Database Users

returning the Nexus S How do I unroot it

I am returning my nexus s back to bestbuy tomorrow. How do i go about unrooting it?
Thank you
(There isn't a Q and A section made up for the NS yet so i posted my question here)

"fastboot oem lock"
just relock the bootloader and restore to factory settings.... that's all they will check for...

jtn7040 said:
"fastboot oem lock"
just relock the bootloader and restore to factory settings.... that's all they will check for...
Click to expand...
Click to collapse
I did relock the bootloader but I still had root. I didn't factory restore yet but would that make a difference?
I just don't want to take it back up there and they find out its rooted.
Sent from my Evo using Swype and Tapatalk!

Can anyone please help with this? I'm trying to unroot this thing so that I can return it
I relocked the bootloader then did a factory reset and nothing changed..all my apps are still on the phone and the screens are still organized nor did the setup screen appear.

You need to use adb to go in the file system and delete all trace of superuser and busybox. That is the only things rooting does, places those files on your phone and changes file permissions. File permissions, they won't look for, but I've had best buy scroll through the app drawer on multiple occasions looking for superuser/rom manager.
I have attached a zip containing all the files needed for adb. Since they no longer package adb with the sdk. Just open command prompt and cd to the directory containing adb. Make sure your phone has Usb Debugging enabled, then connect your phone.
You might need to download usb drivers in order for windows to recognize the device, but probably not. Once your phone is connected, do the following.
Code:
adb devices
adb shell
su
rm /system/app/Superuser.apk
rm /system/bin/su
rm /system/bin/busybox
rm /system/bin/rootshell
reboot

You need to restore a pre-unlock backup. I'm guessing you didn't bother backing up the phone?
http://forum.xda-developers.com/showthread.php?t=875184
http://forum.xda-developers.com/showthread.php?p=9869067#post9869067

shrivelfig said:
You need to restore a pre-unlock backup. I'm guessing you didn't bother backing up the phone?
http://forum.xda-developers.com/showthread.php?t=875184
http://forum.xda-developers.com/showthread.php?p=9869067#post9869067
Click to expand...
Click to collapse
Just look at my previous post, he doesn't have to do anything else.

ryude said:
You need to use adb to go in the file system and delete all trace of superuser and busybox. That is the only things rooting does, places those files on your phone and changes file permissions. File permissions, they won't look for, but I've had best buy scroll through the app drawer on multiple occasions looking for superuser/rom manager.
Code:
su
rm /system/app/Superuser.apk
rm /system/bin/su
rm /system/bin/busybox
rm /system/bin/rootshell
reboot
Click to expand...
Click to collapse
Personally, I doubt Best Buy will even check for root. You really think they're that clever at the returns desk? Seriously.
I've never read reports of people saying Best Buy wouldn't take my phone back because it was rooted, but I never looked for them either.
How would they even check for it? You should always factory reset a phone before returning it, so you're not going to have any apps on there where they can open the app drawer and see you've got a root-required app like Root Explorer or SuperUser. They're definitely not going to attach the phone to a computer and poke around with adb.
On top of that, where on the phone's receipt does it say "no refunds on rooted devices"? It doesn't. Let the factory or the open box buyer worry about, however Best Buy disposes of the phone.
I suspect that all they'll do is check the phone for physical damage. They might turn it on to make sure it's still functional, so the fastboot oem lock is a must, just to be safe.
If I were going to return mine, and had your concern, I'd just follow @ryude's instructions; seems less likely to screw things up than messing around with fastbooting an image dump, but both are pretty safe procedures.
Please come back and let us all know exactly how the return process goes for you. What they checked, what they asked. Thanks!

shrivelfig said:
You need to restore a pre-unlock backup. I'm guessing you didn't bother backing up the phone?
http://forum.xda-developers.com/showthread.php?t=875184
http://forum.xda-developers.com/showthread.php?p=9869067#post9869067
Click to expand...
Click to collapse
How was he supposed to backup the phone before unlocking it? You need clockwork recovery to do a nandroid, don't you? ROM manager requires root to work, right?
This isn't a challenge, just curious how you backed up your phone in a manner that lets you restore a non-rooted image before unlocking and rooting.
Also, this makes me wonder how you get rid of CWM Recovery. Removing su/busybox/root doesn't do it, and fastboot oem lock doesn't. Hmmm, need to research/read up on that.

Depends if CWM is built into the kernel or not. If so, just flash stock kernel and you'd have stock recovery again.
If it's the CWM you get from Rom Manager, you can remove it by pressing "Flash to SPRecovery" at the bottom of Rom Manager.

distortedloop said:
Also, this makes me wonder how you get rid of CWM Recovery. Removing su/busybox/root doesn't do it, and fastboot oem lock doesn't. Hmmm, need to research/read up on that.
Click to expand...
Click to collapse
Reflash the stock recovery image. There's a thread for that file.
Fastboot flash recovery recovery.img
Sent from my Nexus S

ryude said:
Depends if CWM is built into the kernel or not. If so, just flash stock kernel and you'd have stock recovery again.
If it's the CWM you get from Rom Manager, you can remove it by pressing "Flash to SPRecovery" at the bottom of Rom Manager.
Click to expand...
Click to collapse
nxt said:
Reflash the stock recovery image. There's a thread for that file.
Fastboot flash recovery recovery.img
Click to expand...
Click to collapse
Okay, thanks guys, you saved me a little searching. Not that I'm interested in doing this, but the original poster wants to remove all indications that he hacked his phone, so this is something he needs to consider.

I don't actually have a Nexus S, so the exact way to go about it I am not sure. I am just offering any help I can.

sorry...this won't be of any help...but if you can't figure out how to unroot the phone, you shouldn't be rooting it in the first place.
just saying....
good luck with the return, tho.

krumb said:
sorry...this won't be of any help...but if you can't figure out how to unroot the phone, you shouldn't be rooting it in the first place.
just saying....
good luck with the return, tho.
Click to expand...
Click to collapse
I agree, but saying that after the fact doesn't help anyone.

distortedloop said:
How was he supposed to backup the phone before unlocking it? You need clockwork recovery to do a nandroid, don't you? ROM manager requires root to work, right?
This isn't a challenge, just curious how you backed up your phone in a manner that lets you restore a non-rooted image before unlocking and rooting.
Also, this makes me wonder how you get rid of CWM Recovery. Removing su/busybox/root doesn't do it, and fastboot oem lock doesn't. Hmmm, need to research/read up on that.
Click to expand...
Click to collapse
Find a stock recovery image and
Code:
fastboot flash recovery stock-recovery.img
Voila.

distortedloop said:
How was he supposed to backup the phone before unlocking it? You need clockwork recovery to do a nandroid, don't you? ROM manager requires root to work, right?
This isn't a challenge, just curious how you backed up your phone in a manner that lets you restore a non-rooted image before unlocking and rooting.
Click to expand...
Click to collapse
I miss this step too, I was just too excited rooting.
Here's how to backup.
First you do the fastboot oem unlock, then you do the fastboot flash clockwork mod.
After that, BAM, boot into clockworkmod, and do a nandroid! That will backup your current stock Android. Save that nandroid backup.
Then you can proceed and actually finish the root.
Then when you want to restore, just boot into clockwork, restore that original nandroid and you have stock android, now just fastboot flash original recovery, then fastboot oem lock to lock the bootloader and that's it. do a wipe, and you're clean.

stock recovery.img isn't working I just tried. it's throwing an error. same for stock boot.img

one thing I love about galaxy s phones, we have the easiest recovery. Why did Google/Samsung change something that was so perfect?

jroid said:
stock recovery.img isn't working I just tried. it's throwing an error. same for stock boot.img
Click to expand...
Click to collapse
What error does it give when attempting to flash stock recovery or boot img? Was hoping to have a backup ready before I flashed my recovery.

[REQUEST] Password protected recovery image

Hi,
I know this has been requested before for a bunch of other devices and in other forums, but the request was never answered, mainly because other devices had other holes to plug...
basically, my request is to mod the clockwork recovery image in order to protect it with a password. Why, you ask? Simple. The Nexus S has a good protected bootloader (when "oem locked" -- which you can lock while mantaining a custom recovery and/or rooted ROM). When someone steals my rooted phone, the only way to break in is:
- Use the phone normally - PATCHED - I use a pattern lock code;
- Use ADB on the phone via USB access the phone - PATCHED - I disabled usb debugging on the system image;
- Use the bootloader to reflash a new system/recovery image - PATCHED - I "oem locked" the phone so the phone does not accept unsigned images, and also a "fastboot oem unlock" wipes the phone, protecting my private data;
- Boot into recovery - NOT PATCHED - There is no way to password protect a recovery image, as of now.
So, can anyone please attempt this? I'm thinking of trying it myself, but I have very little experience developing for android, and I don't know the source code.
My suggestion is to create a customizable password (maybe a simple 4 to 6 digit PIN code input via the volume keys) on first boot of the recovery image. Then, in subsequent boots, ask for the code before turning on ADB and before giving access to the other recovery options.
If you forget the code, well... you still can reflash a new recovery via the system image. Also you can still fully wipe the phone, so you'll never brick it or anything.
What you guys think? I personally am very sad with this situation. When you root you basically lose all physical security with regards to the data on your phone, I think we can do better.

Sounds like a good idea.
lgrangeia said:
Hi,
"oem locked" -- which you can lock while mantaining a custom recovery and/or rooted ROM
Click to expand...
Click to collapse
How do you do this?
EDIT: This is how ... http://forum.xda-developers.com/showthread.php?t=931865&highlight=oem+lock

I'll second this request. It will save me the pain of doing the following:
To secure my phone between "maintenance" events, I flash back the stock recovery image while I'm not actively performing "maintenance". Do this via adb while the phone is booted with:
flash_image recovery /sdcard/recovery.img
You'll obviously need to put a copy of the stock recovery on your sdcard, along with a copy of clockwork for when you need to do some "maintenance". Note that the flash_image binary isn't present in all ROMs. I know CM7 has it, and in the early days I copied one over from my old Nexus One ROM.
Then turn off USB debugging, OEM lock and password protect your phone.

bubbahump said:
I'll second this request. It will save me the pain of doing the following:
To secure my phone between "maintenance" events, I flash back the stock recovery image while I'm not actively performing "maintenance". Do this via adb while the phone is booted with:
flash_image recovery /sdcard/recovery.img
You'll obviously need to put a copy of the stock recovery on your sdcard, along with a copy of clockwork for when you need to do some "maintenance". Note that the flash_image binary isn't present in all ROMs. I know CM7 has it, and in the early days I copied one over from my old Nexus One ROM.
Then turn off USB debugging, OEM lock and password protect your phone.
Click to expand...
Click to collapse
And you also need one more thing: To be running a rooted ROM. I might want to be running a totally stock rom and use a custom recovery, in order to take advantage of nandroid backup/restore.
If you are running a stock system rom, you cannot reflash recovery from system.
Does anyone know where's the best place to reach the main dev of clockwork mod? is it koush? I might try to tweet him directly to this thread.

I've been thinking about the security of these phones lately as well and it seems there's a lot of holes that a tech-savvy thief could utilize on Android phones... especially one that has custom ROMs.
This suggestion sounds pretty good, but I might be a bit confused. Do you use a terminal emulator on the phone to type in that command to flash between clockwork and stock recovery? Also, if you do a fastboot oem lock when you have a custom ROM, do you have to wipe the whole phone again when you want to fastboot oem unlock to put on another ROM?
bubbahump said:
I'll second this request. It will save me the pain of doing the following:
To secure my phone between "maintenance" events, I flash back the stock recovery image while I'm not actively performing "maintenance". Do this via adb while the phone is booted with:
flash_image recovery /sdcard/recovery.img
You'll obviously need to put a copy of the stock recovery on your sdcard, along with a copy of clockwork for when you need to do some "maintenance". Note that the flash_image binary isn't present in all ROMs. I know CM7 has it, and in the early days I copied one over from my old Nexus One ROM.
Then turn off USB debugging, OEM lock and password protect your phone.
Click to expand...
Click to collapse

dinan said:
This suggestion sounds pretty good, but I might be a bit confused. Do you use a terminal emulator on the phone to type in that command to flash between clockwork and stock recovery? Also, if you do a fastboot oem lock when you have a custom ROM, do you have to wipe the whole phone again when you want to fastboot oem unlock to put on another ROM?
Click to expand...
Click to collapse
Dinan, I'm not 100% sure, but I think the bootloader lock/unlock only prevents you from flashing from the bootloader stage. So you can reflash a custom recovery from the system rom while "oem locked", but you cannot do that from the bootloader.
I thought a bit about this, and pluging this hole in the recovery will make the Nexus S very well protected against physical security attacks (especially since it doesn't even have a SD card slot).

So if I had flashed CM7, then reflashed the stock bootloader and did fastboot oem lock, in order to nandroid or flash a new ROM I would have to first flash clockwork recovery back? If that's the case, would I have to flash it through the terminal from the device or can it be done through adb (or ROM manager)?
lgrangeia said:
Dinan, I'm not 100% sure, but I think the bootloader lock/unlock only prevents you from flashing from the bootloader stage. So you can reflash a custom recovery from the system rom while "oem locked", but you cannot do that from the bootloader.
I thought a bit about this, and pluging this hole in the recovery will make the Nexus S very well protected against physical security attacks (especially since it doesn't even have a SD card slot).
Click to expand...
Click to collapse

dinan said:
So if I had flashed CM7, then reflashed the stock bootloader and did fastboot oem lock, in order to nandroid or flash a new ROM I would have to first flash clockwork recovery back? If that's the case, would I have to flash it through the terminal from the device or can it be done through adb (or ROM manager)?
Click to expand...
Click to collapse
CM7 does not flash your bootloader. Maybe you meant recovery?
you can have an "oem locked" handset and still flash your recovery (or your system) image via both recovery or system, if you have any of those customized/rooted.
What "oem lock" means is that you cannot flash directly from the bootloader (fastboot flash), thats all.
PS: I really have no idea why this was moved to the general forum... this is a development request thread.

In short, what we need is a password protected bootloader which will require password for booting into fastboot or download mode or recovery.

Use Cerberus. Track, remote wipe, take photo, etc. It is embedded into /system and can't be removed with wipe data factory reset. Its all the security you need.
Sent from my Nexus S 4G using xda premium

lgrangeia said:
Hi,
I know this has been requested before for a bunch of other devices and in other forums, but the request was never answered, mainly because other devices had other holes to plug...
basically, my request is to mod the clockwork recovery image in order to protect it with a password. Why, you ask? Simple. The Nexus S has a good protected bootloader (when "oem locked" -- which you can lock while mantaining a custom recovery and/or rooted ROM). When someone steals my rooted phone, the only way to break in is:
- Use the phone normally - PATCHED - I use a pattern lock code;
- Use ADB on the phone via USB access the phone - PATCHED - I disabled usb debugging on the system image;
- Use the bootloader to reflash a new system/recovery image - PATCHED - I "oem locked" the phone so the phone does not accept unsigned images, and also a "fastboot oem unlock" wipes the phone, protecting my private data;
- Boot into recovery - NOT PATCHED - There is no way to password protect a recovery image, as of now.
So, can anyone please attempt this? I'm thinking of trying it myself, but I have very little experience developing for android, and I don't know the source code.
My suggestion is to create a customizable password (maybe a simple 4 to 6 digit PIN code input via the volume keys) on first boot of the recovery image. Then, in subsequent boots, ask for the code before turning on ADB and before giving access to the other recovery options.
If you forget the code, well... you still can reflash a new recovery via the system image. Also you can still fully wipe the phone, so you'll never brick it or anything.
What you guys think? I personally am very sad with this situation. When you root you basically lose all physical security with regards to the data on your phone, I think we can do better.
Click to expand...
Click to collapse
Here's a simple workaround for you, althought less convenient. Once you've made a nandroid backup, move it off your phone. Archive the image with a password and file name encryption on a computer. Extract the image from the archive when you want to restore it, then copy the extracted image to the phone to perform restore.
bubbahump said:
I'll second this request. It will save me the pain of doing the following:
To secure my phone between "maintenance" events, I flash back the stock recovery image while I'm not actively performing "maintenance". Do this via adb while the phone is booted with:
flash_image recovery /sdcard/recovery.img
You'll obviously need to put a copy of the stock recovery on your sdcard, along with a copy of clockwork for when you need to do some "maintenance". Note that the flash_image binary isn't present in all ROMs. I know CM7 has it, and in the early days I copied one over from my old Nexus One ROM.
Then turn off USB debugging, OEM lock and password protect your phone.
Click to expand...
Click to collapse
You can extract flash_image from the ROM Manager app. Unzip the apk file and you'll find it in there. Any rooted ROM can then have this file moved into /system/bin for example.
Rem3Dy said:
Use Cerberus. Track, remote wipe, take photo, etc. It is embedded into /system and can't be removed with wipe data factory reset. Its all the security you need.
Sent from my Nexus S 4G using xda premium
Click to expand...
Click to collapse
The OP is talking about the security issue, not about the data surviving oem unlock. At the moment, anyone who gets the phone can go into CWM, mount the internal storage, get the image off the phone and extract data from it. The OP is concerned about this security hole.

Rem3Dy said:
Use Cerberus. Track, remote wipe, take photo, etc. It is embedded into /system and can't be removed with wipe data factory reset. Its all the security you need.
Sent from my Nexus S 4G using xda premium
Click to expand...
Click to collapse
Nice. It turns out from little research that both Cerberus and "Theft Aware" have /system support. Call it "root" support if you will.
Now, Theft Aware is far more advanced in this regard in that it also hides the app as a system app with a custom name that you choose. Note that it requires some complexity if you want to uninstall (delete some files manually and stuff).
Theft Aware is also more polished and it seems more effort has been put into the 2.0 version.
Cerberus is more simpler and it feels I can trust them.

mightyiam said:
Nice. It turns out from little research that both Cerberus and "Theft Aware" have /system support. Call it "root" support if you will.
Now, Theft Aware is far more advanced in this regard in that it also hides the app as a system app with a custom name that you choose. Note that it requires some complexity if you want to uninstall (delete some files manually and stuff).
Theft Aware is also more polished and it seems more effort has been put into the 2.0 version.
Cerberus is more simpler and it feels I can trust them.
Click to expand...
Click to collapse
So theft aware is a flashable zip that you flash from recovery?
Sent from my Nexus S 4G using xda premium

Rem3Dy said:
So theft aware is a flashable zip that you flash from recovery?
Sent from my Nexus S 4G using xda premium
Click to expand...
Click to collapse
It has a "setup app" which you install which in turn installs the actual app. If you have writable /system it can install the app there or if you have ram FS then it can install using what you said.
Sent from my Nexus One using XDA App

Why Do All These Xoom Rooting Methods Require a Modified Boot/Kernel Image?

I'll start by saying here that I fully understand that what I'm saying may not apply to the international (non-GED) Xoom devices.
Maybe someone can shed some light on this. Why is it that every rooting method I see here seems to involve flashing some ZIP file that has a modified kernel or boot image? Seems pointless considering that, as with any other Google Experience Device, you can simply unlock your bootloader, flash Clockwork, and then flash the official Superuser.zip from androidsu.com and you're done. There's no unsecuring of the boot image, or anything. It just installs Superuser.apk, the su binary and changes the permissions on the binary.
Am I missing something here? Is there some advantage I'm not thinking of to using a custom boot image to obtain root on a Xoom?

No. Before when I first bought my xoom I just rooted it, no custom kernel or rom. Now I've used both and benefits alot. As for example some games people complain laggs, with custom kernel ya can over clock and fix some of this. Then custom roms allow ya to use features not enabled by Google on default. For example the wifi xoom can not connect ad-hoc networks like mobile hotspots. Roms include this unless you wanna do it the hard way. Another nifty feature is the USB OTG to attach hard drives which Google allows ya to do like mice and keyboards but not external drives.

oldblue910 said:
Seems pointless considering that, as with any other Google Experience Device, you can simply unlock your bootloader, flash Clockwork, and then flash the official Superuser.zip from androidsu.com and you're done. There's no unsecuring of the boot image, or anything. It just installs Superuser.apk, the su binary and changes the permissions on the binary.
Am I missing something here? Is there some advantage I'm not thinking of to using a custom boot image to obtain root on a Xoom?
Click to expand...
Click to collapse
I think you ARE missing something. The process you outlined with other GED devices is identical to the Motorola XOOM root process as well.
1. You use "fastboot oem unlock" to unlock the bootloader. (This only unlocks the bootloader so you can flash custom ones, recoveries, etc. but does NOT modify the current bootloader in any way.)
2. Flash clockwork with fastboot as well.
3. Install the Universal XOOM rooting ZIP through clockwork.
4. Done.
How is this any different?
The Universal XOOM root ZIP can be found @ http://forum.xda-developers.com/showthread.php?t=1242241 and does NOT contain any sort of modified Kernel or Boot image.
I don't know where you got your information from.

Sure it does. Take a look at the zip file (all those files in the kernel folder). Plus once it's done, stock recovery no longer auto flashes because something was changed in the boot image and the checksums don't match anymore.
Sent from my Xoom using Tapatalk

Well, I stand corrected! Yeah, I don't know why it modifies the boot image either then. I'd have just thought flashing clockwork and installing the binary should be fine.
I guess you need to talk to solarnz or one of the other more experienced XOOM devs...

sodaboy581 said:
Well, I stand corrected! Yeah, I don't know why it modifies the boot image either then. I'd have just thought flashing clockwork and installing the binary should be fine.
I guess you need to talk to solarnz or one of the other more experienced XOOM devs...
Click to expand...
Click to collapse
And that's the thing...flashing just the binaries DOES work fine, at least on my Xoom. I wonder if it has something to do with the international non-GED Xooms...
Sent from my Xoom using Tapatalk

You do need a modified initramfs to root properly.
an insecure boot.img is the most useful part of being rooted.
And with one of those you don't even need clockworkmod.
flash it with fastboot / reboot / adb remount and then just push su and superuser set suid on su (10 seconds total - far less hassle than messing with clockworkmod).

I am a little surprised no one figured out how to root before unlocking. Would sure be handy to do a titanium backup before unlocking ( which wipes everything !! ) That said, it is just a minor inconvenience. Copy some stuff to the PC and I am good to go.

oldblue910 said:
I'll start by saying here that I fully understand that what I'm saying may not apply to the international (non-GED) Xoom devices.
Maybe someone can shed some light on this. Why is it that every rooting method I see here seems to involve flashing some ZIP file that has a modified kernel or boot image? Seems pointless considering that, as with any other Google Experience Device, you can simply unlock your bootloader, flash Clockwork, and then flash the official Superuser.zip from androidsu.com and you're done. There's no unsecuring of the boot image, or anything. It just installs Superuser.apk, the su binary and changes the permissions on the binary.
Am I missing something here? Is there some advantage I'm not thinking of to using a custom boot image to obtain root on a Xoom?
Click to expand...
Click to collapse
You don't _need_ to flash an insecure kernel image; there's multiple paths to root. If you don't have a version of CWM for the device, then running the system insecure may be the only way to do it. Running the system in insecure mode does give you the ability to run adb as root amongst other things, however (so you can do things like adb remount).

Yeah I can see needing the insecure image in the case of not having ClockworkMod or if you need those extra commands in ADB. I was more just curious if running an insecure image was somehow a better practice than just flashing the androidsu.com zip. I guess it's 6 of one or a half dozen of the other in the end.
Thanks for the explanation!
Sent from my Xoom using Tapatalk

unrandomsam said:
an insecure boot.img is the most useful part of being rooted.
Click to expand...
Click to collapse
I suppose that depends on what you use root for, really. For instance, the ability to run adb as root means nothing to me really. I can count the number of times I've used adb on one hand. I more use root so I can take screenshots without hooking up to USB, and I also like having root access to the filesystem.
Plus, it seems that the insecure image is the reason why everyone says not to accept OTAs if you're running a rooted stock ROM. I've read horror stories of people accepting OTAs on a rooted stock ROM and ending up with bootloops and all kinds of other craptastic stuff. If you root with the boot image secure, you can accept OTAs and just re-root when it's done flashing.
Different strokes for different folks, right?
Sent from my Xoom using Tapatalk

mobileweasel said:
I am a little surprised no one figured out how to root before unlocking. Would sure be handy to do a titanium backup before unlocking ( which wipes everything !! ) That said, it is just a minor inconvenience. Copy some stuff to the PC and I am good to go.
Click to expand...
Click to collapse
This.
Most devices have temp root so you're able to run rooted app to fully backup before unlocking it. I've been holding off rooting on my wife's xoom because I don't want to wipe her saved data, but im really itching to mess with it, hehe. I heard with ICS you can do a full backup with adb, I believe you use the " adb backup" method.

The insecure boot image is need for two reasons.
1) without it you would not be able to adb mount the partitions while inside the Android os.
2) every time you boot into Android, a script it's ran to check for stock recovery and overwrite it, insecure boot images disable this (you can also disable by deleting the script files)
Sent from my Nexus S 4G

Rooting without flashing custom recovery

Is it possible at all to root my Nexus 7 (on Android 4.2 JOP40C) without having to flash a custom recovery or something else that would cause me to lose all of my data, and would allow me to continue to receive normal OTA updates? I understand that an OTA update would likely remove my root, that's a non-issue if I can re-root in a similar way.

Skyline969 said:
Is it possible at all to root my Nexus 7 (on Android 4.2 JOP40C) without having to flash a custom recovery or something else that would cause me to lose all of my data, and would allow me to continue to receive normal OTA updates? I understand that an OTA update would likely remove my root, that's a non-issue if I can re-root in a similar way.
Click to expand...
Click to collapse
It's not the rooting part which erases the data., it's unlocking the boot loader which does that. But an unlocked boot loader is necessary to root.
My advice is that you create a backup using one of the toolkits or using TitaniumBackup and then go ahead and begin the rooting process. After that's complete you can just restore the backup.
Sent from my Nexus 7

veeman said:
It's not the rooting part which erases the data., it's unlocking the boot loader which does that. But an unlocked boot loader is necessary to root.
My advice is that you create a backup using one of the toolkits or using TitaniumBackup and then go ahead and begin the rooting process. After that's complete you can just restore the backup.
Sent from my Nexus 7
Click to expand...
Click to collapse
Titanium backup requires root in the first place.
Unlocking boot loader does a factory reset so save any personal pictures etc you have, copy them to your PC using one of the many methods available.
The apps you can just red-download but you will loose the data from them, whether that's a concern depends what data you have in your apps that you can't manage to save or recreate.
Once the bootloader is unlocked then flash a custom recovery, I use twrp. Then you can do a nandroid backup before you flash the files needed for root just in case it screws up.
If an OTA removes root then you can just reflash the root files.

My Backup Pro is a backup program that works without being rooted. It's also dead easy to use and its free.
Sent from my Nexus 7 using xda premium

I was curious about this too.
I don't care about losing data when unlocking the bootloader.
BUT I would like to know if it is possible to root the nexus 7 but not have a custom recovery?
I just want to be able to use apps that require root access but I remember from my old phone that with custom recovery there were a whole lot of things (like doing a factory reset using the settings) that couldn't be relied upon. I would like to avoid this if possible. For the moment I have no interest in custom roms.
But every time I search for this no one can give a clear answer.
So Yes or No? Can I have a rooted nexus 7 but stock recovery?
And if possible do you know how? I'm on a mac so a non-toolkit method would be amazing

Will rooting remove any data from an unlocked bootloader?
I reflashed my device and accidently left it unlocked... well seems like it was lucky maybe, since I want to root now

Unlocking bootloader wipes ALL data.
Flashing custom recovery does not wipe any data.
Rooting, ie flashing root files, does not wipe any data.
You must have an unlocked bootloader to install custom recovery.
You must have an unlocked bootloader to root.
You can have have a custom recovery and root.
You can have a custom recovery and no root.
You can have root and no custom recovery.
NOTE NOTE NOTE
The easiest way to obtain root is by flashing root files via custom recovery.
If you have an unlocked bootloader then you may as well flash a custom recovery and take a full backup of the device via the custom recovery before you root in case you mess something up. There is no reason to not have a custom recovery. It allows you to also perform a 'factory reset' by wiping certain parttitions and makes rooting MUCH easier as you flash the root files via the custom recovery.

If you want to root, you have to unlock the bootloader first (as said before):
> fastboot oem unlock
After that, you can boot a custom recovery (not flash, the normal recovery will be back again after a restart)
> fastboot boot [recovery.img]
And when the recovery has started, you can mount /system and push the necessary files:
> adb push su /system/xbin
> adb push Superuser.apk /system/app
After that, you should set the correct permissions:
> adb shell
(now you are in your device's shell)
> chmod 06755 /system/xbin/su
> chmod 0644 /system/app/Superuser.apk
> exit
And now just reboot:
> adb reboot
Enjoy
Edit:
The custom recovery can be found here: http://clockworkmod.com/rommanager
The su and Superuser.apk files can be found here: http://forum.xda-developers.com/showthread.php?t=1538053 (just extract the two files from the .zip, I dont like those installer scripts )

Interesting thread. I also posted something similar but was ignored, so never got a answer.
So, to anyone with the answer, PLEASE,
Is there ANY way to backup the WHOLE device, apps included, BEFORE any bootloader unlocking + rooting is done ?
I have googled this question for the past week and cannot get a definitive answer, some saying yes with xx-app, some saying it's not possible because the hidden folders are not accessible to a non-rooted device.
I have purchased many apps on google play store, I don't mind downloading most of them again but I am worried if I wipe the device whether I will be allowed to download from the play store, or whether I will get asked to pay for them again - don't want this.
Plus, most of my games are HUGE, GTAIII, NFS Most Wanted, Asphalt 5,6,7, etc.. and these take a very long time to download again via wifi.
So please, a simple yes or no would suffice. If I have to bite the bullet then so beit, but I have quite a lot to lose if I do, so you can see why I need to get a definitive answer and then do some thinking. Would have rooted 2 weeks ago when I bought the Nexus 7 32Gb, but hindsight is a good thing when you know how.

JohnRM said:
Is there ANY way to backup the WHOLE device, apps included, BEFORE any bootloader unlocking + rooting is done ?
Click to expand...
Click to collapse
Yes, there is the adb backup command:
> adb backup –apk –shared –all –f C:\path\to\backup.bak
However, this will not backup your SMS&MMS. But there is the tool SMS Backup & Restore, which can do this job
Edit:
Here is another Thread with a more detailed description:
http://forum.xda-developers.com/showthread.php?t=1420351

kroegerama said:
Yes, there is the adb backup command:
> adb backup –apk –shared –all –f C:\path\to\backup.bak
However, this will not backup your SMS&MMS. But there is the tool SMS Backup & Restore, which can do this job
Edit:
Here is another Thread with a more detailed description:
http://forum.xda-developers.com/showthread.php?t=1420351
Click to expand...
Click to collapse
Many thanks. :good:

JohnRM said:
Many thanks. :good:
Click to expand...
Click to collapse
You can re-download from the playstore again without repaying. Just as you would re-download if you were using a new device and/or additional device.
You can download one app to multiple devices, is have an app installed on multiple devices at the same time, but you only pay once.

kroegerama said:
And when the recovery has started, you can mount /system and push the necessary files:
> adb push su /system/xbin
After that, you should set the correct permissions:
> adb shell
(now you are in your device's shell)
> chmod 06755 /system/xbin/su
Click to expand...
Click to collapse
Thank you so much for the info! this helped me a lot. Except one thing didn't work for me. Did you mean "adb push su /system/bin" and "chmod 6755/system/bin/su"??? I tried what you said and discovered that /xbin is not a directory.
BTW if you can't be bothered doing it manually, CMW recovery has a nice "install from sideload" feature.

[Q] Root and update to 4.3

Hi everyone!
i want to root my nexus 7, if i'm not wrong to root it i have to unlock the bootloader, and i will lose all my data (i'll use the Wug's Toolkit)
if i root it now with 4.2.2, when i update it with the new 4.3, i'll lose root? if yes to root again my nexus, i'll lose again my data?
i hope my english is not that ugly :silly:
thanks for the help!

Zambo27 said:
Hi everyone!
i want to root my nexus 7, if i'm not wrong to root it i have to unlock the bootloader, and i will lose all my data (i'll use the Wug's Toolkit)
if i root it now with 4.2.2, when i update it with the new 4.3, i'll lose root? if yes to root again my nexus, i'll lose again my data?
i hope my english is not that ugly :silly:
thanks for the help!
Click to expand...
Click to collapse
Hi, Zambo27...
Your English is fine... don't worry about it.
You don't necessarily have to unlock the BOOTLOADER to root STOCK JellyBean 4.2.2.
An 'exploit' has become available which obviates this need...
http://forum.xda-developers.com/showthread.php?t=2233852
I have tested this myself, and I can confirm that it works... it's actually really easy; takes about a minute or so. The only 'downside' is because the BOOTLOADER is still locked, you won't be able to flash any custom ROMs or kernels.
But if all you care about is running ROOTED stock, then this is by far the easiest way to go.
(And the the 'upside' of course is... it doesn't wipe the tablet.)
------
For any future OTA updates from Google, you should be able to backup your ROOT (su binary), and restore it again after the OTA, using Voodoo OTA RootKeeper - http://play.google.com/store/apps/details?id=org.projectvoodoo.otarootkeeper&hl=en.
Rgrds,
Ged.

GedBlake said:
Hi, Zambo27...
Your English is fine... don't worry about it.
You don't necessarily have to unlock the BOOTLOADER to root STOCK JellyBean 4.2.2.
An 'exploit' has become available which obviates this need...
http://forum.xda-developers.com/showthread.php?t=2233852
I have tested this myself, and I can confirm that it works... it's actually really easy; takes about a minute or so. The only 'downside' is because the BOOTLOADER is still locked, you won't be able to flash any custom ROMs or kernels.
But if all you care about is running ROOTED stock, then this is by far the easiest way to go.
(And the the 'upside' of course is... it doesn't wipe the tablet.)
------
For any future OTA updates from Google, you should be able to backup your ROOT (su binary), and restore it again after the OTA, using Voodoo OTA RootKeeper - http://play.google.com/store/apps/details?id=org.projectvoodoo.otarootkeeper&hl=en.
Rgrds,
Ged.
Click to expand...
Click to collapse
2 try to get root... it almost killed me xD
on the first try SuperSU was installed but it told me that "su command" wasn't
then i tried again and now it's rooted and it work fine
one last question, i read a thing
if i modifies "too much" i'll lose the possibility to update to android's next version, i want to fix the issue with the xbox wireless controller (http://forum.xda-developers.com/showthread.php?t=1792531) it will make me some problems?

GedBlake said:
The only 'downside' is because the BOOTLOADER is still locked, you won't be able to flash any custom ROMs or kernels.
Click to expand...
Click to collapse
Ged,
That is a mis-statement. Using a single "dd" command from a root shell - for example either adb or a terminal emulator, you can write a custom recovery image file to the SOS (recovery) partition.
$ su
# dd if=/sdcard/recovery-image-file.img of=/dev/block/platform/sdhci-tegra.3/by-name/SOS
That produces a tablet with a locked boot loader, a rooted stock ROM, and a custom recovery.
The very first thing to do at that point in time is to take a Nandroid backup - and get a copy of it off the tablet for safe keeping.
Jeez I wish the thread owners for toolkits and rooting methods would stress the importance of backups. There sure would be far fewer "omg help me please" requests in this (Q&A) forum if people would simply make backups of their nearly-stock ROMs.

bftb0 said:
Ged,
That is a mis-statement. Using a single "dd" command from a root shell - for example either adb or a terminal emulator, you can write a custom recovery image file to the SOS (recovery) partition.
$ su
# dd if=/sdcard/recovery-image-file.img of=/dev/block/platform/sdhci-tegra.3/by-name/SOS
That produces a tablet with a locked boot loader, a rooted stock ROM, and a custom recovery.
The very first thing to do at that point in time is to take a Nandroid backup - and get a copy of it off the tablet for safe keeping.
Jeez I wish the thread owners for toolkits and rooting methods would stress the importance of backups. There sure would be far fewer "omg help me please" requests in this (Q&A) forum if people would simply make backups of their nearly-stock ROMs.
Click to expand...
Click to collapse
Thanks for the info, bfb0... I had some suspicions about the 'dd' command, but I wasn't confident/certain about whether it would work with a locked bootloader.
But if I understand you correctly, there would be nothing to stop somebody from gaining root by the 'exploit' method I alluded to earlier, and then flashing a custom recovery using 'dd'...
...and then by extension flashing a custom ROM or kernel...
If my understanding is correct, then does this not make unlocking the bootloader somewhat redundant (with the consequential wipe)... or am I missing something here?
Definitely going to have to experiment with this... when I have the time.
----
Incidentally, I'm with you on the Nandroid backup issue... it is vaguely puzzling why this step isn't as ingrained in peoples flashing habits as perhaps it should be.
It's so easy to do... takes less than 5 minutes... and is a potential lifeline back to a working tablet.
Rgrds,
Ged.

GedBlake said:
But if I understand you correctly, there would be nothing to stop somebody from gaining root by the 'exploit' method I alluded to earlier, and then flashing a custom recovery using 'dd'...
...and then by extension flashing a custom ROM or kernel...
Click to expand...
Click to collapse
You understand correctly. Unlocking the bootloader only allows you extra functionality of the bootloader itself (via fastboot flashing/boot commands). It doesn't "unlock" data in partitions - that security is normally provided by the Linux kernel permission system. Once you have root in ANY booted Linux kernel which properly reads the eMMC (flash chip) partitioning and plumbs /dev/block/ entries into the device tree corresponding to those partitions, any root-privileged process can write whatever it wants into those partitions.*
GedBlake said:
If my understanding is correct, then does this not make unlocking the bootloader somewhat redundant (with the consequential wipe)... or am I missing something here?
Click to expand...
Click to collapse
More or less, except that the bootloader will still fire up even if /cache, /data, and/or /system are completely bolluxed up. TWRP (and maybe CWM?) try to immediately mount /data and /cache so they are not quite as robust in the face of user screw-ups. But yeah - if you are careful, you could do everything you want without unlocking the bootloader... so long as the custom recovery stays healthy.
Mark my words: there will be people who root without unlocking their bootloader or installing a custom recovery (and thus fail to make a Nandroid backup), and then wedge their OS... and then come in here whining that they can't rescue their tablet without unlocking their bootloader (and thus wiping their entire tablet).
* there have been android devices which used hardware locking to restrict even kernel access to certain flash memory partitions, but there is no evidence that the N7 bootloader lock state affects any of the typical partitions involved in ROM flashing (recovery, boot, system, cache, use data).

bftb0 said:
You understand correctly. Unlocking the bootloader only allows you extra functionality of the bootloader itself (via fastboot flashing/boot commands). It doesn't "unlock" data in partitions - that security is normally provided by the Linux kernel permission system. Once you have root in ANY booted Linux kernel which properly reads the eMMC (flash chip) partitioning and plumbs /dev/block/ entries into the device tree corresponding to those partitions, any root-privileged process can write whatever it wants into those partitions.*
More or less, except that the bootloader will still fire up even if /cache, /data, and/or /system are completely bolluxed up. TWRP (and maybe CWM?) try to immediately mount /data and /cache so they are not quite as robust in the face of user screw-ups. But yeah - if you are careful, you could do everything you want without unlocking the bootloader... so long as the custom recovery stays healthy.
Mark my words: there will be people who root without unlocking their bootloader or installing a custom recovery (and thus fail to make a Nandroid backup), and then wedge their OS... and then come in here whining that they can't rescue their tablet without unlocking their bootloader (and thus wiping their entire tablet).
* there have been android devices which used hardware locking to restrict even kernel access to certain flash memory partitions, but there is no evidence that the N7 bootloader lock state affects any of the typical partitions involved in ROM flashing (recovery, boot, system, cache, use data).
Click to expand...
Click to collapse
Hi, again bfb0...
Much of this is is beyond me, I'm afraid...(actually, a lot of your posts are a bit beyond me, to be honest)...
...but I pick up bits and pieces here and there...
And I can confirm the 'dd' command does indeed work as you suggest.
-------------
A few hours ago, I fully backed up my N7 to my laptop (latest TWRP Nandroids, Titanium, etc)...
Fastboot flashed back to stock (JDQ39).
Relocked the bootloader.
Ran the 'exploit' - and acquired root.
Copied everything back over to my N7 from my laptop.
Flashed TWRP in Terminal Emulator via the 'dd' command - this took a few tries, 'cos it's a long command and there's plenty of scope for typos.
Booted into the Bootloader again, then TWRP...
First off was to flash Franco's kernel... which occurred without problem. (This was more of a test, than anything - just to see if it would work).
Next was to restore my last Nandroid backup... which also occurred without probems.
--------
So... as I write this, my Nexus 7 is more or less back to how it was... but with one significant difference... Custom Recovery, Custom ROM and Custom Kernel are all sitting behind a LOCKED BOOTLOADER.... no UNLOCKED PADLOCK symbol on boot. Oh... and it's also Rooted as well!.
I'm not sure why, but I find myself slightly amazed by this - I wouldn't have believed it possible...
Guess you learn something new everyday.
Cheers, bfb0!
(...and apologies to Zambo27 for ever-so-slightly hijacking your thread).
Rgrds,
Ged.