I want to write an application which roots the device on which it is installed, I mean by installing this app you will be able to root your device without a computer, just like the app in the following link,
http://www.kingoapp.com/root-tutorials/how-to-root-android-without-computer.htm
I've searched a lot on how to do that using Java code for Android devices, but there was no clear solution to me. Based on my research, I think we need the following steps:
1- Being able to use shell commands in Android using Runtime.getRuntime().exec();
2- Executing a command that gains root privileges (I think su, but this needs a rooted device to be executed).
3- Initiate a root command that will root the device.
I couldn't find a code explanation on how to do the steps above. I want to understand this process first, the commands that can be used in it, then I want to try to implement it by myself. Since there are many apps on the store that offer this feature, then implementing it must be feasible.
Could anyone please explain to me how to implement this process?
Also, is there a possibility to write a code for the opposite process, which is unrooting the device?
Any help is appreciated.
Thanks.
To run root commands, you have to use the following format:
public void RunAsRoot(String[] cmds){
Process p = Runtime.getRuntime().exec("su");
DataOutputStream os = new DataOutputStream(p.getOutputStream());
for (String tmpCmd : cmds) {
os.writeBytes(tmpCmd+"\n");
}
os.writeBytes("exit\n");
os.flush();
}
where you pass in an array of strings, each string being a command that needs to be executed. For example:
String[] cmds = {"sysrw", "rm /data/local/bootanimation.zip", "sysro"};
Related
I have been trying to run a few Linux commands on my android phone with
Process process = Runtime.getRuntime().exec(COMMAND);
BufferedReader in = new BufferedReader(new InputStreamReader(process.getInputStream()));
And noticed that I can only run specific commands and get the proper output even if the device is rooted with SuperSU (I have also tested it with a device without SuperSU on it).
For example, if I run ls and try to put it on a screen (through a TextView) as follows:
public void onBtnClick(View view) {
try {
EditText commandLine = findViewById(R.id.commandText);
Process process = Runtime.getRuntime().exec(commandLine.getText().toString());
BufferedReader in = new BufferedReader(new InputStreamReader(process.getInputStream()));
((TextView) findViewById(R.id.mainTextView)).setText(((TextView) findViewById(R.id.mainTextView)).getText() + "\n" + in.readLine());
commandLine.setText("");
} catch (IOException e) {
e.printStackTrace();
}
}
the output is acct which makes sense.
But on the other hand, if lets say I run pwd it gives me the following error:
W/System.err: java.io.IOException: Error running exec(). Command:
[pwd] Working Directory: null Environment: null
I did some research online and stumbled upon Termux that can have complete control over the phone through a terminal which is exactly what I'm looking to make (for my own learning and testing purposes).
And although it's just an emulator it can do exactly what I want but the only problem is that it requires I input the commands through the terminal.
What I'm here for is to sort of replicate what Termux does for myself so that I could run Linux commands properly from the Java code of the application, not requiring the user to actually input commands.
Can anyone help me with where to start and the basics of running those commands properly on my device?
Termux states that it doesn't work as a traditional Linux bash does since it sets its own virtual-ish environment when first setting up in its data directory in /data/data/com.termux/files/usr see here and here
Also, according to the official android docs, the exec(command) method,
Executes the specified string command in a separate process.
This is a convenience method. An invocation of the form exec(command)
behaves in exactly the same way as the invocation exec(command, null,
null).
So if it's a separate process, when executing a command, it will run it inside that process' directory (Each process in Linux gets its directory and is assigned an PID which os uses). So what the ls command gives you is simply whatever's inside that process' directory. You should be somewhere like /proc/31415/ and there's only a acct file (cgroup in regular Linux).
What you should be doing is running the command inside a directory by declaring it when invoking getRuntime().exec() see the link above to find the right one you'll need. I'd suggest using the override which handles all the parameters.
You'll need something like this:
String[] cmd = {"mkdir", "testDir"};
File env = new File(getFilesDir().getAbsolutePath());
Runtime.getRuntime().exec(cmd, null, env);
Also, it doesn't hurt to take a look at Termux's installer code (exec(). It'll give you a good overlook to setting up your environment as well as working with basic commands.
Also, I think you've done it already but double check to make sure that you're requesting WRITE_EXTERNAL_STORAGE permission for your application.
I recently jumped into an android development tutorials and doing my own app for the sake of learning. I want to get root permissions within my code in a proper way. So not by calling /system/xbin/su but by using something like seteuid(0). Unfortunately seteuid method does not work for me.
I am testing app on a real device, which I rooted, enabled debugging mode and well I clearly see that when using a call to /system/xbin/su my app requests root permissions from system, which does not happen with seteuid and seteguid (setuid and setguid do not work either but I would not expect those to do it as they are capable only in lowering the permissions).
Please, advice on where to look for a proper code implementation for requesting root permissions like it would do a top notch developer. Maybe some native api call? Or does everyone just use a call to su to get the needed access?
The usual way in Linux of elevating privileges -- that is, to run an application with greater privileges than the logged-in user -- is to set the SUID flag on the executable (e.g., chmod ug+s ...). This will make the process take the identity of the binary's owner (usually root), rather than the logged-in user.
This is tricky to do effectively on Android, even on a rooted device. First, you won't be able to install an app using the usual (APK) mechanisms that includes binaries with SUID permissions. Second, an Android app is not an executable in the usual sense -- a single executable handles the launching of all apps.
Still, if you want to experiment on the command line, it should be possible to set the SUID flag on binaries, in at least some filesystem locations.
If you have a rooted Android, then very likely there is some infrastructure already in place to control privilege elevation. Most likely the "su" command will work (because there will be kernel mods to make it work), and it will be provided either with credentials or with some other way to control which apps can use it. I believe that, as you suggest, calling "su" is the usual way to do privilege elevation in apps on rooted Android. It is fraught with difficulties, however. There's a document https://su.chainfire.eu/ that explains how "su" is typically implemented in rooted Android devices, and gives some guidance on how to use it properly.
Just in case posting my solution to the problem which I did in Java (no native code is needed here):
protected void hideRoot() throws IOException, InterruptedException {
Process p = Runtime.getRuntime().exec("su");
DataOutputStream dos = new DataOutputStream(p.getOutputStream());
dos.writeBytes("mount -o remount,rw /system\n");
dos.writeBytes("mv /system/xbin/su /system/xbin/suhidden\n");
dos.writeBytes("exit\n");
dos.flush();
p.waitFor();
}
I have android device with root and i try to implement some small app. This app need to read files from /proc/pid/net . I made it with Runtime.getRuntime().exec(new String[] { "su", "-c", "cat /proc/"+PID+ "/net/tcp6" }); but I must accept su -permission for each pid. There are some other possibilities how i can to read system files in android from my app? Something with FileReader? How can I get the su-permissions without exec -commando?
The exec command IS how you get su permissions. You might be able to chmod 777 the files you want and then they can likely be read via java. That, or you could move the files you want to read to the sdcard, or your apps data location and read them from there. Here is something very useful for root. You won't have to manually use the exec command each time, but RootTools does still use exec.
I believe if you do something like:
Process p = Runtime.getRuntime().exec("su");
you will get the root access.
And then you can do just:
p.getRuntime().exec("command");
and then you won't have to put the su in as long as that process is still active.
Though, I haven't done what I explained above (with the process) in quite some time, so I may be wrong. You may still have to include su each time. But either way, I'd recommend using RootTools.
I am trying to send terminal commands programmaticly from an android activity. At the moment I'm using something like the following:
Process process = null;
DataOutputStream os = null;
process = Runtime.getRuntime().exec("su");
os = new DataOutputStream(process.getOutputStream());
os.writeBytes("./data/program1\n");
os.writeBytes("./data/program2\n");
os.writeBytes("exit\n");
os.flush();
However, my program1 is failing to run successfully and I believe it is due to inadequate user permissions. Now for my question:
Does anyone know how I can dump the terminal to a file and save it on the phone or sdcard? The program is tying into the terminal to feed it commands, I want to know a way to open a connection the otherway and access the (what is normally visual on a terminal screen) output.
See the sources for the Terminal application, as that is bidirectional.
Sadly, running shell commands or launching native processes is not an officially supported part of android, so no future stability is guaranteed.
I am trying to execute a command from within my code,
the command is "echo 125 > /sys/devices/platform/flashlight.0/leds/flashlight/brightness"
and I can run it without problems from adb shell
I am using Runtime class to execute it :
Runtime.getRuntime().exec("echo 125 > /sys/devices/platform/flashlight.0/leds/flashlight/brightness");
However I get a permissions error since I am not supposed to access the sys directory.
I have also tried to place the command in a String[] just in case spaces caused a problem but it didn't make much differense.
Does anyone know any workaround for this ?
The phone needs to be rooted, afterwards you can do something like:
public static void doCmds(List<String> cmds) throws Exception {
Process process = Runtime.getRuntime().exec("su");
DataOutputStream os = new DataOutputStream(process.getOutputStream());
for (String tmpCmd : cmds) {
os.writeBytes(tmpCmd+"\n");
}
os.writeBytes("exit\n");
os.flush();
os.close();
process.waitFor();
}
If you're just trying to set brightness, why don't you do so through the provided API (AKA, is there a reason you are trying to do it the way you are).
int brightness = 125;
Settings.System.putInt(
ftaContext.getContentResolver(),
Settings.System.SCREEN_BRIGHTNESS,
brightness);
Agreed you probably need to root the phone to write to system files. I'm surprised the brightness isn't exposed through the SDK.
For details on running shell commands from code, check out this project:
You also may remout /system with permissions to write..
I think the device will need to be "rooted" for this to work. Have a search on google and see how other developers have dont this, there is no shortage of flashlight apps.
The adb shell can behave as a superuser without rooted devices.
it's a debug bridge. you can do whatever you want through it.
BUT, when your calling Runtime.getRuntime().exec, you don't have the same premissions. some shell commands aren't even available from exec.
so not only you need a rooted device, you also need su premmisions.