4

I'm trying to get myself into more Android development lately and I have been curious about how rooting is done under the hood. Ideally, I would like to develop something myself that will root a phone, even if it's just one phone for now.

I have rooted all Android phones I have and have a good understanding of how it works and also what to do. I am also very familiar with Linux and most of the concepts behind it. What I have been unable to find is how tools like SuperOneClick or the Galaxy Nexus Toolkit are created and what they do under the hood to give you root access.

What actually needs to be done at the programming level to gain root access? How would I go about making my own application/package to do this? Is this only obtainable through the use of exploits?

dsolimano
  • 8,870
  • 3
  • 48
  • 63
Aaron
  • 10,386
  • 13
  • 37
  • 53

1 Answers1

5

Rooting is essentially illegal privilege elevation. In most other spheres of computing it's considered a criminal massive exploit.

Depending on the make and model, rooting can be anything from flipping a few bytes via the world-read-writeable /dev/exynos-mem, which gives you access to any process's memory to elaborate kernel attacks or going after daemons on the device (e.g., adb).

For example, here is a popular exploit that's used in SuperOneClick. Skimming through it, it's some sort of buffer overflow, possibly on vold but as you can see it's not trivial to understand these exploits, let alone replicate them.

Delyan
  • 8,881
  • 4
  • 37
  • 42