Hi everyone
This is how to unlock and install TWRP (root too) the Huawei Honor 2
The root in this process is a partial root....since Xposed and some other root features wont work because the stock Jb roms are odexed.
Warning...this process was not tested on B8xx aka emui 2.0 firmwares
It will succesfully work on :
B1xx
B5xx
B7xx
Also....you cannot flash official firmwares with unlocked bootloader...so you need to relock it in oreder to reflash a rom with dload mod
Check "HOW TO LOCK/RELOCK BOOTLOADER" bellow
So first :
IM NOT RESPONSIBLE IF YOU BREAK YOUR PHONE
COMPLETLY DESTROYED YOUR SD CARD
OR SIM CARDS NOT WORKING
....Do this at your own risk
Links Bellow.
1/Unlock Bootloader
First you need the flash tool : Here (not my tool...only sharing)
You will also need the usb drivers. You can install Hisuit and it will automatilcally install the drivers you need.
When everything is ready...enable Usb debugging on your phone
Connect the device to your pc via usb and run the tool.
---Select option 1 (so insert 1 and press enter) to install the new fastboot partition, which is able to unlock your device if you install an unsigned kernel / recovery.
---Select option 2 if you haven’t enabled usb debugging, or if you have previously flashed an unsigned partition and now your device isn’t booting.
---Select option 3 to flash a custom kernel you have previously renamed to boot.img and put on your desktop. Do NOT use dd dumps : which means do NOT use boot.img you can find in flashable rom zips.
---Select option 4 to flash a custom recovery you have previously renamed to recovery.img and put on your desktop. Do NOT use dd dumps neither here.
---Select option 5 to check if bootloader is locked, unlocked or relocked.
Congratulation...your phone is unlocked !
2/INSTALL TWRP AND ROOT
TWRP Recovery : Gdrive
Alternative TWRP Recovery : Gdrive ( Use Ctrl + S) to download and keep them in the same folder
Now after unlocking the bootloader close the unlocktool and reboot the phone in fastboot mode
After that :
1/ IF you used the first link recovery Rename the file to recovery.img ...put it on the same folder and use the unlocking tool to flash it
2/ IF you used the 2nd link (Alternative recovery) you can just run flash.bat and it will do the work
after installing recovery :
go to wipe menu...then advanced and wipe only dalvik cache
now reboot
if your phone is rooted choose do NOT root and reboot
if yours is not rooted :
hit reboot button and the phone will install the root....now all you need to do is to update supersu from the playstore
DONE
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
HOW TO “RELOCK” BOOTLOADER
After your bootloader status is “unlocked”, if you want to flash a stock rom with dload method , you need to flash chinese recovery (not another one), then flash any of batty86 roms (or any other rom with both boot.img and reserved.img), let the device boot at least once, and the bootloader will be “relocked”; then you can install the original recovery and use the dload method again.
usefull links :https://huaweiascendg615.wordpress.com/
How to use chineese recovery for non chineese :Here
NOTE : I NO LONGER USE THE U9508 !
I've Bought a Samsung A5 A500FU
Credits :
TWRP team
Batty86 for his amazing tool and roms that can relock the bootloader
sorex blog for showing us how to use chineese recovery.
Hit :good: if i helped you
hello and thanks, do you have the file for bootloader unlock?? link is down
mimminou said:
Hello all xda devs and rookies
Today im showing you how to root and install TWRP 2.0.6.0 (Bootloader unlock too) on Huawei Honor 2
The root in this process is a partial root....since Xposed and some other root features wont work because the stock Jb roms are odexed...
-(Warning...this process was not tested on B8xx aka emui 2.0 firmwares
It will succesfully work on : B1xx
B5xx
B7xx
Also....you cannot flash official firmwares with unlocked bootloader...so you need to relock it in oreder to reflash a rom with dload mod
Check "HOW TO LOCK/RELOCK BOOTLOADER" bellow
So first :
IM NOT RESPONSIBLE IF YOU BREAK YOUR PHONE
COMPLETLY DESTROYED YOUR SD CARD
OR SIM CARDS NOT WORKING
....Do this at your own risk.
1/Unlock Bootloader
First you need the flash tool....Link Here (Link in first post) (not my tool...only sharing)
You will also need the usb drivers. You can install Hisuit and it will automatilcally install the drivers you need.
When every thing is ready...enable Usb debugging on your phone
Power off your phone; unplug the battery and replug it and boot up your phone in fastboot mode (power button + volum down)
Plug your phone in your computer and run flash.exe
choose 1 for chineese
choose 2 for english
Now choose unlock phone
after that choose fasboot option
Wait ~7 seconds and the phone will reboot
Congratulation...your phone is unlocked
2/INSTALL TWRP AND ROOT
Now after unlocking the bootloader you need to close flash.exe and reboot again your phone in fastboot mode
After that...open flash.exe and choose install TWRP V3 RECOVERY
NOTE : Do NOT choose Twrp touch version because its a little buggy and unstable (experimental users only)
now after the phone reboots...close the tool and reboot the phone in recovery mode using power + Volum up
go to wipe menu...then advanced and wipe only dalvik cache
now reboot to system....the recovery will notice that the phone is not rooted...
hit reboot button and the phone will install the root....now all you need to do is to update supersu from the playstore
DONE
Credits :
GenoKolar for his amazing tool and recovery and unlock script
TWRP team
EternityProject team for sharing this tool
Batty86 for his rom that can relock the bootloader
sorex blog for showing us how to use chineese recovery.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
HOW TO “RELOCK” BOOTLOADER
After your bootloader status is “unlocked”, if you want to flash a stock rom with dload method , you need to flash chinese recovery (not another one), then flash any of batty86 roms (or any other rom with both boot.img and reserved.img), let the device boot at least once, and the bootloader will be “relocked”; then you can install the original recovery and use the dload method again.
usefull links :here
How to use chineese recovery for non chineese :Here
#sorry for bad english....im using my phone
Hit :good: if i helped you
Click to expand...
Click to collapse
got a new link for the flash tool? thhanks
hello bro flash toool link not working
This Thread is discontinued so i decided to update the unlocking methode one more time
Well, in this guide I will try to concentrate all the process from a Stock Z3 (D6603) to a fully rooted, unlocked bootloader, custom rom and recovery, modded kernel and xposed firmware.
AS ALWAYS I WONT BE RESPONSIBLE FOR ANY DAMAGE, WAR, OR DEAD UNICORNS. PROCEED ON YOUR OWN RESPONSABILITY
Pre-process drivers:
Get fastboot drivers from here: https://mega.co.nz/#!upQkWCpA!BCvvsQR6Ee1gfmzAAGCeIMmFek2AaM0r_9HGWVNw8tM
Get adb+drivers from here: https://mega.co.nz/#!upQkWCpA!BCvvsQR6Ee1gfmzAAGCeIMmFek2AaM0r_9HGWVNw8tM
Z3 Official Drivers from here: https://mega.co.nz/#!v8JkkZAQ!w9ERWMs0L1UmWf_N3oCT4JgFdfU9NUFT7Wjv7D_bBh0
First of all you need to gain root privileges:
Download stock firmware (FTP format) https://mega.co.nz/#!D5ZXmJKZ!XWD6dae-NwKECGctrFsetFlODcf6EQMMYf22fCPHo2gDownload FlashTool (To flash FTF format) https://mega.co.nz/#!D5ZXmJKZ!XWD6dae-NwKECGctrFsetFlODcf6EQMMYf22fCPHo2gDownload GiefRoot and unpack it https://mega.co.nz/#!yxQFQbzK!KeA0u1i6KwKetj1aAaSLUZ_qiih1N0uox0GGes700J8Flash the stock firmware using flashtool, click on the bolt, select the FTF file downloaded previously and follow instructionsNote: The screen says press back+plug USB. It is not back button but VOL+ Button
Now skip configuration process, you will loose it all so it is not necessary but nothing happens if you want to waste your time.Once skipped go to Settings > About Phone and tap 7 times on Build number to enable developer options.Under developer options enable Usb Debugging and Mock LocationsNow, in settings enable unknown sources and disable verify apps Put your phone in Airplane ModeConnect your phone to the computer and open the install.bat inside the folder of GiefRootNote: Probably a pop-up will show in your phone asking to allow USB debug, check the "Always allow..." and press OKNow follow instructions on the CMD screenNote: It will probably fail the first time, just start again from install.bat point
Now let's install a recovery (it wont be the final recovery because this is changed by installing roms, we will stick on FOTA one. A few steps below.
Download ES File Explorer: https://mega.co.nz/#!j0xxESqT!k1VHSKi86lBgdh8NPbxmb3Q9FKFWDup7gAt-_uWkWCUDownload ZU Recovery: https://mega.co.nz/#!Ll4UVLTS!A8w4NeleaxjXBLQdUbZLtzGZRpPefX71rp27aCNV_mkEnable root and mount system r/w.Extract the ZU Recovery and open install.batChoose option 1 and follow instructions.Note: You will have a new App named NDR Utils, use it to reboot the phone.
Let's backup DRM keys:
Download TA-Backup: https://mega.co.nz/#!v0wgDCRR!xJBrmo1FfdvQQcFzK6ZO4dEfUi1YLaNGEl8XMaKu18sExtract TA BackupRun Backup.batKeep the file generated well saved.
Now, we will unlock bootloader:
I won't explain this point, I will recommed you follow this guide from the Official Sony's web: http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/ it is very clear and includes all checks needed.
Now let's install a custom ROM to proceed to FOTA recovery:
Download PacMan custom ROM from here: http://forum.xda-developers.com/z3/development/rom-pac-rom-lp-mr1-beta-1-t3099454Flash it as usualLet it boot and proceed to next step
Now let's install the FOTA recovery:
Download FOTA recovery image: https://mega.co.nz/#!38xxBZZJ!2jwbChc-XFlilltodA7R0VQzQTnbf8EPbUokR38C4YgOnce the ROM has booted put your phone in fastboot mode:
Code:
adb reboot fastboot
Or turn it down, hold vol+ and plug the USB.Then flash the FOTA recovery:
Code:
fastboot flash recovery <downloaded.img>
Then reboot your phone:
Code:
fastboot reboot
Now we can proceed to install PacMan ROM again (in case you lost it while flashing FOTA):
Download PacMan custom ROM from here: http://forum.xda-developers.com/z3/development/rom-pac-rom-lp-mr1-beta-1-t3099454
You can use this kernel along this ROM too:
http://forum.xda-developers.com/z3/orig-development/kernel-m5-kernel-t3045319
Get the permissive version in order to allow xposed to run.
xposed: I am testing it right now, I will explain it as soon as I see it is stable.
In your guide you use 'TFT' instead if the correct term of 'FTF'
They are FlashTool Files, hence the FTF
gregbradley said:
In your guide you use 'TFT' instead if the correct term of 'FTF'
They are FlashTool Files, hence the FTF
Click to expand...
Click to collapse
Thank you for the correction. Appreciate it.
im on D6653 and i tried using the root method.... after rebooting, my phone has alot of errors and the home screen is not working. there is nothing on the screen apart from the wallpaper and the 3 soft buttons at the bottom. i can't go to setting. what should i do?
togcbu said:
im on D6653 and i tried using the root method.... after rebooting, my phone has alot of errors and the home screen is not working. there is nothing on the screen apart from the wallpaper and the 3 soft buttons at the bottom. i can't go to setting. what should i do?
Click to expand...
Click to collapse
Flash the stock again and be carefull not not to flash D6603 firmware to D6653.
I created TWRP and custom kernel for Z5 Premium Dual E6833/E6833
I am tested my Z5 Premium Dual E6833 it's work
NOTE: This kernel is not for people who don't read official instruction at Sony Developer World!
This note is ridiculous, but some people don't read long instruction even if it has risk.
E6833/E6833 both file name are same
Download:
Z5PDual_AndroPlusKernel_v5b
twrp-2.8.7.0-E6833/E6833 -20151130_material
NOTE: You should search how to setup adb and fastboot.
You can find how to for unlocking bootloader on Sony Developer World.
1. Download Z5PDual_AndroPlusKernel_v5b.zip (extract zip copy only boot.img in adb and fastboot floder) and twrp-2.8.7.0-E6833/E6833 -20151122_material.img (copy in adb and fastboot floder)
You also need SuperSU from this thread
2. Enter into fastboot mode and run these commands in same folder you downloaded 1.
Code:
fastboot flash boot boot.img
fastboot flash recovery twrp-2.8.7.0-E6883-20151130_material.img
fastboot reboot
3. Press volume key when LED is on
4. Install SuperSU zip
5. Reboot and rooting is done
Source:
Kernel -
https://github.com/AndroPlus-org/and...94_kitakami_r2
Device tree -
https://github.com/AndroPlus-org/and..._sony_kitakami
https://github.com/AndroPlus-org/device-sony-satsuki
What is "customized" in your "custom" kernel ? :3
abuawaahed said:
I created TWRP and custom kernel for Z5 Premium Dual E6833/E6833
I am tested my Z5 Premium Dual E6833 it's work
NOTE: This kernel is not for people who don't read official instruction at Sony Developer World!
This note is ridiculous, but some people don't read long instruction even if it has risk.
E6833/E6833 both file name are same
Download:
Z5PDual_AndroPlusKernel_v5b
twrp-2.8.7.0-E6833/E6833 -20151130_material
NOTE: You should search how to setup adb and fastboot.
You can find how to for unlocking bootloader on Sony Developer World.
1. Download Z5PDual_AndroPlusKernel_v5b.zip (extract zip copy only boot.img in adb and fastboot floder) and twrp-2.8.7.0-E6833/E6833 -20151122_material.img (copy in adb and fastboot floder)
You also need SuperSU from this thread
2. Enter into fastboot mode and run these commands in same folder you downloaded 1.
3. Press volume key when LED is on
4. Install SuperSU zip
5. Reboot and rooting is done
Source:
Kernel -
https://github.com/AndroPlus-org/and...94_kitakami_r2
Device tree -
https://github.com/AndroPlus-org/and..._sony_kitakami
https://github.com/AndroPlus-org/device-sony-satsuki
Click to expand...
Click to collapse
Work on Z5 Premium Dual E6833?
since i have already 6.0.1 (.254) , UB, DRM KEYS lost,
i am not going to downgrade to 5.x.x for any type of rom / kernal
recovery twrp-2.8.7.0-E6883-20151130_material.img link doesn't work :/ help
** DISCLAIMER: I AM NOT A DEV AND THIS IS MY HOBBY. I ASSUME NO RESPONSIBILITY IF THIS BREAKS YOUR DEVICE **
The following is tested on model E6553. This may work for the dual sim model too but I have not verified it. Do not flash the ftf and kernel files intended for one model onto another.
I am not taking credit for any of the tools and kernels here. They are all developed by others. I am only telling you how to use them.
Credits: @zxz0O0, @tobias.waldvogel
0- Prerequisites
You need to have a functioning installation of adb and fastboot tools. You need to have proper Sony drivers installed on your PC to detect your phone when it is connected to the PC. You should be able to flash an ftf file using flashtool. If any of these sound unfamiliar to you, stop reading, go learn about them, and then come back.
1- How to unlock your bootloader without losing the DRM keys
Sony has designed this phone such that if you unlock your bootloader you lose your TA partition PERMANENTLY which includes some of the Xperia features and licenses that have to do with image processing etc. forever. You will also no longer receive OTAs. So in theory, without a copy of this TA partition (which is unique to each device and cannot be copied over from another) unlocking the bootloader results in an irreversible loss of some of your phone's features. Relocking the bootloader will not bring them back.
A hack exists that allows you to backup the TA partition before you unlock the bootloader. This backup will make the process completely reversible so if you ever need to send the tablet to Sony for repair or just want to return it to its original state you have a way. Follow these instructions carefully:
1.0- Before you begin keep in mind that this procedure, especially the unlocking step, completely erases your tablet. Disable myXperia and remove your google account before proceeding. The following will likely not work well with encryption.
1.1- Start by clean flashing any 28.0.A.8.266 firmware, For this tutorial I used the Customized NL ftf that you can get from here.
1.2- Enter service Mode by dialing *#*#7378423#*#* -> Service info -> configuration, and make sure the device is unlockable.
Also check -> Service Tests -> Security and you will see a bunch of "active" and "OK" attributes. You can take screenshots for your reference.
1.3- Turn on usb debugging mode on your phone.
1.4- Download iovyroot zip v0.4 or higher from here.
1.5- Unzip this zip file into a folder of your choice and open a command terminal there.
1.6- Connect the phone which is now in USB debugging mode to your PC and answer yes when the phone asks to authorize the PC to access it in USB debugging mode. You can check that the PC indeed sees the phone by running this command
Code:
adb devices
1.7- Run the following command:
Code:
tabackup
1.8- VERY IMPORTANT: Make sure the command completes with no errors. If all goes well you will have a file with a name like TA-05052016.img (the name may be different for you) with a size of 2MB in your folder.
1.9- Save this file in a very safe place. Save it on your hard disk, AND email it to yourself, AND put it on your google drive. If you lose this file you can never reverse the bootloader unlocking process.
1.10- Reboot the device.
1.11- Now you can unlock the bootloader. Follow the instructions at Sony's official website at http://developer.sonymobile.com/unlockbootloader Also save your unlock code that you obtain in this step somewhere. You may need it some day.
1.12- Reboot the device and it will briefly enter recovery and then start the phone initial setup.
1.13- (Optional) you can easily verify that your bootloader is unlocked by entering the fastboot mode, obtaining any boot image, and running the following command to boot your tablet with that image:
Code:
fastboot boot boot.img
1.14- (Optional) you can see that the DRM keys are erased from your tablet by repeating step 1.2 but this time you will see a bunch of errors under Service Tests -> Security.
1.15- As a side effect of unlocking the bootloader you lose the ability to receive OTA updates. Clean flash a Marshmallow ftf to continue. For this tutorial I used Marshmallow 6.0 E6553_Customized HK_1294-9654_32.1.A.1.185_R7C (the latest firmware at the time of this writing.)
2- How to emulate DRM keys and/or root and/or add recovery after unlocking the bootloader.
A hack exists that can emulate the DRM keys:
2.1- Extract the boot image from the 32.1.A.1.185 marshmallow ftf that you installed in step 1.15. Here are the steps to take:Open the ftf file with 7-zip or any zip program that you have at your disposal
Look for a file called kernel.sin and extract it.
Start flashtool and from Tools menu choose Sin Editor.
Select the kernel.sin that you extracted in the previous step and hit Extract data.
Flashtool will create a file called kernel.elf which you will use in the next step.2.2- Download rootkernel_v4.42_Windows_Linux.zip (or a higher version) from http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605 and unzip it in a folder of your choice.
2.3- Copy the kernel.elf that you got in step 2.1 to this folder. If you want root, follow this guide through to section 5 place SuperSU 2.71 (or higher) in this folder as well. Make sure the name of the SuperSU zip starts with letters "SuperSU". The latest SuperSU can be obtained from: http://forum.xda-developers.com/apps/supersu/2014-09-02-supersu-v2-05-t2868133 (The rootkernel tool has a bug in its built-in SuperSU integration. See: http://forum.xda-developers.com/showpost.php?p=67485478&postcount=838)
2.4- Open a command terminal in this folder and run the rootkernel script. Your command should look similar to this:
Code:
rootkernel.cmd kernel.elf boot-patched.img
When prompted, answer as follows:- Sony RIC is enabled. Disable? [Y/n] Y (if you want root plus write access)
- Install TWRP recovery? [Y/n] Y (if you want to have recovery)
- Install busybox? [Y/n] Y (if you want busybox. It is very useful)
- Found SuperSU-v2.71-20160331103524.zip. Install? [Y/n] Y (if you want root)
- Install DRM fix? [Y/n] Y (if you want DRM emulation)This will create a new kernel image called boot-patched.img which you will now flash on your phone.
2.5- Boot the phone in the fastboot mode and flash your patched image using the following fastboot command:
Code:
fastboot flash boot boot-patched.img
2.6- (Optional) You can reboot the phone and see that the DRM keys are indeed retrieved by repeating step 1.2. You can also open settings -> display, and look under Image Enhancement. If the DRM emulation is successful you will see this.
3- How to flash a custom or stock kernel
3.0- If you have already flashed the patched kernel in part 2 you will skip this part.
3.1- Whether you want to use a custom kernel or stock, and whether you have done the DRM patch described above or not, to flash a boot image (i.e. kernel) on your phone you need to restart the tablet in fastboot mode.
3.2- To flash the kernel use this command:
Code:
fastboot flash boot [I]name_of_your_kernel[/I]
You will replace name_of_your_kernel with whatever your kernel is called (e.g. boot.img, kernel.elf, etc.)
4- How to add and use recovery
4.1- Recovery is added to your kernel in step 2.4.
4.2- To enter recovery reboot the phone and touch the volume up key when the LED turns yellow during the boot splash screen.
5- How to root
5.1- Place SuperSU 2.71 zip (or higher) on the phone's sdcard. The latest SuperSU can be obtained from: http://forum.xda-developers.com/apps/supersu/2014-09-02-supersu-v2-05-t2868133
5.2- Reboot to recovery and flash the zip file.
6- How to relock bootloader and return it to original factory state
6.0- To relock the bootloader along with restoring the DRM keys the phone must have unmodified stock firmware.
6.1- Repeat step 1.1
6.2- Repeat steps 1.3, 1.4, and 1.5
6.3- Copy the TA backup image that you had obtained in section 1 in the iovyroot folder and use the tarestore command to flash the TA partition back onto the phone. The command will look similar to this:
Code:
tarestore TA-05052016.img
Make sure the command completes with no error. If it fails the first time try again. Reboot the phone. Your bootloader is now locked and your DRM keys restored.
6.4- (Optional) You can verify that you are back to the original locked state by repeating step 1.2.
Whoa Great
---------- Post added at 01:32 AM ---------- Previous post was at 12:50 AM ----------
najoor said:
** DISCLAIMER: I AM NOT A DEV AND THIS IS MY HOBBY. I ASSUME NO RESPONSIBILITY IF THIS BREAKS YOUR DEVICE **The following is tested on model E6553. This may work for the dual sim model too but I have not verified it. Do not flash the ftf and kernel files intended for one model onto another.I am not taking credit for any of the tools and kernels here. They are all developed by others. I am only telling you how to use them.
Credits: @zxz0O0, @tobias.waldvogel
0- Prerequisites
You need to have a functioning installation of adb and fastboot tools. You need to have proper Sony drivers installed on your PC to detect your phone when it is connected to the PC. You should be able to flash an ftf file using flashtool. If any of these sound unfamiliar to you, stop reading, go learn about them, and then come back.
1- How to unlock your bootloader without losing the DRM keys
Sony has designed this phone such that if you unlock your bootloader you lose your TA partition PERMANENTLY which includes some of the Xperia features and licenses that have to do with image processing etc. forever. You will also no longer receive OTAs. So in theory, without a copy of this TA partition (which is unique to each device and cannot be copied over from another) unlocking the bootloader results in an irreversible loss of some of your phone's features. Relocking the bootloader will not bring them back.
A hack exists that allows you to backup the TA partition before you unlock the bootloader. This backup will make the process completely reversible so if you ever need to send the tablet to Sony for repair or just want to return it to its original state you have a way. Follow these instructions carefully:
1.0- Before you begin keep in mind that this procedure, especially the unlocking step, completely erases your tablet. Disable myXperia and remove your google account before proceeding. The following will likely not work well with encryption.
1.1- Start by clean flashing any 28.0.A.8.266 firmware, For this tutorial I used the UK Generic ftf that you can get from here.
1.2- Enter service Mode by dialing *#*#7378423#*#* -> Service info -> configuration, and make sure the device is unlockable.
Also check -> Service Tests -> Security and you will see a bunch of "active" and "OK" attributes. You can take screenshots for your reference.
1.3- Turn on usb debugging mode on your phone.
1.4- Download iovyroot zip v0.4 or higher from here.
1.5- Unzip this zip file into a folder of your choice and open a command terminal there.
1.6- Connect the phone which is now in USB debugging mode to your PC and answer yes when the phone asks to authorize the PC to access it in USB debugging mode. You can check that the PC indeed sees the phone by running this command
Code:
adb devices
1.7- Run the following command:
Code:
tabackup
1.8- VERY IMPORTANT: Make sure the command completes with no errors. If all goes well you will have a file with a name like TA-05052016.img (the name may be different for you) with a size of 2MB in your folder.
1.9- Save this file in a very safe place. Save it on your hard disk, AND email it to yourself, AND put it on your google drive. If you lose this file you can never reverse the bootloader unlocking process.
1.10- Reboot the device.
1.11- Now you can unlock the bootloader. Follow the instructions at Sony's official website at http://developer.sonymobile.com/unlockbootloader Also save your unlock code that you obtain in this step somewhere. You may need it some day.
1.12- Reboot the device and it will briefly enter recovery and then start the phone initial setup.
1.13- (Optional) you can easily verify that your bootloader is unlocked by entering the fastboot mode, obtaining any boot image, and running the following command to boot your tablet with that image:
Code:
fastboot boot boot.img
1.14- (Optional) you can see that the DRM keys are erased from your tablet by repeating step 1.2 but this time you will see a bunch of errors under Service Tests -> Security.
1.15- As a side effect of unlocking the bootloader you lose the ability to receive OTA updates. Clean flash a Marshmallow ftf to continue. For this tutorial I used Marshmallow 6.0 E6553_Customized HK_1294-9654_32.1.A.1.185_R7C (the latest firmware at the time of this writing.)
2- How to emulate DRM keys and/or root and/or add recovery after unlocking the bootloader.
A hack exists that can emulate the DRM keys:
2.1- Extract the boot image from the 32.1.A.1.185 marshmallow ftf that you installed in step 1.15. Here are the steps to take:
Open the ftf file with 7-zip or any zip program that you have at your disposal
Look for a file called kernel.sin and extract it.
Start flashtool and from Tools menu choose Sin Editor.
Select the kernel.sin that you extracted in the previous step and hit Extract data.
Flashtool will create a file called kernel.elf which you will use in the next step.2.2- Download rootkernel_v4.42_Windows_Linux.zip (or a higher version) from http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605 and unzip it in a folder of your choice.
2.3- Copy the kernel.elf that you got in step 2.1 to this folder. If you want root, place SuperSU 2.71 (or higher) in this folder as well. Make sure the name of the SuperSU zip starts with letters "SuperSU". The latest SuperSU can be obtained from: http://forum.xda-developers.com/apps/supersu/2014-09-02-supersu-v2-05-t2868133
2.4- Open a command terminal in this folder and run the rootkernel script. Your command should look similar to this:
Code:
rootkernel.cmd kernel.elf boot-patched.img
When prompted, answer as follows:
- Sony RIC is enabled. Disable? [Y/n] Y (if you want root plus write access)
- Install TWRP recovery? [Y/n] Y (if you want to have recovery)
- Install busybox? [Y/n] Y (if you want busybox. It is very useful)
- Found SuperSU-v2.71-20160331103524.zip. Install? [Y/n] Y (if you want root)
- Install DRM fix? [Y/n] Y (if you want DRM emulation)This will create a new kernel image called boot-patched.img which you will now flash on your phone.
2.5- Boot the phone in the fastboot mode and flash your patched image using the following fastboot command:
Code:
fastboot flash boot boot-patched.img
2.6- (Optional) You can reboot the phone and see that the DRM keys are indeed retrieved by repeating step 1.2. You can also open settings -> display, and look under Image Enhancement. If the DRM emulation is successful you will see this.
3- How to flash a custom or stock kernel
3.0- If you have already flashed the patched kernel in part 2 you will skip this part.
3.1- Whether you want to use a custom kernel or stock, and whether you have done the DRM patch described above or not, to flash a boot image (i.e. kernel) on your phone you need to restart the tablet in fastboot mode.
3.2- To flash the kernel use this command:
Code:
fastboot flash boot [I]name_of_your_kernel[/I]
You will replace name_of_your_kernel with whatever your kernel is called (e.g. boot.img, kernel.elf, etc.)
4- How to add and use recovery
4.1- Recovery is added to your kernel in step 2.4.
4.2- To enter recovery reboot the phone and touch the volume up key when the LED turns yellow during the boot splash screen.
5- How to relock bootloader and return it to original factory state
5.0- To relock the bootloader along with restoring the DRM keys the phone must have unmodified stock firmware.
5.1- Repeat step 1.1
5.2- Repeat steps 1.3, 1.4, and 1.5
5.3- Copy the TA backup image that you had obtained in section 1 in the iovyroot folder and use the tarestore command to flash the TA partition back onto the phone. The command will look similar to this:
Code:
tarestore TA-05052016.img
Make sure the command completes with no error. If it fails the first time try again. Reboot the phone. Your bootloader is now locked and your DRM keys restored.
5.4- (Optional) You can verify that you are back to the original locked state by repeating step 1.2.
Click to expand...
Click to collapse
Very usefull step by step guide.. But is there is any method to root phone without unlocking Bl? Quite curious to know from you.
arokososoo said:
Whoa Great
---------- Post added at 01:32 AM ---------- Previous post was at 12:50 AM ----------
Very usefull step by step guide.. But is there is any method to root phone without unlocking Bl? Quite curious to know from you.
Click to expand...
Click to collapse
Not yet, atleast for my Dual SIM Version.
njaya95 said:
Not yet, atleast for my Dual SIM Version.
Click to expand...
Click to collapse
So you mean there is a way to root single sim version without unlocking BL?
Thanks ú so much! this is well writen, i will try this when i get the time to do a fresh install. Cheers mate
@arokososoo
Please, in the future never quote long OP and any other long posts. This is very annoying for mobile and desktop users to scroll to the next post. Thanks.
Sent from my Sony E6553 using XDA Labs
I wonder if E6533 can use this guide
Got as far as going to the sony website, there's no mention of phones that can be unlocked there and for some reason Ive got bootloader unlock allowed no, even with a sim free phone and my xperia turned off.....bummer
Stoneybridge said:
Got as far as going to the sony website, there's no mention of phones that can be unlocked there and for some reason Ive got bootloader unlock allowed no, even with a sim free phone and my xperia turned off.....bummer
Click to expand...
Click to collapse
I also unlocked my Z3+, although it wasn't supported. I just picked Z4 Tablet since it is the "nearest" one. Worked Got MM rooted now.
How long did that take on your devices? 1.1- Start by clean flashing any 28.0.A.8.266 firmware, For this tutorial I used the UK Generic ftf that you can get from here.
I am waiting for half an hour now...
Spoiler
Trilliard said:
How long did that take on your devices? 1.1- Start by clean flashing any 28.0.A.8.266 firmware, For this tutorial I used the UK Generic ftf that you can get from here.
I am waiting for half an hour now...
Spoiler
Click to expand...
Click to collapse
I can't see your picture, but I assume you have that stucking at modem/system ?
If so, downgrade Flashtool to 0.9.19
Well i got a soft brick, but was able to restore it trough Sony Companion. Here is the picture on another hoster http://fs5.directupload.net/images/160529/gr5fpf8t.png dont know on what point it stuck.
Funfact that two germans writting in english
Edit, big thanks version 0.9.19 worked perfect. Cant understand why the newest one doesnt work
Edit 2: System boots up, but when the setup start the process com.android.phone stops instant and if i hit ok the message comes instantly again after about ten times the phone reboot, i cant do anything else... next repair through sony companion and back to stock german 6.0. I´ll stop try it for today.
Trilliard said:
Well i got a soft brick, but was able to restore it trough Sony Companion. Here is the picture on another hoster http://fs5.directupload.net/images/160529/gr5fpf8t.png dont know on what point it stuck.
Funfact that two germans writting in english
Edit, big thanks version 0.9.19 worked perfect. Cant understand why the newest one doesnt work
Edit 2: System boots up, but when the setup start the process com.android.phone stops instant and if i hit ok the message comes instantly again after about ten times the phone reboot, i cant do anything else... next repair through sony companion and back to stock german 6.0. I´ll stop try it for today.
Click to expand...
Click to collapse
Did you forget to wipe?
In a thread i opened in Q&A a user said that even though service info reported bl unlock allowed NO, he managed to unlock it anyways using standard procedure, what do you think?
it seems like Sony RIC is not fully disabled with this patch.
Finally ! Works like a charm in my E6533 (Dual sim) !!! Thanks a lot !!!
Hi thiefxhunter,
How you do this? could you explain us step by step. I like to root my dual sim model.
Thanks.
Hi.. I am stuck in 2.5
My device is unlocked, It is connected in fastboot mode (blue led).
error msg
'Fastboot is not recognised as an internal or external command, operable program or batch file'
Please help me in this.
Solved..
Thanks for this post..
Thanks for this guide, it worked like a charm on my E6553 with 32.2.A.0.224
CorzCorry said:
I also unlocked my Z3+, although it wasn't supported. I just picked Z4 Tablet since it is the "nearest" one. Worked Got MM rooted now.
Click to expand...
Click to collapse
Can you please explain how did you do that? Thanks
Hello everybody,
is there a possibility to install the updates for a rooted P10 Lite without relocking the bootloader?
When I installed the first OTA updates for the phone, the bootloader wasn't relocked afterwards. But last time (last update before the Android 8 update) the bootloader was locked after update, so I had to reset my phone to root it again. Of course I create regular backups of my phone, but it was much work anyway. The bootloader will be locked after installing the Android 8 update again, isn't it?
If so, is there any other way of updating the P10 without relocking the bootloader?
Under /data/update/HwOUC/ I found an update.zip with a size of 1.8 GB. It contains a file VERSION.mbn which contains a line "WAS-LX1A 8.0.0.362(C432)". This fits to the version displayed by the OTA update manager. Can I just flash this update.zip using TWRP to update to Android 8?
Thanks in advance!
I'm not sure if you can flash update.zip in TWRP. I've tried such flash a long time ago with TWRP and Android 7 and it didn't works at all!
My bootloader is unlocked all the time. If there's an update I do that:
Turn Off you phone then Press and Hold Vol Down button and connect the phone to PC (Bootloader mode)
Links to all files you need: https://mega.nz/#F!TNQiFDrS!LeWgM5bukSz66UEL5zE1Tg
1. Flash stock recovery: fastboot flash recovery_ramdisk RECOVERY_RAMDIS.img
2. Reboot to system and go to Setting and try to update phone
3. Install FullOTA update (only FulIOTA can be installed if you phone is rooted)
4. Boot into Bootloader mode
5. Flash TWRP again: fastboot flash recovery_ramdisk TWRP.img (I use TWRP 3.2.1-0 by Pretoriano80 and everything works well: data decryption, backups, etc.)
6. Flash patched boot img file (Magisk root): fastboot flash ramdisk patched_boot.img
But if you need only root then you don't need TWRP at all.
Use stock recovery all the time and install FullOTA update without any problems then go to Bootloader and flash the patched boot file for Magisk after every update! That's all.