How to Root Your Galaxy Nexus Without Unlocking the Bootloader (Video)
Root is one of those Android Power User things lets you do all kinds of cool things. Unfortunately it usually involves unlocking the bootloader and installing an SU hack. This can mean wiping your device in the process. If you’ve got a Galaxy Nexus, some attention to detail, and are willing to take the risk, you can root your smartphone without OEM unlocking it (and wiping it in the process).
This comes to us from Efrant, Bin4ry, and some other talented folks at XDA Developers.
0) Assume the risk that this could break things
1) Download the files from the XDA article to your computer and unzip them
2) Open a command prompt with administrative privileges in that same directory
3) Copy the root files to your device:
adb push su /data/local/tmp/su
adb push Superuser.apk /data/local/tmp/Superuser.apk
4) Restore the fake “backup”. Note: do not click restore on your device. Just enter the command into the command prompt on your PC and press the enter key.
adb restore fakebackup.ab
5) Run the “exploit”
adb shell “while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; do :; done”
6) Now that the “exploit” is running, click restore on your device.
7) Once it finishes, reboot your device. Note: Don’t use your phone yet, this exploit reboots your phone into emulator mode which will be laggy with a flickering screen (or no display at all). This is normal.
8) Once rebooted, open a shell
Check: Once you do step 8, your should have a root shell (your prompt should be #, not $). If it’s not #, start again from step 4.
9) Mount the system partition as r/w
mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
10) Copy su to /system
cat /data/local/tmp/su > /system/bin/su
11) Change permissions on su
chmod 06755 /system/bin/su
12) Symlink su to /xbin/su
ln -s /system/bin/su /system/xbin/su
13) Copy Superuser.apk to /system
cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
14) Change permissions on Superuser.apk
chmod 0644 /system/app/Superuser.apk
15) Remove the file that the exploit created
16) Exit the ADB shell ( You may have to type exit twice to get back to your command prompt.)
17) Type the following
adb shell “sync; sync; sync;”
19) Fire up your Terminal Emulator and type “su” to see if you’re asked to allow superuser permissions. If you are, you’re all done!
Note: If you still do not have root access after doing these steps, redo them and add this step between 10 and 11:
10b) Change the owner of su
chown 0.0 /system/bin/su
(Note: in this video I messed up somewhere with one of the Superuser.apk steps. I used adb to re-push it, then picked up at step 13 again. This was cut from the video for clarity and time, but if you have a good eye and see my mistake, that’s what happened, and how I corrected it.)