AERoot (Android Emulator ROOTing system)
AERoot is a command line tool that allows you to give root rights on-the-fly to any process running on the Android emulator with Google Play flavors AVDs.
This project is a rewrite from scratch of the android-emuroot tool (https://github.com/airbus-seclab/android_emuroot). It comes with new features:
- Recent AVDs support (Android API > 27)
- Execution time optimization
- Selection of a process by its PID
Compatible AVDs
| Release Name | API Level | ABI | Target |
|---|---|---|---|
| Nougat | 24 | x86 | Android 7.0 (Google Play) |
| Nougat | 25 | x86 | Android 7.1.1 (Google Play) |
| Oreo | 26 | x86 | Android 8.0 (Google Play) |
| Oreo | 27 | x86 | Android 8.1 (Google Play) |
| Pie | 28 | x86 | Android 9.0 (Google Play) |
| Pie | 28 | x86_64 | Android 9.0 (Google Play) |
| Q | 29 | x86 | Android 10.0 (Google Play) |
| Q | 29 | x86_64 | Android 10.0 (Google Play) |
| R | 30 | x86 | Android 11.0 (Google Play) |
| R | 30 | x86_64 | Android 11.0 (Google Play) |
Installation
git clone https://github.com/quarkslab/AERoot.gitpip3 install -r requirements.txtQuick-start
First of all, you must launch the Android emulator with the gdb qemu option (-qemu -s).
emulator @Your_AVD -qemu -sThen run aeroot.py by choosing the mode among:
- pid: give root rights to a process selected by its PID.
- name: give root rights to a process selected by its name.
- daemon: give root rights to the ADB daemon, so shells created with adb shell will automaticaly have root rigths.
Usage
aeroot.py [-h] [--verbose | --quiet] [--device DEVICE] [--host HOST] [--port PORT] {name,pid,daemon} ...Examples
pid mode example
aeroot.py pid 1337Gives root rights to the process with pid 1337
name mode example
aeroot.py name my_processGives root rights to the process named "my_process"
daemon mode example
aeroot.py daemonGives root rights to the ADB daemon
Additional options
You can find additional options by checking the help of the tool: aeroot.py -h