Many people refer to “rooting” an Android phone, and almost seem to make out that you have to be some sort of l33t haxor in order to do it. Indeed, they provide “simple 1-click methods” so that the poor simple users can do it for themselves, because it would be far too difficult for them otherwise.
The truth is, for anyone even vaguely familiar with the Linux command line it is incredibly easy. And I’m going to tell you how to do it. Under Linux, there is a command called “su” for “superuser” that can be typed in order to raise the privileges of the current terminal session to “root” or “administrator”. This command is missing from Android phones. All you need to do to “root” an Android phone is copy a suitably-compiled “su” binary to /system/bin and chmod it to be executable. There. Was that so hard?
Unfortunately the /system partition is, by default, mounted read-only and so you can’t copy “su” to it. No problem, you say, we’ll just remount it read/write. But that needs root-privileges. Ah.
The easiest way to get around this is to boot into “ClockworkMod Recovery” a sort of “linux rescue” mode for Android. Since this is a third-party open-source application we need to unlock the bootloader of the Galaxy Nexus before the phone will allow us to boot from the image. This is just a one-step process, but you’ll need the adb and fastboot commands to do it. The simplest way to get these is to download the Android SDK. The current version for Linux at the time of writing is here.
Once the SDK is setup, reboot your Galaxy Nexus into the bootloader by turning the phone off, and then back on again while holding down both vol-up and vol-down at the same time. Once at the bootloader you can unlock it by simply running
# fastboot oem unlock
WARNING: This will completely wipe your phone. So please ensure you have a backup of your photos etc.
# fastboot boot recovery-clockwork-18.104.22.168-maguro.img
Note, we are not flashing anything to the phone here. We are not flashing a custom recovery image or a custom ROM. We are not changing anything in any way. All we are doing is a one-time boot from a different image. If you turn your phone off and on again it will boot back into Android just as it has always done.
$ adb shell mount /system
$ adb push su /system/bin
$ adb shell chmod 06755 /system/bin/su
$ adb shell umount /system
$ adb reboot
Wasn’t that easy? All we did was mount the /system partition, copy the “su” file to /system/bin, changed the permissions to make it executable, and then unmounted the filesystem and rebooted the phone. Congratulations, you now “have root” as those l33t haxors like to say. How simple was that? Do you really need a “1-click method” that does God knows what behind your back to do it for you? Everything we’ve used here is open-source so if you’re really paranoid you can even compile CWM and su from source to be sure there’s nothing nasty hidden within.
There’s only one last step. At the moment any application on your phone can gain elevated permissions since su does not require a root-password. To prevent this it’s best to install the Superuser app from the market since this allows you to accept or deny when an application requests root privileges. The .apk will have been included in the zip file you downloaded earlier, but there’s really no reason not to just install it direct from the market.