I saw this on xda and I used it to root, backup with titanium backup and then unlock boot loader to flash ROMs and other things. It works great and more people should know about it.
You needn't have unlocked the BOOTLOADER in order to flash CUSTOM ROMs... indeed, doing so, sort of undermines the whole point of the
'exploit'... ergo, to avoid a tablet wipe.
It seems I was incorrect in my previous post...
...you CAN indeed flash a CUSTOM RECOVERY without using FASTBOOT (and by extension, various ROMs/KERNELs).
This is done with the 'dd' command in either Android Terminal Emulator or via an ADB shell...
---------------------------------------
The following is how I accomplished it... but for an alternative, more technically complete (but essentially the same) method, see here
[Root][JB 4.2] Root your Nexus 7 without unlocking bootloader. (djrbliss motochopper) - Page 12 - xda-developers
Anyway... here's how I did it...
First, run the
'exploit' to acquire ROOT.
Upon reboot, you should be rooted, with
Chainfires SuperSU package and associated SU binary installed.
It's important that you're ROOTED before you proceed.
Next, get
Android Terminal Emulator from PlayStore.
Download a CUSTOM RECOVERY .img of your choice ... either
CWM (Both
'Grouper' and
'Tilapia' variants are available)...
...or
TWRP for 'Grouper' (N7 WiFi) or
TWRP for 'Tilapia' (N7 3G).
Rename it to
recovery.img... and copy it to the root of the Nexus 7's internal storage (emulated SD card).
In Terminal Emulator, run the following command...
Code:
su
dd if=/sdcard/recovery.img of=/dev/block/platform/sdhci-tegra.3/by-name/SOS
Upon completion of this command, shutdown and reboot your device into the BOOTLOADER, and from there, boot into your CUSTOM RECOVERY... in pretty much the same way had you FASTBOOT FLASHED it.
---------------------------------------
You are now free to flash whatever ROMs or kernels you like.
However, a word of caution... because the BOOTLOADER remains locked, FASTBOOT is strictly off limits; it simply won't work.
So the first thing you should do after flashing TWRP or CWM is...
*** MAKE A NANDROID BACKUP ***
If the device becomes
'wedged/bootlooped' as a result of some ROM flash gone wrong, then you will have
no choice but to unlock the BOOTLOADER (with full wipe) in order to fix it.
But if you have a NANDROID backup on your internal storage.... it's a simple task to just restore.
---------------------------------------
Credits and kudos must go to XDA members,
nhshah7, who made this
'exploit' available and
bftb0, whose post pointed me in the right direction, with regard to the 'dd' command.
---------------------------------------
I can confirm all of this works... my Nexus 7 is currently rooted, running a custom recovery (TWRP), with a custom ROM (see sig) installed - all sitting behind a LOCKED BOOTLOADER.
...no Factory Reset (wipe) required...
...and no unlocked padlock symbol upon boot.
Rgrds,
Ged.