Hello there,
i just wanted to find out where the precompiled su comes from (busybox or coreutils) and why it is not compiled with busybox since it is part of it. I did look on the net and searched the forum, but i didn't find any information.
Would be nice if someone could answer my questions.
It comes from neither of them. The Android su is different from the standard Unix (busybox, coreutils) su in that it calls superuser.apk to decide if root permission is granted instead of asking for a password.
You find the Android su here: Superuser.apk
Related
Alright so I installed Haykuro's Hero rom the other night. I noticed su worked fine in terminal emulator, but I couldn't tether cause root apps weren't working. Figured I would try adding the Superuser.apk so that apps requiring root would work for me. I couldn't locate instructions on how to go about doing so and had to wing it a bit.
This is what I tried and it seemed to work...kinda.
Extracted su binary and SuperUser.apk from another build (Haykuro's 6.0r1)
adb push su /system/bin
adb push SuperUser.apk /system/app
All the apps that require root are working, but the SuperUser app is not asking for confirmation on new permissions request. So if I am correct in my assumption, su privileges are being granted to any app that makes a request for them.
If someone would care to elaborate on how this is properly done, I would greatly appreciate it.
If I remember correctly from when Haykuro release the Ion this is all that he said to do. i have done this also and it concerns me as the SuperUser app is give you the option to allow access and it is not working. No safe guard for the phone.
Below code is assuming you have already taken/have the su app from another build it can be found in the system/bin.
Code:
adb remount
adb push su /system/bin
adb push su /system/xbin
adb shell chmod 4775 /system/xbin/su
adb shell chmod 4775 /system/bin/su
You may also have to clear all data in the SuperUser.apk if you already have it installed. Do this by going to settings> applications> manage applications > Superuser permissions > clear data. But now my phone is asking for superuser permissions. I found this in another Thread but this is a windows.exe file the above codes would work for those who dont use windows and can't run the .exe file that you download there like myself.
So I was trying to install Busybox on my DROID to use Metamorph and some other root applications. Stericson said I should be able to download via DroidSwap, but that didn't work so I went for the manual installation.
Following these instructions (http://www.novoda.com/blog/?p=3) I was able to successfully install Busybox on my phone. I typed busybox in the terminal and got a list of commands, I typed cp in the terminal and got the Copy syntax.
So I exited the terminal and went to perform something else and going back into the terminal I typed busybox again, except this time I get "busybox: busybox not found" ... I even navigated back to /data/busybox and if I do an ls of that directory the busybox file is in there, but I still get the "not found" when trying to run it.
Any thoughts as to why it would work once and now it doesn't.
Your best bet is probably to install it to /system/bin so it's in your path. Then you don't have to navigate anywhere to run busybox.
Just put the busybox binary into /system/bin and chmod to 755.
hi,guys!
as this title says i found a tool named "rageagainstthecage",but i want to know how dose it work.Can anyone help me ? thanks
try superoneclick
Are you using Linux to grant root access on your Defy?
I rooted mine yestarday and I was a little confused on how to make it, I have same file as you as I read. rageagainstthecage is the exploit that will you grant root privileges. The instructions for linux are here [1]. I replaced 'exploit.bin' with 'rageagainstthecage' or you can use the one provided in that post 'psneuter', the proccess is simple
1. Copy files to phone using adb (I used /data/local/tmp as directory in the phone): su, busybox, Superuser.apk and exploit (exploit name, let's say: rageagainstthecage)
2. Make the exploit executable and execute it
3. Give permissions to the commands su and busybox
4. There you go
All the credits for the autor of the post on IBM forum
I hope this help you with your question
[1]
PHP:
www_ibm_com/developerworks/mydeveloperworks/blogs/coolwinding/entry/how_to_root_defy_on_linux1
jianbangguo said:
try superoneclick
Click to expand...
Click to collapse
Dose the superoneclick use "rageagainstthecage" to grant adb root access? i just want to know "rageagainstthecage", how dose it work? can you help me? thanks
cristianpark said:
Are you using Linux to grant root access on your Defy?
I rooted mine yestarday and I was a little confused on how to make it, I have same file as you as I read. rageagainstthecage is the exploit that will you grant root privileges. The instructions for linux are here [1]. I replaced 'exploit.bin' with 'rageagainstthecage' or you can use the one provided in that post 'psneuter', the proccess is simple
1. Copy files to phone using adb (I used /data/local/tmp as directory in the phone): su, busybox, Superuser.apk and exploit (exploit name, let's say: rageagainstthecage)
2. Make the exploit executable and execute it
3. Give permissions to the commands su and busybox
4. There you go
All the credits for the autor of the post on IBM forum
I hope this help you with your question
[1]
PHP:
www_ibm_com/developerworks/mydeveloperworks/blogs/coolwinding/entry/how_to_root_defy_on_linux1
Click to expand...
Click to collapse
pardon my poor english,I just want to know how dose it work, for example : rageagainstthecage's Working principle,not how to use "rageagainstthecage" to grant root access,thank you !!
The principle of how it works is very simple, the rageinthecage exploit just forks proccesses until the proccessor hits the max, then the system will kill the olders apps, because you are using adb and running psneuter, the system will kill the adb shell, and here is the magic, when you restart the adb shell it start with root rights, to prevent that, inmediatly adb starts, the system calls setuid function, but because the proccesses list is full, the explot prevents the setuid call, allowing you to maintain the root rights, and in that point, you push Superuser.apk to allow the root access to the apps, changin before the permissions to the su binary allowing you to call that binary with a less rights user, that is the idea beyond the exploit!, wish that help you!
Sorry for the bad english
LeonardoJegigzem said:
The principle of how it works is very simple, the rageinthecage exploit just forks proccesses until the proccessor hits the max, then the system will kill the olders apps, because you are using adb and running psneuter, the system will kill the adb shell, and here is the magic, when you restart the adb shell it start with root rights, to prevent that, inmediatly adb starts, the system calls setuid function, but because the proccesses list is full, the explot prevents the setuid call, allowing you to maintain the root rights, and in that point, you push Superuser.apk to allow the root access to the apps, changin before the permissions to the su binary allowing you to call that binary with a less rights user, that is the idea beyond the exploit!, wish that help you!
Sorry for the bad english
Click to expand...
Click to collapse
Great info, thanks for sharing this with us I was wondering the same
I want to root my defy+, but since I really want to understand what's going on I would prefer just to do it manually.
I was able to find the details for version 2.3.4 (i.e. adb shell commands that need to be passed to do the privilege escalation), but not for the latest 4.5.1_134_DFP_131 build.
Do you know if it is documented somewhere?
Indeed, do you know where I can found and manually compiler su, superuser app, and busybox?
I don't know if GNU coreutils's su is ok (maybe not).
Thanks!
Hi all,
Ive spent to weekend reading about rooting and ROMS/Kernels and decided to try it. I used a root kit found here from Mskip (great kit). Ive sucessfully rooted, and then sucessfully installed Smooth Rom 4.3 with the Motley kernel.
Ive downloaded Titanium Backup and Rom Manager. TB worked and I did a backup (which I now cant find) (i have ES File Explorer). I upgraded to Titanium Pro, and now when I open the app is states root was denied. I remember when I first opened TB SuperSu asked me to grant it access. After a reboot I opened SuperSu and stated a Binary update was necessary and performed it.
Now TB pro states root was denied, when I open SuperSu there is nothing there in the apps list, and I dont know how to manually grant TB root access.
Sorry if this is noobish, not sure what to do and I dont want to keep going without a backup.
Edit: When I try to backup in ROM Manager I hit backup, it brings up the notification to name the backup, I hit ok and nothing happens.
cam75 said:
After a reboot I opened SuperSu and stated a Binary update was necessary and performed it.
Now TB pro states root was denied, when I open SuperSu there is nothing there in the apps list, and I dont know how to manually grant TB root access.
Click to expand...
Click to collapse
That sort of sounds like the SuperSU "su" update might have failed. Can you get root with other apps? (e.g. go in to a terminal emulator and type "su")
Note there is a chicken-and-egg problem if (either) SuperSU/su or Superuser/su fail: they need root themselves to remount /system so that the "su" binary can be updated.
If no apps can get root, then you sort of have "lost root", and the fix is to manually insert the .apk and su binary into /system/app and /system/bin/su (or /system/xbin/su depending on flavor!) either with a flash package in recovery, or manually via the adb shell command line (with custom recovery running).
HTH
PS you should be able to just manually start the recovery and do a backup in the meantime, no? The fact that ROM manager isn't doing anything could either be a lack-of-root problem or something else (a busybox dependency?)
bftb0 said:
That sort of sounds like the SuperSU "su" update might have failed. Can you get root with other apps? (e.g. go in to a terminal emulator and type "su")
Note there is a chicken-and-egg problem if (either) SuperSU/su or Superuser/su fail: they need root themselves to remount /system so that the "su" binary can be updated.
If no apps can get root, then you sort of have "lost root", and the fix is to manually insert the .apk and su binary into /system/app and /system/bin/su (or /system/xbin/su depending on flavor!) either with a flash package in recovery, or manually via the adb shell command line (with custom recovery running).
HTH
PS you should be able to just manually start the recovery and do a backup in the meantime, no? The fact that ROM manager isn't doing anything could either be a lack-of-root problem or something else (a busybox dependency?)
Click to expand...
Click to collapse
thx for the quick response, however much of that is WAY over my head. I opened terminal emulator and typed su and this is what popped up. 1 [email protected]:/ $
When TB is opened it states error "sorry I could not acquire root privilegdes. this applidation will not work. please verify that your rom is rooted and try again. this attempt was made using the "/system/xbin/su" command.
I dont see busybox in my app drawer
cam75 said:
thx for the quick response, however much of that is WAY over my head. I opened terminal emulator and typed su and this is what popped up. 1 [email protected]droid:/ $
Click to expand...
Click to collapse
If the SuperSU app (and companion binary) were working correctly, you should have seen one of those "Accept / Deny" pop-up messages coming from the SuperSU app... assuming that you didn't previously grant root access to that terminal emulator app. You didn't mention that happening.... ?
Also, usually the command prompt usually changes from $ to # when you have root, but not always; the explicit way to check would be to (after you have tried the "su" command) to type in "id" and hit return at the prompt - that will tell you explicitly if you are root or not. (That's the letter "i" followed by the letter "d" followed by the return key).
From the way you describe this, it is sounding like you lost root.
I gotta go watch part of the game. In the meantime, perhaps you should at least create a backup manually.
As I said, the simplest fix-up would be to get Superuser.apk/su or SuperSU/su re-installed into /system/app and /system/{x}bin/su (it seems that chainsDD and chainfire use different locations).
There might be floating around someplace a flashable zip file with this stuff in it - to be used for "lightly rooting" a stock ROM after a custom recovery is in place. But things have been in flux recently with both the SuperSU (chainfire) and Superuser (chainsDD) kits because of the JellyBean multi-user support, so the version you might need is important. So you would have to do the research to figure out where.
gotta go - good luck.
bftb0 said:
If the SuperSU app (and companion binary) were working correctly, you should have seen one of those "Accept / Deny" pop-up messages coming from the SuperSU app... assuming that you didn't previously grant root access to that terminal emulator app. You didn't mention that happening.... ?
Also, usually the command prompt usually changes from $ to # when you have root, but not always; the explicit way to check would be to (after you have tried the "su" command) to type in "id" and hit return at the prompt - that will tell you explicitly if you are root or not. (That's the letter "i" followed by the letter "d" followed by the return key).
From the way you describe this, it is sounding like you lost root.
I gotta go watch part of the game. In the meantime, perhaps you should at least create a backup manually.
As I said, the simplest fix-up would be to get Superuser.apk/su or SuperSU/su re-installed into /system/app and /system/{x}bin/su (it seems that chainsDD and chainfire use different locations).
There might be floating around someplace a flashable zip file with this stuff in it - to be used for "lightly rooting" a stock ROM after a custom recovery is in place. But things have been in flux recently with both the SuperSU (chainfire) and Superuser (chainsDD) kits because of the JellyBean multi-user support, so the version you might need is important. So you would have to do the research to figure out where.
gotta go - good luck.
Click to expand...
Click to collapse
Thanks again.
Im watching Superbowl as well. I didnt grant Terminal access. I rebooted into recovery and restored to right after I rooted. SuperSu auto updated through the play store, and stated the binary need updated. I canceled that. TB and ROM manager are showing up in SuperSu. So now Im rebooting into recovery again to after I installed the Smooth Rom/Motley Kernal. I did make a backup of where SuperSu lost root. I now have three backups.
Question on installing the SuperSu apk file. I want to be sure I do it right, if needed. Download the file on my 7. it will go to my download folder. Move it to the system folder and open/run it? what do i do with the current SuperSu folder?
thanks again
I went to my restore point after root and reinstalled 4.3 Smooth ROM Mkernel. I did not take the SuperSu update, (ill wait for the next update) and everything is fine TB an ROM manager working fine, did a backup in both.
Thanks for your help on this.
cam75 said:
Question on installing the SuperSu apk file. I want to be sure I do it right, if needed. Download the file on my 7. it will go to my download folder. Move it to the system folder and open/run it? what do i do with the current SuperSu folder?
Click to expand...
Click to collapse
Dealing with .apk's is not that difficult - drop them into the correct place and reboot.
In Android, apps (.apk files) are stored in one of two places: /system/app or /data/app. It is even possible for two versions of an app to be on the phone - one in /system/app and one in /data/app; that is how upgrades of factory-installed apps happen: the pre-installed app is in /system/app... and never gets deleted (read-only filesystem), whereas update versions get dropped into /data/app. Generally you can just drop an .apk file into either of these locations, wipe the dalvik cache and reboot. During the android boot, these files are compiled into .dex objects in the dalvik-cache, and various version, consistency, rights and permissions are cross-checked.
Think of it this way: when you boot a new ROM for the first time, /data starts out completely empty. Everything needed to support each pre-installed app in /system/app gets created automatically during the android layer start-up.
The "su" native binary is a bit more complicated - it needs to be:
- owned by the user.group root.root
- be executable
- be setuid/setgid
Imagine that you had a copy of these two files on your "/sdcard". If you booted into the custom recovery, you could affect these changes like this:
C:\foo> adb shell
# mount # show what is already mounted
# mount /sdcard # if needed
# mount /system # if needed
# mv /system/app/SuperSU.apk /system/app/SuperSU.apk.old
# cp /sdcard/SuperSU.apk /system/app/SuperSU.apk
# mv /system/xbin/su /system/xbin/su.old
# cp /sdcard/su /system/xbin/su
# chown root.root /system/xbin/su
# chmod 6755 /system/xbin/su
# cd /
# umount /system
# exit
C:\foo>
*
As a practical matter, it is probably easier to just make sure to make a fresh backup if you are about to update the su binary - in case anything goes wrong. It might also be useful to use a root-aware file manager to remount the /system partition in rw mode prior to doing the "update su binary" procedure in the SuperSU app.
Good luck
* note that SuperSU and Superuser apps choose different locations for the su executable file - one uses /system/bin/su and the other /system/xbin/su. There might also be a symlink between these locations. Best policy is probably to examine a known-working installation to determine how to proceed.