After researching on rooting processes low level details and techniques i found that it happens mostly through Buffer overflow to gain root access via running payload ( binaries ) at return call address of memory.
Method A ( BUffer Over flow to gain Root )
Buffer over flow as briefly i understood is it will :
1, exploit i.e tricking the buffer overflow and return calling address of procedure for further execution continuation. 2, inject the binary = payload , i.e actual code which do the job from that return address ( memory address ) from buffer to keep going the execution whcih actually do some act ( which still i am not able to understand in rooting case ) .
Method B Chain Fire SU flashing via recovery
the second method as refereed here
Question :
what is the difference between two methods... is method A is completely encapsulated in Method B ?? what i understand is that there that in method B there is
- *script --> which run do the exploit and then inject the binary
- the Binary ---> contains the code to remount the system as root post exploit ( post getting root rights by changing current UID of process) and deploy the su.apk file with su rights ?*
i am unable to understand how a complicated method of buffer overflow can encapsulated in just a zip can become just a matter of flashing to get root of latest device which even kingroot cannot root. .
can any one explain the binary part ( how actually get the root access ) in method A and what is the step by step thing in method B .