Stupid SU: Galaxy S 4 stock+root helper

supercurio · May 17, 2013

Hi guys!

As some of you must have noticed, latest Samsung GT-I9500 firmwares carry a kernel configuration supposed to prevent SETUID privilege elevation.
Stock unmodified firmware with root is my preferred setup but also a strong dependency for all my development, for me this change is a massive setback if not a dealbreaker.

While poking around I found in about an hour something weird that reveled being a vulnerability, so I created a little thing to make it useful for now.

README:

Stupid SU: Galaxy S4 root helper by François SIMOND aka @supercurio

Circumvent an extremely weak false-security "Anti Root" mechanism implemented
on latest Samsung Galaxy S4 devices (on both Exynos and Qualcomm versions)

Preventing proper root function on official firmware breaks all my Voodoo apps
requiring stock+root and is a move that's hostile to both users and developers.

Samsung security might be embarassed by this proof of concept, as it defeats
their mechanism in a single line... not even with complex ARM assembler
but *one* line of shell script.
However, the goal here is to show Superuser solutions developers how to
deal with those devices for now, and provide a working solution to people who
bought a Galaxy S4 expecting to root it cleanly and easily but cannot.

This proof of concept is slightly slowing down Superuser calls, but its
"plain text" implementation has the merit of showing how stupid this exploit is.

SELinux configuration stays unmodified and active.

Features:
- Detect and supports both SuperSU and Koush's Superuser
- Installs Super SU binary by default

Make sure you have one of those Superuser apps installed:
- https://play.google.com/store/apps/details?id=com.koushikdutta.superuser
- https://play.google.com/store/apps/details?id=eu.chainfire.supersu

Root feature doesn't rely on a "StupidSU kernel" which is only an installer.
Feel free to flash back Samsung's original boot.img from their official firmware
after booting at least once.

Important Note:
This "exploit" is so lame that it will be fixed in no time, making updated S4
a pain to root again.

I wish Samsung will reconsider their "Anti Root" approach, which is damageable
in every regard and defective by design as demonstrated here.
Also, I'm simply not interested developing for and promoting devices from
manufacturers hostile to developers: It's just a waste of valuable time.

INSTALL

1/ copy rooting/ directory in your initramfs

Make sure "root.sh" file is has an executable permission (chmod 744 recommended)

2/ Add those lines at init.universal5410.rc end:

# Stupid SU
service rooting /stupidsu/root.sh
class main
user root
group root
oneshot

3/ Assemble your initramfs with the associated Samsung official kernel binary
of choice in a regular boot image

4/ flash as boot.img

5/ At each boot, Superuser app are detected automatically and su binary adjusted
accordingly.

Source code

On GitHub

License

Kernels downloads, only for demo purposes of the concept, you can flash back original Samsung boot.img once rooted

GT-I9500 Stock + root StupidSU v4 UBUAMDE
GT-I9500 Stock + root StupidSU v4 XXUAMDK
GT-I9500 Stock + root StupidSU v4 XXUAME1

What's next

Owners of Qualcomm Galaxy S 4 devices experiencing the same dificulties with Samsung the anti root strategy might want to try this method, please let me know if you're ready for some experimentations.

muhamet · May 17, 2013

Supercurio pleas add thraed t General section i think ther well bee lots of testers for i9505.thx for suport

Sent from my LG-P500 using xda app-developers app

grgsiocl · May 17, 2013

Going to try this on latest LE1 stock kernel now .....thread is in correct section

edit: did not work on LE1 kernel. I will try once again. DId any one tried the MDK kernel..I am having again the problem with SU binaries installation..

Edit: Thanks bro. working on ME1 kernel now. Did mistake while doing tar. Appreciate it! Root is working fine but cant update the binaries of Supersu, still the root works fine.

Rahulrulez · May 18, 2013

Here comes the master

welcome to SGS4 development forum mate.. (rahulzeven from twitter here

)

GSeeker · May 18, 2013

So the BEST thing's just happened?!:laugh::good:

grgsiocl · May 18, 2013

i repacked the kernel of Samsung-Updates.com-KERNEL-GT-I9500-XSE-I9500XXUAME1-1367637350 using supercurio method. Root works fine. All we need to is install it from ODIN and dont update the binaries of supersu.

Download Link

Edit: New file uploaded

GSeeker · May 18, 2013

grgsiocl said:
i repacked the kernel of Samsung-Updates.com-KERNEL-GT-I9500-XSE-I9500XXUAME1-1367637350 using supercurio method. Root works fine. All we need to is install it from ODIN and dont update the binaries of supersu.

Download Link

Thanks fo much! Will Titanium Backup work on this kernel?

walda · May 18, 2013

Hope chainfire will start working on mobileOdin soon. So much easier to flash than.

... tapat*lked

grgsiocl · May 18, 2013

GSeeker said:
Thanks fo much! Will Titanium Backup work on this kernel?

wrong file uploaded. Please download the same in 5 minutes. Uploading is on and the kernel date should be MAY 04

---------- Post added at 12:33 PM ---------- Previous post was at 12:28 PM ----------

GSeeker said:
Thanks fo much! Will Titanium Backup work on this kernel?

it should work as i dont use titanium backup and instead i use gobackup pro and it works fine anyway

jlevy73 · May 18, 2013

MDK from OP working good, thanks

aslak89 · May 18, 2013

grgsiocl said:
i repacked the kernel of Samsung-Updates.com-KERNEL-GT-I9500-XSE-I9500XXUAME1-1367637350 using supercurio method. Root works fine. All we need to is install it from ODIN and dont update the binaries of supersu.

Download Link

Edit: New file uploaded

I'm trying to repack the kernel of korean gs4,
but I am a noob in kernel devs.
I can edit ramdisc, but fist trying in initramfs, zImage.

Is rooting directory means both root.sh and files(folder)?
and paste them on first class route?

hope you give some advices.. thanks

grgsiocl · May 18, 2013

aslak89 said:
I'm trying to repack the kernel of korean gs4,
but I am a noob in kernel devs.
I can edit ramdisc, but fist trying in initramfs, zImage.

Is rooting directory means both root.sh and files(folder)?
and paste them on first class route?

hope you give some advices.. thanks

when you unpack the kernel you will have two folders one is ramdisk and other one is split_img (zimage). You need to copy the folder stupidsu folder in ramdisk and modify the init.universal5410.rc as per OP stated and repack the image

aslak89 · May 18, 2013

grgsiocl said:
when you unpack the kernel you will have two folders one is ramdisk and other one is split_img (zimage). You need to copy the folder stupidsu folder in ramdisk and modify the init.universal5410.rc as per OP stated and repack the image

then, is not necessary to recompile zImage?
ok I m going to try it right now, thank you grgsiocl

supercurio · May 18, 2013

muhamet said:
Supercurio pleas add thraed t General section i think ther well bee lots of testers for i9505.thx for suport

Yes in fact I was hesitating, but as soon as someone is ready to assist me to try on a Qualcomm device (I9505 or T-Mobile Galaxy S4) I'll make a thread here too.

grgsiocl said:
Going to try this on latest LE1 stock kernel now .....thread is in correct section

edit: did not work on LE1 kernel. I will try once again. DId any one tried the MDK kernel..I am having again the problem with SU binaries installation..

Edit: Thanks bro. working on ME1 kernel now. Did mistake while doing tar. Appreciate it! Root is working fine but cant update the binaries of Supersu, still the root works fine.

Great then

supercurio · May 18, 2013

aslak89 said:
then, is not necessary to recompile zImage?
ok I m going to try it right now, thank you grgsiocl

The point here is to have stock (unmodified Samsung binary) kernel running, with associated modules and no other modification.

Which gives you several usage options:

keep the StupidSU stock+root kernel (same kernel binary, same kernel modules, only very slightly initramfs scripts) that will auto-root depending on which Superuser APK you installed
you can flash back the official kernel and still enjoy root the same.

aslak89 · May 18, 2013

supercurio said:
The point here is to have stock (unmodified Samsung binary) kernel running, with associated modules and no other modification.

Which gives you several usage options:

keep the StupidSU stock+root kernel (same kernel binary, same kernel modules, only very slightly initramfs scripts) that will auto-root depending on which Superuser APK you installed

you can flash back the official kernel and still enjoy root the same.

Thank you for awsering

then I repacked my kernel but still not work.
copyed stupidsu and edited init.universal5410.rc in ramdisk and repacked boot.img.
I guess permission is the thing,

attach my shots
hope you loot at once.

Sent from my SHV-E300S using XDA Premium HD app

Svid · May 18, 2013

walda said:
Hope chainfire will start working on mobileOdin soon. So much easier to flash than.

... tapat*lked

He will after he will come back from his vacation.

Chainfire · May 18, 2013

I'll look into a fixed CF-Auto-Root for the I9505 as soon as I'm back on Sunday. I imagine that will be tested by Sunday evening, with a I9500 test version available sometime Monday. If all is well

In StupidSU environment and for this initial release Koush's Superuser app would
be preffered as SuperSU main UI refuses to launch because it cannot detect its
original su binary. Aside from that both work as expected.

This is because you're not installing the backup su binary. The UI app detects this is missing and triggers an update. Bug in StupidSU

supercurio · May 18, 2013

aslak89 said:
Thank you for awsering

then I repacked my kernel but still not work.
copyed stupidsu and edited init.universal5410.rc in ramdisk and repacked boot.img.
I guess permission is the thing,

attach my shots
hope you loot at once.p

Alright I'm adding some logging in my scripts so you'll be able to see what's happening − or not

DjeMBeY · May 18, 2013

supercurio said:
Yes in fact I was hesitating, but as soon as someone is ready to assist me to try on a Qualcomm device (I9505 or T-Mobile Galaxy S4) I'll make a thread here too.

Brilliant news!!!! Thanks a LOT!!

Let's make it work!!

It will be AWESOME if I could use latest STOCK Kernel in my ROM's......
I'll give you a hand

Stupid SU: Galaxy S 4 stock+root helper

Retired Senior Recognized Developer

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Retired Senior Recognized Developer

Retired Senior Recognized Developer

Senior Member

Attachments

Senior Member

Moderator Emeritus / Senior Recognized Developer

Retired Senior Recognized Developer

Senior Member

Similar threads

Top Liked Posts