If you find yourself in need of testing something on a "rooted" android device and can't get a physical device to root then you can always use the Android Emulator through Android Studio.
Rooting is simply the act of allowing the user to execute commands on the device at the highest level of permissions. These are usually locked out of consumer devices but sometimes you need that level of access for devlopment, software testing or simply to experiment with something.
This guide will take you through rooting an Android Emulator so you can have full access to it and is inteded for educational purposes only.
If you should encounter any strange bugs during this process or any error messages not mentioned - I encourage you to copy the error message into Google as this will usually offer a solution through resources such as Stack Overflow or Reddit
I want to have root access to a Nexus 5X running Android 7.1
This is a very specific scenario, however it is something that Software Testers and Developers have come across before. Through this example we'll use this repo to solve that scenario.
- Firstly we need Android Studio; go here and download the version of Android Studio you need depending on your operating system.
- Open Android Studio
- Create a new Project (the exact details don't really matter)
- Navigate to Tools > SDK Manager
- On the next screen you'll see a list of different Android operating systems
- From this List, click the tick box labelled "Show Package Detils" in the lower right corner
- Scroll to the Android 7.1 section
- Here you'll find a lot of different types of System Images. For maxiumum compatibility choose "Google APIs Intel x86 Atom_64 System Image"
It's important to note at this stage that with the Google API versions of system images, you won't be able to access the Play Store so ensure you have a copy of any .apk files you want to install
- Tick the tickbox next to the "Google APIs Intel x86 Atom_64 System Image"
- Click Apply
This will install the system image and might take a few minutes
- Once finished, click Finish then OK to go back to the main Android Studio window
- Click 'Create Device' in the Device Manager section of Android Studio > If this isn't visable, you can find this by choosing the View > Tool Windows > Device Manager option
- On the Select Hardware window, choose Nexus 5
- Run the command
~/Library/Android/sdk/emulator/emulator -avd RootAVD -writable-system -selinux disabled -qemu
This will start your emulator from the command line and make the device writeable for the next steps, you will see output similar to the following)
- Open a new Terminal window or tab (Do not close the original one)
- Make sure your terminal is in the correct directory by running
cd /Users/<yourusername>/Library/Android/sdk/platform-tools
- Still on the Terminal and in the
platform-toolsfolder, run
./adb root
> You should see the response restarting adbd as root
- In the same Terminal Window, run
./adb remount
> You should see the response remount succeeded
- At this stage, download the files in this repo (usually by clicking the dropdown arrow next to Code near the top of this GitHub page) save the files as a .zip Extract the .zip to your Desktop, you should end up with a folder called 'SuperSU' on your Desktop
- Back in the Terminal, run the command
./adb install ~/Desktop/SuperSU/common/Superuser.apk
This has installed the 'SuperUser' application onto your emulated device
- You should see a response similar to
Performing Streamed Install - Success - In the same Terminal window, run the command
./adb push ~/Desktop/SuperSU/x86/su /system/xbin/su
This command will move a file from the downloaded files to your device that is needed for rooting the device. It's a binary file for the SuperUser app, there are several different versions of this based on the architecture of your system / application but I'll get into those shortly
- You should receive a response that includes something similar to
(253796 bytes in 0.107s)which means it's worked - In the same Terminal window - run the command
./adb shell chmod 0755 /system/xbin/su
This changes the inherent permissions of the 'su' file we just moved so we can run it, different chmod numbers do different things so if you need something different, please Google the exact number you need)
- You won't get a response from this command but that usually means it's worked. No error message means progress in this case.
- In the Terminal, run
./adb shell setenforce 0
This will change the enforcement policy so we can install the binary we need
- You probably won't get a response from this command either, don't worry about it.
- From the Terminal, run
./adb shell su --install
This installs the binary we just moved to work with the SuperUser app
- Again, no response from the Terminal, totally normal.
- Finally in this stage, from the Terminal run the command
./adb shell su --daemon&
This will allow the SuperUser app to run
- This command will give you a response, usually a number similar to the format of
[1] 87611
- On your emulated device, find and open the SuperSU app.
- You should see a message saying that the Binary needs updating
At this stage you have rooted your Android Enulator, however I always like to perform the following steps to make sure it's actually happened.
- From your Teminal window, run the command
./adb install ~/Desktop/SuperSU/common/Terminal.apk
You should see a response similar to
Performing Streamed Install - Success
- On your emulated device, open the newly installed "Terminal Emulator" app
- The following dialog popup will ask you if SuperSU should grant root access to this application, press Grant
- Open Command Prompt (CMD) as an Administrator
- Run the command
C:\Users\<username>\AppData\Local\Android\Sdk\emulator\emulator -avd RootAVD -writable-system -selinux disabled -qemu
This will start your emulator from the command line and make it writeable for the next steps
- Open a new Command Prompt window or tab as an Administrator (Do not close the original one)
- Make sure your Command Prompt is in the correct directory by running
cd C:\Users\<username>\AppData\Local\Android\Sdk\platform-tools
- Still on the Command Prompt and in the
platform-toolsfolder, run
adb root
- You should see the response
restarting adbd as root - In the same Command Prompt Window, run
adb remount
- You should see the response
remount succeeded - At this stage, download the files in this repo (usually by clicking the dropdown arrow next to Code near the top of this GitHub page) save the files as a .zip Extract the .zip to your Desktop, you should end up with a folder called 'SuperSU' on your Desktop
- Back in the Terminal, run the command
adb install C:\Users\<username>\Desktop\SuperSU\common\Superuser.apk
this has installed the 'SuperUser' application onto your emulated device
- You should see a response similar to
Performing Streamed Install - Success - In the same Command Prompt window, run the command
adb push C:\Users\<username>\Desktop\SuperSU\x86\su /system/xbin/su
- You should receive a response that includes something similar to
(253796 bytes in 0.107s)which means it's worked
This command will move a file from the downloaded files to your device that is needed for rooting the device. It's a binary file for the SuperUser app, there are several different versions of this based on the architecture of your system / application but I'll get into those shortly
Very important to remember that there are different direction slashes for different operating systems. Windows uses \ but android devices uses / so when interacting with both systems with commands like this make sure that you're using the right slashes in the right places.
- In the same Command Prompt window - run the command
adb shell chmod 0755 /system/xbin/su
This changes the inherent permissions of the 'su' file we just moved so we can run it, different chmod numbers do different things so if you need something different, please Google the exact number you need)
- You won't get a response from this command but that usually means it's worked. No error message means progress in this case.
- In the Command Prompt, run
adb shell setenforce 0
This will change the enforcement policy so we can install the binary we need
- You probably won't get a response from this command either, don't worry about it.
- From the Command Prompt, run
adb shell su --install
This installs the binary we just moved to work with the SuperUser app
- Again, no response from the Command Prompt, totally normal.
- Finally in this stage, from the Command Prompt run the command
adb shell su --daemon&
This will allow the SuperUser app to run
- This command will give you a response, usually a number similar to the format of
[1] 87611
- On your emulated device, find and open the SuperSU app.
- You should see a message saying that the Binary needs updating
At this stage you have rooted your Android Enulator, however I always like to perform the following steps to make sure it's actually happened.
- From your Teminal window, run the command
adb install C:\Users\<username>\Desktop\SuperSU/common/Terminal.apk
You should see a response similar to
Performing Streamed Install - Success
- On your emulated device, open the newly installed "Terminal Emulator" app
- The following dialog popup will ask you if SuperSU should grant root access to this application, press Grant
As mentioned previously; there are several different architecture configurations for different devices (arm, arm64, armv7, x64, x86 and more) In the files of this project you'll find similar files for those architectures. Simply change the x86 to your desired architecture in the ./adb push ~/Desktop/SuperSU/x86/su /system/xbin/su command
You can make this a bit easier by using variables in the path. For example on Windows you could have C:\Users\<username>\AppData\Local\Android\Sdk saved as the variable SDK_PATH so you would only need to type in %SDK_PATH%\emulator for example
To set a variable on Windows run the command "set VARNAME=VARVAULE" so for this example I'd type set SDK_PATH=C:\Users\<username>\AppData\Local\Android\Sdk
I could then check this has worked by using the echo command with echo %SDK_PATH% which should print out the full file directlry that I saved
To set a veriable on MacOS run the command "export VARNAME=VARVALUE" so in this example I'd type export SDK_PATH=/users/<username>/Library/Android/sdk
I could then ensure that's worked by using the echo command with echo $SDK_PATH which should print out the full file directory that I saved.
~/Library/Android/sdk/emulator/emulator -avd RootAVD -writable-system -selinux disabled -qemu
cd /Users/<yourusername>/Library/Android/sdk/platform-tools
./adb root
./adb remount
./adb install ~/Desktop/SuperSU/common/Superuser.apk
./adb push ~/Desktop/SuperSU/x86/su /system/xbin/su
./adb shell chmod 0755 /system/xbin/su
./adb shell setenforce 0
./adb shell su --install
./adb shell su --daemon&
Open SuperSU on the device
You're done!
C:\Users\<username>\AppData\Local\Android\Sdk\emulator\emulator -avd RootAVD -writable-system -selinux disabled -qemu
cd C:\Users\<username>\AppData\Local\Android\Sdk\platform-tools
adb root
adb remount
adb install C:\Users\<username>\Desktop\SuperSU\common\Superuser.apk
adb push C:\Users\<username>\Desktop\SuperSU\x86\su /system/xbin/su
adb shell chmod 0755 /system/xbin/su
adb shell setenforce 0
adb shell su --install
adb shell su --daemon&
Open SuperSU on the device
You're done!