Home

Awesome

Python version Linux macOS Codestyle

AERoot

AERoot is a command line tool that allows you to give the root privileges on-the-fly to any process running on the Android emulator with Google Play flavors AVDs.

This project is a rewrite from scratch of the android-emuroot tool (https://github.com/airbus-seclab/android_emuroot). It comes with new features:

Compatible Kernels

Kernelx86x86_64Android version
3.10.0+7.0 / 7.1
3.18.56+8.0
3.18.91+8.1
4.4.124+9.0
4.14.112+9.0 + 10.0 (TV / Automotive)
5.4.36-00815-g3b29042c17b110.0
5.4.43-00621-g90087296b3b110.0
5.4.47-01061-g22e35a1de44010.0
5.4.54-android11-0-00619-g476c942d9b3e-ab672272311.0
5.4.61-android11-0-00791-gbad091cc4bf3-ab683393311.0
5.4.61-android11-2-00064-g4271ad6e8ade-ab699135911.0
5.4.86-android11-2-00006-gae78026f427c-ab759586411.0 (Automotive)
5.4.86-android11-2-00040-g29b2beadc627-ab715799411.0 (TV / Automotive)
5.10.4-android12-0-03442-gf2684370d34d-ab706893712.0
5.10.15-android12-0-01814-gfca78df78ef2-ab713707212.0
5.10.21-android12-0-01012-gcc574f0d3698-ab721456112.0
5.10.21-android12-0-01145-ge82381ad9a3f-ab723015312.0
5.10.35-android12-4-00865-gd9d0c09e0a3b-ab734903412.0
5.10.43-android12-6-00231-g54e7412d4ff9-ab746028912.0
5.10.43-android12-9-00001-ga30f38980440-ab788214112.0
5.10.66-android12-9-00022-g2d6a43c0364d-ab799290012.0 (TV)
5.10.66-android12-9-00041-gfa9c9074531e-ab791476612.0
5.10.102-android13-0-00549-g255b30f804ac-ab823811713.0 + 13.0 (TV)
5.10.107-android13-2-00451-g7ba447d0399b-ab840945713.0
5.15.32-android13-3-00067-g7b5e736d7c63-ab847466513.0
5.15.41-android13-6-02245-g158384f20d1e-ab861010013.0
5.15.41-android13-8-00205-gf1bf82c3dacd-ab874724713.0
5.15.41-android13-8-00055-g4f5025129fe8-ab894991313.0
5.15.83-android14-5-00138-g5e28b848962c-ab941282514.0
6.1.12-android14-0-00356-g116e1532b95d-ab961866514.0
6.1.21-android14-3-01811-g9e35a21ec03f-ab985078814.0
6.1.23-android14-4-00257-g7e35917775b8-ab996441214.0

Requirements

AERoot requires gdb (with Python support enabled) to run properly.

Installation

Last Release

pip install aeroot

Current version

git clone https://github.com/quarkslab/AERoot.git
python3 setup.py install --user

Docker

A Docker image of AERoot is available on dockerhub.

Also, you can build an image by yourself:

docker build -t aeroot https://github.com/quarkslab/AERoot.git

Linux

Usage

docker run --rm \
           -v $HOME/.emulator_console_auth_token:$HOME/.emulator_console_auth_token \
           --network host \
           ha0ris/aeroot [aeroot options]

Example

docker run --rm \
           -v $HOME/.emulator_console_auth_token:$HOME/.emulator_console_auth_token \
           --network host \
           ha0ris/aeroot daemon

macOS

Usage

docker run --rm \
           -v $HOME/.emulator_console_auth_token:$HOME/.emulator_console_auth_token \
           ha0ris/aeroot --host host.docker.internal [aeroot options]

Example

docker run --rm \
           -v $HOME/.emulator_console_auth_token:$HOME/.emulator_console_auth_token \
           ha0ris/aeroot --host host.docker.internal daemon

Quick-start

First of all, you must launch the Android emulator with the gdb qemu option (-qemu -s).

emulator @Your_AVD -qemu -s

Then run aeroot by choosing the mode among:

Usage

aeroot [-h] [--verbose | --quiet] [--device DEVICE] [--host HOST] [--port PORT] {name,pid,daemon} ...

Examples

pid mode example

aeroot pid 1337

Gives the root privileges to the process with pid 1337

name mode example

aeroot name my_process

Gives the root privileges to the process named "my_process"

daemon mode example

aeroot daemon

Gives the root privileges to the ADB daemon

Additional options

You can find additional options by checking the help of the tool: aeroot -h