By almost popular demand, making this a thread
This is a how-to root, install recovery, backup drm keys, etc. from scratch in a single thread since finding all threads can be daunting. That's basically all the things you generally want to do when you root the phone (WITHOUT UNLOCKING THE BOOTLOADER).
TL;DR - overview
If you know what you're doing, you really just need to read this part of the post. If you're unsure, read the step-by-step instead.
If you're running Android 6.0.1 MM with firmware .291 (and probably any other future firmware), want to root without unlocking the bootloader more quickly than the method below refer to this post: http://forum.xda-developers.com/z3-compact/general/recovery-root-mm-575-lb-t3418714 (get all 3 zips, rename the kernel zips to .ftf, flash kernel575.ftf with flashtool - reboot - enable dev mode, run bat script - reboot in recovery and flash supersu.zip - flash kernel291.ftf, reboot, done (for future versions you'll want to only flash the kernel from sony's ftf after rooting)
Downgrade the firmware, as the root exploit only works with older firmware such as 23.0.A.2.93.
Run the root exploit to get root
Backup the DRM keys
Upgrade the firmware to the latest version, while retaining root access (or by using a pre-rooted images that nice people made)
In the process, we'll install DualRecovery and SuperSu (having the custom recovery is what allows you to keep root as it let you flash a modified image that has SuperSU on it)
See the FAQ at the bottom in case you need additional help, about mounting /system read-write, fixing the sdcard issues, etc. These are not directly related to the rooting process, but you most likely want to perform these tasks anyway.
Step by step instructions
Read instructions carefully, there's many steps, making this slightly complex.
Ensure you backed up everything you need (files/apps/pictures/etc) first, these will be lost! - YOUR PHONE WILL BE WIPED.
-- FW DOWNGRADE AND INSTALL WITH FLASHTOOL --
Downgrade fw to 23.0.A.2.93 (Device D5803) or anything prior to 23.0.1.A.5.77 (december fw)
Global:https://mega.nz/#F!wdEG3aiD!Ej2S4hcMKGPgnmGudvAegg (look for 23.0.A.2.93) (or see http://forum.xda-developers.com/showpost.php?p=66275977&postcount=2030 for more links if this one no longer works)
Get and install Flashtool at http://www.flashtool.net/index.php
Move the fw into the C:/Flashtool/firmwares directory
Open Flashtool, click on the lightning symbol ("flash device"), select "Flashmode" and click on "OK"
Just select the name of the fw you downloaded and click on "Flash"
Wait for a window to pop up (it may take a few minutes, be patient)
Now everything is ready: turn off your phone
Push the volume DOWN button, connect the USB cable to your PC while still pushing the volume DOWN button
Once the flashing process has started, release the volume button
) Do not disconnect the USB cable, wait until flash completes (flashtool will indicate when you can unplug).
-- ROOTING W/ EXPLOIT --
Enable USB debugging on the phone (Settings => About phone => Click 7 times on Android Build to unlock developer options)
Allow mock locations (Settings => Developer Settings)
Ensure you have adb drivers installed (http://support.sonymobile.com/gb/tools/pc-companion/ don't use it to update
Download rooting tool (http://forum.xda-developers.com/devdb/project/dl/?id=10766&task=get) or latest from http://forum.xda-developers.com/crossdevice-dev/sony/giefroot-rooting-tool-cve-2014-4322-t3011598)
Unzip the rooting tool
Connect phone to your computer
Put phone in airplane mode
Run install.bat from the rooting tool (allow USB debugging when asked on the phone every time, also allow root prompt) and follow instructions from the tool
You should be rooted now, if you get an error "Device not rooted" trying running the tool once more
-- Backup DRM keys/TA Partition --
Get backup ta tool from https://github.com/DevShaft/Backup-TA/releases
Unzip it!
Ensure phone is still connected (or reconnect it)
Run Backup-TA.bat
Read the information and follow the instructions given by the tool.
-- Install latest firwmare with root, DRM keys, recovery --
Alternative 1: pre-made pre-rooted image (for fast internet, slow pc
Get a pre-rooted image:
For KitKat - fw 23.0.1.A.5.77 (android 4.4. dec 2014) at http://forum.xda-developers.com/z3-...ist-pre-rooted-firmwares-6-oct-2015-t32188206 then skip directly to step 33.
Or, for Lollipop - fw 23.1.A.0.690 (Android 5.0 March 2015) at http://forum.xda-developers.com/z3-compact/development/list-pre-rooted-firmwares-6-oct-2015-t3218820 then skip directly to step 33.
Or, for Marshmallow - fw 23.5.A.1.291 (Android 6.0 June 2016) at https://mega.nz/#!0JUA2DzR!5-5Tz1BRr3gkvrt_loqHzePsgfSeGKCD07xhQzugl4w or http://forum.xda-developers.com/z3-compact/development/list-pre-rooted-firmwares-6-oct-2015-t3218820 then skip directly to step 33.
Alternative 2, for newer fw for example - build your own pre-rooted image (fast pc, slower internet:
Get PRFC from http://forum.xda-developers.com/crossdevice-dev/sony/tool-prfcreator-easily-create-pre-t2859904
Get latest fw from http://forum.xda-developers.com/z3-compact/general/list-stock-firmwares-d5803-d5833-t2906706
Get latest SuperSU zip http://download.chainfire.eu/supersu
Get DualRecovery zip (the flashable zip, not the installer one) from http://nut.xperia-files.com/ you want Z3C-lockeddualrecoveryX.Y.Z-RELEASE.flashable.zip
Start PRFC and add the 3 zip (FTF file is the fw, SuperSU and Recovery)
Click "create" - this will take a while
Copy resulting "pre-rooted" fw to /sdcard0 on your phone (it means copy flashable.zip from the PRFC directory to the "internal storage" directory of the phone)
Get Dual Recovery installer this time, from http://nut.xperia-files.com/ you want Z3C-lockeddualrecoveryX.Y.Z-RELEASE.installer.zip notice how thats 'installer' this time, not the same file as in 30!
Unzip it
start install.bat and follow instructions (hit 1 (allow adb/root on the phone as needed)
You should be in recovery automatically now. (if not, reboot and when the LED change colors push volume UP repeatedly)
Flash the pre-rooted fw (flashable.zip) from the recovery (touch "install zip", select /storage/sdcard1/flashable.zip then confirm install) on the phone, then power off the phone (DO NOT REBOOT)
To power off, go into the "power options" and hit "power off" (dont do "reboot in flashmode" DO power off)
Unplug USB (yes this is required, DO IT)
Open Flashtool and select the non-pre-rooted fw (this is 23.5.A.1.291 for example), but DESELECT system: in "EXCLUDE" make sure you check the checkbox next to "SYSTEM", flash it.
press volume DOWN and plug USB cable while keeping volume DOWN pressed, when flashing starts, stop pressing the volume button
After flash is done and when flashtool tells you to, remove USB cable and start the phone
Congrats and enjoy, you made it to the end! you now have latest + recovery + root and backups of your DRM keys! (and of course all DRM functions enabled)
FAQ
- Some root apps don't work, because /system can't be remounted rw, what's up with that?
Sony has a special in kernel protection that disallow remounting /system read-write, even for root. Flash this in recovery (copy it to the sdcard and reboot in recovery with volume UP pressed, then install it): https://github.com/dosomder/SonyRICDefeat/raw/master/RICDefeat.zip
- I unlocked my boot loader, or lost my DRM keys some other way AFTER backing up as per above procedure. How to restore?
plug USB back in
re-enable usb debugging on the phone (Settings => About phone => Click 7 times on Android Build to unlock developer options)
Start backup TA again but this time hit restore
- I messed somewhere, phone doesn't boot or work properly, what to do!
unplug USB
if phone is on, long press the power button+volume UP until the phone turns off
go back to step 1 of the how to, follow the how to! Mainly - the howto makes you setup flashtool again, then boot the phone in flash mode with volume key and plugging in the USB cable.
- I forgot to backup DRM keys (backup ta program) but I never unlocked the bootloader, is it bad?
nope you're fine, just back them up now
- I really lost my DRM keys, can I recover them?
No you can't. But you can recover the features by using some modified software. Look for "DRM Fix" for example here.
- I don't want to wipe my phone!
Uncheck "data" before downgrading and then before upgrading in flashtool. You will get some errors when downgrading, which will go away when you revert back to .77 at the end of the process
This is at your own risk, data still risk being deleted if something goes wrong
Depending on the apps, etc. you have, there is a chance that some app would not work properly at the end of the process without a full wipe. If that's the case, you might need to go in settings>applications and "delete data" for that app.
- Some apps can't write to the sdcard!
install/run this https://play.google.com/store/apps/details?id=nextapp.sdfix&hl=en
- I don't have SuperSu on marshmallow+ ?!
It just didnt install properly into /system. That's ok. Just install it from the play store - you do have the su binary installed in /system so this will work
- Does this work on my SO-02G (Xperia Z3C Docomo NTT version) ?
@pngoc256 tested and yes, it works
- Does this work with lollipop (Android 5.0)?
- Does this work with Marshmallow (Android 6.0)?
- Will this work with Nougat (Android 7.0)?
- Will this always work?! (yes probably)
Yes.
If when doing the final reboot its stuck on the loading screen the first time, reboot again a last additional time with power + volume UP.
People who did the hard work/references thanks to them:
@istux (fw list, flashtool how to http://forum.xda-developers.com/z3-compact/general/list-stock-firmwares-d5803-d5833-t2906706)
@xzx0O0 (root exploit: http://forum.xda-developers.com/crossdevice-dev/sony/giefroot-rooting-tool-cve-2014-4322-t3011598)
@DevShaft (backup ta http://forum.xda-developers.com/showthread.php?t=2292598)
@serajr (install .77 fw http://forum.xda-developers.com/showpost.php?p=58395100&postcount=71)
dosomder (kmod for sony's RIC) https://github.com/dosomder/SonyRICDefeat
Everything worked. Thanks a ton!
Thanks for the detailed explanation with links, very thorough and helpful.
MODS PLEASE STICKY THIS THREAD, might just be the most important thread in the Z3 Compact forum.
If you're having trouble with step 34 opening a command prompt in the files folder, try pressing shift and right click on or in the "files" folder, you should see "Open command window here"
Unrelated: what's the purpose of steps 40-43 (reflashing non pre-rooted FW)?
Thanks for this manual, managed to get it work. Although if I start xposed, I get the error it can't mount the system partition. Titanium Backup works perfect. It seems the system partition is read only still? Any solution very welcome. Once again many thanks to the hard working people behind this exploit
wowz, it's finally here!!!
madlive said:
Thanks for this manual, managed to get it work. Although if I start xposed, I get the error it can't mount the system partition. Titanium Backup works perfect. It seems the system partition is read only still? Any solution very welcome. Once again many thanks to the hard working people behind this exploit
Click to expand...
Click to collapse
Follow this: http://forum.xda-developers.com/showpost.php?p=58400277&postcount=228
This is why I love this community, thanks mate, that completely fixed it
adamk7 said:
If you're having trouble with step 34 opening a command prompt in the files folder, try pressing shift and right click on or in the "files" folder, you should see "Open command window here"
Unrelated: what's the purpose of steps 40-43 (reflashing non pre-rooted FW)?
Click to expand...
Click to collapse
its here in case you need to restore DRM keys. for example if you unlocked your boot loader, or messed up something somewhere.
madlive said:
Thanks for this manual, managed to get it work. Although if I start xposed, I get the error it can't mount the system partition. Titanium Backup works perfect. It seems the system partition is read only still? Any solution very welcome. Once again many thanks to the hard working people behind this exploit
Click to expand...
Click to collapse
Fastest i found is to flash https://github.com/dosomder/SonyRICDefeat (the zip in there). its an extra protection on the sony kernel that makes /system non-remountable r/w, this module takes care of it. above post method would also work.
Hello,
Thanks a lot for this thread, but you made a typo in the step 37, in the command to remount /system: "mount -o remount,rw /system" instead of "mount -oremount,rw /system".
Had I known you were going to post such detailed instructions, I would have waited and saved tons of time!
Very helpful indeed, kudos for your work
steps 40-43
adamk7 said:
If you're having trouble with step 34 opening a command prompt in the files folder, try pressing shift and right click on or in the "files" folder, you should see "Open command window here"
Unrelated: what's the purpose of steps 40-43 (reflashing non pre-rooted FW)?
Click to expand...
Click to collapse
I think you are not suppose to open your phone until you flash the prerooted firmware since it says to turn off and not reboot. I dont know the purpose but still gonna follow.
---------- Post added at 04:58 AM ---------- Previous post was at 04:56 AM ----------
I just want to ask if its ok to flash a non-prerooted firmware that was not based on, or was not used to make the prerooted firmware that i will flash earlier in the step?
Any tips on backing up data before flashing .93?
bilboa1 said:
its here in case you need to restore DRM keys. for example if you unlocked your boot loader, or messed up something somewhere.
Fastest i found is to flash https://github.com/dosomder/SonyRICDefeat (the zip in there). its an extra protection on the sony kernel that makes /system non-remountable r/w, this module takes care of it. above post method would also work.
Click to expand...
Click to collapse
I flashed the zip in the recovery, but I still can't unintall the apps! I'm sure I have root because greenify and xposed works.
Since i have dual recovery now on my z3 compact, can i flash any zip including CM12 without unlocking the bootloader? I already backed up TA but still wondering?
I had a error when trying to flash CM12 without flashing the CM' boot.img (which asks to unlock the bootloader) because the phone codename is "aries" on Sony stock roms and CM12 want the codename "z3c". Flashing the boot.img contained in CM12 nightlies fixed the problem.
I have solve problem! Just need it to update the dual recovery by Nut with the 2.8.1 Now I can uninstall the system app (Finally)..
Thanks but TA
I make a TA backup in 23.0.A.1.93 in root.
And I changed the kernel to 23.0.A.5.77 with the root using PRFCreater.
and I unlocked my bootloader
and after that I need to re-lock the bootloader cause i need to go sony service center
i tryed the TA backup tool's restore option, but it saids that there is no TA-backup*.zip files
what should i do
reloadxero said:
Since i have dual recovery now on my z3 compact, can i flash any zip including CM12 without unlocking the bootloader? I already backed up TA but still wondering?
Click to expand...
Click to collapse
Any custom rom needs an unlocked bootloader.
Any custom kernel needs an unlocked bootloader.
Without unlocking, you can only install roms based on stock firmware with a stock kernel.
dshstudio said:
I make a TA backup in 23.0.A.1.93 in root.
And I changed the kernel to 23.0.A.5.77 with the root using PRFCreater.
and I unlocked my bootloader
and after that I need to re-lock the bootloader cause i need to go sony service center
i tryed the TA backup tool's restore option, but it saids that there is no TA-backup*.zip files
what should i do
Click to expand...
Click to collapse
Restoring the TA backup automatically relocks your bootloader.
Inside the folder where TA-backup.exe is located, you should find a sub-folder named "backup": do you see nothing within that?
Thank you so much for this thread, really easy this way. Only problem I had was in the last step when flashing version .98, which gave me a non-working wifi. Once reflashed with .77 this was resolved.
Related
ROOT JB (101) AND KITKAT (230) FIRMWARE WITH LOCKED BOOTLOADER
This thread is now officially obsolete. There is a new, simple and efficient ROOT method created by @geohot, based on the asec exploit. This method is valid for all versions of android with kernel dates older(earlier) than 04 June. The method probably works on any phone / tablet device EXCEPT the HTC M8, Moto G & E, and devices with Intel chipsets. Go to this thread for details:
http://forum.xda-developers.com/showthread.php?t=2783863
The guide below is obsolete and remains only for info. Please do not follow?.
DISCLAIMER: The steps WILL INVOLVE OBTAINING BOOTLOADER UNLOCK CODE FROM SONY, However, after unlocking, you will be guided to re-lock bootloader so that the end result will be a phone with Marlin Keys, Bravia Engine2 and Bootloader INTACT (LOCKED).
Starting Assumptions:
1. You have a Sony Xperia Z (C66XX) L-39H (Duh! Obvious!)
2. You have some knowledge of Root, SUPERUSER and enabling developer options, enabling USB Debugging mode, switching off and connecting your phone to USB & Computer with vol Up / Down Pressed to enable Fastboot mode or Flash Mode. If not, then go slowly and patiently, read every screen that flashes in front of you on your PC/Laptop and choose dilligently.
3. The bootloader status of your phone is BOOTLOADER UNLOCK ALLOWED--YES. This is the general case if you are on a no-contract plan with your service provider, or you have brought the phone at a full premium price (No discounted price by your wireless service provider). US / Canadian users, please obtain your unlock codes before you proceed further, all your phone's bootloaders ARE LOCKED. If you have bought the phone second-hand or from a dubious source check the bootloader lock status by opening the dialler and entering *#*#7378423#*#* (star-hash-star-hash S E R V I C E hash-star-hash-star). You will see four options 1. Service Info, 2. Service Tests, 3. Calibrations and 4. Customisation Settings. To check the bootloader status tap on Service Info>(next page)>tap on configuration>(next page) the last item is your bootloader status. It must read bootloader unlock allowed-YES If it reads "bootloader unlock allowed-NO" then you need unlock codes from your wireless service provider. If it reads "bootloader-UNLOCKED", then you have lost your Marlin keys and bootloader (This also means you cannot flash Sony updates, but you have a wide open field to flash any ROM and kernel of your choice!).
4. Loads of Patience....
5. Some coffee / favourite non-alcoholic brew at hand for sustenance (alcoholic beverages can be for later, till you're done with the process / you are past the legal age. Until then go easy....)
6. It is assumed that you have a Windows PC / Laptop (Win32/64) with all necessary drivers loaded. If not just download and install PC Companion, it will install the necessary Sony drivers.
Step-1
Locked bootloader with 4.2.2 (67 or lower firmware) ROOT status idoesn't matter.
Locked Bootloader with 4.3 (.569 / Commercial & Journalist's firmware) rooted / unrooted.
If on 4.2 firmware, then ROOT your device using BINARY's Method or cubeundcube's method (DOOMLORD's method works below 67 firmware, but I may be wrong) Links:
Binary's Thread: http://forum.xda-developers.com/showthread.php?t=1886460
cubeundcube nethod: http://forum.xda-developers.com/showthread.php?t=2559009
DOOMLORD's thread: http://forum.xda-developers.com/showthread.php?t=2327472
If on 4.3 firmware and not rooted, then downgrade to 4.2.2 (67 firmware) by flashing a ftf file of your region. Links for flashtool thread is given below. Use thread search to find ftf file for your region and download it.
If you are already rooted on 4.3, 569 firmware AND have a locked bootloader, then start from this point.
Make a backup of your Trim Area (TA) by using the tool created by DevShaft at this thread: http://forum.xda-developers.com/showthread.php?t=2292598 This Step is VERY IMPORTANT!!!!!
Step-2
You now have a rooted phone on 4.2.2 (67 firmware) or 4.3 (569 firmware), AND you have made a backup of yourphone's TA.
Now, upgrade to 4.3 (101 firmware) by connecting your phone to the PC (USB cable) using PC Companion or by using SUS. Use the UPGRADE option and not the CLEAN INSTALL option to retain data. On the first boot after upgrade you will realize that you've lost ROOT and any recovery that you had earlier installed.
Make a FTF file of the upgraded ROM by following the instructions from this thread by deadmask (http://forum.xda-developers.com/xperia-u/general/guide-how-make-ftf-stock-firmware-sus-t2075736) or from Stage-3 of this thread by VipeR (http://forum.xda-developers.com/showthread.php?t=2188129)
Step-3
You now have a phone on the latest firmware (without root) AND you have a backup of TA from 4.2 firmware, AND ALSO have a FTF file for the latest firmware.
Obtain the unlock code for your bootloader from the Sony website. Link: http://unlockbootloader.sonymobile.com/
enter your phone's IMEI number and your email to recieve the unlock code. Legal eagles, obtaining an unlock code DOES NOT MEAN THAT you have actually used it!!! Open your e-mail inbox and check for mail from SONY containing your unlock code.
Custom Kernel Download First download a custom kernel by DOOMLORD (with CWM) recovery for use immediately after unlocking the bootloader from this thread by DOOMLORD: http://forum.xda-developers.com/showthread.php?t=2167381 . Download the custom kernel and place it on your computer's desktop/folder of your choice. Extract the contents of the zip file and we'll come back to it later.
ADB+Fastboot Tools Download a set of ADB and fastboot tools made by anonymous and hosted at the Dev-host site Download link : http://d-h.st/I8l
After the zip file has downloaded extract it to get a folder fastboot+ADB Now take out the boot.img file from the zip file containing DOOMLORD's kernel above, and copy it to the win32subfolder inside the fastboot+ADB folder. Make a note of the location (Drive/folder) where this folder has been saved. (preferred storage on the desktop)
CWM Flashable SuperSU Download Download the latest flashable Super SU by Chainfire from the OP of this thread: http://forum.xda-developers.com/showthread.php?t=1538053 . Download the latest cwm flashable superSU.zip and place it in your phone's external SD Card
Use Androxyde's Flashtool (thread link:http://forum.xda-developers.com/showthread.php?t=920746) to unlock your bootloader It is a painless one-click procedure using the BL button. follow the instructions in the flashtool and let the phone reboot (after unplugging USB) Now recheck if ADB debigging mode and Unknown sources are enabled in phone settings.
Now click START on your PC and enter 'cmd' in the search box. Right click on the command prompt / DOS box (cmd.exe) and choose "run as administrator". Enter the administrator password if prompted by the PC. In the command prompt window type the following commands:
cd\
cd users\(your login username)\desktop\fastboot+adb\win32\ (in case you stored the fastboot+adb file on your desktop) or navigate to the folder where you stored the extracted files....
fastboot flash boot boot.img (did you extract and store the boot.img file from doomlord's kernel to the win32 file of fastboot+adb?)
wait for the results to flash and then type fastboot reboot andWAIT before you hit ENTER
Click to expand...
Click to collapse
Hold the phone in your hand and do the reboot command. As soon as the blue light goes off and the SONY logo appears wait for the phone LED to turn violet. Press Vol UP button on seeing the violet LED and release-press-release-press two to three times for good measure (Sometimes a constant press also works) till the LED goes off and the phone boots into CWM. In the CWM menu use the Vol up/down to tab move between the options and use the power button to select. There is also a touch-swipe down/up to tab-move and swipe right to select or swipe left to go back, use this method only if you are confident/familiar with the touch-select method. Select flash a Zip from external SD card and navigate to the folder where you stored the update-superSU-1.93.zip and select it. confirm by moving down to select Yes, Flash update-supersu1.93.zip and let CWM finish flasing the SU. go back to the main page and reboot to system from CWM.
After the phone reboots check Super SU is loaded on your phone in /System/app/ and check full root access on your phone....
Step-4
You now have a rooted phone on the Latest 101 firmware, with unlocked bootloader, AND you have a backup of your phone's TA and also have a ftf file of the latest firmware.
Now you have one last step to go back to stock kernel for locking your bootloader. Start Flashtool and select the flash (lightning) button select flash mode. Now select the latest firmware, which you had converted to FTF and on the right side top, (wipe options) untick all wipe options. On the right bottom (exclude), tick mark to exclude everything EXCEPT kernel and fotakernel. See that the centre window (flash content) shows only kernel.sin, fotakernel.sin and loader.sin. (Check Screenshot for reference) Now hit the flash button and put the phone into flash mode.Unplug and Reboot
Step-5
Now you have a rooted phone with the latest firmware on stock kernel (no CWM) AND you have a backup of the TA from your phone.
Now's the time to flash the TA. Do you remember the steps of making backup/restoring TA. check DevShaft's thread again, and remember it is better to do a dry run for restoring TA, before the final restore. DO IT.
Finally, you have rooted the phone with the latest firmware, and relocked your bootloader, and all with a ROM/Kernel and customisation of your region/choice.
Future Steps:
Flash a recovery. [NUT]'s dual recovery for locked bootloader is the best. Thread link : http://forum.xda-developers.com/showthread.php?t=2261606
Acknowledgements:
All DEVs and OPs whose threads, posts, tools and files as mentioned in this post. I have only placed them in one order. You may thank each thread OP &/or Dev for their tools, files and guides.
Unlock bootloader?
And re-lock at the end.... You wanna?
Dead Cookies leave no trails...
In 67 you can root with Doomlord solution, no need to unlock the bootloader.
Then need to update with cwm method other than rom flash.
Simple and easy to follow I now have a rooted Xperia Z on Android 4.3
johan8 said:
In 67 you can root with Doomlord solution, no need to unlock the bootloader.
Then need to update with cwm method other than rom flash.
Click to expand...
Click to collapse
hi there, would you pls advise the step for Doomlord's solution? I follow this threat http://forum.xda-developers.com/showthread.php?t=2386405 but fail at step 2 flash older rootable version (tried XperiaZ_C660X_KernelOnly_10.3.A.0.423_Generic_NL.f tf - 7.12 MB and C6603_10.4.1.B.0.101_Stripped.ftf). phone boot loop.
That's why I didn't advise using doomlord's method in op. Read again. Root using bin4ry's method/cubeundcube method and proceed as per op. There's no need for striped and full ftf, just the ftf you create from your upgrade is enough.
Dead Cookies leave no trails...
If you're going to go back to 2.67 anyway its easier to just flash NUTs upgrade to 4.3.
You will also have root and no fiddling with bootloader required.
Managed it successful. Thanks for your detailed tutorial. Very nice, now let's look forward to KK!
Sent from my GT-I8160 using xda app-developers app
I got a question,Is there a way I can unlock my bootloader without losing all my data?
I posted this thread only after verifying the steps on my device. I was initially on 569 with locked bootloader and rooted. I did the exact steps and found that I had not lost any data, personal or on the internal sd card. Try... But Pls make a backup, just in case (I did it too).
Dead Cookies leave no trails...
Cookie Ninja said:
I posted this thread only after verifying the steps on my device. I was initially on 569 with locked bootloader and rooted. I did the exact steps and found that I had not lost any data, personal orion internal sd card. Try... But Pls make a backup, just in case (I did it too).
Dead Cookies leave no trails...
Click to expand...
Click to collapse
I have a nandroid backup of 4.2.2 so I guess I could just restore that If I happen to lose my stuff. Or maybe I have to downgrade and then restore?
Edit: But Honestly it's really risky. maybe I'll just wait till someone comes up with an exploit for 4.3.
May have to wait a long time till a roast duck flies into your open mouth.....
Dead Cookies leave no trails...
Cookie Ninja said:
May have to wait a long time till a roast duck flies into your open mouth.....
Dead Cookies leave no trails...
Click to expand...
Click to collapse
You don't have to be a **** about it
First thanks
If i had download 4.3 101 on my copmputer and flash it manual can i skip step 2
- And when i flash framework and electocity cut can damage my phone ??!!
Sent from my C6603 using XDA Premium 4 mobile app
Wow too BIG post for root 4.3 and also i didnt understand anything:silly:
Huh! With every new phone I bought,rooting is harder.Samsung phones was so easy to root.LG was a little bit harder,but this... :-S
Sent from my C6603 using Tapatalk
Guys, it is not sooo hard as it sounds. If you are familiar with the usage of the flashtool and have a little bit trust in yourself, then THIS is definitive the right thread to get root access and a relocked bootloader on your .101 firmware. Follow exactly the steps and don't - please don't - listen to some smart heads who suggest to flash a prerooted fw. Take the hard way and you'll be definitive successfull. I did so with this tut, and my Z is totally ok. Thanks to Cookie Ninja again.
Sent from my rooted C6603 using xda app-developers app
hi all
ive got xperia z 6603 with 101 firmware..i try to flash 569 stripped file and then when i check back it doest even change anything at about phone..it still on 101..please someone..please provide more detailed instructions..im on LB..
Great tutorial. I've been linking people to it fairly regularly.
Just some input; you're advising people to get unlock codes from their network provider when it states 'Bootloader unlock allowed : No' in the service menu.
I'm fairly (almost completely) certain that there is no way for people in that situation to get the status changed at all, including by their network provider or Sony. Network/sim unlocking the device does not affect the bootloader unlock status.
Also, Flashtool has a fastboot mode that allows flashing of the boot.img, which may be easier for some that aren't confident working with the command line.
Anyway, they're small issues in what is a thorough tutorial.
Sent from my C6603 using Tapatalk
Hi everybody,
None of the following is my own novel work, I just took some time to go through the process step by step and document how to root the Z5 compact while preserving both the DRM keys (in a backup) and the functionality normally lost by unlocking the bootloader (using the DRM credentials patch). This post may serve as a tutorial for people starting to root their Z5 compact for the first time.
The device I tested it with is an E5823 with German firmware (originally shipped with CDA 1298-1220_R1C) that was already updated to build 32.1.A.1.163 (Android 6.0, patch level 2016-02-01) via OTA. For devices with other CDA regions, please adapt accordingly by using the respective firmware files.
1. Backup settings and apps
This will be required for restoring after unlocking the bootloader (which wipes the user data partition). For some reason, including the "-shared" option (i.e. contents of the internal emulated SD card, aka media storage) did not work, so make sure to save any media files (pictures takes with the camera, downloads, etc.) separately, e.g. via MTP.
Use Sony backup to SDcard functionality
adb backup -apk -all -f sony-xperia-z5c-noshared.ab
2. Backup TA partition (DRM keys)
Downgrade to exploitable firmware release (LP). Note that downgrading without wiping will make the phone unstable and may cause an automatic reboot after 1-2 min. Therefore either manually wipe the phone during flashing (ticking the checkbox in Flashtool) or be quick with the second (root/backup TA) step.
Download XperiFirm from http://forum.xda-developers.com/cro...xperifirm-xperia-firmware-downloader-t2834142 (I use it under Linux with mono) - UPDATE: For downloading the .185 MM firmware, I had to update to XperiFirm 4.9.1. For downloading 32.2.A.0.253, I used XperiFirm 5.0.0.
Download firmware build 32.0.A.6.200 for the root exploit based on CVE 2015-1805. I used E5823_StoreFront_1299-6910_32.0.A.6.200_R2B downloaded with XperiFirm 4.8.2 (or newer) on 2016-04-01
Download flashtool from http://www.flashtool.net/index.php, I used flashtool-0.9.20.0-linux.tar.7z (or newer version)
Create FTF file in Flashtool with menu Tools->Bundles->Create
Flash in flashmode (flashing system.sln takes 8-10 minutes, be patient...)
Use temporary root exploit to backup TA partition (http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597)
I used iovyroot_v0.3.zip as of 2016-04-02
Connect USB in ADB mode
adb push "root/iovyroot" "/data/local/tmp/iovyroot"
adb push "root/backup.sh" "/data/local/tmp/backup.sh"
open shell: adb shell
chmod 777 /data/local/tmp/iovyroot
chmod 777 /data/local/tmp/backup.sh
mkdir /data/local/tmp/tabackup
/data/local/tmp/iovyroot /data/local/tmp/backup.sh
exit
adb pull "/data/local/tmp/tabackup/" .
3. Upgrade again to MM and unlock bootloader with official method
Create FTF from E5823_Customized DE_1298-1220_32.1.A.1.163_R1C with Flashtool and flash in flashmode.
Optional: Verify that DRM keys are still OK: In dialer enter "*#*#service#*#*", then "Service tests" --> "Security" and it should look like this:
MARLIN [Key OK] [Active]
WIDEVINE [Key OK] [Active]
CKB [Key OK] [Active]
HUK: <device specific hex representation of key>
PROPID_AID: 004
OTP_LOCK_CONFIG: 0155
OTP_LOCK_STATUS: LOCKED
AUTH_ENABLE: 07
DEVICE_ID: <your device ID>
FIDO_KEYS: Provisioned
Factory Reset Reason: No device reset information found.
Click to expand...
Click to collapse
Allow bootloader unlock in developer settings
Follow steps from http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/ . There is not much to add here, as Sony describes the process well and in sufficient detail. Please note that this WILL WIPE YOUR DATA PARTITION, INCLUDING SHARED FILES. Make sure that you have a backup before executing this step (and best do it before downgrading to LP, because some parts will not work after the downgrade without a wipe, and may make the phone reboot after 1-2 min).
Reboot in fastboot mode: hold volume-up and connect USB cable to turn on
fastboot -i 0x0fce oem unlock <your unlock code>
After unlock: check key status
Blobs: generic error!
HUK: generic error!
PROPID_AID: 004
OTP_LOCK_CONFIG: 0155
OTP_LOCK_STATUS: LOCKED
AUTH_ENABLE: 07
DEVICE_ID: <your device ID>
FIDO_KEYS: Not provisioned, SUNTORY error
Factory Reset Reason: No device reset information found.
Click to expand...
Click to collapse
Optional: Try restoring TA partition (will lock bootloader again if successful!). This can be skipped entirely if you trust the tools used in this tutorial, but I chose to verify that restoring the DRM keys works as expected (not that you can do anything about it at that step if it doesn't work...).
Flash E5823_StoreFront_1299-6910_32.0.A.6.200_R2B again with Flashtool
Enable developer mode, connect USB in ADB mode
adb push "root/iovyroot" "/data/local/tmp/iovyroot"
adb push "root/restore.sh" "/data/local/tmp/restore.sh"
adb push TA-02042016.img "/data/local/tmp/TA.img"
open shell
chmod 777 /data/local/tmp/iovyroot
chmod 777 /data/local/tmp/restore.sh
/data/local/tmp/iovyroot /data/local/tmp/restore.sh
Flash E5823_Customized DE_1298-1220_32.1.A.1.163_R1C again with Flashtool
Check key status --> exactly the same as before, so successfully restored
Unlock again in fastboot mode (will wipe data again...)
fastboot -i 0x0fce oem unlock <your unlock code>
UPDATE: Updating to newer MM releases
After the first version of this post, Sony has already released an updated MM firmware (.253 at the time of this writing). If at any point in time you wish to update to a newer release, start at this point of the tutorial. Theoretically, this should be possible without wiping. However, I would not try it without a backup.
Create a backup, e.g. with adb backup or Sony backup.
Download new firmware with XperiFirm. At the time of this writing, I used "E5823_Customized DE_1298-1220_32.2.A.0.253_R2C", downloaded with XperiFirm 5.0.0.
Create FTF file in Flashtool with menu Tools->Bundles->Create
Flash in flashmode (flashing system.sln takes 8-10 minutes, be patient...)
4. Root MM
This will also give you TWRP recovery (which can be entered by pressing the volume up or down button a few seconds after power-on, as soon as the LED starts to change color).
DEPRECATED Alternative 1: with custom kernel but original system image: http://forum.xda-developers.com/z5-compact/general/root-e5823-marshmallow-t3336346
Download Androplus kernel from https://www.androidfilehost.com/?w=files&flid=52185 (I used v22c)
Download TWRP 3.0 from http://forum.xda-developers.com/z5-compact/orig-development/twrp-suzuran-twrp-3-0-t3334568 (I used "March 25, 2016 version") --> twrp-3.0-recovery.img
Download SuperSU v2.71 beta from https://download.chainfire.eu/932/SuperSU/BETA-SuperSU-v2.71-20160331103524.zip
With unlocked bootloader, you can now use fastboot mode. The easiest way is to do this from a running Android system:
adb reboot bootloader
Flash kernel:
unzip Z5C_AndroPlusKernel_v22c.zip
sudo fastboot flash boot boot.img
Flash recovery:
sudo fastboot flash recovery twrp-3.0-recovery.img
Install SuperSU:
boot into Android, copy BETA-SuperSU-v2.71-20160331103524.zip to internal storage (ADB sideload doesn't seem to work with this experimental TWRP at the moment...)
boot into TWRP by pressing volume-up when LED blinks immediately after turning on (and choose option "Keep Read Only" for the system partion)
Install SuperSU zip --> systemless mode
DEPRECATED Alternative 2: with modified system partition: http://forum.xda-developers.com/z5-...rnel-stock-kernel-dm-verity-sony-ric-t3350341
RECOMMENDED Alternative 3: with stock kernel patched for root and original system partition: http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Download rootkernel_V4.51_Windows_Linux.zip from URL above (or the newest version available at that time) and unpack
Patch the kernel from your currently flashed Sony firmware release:
Flashtool -> Tools -> SIN Editor to extract the kernel from kernel.sin in the directory created by XperiFirm --> .elf file
Copy latest SuperSU*.zip (v2.76 at the time of this last update) to the folder where rootkernel*.zip was extracted to.
Note: if using the firmware 32.2.A.0.224, you will need the latest beta SuperSU.zip from https://download.chainfire.eu/964/SuperSU/BETA-SuperSU-v2.74-2-20160519174328.zip . For 32.2.A.0.253 (the latest at the time of this update), use SuperSU v2.76 (non-beta).
./rootkernel.sh kernel.elf kernel-patched.elf
My personal recommendation for the options: don't disable RIC, install TWRP, don't install busybox, install DRM fix
sudo fastboot flash boot kernel-patched.elf
./flash_dk TA-02042016.img DK.ftf
Flash DK.ftf with flashtool for a more complete restore of DRM-based functionality with the original TA partition backup
UPDATED: Thanks to ninestarkoko for pointing out that also the AndroPlus kernel disables dm-verity to enable more flexibility for root-using apps. Originally I assumed that dm-verity would still be intact with alternative 1, which in fact it is not. As of 2016-05-11, I used alternative 3 instead of alternative 1.
Now that Xposed can be installed system-less (http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268), it should be possible to use with dm-verity intact. However, I have not tried this so far.
5. [Optional] Install Xposed
Sony MM firmware no longer seems to have the odex problem documented in http://forum.xda-developers.com/crossdevice-dev/sony/z4-z5-z5c-fix-camera-fc-installing-t3246962/, so no additional steps before/after "normally" installing Xposed are required
Download latest arm64 "sdk23" framework from http://dl-xda.xposed.info/framework/ (I used v81)
UPDATE: There is now a system-less version v86, which may even support OTA upgrades of the system image. At the time of this last update, I used the version linked from http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268.
Download XposedInstaller_3.0-alpha4.apk from http://forum.xda-developers.com/showthread.php?t=3034811 and install
UPDATE: For the system-less Xposed version, instead use XposedInstaller_by_dvdandroid.apk from http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268.
Install xposed-v86.1-sdk23-topjohnwu.zip via TWRP
6. Restore functionality relying on DRM credentials
Note: This is not necessary if you used alternative 3 for rooting above - that one already includes the DRM fix in the patched kernel image.
Using TWRP flashed in the step before, flash the ZIP to patch Sony credentials checks from http://forum.xda-developers.com/xperia-z5/development/sony-credentials-restore-unlocking-t3296383 .
Copy drmrestore.zip from above link to internal storage and install via TWRP
That's it!
Sorry, I have never been totally clear on the relationship of firmware and kernels. If I install .163 and go through all the root steps here, if I then install .185 will I no longer have root or will the kernel still be rooted? Or after I upgrade will I be required to go through the root process again? Or by chance is there just no root available for the .185 release yet? Thanks
I would like to make some observations to this useful post, because it seems there's a bit of confusion:
About point 2)
to backup TA partition, just connect the phone and run tabackup.bat from iovyroot zip .
It will execute adb commands automatically.
About point 3)
i would stick with Lollipop and unlock directly on Lollipop, there's no need to flash MM before. You need to flash a firmware using flashtool if you have already unlocked. Temporary root exploit does not alter in any way the current system.
About point 4)
All the modded kernels on xda seems to have dm-verity and sony ric disabled. Androplus kernel too ( https://kernel.andro.plus/kitakami_r2.html from the first changelog ). /system partition modification is also necessary for DRM restore functions.
I think that root priviledges for apps with DM-verity enabled on /system would be quite "dangerous". As soon as an app edit the system partition (just a simple mod), the phone would go in bootloop.
It's been one or two weeks since Tobias released a more advanced and updated technique to restore DRM functions, and just flashing a .zip is no more sufficient (now .zip flashing + .ftf flashing with flashtool)
The gold standard regarding the kernel part is:
-use a modded stock kernel (TWRP recovery and advanced DRM restore function included) following this guide:
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
-or use custom kernels like Androplus,... (TWRP might or might not be included) and then restore DRM functions following the instructions from the same post above (drmonly command from the package)
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Thank you for making a guide on Z5c forums. I've seen one only on z5 forums
Frontier3 said:
Sorry, I have never been totally clear on the relationship of firmware and kernels. If I install .163 and go through all the root steps here, if I then install .185 will I no longer have root or will the kernel still be rooted? Or after I upgrade will I be required to go through the root process again? Or by chance is there just no root available for the .185 release yet? Thanks
Click to expand...
Click to collapse
If you are on Lollipop, i suggest flashing directly MM .185 . If you are on MM .163 then flashing the whole firmware package will/could wipe everything, kernel included. I don't know exactly if the kernel from .163 is exactly the same as the one in .185. If your kernel gets wiped then root, DRM restore, TWRP would go away.
Let me explain: You need a modded kernel in order to install SuperSU, which gives root access to apps. SuperSU runs fine on many phones, Z5C MM included. If you upgrade using a .ftf file flashing, then the chance is high that you need to mod/install a custom kernel again, restore DRM functions and install SuperSU again.
If I root my phone, and then I turn it off and then on will the root still be usable?
What I'm asking is if its like iPhone's tethered and untethered jailbreaks?
I have rooted (unlocked bootloader), TWRP installed. How can I update to MM?
Many thanks for any help!
damn_son said:
If I root my phone, and then I turn it off and then on will the root still be usable?
What I'm asking is if its like iPhone's tethered and untethered jailbreaks?
Click to expand...
Click to collapse
Yes, it will be rooted, until you unroot!
Thanks for the tutorial.
Which region firmware should I choose for Canada? There's not even USA firmware available. Does it matter at all?
You mentioned using E5823_StoreFront_1299-6910_32.0.A.6.200_R2B to downgrade.
I'm currently on MM .185 Customized UK.
Does it matter what region I use?
fisheyes1 said:
You mentioned using E5823_StoreFront_1299-6910_32.0.A.6.200_R2B to downgrade.
I'm currently on MM .185 Customized UK.
Does it matter what region I use?
Click to expand...
Click to collapse
You'd have to go back to an exploitable firmware. Version working are mentioned here: http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
In the Z5c case E5823_StoreFront_1299-6910_32.0.A.6.200_R2B is the best solution IMO
ninestarkoko said:
I would like to make some observations to this useful post, because it seems there's a bit of confusion:
About point 2)
to backup TA partition, just connect the phone and run tabackup.bat from iovyroot zip .
It will execute adb commands automatically.
Click to expand...
Click to collapse
As I used Linux, the .bat script won't be directly applicable. The commands listed in my post will work with all host OS. (This is in addition to my personal disinclination to execute downloaded scripts directly on my development host .)
ninestarkoko said:
About point 3)
i would stick with Lollipop and unlock directly on Lollipop, there's no need to flash MM before. You need to flash a firmware using flashtool if you have already unlocked. Temporary root exploit does not alter in any way the current system.
Click to expand...
Click to collapse
Fully correct. I was already on MM before starting the whole process, so I had to go back to LL first.
ninestarkoko said:
About point 4)
All the modded kernels on xda seems to have dm-verity and sony ric disabled. Androplus kernel too ( https://kernel.andro.plus/kitakami_r2.html from the first changelog ). /system partition modification is also necessary for DRM restore functions.
I think that root priviledges for apps with DM-verity enabled on /system would be quite "dangerous". As soon as an app edit the system partition (just a simple mod), the phone would go in bootloop.
It's been one or two weeks since Tobias released a more advanced and updated technique to restore DRM functions, and just flashing a .zip is no more sufficient (now .zip flashing + .ftf flashing with flashtool)
The gold standard regarding the kernel part is:
-use a modded stock kernel (TWRP recovery and advanced DRM restore function included) following this guide:
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
-or use custom kernels like Androplus,... (TWRP might or might not be included) and then restore DRM functions following the instructions from the same post above (drmonly command from the package)
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Click to expand...
Click to collapse
Many thanks for that correction - I was wrong to assume that dm-verity would still be intact with Androplus kernel. I have updated my post accordingly.
Would have been good for me, to have boot and recovery bold. Just recalled the fastboot flash boot command to flash the recovery over
besides that: *****
sudo fastboot flash boot boot.img
Flash recovery:
sudo fastboot flash recovery twrp-3.0-recovery.img
Click to expand...
Click to collapse
smartphone-tester said:
As I used Linux, the .bat script won't be directly applicable. The commands listed in my post will work with all host OS. (This is in addition to my personal disinclination to execute downloaded scripts directly on my development host .)
Fully correct. I was already on MM before starting the whole process, so I had to go back to LL first.
Many thanks for that correction - I was wrong to assume that dm-verity would still be intact with Androplus kernel. I have updated my post accordingly.
Click to expand...
Click to collapse
Great to see updates to the first post, it will be useful for many new Z5c users out there
hi, im new z5c user
just received it and ill take this tuto for the root
thank you
Hey quick question, what exactly is stored in the DRM keys? I heard it's no longer the low-light camera stuff, so what is? If it's not too relevant isn't it just much easier to OEM unlock on MM, flash twrp and supersu (do you need the custom kernel to do so, btw?) and be done with it?
ApplepieFTW said:
Hey quick question, what exactly is stored in the DRM keys? I heard it's no longer the low-light camera stuff, so what is? If it's not too relevant isn't it just much easier to OEM unlock on MM, flash twrp and supersu (do you need the custom kernel to do so, btw?) and be done with it?
Click to expand...
Click to collapse
Some Sony-proprietary functions are dependent on the keys (e.g. low-light algorithms in the stock camera, seemingly also some screen optimizations, or potentially also stuff like screen mirroring - although I have not tried myself what is missing without real/fake DRM keys) as well as DRM management via Widevine. With the restore patches, you get most of the Sony functionality back even when the keys themselves have been deleted. Widevine might not work without the original keys available.
I just have a question cause I seem to be getting 0 answers elsewhere.
I want the latest lollipop on my Z5C and NOT Marshmallow. I believe it's the 32.0.A.6.200 build.
Anyway, I thought I could update to it like OTA, only not all the way to MM but staying at LP. Do I have to unlockbootloader, root and then use flashtool with the 32.0.A.6.200 build (which I've founda few online)? Is there no way to just install it like a "normal" update as I am currently still on stock 32.0.A.4.11. Is my only salvation to unlock bootloader, root and install the update?
You shouldn't have to unlock or root to use flash tool to flash 32.0.A.6. 200
Ive tried multiple different versions now, but it always stop at "Processing modem.sin", even tried leaving it for 20min. No results.
Anyone with a solution?
Edit: Also tried it on my macbook, same problem!
To clarify: Talking about downgrading to .200
It is not clear to me to try it and I doesnt want to brick my handy. Any way to make a video tutorial, including all, unlocking BL, backuk and restore DRM and also a way to turn back the device to a stock rom, for a warannty purposes (my camera is very very bad).
Thank you.
Sorry guys, but just to confirm: if I manage to successfully back up my TA partition, I can always go back and re-lock the boot loader, right? I am also skeptical about voiding warranty Sony speaks about on their corresponding web site. Do you think they save a record whenever someone requests an unlock code from them? In other words, if I need to restore stock ROM and TA partition later on (e.g. due to RMA), would it be possible for my vendor (Telekom) to check with Sony if I have ever unlocked my boot loader?
Many thanks for your great work!
I rooted my phone following the guide from user "smartphone-tester". I wanted to update his post as there were 1 or 2 mistakes, and shorten in to make rooting seem a little less scary. His original post is here: http://forum.xda-developers.com/z5-compact/general/summary-tutorial-root-sony-xperia-z5-t3360515
STEP 1 Backup your device
Move everything you want to keep onto the SD card or your PC. Your phone will be completely wiped.
STEP 2 Downgrade to exploitable firmware release
2.1 Download XperiFirm from http://forum.xda-developers.com/crossdevice-dev/sony/pc-xperifirm-xperia-firmware-downloader-t2834142
2.2 In XperiFirm - download firmware build 32.0.A.6.200 with XperiaFirm (E5823_StoreFront_1299-6910_32.0.A.6.200_R2B)
2.3 Download flashtool from http://www.flashtool.net/index.php(get latest version)
2.4 In Flashtool - Create FTF file. Select Tools->Bundles->Create
2.5 In FlashTool - Flash the FTF in flashmode. Make sure to select the checkboxes under Wipe. (Takes 10 minutes)
STEP 3 TA / DRM Keys Backup and root current firmware
3.1 Download Ivy Root http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
3.2 Connect your phone in ADB mode, in a command window run:
adb push "root/iovyroot" "/data/local/tmp/iovyroot"
adb push "root/backup.sh" "/data/local/tmp/backup.sh"
open shell: adb shell
chmod 777 /data/local/tmp/iovyroot
chmod 777 /data/local/tmp/backup.sh
mkdir /data/local/tmp/tabackup
/data/local/tmp/iovyroot /data/local/tmp/backup.sh
exit
adb pull "/data/local/tmp/tabackup/"
STEP 4 UPGRADE TO LASTEST ANDROID (6.01)
4.1 In XperiFirm - download firmware 32.2.A.6.224 (get the build for your model, mine is E5823_Customized TW_1298-7315_32.2.A.0.224_R9C)
4.2 In Flashtool - create FTF file from E5823_Customized TW_1298-7315_32.2.A.0.224_R9C and flash in flashmode.
4.3 In your phones setting, under develop options - select "Enable OEM Unlock"
4.4 Unlock your bootloader by following these steps excactly :http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/
STEP 5 ROOT ANDROID 6.01
5.1 Download SuperSu 2.74 or greater. Copy the zip file onto your Z5 Compacts internal storage https://download.chainfire.eu/964/SuperSU/BETA-SuperSU-v2.74-2-20160519174328.zip
5.2 In Flashtool -> Tools -> SIN Editor , then extract the kernel from kernel.sin in the directory created by XperiFirm when you downloaded 32.2.A.6.224. It creates an .elf file
5.3 Download rootkernal tool from http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605 extract the zip into a folder, then copy the .elf file into the folder
5.4 In a cmd window go into your extracted rootkernal folder, run the command: rootkernel kernel.elf kernel-patched.elf
5.5 When rootkernel is running, select Disable Sony RIC, install TWRP, install busybox, install DRM fix
5.6 Put your phone into fastboot mode (Turn off phone, hold volume up and plug in USB)
5.7 Flash your patched Kernel to your phone with this command: fastboot flash boot kernel-patched.elf
5.8 Go Into TWRP(unplug usb, turn phone on, then keep hitting volume up until phone goes into TWRP)
5.9 Install SuperSu : Select Install, Select SuperSU zip --> systemless mode
STEP 6
6.1 Restart your Device and your done!
DRM KEYS: While we did make a backup for the TA partition containing the DRM keys, this tutorial did not explain how to restore that because in STEP 5 when patching the kernel we selected to use the DRM Fix. This DRM Fix should be good enough - as everything on my phone is working 100%, but should you ever need to restore your TA partition in the future you have your backup.
nice
you should make a video on how to do this (this is my 1st time rooting and i am completely lost)
I'm an occasional user of all those rooting methods. Here I'm fairly stuck at the Iovyroot step.
I was able to unlock bootload, to flashboot the thing, to even revert to 5.1.1, but then, at the Iovyroot step, I can no long see where to open the cmd. Even when I enter adb devices or android devices, nothing is shown. Although I changed the path in the variables.
I'm getting frustrated big time with the lack of user friendly infos on those tutos. Half of the stuff I had to search for third party tutos to understand how I should go to the next step. Please, help someone who doesn't have his translator on.
EDIT: Well, in the end I couldn't do the backup part, but I just did the rooting and the phone seems all good. Powerful and versatile tool in my pocket, I'm pretty satisfied. Thank you for the tuto, be more user friendly though next time. Some people come here with little knowledge, they need to find their way properly.
Why so many steps when all you have to do is unlock the bootloader, flash twrp and that's it? I rooted on lollipop so I'm confused where it git so complicated.
civicsr2cool said:
Why so many steps when all you have to do is unlock the bootloader, flash twrp and that's it? I rooted on lollipop so I'm confused where it git so complicated.
Click to expand...
Click to collapse
The tutorial covers backing up the TA partition that holds the Sony DRM stuff that's used by the camera (and maybe some other stuff).
This is "just in case" the DRM work around stops working, or if something in the future requires the actual TA partition to have the data there.
If you don't care about anything that is affected by the DRM stuff and don't care that not having a backup could prove to be detrimental in the future, you do only need the few steps of 1) unlock bootloader, 2) flash twrp, 3) flash supersu.
what are those step exactly (sorry new to this)
---------- Post added at 03:47 PM ---------- Previous post was at 03:31 PM ----------
I am stuck on "2.5 In FlashTool - Flash the FTF in flashmode. Make sure to select the checkboxes under Wipe. (Takes 10 minutes)" all i get is a window with source folder, device, branding, version. and I don't see the word wipe at all
greenkabbage said:
The tutorial covers backing up the TA partition that holds the Sony DRM stuff that's used by the camera (and maybe some other stuff).
This is "just in case" the DRM work around stops working, or if something in the future requires the actual TA partition to have the data there.
If you don't care about anything that is affected by the DRM stuff and don't care that not having a backup could prove to be detrimental in the future, you do only need the few steps of 1) unlock bootloader, 2) flash twrp, 3) flash supersu.
Click to expand...
Click to collapse
Gotcha. I see no reason to worry about backing up ta, the fix has been working for nearly 7 months and no reported troubles
ISO_Metric said:
you should make a video on how to do this (this is my 1st time rooting and i am completely lost)
Click to expand...
Click to collapse
If this rooting turortial is too difficult try this: http://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294
With this app, you can fully debloat your phone on a completely stock firmware, locked bootloader etc. Because its your phone is not rooted though, you cannot get Xposed framework or CM13, or other advanced stuff - but for those of us who wanted root just to clean up our devices - this method is definitly the best!
1|[email protected]:/ $ /data/local/tmp/iovyroot /data/local/tmp/backup.sh
iovyroot by zxz0O0
poc by idler1984
Error: Device not supported
Someone knows ho to solve this error in step 3.2? Thank you in advance for the help
can I do this tutorial with 32.0.A.6.152 in step 2 and 32.2.A.0.256 in step 5 ?
sheraro said:
can I do this tutorial with 32.0.A.6.152 in step 2 and 32.2.A.0.256 in step 5 ?
Click to expand...
Click to collapse
There is a .256 firmware?
flopower1996 said:
There is a .256 firmware?
Click to expand...
Click to collapse
sorry .253 , I found that iovyroot works only with .200 for E5823 so never mind
Hi all, sorry for the dumb question, but is there any hope for a root without the bootloader unlocked?
gabbodj95 said:
Hi all, sorry for the dumb question, but is there any hope for a root without the bootloader unlocked?
Click to expand...
Click to collapse
No
Thank you
Hi @Dean F , I appreciate your effort to simplify the steps here as it's a bit messy from the original post.
I've been rooting from Xperia Ray to Xperia Z1 but Z5 have been very challenging for me probably due to the lack of understanding from "How to root post" before you actually made this one.
Thank you my friend :good:
Pardon me for being an idiot
Hello Dean F!
Thanks for this tutoial. But before I'll try this, I have two quetions:
1) How do I use your steps WITH restoring the backuped TA-partition?
2) Is the descriped process also usable with a Xperia Z3 Tablet?
Thanks and greetings from GErmany
"klausstoertebeker"
hi,
i cannot download 32.0.A.6.200_R2B from XperiFirm,
"unable to read data from the transport connection: The connection was closed."
i tried like 10 times, and always same i cannot download until done,
are you or member in here know where i can download firmware 32.0.A.6.200_R2B (E5803) for unlock and rooting my phone?
thankyou very much
nb: sorry for my bad english.
bintangsofyan said:
hi,
i cannot download 32.0.A.6.200_R2B from XperiFirm,
"unable to read data from the transport connection: The connection was closed."
i tried like 10 times, and always same i cannot download until done,
are you or member in here know where i can download firmware 32.0.A.6.200_R2B (E5803) for unlock and rooting my phone?
thankyou very much
nb: sorry for my bad english.
Click to expand...
Click to collapse
Hi, you should download the AU Telstra. That's the only working one for that firmware. You can check the firmware of AU Telstra to double confirm if it's the right firmware.
How to root 32.0.A.6.200 please?
Hi all,
I'm happy to share with you an updated guide on how to root the Xperia XA and Ultra, big thanks to @luis1981 for the update.
This guide is Only for Marshmallow (Android 6.0), for Nougat (Android 7.0) it's here: https://forum.xda-developers.com/xperia-xa/how-to/f31xx-how-to-root-xperia-xa-noob-t3638727
## How to root the Sony Xperia XA
The Sony Xperia XA is a midrange smartphone with a bezeless design. It has adequate specs and run Android aptly. These aspects make this phone a great daily driver, however the Sony stock Android is plagued with trashware and all the hurdles Android itself has several privacy problems.
By rooting the phone one can circumvent these limitations. You will be able to install the Xposed framework, improve sound with Viper4Android, block hosts, install dns-crypt and improve overall customability. In the follwing sections I will present the steps to root your phone.
But before proceeding a word of caution (or why you wouldn't like to root your phone):
1. Unlocking your BootLoader will void your warranty, break your device DRM and lose X-Reality and image optimisation on low light when taking pictures, I found a workaround here: http://forum.xda-developers.com/crossdevice-dev/sony/xperia-z1-z2-z3-series-devices-drm-t2930672, use zip for Z3+ devices.
2. You can save your DRM keys (TA backup) by following this guide: http://forum.xda-developers.com/crossdevice-dev/sony/universal-dirtycow-based-ta-backup-t3514236. You have to do it BEFORE unlocking the bootloader, for now you can't restore your backup.
3. You can re-lock your phone but it will not restore DRM
4. Unlocking your bootloader will wipe the device (factory reset)
5. If you have confidential files in your phone don't unlock your bootloader, as long as your phone is locked your data are officially secured.
## Method
1. Find out whether if you bootloader is unlocked, which is needed to proceed. Type: *#*#7378423#*#* then choose Service info ---> Configuration ---> Check for "Bootloader unlock allowed: Yes". At this point if the phone has No or any other answer at the screen you shouldn't porceed as rooting will be impossible.
2. Download XA ADB and Fastboot drivers: https://developer.sonymobile.com/downloads/drivers/
3. Download FLASHTOOL with integrated Xperifirm 0.9.22.3 for Windows, note that you can also use it to unlock your bootloader(http://www.flashtool.net/downloads_windows.php)
4. Follow the official Sony instructions for getting the unlock code from [here](https://developer.sonymobile.com/unlockbootloader/). Further paste the code in BLU menu of Flashtool. You can also find video instructions [here](https://www.youtube.com/watch?v=6lKWd5LlUoA).
5. Root Your Stock Rom with TWRP and in order to do that you will need the proper files for your phone version:
SuperSu zip package for all XA: http://www.supersu.com/download
For XA single sim = F3111, F3113, F3115
TWRP recovery: https://forum.xda-developers.com/xperia-xa/development/f3111-f3113-f3115-twrp-recovery-xa-t3606488
Boot: https://forum.xda-developers.com/xp...3111-f3113-f3115-stock-kernels-built-t3573119
For XA dual sim = F3112,F3116
TWRP recovery: https://forum.xda-developers.com/xp...3112-f3116-twrp-recovery-xa-dual-sim-t3606232
Boot: https://forum.xda-developers.com/xp...12-f3116-stock-kernels-built-sources-t3526496
6. Copy SuperSu zip package on your MicroSD.
7. Enter the phone in Fastboot mode (when power off, hold Vol+ and plug the phone). The led should be blue.
8. Flash recovery and boot with "fastboot flash boot boot.img" and "fastboot flash recovery recovery.img" commands (rename downloaded boot/recovery image if needed). The simplest way is to use fastboot from Flashtool in x10flasher folder, copy recovery and boot in it, open command prompt, flash them and then delete them.
9. Unplug the phone, hold "Vol-" and "Power" buttons. Release all buttons after phone vibrate.
10. You are in TWRP recovery, on password prompt press "Cancel"
11. On next screen press "Swipe to allow".
12. Go to "Install", "Select Storage", click "Micro SDCard". Optionally, you can format "userdata" partition now and remove internal encrytion for restoring TWRP backups/acces of /data partition, go to "wipe" and tap "format data".
13. Go to your SuperSu zip directory and click on it to install. Optionally, If you want to flash Xposed, DRM fix or any flashable zip, repeat the previous step for each zip. You can mount your SD to PC in TWRP for easy access.
14. Reboot the phone, during init the phone will reboot one more time.
15. Your phone is rooted
You can optionally switch from SuperSu to Magisk by following this guide:
https://forum.xda-developers.com/xperia-xa/how-to/guide-how-to-install-magisk-xperia-xa-t3555911
## Conclusion
After these steps your phone should be rooted and you will be able to have root access to the system. This tutorial comes with no garanties that it will work and the author does not take any responsibility for you bricking your device. Also, installing third party files are a security liability, you should be aware of that. Despite these issues, rooting the Xperia XA has been confirmed to work in all models.
Note that this the guide is the same for XA Ultra, the only differences are the boot/recovery files. You can find files for XA Ultra in their respective forums.
## Old guide with video
Hi all
As requested I make a "how to" video to be more noob friendly, the video is probably not perfect and my English too but I do my best to be understandable to all
PLEASE READ
I'm not a dev and I have no responsability if you flash my files.
As said in the video you must wipe "userdata" partition when flashing IF your phone memory IS crypted or if you don't know the uncrypt password, someone on the web speak of "default password" but what is it ?? If cryped (with no password) you can't backup /data and can't mount internal memory in TWRP. You can manually enable encryption and be able to set YOUR OWN password, but you can't revert back. And in theory you can make full nandroid backup and mount /data partition when in TWRP but can't mount inernal memory.
Regarding mounting /system rw in TWRP, seen on other tuto, you must never "swipe to allow modification" when prompted, after installing root package /system is mounted rw with no problem (look at "mount" menu). EDIT: tested on my device without issues but be careful.
IF YOU UPDATE OR FLASH STOCK BOOT and power on the device to Android, it will encrypt again the internal memory and if you shutdown the device before the end (xperia screen for hours) it will corrupt your data, not the SD card).
For futur, if you want to update, ask me and will release modified boot. I don't know what it does if you update stock after setting password encryption :/
Why I changed that by replacing "FORCENCRYPT" by "ENCRYPTABLE" in fstab Boot:
http://arstechnica.com/gadgets/2015...-mandatory-device-encryption-for-new-devices/
and
http://www.androidcentral.com/inside-marshmallow-adoptable-storage
Before continue, you must understand that unlocking your BootLoader will void your warranty, break your device DRM and lose X-Reality and image optimisation on low light when taking pictures (seen some workaround but not for XA).
You can't re-lock your phone and it will not restore DRM.
If you have confidentials files in your phone don't unlock your bootloader, as long as your phone is locked your data are officially secured.
This will be repeated when following Sony step by step guide. YOU ARE AWARE !
To verify bootloader lock state after unlock, on phone dialer:
*#*#7378423#*#* ---> Service info ---> Configuration ---> Check for "Bootloader unlocked: Yes" IT MUST BE YES !!!
By rooting your phone you will be able to install/uninstall system apps, install Xposed framework (Gravity Box, Dark Pokemon Go,...) or Viper4Android for an awesome sound! You can tweak and mod your phone deeper (battery,CPU,...), build and flash custom ROMs and many other things
If you have problems or want to unroot you can flash stock firmware like in the video with Flashtool, no need to wipe userdata.
Please watch my video one time before begin, to understand what you have to do.
Free to you to distribute or modify my files but please link this thread as source.
BY FOLLOWING THIS GUIDE YOUR PHONE WILL PERFORM A FACTORY RESET WHEN UNLOCKING BL ( it will not format SD card) , MAKE BACKUPS !
Edit 3/08/2016: Found a workaround for Sony DRM function restoration for UB devices based on Z line and working on XA Please read the thread, download package zip for Xperia Z3+ and install it with TWRP, that's all! I recommend you to install it just after SuperSU zip package (working too if not doing this). Thanks to @jimRnor
http://forum.xda-developers.com/crossdevice-dev/sony/xperia-z1-z2-z3-series-devices-drm-t2930672
EDIT 13/08/2016: TWRP is 99% working (can't wipe /cache), you can do all as you want, as long as no encrypted partition is present or locked.
Let's begin!
YOU NEED:
My first video guide : http://www.youtube.com/watch?v=nnOoLo31ka0
MP4 offline video download: https://mega.nz/#!RlwVSAKC!6lTBZxVnLQ-Mxz8er0_dg1r36dCNnUWIq8lEUfSp4Zw
Download XA ADB drivers, all models for Windows
http://dl-developer.sonymobile.com/drivers/Xperia_XA_driver.zip
Download XA Fastboot drivers, all models for Windows (if needed, installation is same as ADB drivers in video)
http://developer.sonymobile.com/downloads/drivers/fastboot-driver/
Download FLASHTOOL with integrated Xperifirm 0.9.22.3 for Windows
http://www.flashtool.net/downloads_windows.php
(if needed you can unlock bootloader with it, I unlocked my device with it)
Just follow official way and when you get the unlock code, paste it in BLU menu of Flashtool. (faster way)
The step by step guide to unlock BootLoader by official way:
http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/
Video (not mine): https://www.youtube.com/watch?v=6lKWd5LlUoA
(Just select Xperia XA when asked)
Now depending the firmware you want to root ( the one you downloaded with Xperifirm) choose your rootpack:
For XA single sim (33.2.A.x.xx) = F3111, F3113, F3115
33.2.A.x.x: https://mega.nz/#!ZsQhwbTC!rvw437H0ZujR5Ic02Rhlap6fQ4sLLyPmSRjyfZlMFiU
For XA dual sim (33.2.B.x.xx) = F3112,F3116
33.2.B.x.x: https://mega.nz/#!xgoXxBTa!DKAwKELVs0UvkZN0X53ZVM7I4U_XnCgG73RswzMPUi0
EDIT 29/11:
I see some users who ask without searching (a very little) before, PM messages inclued, some others who spam threads not related to their problem or create new thread for nothing and who do not know what politeness is at all . Until now I was nice and answered them but now I will change that, NO MORE HELP FOR THAT KIND OF USER !!!
Now if you have no answer from me you will know why.
Good luck
Many thanks for the effort mate. Will try it.
Btw, what is the bug with google store and user data, right after root.
edit
01/039/2016 11:39:08 - ERROR - Processing of boot.sin finished with errors. As u said data wipe is needed when unlocking the bl, but i have my BL unlocked earlier without data wiped...so i started the flash method ,on my old version of flashtool.Now i have the newest version, so got to try it...or i should skip the flash and go to root step...
edit2
01/006/2016 13:06:39 - INFO - Ending flash session
01/006/2016 13:06:39 - INFO - Flashing finished.
For this phone use the newest version of flashtool.
Edit3: I need to enter some kind of password on boot menu.Now what ?
rrvuhpg said:
Hi all
As requested I make a "how to" video to be more noob friendly, the video is probably not perfect and my English too but I do my best to be understandable to all
PLEASE READ
I'm not a dev and I have no responsability if you flash my files.
As said in the video you must wipe "userdata" partition when flashing IF your phone memory IS crypted or if you don't know the uncrypt password, someone on the web speak of "default password" but what is it ?? If cryped (with no password) you can't backup /data and can't mount internal memory in TWRP. You can manually enable encryption and be able to set YOUR OWN password, but you can't revert back. And in theory you can make full nandroid backup and mount /data partition when in TWRP but can't mount inernal memory.
Regarding mounting /system rw in TWRP, seen on other tuto, you must never "swipe to allow modification" when prompted, after installing root package /system is mounted rw with no problem (look at "mount" menu).
IF YOU UPDATE OR FLASH STOCK BOOT and power on the device to Android, it will encrypt again the internal memory and if you shutdown the device before the end (xperia screen for hours) it will corrupt your data, not the SD card).
For futur, if you want to update, ask me and will release modified boot. I don't know what it does if you update stock after setting password encryption :/
Why I changed that by replacing "FORCENCRYPT" by "ENCRYPTABLE" in fstab Boot:
http://arstechnica.com/gadgets/2015...-mandatory-device-encryption-for-new-devices/
and
http://www.androidcentral.com/inside-marshmallow-adoptable-storage
Before continue, you must understand that unlocking your BootLoader will void your warranty, break your device DRM and lose X-Reality and image optimisation on low light when taking pictures (seen some workaround but not for XA).
You can't re-lock your phone and it will not restore DRM.
If you have confidentials files in your phone don't unlock your bootloader, as long as your phone is locked your data are officially secured.
This will be repeated when following Sony step by step guide. YOU ARE AWARE !
To verify bootloader lock state after unlock, on phone dialer:
*#*#7378423#*#* ---> Service info ---> Configuration ---> Check for "Bootloader unlocked: Yes" IT MUST BE YES !!!
By rooting your phone you will be able to install/uninstall system apps, install Xposed framework (Gravity Box, Dark Pokemon Go,...) or Viper4Android for an awesome sound! You can tweak and mod your phone deeper (battery,CPU,...), build and flash custom ROMs and many other things
If you have problems or want to unroot you can flash stock firmware like in the video with Flashtool, no need to wipe userdata.
Please watch my video one time before begin, to understand what you have to do.
Free to you to distribute or modify my files but please link this thread as source.
BY FOLLOWING THIS GUIDE YOUR PHONE WILL PERFORM A FACTORY RESET WHEN UNLOCKING BL ( it will not format SD card) , MAKE BACKUPS !
Tested on my device F3112 and reported as working on F3116, other models may work as well if you do ALL steps. Will confirm after positive feedbacks.
Let's begin!
YOU NEED:
My first video guide (will be on youtube after validation) : https://mega.nz/#!RlwVSAKC!6lTBZxVnLQ-Mxz8er0_dg1r36dCNnUWIq8lEUfSp4Zw
Download XA ADB drivers, all models for Windows
http://dl-developer.sonymobile.com/drivers/Xperia_XA_driver.zip
Download XA Fastboot drivers, all models for Windows (if needed, installation is same as ADB drivers in video)
http://developer.sonymobile.com/downloads/drivers/fastboot-driver/
Download FLASHTOOL with integrated Xperifirm 0.9.22.3 for Windows
http://www.flashtool.net/downloads_windows.php
(if needed you can unlock bootloader with it, I unlocked my device with it)
Just follow official way and when you get the unlock code, paste it in UB menu of Flashtool. (faster way)
The step by step guide to unlock BootLoader by official way:
http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/
Video (not mine): https://www.youtube.com/watch?v=6lKWd5LlUoA
(Just select Xperia XA when asked)
Now depending the firmware you want to root ( the one you downloaded with Xperifirm) choose your rootpack:
For XA single sim (33.2.A.2.xx) = F3111, F3113, F3115
33.2.A.2.73: https://mega.nz/#!ZsQhwbTC!rvw437H0ZujR5Ic02Rhlap6fQ4sLLyPmSRjyfZlMFiU (NOT TESTED)
For XA dual sim (33.2.B.2.xx) = F3112,F3116
33.2.B.2.35: https://mega.nz/#!5lZFhapC!SrYt1HmOICEyMh2Afl2EUn4nY0bRwL-Pd1f0Bpkireg
33.2.B.2.73: https://mega.nz/#!xgoXxBTa!DKAwKELVs0UvkZN0X53ZVM7I4U_XnCgG73RswzMPUi0
Good luck
Click to expand...
Click to collapse
Will this work with F3116 running 33.2.B.2.66 firmware?
@hp6830s you talk about bugs seen in video? If I remember, error in TWRP is about wiping /cache but no a real problem and in video got 2 force close of Play service because I'm updated from .35 without wiping userdata (not crypted /data) and I think update wasn't fully finished. Never FC again after that and no problems. But if YOU have errors about /data in TWRP it's because of encrypted phone memory. During tests I got 1 bootloop in TWRP but can't repeat the problem again after wiped userdata on first root. That's why I recommend wipe. And that's strange if your phone not wiped when unlocked, for me no choice...
@tthmatt It works but really not recommended (for boot.img), as ramdisk and kernel are from an other firmware. For recovery it's less problematic. You can try and feedback us
Ok ,how to remove phone encyption on boot menu ,so i can install custom user ?
hp6830s said:
Many thanks for the effort mate. Will try it.
Btw, what is the bug with google store and user data, right after root.
edit
01/039/2016 11:39:08 - ERROR - Processing of boot.sin finished with errors. As u said data wipe is needed when unlocking the bl, but i have my BL unlocked earlier without data wiped...so i started the flash method ,on my old version of flashtool.Now i have the newest version, so got to try it...or i should skip the flash and go to root step...
edit2
01/006/2016 13:06:39 - INFO - Ending flash session
01/006/2016 13:06:39 - INFO - Flashing finished.
For this phone use the newest version of flashtool.
Edit3: I need to enter some kind of password on boot menu.Now what ?
Click to expand...
Click to collapse
I don't know the password to enter, seem to be randomly generated on first init by phone or a unknown default password is set. That's why you have to wipe userdata and after if you want you can recrypt phone in security menu and set your own password to use in TWRP. Have you seen a password in my video?? As said before I'm not a dev and my help is limited, my step by step guide is working, confirmed on F3116 and tested many times on my device. But if you want to not follow all steps you can but you will probably have problems. I said to use 0.9.22.3 Flashtool since first days, you use an older one and have problem. I said to flash and root and you want to root directly. I said to wipe and you don't do it... and finally problem again. Please follow ALL steps as described and at end if you have problems I will help you. If you want to continue with experimental way, just click Cancel on password prompt, on next screen don't swipe to allow modification, press "keep read only". At end if you have a recovery bootloop or corrupted userdata, don't ask why I don't want to say that my way is the only one but for now it's the working one (if you follow it carefully)
I didnt said - not following your guide. I did every step, as soon i discovered error on flashing (from the older version). But i did wipe everything, now my phone is empty. Yet it asks for password in order to install superUser, do i need to perform factory reset from recovery menu ?
edit: Wipe/ Factory - OK. FORMAT - YES...and password should be gone.
edit2: phone is rooted, and installing apps.
hp6830s said:
I didnt said - not following your guide. I did every step, as soon i discovered error on flashing (from the older version). But i did wipe everything, now my phone is empty. Yet it asks for password in order to install superUser, do i need to perform factory reset from recovery menu ?
Click to expand...
Click to collapse
Flash full stock firmware with Flashtool and check "userdata" in "wipe" column as in the video (don't wipe/factory reset from Android) , JUST AFTER flash boot.img and recovery.img with Fastboot (don't boot android before that) . Boot to Android to verify and set up your phone, when finished reboot to TWRP to install UpdateSuperSU.zip No passwords needed if followed that, if you defined pin/password for lockscreen or to start phone, try it. Or don't set any password before the end of root process. I don't understand why it ask for a password
Its all set.Battery seem more stable now...but cant find some of diagnostics tools in About Phone, like battery optimization (but i use greenify now) and move apps to SD card wizzard.
Do i need to create backup from flashtool / boot ?
hp6830s said:
Its all set.Battery seem more stable now...but cant find some of diagnostics tools in About Phone, like battery optimization (but i use greenify now) and move apps to SD card wizzard.
Do i need to create backup from flashtool / boot ?
Click to expand...
Click to collapse
You finally successfully rooted your phone :good:
You can find battery optimization in "settings " --> "battery". You can't move apps on external SD since a looong time (or with workaround) , just pictures, videos, music ????
For that go "settings" --> "storage and memory".
Android 6 have a new feature "Adoptable Storage" to integrate external SD as phone memory like "ARCHOS Storage Fusion" (but it encrypt SD and is no more readable on PC with USB readers, disable acces to internal memory, not good if you break your phone) but seem to not be present in our firmwares. Next challenge is to enable feature and make encryption as a choice for user.
And for your last question I recommend you make full backup with TWRP, by this way you can backup all partitions. Not sure if it works for XA with Flashtool.
rrvuhpg said:
You finally successfully rooted your phone :good:
And for your last question I recommend you make full backup with TWRP, by this way you can backup all partitions. Not sure if it works for XA with Flashtool.
Click to expand...
Click to collapse
thx ,but i cant backup, my m card is less than 8 gb (8.2 gb backup img) so i have to wait till my 16 gb card arrives.i
btw what is Xposed framework , Viper4Android. And how to tweek my battery settings more deeper...or greenify hibernate its fine.
hp6830s said:
btw what is Xposed framework , Viper4Android. And how to tweek my battery settings more deeper...or greenify hibernate its fine.
Click to expand...
Click to collapse
Google is your friend ????
http://www.howtogeek.com/195476/7-t...ramework-on-a-rooted-android-phone-or-tablet/
http://forum.xda-developers.com/showthread.php?t=2191223
I will make a guide for installing Xposed and Viper4Android with all working packages for XA.
Yippee-ki-yay! DRM keys are back! Noice reduction and screen optimizations are working again. Used DRM fix found on XDA. Look screens of DRM keys state and the time stamps. Verified with comparative pictures/screenshots :fingers-crossed:
Link to the fix: http://forum.xda-developers.com/crossdevice-dev/sony/xperia-z1-z2-z3-series-devices-drm-t2930672
Use zip for Z3+
rrvuhpg said:
Yippee-ki-yay! DRM keys are back! Noice reduction and screen optimizations are working again. Used DRM fix found on XDA. Look screens of DRM keys state and the time stamps. Verified with comparative pictures/screenshots :fingers-crossed:
Link to the fix: http://forum.xda-developers.com/crossdevice-dev/sony/xperia-z1-z2-z3-series-devices-drm-t2930672
Use zip for Z3+
Click to expand...
Click to collapse
There not really back there still gone for good, know idea how he does it, but it fools/emulates the keys tricking the Sony software into reactivating the Bravia engine+x-reality+camera imaging/low light algorithms. Good to know that there are two ways to do it now though. If I can be bothered I need to try this ivyroot tool for backing up your drm keys before unlocking the Bootloader. Until I know I can back up the keys I won't be unlocking the Bootloader.
Sent from my Xperia XA using XDA Labs
aidy.lucas said:
There not really back there still gone for good, know idea how he does it, but it fools/emulates the keys tricking the Sony software into reactivating the Bravia engine+x-reality+camera imaging/low light algorithms. Good to know that there are two ways to do it now though. If I can be bothered I need to try this ivyroot tool for backing up your drm keys before unlocking the Bootloader. Until I know I can back up the keys I won't be unlocking the Bootloader.
Click to expand...
Click to collapse
iovyroot seem to use a security exploit in LP (kernels before Dec 2015) but patched in MM (or missed the news) and no LP firmware for XA to flash, next exploit for MM can take months or more to come... But I can understand your opinion, the choice is difficult, root or warranty. For me rooting my phones is not optional, when you used custom ROMs, Xposed, Viper4Android, Lucky Patcher and GameKiller one time you can't stay without them after and say f**k to the warranty . If we talk about Xperia X I'm fully OK with you as it cost $$$ and will try to preserve the warranty.
EDIT: The fix is really good, ALL is working again (backup with Xperia PC Compagnon too) and very interesting thing it can show my REAL warranty date in Xperia Care as before. That's strange ...
Looking forsome help
Umm I got the boot loader unlock code. From sony on there web sit, I am new to this. But do I have to flash the phone if my bootloader is unlocked?? I don't want to mess it up I just got it and payed full price i rooted my other phones easy I just am new to android 6
just check XFirmware and xxx.73 version is only available in Brazil
should I tried it?
my version is customizedVN :crying:
Willismetal said:
Umm I got the boot loader unlock code. From sony on there web sit, I am new to this. But do I have to flash the phone if my bootloader is unlocked?? I don't want to mess it up I just got it and payed full price i rooted my other phones easy I just am new to android 6
Click to expand...
Click to collapse
You can test, don't worry about phone brick as long as you don't play with preloader, in Flashtool stay in "normal" mode. I hard bricked XA many times during my private tests (no screen, no sound, only charging led) and always unbricked Mtk are strong for that.
@caosugai you can flash without problem but don't know if it's good for daily use. Tested .66 TW on .35 FR before . 73 out for France, but for test only.
Look here for more:
http://techbeasts.com/how-to-download-sony-xperia-official-firmware-and-create-ftf-file/
Think i lost access to my personal prediction settings, the one that pinpoints my email when entering on login screens over the apps /web ( for example on typing Us3r ,the texting app predicts my mail : [email protected] ,so i dont need typing the whole email over and over )
rrvuhpg said:
You can test, don't worry about phone brick as long as you don't play with preloader, in Flashtool stay in "normal" mode. I hard bricked XA many times during my private tests (no screen, no sound, only charging led) and always unbricked Mtk are strong for that.
@caosugai you can flash without problem but don't know if it's good for daily use. Tested .66 TW on .35 FR before . 73 out for France, but for test only.
Look here for more:
http://techbeasts.com/how-to-download-sony-xperia-official-firmware-and-create-ftf-file/
Click to expand...
Click to collapse
then it's a soft brick not a hard brick. A hard bricked Xperia is irreversible. Bootloop is always recoverable as is a device with only led response when connected to USB and if it does nothing on connection to USB and pc doesn't recognize the device it's a paperweight, that's what I learnt when I first got into rooting and modding my old m2 device.
Sent from my Xperia XA using XDA Labs
---------- Post added at 04:12 PM ---------- Previous post was at 04:05 PM ----------
hp6830s said:
Think i lost access to my personal prediction settings, the one that pinpoints my email when entering on login screens over the apps /web ( for example on typing Us3r ,the texting app predicts my mail : [email protected] ,so i dont need typing the whole email over and over )
Click to expand...
Click to collapse
Mines the same or at least it was earlier on not bringing up email address when logging on to pretty much anything, maybe it's something to do with this SwiftKey thing going off where it predicts someone else's email address and stored words. Maybe it's turned off at there end while sorting the issue out.
Sent from my Xperia XA using XDA Labs
At first I created a guide about rooting stock Marshmellow of Sony Xperia Z5 Premium. After some time I realized that it may be useful to users of virtually any recent Sony phone or tablet, so here is my Sony Cross-Device general rooting thread. I will mostly copy-paste bits from my previous guide, but using renewed screenshots and firmwares'/tools' versions.
Please write back in this thread which model of Sony phone you was able to root with the help of this guide.
This guide does not work for MediaTek devices.
INTRODUCTION
Sony historically provides own versions of Android OS, modified for Sony phones. These firmwares with added Sony apps are known as a stock firmware, contrary to vanilla Android developed by Google.
This guide will lead you through the process of rooting the stock firmware for your particular Sony phone. At the same time, your phone will be supercharged with TWRP recovery image, a useful tool for things such as an installation of system behavior altering apps to a whole device backup including all system partitions.
WHY ROOT?
Sony, just as any other smartphone vendor, ships its devices without the ability to alter inner system workings of Android OS. Technically speaking, default OS only allows use of non-administrator accounts, which have access only to their own user space.
Rooting is a process of allowing access to the administrator account, also known as root. This enables a possibility to alter/remove system parts of the OS: apps, settings, behaviors. For example, with root access you can block ads system-wide, from apps to browsers.
WHAT ARE CAVEATS
During the rooting procedure, the unique DRM keys will be removed from the phone. These keys are used to make some proprietary Sony features work, such as X-Reality for Mobile, camera denoise filter etc.
During the course of this guide a so called DRM fix will be apllied, which effectively emulates DRM keys, so many Sony features remain in working condition, even without actual keys. Some features, such as Widevine, will not work but majority of typical users won't even notice this. I think most of you even don't know what Widevine is.
However, in this guide I will present a way to backup your DRM keys, if you still think you need them. I will not deep dive though, since I never bothered with DRM keys export/import procedure myself and have no experience in doing this.
Some apps will refuse to work on rooted device, Pokemon Go and Android Pay are couple of notorious examples. Research your apps for rooted device compatibility. If you find such app and cannot live without it, don't root your phone.
ACCOLADES
The rooting of Sony stock firmware will not be possible without the work of these brilliant community developers:
@Androxyde — Flashtool
@IgorEisberg — XperiFirm (integrated into Flashtool)
@Dees_Troy et al. — TWRP
@Chainfire — SuperSU
@topjohnwu — Magisk
@tobias.waldvogel — Kernel repack script and DRM fix
@zxz0O0 — iovyroot
@rayman — TA Backup v2
STEPS
The whole process of rooting your stock firmware is divided into the following steps:
Getting your phone recognized by your computer (driver installation).
(optional) Backup your DRM keys.
Unlocking a bootloader.
Flashing stock firmware with Flashtool.
Repacking and flashing a kernel.
Installing SuperSU or Magisk.
(optional) Restore your DRM keys.
Optional tasks.
After the completion of this guide, your phone contents will be completely erased, so you may want to backup all what is important to you to some external locations. External microSD card will not be erased, so you may copy your stuff to it. If you are already use some rooted Android, you may want to use some specialized tools like Titanium Backup or like. TWRP also have a nice backup features, if you have one already installed.
Also, use Sony's own Backup & reset tool from the settings. You may backup your local contacts, messages and much of such stuff directly to your microSD card. After the rooting, same tool may be used to restore some (or all) of these things back.
I usually make a whole backup with TWRP, Titanium Backup for user apps and the Sony's Backup & reset for conversations and call logs.
The guide was developed using Windows 10 Pro 64-bit and Sony Xperia Z5 Premium Dual-SIM E6883 official model for the Russian market.
Let's go.
1. GETTING YOUR PHONE RECOGNIZED BY YOUR COMPUTER (DRIVER INSTALLATION)
During the course of this guide, your phone will comminicate with your computer in Fastboot and Flashmode connection modes. When connected in these modes, for the phone to be properly recognized by a computer, you have to provide special drivers. Thanks to Flashtool creators, it comes bundled with generic drivers compatible with all recent Windows operating systems, so at first you should install Flashtool. You can get installer from the official website.
Next, you should install Fastboot and Flashmode drivers for your phone.
One caveat here however, these drivers are not from a "recognized Windows developer", that is they are not Windows-certified, so to get them installed on Windows 8/10, you should reboot with the disabled driver signature enforcement. Use Google to know how to perform this.
Once booted in the aforementioned mode (or in a regular mode if you are still on Windows 7), proceed to the actual driver installation. The drivers are packed into the Flashtool\drivers\Flashtool-drivers.exe executable, but it didn't work on my system, perhaps because it is 64-bit (but feel free to try it yourself), so I simply unarchived it with 7-Zip (right-clicked it and chose 7-Zip > Extract to "Flashtool-drivers"). I got a Flashtool-drivers folder, which contained all the drivers from the executable.
Once drivers are unpacked, connect your phone in a Fastboot mode. Recent Sony devices can boot in Fastboot just like this: shutdown the phone, press and hold Volume Up rocker button and connect USB cable to the phone while the other end is connected to a running PC. The phone's LED will turn blue shortly. That's it, you are in a Fastboot mode. Open Device Manager (Win + X, Device Manager) and check if there is some unknown device (with the name S1Fastboot or something like this).
Double-click this unknown device in the Device Manager, click Update Driver..., then Browse my computer for driver software, and choose the Flashtool-drivers folder created earlier with 7-Zip (leave Include subfolders checked). Shortly you will get a red warning dialog window, which inform you that this driver doesn't have a proper signature:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Very scary. Just proceed with the install despite all the red flags, it's safe.
Once Fastboot driver is installed, plug out the USB cable off the phone and connect it in a FlashMode mode. This is done just like for Fastboot, but in this case you should press and hold Volume Down rocker button during the cable plugging in. The LED in this case will be green and not blue. The procedure to install the driver is exactly the same.
After the successful installation, try to reconnect the phone in these modes again couple more times to make sure all devices get properly recognized by Windows. If all seems good, proceed to the next step.
2. (OPTIONAL) BACKUP YOUR DRM KEYS
I encourage you to skip this step, but if you feel like you should do this anyway, here is some info.
There is a tool called iovyroot, with which you can backup your DRM keys from an unrooted phone, but at the time of the writing it doesn't support latest firmwares. It does support a lot of older firmwares so it may be useful to not upgrade your phone before checking up this tool.
If you're into this backup DRM thing, go to the original thread, download the latest version and check if it is working for you. For now I just skip this step. Basically, you want to download the zip, connect your phone in USB Debugging mode, run the tabackup.bat script and see the output.
Some people suggest to use the newer Universal (Dirtycow-based) TA Backup v2 tool instead of ageing iovyroot to backup you keys. Please check the official thread to get instructions (linked in the previous sentence).
I will not cover DRM keys extraction/restore in details, since I never did it, so I don't want to write about something I haven't myself performed. Please check corresponding threads.
Note that most proprietary Sony features will work even without DRM keys, such as X-Reality for Mobile, camera denoise filter and some others. DRM fix will be covered later in this guide. Some features will not work with DRM fix, Widevine for example. Most users will not even notice these.
3. UNLOCKING A BOOTLOADER
Sony does provide its own guide. It is a plain and simple and — good news! — if you have followed the previous steps, you just got all the prerequisites covered!
4. FLASHING STOCK FIRMWARE WITH FLASHTOOL
Now we will flash the latest available Sony firmware to the phone. In this step it will be untouched vanilla firmware, without root yet.
The Flashtool was installed on the completion of the first step, so let's start it. If you are on 64-bit Windows, start Flashtool64 (there is a shortcut in the Start menu). It does require administrator privileges.
Once you are in Flashtool, at first you need to obtain the most recent official stock firmware from Sony. Press the "XF" icon (the right-most one in the toolbar) to start XperiFirm. This is where it is:
The window will open, choose your phone from the left part of the window, then choose your particular model and after that choose your market and operator from the right part of the window. The entry will become highlighted and shortly there will be some info in the last column (Latest Firmware). This definition will be also in the right-most part of the window just under the phone thumbnail, click on it. Not a brilliant design decision, but that's it. Here is a screenshot for your reference:
If there are multiple firmwares available, pick the more recent (typically the top-most). The new window will pop up, press Download. The stock firmware will be downloaded to your computer and unpacked.
Once the download is completed, close all XperiFirm windows to return to the main Flashtool window. Flashtool will begin a creation of the .ftf file from the downloaded resources which will be used for a (subsequent) flashing. FTF-files are similar to ZIP-files, and may be opened with 7-Zip. For example, I've got E6883_32.3.A.0.376_1299-4828_R3D.ftf after the completion of this procedure. Flashtool places firmwares in the C:\Users\<Your Windows Username>\.flashTool\firmwares.
Now, once the stock firmware is downloaded, packed into .ftf and ready to be installed, let's do this.
Disconnect and switch off the phone for now, physically extract microSD card (if any) and press the left-most button on the Flashtool's toolbar (the "Lightning" one) and choose Flashmode. The Firmware Selector window will appear with a selected default folder and list of all firmware available for a flashing. I've got a single entry, the firmware I just downloaded. Before actual flashing, you can check some checkboxes from the Wipe section, I usually check all to start clean (all the data on the phone is erased). Once again, just to be safe, extract the microSD card from the phone at this moment. It is not needed for a flashing anyway. Here is how the window looked to me:
After all is set up, press Flash. The flashing process is not yet begun, since at first Flashtool just prepares firmware for a flashing.
After a while, a window will appear which will ask you to connect your phone in the Flashmode mode. With your phone off, hold the Volume Down button, connect the USB cable. Once Flashtool detects the phone in the Flashmode mode, it will start the actual flashing automatically. You may release the Volume Down button and go get some snack. The flashing will take some time.
After the completion of the flashing procedure, you'll get a stock Sony firmware installed, and now it is perfect time to proceed to the next step. You may leave your phone off at this moment, but if you are curious, start it up and check if the new Android is actually there. Note however that first start after the firmware installation takes a long time.
5. REPACKING AND FLASHING A KERNEL
Now it is a most interesting part: repacking and flashing a stock kernel. This procedure will allow the actual rooting.
To get the stock firmware rooted, you need a way to install SuperSU or Magisk. These are tools which enable root access to the Android system. To install them, you need TWRP. To run TWRP, you need a kernel, which supports both TWRP and your Android version.
Thankfully you can extract the kernel from the .ftf file, prepared by Flashtool earlier. Then you repack it, integrate TWRP (and DRM fix) into it, and finally flash it to your phone back modified. Sound like a complex task but it's definitely achievable. I did it multiple times mostly without any issues.
At first you should extract the actual kernel from the .ftf file. Reminder: it's in the C:\Users\<Your Windows Username>\.flashTool\firmwares folder and may be titled E6883_32.3.A.0.376_1299-4828_R3D.ftf or something like this. Open it as an archive (right-click on a file, 7-Zip > Open archive) and extract kernel.sin. It's your phone's packed kernel.
If it is packed, obviously you need to unpack it. Thankfully the almighty Flashtool can do this. Open Flashtool, navigate to the Tools > Sin Editor, select a kernel.sin you've just extracted and press Extract data. As a result, you'll get a kernel.elf file in the same directory where your packed kernel is residing. As you may have guessed, kernel.elf is an unpacked kernel. It can be modified, repacked and flashed back to the phone. Let's do this.
You will need a Stock kernel repack script from @tobias.waldvogel. Here is the original thread. Author of the script mentioned, that now it is hosted on GitHub, so let's just grab the latest version from there. Here is the link to the repository. In the upper-right corner there is a Clone or download button you may push it and choose Download ZIP from the menu. The script will be downloaded.
Once the contents of the zip-file with script are extracted to some directory, copy the kernel.elf there and summon command prompt in this directory (right-click in the empty space of this folder in File Explorer with the Shift button pressed and choose Open command window here).
In the command line type the following:
Code:
rootkernel.cmd kernel.elf boot.img
You'll get some questions about adding some features/tools to your kernel, feel free to answer "Yes" (type Y) to all of them. Screenshot for your reference:
If all went smoothly, you'll get a repacked kernel, boot.img in the script folder, supercharged with TWRP and DRM fix, and most importantly, which also supports rooting. Now it is time to flash it to your phone.
ATTENTION! Since the script is mostly unsupported, when new firmware get released, its kernel modules are not getting automagically added to the script package. You will get "Skipping TWRP recovery. No kernel modules for 3.10.84-perf-XXXXXXX available" error due to this. But don't worry, you can extract the required modules yourself from the firmware.
1. Open the FTF-file (firmware you downloaded) with 7-Zip, and extract system.sin file.
2. Open Flashtool, navigate to Tools > Sin Editor, choose this system.sin file, push Extract data. You'll get system.ext4 in the same directory.
3. Use the cool free Ext2Read tool to get into the ext4 filesystem in the system.ext4 (File > Open Image). Linux users can mount this filesystem as usual. Once you get into the filesystem, go to the lib/modules directory and grab the following files from there (Tools > Save):
core_ctl.ko
ecryptfs.ko
kscl.ko
mhl_sii8620_8061_drv.ko
texfat.ko
4. Once you get these files, create the 3.10.84-perf-XXXXXXX folder in the script's Android\twrp_common_kmodules directory. In my case I created 3.10.84-perf-g5e25a09 folder, just as was mentioned in the script's output in the console (when it complained about Skipping TWRP recovery). Copy these 5 files into this newly created folder.
5. Voilà! Re-run the script and see that now TWRP gets properly integrated! Thanks to @sceryavuz for his initial instructions. I just elaborated them a bit.
When all is clear, turn off your phone if it's on and connect it in a Fastboot mode: hold the Volume Up rocker button and connect USB cable. The LED on the phone will turn blue. Release the button.
Flashing images in this mode is typically done with a fastboot.exe from the Android SDK. Android SDK weighs many gigabytes but thankfully you don't need it. Fortunately Flashtool contains fastboot.exe from the SDK. It's in the Flashtool\x10flasher_lib folder. For the brevity of the following steps, I assume you have all necessary files there. To make it true, copy the newly generated boot.img to this folder.
Now Shift-right-click in the empty space of this folder window and choose Open command window here entry from the context menu. Windows console will appear.
At first try this command:
Code:
fastboot.exe devices
If all is good, there will be one device in the output of this command, just like this:
If not, perhaps there is some driver issue, so head back to the step #1 and make sure the drivers are installed correctly.
If your device is shown correctly, let's flash some files to the phone. Execute the following command to flash the modified kernel:
Code:
fastboot.exe flash boot boot.img
The proper output of this command will be like this:
If you get any errors, the first and more likely reason is that you still have a locked bootloader. Head to the step #3 to verify its state and unlock it if necessary.
If there were no errors — congratulations! — you now just flashed a stock kernel supercharged with TWRP recovery and DRM fix. You're almost done! You may plug out the cable from your phone. If you are attentive to the details, you'll notice that now, once your phone is started, its LED turns amber for 2-3 seconds. This is a special signal for those looking to boot into a recovery (TWRP). But you don't have to start your phone yet.
Although @tobias.waldvogel claims his script is able to also integrate SuperSU during the kernel repacking, I didn't managed to get this working, so the SuperSU (or Magisk) installation is a separate step in my guide. The next step.
6. INSTALLING SUPERSU OR MAGISK
Now when you have TWRP in place and latest Android installed, let's install SuperSU to it. SuperSU distributed in a TWRP-friendly .zip archives, so you should copy one to your microSD card. I used version 2.79 from here. Download TWRP / FlashFire installable ZIP, not the APK. At the time of your reading, there probably will be some newer versions available, feel free to install them them instead. Copy the downloaded ZIP-archive to your microSD. Don't bother to unpack the ZIP.
Once SuperSU zip-file is copied to your microSD card, place it into your phone and reboot to recovery (TWRP). To do this restart or power up your phone and look at the LED. Once it lights amber, press Volume Up rocker button and you'll get into recovery — TWRP. In my case it was TWRP v3.0.2-0.
To install SuperSU, press Install, go to the /external_sd and select the .zip (in my case SuperSU-v2.79-201612051815.zip). Swipe right to confirm installation. Once it is installed, press Reboot System button. Phone will reboot twice. Do not interfere with the process during these multiple reboots, the things are getting done, so just wait once Android is started. When it's started, the phone is rooted and functional!
If you would like to install Magisk instead, the instructions are exactly the same. Grab the latest ZIP from the original thread and flash it with TWRP. That's it!
7. (OPTIONAL) RESTORE YOUR DRM KEYS
If you had successfully backed up your DRM keys in step #2, it is now time to restore it back to the device. There is a flash_dk.cmd script shipped with the Root kernel repack script you used in the previous step. flash_dk.cmd can be used to flash the DRM partition back to your phone.
At first prepare the flashable .ftf:
Code:
flash_dk.cmd <ta backup image> dk.ftf
And then flash dk.ftf via Flashtool, just like you flashed the whole firmware in the step #4, but don't wipe anything this time.
8. OPTIONAL STEPS
8.1. Xposed installation
If you use Lollipop and later, you should install Xposed APK from here. At the time of writing there is XposedInstaller_3.0_alpha4.apk installer there.
Once APK is installed, grab the latest .zip from the repository, I've got xposed-v86-sdk23-arm64.zip. Install it in a regular TWRP way covered in step #6.
Once all these steps are done, you should have Xposed Installer app in your phone, and if you open it and check Framework section, if everything is alright, there will be text in green, something like "Xposed framework version 86 is active".
8.2. Resolving Voice Search and random volume up/down issues while using regular headphones
See this thread.
8.3. Disable startup notification if there is a newer firmware available
Some people get annoyed by a persistent notification, which is displayed once the new firmware become available (new Android version from Sony). Rooted users cannot just tap it and update over-the-air, because they need to perform a complex rooting procedure in beforehand (covered in this guide). It is possible to disable this notification. You may get these notifications by email anyway.
The easiest and safest way is to use some autorun manager. I used Autorun Manager Pro and disabled all receivers of system apps com.sonymobile.fota.service, fota update service and Software update. Notification vanished after a restart.
You may even freeze or remove these apps via some app manager like Titanium Backup Pro.
8.4. Disable that damned green LED light while phone is charged and attached to the cable or docked
This is a historic Xperia behavior, not easily fixable without the root. The notorious green LED is on all night no matter which settings you set up. In fact, there is no setting to switch it off.
However, if you are rooted, you can solve this issue easily. One method is to install a free Light Flow - LED Control app. Once it is installed, you need to enable the following settings in the Settings > Device Settings and Root section: Direct mode, Root mode and Run every command as root. Then you can mess around with individual notifications in the Notification settings, but I just cleared all in there and hey! — the annoying green LED is gone!
THAT'S IT
At this point you have a stock Sony Android enhanced with root privileges. SuperSU / Magisk app is also installed, so you are ready to use root right away. SuperSU now can be updated in a regular way via Play Store. Magisk has it's own updating capabilities.
P.S. WHEN NEW FIRMWARE IS AVAILABLE
Once the new firmware is released, you may perform the same procedure for it beginning from the step #4, but if it is a minor upgrade, you may want not to wipe anything during Flashtool flashing this time. If it is a major upgrade, e.g. Marshmallow > Nougat, you probably may want to start with a clean system and wipe all.
Fragmentation said:
Getting your phone recognized by your computer (driver installation).
(optional) Backup your DRM keys.
Unlocking a bootloader.
Flashing stock firmware with Flashtool.
Repacking and flashing a kernel.
Installing SuperSU.
(optional) Restore your DRM keys.
Optional tasks.
Click to expand...
Click to collapse
I'm pretty sure that once you have unlocked the bootloader, the easiest thing at that point is to use fastboot to flash a custom kernel/recovery, then boot to recovery, flash su, then reflash your original kernel. Then you're rooted.
Plus, rooting is easy now even with locked bl, since we have Kingroot, and new Sony bootloader with real recovery.
(However, I can't say for sure on every device... I appreciate you taking the time to post...)
levone1 said:
I'm pretty sure that once you have unlocked the bootloader, the easiest thing at that point is to use fastboot to flash a custom kernel/recovery, then boot to recovery, flash su, then reflash your original kernel. Then you're rooted.
Click to expand...
Click to collapse
Hey. If you'd say this to my mom, I'm sure she'll not understand any of these. And with this guide she at least have some chance of success.
levone1, why at the end would you flash your original kernel again instead of just running your custom kernel that you made like in the guide?
F2a said:
levone1, why at the end would you flash your original kernel again instead of just running your custom kernel that you made like in the guide?
Click to expand...
Click to collapse
If you flash stock-based kernel via boot.IMG in fastboot that will work with your stock ROM, great, keep it. I was just imagining easiest thing to be to flash, for example, CM boot IMG, just to be able to get into recovery to flash su. Usually stock-based kernels are zips, with other things besides just boot IMG. What I've usually done with unlocked BL and stock ROM is use fastboot to flash CM boot and recovery IMG, then go to recovery and flash supersu, then use flashtool to flash kernel only of stock ROM. Once you reboot, rooted, you can do whatever from there.
Which ROM have you flashed to 6883. The Nougat?
levone1 said:
If you flash stock-based kernel via boot.IMG in fastboot that will work with your stock ROM, great, keep it. I was just imagining easiest thing to be to flash, for example, CM boot IMG, just to be able to get into recovery to flash su. Usually stock-based kernels are zips, with other things besides just boot IMG. What I've usually done with unlocked BL and stock ROM is use fastboot to flash CM boot and recovery IMG, then go to recovery and flash supersu, then use flashtool to flash kernel only of stock ROM. Once you reboot, rooted, you can do whatever from there.
Click to expand...
Click to collapse
I am not quite sure what you mean tbh so forgive me if I missunderstand.
stock kernels are not zips they come in .elf hence the use of rootkernel to unpack/repack it to something more manageable. nowadays supersu makes changes to this partition once flashed, so if you flash stock kernel.sin containing kernel.elf again from flashtool changes will be reverted and you loose root.
the easiest way to get into twrp recovery without flashing anything is to just fastboot it.
nigeta_gr said:
Which ROM have you flashed to 6883. The Nougat?
Click to expand...
Click to collapse
Yes, the latest official firmware available for Z5P (E6883) is Nougat (7.0). I flashed it during the assembly of this guide.
I suppose it will work with my E6833 as well.
Fragmentation said:
Yes, the latest official firmware available for Z5P (E6883) is Nougat (7.0). I flashed it during the assembly of this guide.
Click to expand...
Click to collapse
nigeta_gr said:
I suppose it will work with my E6833 as well.
Click to expand...
Click to collapse
I'm sure it will.
Fragmentation said:
At first I created a guide about rooting stock Marshmellow of Sony Xperia Z5 Premium. After some time I realized that it may be useful to users of virtually any recent Sony phone, so here is my Sony Cross-Device general rooting thread. I will mostly copy-paste bits from my previous guide, but using renewed screenshots and firmwares'/tools' versions.
Click to expand...
Click to collapse
Ogromnoye spasibo bratan!
This helped me tremendously, just wanted to say thanks!
FYI, I'm using latest Nougat 333 UK firmware on Xperia X F5121 US version --- so that my fingerprint scanner works. Got stuck in a boot loop after installing TWRP but after reading your thread, I fully understood and fixed the reason why. The root tool from GitHub worked kinda --- meaning I had busybox and others but no su binary I still had to install SuperSU.zip via TWRP to actually have root. You documented a similar experience.
JZ SmartMort said:
Ogromnoye spasibo bratan!
This helped me tremendously, just wanted to say thanks!
FYI, I'm using latest Nougat 333 UK firmware on Xperia X F5121 US version --- so that my fingerprint scanner works. Got stuck in a boot loop after installing TWRP but after reading your thread, I fully understood and fixed the reason why. The root tool from GitHub worked kinda --- meaning I had busybox and others but no su binary I still had to install SuperSU.zip via TWRP to actually have root. You documented a similar experience.
Click to expand...
Click to collapse
You're welcome, zemlyak! Sure, for root you definitely need SuperSU, it just won't work without it this way. It's a shame US versions of Xperias don't have fingerprint scanner activated, but it's cool to hear, that flashing another region firmware helps.
Hi, I followed everything until the part where I need to flash the modified kernel in step 5. There is no error messages. the output is exactly like the screen captures. When I start the phone, I don't see the amber light. I cannot proceed. Where did I go wrong? Appreciate any help available.
Edit: Used a rooted stock kernel from another thread. Seems to work. Still not sure what I missed out though.
viperc said:
Hi, I followed everything until the part where I need to flash the modified kernel in step 5. There is no error messages. the output is exactly like the screen captures. When I start the phone, I don't see the amber light. I cannot proceed. Where did I go wrong? Appreciate any help available.
Edit: Used a rooted stock kernel from another thread. Seems to work. Still not sure what I missed out though.
Click to expand...
Click to collapse
Hey. If the phone don't turn on amber light for a while during the boot up, then TWRP is not there.
If you used the kernel repack script I mentioned in the guide with a very recent Sony's firmware, probably you didn't notice, that TWRP has not been integrated into the kernel due to some error. It is because this script should be frequently updated to work with any newly released firmware, and Tobias, its author, apparently have not time to do this.
However, you can update the script yourself, following this procedure.
viperc said:
Hi, I followed everything until the part where I need to flash the modified kernel in step 5. There is no error messages. the output is exactly like the screen captures. When I start the phone, I don't see the amber light. I cannot proceed. Where did I go wrong? Appreciate any help available.
Edit: Used a rooted stock kernel from another thread. Seems to work. Still not sure what I missed out though.
Click to expand...
Click to collapse
I don't have the amber LED light on boot up on my X Compact but everything works fine. I can't seem to find it but I recall reading somewhere an actual reason why I didn't see it but as far as I know it's not a problem.
Edit: Simple check, reboot and hold volume down. Do you enter TWRP? I do even though I never see the amber led.
F2a said:
I don't have the amber LED light on boot up on my X Compact but everything works fine. I can't seem to find it but I recall reading somewhere an actual reason why I didn't see it but as far as I know it's not a problem.
Edit: Simple check, reboot and hold volume down. Do you enter TWRP? I do even though I never see the amber led.
Click to expand...
Click to collapse
Maybe it wasn't a proper kernel for your rom or device, I also experienced some errors including yours but at last (after 12 try) I found a working kernel for me. I really don't know what the problem is, sometimes it just doesn't work...
Fragmentation said:
Hey. If the phone don't turn on amber light for a while during the boot up, then TWRP is not there.
If you used the kernel repack script I mentioned in the guide with a very recent Sony's firmware, probably you didn't notice, that TWRP has not been integrated into the kernel due to some error. It is because this script should be frequently updated to work with any newly released firmware, and Tobias, its author, apparently have not time to do this.
However, you can update the script yourself, following this procedure.
Click to expand...
Click to collapse
Thanks. I will look into that again when my region's Sony release the latest firmware.
F2a said:
I don't have the amber LED light on boot up on my X Compact but everything works fine. I can't seem to find it but I recall reading somewhere an actual reason why I didn't see it but as far as I know it's not a problem.
Edit: Simple check, reboot and hold volume down. Do you enter TWRP? I do even though I never see the amber led.
Click to expand...
Click to collapse
Interesting, didn't try that lol. I used another pre-rooted sick kernel to flash after my attempt failed. I can see the amber led now with the other kernel.
Tried again after re-downloading the script. It's working now. Thanks.
if not do drm-fix, and flash dk.ftf with old flashtool, the result is" FIDO KEYS NOT PROVISONED PROVISION FAILED"
any way to fix this?
This thread is a complete guide and must be sticked, Thanks :fingers-crossed:
You should add backupTA-V2 for Lollipop devices..
Thread : https://forum.xda-developers.com/crossdevice-dev/sony/universal-dirtycow-based-ta-backup-t3514236
iovyroot method is very old..