Run as root on some Android

This post may be interesting for you if both the following conditions are true:

  • Your Android device is not rooted
  • You may connect as root to your android device, but only through a PC and adb

In such cases, here is a trick to be able to run commands as root from your android device, even when it is not connected to your PC. It has been tested on Lollipop.

First, I assume that you have some kind of terminal application; if not, I recommend you to install Termux and optionally the Hacker’s keyboard. Note that when you launch such a terminal, you cannot execute commands as root because every android application runs as unprivileged user. If your tablet is not rooted, then you also do not have access to the su executable to gain root privileges.

Conversely, when you connect to your tablet through adb, you may have access to the su command, which is typically located in /system/xbin/su, because adb gives you an admin terminal and does not run within an apk sandbox.

So the trick consists in doing the following, while running an adb terminal:

  • cd into a directory that accepts executable (so not your SD card) and where you can write. A good place is the Termux user home directory, typically located at /data/data/com.termux/files/home where you also have access via adb, because you’re root.
  • create a named pipe where you’ll be able to write commands to run as root later on:
    mknod cc p
  • write, as root, the following shell script
    while [ 1 ]; do
        a=$(cat cc)
  • execute this root forever loop in the background:
    nohup sh &
  • deconnect from adb and your PC

Now within termux on your tablet, whenever you want to run a command as root, you just have to write the command into the named pipe; the adb loop that is sill running will read this command from the pipe and execute it as root.

Written on July 14, 2017