如何使用ADB将文件推到根( /)目录中,以便我可以安装`su`二进制
我刚刚将 adb shell 插入设备上的根目录,并且想要安装 su 二进制文件。请注意,我使用的是 macOS,并且想要手动执行此操作。
当我尝试将 su 二进制文件推送到根目录(不在 SDCard 上)时,出现此错误:
$ cp /sdcard/su /system/bin
cp: /system/su: Read-only file system
How do I Push the su binary to /system /bin?
(我的平板电脑是 Acer Iconia Tab 10 A3-A30)
基本上,我只想对其进行 root,但我找不到有关解锁引导加载程序或与此平板电脑配合使用的任何应用程序的任何详细信息。
I've just adb shell'd into my root directory on my device and I want to install the su binary. Just to note, I'm on macOS and want to do this manually.
When I try to push the su binary to the root directory (not on SDCard), I get this error:
$ cp /sdcard/su /system/bin
cp: /system/su: Read-only file system
How do I push the su binary to /system/bin?
(My tablet is an Acer Iconia Tab 10 A3-A30)
Basically, I just want to root it but I can't find any details on unlocking the bootloader or any apps that work with this tablet.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
简短版本:不幸的是,仅按“su”的天真方法是行不通的。您可以验证这一点(除非您的“su”二进制文件正在使用漏洞),甚至“adb push su /data/local/tmp/”然后从那里执行它也不起作用。
详细版本:
Android 5.0带来了两个根本性的变化:第一个是根和其他文件系统的密封,使它们不仅以只读方式挂载,而且还通过DM-verity进行验证,这样如果它们挂载了则可以读取/write,更改将不被接受。
第二个是引入 SE-Linux(以及另一项更改,弃用 setuid 二进制文件),作为所谓的“强制访问控制”的额外级别。这(与 chmod/chown/etc“自由访问控制”相反)意味着存在一个总体的“安全策略”,一旦安装,就不能以任何方式覆盖。
因此,有两种方法可以获取您的设备的 root 权限:
A) 上传“su”样式的二进制文件,该二进制文件会以某种方式找到绕过 SE-Linux 的方法并授予您 root 权限。这就需要利用安全漏洞来实现内核内存访问和 shell 凭据的“修补”。这些漏洞非常罕见,可以打折,因为这些漏洞很快就会被修补(MediaTek 设备除外,mtk-su 对此效果很好)。
B)以“引导加载程序解锁”模式(您确实提到过)引导设备,其中预先修补的内核,具有修改的安全策略和带有预制 su 的根文件系统(技术上,Ramdisk)并且启用的守护进程可用于根据需要为您提供超级用户权限。这是由 ChainFire 的“supersu”开始的,现在是 Magisk 事实上的方法。
因此,你的问题基本上是一个死胡同。如果这是一个开发版本,您可以修改根文件系统并安装su的“旧”形式(如“getprop ro.debuggable”或“getprop ro.build.fingerprint”所示)但是,这不适用于发布(零售)设备。
您最好的选择是
通过/sdcard/Download)或imjtool
(不保证可用)通过开发者选项
设备处于快速启动模式(“adb restart bootloader”应该可以)
当设备连接时,主机上的“fastboot flashing解锁”。
批准解锁
确定它有效)“fastboot flash boot”
Short version: Unfortunately, the naive approach of just pushing "su" won't work. You can verify that (unless your "su" binary is using an exploit), even "adb push su /data/local/tmp/" and then executing it from there won't work.
Detailed version:
Android 5.0 brought two fundamental changes: The first was the sealing of the root and other filesystems, so that they are not only mounted read-only, but they are also verified by DM-verity, such that if they ARE mounted read/write, changes will not be accepted.
The second was the introduction of SE-Linux (along with another change, deprecating setuid binaries), as an extra level of what is known as "Mandatory Access Control". This (as opposed to chmod/chown/etc "Discretionary Access Control") means that there is an overarching "security policy", which - once installed - cannot be overridden in any way.
There are thus two ways to root your device:
A) upload a "su" style binary which would somehow find a way around SE-Linux and grant you root privileges. This necessitates exploitation of a security vulnerability to achieve kernel memory access and "patching" of the shell credentials. These are rare enough to be discounted since these vulnerabilities are quickly patched (exceptions being MediaTek devices, for which mtk-su works well).
B) boot the device in a "boot loader unlocked" mode (which you've indeed referred to) in which a pre-patched kernel, with a modified security policy and a root filesystem (technically ,Ramdisk) with a pre-made su and an enabled daemon can be used to give you super user privileges on demand. This was started by ChainFire's 'supersu', and is now the de facto method of Magisk.
Therefore, your question is very much at a dead end. You could modify the root filesystem and install the "older" form of su if this were a development build (as would be shown by "getprop ro.debuggable" or "getprop ro.build.fingerprint" with "eng" it. But, this will not work on a release (retail) device.
Your best bet is to
through /sdcard/Download) or imjtool
(not guaranteed to be available) through Developer Options
device in fastboot mode ("adb reboot bootloader" should do)
"fastboot flashing unlock" on host when device is thus connected.
Approve unlocking
are certain it works) "fastboot flash boot "