我试图让自己进入更多的Andr​​oid的发展，最近，我一直好奇如何生根的引擎盖下完成的。理想情况下，我想开发自己的东西，这将根的电话，即使它只是一个手机了。

我已经扎根所有Android手机我有​​，有一个很好的理解它是如何工作还怎么做。我也很熟悉Linux和大部分背后的概念。我一直无法找到是怎么样的SuperOneClick或Galaxy Nexus的工具包工具的创建和他们引擎盖下做给你root权限。

实际上需要做的编程水平来获得root访问权限是什么？我将如何让自己的应用程序/包来做到这一点？这是只有通过使用战功获得？

生根本质上是非法的权限提升。在计算它被认为是的犯罪其他大多数领域大规模的攻击。

根据不同的品牌和型号，生根可以经由全球可读写翻转几个字节是什么的/ dev /的Exynos-MEM ，它给你的访问任何进程的内存来阐述核攻击或设备上的守护进程会后（例如，亚洲开发银行）。

例如，这里是一种流行的利用这一点在SuperOneClick使用。通过它略读，这是某种形式的缓冲区溢出，可能在 vold的但你可以看到它的不平凡，了解这些漏洞，更不用说复制它们。

I'm trying to get myself into more Android development lately and I have been curious about how rooting is done under the hood. Ideally, I would like to develop something myself that will root a phone, even if it's just one phone for now.

I have rooted all Android phones I have and have a good understanding of how it works and also what to do. I am also very familiar with Linux and most of the concepts behind it. What I have been unable to find is how tools like SuperOneClick or the Galaxy Nexus Toolkit are created and what they do under the hood to give you root access.

What actually needs to be done at the programming level to gain root access? How would I go about making my own application/package to do this? Is this only obtainable through the use of exploits?

Rooting is essentially illegal privilege elevation. In most other spheres of computing it's considered a criminal massive exploit.

Depending on the make and model, rooting can be anything from flipping a few bytes via the world-read-writeable /dev/exynos-mem, which gives you access to any process's memory to elaborate kernel attacks or going after daemons on the device (e.g., adb).

For example, here is a popular exploit that's used in SuperOneClick. Skimming through it, it's some sort of buffer overflow, possibly on vold but as you can see it's not trivial to understand these exploits, let alone replicate them.