Android - What are the steps for rooting an Android device, in general?
There are a few parts to the process:
Unlocking or bypassing any bootloader protection, allowing the system partition to be written
Installing the relevant binaries to acquire root.
Both of these stages can vary from phone to phone, but here are a few examples:
Unlocking the bootloader
On many OEM phones, this traditionally involves exploiting a vulnerability in part of the system in order to rewrite certain partitions. Sometimes it will mean flashing a new bootloader, a new recovery (this is becoming common) or temporarily booting from an image over USB, in order to gain recovery access to the system partiton.
On the Nexus range of phones, and the development phones that were released by Google, it is as simple as running "fastboot oem unlock", though this will wipe the phone. Also, bowing to pressure from the development community, many manufacturers now offer an official route to unlocking the bootloader.
Installing the root binaries.
Once the system partition has been cracked then the rest is fairly straight-forward. It basically means installing the 'su' binary (this escalates to super user permissions), and an apk which provides an Android front end to 'su', and prompts the user when an app is requesting root permission.
There are several approaches to this second stage. The most common has been to use a pre-rooted ROM provided by the community. There is often a choice, from the stock ROM provided by the manufacturer and then tinkered with to add the binaries, through to a whole range of AOSP (Android Open Source Project) ROMs, such as CyanogenMod (one which I contribute to).
There are some other methods. For example, some phones (eg Galaxy Nexus) can use a "superboot" bootloader, which tinkers with your existing ROM as bard of the boot process. It is flashed to your phone using the fastboot program.
Typically there will be a single favoured approach for any particular phone.
It's pretty simple:
- Unlock the bootloader;
- Install a custom recovery that doesn't check if the ZIP is an official update;
- Install the relevant binaries, usually with SuperSU.
The actual steps to do those may vary from device to device.
Unlocking the bootloader
This is required so the system partition can be written on.
On some devices like Samsung and LG, there's a Download mode, where you can use Odin to flash something (in this case, a custom recovery) without having to unlock the bootloader.
Other devices don't have a Download mode, but some have an official way, like Nexus and Moto. They generally use the fastboot oem unlock fastboot command.
In the case of Moto phones, it's required to get a key for your device on the official Motorola website, which will then be used on the unlock command.
WARNING: That command will wipe the phone if done on a Nexus!
Some devices don't have either a Download mode or an official method. In this case, it's required to use an exploit.
Installing a custom recovery
On devices where there is a Download mode, you could skip the previous step. 1. Download Odin and any custom recovery; 2. Enter Download mode; 3. Install it.
On devices where there isn't: 1. Download the recovery .img; 2. Enter fastboot mode; 2. Flash it.
WARNING: The recovery HAS to be a version for your specific device!
Installing the binaries
This is practically unvariable. Just download the SuperSU zip, enter recovery mode and install it.
Sidenotes
- Contrary to popular belief, there is 0% chance to brick your device, unless you do it wrong, which is totally your fault;
- Updates will either softbrick your phone or remove root access. Remember, softbricks are always fixable.
- Warranty is lost;