The first step in Android reverse reverse is to open root permissions
foreword
I read some related articles recently , and Frida
I also want to do a few reverse operations manually_ .
I happen to have a Xiaomi Mi 8 Android phone (PS: I heard it is the easiest domestic phone to get Root permission), and I want to spend a few hours doing it. Unexpectedly, after reading a lot of articles, I ended up doing it all afternoon.
There is no article that allows me to operate it completely. The mood of the pit at the moment is extremely complicated, so leave an article to dilute it~!
Finally, let’s talk about root权限
the intention of managing permissions on the computer. root权限
After the software is obtained, theoretically speaking, any operation can be performed within the scope of the permissions of the software installed on the mobile phone 记住是任何操作
. Do not grant app root
permissions lightly.
environment
Development environment: one Mi 8, win10 laptop, data cable (typeC interface);
PS: You must pay attention to the model of the mobile device, and the flash image files downloaded by different models are different (I downloaded it myself It took 3 flashing packages to find a satisfactory one).
Mi 8 flashing and rooting process
Unlock Bootloader
This step is not the same as most of the articles on the Internet;
Xiaomi officially provides the unlocking function. First go to this website http://www.miui.com/unlock/index.html to apply for unlocking, download the unlocking tool and follow the above steps to unlock (PS: I heard that other manufacturers do not support the function of unlocking BootLoader).
PS: At present, the website cannot download the unlocking tool. Clicking on the result tool downloads no response. After changing two devices, there is no response to clicking.
The result tool I got from other channels, the download link is at the bottom of the article.
Check the device lock status of Xiaomi phones
- Mobile phone MIUI contact click 3 times to open the developer options;
- Open the device unlock status in the developer options, and it will display unlocked (PS: You need to bind your Xiaomi account here, click the button below after binding, note that a SIM card is required here, and WIFI network cannot be used);
PS: I haven’t encountered any of the online said that a qualification review is required, hahaha
When unlocking Bootloader
, the phone will restore factory settings and all data will be lost, so please make a backup in advance.
If you are ready to start unlocking Bootloader
, turn off the phone first, then press and hold the power button and the volume down button at the same time to turn it on. At this time, you will enter the fastboot interface, and a rabbit will appear on the screen of the Xiaomi phone. In this interface, we can directly install the system firmware.
First click on the downloaded software package MiUsbDriver.exe
to install the Android-related drivers. Then connect the device with a USB cable, and the relevant driver will be installed automatically.
Then click miflash_unlock.exe
to open the unlocking software, log in to the Xiaomi account, click all the way to confirm, reset the system, and unlock successfully Bootloader
.
It is possible that after entering the fastboot interface, a little rabbit appears, and the USB data cable is plugged in and the screen goes black and prompts press any key to shutdown
.
Solution: Change the computer USB 2.0 port connection to solve the problem. If your computer does not have a USB 2.0 port, you can also use a USB hub to connect.
If not, you can save the following content as a xxx.bat
batch , and then run it as an administrator, and then there will be no problem connecting.
@echo off
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\usbflags\18D1D00D0100" /v "osvc" /t REG_BINARY /d "0000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\usbflags\18D1D00D0100" /v "SkipContainerIdQuery" /t REG_BINARY /d "01000000" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\usbflags\18D1D00D0100" /v "SkipBOSDescriptorQuery" /t REG_BINARY /d "01000000" /f
pause
After running miflash_unlock.exe
, it will provide you to log in with your Xiaomi account, just follow the prompts.
Successfully unlocked Bootloader
.
MiFlash line brush developer version system
- Download Xiaomi's online flashing software MiFlash2019-12-06-0.zip
- Find the online flash package corresponding to the developer version required by the mobile phone and download xiaomirom
The second part needs special attention. Some of them are wire flashing packages obtained from forum posts [big coffee said] MIUI flashing instruction post . This can indeed be brushed successfully, but not after the brush is finished Root权限
.
There are also some Qitu Root tools that can be downloaded Root权限
for some Xiaomi systems, but there is a fee.
I myself downloaded some developer versions of the system image from xiaomirom (PS: I downloaded it twice, but the first flashing was not completed ).Root权限
Root权限
Unzip the downloaded image file, and then run the MiFlash program.
- Select the decompressed image file path;
- Connect the data cable to the mobile phone, load the device (first, press and hold the power button and the volume down button at the same time to turn it on, and enter
fastboot
the interface), wait for the setting name in the list below to come out, and then proceed to the next step; - Click to flash
may appear error: Missmatching image and device error
or error: FAILED (remote: Erase is not allowed in Lock State)
error;
The first error needs to be that the model does not match the ROM, and the second error can be solved by the following methods:
- To unlock the BL device, the Mi line brush needs to complete the BL unlock first
- If the previous online flashing was unsuccessful, since the default BL lock is on the online flashing, you can try to directly enter the fastboot mode to re-unlock
- If for some reason the mobile phone has logged out of the Xiaomi account and cannot enter the system, in this case, it can only be sent to Xiaomi after-sales for forced flashing
For other errors, please refer to the Mi line brush error reporting problem and solution
Enable Root permission
Click the steps in turn: Mobile Manager - Application Management - Permissions - ROOT Permissions Management, and finally there will be a process of confirming and downloading files.
- adb command without Root permission
➜ ~ adb shell
dipper:/ $ cd data
dipper:/data $ ls
ls: .: Permission denied
- adb command with root privileges
➜ ~ adb shell
dipper:/ $ su
:/ # cd data
cd data
:/data # ls
ls
adb bootchart media ota system_de
anr cache mediadrm ota_package tombstones
app dalvik-cache misc property unencrypted
app-asec data misc_ce resource-cache user
app-ephemeral dpm misc_de sdcard user_de
app-lib drm miui ss vendor
app-private local mqsas system vendor_ce
backup lost+found nfc system_ce vendor_de
appendix
MiFlash_v3.14.0.rar:
Link: https://pan.baidu.com/s/1yEO_oKhfxA3FHO8Oev1Fbg Extraction code: 5mw9
miflash_unlock-6.5.406.31.zip
Link: https://pan.baidu.com/s/1AQgXWTai05Cfv-eQabZOvQ Extraction code: mji6
If you want to read more articles by the author, you can check out my personal blog and public account: