miércoles, 11 de septiembre de 2013

Execute a C program as root in your Android without a rooted device

The objective is having an APK which contains a call to a C program running as root on the Android operating system.
The first thing to have into account is that your Android device must be rooted at the beginning of the process, it might be changed to a non rooted mode afterwards. Once you have compiled your C routine in the proper architecture mode, you need to copy your files in /system folder. Since the /system folder is a read-only folder, it is necessary to set read-write privileges, additionally this folder is the most suitable to store your application since it is not deleted when you reset the device. For example:

mount -o remount,rw /system
mkdir /system/samplec

It is assumed that you copy your application samplec in your /sdcard folder. In order to move your files:

/system/bin/busybox cp /sdcard/samplec /system/samplec

Once the file is copied, you need to assign the execution privileges to the folder and the binary file:

chmod 751 /system/samplec
chmod 6751 /system/samplec/samplec_binary

The last step before you deploy your APK is leaving the /system folder back to read-only mode, like this:

mount -o remount,ro /system

After setting the privileges to the file, it is not necessary to call to your C program by enabling “su” privileges in your Android code.

Your code, originally looked like this

Process sh = Runtime.getRuntime().exec("su", null,null);
OutputStream os = sh.getOutputStream();
os.write(("/system/samplec/samplec_binary").getBytes("ASCII")); os.flush();

Now, the “su” call is not needed anymore, you can straight call your C program as displayed:

Process sh = Runtime.getRuntime().exec("/system/samplec/samplec_binary", null,null);

At this point, you can unroot your device and the execution of your Native C application will continue being executed as root.