. Introducing the Samsung Galaxy Nexus root / un-root without needing to unlock your bootloader. Yep! Note: it appears that this will only work for GNex phones running Android ICS 4.0.2--the exploit that this method utilizes does not seem to work for 4.0.4; if you use this method to gain root in 4.0.2 and wish to retain it later in 4.0.4, be sure to use a utility like my app Android Root Toolkit or OTA RootKeeper to save root in 4.0.2 so that you don't lose it when you install the 4.0.4 OTA. I've now updated this with un-root options and support for Linux (32-bit installs) and Mac/OSX. Download for the simple-gnex-root-unroot.zip package is located at the bottom of this post. How to use: Spoiler 1. Download simple-gnex-root-unroot.zip to your PC 2. Extract the contents of the above .zip file to a working folder on your PC 3. Start-up a command (Windows) or Terminal (Linux or Mac/OSX) session 4. Change to (cd) to folder (directory) location where you've extracted the simple-gnex-root-unroot.zip file's contents 5. For Windows PCs, make sure you have the proper USB adb drivers installed: .....How to install the adb & fastboot USB drivers 6. Make sure you have USB debugging enabled on your device: .....Settings -> Developer options -> USB debugging (checked) 7. Connect your phone to your PC via the USB cable 8. Run the desired script: Windows: to root: Code: [COLOR="blue"][B]c:\temp> root-for-windows.bat[/B][/COLOR] to un-root: Code: [COLOR="blue"][B]c:\temp> unroot-for-windows.bat[/B][/COLOR] Linux (32-bit installs): note: there's a sudo invocation for the first adb command in the shell script; this will cause you to be prompted for entry of your administrator / root password (this is so that the adb daemon is started-up with the proper privileges to work on your Linux system) to root or unroot (you'll be prompted to select option): Code: [B][COLOR="Blue"]. ./root-unroot-for-linux.sh[/COLOR][/B] Mac (OSX): note: there's a sudo invocation for the first adb command in the shell script; this will cause you to be prompted for entry of your administrator / root password (this is so that the adb daemon is started-up with the proper privileges to work on your Linux system); I'm not sure if this is necessary for the Mac/OSX system, so you might need to remove it from the script if needed to root or unroot (you'll be prompted to select option): Code: [B][COLOR="Blue"]. ./root-unroot-for-mac-osx.sh[/COLOR][/B] Notes: Spoiler this root exploit should work on any Linux kernel 2.6.39 and above; this means that it should currently work on both the GSM and the VZW LTE variants of the Samsung Galaxy Nexus (and indeed, several other devices running this Linux kernel; the key to using the exploit lies in using different hex values corresponding to the offset of the exit() function) this current root package I have assembled for you has been tested on a VZW (LTE/CDMA) Samsung Galaxy Nexus running Android 4.0.2 using both a Windows 7 and Linux 10.x PC; I believe that it should work on a Mac/OSX system, but I am unable to test that at this time it appears that the adb-linux binary included with this root package only works on 32-bit installs of Linux; I and another member were unable to get the adb binary to execute properly on a 64-bit install of Ubuntu 11.10 (it worked just fine on the 32-bit version) since this rooting package / method doesn't require you to unlock your bootloader, you don't have to risk that operation and its warranty implications; additionally, you could use an application like Titanium Backup to save your applications and their data/setup for easier recovery and re-setup later note that this rooting method does not allow you to install a custom recovery and therefore you will be unable to make a Nandroid backup, or install a custom ROM or theme or kernel--you would still need to unlock your bootloader to do these things you should also take all due precautions and care when undertaking any modifications to your phone (especially system-related apps) without having the protection of a custom recovery and a Nandroid backup; you always have the fall-back option of unlocking your bootloader and restoring back to stock, too: How to un-root (return to stock) if you use this rooting method on 4.0.2 as a stepping-stone towards manually installing the 4.0.4 OTA, you might want to think about using an app like OTA RootKeeper to preserve root and have the option to restore it once you are on 4.0.4 (currently, this rooting exploit does not appear to work on ICS 4.0.4) Credits / references: Spoiler James Cushing's article over on rootzwiki.com which started me off on this little project: Developers: Using Mempodroid to Obtain Root Jay Freeman, a.k.a, Saurik (cited in above rootzwiki article for the CVE-2012-0056 exploit implementation) Juri Aedla who discovered the CVE-2012-0056 exploit Jason A. Donenfeld's Linux Mempodipper exploit who wrote about the CVE-2012-0056 exploit in Hacker News Android exploit details mempodroid pre-compiled binary Dan Rosenberg's Droid 4 Exploit for the framework in pushing and enabling the root package Original thread content: Spoiler Okay, I did a little searching and haven't seen that anyone else has yet posted something like this (apologies if they have), but I was reading around this afternoon and discovered a couple of cool things that allows you to install the root binaries without unlocking your bootloader. Yes...you heard right: root the Samsung Galaxy Nexus without unlocking the bootloader . I just did this process manually myself and it works great. Note: this does involve using adb and assumes that you've already got the proper USB adb drivers installed (although these are usually less finicky than the fastboot drivers (not an issue for Mac or Linux users, though)). Okay, here's the details of what I did: Spoiler re-flashed my device back to stock 4.0.2 and re-locked the bootloader used adb to push the exploit and root binaries over to /data/local: c:\gnex\root-exp> adb push mempodroid /data/local/mempodroid c:\gnex\root-exp> adb push su /data/local/su c:\gnex\root-exp> adb push Superuser.apk /data/local/Superuser.apk c:\gnex\root-exp> adb shell chmod 777 /data/local/mempodroid the remaining operations take place using adb: c:\gnex\root-exp> adb shell - - navigate to where the my files are: - $ cd /data/local - - remount /system as read-write using the exploit binary: - $ ./mempodroid 0xd7f4 0xad4b mount -o remount,rw '' /system - - verify /system now mounted as r/w (other mount info redacted): - $ mount /dev/block/platform/omap/omap_hsmmc.0/by-name/system /system ext4 rw,relatime,barrier=1,data=ordered 0 0 - - use the exploit binary to start-up root shell (could've done this earlier, too): - $ ./mempodroid 0xd7f4 0xad4b sh - - navigate back to /data/local (probably could have done "sh -"): - # cd /data/local - - install and secure the root binaries: - # cat su > /system/bin/su # cat Superuser.apk > /system/app/Superuser.apk # chmod 6755 /system/bin/su - - that's it...root has been installed! - # exit $ exit c:\gnex\root-exp> Next, I just downloaded and launched Titanium Backup to verify that my apps have root (I also did another "adb shell" and then "su" to test root that way, too). Works great. MS/Windows-compatible script available at the end of this post. Here's what it looks like when you run it: Spoiler Code: ECHO is off. # ========================================================================== # Samsung Galaxy Nexus Simple Root by AndroidForums "scary alien" # # Written for and tested on Samsung Galaxy Nexus running stock Android 4.0.2 # # This script will install the root binaries (su, busybox, Superuser.apk) on # an unrooted GNex without needing to unlock the bootloader # # For additional details, credits, etc., please visit: # # [url]http://androidforums.com/verizon-galaxy-nexus-all-things-root/499117-root-gnex-without-unlocking-bootloader-yep.html[/url] # # Instructions: # # 1) Make sure you have the adb USB device drivers installed # # 2) Make sure you have USB debugging enabled on your phone # # 3) Connect your phone and computer via your USB cable # # 4) Run this script from the same directory where the rest of the # files from the extracted .zip file are located # # ========================================================================== # The system cannot find the file specified. Press any key to continue . . . [-] waiting for adb USB connectivity to your device # [-] connectivity established! here we go! :) # [-] pushing our binaries and scripts over to the phone... 1915 KB/s (37273 bytes in 0.019s) 1985 KB/s (22364 bytes in 0.011s) 3327 KB/s (1867568 bytes in 0.548s) 3324 KB/s (843503 bytes in 0.247s) 60 KB/s (124 bytes in 0.002s) 169 KB/s (520 bytes in 0.003s) # [-] securing work files... # [-] rooting the phone... [-] running the exploit script... [-] remounting /system [-] installing root binaries [-] installing su [-] installing Superuser.apk [-] installing busybox [-] exploit completed, root installed # [-] cleaning-up /data/local... # # Congratulations, your GNex has just been rooted :) # # Use your new root powers carefully and wisely. # # --- all done --- Press any key to continue . . . Hope you found this interesting. Cheers and let me know if you have any questions. -SA Notes / Cautions: - this works for the Samsung Galaxy Nexus running Android 4.0.2 and should work for both the GSM/HSPA+ and the VZW LTE/CDMA version of the phone; I also suspect that it will work for 4.0.1 but I haven't test that (yet) - rooting your device without unlocking your bootloader will basically only let you run root apps; you won't be able to install (or run) a custom recovery, a custom ROM / theme / kernel, etc. - since you can't install a custom recovery, you won't be able to make a Nandroid backup to put yourself back to a safe, known setup, so keep this in mind when doing any root-related operations (such as using SetCPU for underclocking, or making any system tweaks that can only be done with root) [although you'll always be able to unlock your bootloader and How to un-root (return to stock) the old-fashioned way]. simple-gnex-root-unroot.zip: .....File size: ..........946,051 (bytes) .....MD5 checksum: d562b501a37a7fbb7e4174c335f5c881 .....Download: ........ View attachment simple-gnex-root-unroot.zip Example rooting session outputs: ..... View attachment windows-root-example.txt ..... View attachment windows-unroot-example.txt ..... View attachment linux-root-example.txt ..... View attachment linux-unroot-example.txt Kudos and props to onfire4g05 for the tweaked version of the shell script for the Mac/OSX system! Thank you!!!