Galaxy Nexus root / un-root without unlocking bootloader


  1. Yeahha

    Yeahha Usually off topic VIP Member

    Welcome to AF :D and thank you for testing that out :) I thought it should work fine but didn't want to go do all the work to unroot and lock my bootloader to test it.
  2. JustisLewis

    JustisLewis New Member

    Can you unroot without unlocking the bootloader?
  3. scary alien

    scary alien not really so scary Moderator

    Welcome to the AndroidForums, Justis.

    I don't see why you couldn't... Once you are rooted, you would be able to remove your root binaries with no problem--you just have to make sure you do it while you still have root access.

    Tell you what, I'll try to make an un-root package this weekend, too for this.

    Cheers and glad you signed-up with us! :)
    JustisLewis likes this.
  4. JustisLewis

    JustisLewis New Member

    Thanks for the welcome :) I've been active on DroidForums and XDA, but this is the first time I've ended up here via Google. I'm only wondering because I'm thinking about returning my GNex to Verizon and ordering from Amazon (could save roughly $60). That's the only reason I haven't unlocked the bootloader yet. I want to backup my apps with Titanium so that if I decide to go that way I can quickly get back up and running on my new Nexus. Of course I would also have to return to stock afterwards so I can give Verizon back this Nexus.
    scary alien likes this.
  5. scary alien

    scary alien not really so scary Moderator

    You are most welcome! :)

    Yeah, it should be pretty simple to un-root... The mempodroid binary, when launched from an adb shell, allows the program you pass to it as an argument to gain root privileges, so if you follow the stuff I did when I tested all of this, you'll see that when you do

    $ ./mempodroid 0xd7f4 0xad4b sh

    your next prompt is "#" and you have root access at that point (but no su or Superuser.apk binaries installed). To unroot, you'd just have to get a rooted shell (like above) and just remove /system/bin/su and /system/app/Superuser.apk (and busybox of course, too--but I'm not sure about all of the softlinks that are created with the busybox --install that I added, so I'll have to research that a little bit ;)).

    Cheers and let me know how it goes if you decide to use this :).
  6. VoidedSaint

    VoidedSaint Resident Ninja VIP Member

    scary is all of this done through terminal? or possibly linux? or windows command prompt?
  7. scary alien

    scary alien not really so scary Moderator

    VS,

    Sorry for the delay, sir!

    You'll have to do it with an adb session involved--the exploit depends on this, so you can't just do it on-phone via something like the Android Terminal Emulator (great app, by the way) or even as an app (trust me, I tried ;)).

    I'm going to be making a Mac- and Linux-friendly version of the package/script tonight (I hope)...the last couple of nights have been very busy, so I've had the chance to do this (its really the flashing back to stock and re-flashing my phone that takes the most time).

    I'm also going to do an un-rooter or at least give instructions for that, too.

    I also need to post this stuff in the GSM area, too...so that's coming...:) ;).

    Just too much paperwork, LOL.

    Cheers!
  8. VoidedSaint

    VoidedSaint Resident Ninja VIP Member

    yeah the ninja is now pleased lol. on a lighter note.

    make it very noob friendly, and i mean very noob friendly
  9. scary alien

    scary alien not really so scary Moderator

    LOL, you mean with instructions and comments and everything?

    Awe, man! :eek: :mad: :p ;) :D

    I'd like to make it even be device-selectable, since the only thing that is GNex-specific is the offsets and I should be able to let you choose from a device list :cool:.

    Thanks!
  10. VoidedSaint

    VoidedSaint Resident Ninja VIP Member

    well we can tackle that tomorrow :)
  11. scary alien

    scary alien not really so scary Moderator

    Okay, I've updated the first post (OP) with a new rooting package. It now includes:

    1. support for running from Linux and Mac/OSX PCs

    2. un-rooting options

    3. (hopefully) easy-to-use instructions :)

    I've also posted a near-identical thread in the GSM area, too (there's device-specific link references in each to their respective areas).

    Whew! This was a lot of work ;) :).

    Time to finally flash my Nandroid back from last night--I've been running stock for more than 24 hours now and its freaking-me-out! ;) :).

    Cheers!
    iowabowtech likes this.
  12. jmar

    jmar Nexican VIP Member

    I am a Nexus ninja! That is all. And one who likes to repost OPs.:)
    scary alien likes this.
  13. Paul1201

    Paul1201 Well-Known Member

    scary alien,

    I get a prompt that says the system cannot find the specified file and when I hit enter it just hangs at waiting for adb USB connectivity to your device.

    When I installed the naked android usb driver the phone is displayed as a Samsung Galaxy Nexus under the android phone in device manager.

    Do you have any tips?
  14. scary alien

    scary alien not really so scary Moderator

    Paul, can you post a copy/paste of what you are seeing (i.e., especially with regard to the "system cannot find specified file" thing).

    Usually getting adb USB connectivity is a little easier than the fastboot connectivity and the Naked drivers are a good choice.

    Also, you can verify that you've got adb USB connectivity with your phone ahead of time by typing adb devices (it should respond back with your phone's serial number).

    That's help you determine ahead of time that the .bat script should work.

    Just let me know a few more details and we'll get you sorted-out :).

    Thanks!
  15. Paul1201

    Paul1201 Well-Known Member

    scary,

    Thanks for replying. I uninstalled/reinstalled the naked android driver and my phone is rebooting from the root script right now.

    And I have root!
    scary alien likes this.
  16. Paul1201

    Paul1201 Well-Known Member

    Okay I did it slightly differently than diverbelow. Once I got root I then downloaded root explorer and used that to place the OTA in the /cache folcer (after renaming it to update.zip just copy and paste via root explorer which can all be down on the phone). Then rerooted using same script from above. All I have to do now is reinstall all of my root required apps from my OG Droid (TiBU, etc.).

    Thank you again scary alien!!!
    scary alien likes this.
  17. Paul1201

    Paul1201 Well-Known Member

    Okay now I am really confused.

    I reran the root script after updating to 4.0.4 and it finished. Root Explorer is installed and working with superuser permission. Downloaded TiBu and Busybox and they are denied supperuser permission. Downloaded root checker and it says I do not have root. Ran the unroot script and reran the root script with the same results.

    According to the log in Superuser the only app getting permission is Root Explorer. Volume +, TiBu, and Busybox are all denied.
  18. scary alien

    scary alien not really so scary Moderator

    Paul,

    Try deleting those entries from the Superuser app and then using the apps again (so that you'll be prompted for permission)...that way, the Superuser whitelist app will be re-asked for permission to run.

    I'm guessing that they just got marked at "denied" in its database and that's why they aren't being granted permission.

    Since the un-root function that I installed simply deletes the su binary and the Superuser.apk file, maybe I need to find its database and delete it, too? (that might account for the "remembering" that appears to be going on here). So, maybe I'll need to issue an "adb uninstall Superuser.apk", etc. to do the removal of the Superuser app.

    Let me know how that works.
  19. Paul1201

    Paul1201 Well-Known Member

    scary,

    I deleted the logs and retried openning the apps with the same results.

    I clicked on Root Explorer on the apps tab (the only one listed) and Superuser allows me to toggle its permissions. SHould I delete it from the apps list also to clear everything from Superuser?
  20. scary alien

    scary alien not really so scary Moderator

    I don't know what you mean by deleting the logs? :confused:

    What I meant to say was go into the Superuser app, find the entries for say, TiBu, click on that entry, and delete the entire TiBu entry from the Superuser app by clicking on the trashcan icon at the bottom of the screen. That should remove its entry entirely from the database that Superuser keeps and will cause the Superuser app to be asked, once you've re-launched TiBu, and you'll be prompted for permission for TiBu to be granted root rights again.

    Does that make sense (or did I say the same thing you just did, LOL :))?

    Thanks!
  21. Paul1201

    Paul1201 Well-Known Member

    scary,

    Makes sense, however root explorer is the only app listed on that screen. If you swipe the screen to the left it shows the log of apps that have requested Superuser permission. None of the other apps have ever made it to the app list since I did not install them until after applying the 4.0.4 update and they have all been denied superuser permission. Root explorer I installed to copy the OTA file into the cache/ partition.

    Also when I ran the unroot script Superuser was not removed after the 4.0.4 update was completed. Is there something about the update that requires a change to the script to root/unroot?

    Attached Files:

  22. scary alien

    scary alien not really so scary Moderator

    Sorry for the delay in my reply, Paul...my stupid desktop PC crashed...<grrr>.

    Anyways, I'm thinking this all has to do with how I only implemented a delete or the /system/app/Superuser.apk file and didn't do a proper uninstall of it and left a confused database behind.

    I'm trying to do a manual uninstall using adb, but I'm getting a "failure" message that tells me that I might have to just do a recursive delete of the database files myself.

    I just took a Nandroid backup so I can play with this a little more. Gimme a little bit to play and think about this...

    Thanks!
  23. Paul1201

    Paul1201 Well-Known Member

    scary,

    No problem. I'm getting busy now myself. Graduate level education takes up a lot of time.
  24. scary alien

    scary alien not really so scary Moderator

    Paul,

    LOL, sorry for the delay...had to flash back to stock 4.0.2 (the mempodroid exploit does not appear to work at all on the AOKP ROM, so I had to backup, flash back, and then tweak the scripts).

    I added the removal of the /data/data/com.noshufou.android.su directory to the unrooting scripts and added a reboot after the unroot.

    I also added extra checks to see if the files are (for rooting) and are not (for un-rooting) present and displayed the output of the ls (list files) commands.

    I'll update the OP above (in a minute--give me 5 minutes or so to upload) with a new .zip file that you can try if you want to do the root and unroot process--it should be a little cleaner for the unroot phase.

    Cheers and let me know!

    -SA
  25. Paul1201

    Paul1201 Well-Known Member

    scary,

    I tried the new script and still no joy (downloaded it after 3:30 EST). I uninstalled and reinstalled all the drivers for Windows, and uninstalled all the apps requiring root except Volume +. Cleared the log in Superuser and went ahead and removed Root Explorer also. When I run the unroot script Superuser is not uninstlled but the phone roboots and the script finishes by prompting me to press any button to continue.

    I am starting to think it may be something with the 4.0.4 OTA not allowing this exploit unless you have verified that it works on 4.0.4.
Loading...

Share This Page