AERoot is a command line tool that allows you to give the root privileges on-the-fly to any process running on the Android emulator with Google Play flavors AVDs.
This project is a rewrite from scratch of the android-emuroot tool (https://github.com/airbus-seclab/android_emuroot). It comes with new features:
- Recent AVDs support (Android API > 27)
- Execution time optimization
- Selection of a process by its PID
Compatible Kernels
| Kernel | x86 | x86_64 | Android version |
|---|---|---|---|
| 3.10.0+ | ✓ | 7.0 / 7.1 | |
| 3.18.56+ | ✓ | 8.0 | |
| 3.18.91+ | ✓ | 8.1 | |
| 4.4.124+ | ✓ | ✓ | 9.0 |
| 4.14.112+ | ✓ | ✓ | 9.0 + 10.0 (TV / Automotive) |
| 5.4.36-00815-g3b29042c17b1 | ✓ | ✓ | 10.0 |
| 5.4.43-00621-g90087296b3b1 | ✓ | ✓ | 10.0 |
| 5.4.47-01061-g22e35a1de440 | ✓ | ✓ | 10.0 |
| 5.4.54-android11-0-00619-g476c942d9b3e-ab6722723 | ✓ | ✓ | 11.0 |
| 5.4.61-android11-0-00791-gbad091cc4bf3-ab6833933 | ✓ | ✓ | 11.0 |
| 5.4.61-android11-2-00064-g4271ad6e8ade-ab6991359 | ✓ | 11.0 | |
| 5.4.86-android11-2-00006-gae78026f427c-ab7595864 | ✓ | 11.0 (Automotive) | |
| 5.4.86-android11-2-00040-g29b2beadc627-ab7157994 | ✓ | ✓ | 11.0 (TV / Automotive) |
| 5.10.4-android12-0-03442-gf2684370d34d-ab7068937 | ✓ | 12.0 | |
| 5.10.15-android12-0-01814-gfca78df78ef2-ab7137072 | ✓ | 12.0 | |
| 5.10.21-android12-0-01012-gcc574f0d3698-ab7214561 | ✓ | 12.0 | |
| 5.10.21-android12-0-01145-ge82381ad9a3f-ab7230153 | ✓ | 12.0 | |
| 5.10.35-android12-4-00865-gd9d0c09e0a3b-ab7349034 | ✓ | 12.0 | |
| 5.10.43-android12-6-00231-g54e7412d4ff9-ab7460289 | ✓ | 12.0 | |
| 5.10.43-android12-9-00001-ga30f38980440-ab7882141 | ✓ | 12.0 | |
| 5.10.66-android12-9-00022-g2d6a43c0364d-ab7992900 | ✓ | 12.0 (TV) | |
| 5.10.102-android13-0-00549-g255b30f804ac-ab8238117 | ✓ | ✓ | 13.0 + 13.0 (TV) |
Requirements
AERoot requires gdb (with Python support enabled) to run properly.
Installation
Last Release
pip install aerootCurrent version
git clone https://github.com/quarkslab/AERoot.gitpython3 setup.py install --userDocker
A Docker image of AERoot is available on dockerhub.
Also, you can build an image by yourself:
docker build -t aeroot https://github.com/quarkslab/AERoot.gitLinux
Usage
docker run --rm \
-v $HOME/.emulator_console_auth_token:$HOME/.emulator_console_auth_token \
--network host \
ha0ris/aeroot [aeroot options]Example
docker run --rm \
-v $HOME/.emulator_console_auth_token:$HOME/.emulator_console_auth_token \
--network host \
ha0ris/aeroot daemonmacOS
Usage
docker run --rm \
-v $HOME/.emulator_console_auth_token:$HOME/.emulator_console_auth_token \
ha0ris/aeroot --host host.docker.internal [aeroot options]Example
docker run --rm \
-v $HOME/.emulator_console_auth_token:$HOME/.emulator_console_auth_token \
ha0ris/aeroot --host host.docker.internal daemonQuick-start
First of all, you must launch the Android emulator with the gdb qemu option (-qemu -s).
emulator @Your_AVD -qemu -sThen run aeroot by choosing the mode among:
- pid: give the root privileges to a process selected by its PID.
- name: give the root privileges to a process selected by its name.
- daemon: give the root privileges to the ADB daemon, so shells created with adb shell will automaticaly have root rigths.
Usage
aeroot [-h] [--verbose | --quiet] [--device DEVICE] [--host HOST] [--port PORT] {name,pid,daemon} ...Examples
pid mode example
aeroot pid 1337Gives the root privileges to the process with pid 1337
name mode example
aeroot name my_processGives the root privileges to the process named "my_process"
daemon mode example
aeroot daemonGives the root privileges to the ADB daemon
Additional options
You can find additional options by checking the help of the tool: aeroot -h