phh's SuperUser/ OpenSource SELinux-capable SuperUser

Search This thread

adrman

Senior Member
Jul 17, 2012
1,595
632
NYC
Holy **** open source root app. I was paranoid all day yesterday after flashing SuperSU just to handle franco kernel parameters. I want to try this new superuser. I noticed there are four modes. Which modes resembles SuperSU default behavior?
I'm using the 2.66 hidesu version with Franco r32 on my 6p. It works great. Just try the default configuration of the zip first. That will set you up as "eng" as described in the op. If you're unencrypted though, make sure to edit the config.txt in the superuser.zip to "nocrypt".
 

rasengan82

Senior Member
Nov 19, 2011
1,066
166
Hmm do you need magisk to actually flash phh superuser.zip? All over the place magisk and phh are mentioned together but my understanding is phh does not need it.

Sent from my Nexus 6 using Tapatalk
 

Yan25

Member
Apr 29, 2015
45
12
Hi,

Is someone has the same issue than me? I followed all the instructions here http://forum.xda-developers.com/app...agisk-discussion-t3465722/page57#post69046358 with success and no error. I'm using phh's SuperUser application.

During the startup of Android I have the root access. For example I can see that betterbatterystats get the root access and rootchecker shows that root is correctly installed. But, when the startup is finished (around 2 minutes) the root access is gone. All applications required a root access tell me that no root is installed on my smartphone. I can reproduce this each time I restart my phone.

I have a ZTE Blade S6 running on Android 5.0.2.

Do you know what could be the reason of this issue?

Regards

Yan'
 
Last edited:

rasengan82

Senior Member
Nov 19, 2011
1,066
166
Hey guys I am noticing flashing phh and then a custom kernel like franco (uses anykernel) removes root. This does not happen with SuperSU. Is this a known issue?

Sent from my Nexus 6 using Tapatalk
 

waylo

Senior Member
May 9, 2010
1,655
487
tell adaway to use /data/data/hosts and let it download and "apply" the adblock. press NO when it asks for symlinking. then do "su --bind /data/data/hosts:/system/etc/hosts" (w/o " " ofc) in adb shell using ur PC. phone terminal apps dont seem to work properly for this. thats what i and several others did and it works. if it worked "ls -l /data/data/hosts /system/etc/hosts" should output 2 lines with the same filesize (that large number in the output) if one line has only 56 where the other has 2.1 million byte then smth went wrong. safetynet is still green after this.

edit: reboot after the adb su --bind command ofc.

I 'think' after doing this, I now have a "Your device is corrupt" warning that pops up on reboot. Is that to be expected? Obviously not a big deal if it is. Always had the "Your device software cannot be checked for corruption" warning after unlocking my bootloader.

(I also did boot into TWRP and mounted system as r/w, but did not do any writing, manipulation or editing. Don't think that set it off. I was unaware the default hidesu zip would unfortunate encrypt my formerly nonencrypted data so that's a different step that I'm used to).
 

Lrs121

Senior Member
Feb 10, 2012
880
616
Moscow, ID
Moto G Power
Google Pixel 4a
I 'think' after doing this, I now have a "Your device is corrupt" warning that pops up on reboot. Is that to be expected? Obviously not a big deal if it is. Always had the "Your device software cannot be checked for corruption" warning after unlocking my bootloader.

(I also did boot into TWRP and mounted system as r/w, but did not do any writing, manipulation or editing. Don't think that set it off. I was unaware the default hidesu zip would unfortunate encrypt my formerly nonencrypted data so that's a different step that I'm used to).

Mounting system r/w is exactly what did it.
If you are going to do anything that touches the system, you must use no-verity configuration
https://source.android.com/security/verifiedboot/verified-boot.html
 
Last edited:
  • Like
Reactions: waylo

SB13X

Senior Member
Jun 14, 2010
694
203
England, UK
Can 266 hidesu be used without Magisk? I'm getting Bootloop on my Xperia Z3 at the flash screen after flashing on clean kernel boot.img with Magisk uninstalled.

@phhusson using this kernel as a Base seems all Soby Xperia devices get stuck on flash screen as it's been mentioned earlier on but with no answer as far as I can see.

http://forum.xda-developers.com/z3/development/kernel-advanced-stock-kernel-t3345880

Download Link for version I'm running...

https://drive.google.com/file/d/0Bwn7bAJ-USZjVUs0cjNoYVFzak0/view?usp=sharing
 
Last edited:

phhusson

Recognized Developer
Jul 23, 2009
2,448
4,692
Paris
@phhusson, when flashing superuser zip over stock kernel, it boots fine. When flashing over ex kernel, it's stuck at boot logo. Flashing stock, superuser, ex boots fine.

Any particular reason for this?
What's "ex kernel"? link?

Guys. I'm sure you are boring of these qustions.
But can you please give me any advice how to run PoGo?

I have hideroot version on my 7.0 CM14 and in SafetyNet checker is CTS Profile : False

So we as root users cant really play PoGO?
The problem here is most likely not root, but CM.
Please note that you most likely CAN'T pass SafetyNet on CM.
But Pogo doesn't use SafetyNet's checker, it only checks for root. (and likely for xposed and such)
So the test should be PoGo, not SafetyNet.

[email protected]
As far as hiding su, can random generated number be used instead of a file name?
Yes, but then, how would applications find that number?
Basically, if an app can find the "su", PoGo can find it as well.
That's why the only possible method is to hide su from some apps.
(Actually there is another possibility, which is to give a method to send a SU request, but you will know if there is indeed an SU only when the request answers, but that would deeply break compatibility with root apps)
 

chrisexv6

Senior Member
Nov 14, 2010
1,632
536
Same here. It passes after a reboot, but a few hours later it fails and needs another reboot. Running Resurrection Remix on Note 3.

Same issue here as well.

On initial flash and startup of PureNexus ROM, I could get root (added ElementalX kernel control)

An hour later installed TiBackup from Play Store but it couldnt get root access

Rebooted and TiB worked OK. I havent checked since (funny how not that much stuff actually requires root!)
 

Top Liked Posts

  • There are no posts matching your filters.
  • 332
    Hi,

    IT MIGHT BRICK YOUR DEVICE.
    Always ensure you have a way back.


    Here is a thread about my fork of Koush's Superuser, to handle SELinux: https://github.com/seSuperuser/Superuser
    So I would like your help to make this SuperUser a proud opensource SU app!

    If you have an application that requires root, and which needs specific SELinux configuration please ask!


    Build bot: https://superuser.phh.me/
    Currently, four flavors of su are available on the build-bot:
    - "eng" which puts "su" in permissive mode. This is the most compatible mode, but you should trust the apps you give root to. This does NOT put SELinux in permissive mode.
    - "noverity" is eng and dm-verity disabled
    - "nocrypt" is eng, dm-verity and dm-crypt disabled
    - "user" is meant to give a safe su. su-apps won't be able to access to your Android Pay (for instance) informations, or keep persistent su access without your consent

    Please note that user is in heavy development and isn't up to its promises at the moment.

    I setup a build bot, which generates boot.img based on my solution, and pushes them to https://superuser.phh.me/

    I did this build bot in a way so it is easy to add new ROMs, so don't hesitate asking for new ROM/devices support.
    Supporting new devices might mean some additional work on http://github.com/seSuperuser/super-bootimg/ if they are using non-standard boot.img format, but the aim is to support as many devices as possible.
    You need to install the APK from PlayStore afterwards: https://play.google.com/store/apps/details?id=me.phh.superuser

    Bot-supported devices
    Here are some devices, but there are many more !
    - A *lot* of Archos devices
    - All Nexus-es, including Pixel C (if some Nexus is missing, just ask!)
    - nVidia Shield TV
    - nVidia Shield Tablet
    - Fairphone 2

    update.zip format
    The zip is available at https://superuser.phh.me/superuser.zip
    It should be able to root any device supported by super-bootimg from TWRP (and possibly other custom recoverys)
    You still need to install the APK afterwards. https://play.google.com/store/apps/details?id=me.phh.superuser https://f-droid.org/repository/brow...lob/master/known-imgs/nexus/hammerhead/MRA58N describes a firmware, nothing device-specific). This only requires to do some PRs to add a device, or on updated firmwares
    - Testers
    - UI designer: The current UI dates back from 4.1...? It is really ugly and not really usable.
    - Testers
    - Root-related devs: SELinux policies are still being written
    - Testers
    - Security reviewers
    - Testers

    Bug report
    If some app doesn't work, please ask me, not the dev.
    I consider I have to fix support for other apps, not the other way around.



    ChangeLog
    2016-01-31 r170: superuser.zip can be included in other update.zip
    2016-01-27 r166: Add support for Viper4Android
    2016-01-15 r162: Add su --bind and su --init commands
    2016-01-10 r154: Files are no longer copied multiple times. Fixes MultiROM, and multiple install for update.
    2016-01-06 r152: Fix support for ChromeOS-like format (Pixel C)
    2016-01-01 r144: Detect chromeos-style signature, and don't try to resign it in that case
    2015-12-30 r143: Improved compatibility with apps.
    2015-12-28 r142: Changed naming convention to include device name and release
    2015-12-28: Added "nocrypt" target
    2015-12-13: Added "noverity" target to buildbot
    2015-12-13: Add options for noencrypt, noverity
    2015-12-03: Fix TitaniumBackup
    2015-11-24: mount --bind to /system/xbin/su if it exists to override ROM's su
    2015-11-23: Fix CF.Lumen
    2015-11-14: Add super-bootimg's version in boot.img, several network/firewall-related permissions
    2015-11-11: Access to Android's services
    2015-11-10: Recursive su access
    2015-11-09: Fix pm disable command
    97
    So, I've made a quick and dirty version of hidesu which hides su enough for current version of Pokemon Go. (noone cares about anything else anyway right? Oh right it also circumvents SafetyNet...)
    I fully agree to what ChainFire says about circumventing SU detection (on http://forum.xda-developers.com/showpost.php?p=68424605&postcount=2 )

    The demo superuser.zip is available at http://phhusson.free.fr/superuser-r266-hidesu.zip (you'll notice this is not hosted on https://superuser.phh.me, so don't consider it a real release).
    hidesu is enabled by default for the "com.google.android.gms.unstable" process (this is the one scanning for Pokemon Go and SafetyNet as far as I know)

    I think this actually could be easily used to circumvent SafetyNet with Xposed enabled (we can make the process think it has the original /system), but that's out of the scope of this PoC.

    (I have no clue how this compares to CF's suhide)
    61
    - Added a new "Smart mode" for notifications (shows a toast when screen is in use and notification when it's off)

    - Added a setting to notify only when access is denied

    - Removing an app from the list will require PIN (if it's set)

    (I haven't tested these new additions much. So, please let me know if something's wrong)

    - @Captain_Throwback some blank space will be removed now
    41
    @PunchUp One more request for the superuser app.

    An option to hide the app in the app drawer for those ROMs that integrate it in Settings. like Substratum does?

    I use Pure Nexus and it integrates phh superuser and Substation (as well as that "other" su). ;)

    Thanks
    Alright, now there's a setting available to hide the launcher icon
    Also, someone asked for the round icon. So, now there's one available for API 25+
    And some other minor bug fixes and improvements

    Plus, there's an "App shortcut" to quickly enable/disable Superuser. I'm currently not using Nougat. So if someone who is on 7.1.1 can test it, that'd be helpful :)
    29
    I don't think so, @PunchUp made an amazing work there :)
    Still waiting for your reply to the email so that I can finalise it :D

    It works great! Although I feel the full screen request activity is a little intrusive, I'll live with it to avoid the super long SuperSU dialog :p
    Full screen request? I think you're using an old build.


    Anyway, I did make some more changes a few weeks ago (after beta 9). Since the final release has gotten delayed a bit, here is a new build
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone