Gaining root on the Google Nexus 4 (LG E960)
I was lucky enough to get a Nexus 4 phone from my wife, and it is a truly awesome device. My first Nexus device, actually. In this post, I summarize how I “rooted” it while keeping the “stock” OS installation (the “stock ROM”, if you prefer).
Nexus devices are known to be friendly to developers and geeks, because they are relatively easy to unlock and “hack”/play around with. So, tonight I decided to test just how much effort it would take to:
- Unlock the bootloader
- Boot into Clockworkmod Recovery
- Install Superuser: Binary and app
- Install Busybox and set up appropriate links
- Successfully gain root privileges with apps like TitaniumBackup and Total Commander
I was already rather confident about how to go about unlocking the bootloader. I know from earlier observations that the
fastboot command in the Android SDK supports the arguments
oem unlock and
oem lock, but none of my earlier devices supported this (at least not out-of-the-box). I already had the Android SDK installed (which includes the
fastboot commands), but needed to update it with the latest API 17 and the latest USB drivers. Simple enough.
Enabling USB Debugging on the Nexus 4 was a simple matter of going to Settings -> About phone, and tap the Build row seven times. It then briefly displayed a popup saying “You are now a developer!”, and the Developer options menu (in which the USB Debugging option is located) appeared under Settings. I don’t know why Google decided to hide this option, but they’ve been doing it since Ice Cream Sandwich.
With USB Debugging enabled, the Nexus 4 connected to my PC, and the Android SDK tools at hand, it was a simple matter of opening a command prompt and booting into the bootloader by issuing the command
adb reboot-bootloader, and then – when the fastboot screen came up – issuing the command
fastboot oem unlock. Triggered a disclaimer message popping up and warning me that the phone would be reset to factory defaults etc. Fair enough. I let it boot up and finish the factory reset before proceeding with the next step.
Time to transfer the su binary and the Superuser app to the device. I first tried using the good, old su-binary and Superuser app from ChainsDD, but the latest released binary does not properly support Android 4.2. The choice is then to either try compiling it from source (hoping that the issue is fixed in the latest source files) or trying SuperSU instead – the latter having been more actively developed lately. I chose SuperSU for now. Found the latest release (1.04) on XDA Developers, downloaded the update .zip and put it on my device.
I also transferred busybox (downloaded the binary from http://code.google.com/p/busybox-android/source/browse/#svn%2Ftrunk%2Fbinaries), to set it up in /system/xbin later.
Another reboot into bootloader. When in fastboot mode, I booted into CWM (ClockworkMod Recovery) by performing a
fastboot boot recovery-clockwork-22.214.171.124-mako.img from my command prompt window on the PC. In other words, I didn’t flash it to the device’s recovery partition, but booted into it just this once. In CWM, I chose “install zip from sdcard”, “choose zip from sdcard”, navigated to the SuperSU zip file, and installed it. Reboot.
When the phone was back up and running, I entered into an adb shell (by issuing the command
adb shell from the command prompt) to set up busybox properly. Since putting stuff in /system needs root privileges, I started off by issuing the
su command. I then proceeded by copying the busybox binary from the temporary location I transferred it to earlier, to /system/xbin/. Finally:
chmod 04755 busybox
./busybox --install /system/xbin/
Success: Apps like TitaniumBackup are successfully getting the privileges they need, I can play with it using terminal/console apps and the commands provided by busybox, and it’s all good.
It took me more than an hour, and it would probably have taken me longer if it hadn’t been for SuperSU by Chainfire. Even though the process was fairly simple, as expected, I personally think that Android by itself should offer the capability of escalating privileges for user selected apps by default — at least on the Nexus devices running “pure” Android. I think Google is making the classical mistake of trying to make software idiot-proof, much like Apple and Microsoft are doing. They’ve even blocked .zip attachments in the Android E-mail app. Stop doing silly things like that!