[APP][2.3+][ROOT][SUPERUSER] AnJaRoot - Android Java Root | 100% compatible with Xposed

Search This thread

Luminger

Senior Member
Oct 13, 2010
87
68
[APP][2.3+][ROOT][SUPERUSER] AnJaRoot - Android Java Root | 100% compatible with Xposed

AnJaRoot stands for Android Java Root, and it's just that - a replacement for the previous generation of supersuer access on Android. The days of calling su to execute scripts in a limited environment are over, developers are now able to perform previously restricted actions directly from Java!

While I've tested AnJaRoot multiple times for the last weeks on emulators and real devices (4.3 and 2.3.7) I still consider it to be in beta phase. Please install it only if you are able to recover your device from possible bootloops.

AnJaRoot 1.1.0 is now 100% compatible to the Xposed Framework!

To get the latest version of AnJaRoot, go to the downloads tab or from the project homepage located at http://www.anjaroot.net/.

Installation
The prefered installation method is via sideloading/installing from sdcard the AnJaRoot Installer update.zip. The installer will automatch your device arch (armeabi, mips and x86 are supported right now). If the installer reports an error, you can find the installation logs on /cache. Please upload them to this thread or fill a bugreport so I can fix the problem.

AnJaRoot is also able to install itself via recovery. I've tested on the CWM recovery images, but it should work everywhere as no special tools are used except a shell in.

Uninstall/Failure Recovery
AnJaRoot is still new, you might need to uninstall it or recover from bootloops. To uninstall AnJaRoot use the provided uninstall update.zip, it will clean AnJaRoot from your device and should also recover you from bootloops.

Current Status
Please also note that AnJaRoot is currently not that interesting for endusers as no app out there has support for it. I will support developers with getting their apps running with AnJaRoot. Once you have adopted your app I will also list them here.

Adding support to your app
In order to use AnJaRoot in your app you have to utilize the provided AnJaRoot Library. Everything which should be needed for you is documented via JavaDoc comments (Online Version). Fir a reference implementation refer to the source of AnJaRoot Tester.

Developers
The project homepage lists some resources on how to integrate your AnJaRoot into your app. Please don't use this thread for questions regarding the Library, use this thread instead. It also shows how to get started hacking.

ROM Developers
AnJaRoot is currently not as easy as I want it to be integrateable. It's lacking a proper build system for ROMs and multiple changes have to be performed to change the package names (just for example). I will add support for it in the feature. Meanwhile you may just preinstall the lastest (signed by me) APK.

Key features:
  • Supports Android >=2.3 (Gingerbread, API level 9) on arm, x86 and mips
  • Developers have a nice and robust library to utilize AnJaRoot to unlock the full potential of their ideas.
  • Need to run native code as root? AnJaRoot can grant root also to subprocesses without the use of su!
  • Simple to install: Install via app or directly flash/sideload the update.zip (which is useable on all supported systems) from http://www.anjaroot.net/
  • Developers don't need to write hard to debug Shellscripts in order to issue commands as root, it was never easier to make use of superuser permissions.
  • Simple management UX for users
  • It's fully open source - AnJaRoot itself is GPLv3 licensed while the Library is published under the Apache License.

Future features:
  • Android 4.x multi user support
  • Full replacement for the previous SuperUser tools
  • Major UX overhaul (more options and a real design)
  • Support for custom ROM integration
  • Compatibility with the XPosed Framework

Disclaimer
While I've developed it and made sure that your device doesn't get damaged, I can't guarantee that nothing bad will happen. It's your responsability about what you do to your device. Please be carefull!

XDA:DevDB Information
AnJaRoot, a App for the No Device

Contributors
Luminger

Version Information
Status: Stable
Current Beta Version: 1.1.0
Beta Release Date: 2013-11-02

Created 2013-10-19
Last Updated 2013-11-05
 

Attachments

  • packageui.jpg
    packageui.jpg
    12.2 KB · Views: 565
  • requestui.jpg
    requestui.jpg
    23.1 KB · Views: 546
  • tester.jpg
    tester.jpg
    20.5 KB · Views: 549

Luminger

Senior Member
Oct 13, 2010
87
68
Reserved

Changelog

1.1.1
  • AnJaRoot now supports a 'system installation' (directly from Android without support from a recovery system).
1.1.0
  • AnJaRoot is now 100% Xposed compatible!
  • AnJaRoot 1.1.0 and AnJaRoot Library are compatible with the old releases. But you have to reinstall via update.zip if you have AnJaRoot 1.0.0 installed on your device.

v1.0.0
  • initial release
 
Last edited:
  • Like
Reactions: antt00

coolnessQ

Senior Member
Aug 8, 2012
955
295
27
Rotterdam
This sure looks insteresting!! :) Can you share some piccs?? ^^

Sent from my GT-I9505 using app: XDA Premium and rom: CgoastINC Rom v14
 

Luminger

Senior Member
Oct 13, 2010
87
68
This sure looks insteresting!! :) Can you share some piccs?? ^^

Sent from my GT-I9505 using app: XDA Premium and rom: CgoastINC Rom v14

I've attached some picks to the devdb entry of AnJaRoot, it should be accessable from the tabbar above the thread. There isn't that much to see, most of the work was done under the hood, the UI is still WIP but it's functional ;)
 

coolnessQ

Senior Member
Aug 8, 2012
955
295
27
Rotterdam
I've attached some picks to the devdb entry of AnJaRoot, it should be accessable from the tabbar above the thread. There isn't that much to see, most of the work was done under the hood, the UI is still WIP but it's functional ;)

Hope the xposed thing will be fixed :)

Sent from my GT-I9505 using app: XDA Premium and rom: CgoastINC Rom v14
 
  • Like
Reactions: Luminger

Luminger

Senior Member
Oct 13, 2010
87
68
Hope the xposed thing will be fixed :)

Sent from my GT-I9505 using app: XDA Premium and rom: CgoastINC Rom v14

I'm currently working on a patch for Xposed. As we both mess with the app_process binary (xposed replaces it with its own version, I replace it with a wrapper script) this is a little bit tricky. Basically both xposed and AnJaRoot need to be aware of each other.
 
  • Like
Reactions: coolnessQ

coolnessQ

Senior Member
Aug 8, 2012
955
295
27
Rotterdam
I'm currently working on a patch for Xposed. As we both mess with the app_process binary (xposed replaces it with its own version, I replace it with a wrapper script) this is a little bit tricky. Basically both xposed and AnJaRoot need to be aware of each other.

Great cannot wait for it! ^^

Sent from my GT-I9505 using app: XDA Premium and rom: CgoastINC Rom v14
 

pyler

Senior Member
Jan 13, 2013
1,279
2,372
I'm currently working on a patch for Xposed. As we both mess with the app_process binary (xposed replaces it with its own version, I replace it with a wrapper script) this is a little bit tricky. Basically both xposed and AnJaRoot need to be aware of each other.

Do you talk with Xposed dev? Maybe you can find one solution to rule all.
Or maybe check if Xposed is installed and then copy right app_process (xposed's app_process + your changes)
if its not installed then stock app_process + your changes
 
  • Like
Reactions: Luminger

Luminger

Senior Member
Oct 13, 2010
87
68
Do you talk with Xposed dev? Maybe you can find one solution to rule all.
Or maybe check if Xposed is installed and then copy right app_process (xposed's app_process + your changes)
if its not installed then stock app_process + your changes

I'm currently trying to patch Xposed the way it knows about AnJaRoot (and vise versa). Turns out to be just like you said, but there are still some problems I have to overcome (besides getting my patches accepted). Things are getting also a little complicated when a user has installed one, installes the other and removes again one randomly. It has to work well, otherwise the user will have boot problems (and nobody wants that :))
 

Luminger

Senior Member
Oct 13, 2010
87
68
How is progress? :)

Sent from my GT-I9505 using app: XDA Premium and rom: CgoastINC Rom v14

I've started developing it last evening, a proof of concept is half way done. It will require some more days of work to finish the PoC, rebuild it in production quality and testing. By the weekend I may have a Xposed compatible version ready. The library API will not change, only AnJaRoot itself will receive an update to 1.1.0, changes will not be noticable by AnJaRoot Library consumers.
 
  • Like
Reactions: coolnessQ

Luminger

Senior Member
Oct 13, 2010
87
68
Just wanted to give a short status update: I've prepared a PoC over the last week/this weekend which does work on armeabi/mips/x86 and uses ptrace to do the AnJaRoot job on (at least) Android 2.3.3, Android 4.1.2 (this was a little bit more interesting as expected...) and Android 4.2.2.

I'm now wrapping it all up into a new AnJaRoot and AnJaRoot Library release. The new 1.1.0 version of AnJaRoot will work with the AnJaRoot Library 1.0.0, also the old Library will work with the new AnJaRoot 1.1.0 app.

So stay tuned, it will come out within the next days after I've developed the missing bits and pieces, tested it again and wrap it all up into the 1.1.0 release ;)

Edit: If anyone is interested, development of the ptrace stuff lives in the feature/ptrace-impl branches on github.
 

coolnessQ

Senior Member
Aug 8, 2012
955
295
27
Rotterdam
Great cannot wait! :)
Works with xposed or still needs some fixes for it?

Sent from my GT-I9505 using app: XDA Premium and rom: CgoastINC Rom v14
 

vaiz

Member
May 27, 2013
21
3
Not supported for lenovo A1000

Sent from my IdeaTabA1000-G using XDA Premium 4 mobile app
 

Luminger

Senior Member
Oct 13, 2010
87
68
Not supported for lenovo A1000

Sent from my IdeaTabA1000-G using XDA Premium 4 mobile app

Could you explain what is not supported/not working on the Lenovo A1000? I would like to address your issues, but I can't do anything about it without at least some informations.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 14
    [APP][2.3+][ROOT][SUPERUSER] AnJaRoot - Android Java Root | 100% compatible with Xposed

    AnJaRoot stands for Android Java Root, and it's just that - a replacement for the previous generation of supersuer access on Android. The days of calling su to execute scripts in a limited environment are over, developers are now able to perform previously restricted actions directly from Java!

    While I've tested AnJaRoot multiple times for the last weeks on emulators and real devices (4.3 and 2.3.7) I still consider it to be in beta phase. Please install it only if you are able to recover your device from possible bootloops.

    AnJaRoot 1.1.0 is now 100% compatible to the Xposed Framework!

    To get the latest version of AnJaRoot, go to the downloads tab or from the project homepage located at http://www.anjaroot.net/.

    Installation
    The prefered installation method is via sideloading/installing from sdcard the AnJaRoot Installer update.zip. The installer will automatch your device arch (armeabi, mips and x86 are supported right now). If the installer reports an error, you can find the installation logs on /cache. Please upload them to this thread or fill a bugreport so I can fix the problem.

    AnJaRoot is also able to install itself via recovery. I've tested on the CWM recovery images, but it should work everywhere as no special tools are used except a shell in.

    Uninstall/Failure Recovery
    AnJaRoot is still new, you might need to uninstall it or recover from bootloops. To uninstall AnJaRoot use the provided uninstall update.zip, it will clean AnJaRoot from your device and should also recover you from bootloops.

    Current Status
    Please also note that AnJaRoot is currently not that interesting for endusers as no app out there has support for it. I will support developers with getting their apps running with AnJaRoot. Once you have adopted your app I will also list them here.

    Adding support to your app
    In order to use AnJaRoot in your app you have to utilize the provided AnJaRoot Library. Everything which should be needed for you is documented via JavaDoc comments (Online Version). Fir a reference implementation refer to the source of AnJaRoot Tester.

    Developers
    The project homepage lists some resources on how to integrate your AnJaRoot into your app. Please don't use this thread for questions regarding the Library, use this thread instead. It also shows how to get started hacking.

    ROM Developers
    AnJaRoot is currently not as easy as I want it to be integrateable. It's lacking a proper build system for ROMs and multiple changes have to be performed to change the package names (just for example). I will add support for it in the feature. Meanwhile you may just preinstall the lastest (signed by me) APK.

    Key features:
    • Supports Android >=2.3 (Gingerbread, API level 9) on arm, x86 and mips
    • Developers have a nice and robust library to utilize AnJaRoot to unlock the full potential of their ideas.
    • Need to run native code as root? AnJaRoot can grant root also to subprocesses without the use of su!
    • Simple to install: Install via app or directly flash/sideload the update.zip (which is useable on all supported systems) from http://www.anjaroot.net/
    • Developers don't need to write hard to debug Shellscripts in order to issue commands as root, it was never easier to make use of superuser permissions.
    • Simple management UX for users
    • It's fully open source - AnJaRoot itself is GPLv3 licensed while the Library is published under the Apache License.

    Future features:
    • Android 4.x multi user support
    • Full replacement for the previous SuperUser tools
    • Major UX overhaul (more options and a real design)
    • Support for custom ROM integration
    • Compatibility with the XPosed Framework

    Disclaimer
    While I've developed it and made sure that your device doesn't get damaged, I can't guarantee that nothing bad will happen. It's your responsability about what you do to your device. Please be carefull!

    XDA:DevDB Information
    AnJaRoot, a App for the No Device

    Contributors
    Luminger

    Version Information
    Status: Stable
    Current Beta Version: 1.1.0
    Beta Release Date: 2013-11-02

    Created 2013-10-19
    Last Updated 2013-11-05
    3
    I'm eager but skill-wise not experienced enough to figure out the way this "exploits" works. I've taken a look at both documentation
    and code, and couldn't really understand what was going on (even though my main "field of study" is Java). Could you please summarize
    the method used to gain root access via this method? It would be very interesting to know

    Sure I can tell you about the inner workings of this "exploit". I'll split it into 4 parts. A general part about "what it does and why it works", second is the current LD_PRELOAD implementation, third I'll talk a little about the inner workings of the 1.1.0 release (which will come soon btw, had no time the last days to work on it sadly) and last about the library.

    The whole thing bases on the linux capabilities and the inner workings about the android process spawning model. On Linux root is most of the times misunderstood (at least somehow). People think the mighty powers of root derive from the fact that the user id and group id is zero, but this doesn't grant root any special abilities. The real power from root comes from the capabilities granted to this user.

    The kernel knows a lot of them, they are listed in man 7 capabilities. Most of them are not that interesting for users, but CAP_NET_ADMIN and CAP_FOWNER are for example what people have in mind when it comes to root.

    Capabilities are normally only granted to root, but here come the different capabilitie sets into the game. If you take a look at man 2 capset, there are 3 of them. 'effective' is the set which is used when it comes to checking if the process has those capabilities. A process may drop them at any point in time by setting them to zero. A process is also able to "regain" all of the capabilities from the 'permitted' set. The 'inheritable' set is the set which will be inherited by a child of this thread and it's not really relevant in our case.

    If you want to know which capabilities a process has take a look into /proc/<pid>/status, it lists all 3 capability sets.

    Okay, we have talked about the capabilities and why they really are the power of root. Next is the Android process spawning. There are some resources on the net, I will just talk about the relevant parts here.

    The zygote is spawned very early in the boot process of any Android system and preloads a huge pile of resources and libraries which are used by all parts of the later system. After this has finished, the zygote is utilized by the system to spawn of new app processes (hence the name zygote, it's the parent of all app processes). This is done by forking a new child (all the loaded resources will be shared with it in a copy on write manner to save RAM) which is in the begining nothing more than a direct clone of the zygote. A crutial thing I forgot to mention till now: zygote runs as root and has all/nearly all capabilities available on a system. After the fork has taken place the zygote will begin to specialize its new child (drop root, drop capabilities, setup the app) which will form the new app process.

    And here comes the trick I used with AnJaRoot:
    When the zygote specializes the child it will drop its capabilities from 0xFFFFFFFF (everything) to 0x00000000 (none). This drop is intercepted and will leave the child with a 'permitted' capability set of 0xFFFFFFFF and 'effective' 0x00000000 - as I described above those can be regained later, the child will remain 'root' this way.

    The intercept is realized with LD_PRELOAD. You can read on google about it - it forces the dynamic linker to load a library into the process before any other dynamic library will be loaded. This way a dynamic symbol resolve will at first try to find the asked symbol from this library, then it will proceed to other libraries (libc is queried after LD_PRELOADed libraries). The AnJaRoot Library provides a replacement for capset (which is called by the zygote to drop capabilities). This replacement will look into the AnJaRoot database and does the capabilities drop if the process is not a AnJaRoot enabled process or it will not drop the capabilities and signal a successfull capability drop to the zygote. This way the library can later aid the process to regain capabilities.

    The new AnJaRoot 1.1.0 release adds compatibility to Xposed which was a problem in the 1.0.0 release. It does so by utilitzing ptrace to basicaly "debug" the zygote (it's the main debug interface, used by gdb for example, on Linux). It does't need to change the app_process this way (which is the binary which spawns the zygote initialy) but is completely transparent to Xposed.

    The AnJaRoot Library adds the capset, capget, setresuid, getresuid, setresgid, getresgid calls to the Android Java land (those functions all have manual pages, you can look them up on the net). When you request capabilities via the Library it will utilize capset to set the 'effective' capabilities set to the previously preserved 'permitted' capabilities and also set your uid/gid to 0. And now the process is magicaly root again.

    This way nobody ever again has to use the su binary to gain root via setuid to call some shellscripts. You can now use the Android Java API to fiddle arround with the filesystem, sockets and even Android services (you could claim to be a system process and do otherwise not permitted action to the system).

    Hope this helps, if anything is not clear please feel free to ask =)
    3
    Thank you for such a great and informative reply, this was truly an experience to read through. You explained everything so well that the only question I have in mind has to be: how did you come along such a creative approach to this?

    By accident, as it usualy happens (well, it may have helped a bit that I'm a Linux System Engineer also ;))

    I had looked up the Android startup procedure years ago, latetly I looked it up again - I was curious that there must be a way to grant superuser rights to Androids Java processes (I knew a method was there, I just couldn't figure it out).

    After month I stumbled upon Xposed, I was searching for a method to enable NFC tag reading while the screen is off. I started to remember my research from month ago while I read the Source of Xposed and so AnJaRoot was born (well, it took me another 2 weeks to figure out how exactly this would work - this method is far away from trivial...).

    It was a mixture of "I'm used to problems which other people mark as 'unsolvable'" and luck =)
    2
    Reserved

    Apps which uitilize AnJaRoot
    • AnJaRoot Tester
    2
    Just wanted to give a short status update: I've prepared a PoC over the last week/this weekend which does work on armeabi/mips/x86 and uses ptrace to do the AnJaRoot job on (at least) Android 2.3.3, Android 4.1.2 (this was a little bit more interesting as expected...) and Android 4.2.2.

    I'm now wrapping it all up into a new AnJaRoot and AnJaRoot Library release. The new 1.1.0 version of AnJaRoot will work with the AnJaRoot Library 1.0.0, also the old Library will work with the new AnJaRoot 1.1.0 app.

    So stay tuned, it will come out within the next days after I've developed the missing bits and pieces, tested it again and wrap it all up into the 1.1.0 release ;)

    Edit: If anyone is interested, development of the ptrace stuff lives in the feature/ptrace-impl branches on github.