Part I: What You Need to Know
Chapter 1: Android OS Internals: Understanding How Your Device Starts
Chapter 2: Rooting Your Android Device
Chapter 3: The Right Tool for the Job
Chapter 4: Rooting and Installing a Custom Recovery
Chapter 5: Theming: Digital Cosmetic Surgery
Chapter 6: Youāve Become Superuser: Now What?
Chapter 1: Android OS Internals: Understanding How Your Device Starts
In this chapter:
ā¢ The penguin down below: the Linux kernel
ā¢ Bootstrapping: How your device starts
ā¢ An introduction to custom bootloader and custom recovery processes
To fully understand the process of rooting your device, gaining the control and power you need to truly customize it, you need to understand a little about how the Android operating system worksāhow the device goes from being powered off to a fully functioning state. It is in this process that developers usually exploit weaknesses to gain full access to the device. Usually some step in the boot process allows a developer to insert a bit of code or a script, and thus access functionality not intended by the Original Equipment Manufacturer (OEM).
The Penguin Down Below
Android is an operating system built on the Linux kernel. Thanks to Google and the Open Handset Alliance, Linux and its penguin mascot have found a home on Android devices. Android is essentially a highly customized distribution of Linux with various tweaks oriented towards mobile devices.
If you are familiar with the Linux operating system then you are going to feel quite at home with many aspects of the Android operating system. If you are comfortable with any other command-line operating system, such as DOS or the Windows command line, many of your skills there will be useful as well.
Android is, at its core, an implementation of the Linux operating system. Many of the commands you will be using in hacking an Android device are Linux commands. However, you do not need to be a programmer to become an Android hobbyist or enthusiast. Using the skills taught in this book, you can become adept at exploring and altering your Android device.
The differences between your Android device and a Linux desktop computer are many. The most striking difference is the way in which your device bootstraps (starts) when you power it on. It is in this start-up process that the hackers and elite developers find the vulnerabilities to exploit. Because Linux has a long history of being the go-to operating system of developers, hobbyists and hackers, there are many programmers and professional experts working on tools that help you with the root process. Most of the āheavy liftingā is done long before the average Android hacker gets access to root on his or her device.
Although you do not need to be a Linux nerd to root and customize your Android device, being familiar with the Linux command line, and command lines in general, will help you feel more comfortable. For an excellent reference to the Linux command line, check out Linux Command Line and Shell Scripting Bible, 2nd Edition by Richard Blum (Wiley, 2011).
How Your Android Device Starts
The Android operating system has a complex and multistage start-up routine. Manufacturers lock the start-up process to protect revenue and maintain control of the device you purchase. The nature of the Android start-up process allows developers and hackers to replace parts of it to achieve full control of an Android device.
Bootstrapping
Bootstrapping (or booting) is a term that describes what a computing device does when turned on. It āpulls itself up by its bootstraps.ā When you power on an Android device, a tiny piece of code on a memory chip initializes the memory and CPU. Usually the bootstrap code is referred to as the bootloader. The bootloader is different from device to device, although all bootloaders do the same things: they check for hardware features and load the first part of the operating system into the deviceās memory.
The encrypted bootloader is the beginning of all things Android, effectively locking out the user from customizing the firmware and software. Locking the bootloader is the rough equivalent to a computer manufacturer forcing you to use a particular version of Windows, along with a theme of their choosing. The bootloader is the primary point of contention between owners of mobile devices and the original equipment manufacturer (OEM). Many, if not most, OEMs specifically do not want you to have access to that bootloader code. The reasons that OEMs do not want users to have access to this code are varied but fall into the following categories:
ā¢ The cost of honoring warranties: Altering the bootloader code can permanently disable the device. This is problematic for device manufacturers because broken devices are returned to them under warranty. It is difficult to determine if a device is broken because the user did something silly to it or if it is, in fact, defective. This means that the manufacturer may have to replace a device that became defective through no fault of the manufacturer. Replacing defective devices costs money and those costs may be passed on to the consumer.
ā¢ The need to protect carrier agreements: Carriers are paid to pre-install applications from third parties on devices. Many organizations, from car rental companies to streaming video startups, have a mobile application. To get exposure for their products, they pay carriers to include those applications on your device; to ensure that exposure, the carrier blocks the userās ability to remove the application. After all, it simply wouldnāt do to have Blockbuster pay hundreds of thousands of dollars to have their application on your device only to have you remove it to make room for Angry Birds three minutes after you walk out of the store. Locking the bootloader allows carriers and OEMs to declare some applications as āsystemā applications. This removes them from typical management tasks, such as deletion or moving them to an SD card.
ā¢ Planned obsolescence: Devices with a very long life are bad for OEMs. The development and release cycle of new mobile devices has become incredibly fast, outpacing even old standards in technology. When a device is released, the device that will obsolete it is often already in production. Android operating system updates have new features and stability that users desire. Because OEMs depend on selling new features and the latest Android operating system, they need consumers to want the newest devices. Allowing consumers to update the operating system and software themselves effectively reduces the need to purchase the latest device from the OEM or carrier.
In essence, planned obsolescence from the carriers and OEMs is designed to make the consumer spend more money to get the latest Android updates. If you can hack those updates into the perfectly good device you purchased six months earlier, the OEMs lose money.
When you power on an Android device, the bootloader is the first program code that runs. Bootloading is typically a two-part process, utilizing a primary and a secondary bootloader.
On most Android devices, the primary bootloader cannot be replaced. This is because the primary bootloader is hardcoded into an application-specific integrated circuit (ASIC) in the device. These hardcoded instructions load the secondary bootloader into memory and tell it where the memory, CPU and operating system are located and how they can be accessed.