THE RIGHT WAY TO ROOT AND EXPLOIT YOUR NEXUS 6

  SO YOU JUST BOUGHT A NEW NEXUS 6 DEVICE. YOU KNOW YOU HAVE A POWERFUL PIECE OF TECHNOLOGY IN YOUR HANDS BUT YOU WANT MORE, MUCH MORE. YOU MIGHT ASK YOURSELF IF TAKING THE RISK IS WORTH IT. AFTER ALL YOU READ AND HEAR ABOUT THE MANY DEVICES THAT END UP BRICKED. NOW THEY OWN AN EXPENSIVE PAPERWEIGHT. YOU SURELY DON'T WANT THE SAME OUTCOME. THERE IS A WAY, THE RIGHT WAY. KEEP IN MIND THAT THERE'S NO SURE THING IN LIFE AND THIS ALSO APPLIES BUT I'M SURE THAT IF YOU FOLLOW THE DIRECTIONS CORRECTLY EVERYTHING SHOULD BE FINE.

WARNING: IF FOR WHATEVER REASON YOUR DEVICE DECIDES TO LEAVE THIS CRUEL WORLD AND YOU BEHIND I WILL NOT BE HELD RESPONSIBLE. SO IF YOU WISH TO CONTINUE DO SO AT YOUR OWN RISK.

  THE FIRST THING WE NEED TO DO IS TO ALLOW USB DEBBUGING. FOR THIS WE'LL NEED TO GO INTO SETTINGS/ ABOUT PHONE/ BUILD NUMBER AND CLICK THAT ABOUT 7 TIMES OR UNTIL THE TOAST READS "YOU ARE NOW A DEVELOPER" BUT YOU'RE NOT LOL. THIS WILL REVEAL DEVELOPER OPTIONS IN SETTINGS. WHILE YOU'RE IN DEVELOPER OPTIONS YOU WILL ALSO WANT TO CLICK ON THE OEM UNLOCKING ENABLING THE FUNCTION. NO WORRIES THIS CAN ALL BE REVERTED.

                    SETTINGS

NOW WE'LL NEED TO PUT TOGETHER A FOLDER WITH THE FILES THAT WE WILL BE USING. WE'LL BE DOWNLOADING TWRP OPENRECOVERY AS WELL AS OUR SUPERUSER ZIP FILE FOR ACTUALLY ROOTING THE DEVICE. THE NEXUS 6 COMES ENCRYPTED BY DEFAULT SO IN ORDER TO HAVE THIS WORK WE NEED A SPECIAL BOOT IMAGE THAT COMES UN-ENCRYPTED. THERE ARE THREE DIFFERENT IMAGES DEPENDS ON YOUR CARRIER AND ANDROID BUILD NUMBER. THIS AGAIN YOU CAN CHECK FOR IN THE ABOUT PHONE SECTION. SOMETHING I JUST NOTICED IS IF FOR EXAMPLE YOUR BUILD NUMBER WAS LMY47D AND YOU UPGRADED AND YOUR DEVICE NOW READS LYZ28E THEN YOU'LL WANT TO USE THE LMY47D IMAGE. ONE OTHER THING IS IF YOUR BUILD NUMBER WAS LMY47E OR ANY OTHER LAST LETTER VARIATION NO WORRIES YOU WILL USE THE LMY47D SAME THING APPLIES TO LRX22C OR LRX21O. CHOOSE THE CORRECT IMAGE FOR YOUR DEVICE. IF YOU WANT MORE INFORMATION ABOUT THESE SPECIAL IMAGES YOU CAN READ KRIS CARLON'S POST AT ANDROIDPIT.

    NOW THAT WE HAVE ALL THE FILES THAT WE'LL BE NEEDING YOU CAN CONTINUE TO THE NEXT PART OF THIS TUTORIAL. WE WILL NEED TO OPEN THE DEVICES BOOTLOADER. BY PRESSING THE POWER BUTTON AND THE VOLUME DOWN BUTTON SIMULTANEOUSLY WE CAN BOOT THE DEVICE INTO BOOTLOADER MODE. 

   NEXT WE NEED TO OPEN A TERMINAL ON YOUR COMPUTER INSIDE THE FOLDER THAT YOU CREATED WITH ALL THE FILES WE DOWNLOADED EARLIER. YOU CAN EITHER OPEN THE TERMINAL FROM WITHIN THE FOLDER (EASIEST WAY) OR YOU CAN OPEN THE TERMINAL ANYWHERE AND CD INTO THE DIRECTORY THAT HOLDS YOUR FILES. YOU WILL ALSO NEED TO USE THE TERMINAL AS ADMINISTRATOR OR SUPERUSER THE METHOD FOR THIS MAY VARY DEPENDING ON YOUR OPERATING SYSTEM IN LINUX YOU MAY JUST TYPE THE COMMAND SUDO SU AND IF PROMPTED TYPE IN YOUR SU PASSWORD. FOR WINDOWS RIGHT CLICK THE MOUSE AT THE CMD PROMPT AND CHOOSE TO RUN AS ADMINISTRATOR.

    WE NEED TO GET THE BOOTLOADER UNLOCKED, THANKFULLY NEXUS MAKES THIS PROCESS QUITE SIMPLE. TYPE THE FOLLOWING COMMANDS AND FOLLOW THE INSTRUCTIONS GIVEN WHEN PROMPTED. YOU WILL BE USING YOUR DEVICES VOLUME BUTTONS TO SCROLL EITHER YES OR NO AND THE POWER BUTTON TO SELECT. IN THE TERMINAL TYPE:

[FOLDER_WITH_MY_FILES]# fastboot oem unlock (enter)

*HERE YOU WILL BE ASKED TO OPEN THE BOOTLOADER OR NOT CHOOSE YES AND THE BOOTLOADER WILL BE UNLOCKED. REMEMBER TO SAVE ALL YOUR IMPORTANT INFORMATION SINCE UNLOCKING THE BOOTLOADER WILL ERASE ALL YOUR INFORMATION. ALTHOUGH IF YOU HAVE A GOOGLE ACCOUNT AND HAVE IT SET TO AUTOMATICALLY BACK UP YOUR STUFF, WHEN YOU SETUP YOUR DEVICE AFTER IT BOOTS IT WILL BRING CONTACTS AND APPS BACK FOR YOU.

    NOW FOR THE FUN STUFF. WE WILL BE FLASHING THE OPENRECOVERY BY TWRP (IF YOU PREFER A DIFFERENT RECOVERY SUCH AS CWM OR PHILZ TOUCH YOU MAY BUT I'VE TESTED WITH TWRP AND IT WORKS FLAWLESSLY. YOU CAN ALWAYS CHANGE RECOVERIES LATER THROUGH TWRP). NOW TYPE THE FOLLOWING COMMANDS INTO YOUR TERMINAL TO GET THE PROCESS UNDERWAY.

[FOLDER_WITH_MY_FILES]# fastboot flash recovery openrecovery-twrp-2.8.5.0-shamu.img (WHERE OPENRECOVERY.IMG TYPE EXACTLY WHAT YOUR OPENRECOVERIE'S NAME IS)

ONCE THE NEW RECOVERY IS FLASHED RESTART THE BOOTLOADER. ALWAYS AFTER EACH INDIVIDUAL FLASH IN BOOTLOADER MODE RESTART THE BOOTLOADER BEFORE YOUR NEXT FLASH. THIS IS DONE BY TOGGLING WITH THE VOLUME BUTTON UNTIL YOU SEE BOOTLOADER AND USING THE POWER BUTTON SELECT AND WAIT.

    NOW WE'LL FLASH THE BOOT.IMG THAT WE DOWNLOADED, REMEMBER THE UN-ENCRYPTED BOOT IMAGE.

[FOLDER_WITH_MY_FILES]# fastboot flash boot bootimg_noforceencrypt_lmy47d.img (WHERE LMY47D YOU NEED TO TYPE YOUR BOOT.IMG'S NAME YOU DOWNLOADED) (enter)

*WAIT TILL PROCESS COMPLETES AND RESTART THE BOOTLOADER.

    FINALLY TOGGLE THE BOOTLOADER MENU UNTIL YOU FIND FACTORY AND SELECT THAT WITH THE POWER BUTTON. WAIT SINCE FIRST BOOT ALWAYS TAKES LONGER THAN THE NORM. AFTER ABOUT 5 TO 10 MINUTES (SOME CASES LONGER BUT NOT TYPICALLY) YOUR DEVICE BOOTS.

    WELCOME TO A FRESHLY ROOTED NEXUS 6 WAITING FOR YOU TO GET THE MOST OUT OF IT, ENJOY!

ON THE NEXT TUTORIAL WE'LL LEARN HOW TO MAXIMIZE BATTERY AND FLASH A CUSTOM ROM IF YOU DON'T ALREADY KNOW HOW.