Rooting Android

Android Operating System

What is rooting?

All operating systems have system privileges that allow certain users or processes to perform tasks that only system administrators can perform.

On Linux and most Unix-like operating systems, you can either be a normal user or a superuser. The superuser account, otherwise known as root, is the system administrator and has the ability to perform any task.

Rooting is the process of allowing users of smartphones, tablets, and other devices running the Android mobile operating system to attain privileged control known as root access. Android runs on Linux kernel so root on Android provides similar access to administrative (superuser) permissions just as any other Unix-like operating system.

Linux Operating System

What can root do?

Once you have access to the superuser account you can perform the following tasks on the system:

• Change system files
• Change system configurations
• Read all data that belongs to other users on the system
• Read data that belongs to other apps
• and much more!

su and sudo commands?

The su command stands for Substitute/Switch User. The su command is used to allow normal users or a process to temporarily become another user by changing their user id to root, in order to gain root privileges.

The sudo command is similar to the su command because it allows you to execute a single command as root. You can only use the su and sudo commands if you’re authorised to do so. Hence, you either need the password for the root account or must be an authorised sudoer and will need to enter your normal account password.

Potential dangers of rooting a device

Before you go ahead and try rooting your device, here are some consequences of rooting you should be mindful of:

• Loss of phone warranty
• Some applications do not work due to root such as financial apps
• Hard-brick your device if the rooting process is done incorrectly. Unfortunately, you can not recover from this state and your device will be as good as a brick.
• Soft-brick (This is when your android device constantly displays the boot animation and does not boot completely to the home screen. This is known as a bootloop)
• No OTA updates (If rooted using SuperSu)

Installing apps, especially from third-party App Stores which are not verified, on a rooted device is very dangerous. For example, if you install unverified app X on your non-rooted device, and you proceed to root your device. When app X detects that your device is rooted, it can prompt you to grant it root access. If you do happen to do so, app X will have the permissions to read all the sensitive data (passwords, emails, banking info, etc) belonging to other apps on your device.

How to fix bootloop?

I have rooted and soft-bricked many android devices. A generic solution to fix a bootloop is to flash new firmware onto the device.

Flashing process for SM-T295

1. Download firmware from https://samfrew.com
2. Install Odin on your PC.
3. Boot device into download mode (volume down + volume up + insert USB cable)
4. Press volume up to enter download mode.
5. Open Odin and load the firmware files into the options, respectively.
6. Press start and wait for the firmware to completely install.
7. After the device automatically reboots, you can complete the setup process.

Flash stock ROM on SM-T295

Magisk Vs SuperSu

Magisk and SuperSu are firmware that is installed on Android devices to gain root access. Magisk is an open-source project which was created in 2016 by John Wu and has grown in popularity ever since. Unlike SuperSu which only has the ability to grant root permission to specific apps, Magisk takes it a step further and provides users with the ability to hide root from a specific app completely.

According to the XDA article below, Google’s SafetyNet tool is used to detect any tampering or system modifications and will block certain apps from working if it detects that the system partition was modified. Magisk is known as a “systemless” root method which means that it does not change the system partition, therefore, banking apps and other financial apps, such as Google Pay, can now work on your rooted device and you can still install OTA updates.

Therefore, Magisk is a better option compared to SuperSu, since SuperSu changes the system files and adds new files to the system partition on the device and will not bypass Google SafetyNet.

Magisk Manager

Magisk manager is a repository where users can install modifications and tweaks onto their rooted phone such as:

• YouTube Vanced: This app comes with a built-in adblocker and the user can override the maximum resolution.
• App Systemizer: This app is used to turn third-party apps into system apps.
• Emoji One: Changes the stock emojis on your device
• Viper4Android: This is an advanced music modification app that gives users full control over their device's audio system. The user has full control over the audio of the individual speakers and will allow the user to increase the maximum volume level and audio clarity.

Magisk Hub - What is Magisk? How to install Magisk? & More

Software requirements and steps to root a Samsung Galaxy Tab A8 (SM-T295)

There is no generic process available to root all android devices. This makes it difficult to root new devices on the market since each model requires a compatible version of TWRP. The following software is required to root an android device:

• ODIN (Firmware flashing software): ODIN is used to flash stock or custom ROMs on an Android device and to install TWRP.
• TWRP (TeamWin Recovery Program): TWRP is a custom recovery program that is used to install third-party firmware and to backup an Android device to a micro SD card.
• Magisk.zip: The Magisk firmware is installed using TWRP.

Samsung Galaxy Tab A8 (SM-T295) Downloads

Root SM-T295 with Magisk using TWRP

Enable OEM unlock:

1. Go to settings -> Tap About device -> Tab Build number seven times
2. Go to settings -> Developer Mode -> OEM unlock

Unlock bootloader:

1. Turn off tablet
2. Press and hold down volume up + volume down keys together
3. Insert USB cable (should already be connected to the computer)
4. When bootloader screen appears, release all keys
5. Press and hold volume up key for 5 seconds, then release
6. Read instructions on the screen to unlock bootloader (this will wipe all your data)
7. After reboot, go through the normal setup

Rooting process:

1. Install Odin on your PC.
2. Boot the device into download mode (volume down + volume up + insert USB cable)
3. Open Odin -> Click BL -> Select TWRP_3.4.0.1+vbmeta_T295.tar
4. Boot device into TWRP i.e. recovery mode (power button + volume up)
5. Tap Mount -> Check the boxes on all sections
6. Tap Install -> Select Magisk-uninstaller-20200323. zip
7. Tap Wipe cache/dalvik
8. Reboot into Recovery mode
9. Tap Mount -> Check the boxes on all sections
10. Tap Install -> Select Magisk-v20.4.zip
11. Reboot into System mode

App Demo: Executing root commands

I have created a simple program to demonstrate how to execute root commands from within an Android app.

Demo App

Runtime.getRuntime().exec() is required to execute root commands in an Android app. According to Android Developer documentation, every Java application has a single instance of the runtime class that allows the application to interface with the environment in which the application is running. The current runtime can be obtained from the getRuntime() method.

https://developer.android.com/reference/java/lang/Runtime

MainActivity.kt

RootUtils has a single method called getSuPath() which, as the name suggests, returns the path to su program. In order to execute a root command we need to pass the path to the su program as an argument to Runtime.getRuntime().exec().

The getSuPath() method is also used to check if a device is rooted.

RootUtils.kt

The root commands demonstrated in my demo app are just the tip of the iceberg. There are more advanced commands that can be used such as:

• ping: Checks if a host is reachable
• traceroute: Displays the route a data packet takes from source to destination and the number of hops it took.
• ssh: Is used to establish a secure connection between two hosts over a network.
• ps: Lists all running processes.
• and much more!

Cameron-Fisher-506/Root

Conclusion

What is the future for Magisk now that John Wu has landed a job at Google? John Wu announced, on 17th May 2021 via Twitter, that he was officially joining the Android Platform Security team at Google. Will Wu still be allowed to work on Magisk, since there’s a potential conflict of interest? Will the rooting community, those with a solid understanding of Linux and Android, step up and contribute towards the open-source project?

What are your thoughts? I’d love to hear from you.