For an android terminal (it may be a mobile phone, a tablet, or something else), many functions can only be used after obtaining Root permissions. Then let's root it.
To obtain root privileges, you only need to put two files in the machine.
/system/bin/su (command to obtain root privileges)
/system/xbin/su (Same as above, except that some software only recognizes this path)
/system/app/SuperUser.apk (Root permission manager)
There are clearly three documents above, why do we say two? In fact, the first two files are the same file. Those who are familiar with Linux and other systems will know that just use ln to make a soft connection.
To be honest, Android is a branch of Linux. If you don’t believe it, just look at the kernel version of your machine.
ln -s /system/bin/su /system/xbin/su
Running the above command on the Android device can generate the soft connection file of /system/bin/su in the /system/xbin path (can be understood as a "shortcut" under Windows)
In addition to the two files mentioned above, namely:
/system/bin/su
/system/app/SuperUser.apk
You also need to set up /system/bin/su so that any user can run it, with set uid and set gid permissions. That is to run the following command on the android machine:
chmod 4755 / system / bin / su
It seems that doing this is relatively simple. Install a connectbot in the android market, copy su and SuperUser.apk to the SD card, then use ConnectBot to open a command window on the local machine, just cp ln chmod. But this is not possible.
why? There are three reasons:
1. The /system path has read-only permission and cannot be simply written.
2. chmod requires Root rights to run (infinite loop)
3. Some systems will automatically set su's 4755 permissions to 755 when starting up, or even delete su directly.
then what should we do?
Since the normal procedure doesn't work, we have to change our thinking and use the back door.
Where is the back door?
Google is very kind. Android has a backdoor for development, which is used by Android system and application software developers to debug programs.
How to open the backdoor? There are three jobs:
1. Connect the android device to PC with data cable
2. Install the driver of the android device on the PC.
3. Set up development and debugging mode on the android device (settings->applications->development->USB debugging)
how to use?
Google's Android SDK package contains two small programs: 1. adb 2. fastboot. Fastboot is used to flash the machine, and adb can let the android device execute some commands as Root.
usage:
Download the attachment to your computer.
Unzip the attachment to your computer
Refer to the above to open the backdoor of android devices
Use the resource manager to open the folder where the attachment data package was decompressed.
Do not select any files or folders, hold down the Shift key and right-click a blank part of the explorer, and select "Open command window here" in the pop-up menu.
(You can also open the command window first and use cd and other commands to switch the current path to the folder where the attachment data package is decompressed)
Type the command in the command window, then restart android to complete Root
adb remount
adb push su /system/bin
adb push SuperUser.apk /system/app
adb shell ln -s /system/bin/su/system/xbin/su
adb shell chmod 4755 / system / bin / su
Some remaining issues:
1. A few Android devices will report an error when running adb remount, indicating that /system cannot be remounted into read-write mode.
2. After restarting, the permissions of the /system/bin/su file are rewritten, and the setuid and setgid permissions are lost (that is, the root rights cannot be obtained normally after the restart), or even /system/bin/su is directly deleted.
how should I solve this? Haha, I even left a layer as a spare. Do you know what will happen? !
Book continues from above
Now we need to solve the problem of losing root rights after restarting and adb remount cannot make the /system directory readable and writable.
These problems are basically caused by the locks set by the system when starting the kernel.
How to unlock it? Let’s first talk about the startup of the Android terminal.
Generally speaking, Android terminals can be booted into three different modes:
1. Normal startup
2. bootloader mode
3. revocery mode
When the Android terminal is started normally, the system will automatically call the kernel in the boot image, then load the configuration and start the scheduled program in the system, and finally continue to load the user configuration and user-preinstalled programs in userdata.
Generally, when a new Android terminal is started for the first time, only the boot and system have data, and the userdata is empty. Our operations such as installing software and modifying configurations can only affect userdata. Therefore, Android terminals without ROOT are very safe. In fact, if the system installation is very messy, software conflicts, or crashes, just clear the data in userdata (return to the factory state) and it will be fine. (Built-in user storage space and external storage are part of userdata)
Since there is a lock in the boot and we cannot obtain Root rights, we have to give up the original boot and look for a boot developed by a third party (simply using software such as "one-click root" cannot solve the problem), and then flash the phone...
The bootloader mode provides an interface for flashing the machine via USB cable. You can use the small tool fastboot provided in the android SDK to complete the flashing (line flashing)
The recovery mode also provides a way to flash the phone (card flash) through the data storage on the Android terminal. However, the recovery that comes with the original Andriod terminal will recognize the digital signature of the flash package. Unofficial flash data packages are unlikely to pass this method. How to flash the machine. Therefore, veterans who play Android terminals will not use the original Recovery.
The recovery developed by a third party basically uses a text menu to operate. Those who know a few E-texts should have no problem operating it, as long as they find the flash package corresponding to their machine model. I don’t want to talk nonsense anymore.
Focus on flashing in bootloader mode
[How to enter bootloader]
Do you still remember the top-level adb? If you don’t remember, go upstairs and review.
Command window input
adb reboot bootloader
You can enter and restart the system to enter bootloader mode.
(Attachment: Enter adb reboot recovery in the command window to enter recovery mode)
Pay attention to review the top floor course and several necessary operations before entering the adb command (connect the data cable, install the driver, set the andriod terminal to usb debug mode, open the command window in the adb folder)
Of course there are other methods: for example, you can install a small software on a rooted machine and restart it with one click to switch to bootloader or recovery.
There is another method that is very important. If you master it, you can prevent your machine from becoming bricked due to flashing, or you can save the bricked machine.
1. Shut down
2. Press and hold a specific key (mostly the "up" key, different models vary) to turn on the phone, or press a specific key to enter the bootloader and then use fastboot to flash the phone. Of course, you must first find the flashing data package corresponding to your Android terminal ( boot.img,revocery.img,system.img)
Of course, you should put the flash data *.img in the same folder as fastboot (unless you like to type a lot of relative or absolute paths)
fastboot flash boot boot.img
(flash boot)
fastboot flash recovery recovery.img
(Brush recovery)
fastboot flash system system.img
(Flash Android system)
fastboot flash userdata data.img
(Flash user data)
fastboot reboot
(Reboot to normal mode)
For those of you who have bricked your machine, you can save it as long as you can enter the bootloader and brick the machine.
Now that Google and Baidu are so powerful, I believe it is not difficult for you to find an *.img corresponding to your device.
This is the end of writing. For the convenience of newbies, please leave a comment and tell me how to enter the bootloader on your own machine.
Or some hero can open a group thread to discuss how to enter the bootloader of various models, so as to benefit everyone.