Always getting "Android version not supported. Aborting." in MAC about aeroot HOT 12 CLOSED

Hi! Thank you for the feedback.

I don't think the problem is with your host OS (even if I never tested AERoot on MAC).

Second: Install gdb (because you didnt tell me I will need it).
brew install gdb

I will add the requirement in the README file.

uname -rm return
"5.4.47-01061-g22e35a1de440 x86_64"

and ...
the ps command is not working in my OS !!

Are you running these commands on your host ? They are intented to be runned on Android through ADB.

So. Could you try: adb shell uname -rm (with your Android 11 running), then paste the output here ?

Regards.

from aeroot.

Wow, thank you Eric Le Guevel Ha0ris , for your very fast answer !
Here you are the output:
$ adb shell uname -rm
5.4.47-01061-g22e35a1de440 x86_64

Merci beaucoup
Thanks in advance.
Bonne journée.
Have a nice day!

from aeroot.

Currently, AERoot only support Android 11 R9 AVD (kernel 5.4.61-android11-0-00791-gbad091cc4bf3-ab6833933).
You can check the revision of your system image in this file: ANDROID_SDK_PATH/system-images/android-30/google_apis_playstore/x86_64/source.properties (Pkg.Revision).
I will implement the R10 (the last one) support soon, so you should consider upgrading your Android 11 system image.

Regards.

from aeroot.

Hi Eric, I downloaded a R9 version for you.
cat source.properties
Pkg.Desc=System Image x86 with Google Play.
Pkg.Revision=9
Pkg.Dependencies=emulator#30.0.4
AndroidVersion.ApiLevel=30
SystemImage.Abi=x86
SystemImage.TagId=google_apis_playstore
SystemImage.TagDisplay=Google Play
SystemImage.GpuSupport=true
Addon.VendorId=google
Addon.VendorDisplay=Google Inc.

So It will use the entry:
"5.4.61-android11-0-00791-gbad091cc4bf3-ab6833933 i686": {
"name": "Android 11.0 (R) x86",
"gdb_arch": "x86_64",
"offset_to_comm": 1808,
"offset_to_parent": 1368,
"offset_to_tasks": 1096,
"offset_to_creds": 1792,
"offset_to_init_ptr": -1379768,
"offset_to_pid": 1352,
"kernel_ptr": 18446741874686296388,
"selinux_offset": 1703193,
"ptr_size": 8,
"enforce_size": 1,
"ps_name_cmd": "ps -A",
"ps_pid_cmd": "ps -A -o pid="
},

But
$ps aux | grep qemu
USER 37255 14.6 19.6 7740052 1648020 ?? S 4:39PM 10:11.93 /Users/USER/Library/Android/sdk/emulator/qemu/darwin-x86_64/qemu-system-x86_64 -netdelay none -netspeed full -avd API_30

$ python3 aeroot.py pid 37255
AERoot (Android Emulator ROOTing system) v. 0.2
_ _ _ _
|| ( \ ( ) ( )
( / \ \ | || |
| (|_| \ \ ( _ )
( ) ()) ) | () |
/_||) | / / ( _ )
_) / / | | | |
|| (/ () (_)

[+] Detected: Android 11.0 (R) x86
[!] Process [37255] is not running. Aborting.
[+] Exiting.

Have a nice weekend!

from aeroot.

Hi!

With the pid mode you have to specify the guest process you want to root not the pid of the emulator.

For example:

First spawn a new shell with adb:
adb shell

then in this new shell, just type ps. It will give you something like this:

USER            PID   PPID     VSZ    RSS WCHAN            ADDR S NAME                       
root           5180    389 10755080  2644 __x64_sys+          0 S sh
root           5182   5180 10758192  3272 0                   0 R ps

From your host run aeroot with the pid of this shell:

python3 aeroot pid 5180 

Finally in the android shell, type to confirm you are actually root:

id

this should give you an output like this:

uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc),3011(uhid) context=u:r:shell:s0

If you just want something like adb root, I recommend you to use the daemon mode: python3 aeroot.py daemon
Then, any shell you'll spawn with adb shell after that will be root privileged.

Have a nice weekend too.

from aeroot.

Hello Eric,
Thank you for teaching me and your patience.
I got the PID of __ia32_co+
and after run it
[+] Detected: Android 11.0 (R) x86
[+] Search for [7926] process in memory (this may take a while) ...
[!] Gdb timed out. Make sure gdbserver is running on guest (-qemu -s).
[+] Exiting.

Do you know how to check it on guest (inside the emulator) ?

from aeroot.

Hello Eric,
Thank you for teaching me and your patience.
I got the PID of __ia32_co+
and after run it
[+] Detected: Android 11.0 (R) x86
[+] Search for [7926] process in memory (this may take a while) ...
[!] Gdb timed out. Make sure gdbserver is running on guest (-qemu -s).
[+] Exiting.

Do you know how to check it on guest (inside the emulator) ?

Hi. When you start your emulator, you must specify -qemu -s in the command line like that:

emulator -avd API_30 -qemu -s

Without this option, this is no gdbserver running on qemu, so AERoot can't work properly.

from aeroot.

Hello Eric,
After run
$ ./emulator -netdelay none -netspeed full -avd API_30_1 -qemu -s
emulator: WARNING: Ignoring invalid http proxy: Bad format: invalid proxy name
emulator: INFO: boot completed
emulator: INFO: boot time 32284 ms
emulator: Increasing screen off timeout, logcat buffer size to 2M.
emulator: Revoking microphone permissions for Google App.

[+] Detected: Android 11.0 (R) x86
[+] Search for [4977] process in memory (this may take a while) ...
[!] [4977] process not found in memory. Aborting.
[+] Exiting.

Do you know what that means?
Thanks in advance.

from aeroot.

Hi.

Could you try to run: python3 aeroot -v daemon, then paste the output here ?

Thank you in advance.

from aeroot.

Thank you for all your support.
$ python3 aeroot.py -v daemon
AERoot (Android Emulator ROOTing system) v. 0.2
[-] Loading xxxx/AERoot/config.json ...
[+] Detected: Android 11.0 (R) x86
[-] [adbd] process is running
[+] Search for [adbd] process in memory (this may take a while) ...
[-] Init task_struct found at: -0x448
[-] Looking at 0xf000ff53f000de7b - []
[!] [adbd] process not found in memory. Aborting.
[+] Exiting.

Thank you in advance.

from aeroot.

I am not 100% sure, but it may be due to the KASLR bypass.

You should try the experimental branch.
And also, since Android 11, this may take some time for the kernel to be correctly mapped into virtual memory, so you should wait few seconds after your Android starts running to run aeroot.

from aeroot.

The issue should be fixed as the experimental has been merged in master.
There still a problem (sometimes) with the emulator cold boot on macOS. A workaround has been added at the end of the README.

from aeroot.