[Editor's note: In the process of electronic data forensics of mobile phones, it is important to obtain the root permission of mobile phones. Since the forensic personnel often use different third-party application software to forcibly crack the mobile phone, there is a false root situation in which the incompleteness is cracked. This fake Root situation will affect the success rate and efficiency of mobile phone data extraction. To this end, researchers in the key laboratory of data recovery in Sichuan Province will introduce a method to effectively determine whether the smartphone is Root, which will help improve work efficiency. 】
First, what is the root authority
Root permission refers to the highest privilege of a smart mobile device. Once the smart device has opened the root privilege, the device's own security mechanism has been destroyed, and third-party use will be able to fully control the device. In the process of electronic data forensics of mobile phones, direct data extraction or full image mirroring of mobile phones is adopted, and in most cases, it depends on whether the root permission of the mobile phone can be successfully obtained.
Second, determine whether the meaning of Root
Only by effectively determining whether the smart mobile device is Root, can it effectively choose which way to use the smartphone for forensics. Whether it's mirror backup of your smartphone after Root, fast data extraction directly from your phone, or mirror backup of your smart device directly, Roo is a critical step.
Since most smartphones do not have root privileges, they are often taken by third-party application team phones. At present, the well-known root software in China has 360Root, Root Elf, KingRoot and other software.
360Root
Third, how to determine whether the phone has obtained full root permissions
1.su file judgment
Most of the access to Root permissions on the market is based on the modification of the open source su.c, and even some software is just refactoring the interface. Therefore, if the smartphone is determined to be Root, the first step can be filtered by whether or not the su file exists in the mobile phone.
a: Determine if the su file exists.
The su file generally exists in the system directory of the smartphone system, that is, the system directory, but the subfolders stored in the su file are different due to the use of different root tools. In most cases, the su file exists in the bin directory; in a small part, there are xbin and sbin directories; in other special cases, there is no system directory, but "/sbin/" exists directly, "/vendor/ Bin / " directory.
b: Determine if su has execute permission
If it is determined by the above steps that the su file already exists, the Process process is started, the ls -l permission is executed, and the result in the Process is output through Process.getInputStream, and the result is all the permissions on the su file. When the phone does not have a root, it is -rw-rw-rw-. Root will open the permissions to the user. When the character in the fourth position is x or s, the device has the execute permission of the su file.
Through the above steps, the initial determination of the root authority is completed. But this only confirms the possibility that the smartphone has the highest authority, and the second step is to complete the optimization of the permission decision.
2.Root authority optimization judgment
a: permission modification
The authority optimization judgment is to further detect the mobile phone after determining that the mobile phone has the su file in the first step. Also open the Process process, execute the permission modification instruction chmod 777 data, and execute the list display instruction ls -l data.
The chmod directive is a permission modification directive that modifies the target file to 777, which means that the directory is open to all users. The ls -l data command will display all the files or folders under the data directory and show the permissions of these targets.
b: result acquisition
By executing the instruction process.waitFor(), the result value after executing the above instruction is obtained and recorded as result. This value will be a sign that determines if the smartphone has obtained root privileges. At the same time, the result input stream process.getInputStream() is read, the result is recorded as successResult, and the error output stream process.getErrorStream() is read, and the result is recorded as errorResult. Return result, successResultc, errorResult to the data processing interface.
c: logical processing
Judging the result of the result, when it is 0, it means that the smart device has the highest authority. In this case, it is necessary to further determine whether the permission is open.
Determine whether the errorMessage is empty. If it is empty, it means that it has been authorized. It has the highest authority for the third party. When the errorMessage is not empty, the delegate has obtained the highest authority, but it is not authorized to the application. At this time, you need to prompt the user to manually agree to allow the target application to use the highest authority.
When the result of the result is not 0, it means that the smart device does not obtain the root permission or does not authorize the application.
Note: When the result of the result is not 0, its return value cannot be accurately determined because after testing for multiple Root tools, the values ​​returned by each tool are different when there is no authorization or no Root. As far as the current results are concerned, the return value of kingRoot is fixed when it is not authorized for the application; other tools are not fully confirmed, so further optimization can be continued from this aspect.
[Summary: Only by determining whether the smartphone is a successful Root, can you effectively choose which method to use for data extraction from the smartphone. In this issue, the data recovery of the Sichuan Provincial Key Laboratory researchers introduced the su file determination and Root permission optimization decision program, can effectively determine whether the smartphone is successful Root. At present, this method has been successfully applied in the efficiency source MTF mobile phone visual tracking and forensics system and the SPA7100 smart phone fast acquisition system, which greatly improved the efficiency of the forensic personnel. 】
Hair Salon Tools,Salon Scissors,Hairdressing Tools,Hair Salon Tools For Sale
Xuchang Le Yi De Import And Export Trade Co., Ltd. , https://www.lileaderbeauty.com