Unlocking Android

BLU 4.3.2013

Rooting

• Adding the su binary to the /system partition so that apps can gain superuser privileges
• This is a separate task from loading a ROM/Kernel/Recovery/radio
• People often use the term "rooting" when referring to any/all of the above topics

Why root my device?

• Ability to run apps that require root access
• Backup utilities
• System analysis and diagnostic utilities
• Ability to pull data from an app's home directory
• Useful for app development
• Because I like to tinker

Why run custom ROMs?

• Remove carrier/OEM bloatware
• Add more features to a device
• Theming
• Tethering
• Various UI tweaks
• Battery indicator
• Signal Strength indicator
• Updates more in line with AOSP
• Some carriers take a long time to push OS updates
• Remove Vendor skins from device
• AOSP instead of HTC Sense

Why use custom a kernel?

• Further tweak a device
• Change scheduler
• Undervolt
• Overclock
• Because I can

Why custom radios?

• Latest is not always the greatest
• Ability to test latest, but revert back to earlier version
• Mix 'n Match
• Use different CDMA/LTE radio versions
• Sometimes a hybrid solution gives the best performance

Definitions

• ROM
• GApps
• S-ON/S-OFF
• Recovery
• Kernel
• Radio
• Bootloader (Sometimes called HBoot)
• su
• su Supervisor
• adb & fastboot

ROM

• Installable form of Android
• May contain additions to AOSP (stock Android)
• Usually contains su binary
• Will contain a kernel
• DOES NOT contain radios
• Might contain gapps
• Often maintained by teams of third-party developers.

GApps

• Closed source Google Apps
• Play store
• Google Talk
• Gmail
• Google Maps
• Google Voice Search
• Most of the apps are also available in Google Play
• Usually a separate flash from the ROM
• http://goo.im/gapps

S-ON/S-OFF

• Security on/Security off
• S-On
• Prevents sensitive partitions from being permanently modified
• /system
• /boot
• /recovery
• Changes made will be lost on reboot
• S-Off
• Changes made to partitions will be permanent

Android Partitions

• /system
• Android OS and system level apps that are pre-installed
• /boot
• Bootloader
• /recovery
• Data that allows device to be booted into the recovery console
• /data
• App data
• /sdcard
• External storage

Recovery

• Alternate boot target
• Allows user to flash zip files
• Kernel
• Radio
• ROM
• Customizations
• Perform backup/restore
• Two popular recoveries
• ClockworkMod (CWM)
• http://clockworkmod.com/rommanager
• TWRP
• http://teamw.in/project/twrp2

Kernel

• Kernel of the OS
• Allows for tweaks
• Scheduler
• Voltage
• Frequencies
• Popular Kernels
• Imoseyen's Lean Kernel
• Franco's Kernel

Radio

• Firmware packages to support radio hardware
• Some carriers/devices have multiple radios
• Verizon has CDMA/LTE on LTE devices
• These are NOT part of a ROM flash
• Usually originate from the carrier/Google
• Early releases provided through "leaks"

Bootloader

• Instructs device on how to boot
• Recovery
• Android OS
• Often protected by manufacturer to prevent customization
• rooting
• ROM loading

su

• The binary that give the user elevated (root) privileges
• Same concept as su/sudo on Linux

su Supervisor

• App that allows a user to control access to su
• SuperSU
• Superuser
• User can deny app requests for su
• Maintains a list of app that can use su

Granting app su access

• "Root Explorer" app was launched and user was informed of the request for su access
• User can grant/deny su access
• One-time
• Recurring

Notifying user of su access

Once granted access, the supervisor app can notify user when app is granted su access

Authorized apps

• Maintains list of apps that can use su
• Logs su access
• Apps can be removed from the list

adb & fastboot

• Part of the Android SDK
• http://developer.android.com/sdk/index.html
• adb (Android Debug Bridge)
• Command line tool that can be used to perform operations on a device
• Install/uninstall apps
• Reboot phone
• Pull runtime information
• fastboot
• Device must be in bootloader
• Write to partitions on a device
• Unlock bootloader (Nexus Devices)

Rooting vs. Loading ROMS

• Rooting is not the same as loading an aftermarket ROM
• Usually, the default OS can be rooted
• Custom ROMs often contain the su binary which provides root access

Rooting/Installing ROM Process

• Unlock bootloader
• Not necessary for all devices
• Load custom recovery
• Boot into recovery
• Flash su
• Wipe
• Flash ROM
• Reboot

​

Warning: Unlocking bootloader usually wipes data and voids your warranty

Unlocking the bootloader

• Not always a trivial task
• Not always possible
• Device Dependant
• Nexus devices should always be easy to unlock
• Google considers them developer phones

Bootloader Unlocking Techniques

• Fastboot
• Only works with Google Nexus devices
• fastboot oem unlock
• One-click methods
• unrevoked
• revolution
• OEM Tools
• HTC unlock tool
• Manual approach
• Varies between devices
• May involve flashing older version of Android and using exploit

Flash Custom Recovery

• Download recovery image
• Verify download
• md5
• Reboot into bootloader
• adb reboot bootloader
• Flash recovery image
• fastboot flash recovery <recovery>.img

Flash su

• Download su package and put on SD card
• Reboot into recovery
• adb reboot recovery
• Physical button combinations
• Differs by device
• Navigate recovery UI and select install zip option

TWRP Recovery Main Menu

Image Src: http://www.xda-developers.com/android/twrp-2-1-released-for-the-att-and-rogers-one-x/

Select .zip file to install

Wipe Data

• Cache
• Dalvik Cache
• Factory Reset

Changing ROMs

• Not all ROMs have same features
• Pure AOSP
• Feature packed
• Vendor skins
• Not all phones attract developers
• There is no "best" ROM
• Backup before you flash
• Follow same steps as flashing su, but select the ROM .zip file
• Some ROMs also need GApps flashed separately

Where can I find ROMs/recoveries/radios/Gapps?

• Google Nexus Factory Images
• https://developers.google.com/android/nexus/images
• Nexus devices only
• Device forums
• RootzWiki Forums
• http://rootzwiki.com/index
• XDA Developers Forums
• http://forum.xda-developers.com/
• Both sites have forums for individual devices
• http://goo.im/

ROM Developers

• Cyanogen
• Large team
• Supports many devices
• Base for many other ROMs
• Slow development cycle
• AOKP
• Android Open Kang Project
• Based off of Cyanogenmod
• Many Customizations
• Team BAMF
• Claims superior code quality/security
• Usually includes GApps

ROMS/Kernels/Radio/Gapps Combo

• Most ROMs/kernels/radios should work together
• If developer gives guidance, follow it
• Ask what other combinations people are using
• Certain ROM versions may require certain GApps versions
• Devs usually provide guidance on forum release pages

Dangers of Rooting

• Voids warranty
• Can put a device into an unrecoverable state
• aka "Bricking"
• Potential decreased Stability
• In rare cases, the hardware can be damaged

Support Information

• Rootzwiki
• XDA Developers
• android.stackexchange.com
• IRC

Questions?

Contact Info

• Twitter: @adstro
• Email: adam.stroud@gmail.com