Obtaining superuser rights without the help of a computer using the example of nexus7_2013.

instructions

• 1. Download the Towelroot application.
• 2. Make sure that in the settings/security section the box that allows installation from unknown sources is selected.
• 3.Install without paying attention to the following warning:
• {
  We do not recommend installing this application:
  towel root
  It contains code to bypass Android security.
  (checkbox) Install anyway (unchecked)
  (button) Do not install
  (button) Install anyway
  }
• 4. Check the appropriate box and click on the corresponding button.
• 5. Open the application and find the button called:
  "Make it ra1n"
• 6. We carefully remember its location, since then we will have to pause Talkback, otherwise we will get an error.
• 7. Temporarily unload TalkBack through the global context menu.
• 8. We activate the place that we remembered in points (5 and 6).
• There is no double tab required here, just one tap is enough.
• If you have a seeing person at hand, then it would be optimal to ask him to perform this simple action.
• 9. We wait for some time, approximately 10-15 seconds; if the device does not reboot, then we do it ourselves.
• 10. Install the supersu application.
• 11. Launch supersu. and we agree to the offer to update the binary file.
• 12. If all steps are completed correctly, then the phone can now use superuser rights.

Notes:

• List of supported devices for Towelroot. located
• If after launching supersu. you get a message -
  "failed to update binary file"
  then restart your device and try again.
• If this does not help you, then most likely you have not obtained superuser rights; to do this, try again, using the help of a sighted person to activate the “Make it ra1n” button.
• Before installing superuser rights, carefully study all the associated problems of incorrect use and voiding the warranty for your device...

I can’t install apps and games on Android due to security blocking.. This is not a problem; in this article you will learn how to open access to the installation.

If you downloaded games or applications from the Internet and want to install them on your Android, then you can see Android screen a message like this: “For security reasons, the installation of applications from unknown sources is blocked on the device.” The installation may also be blocked if you received the application via Bluetooth or Wi-Fi from another phone, computer, laptop, tablet or other device. All this, of course, is done for the safety of your Android, since now you can download and install a huge number of applications with a virus that can block your phone and extort money from the owner to unlock it. If you have a smartphone or tablet new version Android, then below you will find a link to the page with detailed information about installing or blocking unknown applications.

Never install applications and games from unknown sources on Android, especially if you downloaded them from the Internet. But if you know that files are from trusted sources or applications received via Bluetooth from another Android that you trust, then you can unblock installation from unknown applications and continue installation on Android.

Now let's see how to allow installation of applications on android from unknown sources. Before installing applications or games, go to the Android settings and look for the security item, then find the item unknown sources and check the box next to it. Now you can install applications on Android from unknown sources that have been blocked for security reasons. You can then uncheck the box again and thereby you will again block the installation of unwanted applications.

Also, if you have already started the installation and see a message about installation being prohibited on your device for security reasons, you can immediately allow the installation. When a message is displayed on the screen, there is also a link to settings; by clicking on it, we immediately get to the security item and we can check the box next to the item unknown sources and continue the installation you started. After such an installation, do not save the checkbox in the security settings, that is, you need to allow the installation of applications every time.

Do not install applications from unknown sources unless you are sure that there is no risk of virus infection. Applications can deduct money from your account, block your device, or damage your device.

Don’t forget to leave a review about whether this article helped or not, please indicate the device model so that you get the same helpful information for Android users.

• I hope this article helped you and you found the information how to install blocked applications on android from unknown sources.
• We kindly ask you to provide mutual assistance and share useful tips.
• Thank you for your responsiveness, mutual assistance and useful advice!!!

06-08-2019
00 o'clock 48 min.
Message:
Hello, everything you described on the topic “On Android, when installing applications and games, a message pops up that installation from unknown sources is blocked on the device.” read the recommendations d

13-06-2019
09 o'clock 19 min.
Message:
How to remove an administrator?

06-01-2018
6 p.m. 24 min.
Message:
Thank you! Well, I have a problem, can you tell me what to do if they write: Error parsing the package. What to do?

02-01-2018
15 o'clock 46 min.
Message:
Help, the phone has blocked the installation of an application not from Play Market. I downloaded it from Chrome, I click open but it doesn’t install

18-12-2017
11 o'clock 11 min.
Message:
Hello, everything you described on the topic “On Android, when installing applications and games, a message pops up that installation from unknown sources is blocked on the device.” I read the recommendations and did the same thing

31-10-2017
11 p.m. 05 min.
Message:
The trick is that my LG L70 doesn’t even allow me to check the box to remove the ban...

26-09-2017
00 o'clock 27 min.
Message:
I can’t click on the check mark, when I clicked on the check mark, it didn’t turn on for me

11-09-2017
03 o'clock 37 min.
Message:
Or you can write the article like this: Before installing applications or games, go to Android settings and look for the security item, then find the unknown sources item and check the box next to it.

28-03-2017
.. and life becomes longer .. without your snot in 6 paragraphs.
Message:
20 o'clock 06 min. I have a checkbox next to “Install software from unknown sources,” but the phone still blocks the installation. Meizu phone

17-12-2016
Note3. This is fine? I have never dealt with Meizu before.
Message:
20 o'clock 52 min. But I have another problem, and after 15-30 minutes, this item is always ticked from an unknown source. What I didn’t do - from Reset to factory settings, antivirus programs

05-12-2016
I installed it, but it keeps ticking and ticking. Help!
Message:
10 p.m. 52 min.

05-12-2016
Sofia, try uninstalling the application through the settings and applications there can be disabled or completely removed.
Message:
10 p.m. 05 min.

31-10-2016
Help! I downloaded the game from an unknown source and now I can’t delete it ((
Message:
There is a problem related to the fact that (due to a firmware bug), I do not have access to the "Security" tab in the settings. After entering this tab, it throws it to the slave. table, with a message like “The Settings application is not responding. How can I NOT activate the installation of “left” applications through the settings?

Here is one of best solutions upon receipt Root is right on smartphones and tablets without using a computer. Today this program received Root rights on its test smart Samsung Galaxy Nexus and Chinese tablet Freelander. One of the advantages of this particular version of the program from Chinese developers is that the program interface is completely translated into Russian. Read the instructions below on how to obtain root rights.

1. Download the Baidu application and install it on your device.
(Attention!!! When installing, Android may write to you that the application “Contains code to bypass Android protection.” Check the box and click “Install anyway”). Installation field, run the program and see an agreement from the author on Chinese. Click the Accept button as shown below.

2. If you are connected to the Internet at the current time and the program has found an updated version on its server, then you will be prompted to update the program version to the current one. I would do it this way. For now, I clicked Cancel and tried to get root [and if root was not obtained, then I would restart the program again and update it, and then try to get root again. (Below I will outline the same diagram only with the native Chinese program interface, to understand how to proceed if everything is in Chinese)

3. Now click the “Get root” button and wait for the program to complete. On my Nexus it worked for about 1 minute, on the Freelander tablet a little longer.

Voila. We see that root rights have been obtained.

And now, as promised above, I will post a small manual for obtaining the same Root rights, but with the understanding that the interface of the Baidu Root program is completely in Chinese:

1. Installation field: launch the program and see the agreement from the author in Chinese. Click right button circled in the picture below.

2. If you are connected to the Internet at the current time and the program has found an updated version on its server, then you will be prompted to update the program version to the current one. To update the version, click the right button, and not to update, click the left button. Usually the Chinese interface appears after the update.

Here is one of the best solutions for getting Root rights on smartphones and tablets without using a computer. Today, this program received Root rights on its test smart Samsung Galaxy Nexus and the Chinese Freelander tablet. One of the advantages of this particular version of the program from Chinese developers is that the program interface is completely translated into Russian. Read the instructions below on how to obtain root rights.

My video instructions for obtaining Root rights through Baidu Root

1. Download the Baidu Root application: and install it on your device.
(Attention!!! When installing the bucket, it may write to you that the application " Contains code to bypass Android security". Check the box and click " Install anyway"). Installation field, launch the program and see the agreement from the author in Chinese. Press the button Accept as shown below.

2. If you are connected to the Internet at the current time and the program has found an updated version on its server, then you will be prompted to update the program version to the current one. I would do it this way. So far I've pressed Cancel and tried to get root [and if root was not obtained, then I would restart the program again and update it, and then again try to get root. (Below I will outline the same diagram only with the native Chinese program interface, to understand how to proceed if everything is in Chinese.)].

3. Now press the button " Get root" and wait for the program to complete. On my Nexus it worked for about 1 minute, on the Freelander tablet a little longer.

Voila. We see that root rights have been obtained.

And now, as promised above, I will post a small manual on how to obtain the same Root rights, but with the understanding that the interface of the Baidu Root program is completely in Chinese.

1. Installation field: launch the program and see the agreement from the author in Chinese. Click the right button circled in the picture below.

2. If you are connected to the Internet at the current time and the program has found an updated version on its server, then you will be prompted to update the program version to the current one. To update the version, click the right button, to not update - left. Usually the Chinese interface appears after the update.

3. Now press to the blue button(I circled it in the picture) and wait for the program to complete.

We introduced you to a number of articles that clearly showed how easy Android apps really are. You don’t even need a disassembler for this, just a superficial knowledge of Java and the Smali language. Therefore, if your application is popular enough, know that it will be stolen and paid functions will be activated through simple manipulations. And if you decide to monetize it using advertising, it will be turned off.

Protecting an application is difficult, but it is possible. First of all, it’s worth it right away abandon the Pro/Lite distribution model. The application is very easy to remove from a smartphone, so a thief will only need to buy the application once, and then it can be distributed as is. Secondly, you need to take care code reverse protection. Decompiling Java code is easy, and changing the binary code does not require any special skills or tools. Thirdly, you need to make sure that even in the event of a successful hack, the application simply does not work. Then the hacker will have to solve two problems at once: hack the application and make the hacked version work.

So, we abandon the Pro version and begin the fight.

Hiding and obfuscating the code

The best way to protect application code from reverse is obfuscation, in other words, obfuscation of the bytecode so that it is unbearably difficult for the reverser to understand it. There are several tools that can do this. The simplest, but still effective one is in the composition Android Studio. This ProGuard.

To activate it, just add the line minifyEnabled true to the android → buildTypes → release section of the build.gradle file:

android( . . . buildTypes( release ( minifyEnabled true . . .

After this, Android Studio will start passing all “release” builds through ProGuard. As a result, the application will become more compact (by removing unused code), and will also receive some level of reverse protection. “Some” in the sense that ProGuard will replace the names of all internal classes, methods and fields with one or two letter combinations. This will indeed make the decompiled/disassembled code much more difficult to understand.

Next step - string encryption. This is especially useful if you store any sensitive data inside the application: identifiers, keys, REST API endpoints. All this will help the attacker navigate your code or extract important information from it.

You can encrypt strings different ways, for example using the Stringer or DexGuard tools. Advantage: Fully automated modification of existing code to implement string encryption. Disadvantage: price that is affordable for companies, but too high for an independent developer.

Therefore, we will try to do it on our own. In the simplest case, string encryption using Java is done like this:

public static byte encryptString (String message , SecretKey secret ) throws Exception ( Cipher cipher = null ; cipher .init (Cipher .ENCRYPT_MODE , secret ) ; return cipher .doFinal ( message . getBytes ( "UTF-8" ) ) ;

And the decoding is like this:

public static String decryptString (byte cipherText , SecretKey secret ) throws Exception ( Cipher cipher = null ; cipher = Cipher .getInstance ( "AES/ECB/PKCS5Padding" ) ; cipher .init ( Cipher . DECRYPT_MODE , secret ) ; return new String (cipher . doFinal ( cipherText ) , "UTF-8" ) ;

To generate a key, one line is enough:

public static SecretKey generateKey (String password ) throws Exception ( return secret = new SecretKeySpec(password.getBytes(), "AES");

The point is to write a simple desktop/mobile application in Java that will take all your strings as input and produce their encrypted versions as output. Next, you insert these strings into the main application instead of the original ones and in the places where they are accessed, call the decryptString() function.

As a result, the attacker simply will not be able to see the encrypted strings by decompiling the application. But, of course, he can write a simple decryptor based on the decompiled code of your encryptor. In other words, this is not a panacea, but string encryption will add another layer of complexity.

You can go even further and use one of the comprehensive Android application protection tools, such as AppSolid. It is again expensive, but it allows you to encrypt the entire application. This can really scare off many reversers, but there are a number of tools, including the paid Java decompiler JEB, which can remove such protection automatically.

You can also try to break your application into many small modules, as I already wrote in the article Writing modular applications for Android. This in itself is not a protection method, and it will hardly hinder the work of the reverser. But it will break off various automated systems application cracking. They simply won't be able to understand where to look for the code in the module.

Well, one last thing: it is necessary to remove (comment out) from the code all calls to the logger, that is, all calls to Log.d(), Log.v() and so on. Otherwise, an attacker will be able to use this information to understand the logic of the application.

Crash a hacked application

Okay, we spoiled the life of the reverser a little. It's time to do it again! But how can you tell if an app has been hacked? More precisely, how can it find out for itself? After all, the concepts of “hacked” and “not hacked” exist only in our heads, that is, these are concepts of a fairly high order that cannot be described algorithmically.

So it is, but not so. The fact is that inside the APK file there is a set of metadata that stores the checksums of absolutely all files in the package, and the metadata itself is signed with the developer’s key. If you change the application and package it again, the package metadata will change and the package will have to be signed again. And since the reverser does not and cannot have your developer key, it uses either a randomly generated one or a so-called test key.

Android itself will easily swallow such an application (it does not keep a database of all digital signatures of all possible Android developers), but we have our own digital signature, and we can verify it!

Verifying the digital signature

Actually, the method is quite simple. You need to insert a code into the application that will receive the hash of the key of the current digital signature of the package and compare it with the previously saved one. They match - the application was not repackaged (and hacked), no - we sound the alarm.

To get started, insert the following piece of code into the application (the deeper you hide it, the better):

public static String getSignature(Context context) ( String apkSignature = null ; try ( PackageInfo packageInfo = context.getPackageManager().getPackageInfo( context.getPackageName(), PackageManager.GET_SIGNATURES for (Signature signature : packageInfo .signatures ) ( MessageDigest md = MessageDigest .getInstance ( "SHA" ) ; md.update(signature.toByteArray()); apkSignature = Base64 .encodeToString (md .digest () , Base64 .DEFAULT ) ; Log .e ("DEBUG" , "SIGNATURE: " + apkSignature ) ; ) catch (Exception e) ( ) return apkSignature ;

Build, run the application and look at the execution log. There you will see the line SIGNATURE: 478uEnKQV+fMQT8Dy4AKvHkYibo=. This is the hash. It must not only be remembered, but placed in the application code as a constant, for example under the name SIGNATURE. Now remove the Log.e... line from the code and add the following method:

public static boolean checkSignature(Context context) ( return SIGNATURE .equals ( getSignature ( context ) ) ;

He will just check the saved hash with the hash of the key, which is in this moment application signed. The function returns true if the digital signature is yours (the application has not been rebuilt), and false if it has been modified. What to do in the second case is up to you. You can simply terminate the application with os.exit(0) or you can crash it, for example by calling a method on an uninitialized object or accessing a non-existent array value.

But remember: an attacker can simply cut out your digital signature verification code and it will never work (this is also true for the code given below). Therefore, hide it in an unobvious place, and encrypt the hash of the original key, as shown above.

Checking the installation source

Another protection method is to find out where the application was installed from. The logic here is simple: if the installation source is the Play Store, then everything is fine, this is an original, unpackaged application. If not, Varez downloaded from the forum and installed from a memory card or from a black market.

You can find out where the application was installed from in one line, and the function itself that does this might look like this:

public static boolean checkInstaller(Context context) ( final String installer = context .getPackageManager() .getInstallerPackageName(context .getPackageName()) ; return installer != null & amp ; & & installer.startsWith("com.android.vending");

As usual: true - everything is fine, false - Houston, we have problems.

Determining the emulator

Some application reverse methods involve the use of an emulator. Therefore, it would be useful to add code to the application that checks whether it is running in a virtual environment. This can be done by reading the values ​​of some system variables. For example, standard Android emulator Studio sets these variables and values:

ro .hardware = goldfish ro .kernel .qemu = 1 ro .product .model = sdk

Therefore, after reading the values ​​of these variables, we can assume that the code is executed in the emulator:

public static boolean checkEmulator() ( try ( boolean goldfish = getSystemProperty ( "ro.hardware" ) ​​.contains ( "goldfish" ) ;