general

Stories about Android Rooting and Termux on Android.

Some months ago, I decided to root my phone.

To keep it simple, Android phones have restrictions. For example, you can’t just change your boot screen, remove system apps or access app data and cache. The process called “rooting” removes those restrictions and gives you full control over your phone. Rooting is totally legal and there are even proved apps for rooted devices in the Play Store.

But let’s start at the beginning. As a passionate (web) developer, I was already interested in rooting a phone since I knew it was possible and even tried it with my old phone, a Redmi Note 8 Pro.

There has never been an actual reason to root my phone. But it got boring for me to use my phone by the time and as I read it is not that recommended to install other systems (“Custom ROMs”) on my phone, I decided to root it instead. So I just unlocked it and proceeded.

In order to root your phone, you need to “unlock” your phone. This is a process which is, in my case, even supported and offered by my phone manufacturer (Xiaomi) after a seven-day waiting period. So I unlocked my phone, which removes all the user data, and was now ready to move on.

But these days, I didn’t have any experience and just followed tutorials without back-checking. So I bricked my phone, causing a boot loop. As it was my old phone, I didn’t use much time for tries to fix it, and forgot about this topic for many months.

I understood how to root my phone: First, I needed to download the official system ZIP file for my phone. This file contains different image files for the different partitions.

I guess I need to explain how partitions work. Basically, partitions are parts of a SD-Card, SSD or Hard Drive, when we talk about a phone it’s usually the internal SSD storage. Every partition has an own file system and an own use case.

The data partition is the part where all user and app data are stored, whereas the system partition contains system apps and important stuff for the system. The recovery partition contains the recovery mode. The bootloader is the system which handles all the partitions and is meant to change them.

Finally, the boot partition. This partition contains the first processes which are started when the phone boots up. You don’t know this yet, but the “root” process, which we aim to get access for, is always the first process which is started when a phone boots up. So, this is the point where we have to look at.

Let’s get back to the ZIP file. So there is a file called “boot.img” which contains a copy of the boot partition for my phone. The regular use case of this is software updates or the fix of broken phones. For a software update, the ZIP file gets installed on the phone and updates all the partitions.

In this state, the “boot.img” file is useless for me as it only contains the code the Xiaomi Developers wrote. And, as almost any phone manufacturer, they lock the access to the “root” process. Important for us is an app called “Magisk” which we can download from the internet. This app can modify the “boot.img” file and convert it into a “boot_patched.img”.

You remember we “unlocked” the phone before? This was necessary to replace (“flash”) the boot partition. We reboot into the fastboot mode using a key combination, connect the phone to our PC and “flash” the new “boot_patched.img” file to the phone.

So, I thought everything was fine, until I rebooted the phone. Actually, it was “rooted” now but the WiFi didn’t work at all. After hours, I figured out I used a wrong ZIP file to get the “boot.img” file: I used an old system version. So I tried it again with the right one and – it worked!

Interesting things I was able to do now were to completely uninstall some system apps, change my boot animation and see app data.

But there were also a few troubles: My online banking refused to work due to security warning caused by the rooted phone. This wasn’t a problem first, as I was able to re-install it on a “Island” app called Insular, which simulated a second phone without root. But even though my phone recognized my phone’s inbuilt NFT for mobile payments, the phone refused to accept the Insular app as an appropriate payment app so, to sum up, I was not able to use online banking.

So I removed the root by flashing the original “boot.img” after some weeks as I really needed the mobile payment app. It worked, but some weeks later I recognized that another payment app, Google Pay, still didn’t work! I still don’t know if it’s caused by the “unlocked” phone, as I didn’t re-lock it.

After some months without root, I started PHP development on Android. For this, I installed Termux on my phone, which simulates a Linux environment and, to make it simple, is able to be used for programming and as a web server.

Here I have to introduce another concept to you: Ports. Every domain or IP adress has ports. Here is how ports work:

When you use your web browser to use google.com, your browser sends a request to google.com on port 443. Because 443 is the standard for secure web connections (https/ssl) the server (google.com) knows it has to serve the user a secure web connection. You can try it out: type google.com:443 in your browser and the result will be the same as without. But if your try some random port like google.com:4727, you won’t get any response because the server google.com doesn’t have a service running on port 4727. Even though the request reaches the server, it doesn’t know how to handle it.

As secure connections are hard to realize without pre-knowledge and tools, most private people like me use port 80, which stands for unsecure web connections (http).

Now let’s come back to my Termux web server. I configured it to use port 80 for my webserver, so my browser will automatically recognize the port without me having to append it manually. But here comes our problem: In Linux (Android is a Linux fork), the common ports (3- or 2-digit) are only usable with root access.

In a forum, I read that it should be possible to allow certain programs to use those ports even running as non-root (this is called File Capabilities). But this permission still needs to come from root.

So my plan was to root my phone, give the permission, and unroot it again. So I rooted my phone successfully and entered the command to give the permission. But when I tried to use the ports as a normal user, it still didn’t work.

It turned out this was a Termux issue. So I decided to unroot my phone again. But to not completely remove my root rights and to be independent from my PC in future, I decided to install TWRP.

TWRP is a replacement for the system recovery (which has barely any function except of rebooting and resetting). You may know the recovery mode, you can enter it by holding you power button and your volume up button for some seconds.

But as the recovery is, in case it is called, the first process to be executed on the phone, it has root rights, and not only this. As it is called before the boot partition, it can modify it, and, for example, root the phone.

This makes me independent from my PC, because I can now root my phone straight from the recovery menu. And even though my apps don’t have root access, I can at least control my phone with root access from the recovery mode.

But be careful if your phone is not officially supported by TWRP: Always have the normal “recovery.img” file in case it does not work.

Please remind you will lose your warranty if you root your phone in most cases and you lose your data if you unlock it. Also, rooting CAN be a security issue, but it won’t be in most cases.

If this doesn’t matter for you, I would recommend you to install TWRP, and, if you don’t care about the potential loss of mobile payment, to root it.