I'm trying to find a way to bypass an application that has root a root detection method that looks for superuser.apk, then tries to run "su -c ls" and looks for an exception. Any ideas how to get past this. It gets superuser.apk by doing something similar to this (from what I can tell):
List localList = getPackageManager().getInstalledApplications(0);
int rooted = 0;
for(int i = 0; i < localList.size(); i++)
{
if (((ApplicationInfo)localList.get(i)).publicSourceDir.toLowerCase().contains("superuser.apk"))
{
rooted = 1;
}
}
For the "su -c ls" I think it does something like this:
try
{
Runtime.getRuntime().exec("su -c ls");
rooted = 1;
}
catch (Exception localException)
{
rooted = 0;
}
So, it looks like I basically need to change the name of superuser.apk or block the package manager from seeing it. I've been trying to find where it's getting superuser.apk so I can change the name but I can't find where to do that. For the "su -c ls" I'm not sure how to get by that except for patching su so it won't allow that particular command, any other ideas?
Since both superuser and su are open-source, it could be as simple as recompiling superuser under a different name, and su patched, as you point out.
By that recipe just rename su to something random and create a gscript that runs the newsu and creates an su and superuser.apk when you need them, delete them when you don't.
First moved .
Second as stated above u would need your to make ur own special su binary and superuser apk.
Create you program as needed, have it use su to install your own su binary of a different name then use ur orginal apk as teh new superuser.apk. Then finally unstill original su/superuser.apk.
This is not a great method as you will loose root access for all other applications. But afaik you not going to be able to block the package manager from seeing superuser.apk.
Solved: http://forum.xda-developers.com/showthread.php?p=25140897#post25140897
You can learn here how to execute shell commands as root and read output and errors
What you will need:
Eclipse with ADT plugin
Basic knowledge of java
Rooted android device
Note
Root commands should always be executed in background thread, you can use AsyncTask for example
I won't explain here how to use AsyncTask, maybe in another tut.
Also note that I'm a relative beginner myself so I won't use professional terms I'll try to explain in my own words, so I'm sorry in advance if you have no idea what I'm talking about
1. First thing that we need to do is open a new root shell like this:
Code:
Process process = Runtime.getRuntime().exec("su");
Make sure to destroy this process after finished
2. Open input output and error streams to write commands and read output
Code:
OutputStream stdin = process.getOutputStream();
stdin is used to write commands to shell. This is OutputStream, which means that using this stream we can execute command(like writing command in terminal)
Code:
InputStream stderr = process.getErrorStream();
InputStream stdout = process.getInputStream();
stderr and stdout are used to read output and error of a command which we executed.
3. Now we actually execute commands
Code:
stdin.write(("ls\n").getBytes());
//after you exec everything that you want exit shell
stdin.write("exit\n".getBytes());
"\n" at the end of the command means new line(like when you press enter in terminal). This is important, if you dont add new line it same like you didn't press enter
4. Flush and close OutputStream
Code:
stdin.flush(); //flush stream
stdin.close(); //close stream
5. Read output and error of a executed command
Code:
BufferedReader br = new BufferedReader(new InputStreamReader(stdout));
while ((line = br.readLine()) != null) {
Log.d("[Output]", line);
}
br.close();
br =
new BufferedReader(new InputStreamReader(stderr));
while ((line = br.readLine()) != null) {
Log.e("[Error]", line);
}
br.close();
We read output and error (if any) line by line and write it to logcat
You can of course do anything with output(display in TextView for example)
6. Finally we destroy opened shell
Code:
process.waitFor();//wait for process to finish
process.destroy();
You need to handle InteruptedException and IOException.
Hope this helps someone. Again sorry for stupid explanations. I totally understand all this but English isn't my primary language so its a but hard to explain...
Here is whole code;
Code:
try {
String line;
Process process = Runtime.getRuntime().exec("su");
OutputStream stdin = process.getOutputStream();
InputStream stderr = process.getErrorStream();
InputStream stdout = process.getInputStream();
stdin.write(("ls\n").getBytes());
stdin.write("exit\n".getBytes());
stdin.flush();
stdin.close();
BufferedReader br =
new BufferedReader(new InputStreamReader(stdout));
while ((line = br.readLine()) != null) {
Log.d("[Output]", line);
}
br.close();
br =
new BufferedReader(new InputStreamReader(stderr));
while ((line = br.readLine()) != null) {
Log.e("[Error]", line);
}
br.close();
process.waitFor();
process.destroy();
} catch (Exception ex) {
}
Yea roottools is better solution, it handles opening shell for you, its easier, less code, and in my experience a little bit faster.
Here is an example:
Code:
Command command = new Command(0, "ls")
{
@Override
public void output(int id, String line)
{
// Handle output here
}
};
RootTools.getShell(true).add(command).waitForFinish();
And also do this when exiting application
Code:
RootTools.closeAllShells();
Sent from my Evo 3D GSM using Tapatalk 2
Everyone should read the How-To SU guide by Chainfire:
http://su.chainfire.eu/
Usable example code is on Github. In the meanwhile there's an interactive shell (like in RootTools) available too:
https://github.com/Chainfire/libsuperuser
I noticed that you called your InputStream stdout and your OutputStream stdin. Is there any reason that you chose to reverse the usual naming?
Great work but i would be delighted if op mentioned root commands and how to use them
octobclrnts said:
I noticed that you called your InputStream stdout and your OutputStream stdin. Is there any reason that you chose to reverse the usual naming?
Click to expand...
Click to collapse
Its confusing I know.
I'll try to explain
You use InputStream to read output of the shell so I called it stdout
Output of a shell/terminal is called stdout
You use OutputStream to write to shell(input to shell) so its stdin
Passing commands to terminal is stdin
It stands for standard output/input
More about stdin, stdout, stderr
http://en.m.wikipedia.org/wiki/Standard_streams
Sent from my Evo 3D GSM using Tapatalk 2
sak-venom1997 said:
Great work but i would be delighted if op mentioned root commands and how to use them
Click to expand...
Click to collapse
There is no such thing as root command.
commands can be executed as root user or as normal user.
Sent from my Evo 3D GSM using Tapatalk 2
pedja1 said:
There is no such thing as root command.
commands can be executed as root user or as normal user.
Sent from my Evo 3D GSM using Tapatalk 2
Click to expand...
Click to collapse
You didn't get me sir I ment the commands which run as root and how can developers utilize them
Sent from my GT-S5302 using Tapatalk 2
Hit Thanx Button if i helped you!
sak-venom1997 said:
You didn't get me sir I ment the commands which run as root and how can developers utilize them
Sent from my GT-S5302 using Tapatalk 2
Hit Thanx Button if i helped you!
Click to expand...
Click to collapse
I'm not really sure what you are asking. Any command can be executed as root.
Maybe you should read a bit about linux and shell
Sent from my Evo 3D GSM using Tapatalk 2
pedja1 said:
I'm not really sure what you are asking. Any command can be executed as root.
Maybe you should read a bit about linux and shell
Sent from my Evo 3D GSM using Tapatalk 2
Click to expand...
Click to collapse
No I was talking about the commands which require root to run like ifconfig
Sry for trouble I have no linux knowledge
Sent from my GT-S5302 using Tapatalk 2
Hit Thanx Button if i helped you!
sak-venom1997 said:
No I was talking about the commands which require root to run like ifconfig
Sry for trouble I have no linux knowledge
Sent from my GT-S5302 using Tapatalk 2
Hit Thanx Button if i helped you!
Click to expand...
Click to collapse
There are some commands that will just make sense as root. However, why should anyone write a tutorial about how to use some commands very few persons will need. Google "Linux command <what you want to do>" and you will find explanations. Many commands are just more flexible when executed like this.
I really recommend that. You will need it when you develop a root app. And you can use the adb shell! Great help.
@OP: What's about mentioning that you should use the busybox commands as the system's implementation of the shell commands differs from device to device and from ROM to ROM?
I also recommend RootTools. One of the best libraries in my opinion!
nikwen said:
.
@OP: What's about mentioning that you should use the busybox commands as the system's implementation of the shell commands differs from device to device and from ROM to ROM?
I also recommend RootTools. One of the best libraries in my opinion!
Click to expand...
Click to collapse
Purpose of this tutorial is to show how to execute commands as root, not how to use certain Linux commands.
And besides, using busybox is not always best solution, what if device doesn't have it installed, what if busybox doesn't have that command.
For example you would definitely not use "busybox echo" or "busybox ls".
Devs should already know how to use Linux, this is just to show how to do it from java.
Sent from my Evo 3D GSM using Tapatalk 2
pedja1 said:
Purpose of this tutorial is to show how to execute commands as root, not how to use certain Linux commands.
And besides, using busybox is not always best solution, what if device doesn't have it installed, what if busybox doesn't have that command.
For example you would definitely not use "busybox echo" or "busybox ls".
Click to expand...
Click to collapse
You are right. It is true that nobody would use busybox for very simple commands.
However, RootTools has the RootTools.offerBusyBox(Activity activity) Method which opens Google Play to download a busybox installer.
Devs should already know how to use Linux, this is just to show how to do it from java.
Sent from my Evo 3D GSM using Tapatalk 2
Click to expand...
Click to collapse
I understood what you wanted to do.
Great job, btw. Would have been glad if I had had this when I started with root apps.
Great Work!!!
I found how to execute root commands before. But this post has the best explanation. Thanks a lot!
pedja1 said:
Purpose of this tutorial is to show how to execute commands as root, not how to use certain Linux commands.
And besides, using busybox is not always best solution, what if device doesn't have it installed, what if busybox doesn't have that command.
For example you would definitely not use "busybox echo" or "busybox ls".
Devs should already know how to use Linux, this is just to show how to do it from java.
Sent from my Evo 3D GSM using Tapatalk 2
Click to expand...
Click to collapse
I once did run into troubles parsing the results of "ls" command. Usually 'ls' is just the short table-style list, while you could get all the details with 'ls -l'. This is what I needed. But when testing on the Motorola Milestone unfortunately 'ls' was sym-linked to 'ls -l', therefore calling 'ls -l' would result in an error message. Don't know if more devices act like that (didn't test on any other Motorola phones, and the Milestone is quite old by now), but maybe it still makes sense to use busybox for 'normal' command in some cases...
Hello,
I am trying to run a script kept in my assests folder of my app. It is Root.sh which contains -
Code:
su
cd system
mkdir abcdjdj
This is my java code:-
Code:
String path = "file:///android_asset/Root.sh";
Process p = new ProcessBuilder().command(path).start();
But now I get a runtime error -
Code:
04-22 15:08:03.144: E/AndroidRuntime(785): Caused by: java.io.IOException: Error running exec(). Command: [file:///android_asset/Root.sh] Working Directory: null Environment: [ANDROID_SOCKET_zygote=9, ANDROID_STORAGE=/storage, ANDROID_BOOTLOGO=1, EXTERNAL_STORAGE=/mnt/sdcard, ANDROID_ASSETS=/system/app, PATH=/sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin, ASEC_MOUNTPOINT=/mnt/asec, LOOP_MOUNTPOINT=/mnt/obb, BOOTCLASSPATH=/system/framework/core.jar:/system/framework/core-junit.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/telephony-common.jar:/system/framework/mms-common.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/apache-xml.jar, ANDROID_DATA=/data, LD_LIBRARY_PATH=/vendor/lib:/system/lib, ANDROID_ROOT=/system, ANDROID_PROPERTY_WORKSPACE=8,32768]
Can anyone please help me?
Thanks.
abcdjdj said:
Hello,
I am trying to run a script kept in my assests folder of my app. It is Root.sh which contains -
Code:
su
cd system
mkdir abcdjdj
This is my java code:-
Code:
String path = "file:///android_asset/Root.sh";
Process p = new ProcessBuilder().command(path).start();
But now I get a runtime error -
Code:
04-22 15:08:03.144: E/AndroidRuntime(785): Caused by: java.io.IOException: Error running exec(). Command: [file:///android_asset/Root.sh] Working Directory: null Environment: [ANDROID_SOCKET_zygote=9, ANDROID_STORAGE=/storage, ANDROID_BOOTLOGO=1, EXTERNAL_STORAGE=/mnt/sdcard, ANDROID_ASSETS=/system/app, PATH=/sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin, ASEC_MOUNTPOINT=/mnt/asec, LOOP_MOUNTPOINT=/mnt/obb, BOOTCLASSPATH=/system/framework/core.jar:/system/framework/core-junit.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/telephony-common.jar:/system/framework/mms-common.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/apache-xml.jar, ANDROID_DATA=/data, LD_LIBRARY_PATH=/vendor/lib:/system/lib, ANDROID_ROOT=/system, ANDROID_PROPERTY_WORKSPACE=8,32768]
Can anyone please help me?
Thanks.
Click to expand...
Click to collapse
Why don't you do it this way?
Code:
Runtime.getRuntime().exec("su", "-c", "cd system; mkdir abcdjdj");
Note that you need to pass the commands you want to execute to the command method, not the path.
nikwen said:
Why don't you do it this way?
Code:
Runtime.getRuntime().exec("su", "-c", "cd system; mkdir abcdjdj");
Note that you need to pass the commands you want to execute to the command method, not the path.
Click to expand...
Click to collapse
It gives a syntax error. I guess it should have been - Runtime.getRuntime().exec(new String[] { "su", "-c", "cd system; mkdir abcdjdj" });
It runs fine on my phone but I still don't see a folder called abcdjdj is /system
abcdjdj said:
It gives a syntax error. I guess it should have been - Runtime.getRuntime().exec(new String[] { "su", "-c", "cd system; mkdir abcdjdj" });
It runs fine on my phone but I still don't see a folder called abcdjdj is /system
Click to expand...
Click to collapse
You are right, it should have been that.
Try to add the full path:
Code:
Runtime runtime = Runtime.getRuntime();
try {
runtime.exec(new String[] {"su", "-c", "mkdir /system/abcdef"});
runtime.exec(new String[] {"su", "-c", "mkdir /system/aaab; mkdir /system/aaac"});
} catch (IOException e) {
e.printStackTrace();
}
I think that executing your first idea should work if you execute
Code:
runtime.exec("su");
and then write the commands to the outputstream as described in the first post of this thread.
---------- Post added at 06:13 PM ---------- Previous post was at 06:06 PM ----------
However, I recommend using roottools.
If you need to execute commands rarely it will be fine that way, but if you need to execute commands often, there will be annoying Toast messages every time. Using roottools, there will be such a message just once when the app requests SU rigths for the first time after the launch.
Ichigo said:
Yes, root tools is a great alternative. I use it a lot in my app. If you want, check my github for examples.
Click to expand...
Click to collapse
For a very basic tutorial, check this: http://code.google.com/p/roottools/wiki/Usage
I am developing a Keyboard Bot (Automated Text Typing) in which the only problem I'm facing is speed (Regardless of which device is used). The App requires root and it works perfectly fine in typing text.
Using
Code:
adb shell input text <String>
or
Code:
adb shell input keyevent <KEYCODE_NAME>
works perfectly fine in sending text to the android device, but my issue is speed.
Using something like
Code:
input keyevent KEYCODE_A KEYCODE_A KEYCODE_SPACE KEYCODE_A KEYCODE_ENTER;
will type the text quickly, but separating it into 2 commands will result in a (1 sec) delay between the 2 commands (Much Slower).
Sample Shell Code:
Method 1 (Much faster):
Code:
input keyevent KEYCODE_A KEYCODE_A KEYCODE_ENTER KEYCODE_A KEYCODE_A KEYCODE_ENTER;
Method 2:
Code:
input keyevent KEYCODE_A KEYCODE_A KEYCODE_ENTER;
input keyevent KEYCODE_A KEYCODE_A KEYCODE_ENTER;
I wanted to type a large text as fast as possible, so i called a long shell
Code:
input keyevent KEYCODE_A .... KEYCODE_ENTER
But having a shell script with input keyevent followed by a large combination of KEYCODE_A for instance, will not be executed. (Large Shell Commands are aborted)
After the shell command
Code:
input keyevent KEYCODE_A
, there will be a 1 second delay before the next "input" command executes.
What would be the best way to send large text without having long delays?
I am aware that sendevent is faster in sending large text, but how can i programmatically use it with an APP with root privilages?
Is there a way i can use Instrumentation from my root app on third party apps without having to transform my app into a system app?
Note:
The weakness of input text <String> is that it also has a limit to it's size and it can't perform special keyevents inside of it (Like the Back Button or Enter/New Line ).
I have been looking for an answer for quite sometime, but i haven't found a working method. (I searched for a way to send text using "sendevent" code.
My Sample Code: (Simple Program that will type a certain text multiple times)
Service Class
Code:
public class InputTextService extends IntentService {
public InputTextService() {
super("ServiceQAZ");
}
@Override
protected void onHandleIntent(Intent intent) {
//Using chainfire libsuperuser
Log.i("Service","Entered");
try {
Thread.sleep(5L* 1000L);
} catch (InterruptedException e) {
e.printStackTrace();
}
Log.i("Service","Sleep Finished");
//String[] cmds = { "input text hello","input keyevent KEYCODE_ENTER"};
String[] cmds = { "input keyevent KEYCODE_H KEYCODE_E KEYCODE_L KEYCODE_L KEYCODE_O","input keyevent KEYCODE_ENTER"};
// if(Shell.SU.available()) {
for(int i = 0; i < 100; i++) {
Shell.SU.run(cmds); // Works Everywhere
//Shell.SH.run(cmds); //Only works in application
}
// }
Log.i("Service","Input Sent");
}
}
Thanks in Advance.
Hi this might be a bit off topic but I am working on my own app and the first command that the app tries to run when i press a button is mount -o rw,remount /system to get mount partition as rw, so i can further execute other commands, however app works fine on other phones but on my phone it shows the following issue in su logs :device or resource busy , can't mount , please help I've tried almost everything, i am able to mount using terminal emulator but not via app
dewankpant said:
Hi this might be a bit off topic but I am working on my own app and the first command that the app tries to run when i press a button is mount -o rw,remount /system to get mount partition as rw, so i can further execute other commands, however app works fine on other phones but on my phone it shows the following issue in su logs :device or resource busy , can't mount , please help I've tried almost everything, i am able to mount using terminal emulator but not via app
Click to expand...
Click to collapse
I would recommend that you use the library "Root Tools" which has a mount command that will try different methods of mounting a directory. I've been using it for a while and it's great.
Stround said:
I would recommend that you use the library "Root Tools" which has a mount command that will try different methods of mounting a directory. I've been using it for a while and it's great.
Click to expand...
Click to collapse
Actually my problem is something different, i am using this command in my own app and when i see the log of my app in su i see it shows that device or resource is busy, how can i overcome that
I think that my question is different from the purpose of this thread, but I do not want to build a new thread, so please forgive me.
As you know, input keyevent is a very slow command. But I tested this instead of "input keyevent 3".
"am start -c android.intent.category.HOME -a android.intent.action.MAIN"
I found out this was way faster than input keyevent 3.
So someone smart developers, could you write down the strings like "am start blah blah blah" as "input keyevent 4" (back) for me?
I have the same app on two different phones that have root access but I get different behavior from them while creating a shell. One phone runs CM12, the other runs CM13. My program runs a compiled executable and basically uses the code below. The executables I run won't stop until I close the shell. For this thread, we'll call it "specialProgram". I use 'ps' while using a terminal emulator to check what processes are running.
Code:
........
..................
Process process = Runtime.getRuntime().exec("su");
int processID = -1;
try {
Field f = process.getClass().getDeclaredField("pid");
f.setAccessible(true);
processID = f.getLong(process);
f.setAccessible(false);
} catch (Exception e) {}
System.out.println("Process: " + processID);
OutputStream stdout = process.getOutputStream();
stdout.write("specialProgram\n").getBytes());
..................
........
The phone that runs CM12 will create two processes, one call "su" and another called "specialProgram". The process ID for the process that is called "su", matches the processID for my variable 'processID'.
The phone that runs CM13 will only create a process called "specialProgram". This processes ID matches what my variable 'processID' becomes.
What I assume is that I'm creating a new process from within that shell, when I write to the OutputStream. But this only happens on one of my phones. Why?
So I think I figured it out. When I run
Code:
Process process = Runtime.getRuntime().exec("su");
it creates a process. And then when I run
Code:
stdout.write("specialProgram\n").getBytes());
it create another process. Closing the first process won't close the second process. I made my own class to properly close them though.