System-less Root on Nexus 6 – Marshmallow 6.0.1

Quick notice. I’m not taking any responsibility if you break your phone attempting this system-less root method (or any other thing I may mention). These steps work for me and have worked for many others. Double check what you type into the console. I suggest you read through these instructions once or twice before attempting them on your Nexus.

This is going to be a quick guide to get to a system-less root on a Nexus 6 on Marshmallow 6.0.1 (build MMB29S). I’m writing this up here because I have a buddy that wants to get rooted now that he’s on Marshmallow. Most of the guides are pretty vague on how to do this or not written in what I consider a straight forward manner.

This guide will include flashing a custom kernel. For my usage having a custom kernel that I tailor to my usage is why I need root. I also feel that since I’ve forked over a fair bit of money I should be able to do whatever I want with my device. I could go on, but the discussion for root is not going into this post albeit the reasons already mentioned.

First Things First, ADB is Working, Right?

You should have the Android SDK installed. You should be able to call the command:

adb devices

This command should return a device which would be your phone. I’m not going to cover how to do this. I’m not going to cover how to get adb or fastboot setup. Google around if you’re having trouble here. Being able to have adb and fastboot recognize your phone is much more basic than rooting and there are a ton of well written articles on the internet to help you here.

Download the Necessary Files

The TWRP custom recovery will need to be on your computer. You can place the .zip file for ChainFire’s root on your Nexus’s internal storage.

Prerequisite: You Need to Be Clean

Basically, you’ll need to have never rooted your phone before. If you have you’ll need to flash the factory images for your system, boot, and recovery partitions.

The easy way to do this is to get a the latest factory image from Google. Download this file and open it with 7-zip or some other compression tool. The actual file you’ve downloaded is a wrapper around the compressed file. Inside of the compressed file will be a directory with some files inside. You can extract the whole directory. Inside the directory should be a zip file, extract that file as well. You can place all the files in the same directory.

At this point you need to do the following: (Obviously, if you’re on a clean install you can skip down to the custom recovery section)

  1. Open a command prompt and head to the extracted directory.
  2. Restart your Nexus into bootloader mode.
  3. Run command:
    fastboot flash bootloader bootloader-shamu-moto-apq8084-71.15.img
  4. Reboot the bootloader by running command:
    fastboot reboot-bootloader
  5. After the phone reboots to the bootloader run command:
    fastboot flash radio radio-shamu-d4.01-9625-05.32+fsg-9625-02.109.img
  6. Reboot the bootloader again by running the command from step 4.
  7. Now we’re going to flash all the files which came from the inner zip file except the userdata partition to the phone.
    1. Run command:
      fastboot flash boot boot.img
  8. Run command:
    fastboot flash cache cache.img
  9. Run command:
    fastboot flash recovery recovery.img
  10. Run command:
    fastboot flash system system.img

At this point you should have a clean system. Reboot your phone and wait for it to start up completely. You’ll probably have to wait a while.

Obtaining Root: Flash Custom Recovery (TWRP)

Reboot your Nexus into the bootloader. Now you should be able to flash the TWRP recovery file. If you were following through the cleaning the system steps you’ve already run a command to flash recovery. The recovery that was flashed was the stock one. Now we’re going to use the same fastboot command to flash the TWRP recovery!

Go to the folder where you have the TWRP recovery file, ends with .img, in a console window. Run the command:

fastboot flash recovery twrp-2.8.7.1-shamu.img

*NOTE: The filename in the above command is the latest version at the time of this writing. Another version may have come out which would change the filename slightly.

When this finishes you now have TWRP installed. Use the volume buttons to go through bootloader options. When you see “reboot recovery” stop and hit the power button. Your Nexus should now boot into the TWRP recovery.

DO NOT LET IT MAKE YOUR SYSTEM PARTITION WRITABLE! DISMISS THIS STEP. ALSO, WHEN EXITING TWRP IT WILL OFFER TO INSTALL SU BECAUSE IT WILL NOT DETECT IT DO NOT ALLOW IT TO DO SO!

Flash System-less Root

At this point since you’re in recovery you can go to Install, navigate to where you put ChainFire’s flashable zip, select it, and flash the file. You’ll be rooted! You can reboot.

Your Nexus will probably boot-loop at least once. This is totally fine. Just don’t be alarmed if you notice that you’re sitting at the password screen. Let it reboot and carry on your merry

Flashing Custom Kernel

At this point you can now flash a custom kernel. I use FKUpdater to run Franco’s kernel. I suggested going to the PlayStore and buying the full version. He’s a great dev and deserves to get paid for his work!

When installed you can let FKU update you to the latest Franco kernel. If you’d like to run another kernel that’s fine too. You can flash it however you’d like (not going to cover that). Just be aware that once you’ve flashed a kernel while on “system-less” root you’ll loose root, regardless if it was Franco’s or another dev’s.

No need to worry! Just reboot back to recovery and flash ChainFire’s zip again. This will patch the boot.img and root you!

Warnings

Just be aware that there are some odd things when modifying the system partition. I found out the hard way that you can’t simply open up RootExplorer and edit the build.prop file. At the time of this writing it seems like you can only modify the system partition before boot. You can do this using ADB while in TWRP recovery.

This whole method now is very much similar to how Lollipop allowed us to get to root. Things are still in a beta state with this “system-less” root method so be aware that anything you may have done editing-wise in previous versions of Android may cause your phone to not boot. Don’t panic. Just go back up to the section on cleaning up your system partition and run through those steps. That should get you back to booting to a stock setup with your apps and settings still intact.

I take no responsibility for broken phones!

Enjoy

Now go customize your kernel settings!

 

About Mike

I'm a software engineer. Look into the about page for more information about me.
Tagged , . Bookmark the permalink.

Leave a Reply