M 142: Rooting Android Studio's Emulator (15 pts)

What You Need for This Project

A computer with Android Studio and an emulator installed, which you prepared in a previous project.

Purpose

To gain root privileges on an Android device.

Start your Emulator

Start your emulator, as shown below.

Cloning the rootAVD Repository

The steps depend on your operating system. Follow the appropriate instructions below.

Mac Users
In a Terminal, execute these commands:
git clone https://github.com/newbit1/rootAVD.git cd rootAVD adb devices
If you see an error message saying "command not found", execute this command to fix the Path:
export PATH=$PATH:~/Library/Android/sdk/platform-tools
Then execute this command again:
adb devices

Windows Users
In a Web browser, go to
https://github.com/newbit1/rootAVD
Click the Code button. Click "Download ZIP", as shown below.
At the bottom of your Windows desktop, click the yellow folder icon to launch File Explorer.
Open your Downloads folder. Right-click the rootAVD-master.zip file and click "Extract All...," Extract.
Open a Command Prompt window and execute these commands:
cd Downloads cd rootAVD-master cd rootAVD-master adb devices
If you see an error message saying "Not found: adb", close the Command Prompt window.
Open an Administrator Command Prompt window and execute this command to fix the Path:
setx /M PATH "%PATH%;%userprofile%\appdata\local\android\sdk\platform-tools"
Close the Administrator Comand Prompt window and open a normal Comand Prompt window.
Then execute these commands:
cd Downloads cd rootAVD-master cd rootAVD-master adb devices

You should see your device listed, as shown below.

Using rootAVD

The steps depend on your operating system. Follow the appropriate instructions below.

Mac Users
In a Terminal, execute these commands:
./rootAVD.sh ListAllAVDs
You see a long list of commands for many Android versions.
Execute the command with the correct API number for your emulator, which is probably API 30, x86, ending in "ramdisk.img", as shown below:
./rootAVD.sh ~/Library/Android/sdk/system-images/android-30/google_apis_playstore/x86/ramdisk.img
A lot of messages scroll by, as shown below, and your emulator shuts off.

Windows Users
In the Command Prompt, execute this command:
rootAVD.bat ListAllAVDs
You see a long list of commands for many Android versions. Execute the correct one for your emulator, which is probably API 30, x86, ending in "ramdisk.img", as shown below:
rootAVD.bat %LOCALAPPDATA%\Android\Sdk\system-images\android-30\google_apis_playstore\x86\ramdisk.img
A lot of messages scroll by, and your emulator shuts off.

Cold Booting your Emulator

In Android Studio, in Device Manager, on the line showing your device, at the right side, click the down-arrow, and click "Cold Boot Now", as shown below.

If the device fails to boot up, you may need to repeat the cold boot process.

Opening a Root Shell

Make sure your Android device is visible and convenient--you only have ten seconds to react to a prompt.

In a Command Prompt or Terminal, execute these commands:

adb shell
su

A prompt appears on your Android device, as shown below.

Click GRANT.

You get a root shell, as shown below.

Troubleshooting
If you are too slow, you need to open Magisk on your emulator.
Follow prompts on your screen--you may need to reboot your phone and launch Magisk again.
In Magisk, there's an option to approve root access again. I think it's at the bottom of the main screen.

M 142.1: id (15 pts)
In your root shell, execute this command:
id
Find the text covered by a green box in the image below. That's the flag.

Sources

https://www.youtube.com/watch?v=JR4gDRYzY2c

Posted 10-7-22
PATH command fixed 10-17-11
Minor updates to instructions 3-13-23