eagle nexus
Newbie
I typed typed it in and now says, "new-host-4:simple-gnex-root-unroot patrickutz$". Is that correct? Do I now just type in, ". ./root-unroot-for-linux-osx.sh", and press enter?
-
After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.
[Verizon] Galaxy Nexus root / un-root without unlocking bootloader
- Thread starter scary alien
- Start date
-
- Tags
- galaxy nexus
I typed typed it in and now says, "new-host-4:simple-gnex-root-unroot patrickutz$". Is that correct? Do I now just type in, ". ./root-unroot-for-linux-osx.sh", and press enter?
I hope/think so...that looks like a Unix prompt (i.e., where the prompt includes your current folder's name) and the "$" portion is a standard shell prompt.
You might be prompted with your administrator (root) password for your system (that's to make sure the adb-daemon is started-up with the proper permissions).
eagle nexus
Newbie
One last question, should the phone be on recovery mode, or can you just leave it on one of your home screens? Also, this does not wipe any of your phone's data, right? Thank you for all the help!
One last question, should the phone be on recovery mode, or can you just leave it on one of your home screens? Also, this does not wipe any of your phone's data, right? Thank you for all the help!
It should work just fine while your booted-up in normal Android--as long as you've got USB debugging enabled.
Assuming all goes right, it will reboot your phone after it installs the root binaries.
No, it does not delete your phone's data--it simply pushes some work files to the /data/local directory, installs the su and Superuser.apk in the /system folder, and then cleans-up after itself (i.e., deletes the work files from /data/local).
eagle nexus
Newbie
After typing root and pressing enter, this popped up, "-bash: typeset: -l: invalid option
typeset: usage: typeset [-afFirtx] [-p] name[=value] ...
-bash: ./root-unroot-for-linux-osx.sh: line 45: syntax error in conditional expression: unexpected token `('
-bash: ./root-unroot-for-linux-osx.sh: line 45: syntax error near `@(r'
-bash: ./root-unroot-for-linux-osx.sh: line 45: `if [[ "$function" = @(root|unroot) ]]; then'
new-host-4:simple-gnex-root-unroot patrickutz$". What should I type in next?
Hmm, I don't exactly know...you're clearly running the script I wrote and it runs from the bash shell in Linux (Ubuntu 10.x) just fine...that script was actually modeled after one that I saw that was written by Dan Rosenberg (although I'll admit his was much simpler than mine in some ways) and it was for both Linux and Mac systems.
Since the script doesn't appear to be working for you and I won't have access to a Mac for at least another couple of weeks when my daughter comes home from college, you could try to do things manually. The manual process is documented in the first post underneath a couple of "Show" buttons (hide tags) in the "Original Thread Content" section.
Sorry that the script doesn't work for you, but it would be very difficult for me to debug it for you Mac system without having direct access to it (LOL, it was hard-enough on my laptop
)--but all the pieces are there for you to try it manually if you are so inclined.Good luck!
eagle nexus
Newbie
Thank you so much for trying to help me root my gnex. I think I'll just wait until you can fix it by gaining access to a macbook
Again, thank you!!!!!
Again, thank you!!!!!
onfire4g05
Lurker
Eagle, this should work in Mac OS... I changed it to work on mine.
Now, if only I had read the post completely before rooting and installing 4.0.4. PLEASE remember to install the root keeper app as mentioned in the first post as this exploit doesn't work as-is in 4.0.4! I really hope the exploit still exists in 4.0.4 and someone can get the offsets needed, as I want root back for other shenanigans. Root will help ease the pain later when/if I decide to unlock the bootloader.
Code:
echo
echo "# =========================================================================="
echo "# Samsung Galaxy Nexus Simple Root by AndroidForums 'scary alien'"
echo "#"
echo "# Written for and tested on Samsung Galaxy Nexus running stock Android 4.0.2"
echo "#"
echo "# This script will install the root binaries (su, Superuser.apk) on an"
echo "# unrooted GNex without needing to unlock the bootloader"
echo "#"
echo "# For additional details, credits, etc., please visit:"
echo "#"
echo "# http://androidforums.com/verizon-galaxy-nexus-all-things-root/499117-root-gnex-without-unlocking-bootloader-yep.html"
echo "#"
echo "# Instructions:"
echo "#"
echo "# 1) Make sure you have the adb USB device drivers installed"
echo "#"
echo "# 2) Make sure you have USB debugging enabled on your phone"
echo "#"
echo "# 3) Connect your phone and computer via your USB cable"
echo "#"
echo "# 4) Run this script from the same directory where the rest of the"
echo "# files from the extracted .zip file are located"
echo "#"
echo "# =========================================================================="
echo "#"
systype=$(uname) # what kind of system are we running?
if [[ "$systype" = "powerpc" ]]; then
echo " *** Sorry, don't think this script will work on a PowerPC system"
echo
return 1
fi
if [[ "$systype" = "Darwin" ]]; then # are we a Mac?
adb="./adb-mac"
else
adb="./adb-linux" # must be Linux
fi
chmod a+x $adb # make sure adb is executable
echo "Would you like to 'root' or 'unroot' your Galaxy Nexus?"
read answer
function="$answer"
if [[ "$function" = "root" || "$function" = "unroot" ]]; then
noop=1 # good answer
else
echo " *** Sorry, I don't understand '$answer' as an option"
echo " Please try again and respond with either 'root' or 'unroot'."
echo
exit 0
fi
echo
echo "Press the <enter> key to $function your Galaxy Nexus"
read -n 1 -s # pause / wait for confirmation to continue
echo "[*] securing the adb utility..."
echo "#"
echo "[*] waiting for adb USB connectivity to your device"
sudo $adb wait-for-device
echo "#"
echo "[*] connectivity established! here we go! :)"
echo "#"
echo "[*] pushing our binaries and scripts over to the phone..."
$adb push mempodroid /data/local/mempodroid # we need this to gain temporary root access
$adb push script1-${function}.sh /data/local/script1-${function}.sh
$adb push script2-${function}.sh /data/local/script2-${function}.sh
$adb shell chmod 777 /data/local/script1-${function}.sh
$adb shell chmod 777 /data/local/script2-${function}.sh
$adb shell chmod 777 /data/local/mempodroid
if [[ "$function" = "root" ]]; then
$adb push su /data/local/su
$adb push Superuser.apk /data/local/Superuser.apk
echo "#"
echo "[*] securing work files..."
echo "#"
echo "[*] rooting the phone..."
$adb shell sh /data/local/script1-${function}.sh
echo "#"
echo "[*] cleaning-up /data/local..."
$adb shell rm /data/local/su
$adb shell rm /data/local/Superuser.apk
echo "[*] rebooting your phone"
$adb reboot
echo "[*] waiting for reboot to complete"
$adb wait-for-device
echo "#"
echo "# Congratulations, your GNex has just been rooted :)"
echo "#"
echo "# Use your new root powers carefully and wisely."
echo "#"
fi
if [[ "$function" = "unroot" ]]; then
echo "[*] un-rooting the phone..."
$adb shell sh /data/local/script1-${function}.sh
echo "[*] rebooting your phone"
$adb reboot
echo "[*] waiting for reboot to complete"
$adb wait-for-device
echo "#"
echo
echo "# your GNex has been un-rooted."
echo
fi
echo "# final clean-up..."
$adb shell rm /data/local/mempodroid
$adb shell rm /data/local/script1-${function}.sh
$adb shell rm /data/local/script2-${function}.sh
echo
echo "# --- all done ---"
$adb kill-serverNow, if only I had read the post completely before rooting and installing 4.0.4. PLEASE remember to install the root keeper app as mentioned in the first post as this exploit doesn't work as-is in 4.0.4! I really hope the exploit still exists in 4.0.4 and someone can get the offsets needed, as I want root back for other shenanigans.
Root will help ease the pain later when/if I decide to unlock the bootloader.
Eagle, this should work in Mac OS... I changed it to work on mine.
<code snipped>
Now, if only I had read the post completely before rooting and installing 4.0.4. PLEASE remember to install the root keeper app as mentioned in the first post as this exploit doesn't work as-is in 4.0.4! I really hope the exploit still exists in 4.0.4 and someone can get the offsets needed, as I want root back for other shenanigans.
onfire4g05,
That is awesome! Thank you for that
.If you don't mind, I'd like to update the .zip package to include your code (after I compare it to see what the differences and issues were, of course).
By the way, little update on the 4.0.4 root efforts: I was able to identify what I believe the proper offsets were for the 4.0.4 ICS on the GNex--unfortunately, they didn't work for me
.I'm still waiting to hear back from saurik regarding whether or not I've identified the proper offsets or not (I'm expecting he'll try to identify them himself like he did for 4.0.2). If he does and it still doesn't achieve root, then it might be the case that the exploit has been patched in 4.0.4
().I'll keep you all posted, of course.
Thanks again!
onfire4g05
Lurker
Sure! I don't mind you doing that. I got in the IRC and asked him for the offsets myself... waiting to hear back.
Do you mind posting the offsets you tried?
I got in the IRC and asked him for the offsets myself... waiting to hear back.Do you mind posting the offsets you tried?
Sure! I don't mind you doing that.
Do you mind posting the offsets you tried?
Not at all:
4.0.2 offsets (kindly provided by saurik): 0xd7f4 0xad4b
4.0.4 offsets (speculation on my part): 0xd7cc 0xad27
I didn't post them here because they didn't work for me and I didn't want to get anyone's hopes up.
Thank you for posting on the IRC area, too--hopefully, Jay will respond to one of us (I've exchanged a few emails with him, too, but he's indicated much prefers IRC--which is strange because he's never responded to me via IRC
).Let me know if you have any luck (perhaps you'll have more success with a freshly-booted device (I tried many offsets prior to identifying the ones above--maybe that affected it somehow?)).
Cheers!
onfire4g05
Lurker
Jay confirmed through IRC that they are the same as Nexux S (the same you used).
0xd7cc 0xad27
It isn't working for me either though, so I'm guessing Google may have patched the kernel.
0xd7cc 0xad27
It isn't working for me either though, so I'm guessing Google may have patched the kernel.
Wow, I hadn't noticed that...I'll try to extract the run-as binary from Nexus S 4.0.3 image and compare to the GNex 4.0.4 version (I'm guessing they'll be identical, but that does beg the question (to me at least), why doesn't this work on the GNex? -- unless the exploit hole was indeed patched
).Glad he responded to you and thanks for the feedback!
Okay guys, I did a little test to help confirm that the mempodipper exploit is indeed closed in 4.0.4 .
I installed the 4.0.2 run-as file in my 4.0.4 setup and was unable to achieve root with the mempodroid utility provided by saurik.
Nothing FC'd or anything for me in 4.0.4 with the 4.0.2 run-as file installed, but since I couldn't gain root, to me, that does confirm that the exploit has been closed in 4.0.4.
So, for now, it looks like if you want to get root with 4.0.4 (or higher), you'll need to carry root with you via OTA RootKeeper or root the traditional way via unlocking your bootloader, etc.
-SA
.I installed the 4.0.2 run-as file in my 4.0.4 setup and was unable to achieve root with the mempodroid utility provided by saurik.
Nothing FC'd or anything for me in 4.0.4 with the 4.0.2 run-as file installed, but since I couldn't gain root, to me, that does confirm that the exploit has been closed in 4.0.4.
So, for now, it looks like if you want to get root with 4.0.4 (or higher), you'll need to carry root with you via OTA RootKeeper or root the traditional way via unlocking your bootloader, etc.
-SA
Just wanted to let everyone know that I restored to stock 4.0.2 and then rerooted using this script. I then installed OTA Rootkeeper and Root Explorer. Made sure OTA Rootkeeper was functioning and then reinstalled the 4.0.4 update by using Root Explorer to copy the file into the /cache partition after renaming it to update.zip and going into stock recovery. After the update completed I opened OTA Rootkeeper to reroot and then installed Titanium Backup. So I am finally where I wanted to be but with an unlocked bootloader and the knowledge how to restore to stock if needed.
Thanks again scary for all your help both here and in private messaging.
Thanks again scary for all your help both here and in private messaging.
eagle nexus
Newbie
Should the verizon galaxy nexus already have received the ota 4.0.3 update? Mine is still 4.0.2 and i didn't root it yet (not enough time)
I haven't heard that there's been an official OTA yet...for 4.0.3 or for what I'm guessing might actually be 4.0.4. I wouldn't think that it would be too much longer given how long the 4.0.4 leak has been out.
Cheers!
lickwidravr
Android Enthusiast
Well, i would like to report that i am a major noob at rooting/unrooting/flashing/romming/blah blah blah. LOL. Well i took the plunge to root without unlocking given here by scary alien......thank you so much. My main priority was to test out 4.0.4 and see how the new radios work out. In my area i am on the border of good/bad service so i've had major battery issues in regards to that. I was skeptical to originally unlock the bootloader, then root, then update because i didn't want to wipe the SD by unlocking.
Thanks to this method, that wasn't needed. I rooted (extremely easy using the .bat, literally took 30 seconds and couldn't be easier), downloaded CWM, flashed recovery, copied the update to the sd, booted to recovery and updated.
The phone is finishing a reboot after updating and i'll report anything i find.
I cannot thank you enough Scary Alien!!!!!!
Thanks to this method, that wasn't needed. I rooted (extremely easy using the .bat, literally took 30 seconds and couldn't be easier), downloaded CWM, flashed recovery, copied the update to the sd, booted to recovery and updated.
The phone is finishing a reboot after updating and i'll report anything i find.
I cannot thank you enough Scary Alien!!!!!!
diverbelow
Newbie
4.0.3 is to bring tablets and Nexus S to current.
Now, if you want to bring your phone to 4.0.4 without rooting. Here is how I got 4.0.4 on my GN modifying some steps that SA first posted.
eagle nexus
Newbie
Before I attempt to root my phone again, one quick question, does this method also unlock the boot loader (without wiping data)? Also, I heard (in some forum) that if you root your phone without unlocking the boot loader, you can't flash custom roms.
eagle nexus
Newbie
I tried rooting my phone again but this popped up:"Would you like to 'root' or 'unroot' your Galaxy Nexus?
root
-bash: typeset: -l: invalid option
typeset: usage: typeset [-afFirtx] [-p] name[=value] ...
-bash: ./root-unroot-for-linux-osx.sh: line 45: syntax error in conditional expression: unexpected token `('
-bash: ./root-unroot-for-linux-osx.sh: line 45: syntax error near `@(r'
-bash: ./root-unroot-for-linux-osx.sh: line 45: `if [[ "$function" = @(root|unroot) ]]; then'
new-host-4:simple-gnex-root-unroot patrickutz$"
root
-bash: typeset: -l: invalid option
typeset: usage: typeset [-afFirtx] [-p] name[=value] ...
-bash: ./root-unroot-for-linux-osx.sh: line 45: syntax error in conditional expression: unexpected token `('
-bash: ./root-unroot-for-linux-osx.sh: line 45: syntax error near `@(r'
-bash: ./root-unroot-for-linux-osx.sh: line 45: `if [[ "$function" = @(root|unroot) ]]; then'
new-host-4:simple-gnex-root-unroot patrickutz$"
No, this method does NOT unlock the bootloader--that's the beauty of it!
Having a locked bootloader prevents you from using fastboot to flash or soft-boot an image.
I hadn't really thought about whether it keeps you from flashing a custom ROM, but lickwidravr's post above says that it doesn't prevent you--and this rings true to me since I believe ROM Manager (lickwidravr said "CWM", but I think he meant ROM Manager was what he downloaded) uses flash_image to overwrite (flash) the recovery partition.
I'll double-check all of this and get back with you...
eagle nexus, see the above post #83 by onfire4g05 (http://androidforums.com/verizon-galaxy-nexus-all-things-root/499117-galaxy-nexus-root-un-root-without-unlocking-bootloader-2.html#post3995876) re. his tweaked version of the root-unroot-for-linux-osx.sh script.
Apologies for not getting the .zip package update to include his script...I'll do that now (or you can just copy and paste his script if you don't want to wait).
I'll probably have to separate the Linux script from the Mac script since the bash shell clearly doesn't like me using the typeset option in my scripts.
I'll update the first post, too for the instructions.
Give me a little bit and I'll bump the thread when I've finished updating it.
Thanks!
eagle nexus
Newbie
Thank you, i'll wait until you update .zip file, I'm too noob to understand his script. Must learn more about script and programming.
Thank you, i'll wait until you update .zip file, I'm too noob to understand his script. Must learn more about script and programming.
No problem!
Okay, I've updated the first post to include onfire4g05's version of the shell script for Mac/OSX: root-unroot-for-mac-osx.sh.
Check it out and let me know...
I'm still working on your bootloader questions...I'm pretty sure that lickwidravr was spot-on, but it's good to have personal experience and confirmation
.Cheers!
eagle nexus
Newbie
Successfully rooted! Thank you soooooooooooooooo much!!!!!!!!!!!!
Thank you soooooooooooooooo much!!!!!!!!!!!!