Rooting unprotected Android device using ADB script
I found out my crappy Denver tablet
had privileged shell enabled by default (ro.secure=0 in default.prop) which
means I can remount /system as rw and push SuperSU binaries into my tablet. And
of cource, it's made by china, ROM made by china and kernel made by china. In
build.prop, the data was written like this
ro.build.date=2016年 12月 21日 星期三 19:08:23 CST
This method will not work if ro.secure
is set to 1 but there is always a change that any crappy chinese devices can be
easly rooted like this. All crappy Denver tablets I had are vulnerable even adb
privileged shell is disabled.
I have written a simple CMD script
that pushes SuperSU binaries, change permission and symlink files. Only tested
in ARM device running Android 5.1.1. If you have a device running other OS and architectures,
get SU binaries from SuperSU flashable.zip and customize the script by
yourself. I only have ARM devices.
Download script with required files
here: https://drive.google.com/open?id=1q4UsrLbW3Z2NELqSrHWx2S47F-1-NvkS
Source code:
@echo off
echo Starting
adb...
adb.exe shell
mount -o rw,remount,rw /system
echo Remounted
/system as read-write
echo Creating
directory /system/app/Superuser...
adb.exe shell
mkdir -p /system/app/Superuser
echo Pushing
files to device...
adb.exe push
Superuser.apk /system/app/Superuser
adb.exe push
install-recovery.sh /system/etc
adb.exe push
libsupol.so /system/lib
adb.exe push
supolicy /system/xbin
adb.exe push su
/system/xbin
echo Copy
rename su to daemonsu in /system/xbin/
adb.exe shell
cp /system/xbin/su /system/xbin/daemonsu
echo Changing
permission
adb.exe shell
chmod 755 /system/app/Superuser
adb.exe shell
chmod 644 /system/app/Superuser/Superuser.apk
adb.exe shell
chmod 755 /system/etc/install-recovery.sh
adb.exe shell
chmod 644 /system/lib/libsupol.so
adb.exe shell
chmod 755 /system/xbin/su
adb.exe shell
chmod 755 /system/xbin/daemonsu
adb.exe shell
chmod 755 /system/xbin/supolicy
echo Renaming
binary files
adb.exe shell
mv -i /system/bin/app_process /system/bin/app_process_init
adb.exe shell
mv -i /system/bin/app_process32 /system/bin/app_process32_original
echo Copying
and renaming app_process files...
adb.exe shell
cp /system/xbin/su /system/bin/app_process
adb.exe shell
cp /system/xbin/su /system/bin/app_process32
echo Symlinking
app_process files to daemonsu...
adb.exe shell
ln -sf /system/xbin/daemonsu /system/bin/app_process
adb.exe shell
ln -sf /system/xbin/daemonsu /system/bin/app_process32
echo Done,
rebooting your device in 10 seconds
TIMEOUT /T 10
/NOBREAK
adb.exe reboot
echo
Rebooting... After reboot, launch SuperSU and install binaries as NORMAL and
reboot again.
echo If you
want to update SuperSU to 2.82, update it to 2.82 SR5 instead. 2.82 is
unstable.
pause
Comments
Post a Comment