Home » How - To / Tutorial » Rooting with an Unlocked Boot Loader Android

Rooting with an Unlocked Boot Loader Android

Rooting-with-an-Unlocked-Boot-Loader-Android Rooting with an Unlocked Boot Loader AndroidThe process of rooting culminates in having an su binary with the proper set-uid permissions on the system partition. This allows elevating privileges whenever needed. The su binary is usually accompanied by an Android application, such as SuperUser or SuperSU, that provides a graphical prompt each time an application requests root access. If the request is granted, the application invokes the su binary to execute the requested command. These su wrapper Android applications also manage which applications or users should be granted root access automatically, without prompting the user.

The latest version of Chainfire SuperSU can be downloaded as a recovery update package from http://download.chainfire.eu/supersu or as a standalone application from Google Play at https://play.google.com/store/ apps/details?id=eu.chainfire.supersu. The ClockworkMod SuperUser package can be obtained from Google Play at https://play.google.com/store/apps/details?id=com .koushikdutta.superuser. The source code is available at https://github .com/koush/Superuser.

On devices with an unlocked or unlockable boot loader, gaining root access is very easy, as you do not have to rely on exploiting an unpatched security hole. The first step is to unlock the boot loader. If you haven’t done it already, depending on the device you should either use fastboot oem unlock as described in the “Locked and Unlocked Boot Loaders” section, or use a vendor-specific boot loader unlock tool to legitimately unlock the device.

At the time of this writing, Motorola, HTC, and Sony-Ericsson support boot loader unlocking on some devices through their unlock portal websites. The boot loader unlock portal for Motorola is available at https:// motorola-global-portal.custhelp.com/app/standalone/bootloader/ unlock-your-device-a. The boot loader unlock portal for HTC is available at http://www.htcdev.com/ bootloader. The boot loader unlock portal for SonyEricsson is available at http:// unlockbootloader.sonymobile.com/.

When the boot loader is unlocked, the user is free to make custom modifications to the device. At this point, there are several ways to include the appropriate su binary for the device’s architecture in the system partition, with the correct permissions. You can modify a factory image to add an su binary. In this example, we unpack an ext4 formatted system image, mount it, add an su binary, and repack it. If we flash this image, it will contain the su binary and the device will be rooted.

If the device is an AOSP-supported device, you can compile a userdebug or eng Android build from source. Visit http://source.android.com/source/ building.html for more information on building Android from source. These build configurations provide root access by default:

Whether you built your custom system image by modifying a factory image or by compiling your own, you must flash the system partition for it to take effect. For example, the following command shows how to flash this image using the fastboot protocol:

The most straightforward method is to boot a custom recovery image. This allows copying the su binary into the system partition and setting the appropriate permissions through a custom update package. When using this method, you are booting the custom recovery image without flashing it, so you use it only to flash an su binary on the system partition without modifying the recovery partition at all.

To do this, download a custom recovery image and su update package. The custom recovery image can be one of your choosing, as long as it supports your device. Similarly, the su update package can be SuperSU, SuperUser, or another of your choice.

  1. You should place both downloads into the device’s storage, typically on the SD card mounted as /sdcard.
  2. Next, put the device into fastboot mode.
  3. Now, open a command prompt, and type fastboot boot recovery.img, where recovery.img is the raw recovery image you downloaded.
  4. From the recovery menu, select the option to apply an update zip file and browse to the folder on your device storage where you have placed the update package with the su binary.

Additionally, devices using Android 4.1 or later contain a new feature called sideload. This feature allows applying an update zip over ADB without copying it to the device beforehand. To sideload an update, run the command adb sideload su-package.zip, where su-package.zip is the filename of the update package on your computer’s hard drive. After unlocking the boot loader on some devices, you can boot unsigned code but you can’t flash unsigned code. In this case, flashing a custom system or recovery image is only possible after gaining root on the booted system. In this scenario, you would use dd to write a custom recovery image directly to the block device for the recovery partition.

One thought on “Rooting with an Unlocked Boot Loader Android

  1. Lilla says:

    I have been exploring for a bit for any high-quality articles or blog posts on this
    kind of area . Exploring in Yahoo I finally stumbled upon this site.
    Reading this information So i am glad to convey that I’ve an incredibly good uncanny feeling I found out
    just what I needed. I most indisputably will make certain to do not put
    out of your mind this site and give it a glance regularly.

Leave a Reply

Your email address will not be published. Required fields are marked *

Name *
Email *