2

I rooted my android kit-kat with kingroot. This process took almost 2-3 minutes and it successfully rooted.

But what is the process involved in rooting an android phone? I want a very clear explanation,please.

I read this how does rooting work

that answer says that placing that binary files and some other things mentioned but it is a rough answer, if possible i want an example and a very very detailed explantion please. Place any link which explains the android coding to root an android phone.

Community
  • 1
  • 1
    Possible duplicate of How does rooting work? – Chahk Jul 15 '16 at 16:25
  • i read that question but i did not get the perfect answer –  Jul 15 '16 at 16:32
  • that answer says that placing that binary files in the right place but where if possible .I want an example please –  Jul 15 '16 at 16:33
  • It depends on many variables, such as device manufacturer, model, OS version, etc. One-click apps usually contain many different rooting methods, and select one that matches the device they are being executed on. – Chahk Jul 15 '16 at 16:40
  • They exploit the vulnerabilities in the kernel, by getting itself elevated by using exploit scripts executed in a shell and placing the required binaries including su and finally installing a Root Access Management app like King User as a system app.. Some of these so-called 'automatically root' apps are open sourced, just check them out. – Gokul NC Jul 16 '16 at 15:31

1 Answers1

2

These One-Click root apps, like ol' faithful kingroot, follow a general structure for rooting. I will be using kingroot as an example.

Phase one- Detection of device - Self explanatory, really. Kingroot scans the build.prop (which it can, its mostly what you see in about phone) to grab and nab what the hell you are using. It can use other info sources too, but I don't know which (kernel, maybe)

Phase two - Exploiting - one-click apps generally follow a pattern of exploiting weaknesses in the OS to access /system directly (and freely). Malware and other infected apps/files can do this too, to gain their own root privilege. Anyway, they use this to gain temporary root.

Phase three - Planting files - at this point, The app just injects the SU binaries and SuperUser Management apps (in the case of kingroot, itself). It often makes these apps system apps to help protect against root access loss. Anyway, the temporary root planted previously is used as leverage, which allows for the root-app to provide permanent, system-wide root

Final phase - polishing - assuming that everything went well, all that's left is a reboot (to load the new binaries in. You may not even need a reboot, but you should anyway) and you are done!

Dan Brown
  • 1,731
  • 1
  • 16
  • 39
  • They use temp root ... then gain permanent root with the extra leverage – Empire of E Jul 17 '16 at 04:15
  • @user157947 edited to include that. – Dan Brown Jul 17 '16 at 08:20
  • well explained but the how is the exploiting takes place (as you said the phase two) –  Jul 17 '16 at 09:37
  • 1
    usually different exploits are just shell commands working together to get access to read only directories... For example, A old root app called framaroot used a camera permission exploit... Because the camera has extra permission to read and write files for MMS or Setting background, You could use a camera app to leverage it's own permissions to edit system files.... – Empire of E Jul 17 '16 at 10:00
  • @user157947 exactly. I didnt say anything, as it can be anything – Dan Brown Jul 17 '16 at 10:24