system/xbin.
Run Su and busybox to get CP/data/XXX/SU/system/xbin. Then grant the CHMOD 4755/system/xbin/su permission.
Then make the directory effective busybox -- install-S/system/xbin,
Do not forget to deal with busybox Mount-O remount. ro/system removes the system writable.
This is only temporary. Only Su and busybox can be used to execute commands that the original system has no permission to execute. After the system is restarted,/system/xbin becomes the original file. If you really want to change the system, you need to write your own kernel code (equivalent to a Windows Driver ). The kernel file has all permissions. Run the busybox command insmod/data/XXX/xxx. Ko to load the Kernel File.
Of course, we do not need to modify other people's machines for cracking. We just want to give our applications root permissions. So temporary Su is enough. We use C ++ to write an executable file. Use SOCKET to communicate with Java programs. Then, place the code that requires the root permission to be executed in the C ++ program, create a new su process in the Java program, and take the C ++ program with the full path as parameter 1. After startup, you can call the C ++ function through socket to execute what you want.
After the program is executed, do not forget to take care of busybox umount/system/xbin.
Finally, let's talk about the important things. If the machine already has the android root permission, you don't need to do these things. However, all the machines that have the root permission have a permission management program. A dialog box is displayed. However, this program has limited management capabilities. If you don't want it to pop up. You can change the su file name. If you are interested, try it.
From: http://android.linkphone.cn/play/201106/2748.html