How to Root Galaxy Nexus without unlocking Bootloader

Last Updated on 05/10/2022

How to Root Galaxy Nexus without unlocking Bootloader

This is a great news for Samsung Galaxy Nexus users! There was no way to root the Galaxy Nexus without unlocking the bootloader of the device. Although unlocking your Galaxy Nexus bootloader is not difficult as it’s just a matter of performing one command, what is most difficult is the fact that unlocking the bootloader completely erases device’s data. It is possible to back up data and apps without rooting in ICS or Jelly Bean and restore the backup later. However it is necessary to manually backup all internal storage files such as photos, documents media, documents and more. This is definitely not practical for all users. You can now do not have to be concerned about unlocking your device to gain root access!

Efrant Moderator at XDA-Developers ‘ forum, has published an easy procedure for rooting Android devices that run ICS as well as Jelly Bean without unlocking the bootloader. ( Root any version of ICS and JB that has been released up to date). The primary credit is due to Bin4ry, who has found an exploit for the timing differences in the “adb restore” command that allows it to be done. However, the the 1-click root batch script developed by Bin4ry isn’t working with Galaxy Nexus, so we can do it using the command line following the instructions of efrant.

Note Note: This doesn’t erase any data from your device, but it is advised to backupyour important information prior to moving forward. We are not responsible for any loss of data.

Instructional – Rooting Galaxy Nexus without unlocking the bootloader

It must be done using ADB which is why you need to you must download then install USB driver first on your Galaxy Nexus. It is possible to skip this step If ADB drivers already installed on your Nexus.

1. Download ‘Root-without-unlock.zip‘ and extract it to a folder on your desktop.

2. Switch off USB Debugging in your gadget ( Settings > Developer Options > Allow USB Debugging) and connect it to your computer using a USB cable.

3. Right-click the folder ‘Root-without-unlock’ while holding down the Shift key, and select ‘Open command window here’.

4. The command prompt will appear. You can enter the commands ADB devices to verify the phone’s properly connected to ADB. ADB interface.

5. Enter the following commands separately for copying the files from root ( use copy-paste).

adb push su /data/local/tmp/su

adb push Superuser.apk /data/local/tmp/Superuser.apk

6. Enter the adb restore fakebackup.ab to restore the fake “backup”.

NOTE: Do not click to restore your device. Simply type the command into the command prompt on your computer and then press enter.

7. Use the following command to execute”exploit “exploit”.


Adb shell “while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; do :; done”

8. Once you know that the “exploit” is running, select ‘Restore my information’ in your phone. (At this point, CMD will probably show several lines that say ‘a Link failed’ and ‘file is present’).

Important When you click restore, you’ll be able to see the notification for restoring on the screen of your phone after which it will read’restore finished’. If you don’t, you can try it again using step 3.

9. After it is done, type the adb reboot to restart your device.

NOTE: Do Not try and use your device after the day you restart. This exploit can reboot your device to emulator mode, which means it will become sluggish and the screen may flicker This is normal.

10. After rebooting the phone after rebooting, type the adb shell to start the shell.

Note You should now be able to access a root shell, i.e. the prompt you are given should read # instead of $. If it’s not, it’s not work. (Refer to the picture above)

11. Enter mount -o remount,rw-t the ext4 device /dev/block/mmcblk0p1 for mounting the partition of the system as an R/W.

12. Enter cat /data/local/tmp/su > /system/bin/su to copy su to /system.

13. Enter the chmod 06755 command in system/bin/su to modify the permissions of su.

14. Enter ln -s /system/bin/su /system/xbin/su to symlink su to /xbin/su.

15. Enter cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk to copy Superuser.apk to /system.

16. Enter chmod 0644 /system/app/Superuser.apk to change permissions on Superuser.apk.

17. Enter the command rm /data/local.prop to delete the file that was created by the exploit.

18. Enter the the exit to close from the ADB shell.

19. Type Adb shell “sync; sync; sync;”

20. Reboot device using adb reboot

Now you’re done! Your Galaxy Nexus is now rooted, without the need to open the bootloader. Verify root access by downloading Root Checker from Google Play. root checker application from Google Play.

We’ve tested the procedure above on a GSM Galaxy Nexus running Android 4.1.1 JB. This method is likely to work on Google Nexus 7 as well I haven’t tested it yet.

Google could patch this vulnerability with future patches. We’ll see how long this will last.

The source: XDA, Special thanks to Bin4ry and Efrant.

Update As you would expect, Google has patched the hole beginning with JZO54K. This means that it won’t be available for Android 4.1.2 JZO54K or newer.

Bert Hoxton

Bert Hoxton