0

I've just adb shell'd into my root directory on my device and I want to install the su binary. Just to note, I'm on macOS and want to do this manually.

When I try to push the su binary to the root directory (not on SDCard), I get this error:

$ cp /sdcard/su /system/bin
cp: /system/su: Read-only file system

How do I push the su binary to /system/bin?

(My tablet is an Acer Iconia Tab 10 A3-A30)

Basically, I just want to root it but I can't find any details on unlocking the bootloader or any apps that work with this tablet.

HeyHoo
  • 94
  • 1
  • 15
  • Remount the filesystem as read write. See https://stackoverflow.com/questions/10294808/android-mount-the-filesystem-with-write-permission – Gabe Sechan Apr 11 '22 at 19:01
  • I can't do that, I don't have `su` installed. That's what I'm trying to do; install `su`. – HeyHoo Apr 11 '22 at 19:03
  • 1
    Then you'll have to put it somewhere else. You can't write to a read only filesystem without remounting it read write. Which requires root. – Gabe Sechan Apr 11 '22 at 19:06
  • Well, where else will I put the `su` binary that SuperSU and such can detect it? – HeyHoo Apr 11 '22 at 19:07
  • 1
    Put it anywhere. Then use it via commandline to remount the file system. Then move it. – Gabe Sechan Apr 11 '22 at 19:09
  • Oh. `/system/bin/sh: ./su: can't execute: Permission denied` – HeyHoo Apr 11 '22 at 19:13
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/243795/discussion-between-heyhoo-and-gabe-sechan). – HeyHoo Apr 11 '22 at 19:31
  • 1
    Did you chmod it to executable? It should be 755 – Gabe Sechan Apr 11 '22 at 19:37
  • `$ chmod 755 su` - `Unable to chmod su: Operation not permitted` – HeyHoo Apr 12 '22 at 07:07
  • I saw somewhere that Android mounts internal storage with `noexec`, so I'd have to try it in system folders (which I can't do) – HeyHoo Apr 12 '22 at 07:08
  • 1
    You can not root a device by simply installing `su`. If have to unlock the bootloader, and install a root package like Magisk using a custom recovery, or use an root app that uses an exploit to gain root access (depends on your device and Android version if such an app exists). – Robert Apr 12 '22 at 07:37
  • I'm trying Magisk but I can't find the firmware boot.img file. (for the Acer Iconia Tab 10 A3-A30) – HeyHoo Apr 12 '22 at 12:35
  • Well, I got the boot.img but now Magisk says "Process error, Installation failed" – HeyHoo Apr 13 '22 at 06:39

1 Answers1

1

Short version: Unfortunately, the naive approach of just pushing "su" won't work. You can verify that (unless your "su" binary is using an exploit), even "adb push su /data/local/tmp/" and then executing it from there won't work.

Detailed version:

Android 5.0 brought two fundamental changes: The first was the sealing of the root and other filesystems, so that they are not only mounted read-only, but they are also verified by DM-verity, such that if they ARE mounted read/write, changes will not be accepted.

The second was the introduction of SE-Linux (along with another change, deprecating setuid binaries), as an extra level of what is known as "Mandatory Access Control". This (as opposed to chmod/chown/etc "Discretionary Access Control") means that there is an overarching "security policy", which - once installed - cannot be overridden in any way.

There are thus two ways to root your device:

A) upload a "su" style binary which would somehow find a way around SE-Linux and grant you root privileges. This necessitates exploitation of a security vulnerability to achieve kernel memory access and "patching" of the shell credentials. These are rare enough to be discounted since these vulnerabilities are quickly patched (exceptions being MediaTek devices, for which mtk-su works well).

B) boot the device in a "boot loader unlocked" mode (which you've indeed referred to) in which a pre-patched kernel, with a modified security policy and a root filesystem (technically ,Ramdisk) with a pre-made su and an enabled daemon can be used to give you super user privileges on demand. This was started by ChainFire's 'supersu', and is now the de facto method of Magisk.

Therefore, your question is very much at a dead end. You could modify the root filesystem and install the "older" form of su if this were a development build (as would be shown by "getprop ro.debuggable" or "getprop ro.build.fingerprint" with "eng" it. But, this will not work on a release (retail) device.

Your best bet is to

  • A) get the OTA or factory image of your tablet in question.
  • B) get the boot.img from it
  • C) Patch the boot.img using magisk (on device, through /sdcard/Download) or imjtool
  • D) Enable boot loader unlocking (not guaranteed to be available) through Developer Options
  • E) put device in fastboot mode ("adb reboot bootloader" should do)
  • F) Use "fastboot flashing unlock" on host when device is thus connected. Approve unlocking
  • G) use "fastboot boot " or (when you are certain it works) "fastboot flash boot "
  • H) Hope for the best
Technologeeks
  • 6,722
  • 23
  • 33
  • How do I use Imjtool to install MagiskSU? Magisk gives me "process error" when I try to use it. – HeyHoo Apr 15 '22 at 07:02