How Rooting Is Achieved Programmatically?

I'm trying to get myself into more Android development lately and I have been curious about how rooting is done under the hood. Ideally, I would like to develop something myself th

Solution 1:

Rooting is essentially illegal privilege elevation. In most other spheres of computing it's considered a criminal massive exploit.

Depending on the make and model, rooting can be anything from flipping a few bytes via the world-read-writeable /dev/exynos-mem, which gives you access to any process's memory to elaborate kernel attacks or going after daemons on the device (e.g., adb).

For example, here is a popular exploit that's used in SuperOneClick. Skimming through it, it's some sort of buffer overflow, possibly on vold but as you can see it's not trivial to understand these exploits, let alone replicate them.