Android Rooting
Root access is sometimes compared to jailbreaking devices running the Apple iOS operating system. However, these are different concepts. In the tightly-controlled iOS world, technical restrictions prevent (1) installing or booting into a modified or entirely new operating system (a “locked bootloader” prevents this), (2) sideloading unsigned applications onto the device, and (3) user-installed apps from having root privileges (and are run in a secure sandboxed environment). Bypassing all these restrictions together constitute the expansive term “jailbreaking” of Apple devices. That is, jailbreaking entails overcoming several types of iOS security features simultaneously.
By contrast, only a minority of Android devices lock their bootloaders—and many vendors such as HTC, Sony and Google explicitly provide the ability to unlock devices, and even replace the operating system entirely. Similarly, the ability to sideload apps is typically permissible on Android devices without root permissions. Thus, primarily the third aspect of iOS jailbreaking, relating to superuser privileges, correlates to Android rooting.
Description:
Rooting lets all user-installed applications run privileged commands typically unavailable to the devices in the stock configuration. Rooting is required for more advanced and potentially dangerous operations including modifying or deleting system files, removing carrier- or manufacturer-installed applications, and low-level access to the hardware itself (rebooting, controlling status lights, or recalibrating touch inputs.) A typical rooting installation also installs the Superuser application, which supervises applications that are granted root or superuser rights.A secondary operation, unlocking the device’s bootloader verification, is required to remove or replace the installed operating system.
In contrast to iOS jailbreaking, rooting is not needed to run applications distributed outside of the Google Play Store, sometimes called sideloading. The Android OS supports this feature natively in two ways: through the “Unknown sources” option in the Settings menu and through the Android Debug Bridge. However some carriers, like AT&T, prevent the installation of applications not on the Store in firmware,although several devices (including the Samsung Infuse 4G) are not subject to this rule,and AT&T has since lifted the restriction on several older devices.
As of 2012 the Amazon Kindle Fire defaults to the Amazon Appstore instead of Google Play, though like most other Android devices, Kindle Fire allows sideloading of applications from unknown sources,and the “easy installer” application on the Amazon Appstore makes this easy. Other vendors of Android devices may look to other sources in the future. Access to alternate apps may require rooting but rooting is not always necessary.
Rooting an Android phone lets the owner modify or delete the system files, which in turn lets them perform various tweaks and use apps that require root access.
Process:
The process of rooting varies widely by device, but usually includes exploiting a security bug(s) in the firmware (i.e. in Android) of the device, and then copying the su binary to a location in the current process’s PATH (e.g./system/xbin/su) and granting it
executable permissions with the chmod command. A supervisor application
like SuperUser or SuperSU can regulate and log elevated permission
requests from other applications. Many guides, tutorials, and automatic
processes exist for popular Android devices facilitating a fast and easy
rooting process.For example, shortly after the HTC Dream was released, it was quickly discovered that anything typed using the keyboard was being interpreted as a command in a privileged (root) shell. Although Google quickly released a patch to fix this, a signed image of the old firmware leaked, which gave users the ability to downgrade and use the original exploit to gain root access. Once an exploit is discovered, a custom recovery image that skips the digital signature check of a firmware update package can be flashed. In turn, using the custom recovery, a modified firmware update can be installed that typically includes the utilities (for example the Superuser app) needed to run apps as root.
The Google-branded Android phones, the Nexus One, Nexus S, Galaxy Nexus and Nexus 4, as well as their tablet counterparts, the Nexus 7 and Nexus 10, can be boot-loader unlocked by simply connecting the device to a computer while in boot-loader mode and running the Fastboot program with the command “fastboot oem unlock”. After accepting a warning, the boot-loader is unlocked, so a new system image can be written directly to flash without the need for an exploit.
Recently, Motorola, LG Electronics and HTC added security features to their devices at the hardware level in an attempt to prevent users from rooting retail Android devices.For instance, the Motorola Droid X has a security boot-loader that puts the phone in “recovery mode” if a user loads unsigned firmware onto the device, and the Samsung Galaxy S II displays a yellow triangle indicator if the device firmware has been modified.
Glossary of Rooting Terms
As you
learn more about the rooting process, you’ll probably run into a bunch
of terms that can be confusing. Here are some of the most important ones
and what they mean.
Rooting Terms
- Root: Rooting means you have root access to your device—that is, it can run the
sudocommand, and has enhanced privileges allowing it to run apps like Wireless Tether or SetCPU. You can root either by installing the Superuser application—which many of the below root processes include—or by flashing a custom ROM that has root access included. - ROM: A ROM is a modified version of Android. It may contain extra features, a different look, speed enhancements, or even a version of Android that hasn’t been released yet.
- Flash: Flashing essentially means installing something on your device, whether it be a ROM, a kernel, or something else that comes in the form of a ZIP file. Sometimes the rooting process requires flashing ZIP file, sometimes it doesn’t.
- Bootloader: Your bootloader is the lowest level of software on your phone, running all the code that’s necessary to start up your operating system. Most bootloaders come locked, which keeps you from rooting your phone. Unlocking your bootloader doesn’t root your phone directly, but it does allow you to root, then flash custom ROMs if you so desire.
- Recovery: Your recovery is the software on your phone that lets you make backups, flash ROMs, and perform other system-level tasks. The default recoveries can’t do much, but you can flash a custom recovery—like ClockworkMod—after you’ve unlocked your bootloader that will give you much more control over your device. This is often an integral part of the rooting process.
- ADB: ADB stands for Android Debug Bridge, and it’s a command line tool for your computer that can communicate with an Android device you’ve connected to it. It’s part of the Android Software Developers Kit (SDK). Many of the root tools below use ADB, whether you’re typing the commands yourself or not. Unless the instructions call for installing the SDK and running ADB commands, you won’t need to mess with it—you’ll just need to know that it’s what most of the tools use to root your phone.
- S-OFF: HTC phones use a feature called Signature Verification in HBOOT, their bootloader. By default, your phone has S-ON, which means it blocks you from flashing radio images—the code that manages your data, Wi-Fi, and GPS connections. Switching your phone to S-OFF lets you flash new radios. Rooting doesn’t require S-OFF, but many rooting tools will give you S-OFF in addition to root access, which is nice.
- RUU and SBF: ROM Upgrade Utilities (for HTC phones) and System Boot Files (for Motorola phones) are files direct from the manufacturer that change the software on your phone. RUU and SBF files are how the manufacturers deliver your over-the-air upgrades, and modders often post leaked RUU and SBF files for flashing when the updates haven’t been released yet. They’re also handy when downgrading your phone, if a rooting method isn’t available for the newest software version yet. You can flash RUUs right from your HTC phone, but Motorola users will need a Windows program called RSD Lite to flash SBF files.
Rooting Methods
This
section is currently out of date. We’re working on revising it for the
new version of this guide. If you want to root your phone, check out the
XDA Developers forums for tools and guides for your specific device.
The method you use depends on the phone you have. Some rooting tools root multiple phones, and HTC’s official unlocking method
will unlock the bootloader of nearly any HTC phone—which gets you part
of the way toward rooting (you’ll need to look up more information on
how to flash a recovery to your specific device). It’s also worth
mentioning that there can be multiple methods out there. HTC’s official
route isn’t always the easiest method, so if your phone has a one-click
tool available, it’s usually better to use that because it’s quicker,
will give you S-OFF, and won’t leave a digital “watermark” on your phone
that permanently voids your warranty. Lastly, SuperOneClick is a great one-click app that roots a ton
of phones, especially older ones, so do a bit of googling and see if it
works for yours—because it’s just about the easiest root method out
there.
The best way to research your phone, though, would be to check out the All Things Root section of your phone’s forum at Android Forums.
If you find your phone’s subforum and click on All Things Root, there’s
almost always a sticky post with info on rooting methods, ROMs, and
other special troubleshooting tips that could apply to your specific
phone. Looking up your phone on the XDA Developers forums is always a great idea too, and the CyanogenMod Wiki
often has lots of information on rooting and flashing ROMs as well
(even if you aren’t flashing CyanogenMod). With a bit of research, you
should be able to find at least one guide that works for your specific
device.
.jpg)
No comments:
Post a Comment