1. Are you ready for the Galaxy S20? Here is everything we know so far!

Test if Phone was Ever Root-ed

Discussion in 'Android Lounge' started by Thom, Oct 5, 2014.

  1. Thom

    VIP Member Thread Starter

    People buy phones from an untrusted sources.

    If the phone is un-root-ed I recommend that the first thing they do when they receive the phone is a Factory Data Reset.

    You can clearly determine if the phone is currently root-ed.

    Is there a guaranteed way to determine if it was ever root-ed? The scenario is ... untrusted source root-s the phone, makes a modification, un-root-s the phone, and sells it to someone with the hidden modification still in place.

    An example of an annoying problem verses a full blown attack would be ... untrusted source root-s phone, uninstalls some preinstalled software (AKA bloatware), remove root, and sells phone. Next owner later gets an OTA (over the air) system update to the phone and it fails because the pre-installed software is missing.

    ... Thom

    1. Download the Forums for Android™ app!


  2. Hadron

    Hadron Smoke me a kipper...
    VIP Member

    Interesting question. It would depend on how much effort someone went to to hide it and what phone model they have.

    For example, with an S-On HTC you could tell that the bootloader had been unlocked, even if it had since been relocked. Wouldn't tell you the current ROM had been altered, but would indicate that the phone had been modded at some point. But if the phone was S-Off you could reset the lock flag, then set the phone S-On, and there would be no indication.

    A Samsung with a tripped Knox fuse would be a give-away, but that's rather device-specific and hardly a general test.

    And if we assume the person removed both the SU app and the superuser binaries from the ROM I can't think of a simple way of telling from the system software.

    So the best I can think of is to check whether there are signs of the bootloader being unlocked. As noted above, someone who is really trying to hide it and knows what they are doing may well be able to, but it will at least provide an indication in many cases.

    Of course if they unrooted by flashing a complete set of official software of the right branding for the phone then there's no problem. Otherwise, if you want to be absolutely certain, that's what the buyer would have to do: reflash the phone completely.
    ocnbrze, mikedt and Thom like this.
  3. Thom

    VIP Member Thread Starter

    In Motorola a while back there was a single bit that was set if it was ever root-ed and there was no way to reset it other than to have the carrier re-flash the phone. I don't think that ever survived. (They were denying service to phones that were root-ed or ever had been root-ed.)

    The concern is consumer protection when buying a used phone ... especially for consumer who have no idea what root-ing is.

    Can they take any phone that they obtained this way to their carrier and have it re-flashed? That would guarantee the correct starting point for them.

    ... Thom
  4. Hadron

    Hadron Smoke me a kipper...
    VIP Member

    I've no experience of asking carriers to reflash a phone. I'd expect that they could do it if the phone was originally one of theirs (whether they would, what they'd charge, I don't know. I could imagine it depending who you spoke to).

    If not I don't know: for example, an HTC RUU package will check the customer ID, so if someone buys an HTC that was originally locked to a different network but has now been unlocked, the new carrier's RUU will refuse to update it. Of course there are ways, but I don't know how far the carrier would be prepared to go for the customer in this circumstance.

    But any phone, my guess is probably not. If the model isn't one the new carrier ever sold themselves I can't imagine they'd want to do anything.
  5. Thom

    VIP Member Thread Starter

    Yes I wrote "all" and I was thinking "any phone they sell".

    It seems pretty exposed to me.

    ... Thom
  6. mikedt

    mikedt 你好

    Think it depends on the phone, if you can tell if it was ever rooted or not. Many recent Samsungs have the Knox counter or e-fuse, which can't be user reset AFAIK. The whole idea of Knox is to ensure the phone hasn't been tampered with, integrity of the firmware and only authorised apps and services can start at boot, it's trusted secure boot. Verizon Droid phones might have a locked bootloader, and if it's unlocked, can the manufacturer's lock be restored or not. On the other hand things like Oppos, Xiaomis, Vivos and some other Chinese phones, can very easily be restored to a factory unrooted state, and there's absolutely no way of determining if they were ever rooted or not.
    Thom likes this.

Share This Page