2. Index
In this workshop,we shall focus on the
following topics:-
•What is rooting ?
•Why root ?
•Terms like bootloader, kernel, root,
unroot, superuser etc.
•What cool things to do with a rooted
phone.
3. What is Rooting?
Rooting is the process by
which you gain administrative
access to your phone. Even
though Android is an open
source operating system, you
still don’t have full “root
access” to do what you please
on your phone
Gaining root access on OSX(unfortunately,things aren’t as
simple on android as we are not given administrative priveliges
on our android devices
4. This is usually how you can see if an
android phone is rooted – the
SuperUser app
6. In a few minutes,you’ll be
The next slides have been re-rendered in
Helvetica to comply with iOS 7 design
principles
(and to show you how much of a bad
idea it can be!!)
Expectation Reality
9. Rooting : technical overview
In Linux, the “root” user has all rights. “root” can read, write and execute any file in any
directory. All other user's permissions can also be edited by “root”.
On an Android phone, each app runs as a separate user. eg. The app “Calendar” may be running
as user “cal_01”. None of the apps can become root, and thus cannot have complete access to
all filesystems.
The “rooting” process is by which we somehow gain access to the “root” user of an Android
device. Once a device is successfully “rooted” any app can be given “root” permissions. Thus
any app can now run as the root user and access all data on the phone and change anything it
wants to.
10. The Android OS is designed to by default not allow any application run with
root priviledge. So essentially “rooting” is way of hacking into the Android
system.
Just like any other hacks, rooting also works by “exploiting” a
“vulnerability”. Various phones have different ways to root them, precisely
because of this. Different phones have different vulnerabilities that have
been exploited to gain root access.
11.
12. Bootloader Unlockable Phones :
No more exploits needed
The advent of the “NEXUS” brand by Google has brought forward a new breed of
devices – the bootloader unlockable phones. In India most phones sold today have
an unlockable bootloader. Phones sold in USA/Europe which are under carrier
contracts are often NOT bootloader unlockable. These phones continue to need
to be rooted in the traditional way.
Many Samsung phones do not have locked bootloader. Others like HTC and Sony
allow users to unlock bootloaders. A phone with an unlocked bootloader can have
a “prerooted” system image installed, thus completely doing away with the need to
find vulnerabilities and exploit them.
13. WHY ROOT?
There are several benefits to rooting.Some are as follows:-
1.Improved performance: You can speed up your Android device by
relocating your phone’s cache, thus allowing you to save phone memory
and have a faster phone.
2.Altering system files:You can replace many parts of the “Android
core.” Doing so, you can add new themes, edit the core apps,binaries etc.
3.More application choices:You will be able to install apps that are only
compatible with rooted phones .eg over clocking apps,tethering etc.
14. WHY ROOT?(Contd.)
4.Latest Android OS (operating system):With many
manufacturers(<cough,cough> Huawei,Sony Ericsson etc.)
holding back the updates to the latest Android operating system,
rooting your device will give you the option to install any current
and future OS’s by installing custom-tailored ROMs.Also,you can
try ROMs with many useful features
15. What you won’t get from rooting.. • Free apps-You really don’t need to root to get
free apps. In fact,we’d suggest you’re better
off buying apps(One of the reasons
developers release more games on iOS is
because of the high rates of piracy in the
android ecosystem.THAT’S WHY WE’LL
never get Infinity Blade.Geez,thank you
douchebags!!
• A perfect phone-We mean,you’ll get really
close. There really isn’t a phone with a ROM
that gives you the best battery life,the best
camera app,most stable, and the best
performance. Usually,it’ll be a compromise. In
fact,if such a combination
existed,EVERYONE would buy it,wouldn’t
it?
We’re never gonna get this
16. Bad things that may happen
• Soft brick-Implies that the phone is stuck
on the manufacturer’s “splash screen”.
Usually caused if the ROM isn’t
downloaded/signed properly. Always
check the md5chekcsum and DO
NOT RE-ZIP ROM files
• Bootloops-Usually caused by errors while
flashing. eg not flashing correct boot.img
All of these problems can easily by flashing a
new ROM as soon as you notice/restoring
stock firmware
17. Bad things(Contd..)
•Hard brick-Usually caused by human
stupidity and/or drunkedness at time of
flashing. Stupid things like flashing another
phone’s radios(especially if a different
manufacturer’s-how do you do that?Jokes
apart,this can be a real problem if your
manufacturer uses similar names for multiple
devices(<cough,cough,Samsung galaxy s4
active,plus,exynos,snapdragon,zoom,HTC
One X,One XL,Sensation XE,XL,Sony Xperia
Z,ZL.
How to fix this?Well,you can’t. Sorry. Just be
careful next time. Or just buy a Nexus
19. What is the bootloader ?
In literal terms, the bootloader is code that is executed before any
Operating System starts to run. Bootloaders basically package the
instructions to boot operating system kernel and most of them also have
their own debugging or modification environment. Think of the bootloader
as a security checkpoint for all those partitions. Because if you’re able to
swap out what’s on those partitions, you’re able to break things if you
don’t know what you’re doing.
20. Bootloader : Locked
• The bootloader will verify the signature of system image before booting
• The bootloader only allows system images signed by the OEM to boot
• Only allowing signed images stops bad things from happening. Thus locked bootloader keeps
your phone safe and secure
• Your phone stays under warranty
• You cannot run modified kernels/OS or modify the files in your system partition
21. Bootloader : Unlocked
• Bootloader performs no signature verification on system images
• Bootloader will allow any kernel or system to boot
• Since bootloader performs no verification, a wrong kernel/OS can get booted which can
brick your phone
• In most cases, warranty is void
• You can run a modified linux kernel or a modified Android OS on your phone. You can even
run a non-Android OS on your phone (Ubuntu Touch, Sailfish OS, Firefox OS)
28. Rooting via Bootloader unlock
If the bootloader can be unlocked, then rooting is a much simpler matter.
1. Unlock the bootloader of the device
2. Get a system image (either by dumping the devices system partition or
procuring it from the OEM)
3. Inject the “su” binary and “busybox” binary into the system image. (Make
other necessary changes that may be required)
4. Flash this modified system image
30. Which phone do you have ? Sure ?
Really sure ?
Countless phones have been bricked by performing a
root method meant to work on some other phone.
For eg. If you own a Galaxy S2, find out if you are using
i9100 or i9100g. That little “g” can make a difference
between you having a working phone or a Rs. 30,000
paperweight.
Best place to find out phone model number is :
Settings > About Phone > Model Number
31. Get rooting guides from trusted
sites
androidcentral.com/root
collection of rooting guides
xda-developers.com
largest forum for Android customization
google.com/search?q=root+htc+desire
search on google (you know that right ?)
32. Scienc-ey stuff
Here, we’ll go through a little bit of technical stuff
•Bootloader- In literal terms, the bootloader is code that is executed before any Operating
System starts to run. Bootloaders basically package the instructions to boot operating system
kernel and most of them also have their own debugging or modification environment. Think of the
bootloader as a security checkpoint for all those partitions. Because if you’re able to swap out
what’s on those partitions, you’re able to break things if you don’t know what you’re doing.
•Kernel-When software needs the hardware to do anything, it sends a request to the kernel. And
when we say anything, we mean anything. From the brightness of the screen, to the volume level,
to initiating a call through the radio, even what's drawn on the display is ultimately controlled by
the kernel.
33. Science-ey stuff
•Baseband-Baseband is the Radio or Modem version depending upon the Phone Model,
Carrier and Android Software Stack version. The Radio/Modem file is flashed via
Recovery tool (other options are ADB/ODIN). The mismatched Radio/Modem and ROM
will lead to things not working. You need to find the matching Radio/Modem for the
particular ROM you are running.The radio firmware controls basic low-level functions
like network connectivity, Wi-Fi, and GPS.
•CWM-ClockworkMod, abbreviated as CWM, is a popular custom recovery for Android
phones and tablets developed by Koushik Dutta (Koush), a well-known name in the
Android dev community. ClockworkMod recovery allows you to perform several
advanced recovery, restoration, installation and maintenance operations on your
Android device