# How do hackers/developers root new phones?



## zcdziura (Nov 20, 2011)

Greetings, everyone.

I've been pondering over this question for a while now, and while I've done some research, my efforts have not been fruitful. Therefore, I decided to post here and see if the community can help me out. And who knows? Maybe someone else out there has had this question, and just never asked!

Anyhow, here is the hypothetical situation: Samsung just released their Samsung Galaxy Super-Mega-Ultra phone! It does everything! 3.0 GHz quad-core processor! A mobile GPU with the power to rival any desktop GPU! Sensors up the wazoo! Instant GPS tracking! Hell, it even comes with a port where you can sync your own memories from your brain into it! WOO!!

So, the hacker community wants to get their hands on this device and root it ASAP, in order to best unlock it's true potential. What's a general walk-through of how such a hacker would go about doing that? I understand that every device is different, even devices put out by the same OEM, but I'm simply curious on what sorts of things a hacker would do in order to gain root access.

Thank you for any and all answers! And if this has been asked/answered before hand, feel free to close this thread down (like you need my permission anyway =P).


----------



## JBirdVegas (Jun 11, 2011)

One click roots, for gb anyways, take advantage of adb having elevated permissions than usual users, and some lesser known group ownership rules.

But to more directly awnser you question 'rooting' is generally done by overloading buffers to take advantage of security flaws and gain access to a root shell, we just install busybox and superuser once we achieve that shell.


----------



## supr2nr (Jun 12, 2011)

This is a good question asked by the original poster. And JBirdVegas I appreciate your response. I'd also like to know more about this as well. Such as how do you know where to look for exploits and what exactly shows that you could actually use that exploit to root a phone.


----------



## JBirdVegas (Jun 11, 2011)

supr2nr said:


> This is a good question asked by the original poster. And JBirdVegas I appreciate your response. I'd also like to know more about this as well. Such as how do you know where to look for exploits and what exactly shows that you could actually use that exploit to root a phone.


Android is open source hackers just read till they see something that is exploitable.

As far as understanding the innerworkings of linux and the languages that comprise android (java, c, cpp, xml) enough to know a vurnability when you see it, you need to get a masters in network security or go underground.

rageagainsgthecage was the froyo exploit an was written in c, he released the code after google closed the hole.
...I believe it opened child activities till system got confused and the grabed the system UID, somehow, this allowed it to mount the system after that just mod the init or create a user group that shares root UID and install BB and su on reboot via new UID
...that was my understanding but I don't claim to be that good :/

Not sure if that helps


----------

