Galaxy Nexus root / un-root without unlocking bootloader
.
Introducing the Samsung Galaxy Nexus root / un-root without needing to unlock your bootloader. Yep!
Note: it appears that this will only work for GNex phones running Android ICS 4.0.2--the exploit that this method utilizes does not seem to work for 4.0.4; if you use this method to gain root in 4.0.2 and wish to retain it later in 4.0.4, be sure to use a utility like my app Android Root Toolkit or OTA RootKeeper to save root in 4.0.2 so that you don't lose it when you install the 4.0.4 OTA.
I've now updated this with un-root options and support for Linux (32-bit installs) and Mac/OSX.
Download for the simple-gnex-root-unroot.zip package is located at the bottom of this post.
How to use:
1. Download simple-gnex-root-unroot.zip to your PC
2. Extract the contents of the above .zip file to a working folder on your PC
3. Start-up a command (Windows) or Terminal (Linux or Mac/OSX) session
4. Change to (cd) to folder (directory) location where you've extracted the simple-gnex-root-unroot.zip file's contents
5. For Windows PCs, make sure you have the proper USB adb drivers installed:
6. Make sure you have USB debugging enabled on your device:
.....Settings -> Developer options -> USB debugging (checked)
7. Connect your phone to your PC via the USB cable
8. Run the desired script:
Windows:
to root:
Code:
c:\temp> root-for-windows.bat
to un-root:
Code:
c:\temp> unroot-for-windows.bat
Linux (32-bit installs):
note: there's a sudo invocation for the first adb command in the shell script; this will cause you to be prompted for entry of your administrator / root password (this is so that the adb daemon is started-up with the proper privileges to work on your Linux system)
to root or unroot (you'll be prompted to select option):
Code:
. ./root-unroot-for-linux.sh
Mac (OSX):
note: there's a sudo invocation for the first adb command in the shell script; this will cause you to be prompted for entry of your administrator / root password (this is so that the adb daemon is started-up with the proper privileges to work on your Linux system); I'm not sure if this is necessary for the Mac/OSX system, so you might need to remove it from the script if needed
to root or unroot (you'll be prompted to select option):
Code:
. ./root-unroot-for-mac-osx.sh
Notes:
this root exploit should work on any Linux kernel 2.6.39 and above; this means that it should currently work on both the GSM and the VZW LTE variants of the Samsung Galaxy Nexus (and indeed, several other devices running this Linux kernel; the key to using the exploit lies in using different hex values corresponding to the offset of the exit() function)
this current root package I have assembled for you has been tested on a VZW (LTE/CDMA) Samsung Galaxy Nexus running Android 4.0.2 using both a Windows 7 and Linux 10.x PC; I believe that it should work on a Mac/OSX system, but I am unable to test that at this time
it appears that the adb-linux binary included with this root package only works on 32-bit installs of Linux; I and another member were unable to get the adb binary to execute properly on a 64-bit install of Ubuntu 11.10 (it worked just fine on the 32-bit version)
since this rooting package / method doesn't require you to unlock your bootloader, you don't have to risk that operation and its warranty implications; additionally, you could use an application like Titanium Backup to save your applications and their data/setup for easier recovery and re-setup later
note that this rooting method does not allow you to install a custom recovery and therefore you will be unable to make a Nandroid backup, or install a custom ROM or theme or kernel--you would still need to unlock your bootloader to do these things
you should also take all due precautions and care when undertaking any modifications to your phone (especially system-related apps) without having the protection of a custom recovery and a Nandroid backup; you always have the fall-back option of unlocking your bootloader and restoring back to stock, too: How to un-root (return to stock)
if you use this rooting method on 4.0.2 as a stepping-stone towards manually installing the 4.0.4 OTA, you might want to think about using an app like OTA RootKeeper to preserve root and have the option to restore it once you are on 4.0.4 (currently, this rooting exploit does not appear to work on ICS 4.0.4)
Credits / references:
James Cushing's article over on rootzwiki.com which started me off on this little project:
Okay, I did a little searching and haven't seen that anyone else has yet posted something like this (apologies if they have), but I was reading around this afternoon and discovered a couple of cool things that allows you to install the root binaries without unlocking your bootloader.
Yes...you heard right: root the Samsung Galaxy Nexus without unlocking the bootloader .
I just did this process manually myself and it works great.
Note: this does involve using adb and assumes that you've already got the proper USB adb drivers installed (although these are usually less finicky than the fastboot drivers (not an issue for Mac or Linux users, though)).
Okay, here's the details of what I did:
re-flashed my device back to stock 4.0.2 and re-locked the bootloader
used adb to push the exploit and root binaries over to /data/local:
c:\gnex\root-exp> adb shell
-
- navigate to where the my files are:
-
$ cd /data/local
-
- remount /system as read-write using the exploit binary:
-
$ ./mempodroid 0xd7f4 0xad4b mount -o remount,rw '' /system
-
- verify /system now mounted as r/w (other mount info redacted):
-
$ mount
/dev/block/platform/omap/omap_hsmmc.0/by-name/system /system ext4 rw,relatime,barrier=1,data=ordered 0 0
-
- use the exploit binary to start-up root shell (could've done this earlier, too):
-
$ ./mempodroid 0xd7f4 0xad4b sh
-
- navigate back to /data/local (probably could have done "sh -"):
-
# cd /data/local
-
- install and secure the root binaries:
-
# cat su > /system/bin/su
# cat Superuser.apk > /system/app/Superuser.apk
# chmod 6755 /system/bin/su
-
- that's it...root has been installed!
-
# exit
$ exit
c:\gnex\root-exp>
Next, I just downloaded and launched Titanium Backup to verify that my apps have root (I also did another "adb shell" and then "su" to test root that way, too). Works great.
MS/Windows-compatible script available at the end of this post.
Here's what it looks like when you run it:
Code:
ECHO is off.
# ==========================================================================
# Samsung Galaxy Nexus Simple Root by AndroidForums "scary alien"
#
# Written for and tested on Samsung Galaxy Nexus running stock Android 4.0.2
#
# This script will install the root binaries (su, busybox, Superuser.apk) on
# an unrooted GNex without needing to unlock the bootloader
#
# For additional details, credits, etc., please visit:
#
# http://androidforums.com/verizon-galaxy-nexus-all-things-root/499117-root-gnex-without-unlocking-bootloader-yep.html
#
# Instructions:
#
# 1) Make sure you have the adb USB device drivers installed
#
# 2) Make sure you have USB debugging enabled on your phone
#
# 3) Connect your phone and computer via your USB cable
#
# 4) Run this script from the same directory where the rest of the
# files from the extracted .zip file are located
#
# ==========================================================================
#
The system cannot find the file specified.
Press any key to continue . . .
[-] waiting for adb USB connectivity to your device
#
[-] connectivity established! here we go! :)
#
[-] pushing our binaries and scripts over to the phone...
1915 KB/s (37273 bytes in 0.019s)
1985 KB/s (22364 bytes in 0.011s)
3327 KB/s (1867568 bytes in 0.548s)
3324 KB/s (843503 bytes in 0.247s)
60 KB/s (124 bytes in 0.002s)
169 KB/s (520 bytes in 0.003s)
#
[-] securing work files...
#
[-] rooting the phone...
[-] running the exploit script...
[-] remounting /system
[-] installing root binaries
[-] installing su
[-] installing Superuser.apk
[-] installing busybox
[-] exploit completed, root installed
#
[-] cleaning-up /data/local...
#
# Congratulations, your GNex has just been rooted :)
#
# Use your new root powers carefully and wisely.
#
# --- all done ---
Press any key to continue . . .
Hope you found this interesting.
Cheers and let me know if you have any questions.
-SA
Notes / Cautions:
- this works for the Samsung Galaxy Nexus running Android 4.0.2 and should work for both the GSM/HSPA+ and the VZW LTE/CDMA version of the phone; I also suspect that it will work for 4.0.1 but I haven't test that (yet)
- rooting your device without unlocking your bootloader will basically only let you run root apps; you won't be able to install (or run) a custom recovery, a custom ROM / theme / kernel, etc.
- since you can't install a custom recovery, you won't be able to make a Nandroid backup to put yourself back to a safe, known setup, so keep this in mind when doing any root-related operations (such as using SetCPU for underclocking, or making any system tweaks that can only be done with root) [although you'll always be able to unlock your bootloader and How to un-root (return to stock) the old-fashioned way].
Well, this really isn't Windows or Mac specific...its mostly adb-specific. So, if you know and are familiar with adb, its fairly straight-forward.
There's a ADB Guide that contains a "Mini-SDK" section with a downloadable sdk-tools.zip file that contains an "adb-mac" file that you can use in place of the "adb" referenced above.
Also, I think I could script this...it should be possible to do this, but I've just finished playing-around with this myself (need a few minutes to finish some other stuff up ).
Lemme know if you have other questions .
Cheers!
edit: you ninja'd me with your edits, LOL....yes, you basically start-up a terminal session and prefix your "adb" (or adb-mac) references with "./" (as in "./adb devices", etc.).
Would this allow you to place the 4.0.4 OTA in the cache folder and install the OTA without unlocking?
I suppose so...
Since you'll be gaining basic root ability (su / Superuser.apk, etc. (busybox installation is easy, too), you'd be able to place the file in the /cache partition.
Its been a while since I've done this (did it once on my Eris a long while back).
Also, the way the exploit works, you wouldn't even have to root to do this...you could just tweak the process and use the exploit binary to start a temporary rooted shell to accomplish your copies (no need to insert the su and Superuser binaries).
By the way, I'm working on making this into a script...still testing and playing.
Cheers!
The Following User Says Thank You to scary alien For This Useful Post:
Just to once again show my noobness, what are the reasons or advantages of having a locked or unlocked boot-loader option? Why would a person chose one over the other?
Location: Northern Virginia but from Southeast Ohio
Posts: 143
Device(s): Verizon Galaxy Nexus, Motorola Xoom 4G
Carrier: Not Provided
Thanks: 57
Thanked 54 Times in 43 Posts
Total noob on this also but it is my understanding that unlocking the bootloader is the step that wipes your data from the phone. Also unlike the OG Droid where you could just rename the OTA update.zip and load the OTA early, the GNex requires the file to be loaded into the cache partition which requires root. Using the method discussed by scary alien those who wish to remain stock but have the update early may be able finally accomplish it without having their phones data wiped.
Of course the other advantage is that if you can gain root first you can download Titanium Backup and backup your phone prior to unlocking the bootloader. There is a way to backup using ADB commands but I think Titanium may be easier to restore your data on your phone.
The Following User Says Thank You to Paul1201 For This Useful Post:
The biggest reason for unlocking your bootloader is the ability to flash new files such as a custom recovery (and thereby custom ROMs / themes / kernels), as well as being able to flash back to stock / factory images.
While I've not been a big fan of simple one-click root packages (because it makes rooting too easy for some and sometimes get people into trouble), this method falls in line to make rooting the Galaxy Nexus similar to other phones in that a particular exploit will give root access without having to have an unlocked bootloader.
I did more testing last night and have a simple script that one could run from your PC that will install root, but I've got a little polishing I need to do on it before posting.
Additionally, I believe I can make an Android app out of this, too .
Stay tuned.
The Following 3 Users Say Thank You to scary alien For This Useful Post:
Location: Northern Virginia but from Southeast Ohio
Posts: 143
Device(s): Verizon Galaxy Nexus, Motorola Xoom 4G
Carrier: Not Provided
Thanks: 57
Thanked 54 Times in 43 Posts
Scary alien,
Thank you for investigating this. I have always chosen to unlock/root and run stock roms anyhow so this will make it possible for those like me to use apps that require root (TB, Root Explorer, etc.) and stay on a stock rom.
The Following User Says Thank You to Paul1201 For This Useful Post:
Thank you for investigating this. I have always chosen to unlock/root and run stock roms anyhow so this will make it possible for those like me to use apps that require root (TB, Root Explorer, etc.) and stay on a stock rom.
No problem, Paul! I'm happy to help re. this (and its been a fun and interesting challenge ).
I'm pretty sure I can "simply" (yeah, its really not that simple ) throw these commands in an app and make this a one-click rooter. I'm hopeful that the exploit will remain open for near-future versions of ICS besides 4.0.2.
.
Okay, I did a little searching and haven't seen that anyone else has yet posted something like this (apologies if they have), but I was reading around this afternoon and discovered a couple of cool things that allows you to install the root binaries without unlocking your bootloader.
Yes...you heard right: root the Samsung Galaxy Nexus without unlocking the bootloader .
I just did this process manually myself and it works great.
Note: this does involve using adb and assumes that you've already got the proper USB adb drivers installed (although these are usually less finicky than the fastboot drivers (not an issue for Mac or Linux users, though)).
Okay, here's the details of what I did:
re-flashed my device back to stock 4.0.2 and re-locked the bootloader
used adb to push the exploit and root binaries over to /data/local:
c:\gnex\root-exp> adb shell
-
- navigate to where the my files are:
-
$ cd /data/local
-
- remount /system as read-write using the exploit binary:
-
$ ./mempodroid 0xd7f4 0xad4b mount -o remount,rw '' /system
-
- verify /system now mounted as r/w (other mount info redacted):
-
$ mount
/dev/block/platform/omap/omap_hsmmc.0/by-name/system /system ext4 rw,relatime,barrier=1,data=ordered 0 0
-
- use the exploit binary to start-up root shell (could've done this earlier, too):
-
$ ./mempodroid 0xd7f4 0xad4b sh
-
- navigate back to /data/local (probably could have done "sh -"):
-
# cd /data/local
-
- install and secure the root binaries:
-
# cat su > /system/bin/su
# cat Superuser.apk > /system/app/Superuser.apk
# chmod 6755 /system/bin/su
-
- that's it...root has been installed!
-
# exit
$ exit
c:\gnex\root-exp>
Next, I just downloaded and launched Titanium Backup to verify that my apps have root (I also did another "adb shell" and then "su" to test root that way, too). Works great.
Hope you found this interesting.
Cheers and let me know if you have any questions.
-SA
Notes / Cautions:
- this works for the Samsung Galaxy Nexus running Android 4.0.2 and should work for both the GSM/HSPA+ and the VZW LTE/CDMA version of the phone; I also suspect that it will work for 4.0.1 but I haven't test that (yet)
- rooting your device without unlocking your bootloader will basically only let you run root apps; you won't be able to install (or run) a custom recovery, a custom ROM / theme / kernel, etc.
- since you can't install a custom recovery, you won't be able to make a Nandroid backup to put yourself back to a safe, known setup, so keep this in mind when doing any root-related operations (such as using SetCPU for underclocking, or making any system tweaks that can only be done with root) [although you'll always be able to unlock your bootloader and How to un-root (return to stock) the old-fashioned way].
Credits / references:
James Cushing's article over on rootzwiki.com which started me off on this little project:
So I was able to push update.zip to /cache with minor adjustments. More to come
Cool! Looking forward to it.
Yeah, I did some streamlining to the process in the scripts I built and tested last night.
I'll be posting a script later this evening (at least that's my plan). Will have to flash back to stock 4.0.2 for about the 14th time now (I'm losing count ) to test this.
What's cool about this is that you can re-purpose this exploit to gain selective root access when you want.
Cheers!
The Following User Says Thank You to scary alien For This Useful Post:
My GNex was on 4.0.2 with locked boot loader, non-root and completely stock. I wanted to remain locked and non-rooted (promised the wife) but wanted to see if 4.0.4 was able to fix the random reboot and increase battery life.
Need to know how to use adb and not responsible for bricking the phone.
I used scary alien steps and had to add chmod 777 where it was need.
Download the following files and place it in C:\Android\platform-tools directory or what ever directory you want.:
Android 4.0.4 mempodroid su
used adb to push the exploit and root binaries over to /data/local:
used adb to push the update.zip to /cache
Upgrade from 4.0.2 to 4.0.4 section
C:\Android\platform-tools> adb push mempodroid /data/local
C:\Android\platform-tools> adb push su /data/local
the remaining operations take place using adb:
C:\Android\platform-tools> adb shell
$ cd /data/local
$ chmod 777 mempodroid
$ chmod 777 su
$ ./mempodroid 0xd7f4 0xad4b mount -o remount,rw '' /cache
$ PATH=/data/local:$PATH
$ ./mempodroid 0xd7f4 0xad4b sh
# chmod 777 /cache
Open another command prompt or term and browse to your
browse to directory you placed update.zip in /cache
adb push update.zip /cache
the remaining operations take place using adb from above:
# chmod 770 /cache
# PATH=/sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin
---Optional--- If you want to remove these files from /data/local. You can also do a factory wipe
# cd /data/local
# rm mempodroid
# rm su
exit
* Power off phone
* Press and hold the volume up/down buttons then press the power button
* Arrow to Recovery
* Phone will reboot in to recovery mode
* With Android laying down, press and hold the power button and volume up (possible volume up couple of times)
* apply update from /cache
* reboot
For Upgrade 4.0.4 to newest 4.0.4
Looks like the exploit that was in 4.0.2 kernel has been patched. Looking for workarounds.
Untested, will test late tonight.
used adb to push the exploit and root binaries over to /data/local:
used adb to push the update.zip to /cache
C:\Android\platform-tools> adb push mempodroid /data/local
C:\Android\platform-tools> adb push su /data/local
the remaining operations take place using adb:
C:\Android\platform-tools> adb shell
$ cd /data/local
$ chmod 777 mempodroid
$ chmod 777 su
$ ./mempodroid 0xd7cc 0xad27 mount -o remount,rw '' /cache
$ PATH=/data/local:$PATH
$ ./mempodroid 0xd7cc 0xad27 sh
# chmod 777 /cache
Open another command prompt or term and browse to your
browse to directory you placed update.zip in /cache
adb push update.zip /cache
the remaining operations take place using adb from above:
# chmod 770 /cache
# PATH=/sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin
---Optional--- If you want to remove these files from /data/local. You can also do a factory wipe
# cd /data/local
# rm mempodroid
# rm su
exit
* Power off phone
* Press and hold the volume up/down buttons then press the power button
* Arrow to Recovery
* Phone will reboot in to recovery mode
* With Android laying down, press and hold the power button and volume up (possible volume up couple of times)
* apply update from /cache
* reboot
Hope this helps.
Last edited by diverbelow; May 25th, 2012 at 01:08 PM.
Reason: spelling mistakes, removed a step, added some steps, added additional steps
The Following 5 Users Say Thank You to diverbelow For This Useful Post:
My GNex was on 4.0.2 with locked boot loader, non-root and completely stock. I wanted to remain locked and non-rooted (promised the wife) but wanted to see if 4.0.4 was able to fix the random reboot and increase battery life.
I used scary alien steps and had to add chmod 777 where it was need.
Download the 4.0.4 update, mempodroid and su and place it in C:\Android\platform-tools directory or what ever directory you want.
used adb to push the exploit and root binaries over to /data/local:
used adb to push the exploit update.zip to /cache
C:\Android\platform-tools> adb push mempodroid /data/local
C:\Android\platform-tools> adb push su /data/local
the remaining operations take place using adb:
C:\Android\platform-tools> adb shell
$ cd /data/local
$ chmod 777 mempodroid
$ chmod 777 su
$ ./mempodroid 0xd7f4 0xad4b mount -o remount,rw '' /cache
$ PATH=$PATH:/data/local
$ ./mempodroid 0xd7f4 0xad4b sh
#chmod 777 /cache
Open another command prompt or term and browse to your
browse to directory you placed update.zip in /cache
adb push update.zip /cache
the remaining operations take place using adb from above:
# chmod 770 /cache
# PATH=/sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin
exit
Reboot in to recovery mode
apply update from /cache
reboot
Hope this helps.
So I use the steps to update my wife's Galaxy Nexus and removed a step.
My wife's GN was completely stock with locked boot loader and non-rooted.
The Following User Says Thank You to diverbelow For This Useful Post:
5. Connect the phone and your computer together with your USB cable
6. Double-click the runme.bat file that's in the folder where you extracted the contents of the simple-gnex-root.zip file
7. The installation goes pretty quickly.
8. Enjoy your new root abilities .
Obligatory root disclaimer / reminder:
As always, you are ultimately responsible for any root-related activities on your phone.
You should understand not only the benefits of rooting, but also any possible consequences (voided warranty, boot-loops, bricking, etc.) that might occur as a result of your root-related actions.
AndroidForums.com / Phandroid.com, its owner, and staff are not liable for any root actions you might undertake as a result of information used from this site.
Reading, researching, understanding, and carefully following the published steps and instructions can go a long way towards helping to make your rooting efforts a successful one.
The Following User Says Thank You to scary alien For This Useful Post:
So I use the steps to update my wife's Galaxy Nexus and removed a step.
My wife's GN was completely stock with locked boot loader and non-rooted.
How do you do last step ?
Whenever I reboot my completely stock phone into recovery mode I get the damn dead droid icon with the red triangle and then after a little bit it reboots.
How do I complete the last part of applying the update?
Whenever I reboot my completely stock phone into recovery mode I get the damn dead droid icon with the red triangle and then after a little bit it reboots.
How do I complete the last part of applying the update?
Thanks
Once you are at the robot laying down press and hold the power button and press volume + and use the arrow keys to move up and down and power button to select.
It shows the big droid laying down and then I chose recovery and hit the power button, this brings me to another screen with small droid laying down with red triangle.... at this point no buttons work .... Help!
Edit: Ok I get it, now I am not seeing the update.zip file in there even though it had successfully copied over.... this is weird
Edit: Must have done something wrong, just redid all the steps and now I see the file. Update is being applied.
Thanks for these instructions and help.
Last edited by blackberrycubed; February 14th, 2012 at 07:14 PM.
It shows the big droid laying down and then I chose recovery and hit the power button, this brings me to another screen with small droid laying down with red triangle.... at this point no buttons work .... Help!
Edit: Ok I get it, now I am not seeing the update.zip file in there even though it had successfully copied over.... this is weird
On this menu if you choose apply update from cache now it does nothing?
If so I would suggest rebooting and trying again.
@SA this method will not prevent OTA updates so if an OTA comes I take it root would be lost. If so should this work should this work on newer version of the OS in theory?
This may be a good thing to add to the beginning of the how to root process to allow people to make backups of the app data then unlock the bootloader which wipes everything, once the phone is fully rooted someone could push the backups back to the phone and restore the app data...just a thought
@SA this method will not prevent OTA updates so if an OTA comes I take it root would be lost. If so should this work should this work on newer version of the OS in theory?
This may be a good thing to add to the beginning of the how to root process to allow people to make backups of the app data then unlock the bootloader which wipes everything, once the phone is fully rooted someone could push the backups back to the phone and restore the app data...just a thought
Yeah, an OTA will kill root because the su binary gets its execute and SUID-bit permissions reset.
I'm pretty sure that this will work on future versions of ICS unless and until the exploit is patched in the kernel (or a different compiler is used by Google that breaks the exploit).
I'm a little fuzzy on your last paragraph...are you talking about using something like TiBu to back stuff up and later restore after an OTA comes in and you've re-rooted?
(sorry for being fuzzy, LOL, I'm working on a 1-click app version of this method (and was up way too late last night with it )
Cheers!
Last edited by scary alien; March 17th, 2012 at 01:38 PM.
Reason: correct permission bit reference
I'm a little fuzzy on your last paragraph...are you talking about using something like TiBu to back stuff up and later restore after an OTA comes in and you've re-rooted?
(sorry for being fuzzy, LOL, I'm working on a 1-click app version of this method (and was up way too late last night with it )
Cheers!
No problem on the fuzziness
Using TiBU or a similar app was my thought exactly. You would need to transfer the data to a CPU or a dropbox type thing before unlocking the boot loader but it would basically be a loss less root
The Following User Says Thank You to Yeahha For This Useful Post:
Further, run-as bails early on if it is not either a) already running as root (which would defeat the purpose) or b) not running as the adb shell user, so this unfortunately cannot be integrated into a "one-click root" app. You therefore already need working adb shell access to the device in order to install/run this program and escalate to root.
so, my (failed) efforts last night and tonight trying to create a 1-click app were all for naught .
Oh, well, the script is easy enough to use...
I'll concentrate on updating the first post with the stuff discussed just above, and making a Mac and Linux version of the .zip.
This could not have been easier. Worked perfectly, took five minutes including downloading the drivers. Such a great option to be able to root, use Titanium Backup and then unlock the bootloader without losing all my app data. The solution I've been looking for. Thanks scary alien.
The Following 2 Users Say Thank You to rickt1152 For This Useful Post:
This could not have been easier. Worked perfectly, took five minutes including downloading the drivers. Such a great option to be able to root, use Titanium Backup and then unlock the bootloader without losing all my app data. The solution I've been looking for. Thanks scary alien.
Thanks, Rick!
It was a gas reading through the threads and getting the realization that this would work.
It should actually work for several devices running ICS and/or the certain kernel version (you'd just need to adjust the hex offset values that are used by mempodroid--maybe I'll make the script a little more generic).
Glad it worked for you .
I'll get the first post updated tomorrow with what you and Yeahha mentioned above.
This could not have been easier. Worked perfectly, took five minutes including downloading the drivers. Such a great option to be able to root, use Titanium Backup and then unlock the bootloader without losing all my app data. The solution I've been looking for. Thanks scary alien.
Welcome to AF and thank you for testing that out I thought it should work fine but didn't want to go do all the work to unroot and lock my bootloader to test it.
I don't see why you couldn't... Once you are rooted, you would be able to remove your root binaries with no problem--you just have to make sure you do it while you still have root access.
Tell you what, I'll try to make an un-root package this weekend, too for this.
Cheers and glad you signed-up with us!
The Following User Says Thank You to scary alien For This Useful Post:
Device(s): Samsung Galaxy Nexus (Stock ICS), Motorola Droid (RZ Baseline), Barnes and Noble Nook Color (CM9 Nig
Carrier: Not Provided
Thanks: 1
Thanked 1 Time in 1 Post
Quote:
Originally Posted by scary alien
Welcome to the AndroidForums, Justis.
I don't see why you couldn't... Once you are rooted, you would be able to remove your root binaries with no problem--you just have to make sure you do it while you still have root access.
Tell you what, I'll try to make an un-root package this weekend, too for this.
Cheers and glad you signed-up with us!
Thanks for the welcome I've been active on DroidForums and XDA, but this is the first time I've ended up here via Google. I'm only wondering because I'm thinking about returning my GNex to Verizon and ordering from Amazon (could save roughly $60). That's the only reason I haven't unlocked the bootloader yet. I want to backup my apps with Titanium so that if I decide to go that way I can quickly get back up and running on my new Nexus. Of course I would also have to return to stock afterwards so I can give Verizon back this Nexus.
The Following User Says Thank You to JustisLewis For This Useful Post:
Thanks for the welcome I've been active on DroidForums and XDA, but this is the first time I've ended up here via Google. I'm only wondering because I'm thinking about returning my GNex to Verizon and ordering from Amazon (could save roughly $60). That's the only reason I haven't unlocked the bootloader yet. I want to backup my apps with Titanium so that if I decide to go that way I can quickly get back up and running on my new Nexus. Of course I would also have to return to stock afterwards so I can give Verizon back this Nexus.
You are most welcome!
Yeah, it should be pretty simple to un-root... The mempodroid binary, when launched from an adb shell, allows the program you pass to it as an argument to gain root privileges, so if you follow the stuff I did when I tested all of this, you'll see that when you do
$ ./mempodroid 0xd7f4 0xad4b sh
your next prompt is "#" and you have root access at that point (but no su or Superuser.apk binaries installed). To unroot, you'd just have to get a rooted shell (like above) and just remove /system/bin/su and /system/app/Superuser.apk (and busybox of course, too--but I'm not sure about all of the softlinks that are created with the busybox --install that I added, so I'll have to research that a little bit ).
Cheers and let me know how it goes if you decide to use this .
scary is all of this done through terminal? or possibly linux? or windows command prompt?
VS,
Sorry for the delay, sir!
You'll have to do it with an adb session involved--the exploit depends on this, so you can't just do it on-phone via something like the Android Terminal Emulator (great app, by the way) or even as an app (trust me, I tried ).
I'm going to be making a Mac- and Linux-friendly version of the package/script tonight (I hope)...the last couple of nights have been very busy, so I've had the chance to do this (its really the flashing back to stock and re-flashing my phone that takes the most time).
I'm also going to do an un-rooter or at least give instructions for that, too.
I also need to post this stuff in the GSM area, too...so that's coming....
yeah the ninja is now pleased lol. on a lighter note.
make it very noob friendly, and i mean very noob friendly
LOL, you mean with instructions and comments and everything?
Awe, man!
I'd like to make it even be device-selectable, since the only thing that is GNex-specific is the offsets and I should be able to let you choose from a device list .
Device(s): Nexus 4, Nexus 7 (Retired: Galaxy Nexus, DX2, DInc 2, DInc, LG Ally)
Carrier: T-Mobile
Thanks: 6,246
Thanked 2,400 Times in 1,443 Posts
Quote:
Originally Posted by scary alien
Well, this really isn't Windows or Mac specific...its mostly adb-specific. So, if you know and are familiar with adb, its fairly straight-forward.
There's a ADB Guide that contains a "Mini-SDK" section with a downloadable sdk-tools.zip file that contains an "adb-mac" file that you can use in place of the "adb" referenced above.
Also, I think I could script this...it should be possible to do this, but I've just finished playing-around with this myself (need a few minutes to finish some other stuff up ).
Lemme know if you have other questions .
Cheers!
edit: you ninja'd me with your edits, LOL....yes, you basically start-up a terminal session and prefix your "adb" (or adb-mac) references with "./" (as in "./adb devices", etc.).
I am a Nexus ninja! That is all. And one who likes to repost OPs.
Location: Northern Virginia but from Southeast Ohio
Posts: 143
Device(s): Verizon Galaxy Nexus, Motorola Xoom 4G
Carrier: Not Provided
Thanks: 57
Thanked 54 Times in 43 Posts
scary alien,
I get a prompt that says the system cannot find the specified file and when I hit enter it just hangs at waiting for adb USB connectivity to your device.
When I installed the naked android usb driver the phone is displayed as a Samsung Galaxy Nexus under the android phone in device manager.
Do you have any tips?
Last edited by Paul1201; February 19th, 2012 at 09:23 AM.
I get a prompt that says the system cannot find the specified file and when I hit enter it just hangs at waiting for adb USB connectivity to your device.
When I installed the naked android usb driver the phone is displayed as a Samsung Galaxy Nexus.
Do you have any tips?
Paul, can you post a copy/paste of what you are seeing (i.e., especially with regard to the "system cannot find specified file" thing).
Usually getting adb USB connectivity is a little easier than the fastboot connectivity and the Naked drivers are a good choice.
Also, you can verify that you've got adb USB connectivity with your phone ahead of time by typing adb devices (it should respond back with your phone's serial number).
That's help you determine ahead of time that the .bat script should work.
Just let me know a few more details and we'll get you sorted-out .
Location: Northern Virginia but from Southeast Ohio
Posts: 143
Device(s): Verizon Galaxy Nexus, Motorola Xoom 4G
Carrier: Not Provided
Thanks: 57
Thanked 54 Times in 43 Posts
Okay I did it slightly differently than diverbelow. Once I got root I then downloaded root explorer and used that to place the OTA in the /cache folcer (after renaming it to update.zip just copy and paste via root explorer which can all be down on the phone). Then rerooted using same script from above. All I have to do now is reinstall all of my root required apps from my OG Droid (TiBU, etc.).
Thank you again scary alien!!!
The Following User Says Thank You to Paul1201 For This Useful Post:
Location: Northern Virginia but from Southeast Ohio
Posts: 143
Device(s): Verizon Galaxy Nexus, Motorola Xoom 4G
Carrier: Not Provided
Thanks: 57
Thanked 54 Times in 43 Posts
Okay now I am really confused.
I reran the root script after updating to 4.0.4 and it finished. Root Explorer is installed and working with superuser permission. Downloaded TiBu and Busybox and they are denied supperuser permission. Downloaded root checker and it says I do not have root. Ran the unroot script and reran the root script with the same results.
According to the log in Superuser the only app getting permission is Root Explorer. Volume +, TiBu, and Busybox are all denied.
I reran the root script after updating to 4.0.4 and it finished. Root Explorer is installed and working with superuser permission. Downloaded TiBu and Busybox and they are denied supperuser permission. Downloaded root checker and it says I do not have root. Ran the unroot script and reran the root script with the same results.
According to the log in Superuser the only app getting permission is Root Explorer. Volume +, TiBu, and Busybox are all denied.
Paul,
Try deleting those entries from the Superuser app and then using the apps again (so that you'll be prompted for permission)...that way, the Superuser whitelist app will be re-asked for permission to run.
I'm guessing that they just got marked at "denied" in its database and that's why they aren't being granted permission.
Since the un-root function that I installed simply deletes the su binary and the Superuser.apk file, maybe I need to find its database and delete it, too? (that might account for the "remembering" that appears to be going on here). So, maybe I'll need to issue an "adb uninstall Superuser.apk", etc. to do the removal of the Superuser app.
Location: Northern Virginia but from Southeast Ohio
Posts: 143
Device(s): Verizon Galaxy Nexus, Motorola Xoom 4G
Carrier: Not Provided
Thanks: 57
Thanked 54 Times in 43 Posts
scary,
I deleted the logs and retried openning the apps with the same results.
I clicked on Root Explorer on the apps tab (the only one listed) and Superuser allows me to toggle its permissions. SHould I delete it from the apps list also to clear everything from Superuser?
I deleted the logs and retried openning the apps with the same results.
I clicked on Root Explorer on the apps tab (the only one listed) and Superuser allows me to toggle its permissions. SHould I delete it from the apps list also to clear everything from Superuser?
I don't know what you mean by deleting the logs?
What I meant to say was go into the Superuser app, find the entries for say, TiBu, click on that entry, and delete the entire TiBu entry from the Superuser app by clicking on the trashcan icon at the bottom of the screen. That should remove its entry entirely from the database that Superuser keeps and will cause the Superuser app to be asked, once you've re-launched TiBu, and you'll be prompted for permission for TiBu to be granted root rights again.
Does that make sense (or did I say the same thing you just did, LOL )?
Location: Northern Virginia but from Southeast Ohio
Posts: 143
Device(s): Verizon Galaxy Nexus, Motorola Xoom 4G
Carrier: Not Provided
Thanks: 57
Thanked 54 Times in 43 Posts
scary,
Makes sense, however root explorer is the only app listed on that screen. If you swipe the screen to the left it shows the log of apps that have requested Superuser permission. None of the other apps have ever made it to the app list since I did not install them until after applying the 4.0.4 update and they have all been denied superuser permission. Root explorer I installed to copy the OTA file into the cache/ partition.
Also when I ran the unroot script Superuser was not removed after the 4.0.4 update was completed. Is there something about the update that requires a change to the script to root/unroot?
Makes sense, however root explorer is the only app listed on that screen. If you swipe the screen to the left it shows the log of apps that have requested Superuser permission. None of the other apps have ever made it to the app list since I did not install them until after applying the 4.0.4 update and they have all been denied superuser permission. Root explorer I installed to copy the OTA file into the cache/ partition.
Also when I ran the unroot script Superuser was not removed after the 4.0.4 update was completed. Is there something about the update that requires a change to the script to root/unroot?
Sorry for the delay in my reply, Paul...my stupid desktop PC crashed...<grrr>.
Anyways, I'm thinking this all has to do with how I only implemented a delete or the /system/app/Superuser.apk file and didn't do a proper uninstall of it and left a confused database behind.
I'm trying to do a manual uninstall using adb, but I'm getting a "failure" message that tells me that I might have to just do a recursive delete of the database files myself.
I just took a Nandroid backup so I can play with this a little more. Gimme a little bit to play and think about this...
No problem. I'm getting busy now myself. Graduate level education takes up a lot of time.
Paul,
LOL, sorry for the delay...had to flash back to stock 4.0.2 (the mempodroid exploit does not appear to work at all on the AOKP ROM, so I had to backup, flash back, and then tweak the scripts).
I added the removal of the /data/data/com.noshufou.android.su directory to the unrooting scripts and added a reboot after the unroot.
I also added extra checks to see if the files are (for rooting) and are not (for un-rooting) present and displayed the output of the ls (list files) commands.
I'll update the OP above (in a minute--give me 5 minutes or so to upload) with a new .zip file that you can try if you want to do the root and unroot process--it should be a little cleaner for the unroot phase.
Location: Northern Virginia but from Southeast Ohio
Posts: 143
Device(s): Verizon Galaxy Nexus, Motorola Xoom 4G
Carrier: Not Provided
Thanks: 57
Thanked 54 Times in 43 Posts
scary,
I tried the new script and still no joy (downloaded it after 3:30 EST). I uninstalled and reinstalled all the drivers for Windows, and uninstalled all the apps requiring root except Volume +. Cleared the log in Superuser and went ahead and removed Root Explorer also. When I run the unroot script Superuser is not uninstlled but the phone roboots and the script finishes by prompting me to press any button to continue.
I am starting to think it may be something with the 4.0.4 OTA not allowing this exploit unless you have verified that it works on 4.0.4.
LinkBack to this Thread: http://androidforums.com/verizon-galaxy-nexus-all-things-root/499117-galaxy-nexus-root-un-root-without-unlocking-bootloader.html
11Likes
Galaxy Nexus root / un-root without unlocking bootloader
.
.
