How does su work on android? And what are the pre-requisites for it to work? What is rooting on Android?

android root su
mk.. picture mk.. · Apr 5, 2012 · Viewed 49.2k times · Source

Possible Duplicate : what does the su mean: process = Runtime.getRuntime().exec("su");

I am tired trying all the different things yet i am still unsuccessful in understanding when will su work. What is rooting a device in Android? Someone please please help me with this.

I replied to the following question. The solution i posted there, i tested and also it worked.

Adding full permission for a image file in android.

Here is my question :

I tried Following.

Copied su.

Installed SuperUser.apk,

From program i called su and then using the newly created process i performed the required operations.

This has 2 results.

1) When the device is rooted(like executing Permanent root option in z4root), It works, it changes the system file permissions.

2) When device is not rooted, It doesnot work.

Kindly explain what extra thing does z4root performs which makes the task possible. Explain in brief please.

Let me know if my question is not clear. Thanks a ton..

Answer

matix2267 picture matix2267 · Apr 9, 2012

What z4root (or any other rooting program) does it runs some exploit to change its own uid (user-id) to 0 (root). You can think of it as of performing some kind of hack and tricking kernel into thinking it actually has the right to be root (then if z4root was a virus it could do everything with your phone from installing keyloggers to bricking it). Of course if it is possible to trick kernel in such a way to give you root access it is considered a security vulnerability (any app could do that and perform some malicious stuff) and usually gets fixed in future kernel updates (that's why z4root may not work if you upgrade your firmware).

When z4root has set its uid to 0 it does the following: remounts /system partition as writable (by default it's read-only), copies over su binary, Superuser.apk and busybox and then remounts /system back as read-only.

So how does the su binary give you root access without doing "the hack" thing when normally applications have same uid as parent process? This is because su binary has set-uid flag set and is always ran as uid 0 (root).

Now, if you have copied su binary over to /system/bin then you must have had root access which means you just forgot to change owner/permissions (chown root:root /system/bin/su; chmod 6755 /system/bin/su) but you still need root access to do that.

Related questions

Root detection methodology in android which cannot be bypassed

I know that running an app which possess sensitive information on a rooted device is not secure at all. So developers usually do root detection in such cases and if the device is found rooted,then that app won't get …

Read More
Is it possible to run a shell command as root with only the su binary and no SuperSU or Superuser apk installed?

I have an Android phone that has only su binary installed and it works, meaning I can adb shell into the phone and run an 'su' command and I will be root. When I try to run a command via …

Read More
Read command output inside su process

firstly I will present my situation. I need to execute "su" command in my android app and it works well. Then I need to execute "ls" command and read the output. I'm doing it by getting the output stream from …

Read More