How to Root Your Galaxy Nexus Without Unlocking the Bootloader (Video)


Root is one of those Android Power User things lets you do all kinds of cool things. Unfortunately it usually involves unlocking the bootloader and installing an SU hack. This can mean wiping your device in the process. If you’ve got a Galaxy Nexus, some attention to detail, and are willing to take the risk, you can root your smartphone without OEM unlocking it (and wiping it in the process).

This comes to us from Efrant, Bin4ry, and some other talented folks at XDA Developers.


0) Assume the risk that this could break things
1) Download the files from the XDA article to your computer and unzip them
2) Open a command prompt with administrative privileges in that same directory
3) Copy the root files to your device:

adb push su /data/local/tmp/su
adb push Superuser.apk /data/local/tmp/Superuser.apk

4) Restore the fake “backup”. Note: do not click restore on your device. Just enter the command into the command prompt on your PC and press the enter key.

adb restore fakebackup.ab

5) Run the “exploit”

adb shell “while ! ln -s /data/local.prop /data/data/; do :; done”

6) Now that the “exploit” is running, click restore on your device.
7) Once it finishes, reboot your device. Note: Don’t use your phone yet, this exploit reboots your phone into emulator mode which will be laggy with a flickering screen (or no display at all). This is normal.

adb reboot

8) Once rebooted, open a shell

adb shell

Check: Once you do step 8, your should have a root shell (your prompt should be #, not $). If it’s not #, start again from step 4.

9) Mount the system partition as r/w

mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system

10) Copy su to /system

cat /data/local/tmp/su > /system/bin/su

11) Change permissions on su

chmod 06755 /system/bin/su

12) Symlink su to /xbin/su

ln -s /system/bin/su /system/xbin/su

13) Copy Superuser.apk to /system

cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk

14) Change permissions on Superuser.apk

chmod 0644 /system/app/Superuser.apk

15) Remove the file that the exploit created

rm /data/local.prop

16) Exit the ADB shell ( You may have to type exit twice to get back to your command prompt.)


17) Type the following

adb shell “sync; sync; sync;”

18) Reboot

adb reboot

19) Fire up your Terminal Emulator and type “su” to see if you’re asked to allow superuser permissions. If you are, you’re all done!

Note: If you still do not have root access after doing these steps, redo them and add this step between 10 and 11:

10b) Change the owner of su

chown 0.0 /system/bin/su

(Note: in this video I messed up somewhere with one of the Superuser.apk steps. I used adb to re-push it, then picked up at step 13 again. This was cut from the video for clarity and time, but if you have a good eye and see my mistake, that’s what happened, and how I corrected it.)

Source: XDA



What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Joe Levi
Joe graduated from Weber State University with two degrees in Information Systems and Technologies. He has carried mobile devices with him for more than a decade, including Apple's Newton, Microsoft's Handheld and Palm Sized PCs, and is Pocketnow's "Android Guy".By day you'll find Joe coding web pages, tweaking for SEO, and leveraging social media to spread the word. By night you'll probably find him writing technology and "prepping" articles, as well as shooting video.Read more about Joe Levi here.