WannaCry Decryption Tool Released - Unlock Data Without Paying Ransom

You all might be knowing about WannaCry – the ransomware that spread across the world last Friday. This is the malware that took down PCs from all over the world and encrypted the data on all these PCs, asking people to pay ransom in order to get their data back.

To know more about this ransomware, click here..
To know about how to prevent yourself from this ransomware, click here..

If your PC has been infected by WannaCry, you might be lucky to get your locked files back without paying the ransom of $300 to the cyber criminals.

Adrien Guinet, a French security researcher from Quarkslab, has discovered a way to retrieve the secret encryption keys used by the WannaCry ransomware for free, which works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems. That means it would work on all the versions of windows from XP to 7.

Introduction

Yesterday, Adrien Guinet published a tool called wannakey to perform RSA key recovery on Windows XP. His tool is very ingenious as it does not look for the actual key but the prime numbers in memory to recompute the key itself. In short, his technique is totally bad ass and super smart.

Although, some file format issue happened with the exported key that didn’t make it compatible with other tools such as wanadecrypt from Benjamin Delpy (@gentilkiwi) on Windows XP, as the Windows Crypt APIs on Windows XP are expecting a very strict input to work unlike Windows 10.

This method relies on finding prime numbers in memory if the memory hasn’t be reused — this means that after a certain period of time memory may get reused and those prime numbers may be erased. Also, this means the infected machine should not have been rebooted.

After reading all the above paragraphs, you might still be wondering - What is this..! So, let me make you understand this using how this tool works. It would be easier for to understand.

How the WannaCry Decryptor works?

First of all, to understand how to decrypt a file, one should know how the file was encrypted... The same was done by security expert "Guinet".

The WannaCry's encryption scheme works by generating a pair of keys on the victim's computer that rely on prime numbers, a "public" key and a "private" key for encrypting and decrypting the system’s files respectively.

To prevent the victim from accessing the private key and decrypting locked files himself, WannaCry erases the key from the system, leaving no choice for the victims to retrieve the decryption key except paying the ransom to the attacker.

Click to view full size image

The above image contains the source code of the file which starts the encryption process inside a system.

But here's the kick: WannaCry "does not erase the prime numbers from memory before freeing the associated memory," says Guinet.

Based on this finding, Guinet released a WannaCry ransomware decryption tool, named WannaKey, that basically tries to retrieve the two prime numbers, used in the formula to generate encryption keys from memory.

"It does so by searching for them in the wcry.exe process. This is the process that generates the RSA private key. The main issue is that the CryptDestroyKey and CryptReleaseContext does not erase the prime numbers from memory before freeing the associated memory." says Guinet

Hence, the basic idea of this tool is to fetch the prime numbers -which were used to form the private key- from the memory space. Hence, this would only be possible if the numbers in memory are not lost.

So, that means, this method will work only if:

• The affected computer has not been rebooted after being infected.
• The associated memory has not been allocated and erased by some other process.

"In order to work, your computer must not have been rebooted after being infected. Please also note that you need some luck for this to work , and so it might not work in every case!," Guinet says.

While WannaKey only pulls prime numbers from the memory of the affected computer, the tool can only be used by those who can use those prime numbers to generate the decryption key manually to decrypt their WannaCry-infected PC’s files.

This would not be possible for everyone to undertake a manual process and use an algorithm to make a decryption key with the help of prime numbers fetched. Hence, with a view to this, another security researcher, Benjamin Delpy, developed an easy-to-use tool called "WanaKiwi," based on Guinet's finding, which simplifies the whole process of the WannaCry-infected file decryption.

All victims have to do is download WanaKiwi tool from Github and run it on their affected Windows computer using the command line (cmd).

Steps to follow:

1. Download wanakiwi here
2. wanakiwi.exe needs to be in the same folder as your .pky file when you launch it
3. Have luck so that your prime numbers haven’t been overwritten from the process address space.

WanaKiwi works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008, confirmed Matt Suiche from security firm Comae Technologies, who has also provided some demonstrations showing how to use WanaKiwi to decrypt your files.

Although the tool won't work for every user due to its dependencies, still it gives some hope to WannaCry's victims of getting their locked files back for free from largely unsupported version of Microsoft's operating system. 

Read More

WannaCry 2.0 - It's not over yet..!

If you are following our news articles, by now you might be aware that a security researcher has activated a "Kill Switch" which apparently stopped the WannaCry ransomware from spreading further. But it's not true, neither the threat is over yet. However, the kill switch has just slowed down the infection rate.

So far, over 237,000 computers across 99 countries around the world have been infected, and the infection is still rising every hour. Even after the kill switch got triggered by the 22-years-old British security researcher who handles  'MalwareTech.', the spread of this malware is not stopable.

Introduction:

For those unaware, WannaCry is an insanely fast-spreading ransomware malware that leverages a Windows SMB exploit to remotely target a computer running on unpatched or unsupported versions of Windows.

 

Once infected, WannaCry also scans for other vulnerable computers connected to the same network, as well scans random hosts on the wider Internet, to spread quickly.

The SMB exploit, currently being used by WannaCry, has been identified as EternalBlue, a collection of hacking tools allegedly created by the NSA and then subsequently dumped by a hacking group calling itself "The Shadow Brokers" over a month ago.

Kill-Switch for WannaCry... But it's not over yet..! 

In my previous two articles (link for first, link for second), I had put together most of the information about this massive ransomware campaign, explaining how MalwareTech accidentally halted the global spread of WannaCry by registering a domain name hidden in the malware.

hxxp://www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com

The above-mentioned domain is responsible for keeping WannaCry propagating and spreading like a worm, as I previously explained that if the connection to this domain fails, the SMB worm proceeds to infect the system.

Fortunately, MalwareTech registered this domain in question and created a sinkhole – tactic researchers use to redirect traffic from the infected machines to a self-controlled system. (read his latest blog post for more details.)

So after all this, you would just be thinking that What's new in it..! So let me tell you what really happened next.

Matthieu Suiche, a security researcher, has confirmed that he has found a new WannaCry variant with a different domain for kill-switch function, which he registered to redirect it to a sinkhole in an effort to slows down the infections.

The newly discovered WannaCry variant works exactly like the previous variant that spread fright across the world Friday night. But, if you are thinking that activating the kill switch has completely stopped the infection, then you are mistaken. So why does the malware still spread after triggering the kill switch..!

Why triggering the Kill-Switch does not stop this malware?

To get answer to this question, you should first know about what the Kill Switch really did?  The kill-switch feature was in the SMB worm and not the ransomware module. Hence, triggering the kill switch, stopped the spreading of malware using the Windows SMB vulnerability. But the malware could still spread through emails and other modes.

Hence, triggering the switch just slowed down the malware but did not stop it successfully.

Since the kill-switch feature was in the SMB worm, not in the ransomware module itself., "WannaCrypt ransomware was spread normally long before this and will be long after, what we stopped was the SMB worm variant," said MalwareTech

You should know that the kill-switch would not prevent your unpatched PC from getting infected, in the following scenarios:

• If you receive WannaCry via an email, a malicious torrent, or other vectors (instead of SMB protocol).
• If by chance your ISP or antivirus or firewall blocks access to the sinkhole domain.
• If the targeted system requires a proxy to access the Internet, which is a common practice in the majority of corporate networks.
• If someone makes the sinkhole domain inaccessible for all, such as by using a large-scale DDoS attack.

MalwareTech also confirmed that "Mirai botnet skids tried to DDoS the [sinkhole] server for lulz," in order to make it unavailable for WannaCry SMB exploit, which triggers infection if the connection fails. But "it failed hardcore," at least for now.

In short, we just need to know that if the sinkhole server becomes inaccessible, then none can stop the power of WannaCry. Though one can be safe using the prevention measures mentioned in this article.

WannaCry 2.0 - The Ransomware with no kill-switch

Costin Raiu, the director of global research and analysis team at Kaspersky Labs, confirmed that his team had seen more WannaCry samples on Friday that did not have the kill switch.

Raiu from Kaspersky shared some samples, his team discovered, with Suiche, who analysed them and just confirmed that there is a WannaCrypt variant without kill switch, and equipped with SMB exploit that would help it to spread rapidly without disruption.

What's even worse is that the new WannaCry variant without a kill-switch believed to be created by someone else, and not the hackers behind the initial WannaCry ransomware. Hence, this work is now proved interesting to other hackers as well. And the threat would be rising as number of hackers start working to modify the code of this ransomware.

According to the news, this patched version was modified by someone else to disable the kill-switch. This task was done using a hex-editor. However, Suiche also confirmed that the modified variant with no kill switch is corrupted, but this doesn't mean that other hackers and criminals would not come up with a working one.

Even after WannaCry attacks made headlines all over the Internet and Media, there are still hundreds of thousands of unpatched systems out there that are open to the Internet and vulnerable to hacking.

"The worm functionality attempts to infect unpatched Windows machines in the local network. At the same time, it also executes massive scanning on Internet IP addresses to find and infect other vulnerable computers. This activity results in large SMB traffic from the infected host," Microsoft says.

WannaCry's Success Rate..!

Speaking to Britain's ITV, Europol chief Rob Wainwright said the whole world is facing an "escalating threat," warning people that the numbers are going up and that they should ensure the security of their systems is up to date.

"We are running around 200 global operations against cyber crime each year, but we've never seen anything like this," Wainwright said, as quoted by BBC. 

"The latest count is over 200,000 victims in at least 150 countries. Many of those victims will be businesses, including large corporations. The global reach is unprecedented.

Still this malware is spreading all over the internet and taking down computers. Stay safe and protect yourself else you know the consequences. Just take time to read the steps to prevent yourself from WannaCry Ransomware. Stay connected for more updates..

To join the discussion, you can connect with us by joining:
Facebook Group - https://www.facebook.com/groups/libraryofhacks/
Google+ Community - https://plus.google.com/u/0/communities/108097537597083648039

Read More

Protect against WannaCry Ransomware: Microsoft issues Patch for Unsupported Windows (XP, Vista, 8,...)

You might have read my previous article about - What is WannaCry and How it works? And now, it is the time to provide solution to prevent yourself from the WannaCry ransomware.

In the wake of the largest ransomware attack in the history that had already infected lakhs of Windows systems worldwide since last few days, Microsoft just took an unusual step to protect its customers with out-of-date computers.

We know that the older Windows systems such as  Windows XP, Vista, Windows 8, Server 2003 and 2008 Editions are no longer supported by Microsoft. Microsoft stopped supporting these systems with the release of newer windows versions. But still after this attack took place, Microsoft once thought about their users who were still using older windows versions and they found a patch for these older and unpatched(vulnerable) systems. This happens very rarely..

Microsoft has just released an emergency security patch update for all its unsupported version of Windows, including Windows XP, Vista, Windows 8, Server 2003 and 2008 Editions. So, if your organization, for some reason, is still running on Windows XP or Vista, you are strongly advised to download and APPLY PATCH NOW!

WannaCrypt, or also known as WannaCry, is a new ransomware that wreaked havoc across the world last night, which spreads like a worm by leveraging a Windows SMB vulnerability (MS17-010) that has been previously fixed by Microsoft in March.

A large number of successful infections of the WannaCry ransomware at an astonishing pace concludes that either significant number of users have not yet installed the security patch released in March (MS17-010) or they are still running an unsupported version of Windows for which Microsoft is no longer releasing any security update.

Fortunately, Windows 10 customers were not targeted in Friday’s attack. In March, Microsoft patched the vulnerability that the ransomware exploits—but only for newer Windows systems. That’s left older Windows machines, or those users who failed to patch newer machines, vulnerable to Friday’s attack. Hence if your are running on newer Windows version like Windows 10, then you are safe..!

"The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack," Microsoft says.

Now to see how to prevent from getting your PC affected with WannaCry, first we should know how it works. So let us see it first.

How WannaCry works?

Such ransomware infection typically leverages social engineering or spam emails as a primary attack vector, tricking users into downloading and executing a malicious attachment.

WannaCry is also leveraging one such social engineering trick, as FoxIT researchers uncovered one variant of the ransomware that is initially distributed via an email containing a link or a PDF file with payload, which if clicked, installs WannaCry on the targeted system.

Once executed, the self-spreading WannaCry ransomware does not infect the targeted computers immediately, as malware reverse engineers found that the dropper first tries to connect the following domain, which was initially unregistered:

hxxp://www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com

If the connection to the above-mentioned unregistered domain fails (which is obvious), the dropper proceeds to infect the system with the ransomware that would start encrypting files.

But if the connection is successful, the dropper does not infect the system with the WannaCry ransomware module.

How to prevent getting affected by WannaCry Ransomware?

A security researcher, tweeting as MalwareTech, did the same and registered the domain mentioned above, accidentally triggering a "kill switch" that can prevent the spread of the WannaCry ransomware, at least for now.

Malware Tech registered this domain by spending just £10, which makes the connection logic successful.

"In other words, blocking the domain with firewall either at ISP or enterprise network level will cause the ransomware to continue spreading and encrypting files," Microsoft warned.

If infected, the malware scans the entire internal network and spread like a worm into all unpatched Windows computers with the help of SMB vulnerability.

The SMB vulnerability has been identified as EternalBlue, a collection of hacking tools allegedly created by the NSA and then subsequently dumped by a hacking group calling itself "The Shadow Brokers" over a month ago.

Hence, one of the solutions to prevent yourself is this Kill Switch. But it is somewhat hard to be implemented. So, here are some more methods which can be helpful in this case.

Top 7 Steps that can protect you from WannaCry Ransomware

Currently, there is no WannaCry decryption tool or any other solution available, so users are strongly advised to follow prevention measures in order to protect themselves.

• Keep your system Up-to-date: First of all, if you are using supported, but older versions of Windows operating system, keep your system up to date, or simply upgrade your system to Windows 10.
• Using Unsupported Windows OS? If you are using unsupported versions of Windows, including Windows XP, Vista, Server 2003 or 2008, apply the emergency patch released by Microsoft today.
• Enable Firewall: Enable firewall, and if it is already there, modify your firewall configurations to block access to SMB ports over the network or the Internet. The protocol operates on TCP ports 137, 139, and 445, and over UDP ports 137 and 138.
• Disable SMB: Follow steps described by Microsoft to disable Server Message Block (SMB). (Click here to get easy steps..)
• Keep your Antivirus software up-to-date: Virus definitions have already been updated to protect against this latest threat.
• Backup Regularly: To always have a tight grip on all your important files and documents, keep a good backup routine in place that makes their copies to an external storage device that is not always connected to your PC.
• Beware of Phishing: Always be suspicious of uninvited documents sent an email and never click on links inside those documents unless verifying the source.

Important Update: If you are thinking that activating the kill-switch has completely stopped the WannaCry Ransomware, then you are mistaken. WannaCry 2.0 version has just arrived without any 'kill-switch' function. Get prepared for the next massive wave of ransomware attacks.

I will post more on WannaCry v2.0 in my next article as I have to maintain length of each article. So stay connected with us to stay Updated...! Thank you.

Read More

WannaCry Ransomware spreads all over the world..! - Everything you need to know

Organizations in dozens of countries have all been hit with the same ransomware program, a variant of "WannaCrypt," spouting the same ransom note and demanding $300 for the encryption key, with the demand escalating as time passes.

What has happened?

On May 12, 2017 a new variant of the Ransom.CryptXXX family (Detected as Ransom.Wannacry) of ransomware began spreading widely impacting a large number of organizations, particularly in Europe.

England's healthcare system came under a withering cyberattack Friday morning, with "at least 25" hospitals across the country falling prey to ransomware that locked doctors and employees out of critical systems and networks. It's now clear that this is not a (relatively) isolated attack but rather a single front in a massive digital assault.

A few hours ago, Spain’s Computer Emergency Response Team CCN-CERT, posted an alert on their site about a massive ransomware attack affecting several Spanish organizations. The alert recommends the installation of updates in the Microsoft March 2017 Security Bulletin as a means of stopping the spread of the attack.

So now as we have seen what has really happened in past few days, let us see the complete details of this ransomware and steps we should perform to protect ourselves from this attack.

What is WannaCry?

WannaCry encrypts data files and ask users to pay a US$300 ransom in bitcoins. The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days, the encrypted files will be deleted.

Click to view full size image

 It also drops a file named !Please Read Me!.txt which contains the ransom note.

Click to view full size image

The tool was designed to address users of multiple countries, with translated messages in different languages.

Click to view full size image

Note that the “payment will be raised” after a specific countdown, along with another display raising urgency to pay up, threatening that the user will completely lose their files after the set timeout. Not all ransomware provides this timer countdown.

To make sure that the user doesn’t miss the warning, the tool changes the user’s wallpaper with instructions on how to find the decryptor tool dropped by the malware.

Click to view full size image

For command and control, the malware extracts and uses Tor service executable with all necessary dependencies to access the Tor network. Hence, the IP address is hard to trace. Also, the malware is not spread through a single PC. Instead, they attackers used botnets to spread it and that makes it hard to be traced back.

The file extensions that the malware is targeting contain certain clusters of formats including:

1. Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi).
2. Less common and nation-specific office formats (.sxw, .odt, .hwp).
3. Archives, media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)
4. Emails and email databases (.eml, .msg, .ost, .pst, .edb).
5. Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd).
6. Developers’ sourcecode and project files (.php, .java, .cpp, .pas, .asm).
7. Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg, .aes).
8. Graphic designers, artists and photographers files (.vsd, .odg, .raw, .nef, .svg, .psd).
9. Virtual machine files (.vmx, .vmdk, .vdi).

WannaCry encrypts files with the following extensions, appending .WCRY to the end of the file name.

Countries infected with WannaCry

Currently, more than 45,000 attacks of the WannaCry ransomware in 74 countries around the world are recorded. Most of them happened in Russia. It’s important to note that our visibility may be limited and incomplete and the range of targets and victims is likely much, much higher.

Click to view full size image

How does it work?

The infection vector appears to work through a known vulnerability, originally exploited as "ETERNALBLUE" and developed by the National Security Agency. That information was subsequently leaked by the hacking group known as The Shadow Brokers which has been dumping its cache of purloined NSA hacking tools onto the internet since last year.

The virus appears to have originally spread via email as compressed file attachment so, like last week's Google Docs issue, make sure you confirm that you email's attachments are legit before clicking on them. Once it's on one system, it can easily spread across private networks using a flaw in the Windows SMB Server. (To know more about Windows SMB Zero-day Attack, click here.)

Once a vulnerable PC becomes infected, the computer will attempt to spread to other machines over the local network as well as over the internet. The ransomware will specifically scan for unpatched machines that have the Server Message Block vulnerability exposed.

Windows SMB Server flaw allows unauthorized remote access to PCs in the network, using the infected PCs as Botnets. Hence, this vulnerability is exploited and ransomware is spread.

Also, make sure your computers are using software that's still receiving security updates, and that you've installed the latest updates available. Microsoft released a fix for the exploit used as a part of its March "Patch Tuesday" release, but unpatched Windows systems remain vulnerable.

As this article is too long, I will post the steps to prevent yourself from this attack in my next article. So stay tunned..!

If you have any extra information that you would like to share, or if you want to make discussion on a topic, just post comments in the comment box provided below and I will surely help you out.!

Update: Wrote an article on how to prevent yourself from being encrypted via WannaCry Ransomware. To read the article, click here...!

Read More

Wiklileaks Claimed CIA's MitM Tool Used To Attack Computers On LAN..!

Wikileaks has published a new batch of the Vault 7 leak, detailing a man-in-the-middle (MitM) attack tool allegedly created by the United States Central Intelligence Agency (CIA) to target local networks.

Wikileaks has done this before too..! A month ago, they leaked the Vault 7 of CIA's Hacking Tools. And here they are again with a new tool of Vault 7. Since March, WikiLeaks has published thousands of documents and other secret tools that the whistleblower group claims came from the CIA. (Click here.. to read more about the tools in vault 7.)

This latest batch is the 7th release in the whistleblowing organization's 'Vault 7' series.

Dubbed Archimedes, the newly released CIA tool, dumped on Friday, purportedly used to attack computers inside a Local Area Network (LAN).

According to the leaked documents, this MitM tool was previously named 'Fulcrum' but later was renamed to 'Archimedes' with several improvements on the previous version, like providing a way to "gracefully shutting down the tool on demand," and adding "support for a new HTTP injection method based on using a hidden iFrame."

The leaked documents describe Archimedes as a tool that lets users redirect LAN traffic from a targeted computer through a malware-infected computer controlled by the CIA before the traffic is passed on to the gateway, which is known as man-in-the-middle (MitM) attack.
 

The manual itself explains how Archimedes works: "Archimedes is used to redirect LAN traffic from a target’s computer through an attacker controlled computer before it is passed to the gateway. This enables the tool to inject a forged web server response that will redirect the target’s web browser to an arbitrary location. This technique is typically used to redirect the target to an exploitation server while providing the appearance of a normal browsing session."

 

The tool in itself is very simple without any extraordinary capabilities, as there are many MitM tools available on the Internet that anyone can be download and use it to target users on the local network.

Rendition Infosec founder Jake Williams also pointed out that the tool is not even originally developed by the CIA, rather appears to be a repackaged version of Ettercap – an open source toolkit for MitM attacks.

Williams also noted that the potential CIA targets could even use the leaked information to see whether their computers had been targeted by the agency.

 

Announcing the latest batch of documents -- a series of guides to using Archimedes -- WikiLeaks says:

Today, May 5th 2017, WikiLeaks publishes "Archimedes", a tool used by the CIA to attack a computer inside a Local Area Network (LAN), usually used in offices. It allows the re-directing of traffic from the target computer inside the LAN through a computer infected with this malware and controlled by the CIA. This technique is used by the CIA to redirect the target's computers web browser to an exploitation server while appearing as a normal browsing session.
The document illustrates a type of attack within a "protected environment" as the tool is deployed into an existing local network abusing existing machines to bring targeted computers under control and allowing further exploitation and abuse.

 

Last week, WikiLeaks dumped source code for a more interesting CIA tool known as "Scribbles," a piece of software allegedly designed to embed 'web beacons' into confidential documents, allowing the spying agency to track insiders and whistleblowers.

Since March the Whistleblowing website has published 7 batches of "Vault 7" series, which includes the latest and last week leaks, along with the following batches:

• "Year Zero" – dumped CIA hacking exploits for popular hardware and software.
• "Weeping Angel" – spying tool used by the agency to infiltrate smart TV's, transforming them into covert microphones.
• "Dark Matter" – focused on hacking exploits the agency designed to target iPhones and Macs.
• "Marble" – revealed the source code of a secret anti-forensic framework, basically an obfuscator or a packer used by the CIA to hide the actual source of its malware.
• "Grasshopper" – reveal a framework which allowed the agency to easily create custom malware for breaking into Microsoft's Windows and bypassing antivirus protection.

You can check out the documentation for yourself over on the WikiLeaks website.

Read More

Top 10 Reasons to Root your Android Phone - Unleash the Real Power of Android..!

In my previous article, we learned about rooting in brief - What rooting is? and Where the concept of rooting came from in Android? But as I mentioned, rooting without complete knowledge is harmful and so, many of you might be afraid of rooting your Android. But don't worry as I will post articles which will give you the complete knowledge on rooting. And as a starter, here I have mentioned the most interesting and the most powerful advantages of rooting, so that you can feel motivated. So let's start...

Android is one of the most open, versatile, and customizable mobile operating systems out there. You may think you don't need to root your phone, but you'd be surprised at how much more you can accomplish with a little work. Here are 10 reasons for rooting your phone.

10. Unlock Hidden Features and Install "Incompatible" Apps

 

Sometimes, even Android isn't open enough to give you some of the features you want. Either an app is blocked by carriers, hacks into Android's system files, or otherwise isn't available. Luckily, rooting can help with that: you can install carrier-blocked apps, get features from the latest version of Android, make incompatible apps compatible, power up your hardware, get features like Beats Audio from other phones, or emulate exclusive features like those on the Moto X. Whatever you want, rooting gives you the power to do a lot more.

9. Automate Everything (Make your Android AI)

Ever wondered if your phone contained Artificial Intelligence..! What if the mobile data automatically turns OFF after 1:00 A.M. Also you can set triggers in your phone like - Whenever we turn WiFi to ON, the mobile data automatically goes OFF. We can completely automate our Android.

You might have probably heard of Tasker, the awesome app that automates just about anything on your phone. You don't need to root your phone to use it, but if you're rooted, it can do a whole lot more. Certain tasks, like toggling 3G, GPS, changing CPU speed, turning the screen on, and others require root access. So, if you want to get the full benefit of an app like Tasker, you'll definitely want to root your phone.

8. Block Ads in Any App

Look, we of all people understand the need for occasional ads—it's how we make money. But ads can also get in the way and use up data. If you want to block ads in certain apps or on certain devices, rooting is by far the best way to do so. AdFree, AdBlock Plus, and Ad Away are all great options. Of course, if you aren't rooted, going into airplane mode works in a fine.

7. Speed Up you Phone and Boost the Battery Life

You can do a lot of things to speed up your phone and boost its battery life without rooting, but with root, you have even more power. For example, with an app like SetCPU you can overclock your phone for better performance, or underclock it for better battery life. You can also use an app like Greenify to automatically hibernate apps you aren't using - perfect for those apps that always want to run in the background when you're not looking.

6. Back Up Your Phone for Zero Data Loss

When you move to a new Android device—or restore your device to stock for any reason—you can make your life a lot easier by backing up your apps and settings first. That way, you can get your entire setup back in just a few taps. If you aren't rooted, you can back up a few things like apps and data, but you won't necessarily be able to backup system apps and their data, or automate the entire process as good as Titanium Backup can.

5. Remove Preinstalled Apps

 

Many a times we face problems like phone hangs and eats a lot of memory and storage. So we start removing applications that we have installed - which might be useful for us. But we can't remove the in-built system apps - some on which are of no use. Here, rooting your phones comes to help.

Titanium Backup is good for more than just backups, too. It can also uninstall that annoying, battery-draining, space-wasting crapware that comes preinstalled on so many phones these days—and, sadly, this feature is root-only. Freeze them first to make sure your phone operates normally without them, then delete them completely to free up that space.

4. Tweak the Dark Corners of Android

If you're the kind of person that likes to fiddle with every little feature—both on the surface and under the hood—rooting is for you. Whether you want to customize your keyboard layout with something like Keyboard Manager or give yourself faster scrolling, improved multitasking, and extra themes with Pimp My ROM, rooting gives you the power to tweak just about any corner you can think of. If you want to do it, chances are someone over on a forum like XDA has created a mini-app or tweak that will help.

3. Flash a Custom Kernel

Some of Android's most deep tweaks require a custom kernel, which you can only flash with a rooted device. The kernel is responsible for helping your apps communicate with the hardware of your phone, which means a custom kernel can give you better performance, battery life, and even extra features like Wi-Fi tethering (on unsupported phones), faster battery charging, OTG connectivity (if supported by hardware but ROMs does not support) and lots more. You can flash kernels manually or simplify the process with something like Kernel Manager. 

2. Flash a Custom ROM

You probably already know about this one—but it's one of the best benefits of rooting. A custom ROM is basically a custom version of Android, and it truly changes how you use your phone. Some merely bring a stock version of Android to non-stock phones, or later versions of Android to phones that don't have it yet. Note: As some of you have noted, you don't actually need root access to flash a custom ROM—though you will need to unlock your bootloader (a process that sometimes comes bundled with root access). Still, it requires freeing your device from manufacturer lockdowns, so we've kept it in the list.

1. Truly Own Your Device

In the end, all of this gets combined to one thing: you own your device, and you should be able to do all the things with it of your wish. Certain manufacturers and carriers try to keep that from happening, But with root access, you truly own your device and open yourself up to all the possibilities other parties try to block.

Read More