Database Users

How-to: root, keep and backup DRM keys, etc. [KitKat/Lollipops/Marshmallow/etc.]

By almost popular demand, making this a thread
This is a how-to root, install recovery, backup drm keys, etc. from scratch in a single thread since finding all threads can be daunting. That's basically all the things you generally want to do when you root the phone (WITHOUT UNLOCKING THE BOOTLOADER).
TL;DR - overview
If you know what you're doing, you really just need to read this part of the post. If you're unsure, read the step-by-step instead.
If you're running Android 6.0.1 MM with firmware .291 (and probably any other future firmware), want to root without unlocking the bootloader more quickly than the method below refer to this post: http://forum.xda-developers.com/z3-compact/general/recovery-root-mm-575-lb-t3418714 (get all 3 zips, rename the kernel zips to .ftf, flash kernel575.ftf with flashtool - reboot - enable dev mode, run bat script - reboot in recovery and flash supersu.zip - flash kernel291.ftf, reboot, done (for future versions you'll want to only flash the kernel from sony's ftf after rooting)
Downgrade the firmware, as the root exploit only works with older firmware such as 23.0.A.2.93.
Run the root exploit to get root
Backup the DRM keys
Upgrade the firmware to the latest version, while retaining root access (or by using a pre-rooted images that nice people made)
In the process, we'll install DualRecovery and SuperSu (having the custom recovery is what allows you to keep root as it let you flash a modified image that has SuperSU on it)
See the FAQ at the bottom in case you need additional help, about mounting /system read-write, fixing the sdcard issues, etc. These are not directly related to the rooting process, but you most likely want to perform these tasks anyway.
Step by step instructions
Read instructions carefully, there's many steps, making this slightly complex.
Ensure you backed up everything you need (files/apps/pictures/etc) first, these will be lost! - YOUR PHONE WILL BE WIPED.
-- FW DOWNGRADE AND INSTALL WITH FLASHTOOL --
Downgrade fw to 23.0.A.2.93 (Device D5803) or anything prior to 23.0.1.A.5.77 (december fw)
Global:https://mega.nz/#F!wdEG3aiD!Ej2S4hcMKGPgnmGudvAegg (look for 23.0.A.2.93) (or see http://forum.xda-developers.com/showpost.php?p=66275977&postcount=2030 for more links if this one no longer works)
Get and install Flashtool at http://www.flashtool.net/index.php
Move the fw into the C:/Flashtool/firmwares directory
Open Flashtool, click on the lightning symbol ("flash device"), select "Flashmode" and click on "OK"
Just select the name of the fw you downloaded and click on "Flash"
Wait for a window to pop up (it may take a few minutes, be patient)
Now everything is ready: turn off your phone
Push the volume DOWN button, connect the USB cable to your PC while still pushing the volume DOWN button
Once the flashing process has started, release the volume button
) Do not disconnect the USB cable, wait until flash completes (flashtool will indicate when you can unplug).
-- ROOTING W/ EXPLOIT --
Enable USB debugging on the phone (Settings => About phone => Click 7 times on Android Build to unlock developer options)
Allow mock locations (Settings => Developer Settings)
Ensure you have adb drivers installed (http://support.sonymobile.com/gb/tools/pc-companion/ don't use it to update
Download rooting tool (http://forum.xda-developers.com/devdb/project/dl/?id=10766&task=get) or latest from http://forum.xda-developers.com/crossdevice-dev/sony/giefroot-rooting-tool-cve-2014-4322-t3011598)
Unzip the rooting tool
Connect phone to your computer
Put phone in airplane mode
Run install.bat from the rooting tool (allow USB debugging when asked on the phone every time, also allow root prompt) and follow instructions from the tool
You should be rooted now, if you get an error "Device not rooted" trying running the tool once more
-- Backup DRM keys/TA Partition --
Get backup ta tool from https://github.com/DevShaft/Backup-TA/releases
Unzip it!
Ensure phone is still connected (or reconnect it)
Run Backup-TA.bat
Read the information and follow the instructions given by the tool.
-- Install latest firwmare with root, DRM keys, recovery --
Alternative 1: pre-made pre-rooted image (for fast internet, slow pc
Get a pre-rooted image:
For KitKat - fw 23.0.1.A.5.77 (android 4.4. dec 2014) at http://forum.xda-developers.com/z3-...ist-pre-rooted-firmwares-6-oct-2015-t32188206 then skip directly to step 33.
Or, for Lollipop - fw 23.1.A.0.690 (Android 5.0 March 2015) at http://forum.xda-developers.com/z3-compact/development/list-pre-rooted-firmwares-6-oct-2015-t3218820 then skip directly to step 33.
Or, for Marshmallow - fw 23.5.A.1.291 (Android 6.0 June 2016) at https://mega.nz/#!0JUA2DzR!5-5Tz1BRr3gkvrt_loqHzePsgfSeGKCD07xhQzugl4w or http://forum.xda-developers.com/z3-compact/development/list-pre-rooted-firmwares-6-oct-2015-t3218820 then skip directly to step 33.
Alternative 2, for newer fw for example - build your own pre-rooted image (fast pc, slower internet:
Get PRFC from http://forum.xda-developers.com/crossdevice-dev/sony/tool-prfcreator-easily-create-pre-t2859904
Get latest fw from http://forum.xda-developers.com/z3-compact/general/list-stock-firmwares-d5803-d5833-t2906706
Get latest SuperSU zip http://download.chainfire.eu/supersu
Get DualRecovery zip (the flashable zip, not the installer one) from http://nut.xperia-files.com/ you want Z3C-lockeddualrecoveryX.Y.Z-RELEASE.flashable.zip
Start PRFC and add the 3 zip (FTF file is the fw, SuperSU and Recovery)
Click "create" - this will take a while
Copy resulting "pre-rooted" fw to /sdcard0 on your phone (it means copy flashable.zip from the PRFC directory to the "internal storage" directory of the phone)
Get Dual Recovery installer this time, from http://nut.xperia-files.com/ you want Z3C-lockeddualrecoveryX.Y.Z-RELEASE.installer.zip notice how thats 'installer' this time, not the same file as in 30!
Unzip it
start install.bat and follow instructions (hit 1 (allow adb/root on the phone as needed)
You should be in recovery automatically now. (if not, reboot and when the LED change colors push volume UP repeatedly)
Flash the pre-rooted fw (flashable.zip) from the recovery (touch "install zip", select /storage/sdcard1/flashable.zip then confirm install) on the phone, then power off the phone (DO NOT REBOOT)
To power off, go into the "power options" and hit "power off" (dont do "reboot in flashmode" DO power off)
Unplug USB (yes this is required, DO IT)
Open Flashtool and select the non-pre-rooted fw (this is 23.5.A.1.291 for example), but DESELECT system: in "EXCLUDE" make sure you check the checkbox next to "SYSTEM", flash it.
press volume DOWN and plug USB cable while keeping volume DOWN pressed, when flashing starts, stop pressing the volume button
After flash is done and when flashtool tells you to, remove USB cable and start the phone
Congrats and enjoy, you made it to the end! you now have latest + recovery + root and backups of your DRM keys! (and of course all DRM functions enabled)
FAQ
- Some root apps don't work, because /system can't be remounted rw, what's up with that?
Sony has a special in kernel protection that disallow remounting /system read-write, even for root. Flash this in recovery (copy it to the sdcard and reboot in recovery with volume UP pressed, then install it): https://github.com/dosomder/SonyRICDefeat/raw/master/RICDefeat.zip
- I unlocked my boot loader, or lost my DRM keys some other way AFTER backing up as per above procedure. How to restore?
plug USB back in
re-enable usb debugging on the phone (Settings => About phone => Click 7 times on Android Build to unlock developer options)
Start backup TA again but this time hit restore
- I messed somewhere, phone doesn't boot or work properly, what to do!
unplug USB
if phone is on, long press the power button+volume UP until the phone turns off
go back to step 1 of the how to, follow the how to! Mainly - the howto makes you setup flashtool again, then boot the phone in flash mode with volume key and plugging in the USB cable.
- I forgot to backup DRM keys (backup ta program) but I never unlocked the bootloader, is it bad?
nope you're fine, just back them up now
- I really lost my DRM keys, can I recover them?
No you can't. But you can recover the features by using some modified software. Look for "DRM Fix" for example here.
- I don't want to wipe my phone!
Uncheck "data" before downgrading and then before upgrading in flashtool. You will get some errors when downgrading, which will go away when you revert back to .77 at the end of the process
This is at your own risk, data still risk being deleted if something goes wrong
Depending on the apps, etc. you have, there is a chance that some app would not work properly at the end of the process without a full wipe. If that's the case, you might need to go in settings>applications and "delete data" for that app.
- Some apps can't write to the sdcard!
install/run this https://play.google.com/store/apps/details?id=nextapp.sdfix&hl=en
- I don't have SuperSu on marshmallow+ ?!
It just didnt install properly into /system. That's ok. Just install it from the play store - you do have the su binary installed in /system so this will work
- Does this work on my SO-02G (Xperia Z3C Docomo NTT version) ?
@pngoc256 tested and yes, it works
- Does this work with lollipop (Android 5.0)?
- Does this work with Marshmallow (Android 6.0)?
- Will this work with Nougat (Android 7.0)?
- Will this always work?! (yes probably)
Yes.
If when doing the final reboot its stuck on the loading screen the first time, reboot again a last additional time with power + volume UP.
People who did the hard work/references thanks to them:
@istux (fw list, flashtool how to http://forum.xda-developers.com/z3-compact/general/list-stock-firmwares-d5803-d5833-t2906706)
@xzx0O0 (root exploit: http://forum.xda-developers.com/crossdevice-dev/sony/giefroot-rooting-tool-cve-2014-4322-t3011598)
@DevShaft (backup ta http://forum.xda-developers.com/showthread.php?t=2292598)
@serajr (install .77 fw http://forum.xda-developers.com/showpost.php?p=58395100&postcount=71)
dosomder (kmod for sony's RIC) https://github.com/dosomder/SonyRICDefeat

Everything worked. Thanks a ton!

Thanks for the detailed explanation with links, very thorough and helpful.
MODS PLEASE STICKY THIS THREAD, might just be the most important thread in the Z3 Compact forum.

If you're having trouble with step 34 opening a command prompt in the files folder, try pressing shift and right click on or in the "files" folder, you should see "Open command window here"
Unrelated: what's the purpose of steps 40-43 (reflashing non pre-rooted FW)?

Thanks for this manual, managed to get it work. Although if I start xposed, I get the error it can't mount the system partition. Titanium Backup works perfect. It seems the system partition is read only still? Any solution very welcome. Once again many thanks to the hard working people behind this exploit

wowz, it's finally here!!!

madlive said:
Thanks for this manual, managed to get it work. Although if I start xposed, I get the error it can't mount the system partition. Titanium Backup works perfect. It seems the system partition is read only still? Any solution very welcome. Once again many thanks to the hard working people behind this exploit
Click to expand...
Click to collapse
Follow this: http://forum.xda-developers.com/showpost.php?p=58400277&postcount=228

This is why I love this community, thanks mate, that completely fixed it

adamk7 said:
If you're having trouble with step 34 opening a command prompt in the files folder, try pressing shift and right click on or in the "files" folder, you should see "Open command window here"
Unrelated: what's the purpose of steps 40-43 (reflashing non pre-rooted FW)?
Click to expand...
Click to collapse
its here in case you need to restore DRM keys. for example if you unlocked your boot loader, or messed up something somewhere.
madlive said:
Thanks for this manual, managed to get it work. Although if I start xposed, I get the error it can't mount the system partition. Titanium Backup works perfect. It seems the system partition is read only still? Any solution very welcome. Once again many thanks to the hard working people behind this exploit
Click to expand...
Click to collapse
Fastest i found is to flash https://github.com/dosomder/SonyRICDefeat (the zip in there). its an extra protection on the sony kernel that makes /system non-remountable r/w, this module takes care of it. above post method would also work.

Hello,
Thanks a lot for this thread, but you made a typo in the step 37, in the command to remount /system: "mount -o remount,rw /system" instead of "mount -oremount,rw /system".

Had I known you were going to post such detailed instructions, I would have waited and saved tons of time!
Very helpful indeed, kudos for your work

steps 40-43
adamk7 said:
If you're having trouble with step 34 opening a command prompt in the files folder, try pressing shift and right click on or in the "files" folder, you should see "Open command window here"
Unrelated: what's the purpose of steps 40-43 (reflashing non pre-rooted FW)?
Click to expand...
Click to collapse
I think you are not suppose to open your phone until you flash the prerooted firmware since it says to turn off and not reboot. I dont know the purpose but still gonna follow.
---------- Post added at 04:58 AM ---------- Previous post was at 04:56 AM ----------
I just want to ask if its ok to flash a non-prerooted firmware that was not based on, or was not used to make the prerooted firmware that i will flash earlier in the step?

Any tips on backing up data before flashing .93?

bilboa1 said:
its here in case you need to restore DRM keys. for example if you unlocked your boot loader, or messed up something somewhere.
Fastest i found is to flash https://github.com/dosomder/SonyRICDefeat (the zip in there). its an extra protection on the sony kernel that makes /system non-remountable r/w, this module takes care of it. above post method would also work.
Click to expand...
Click to collapse
I flashed the zip in the recovery, but I still can't unintall the apps! I'm sure I have root because greenify and xposed works.

Since i have dual recovery now on my z3 compact, can i flash any zip including CM12 without unlocking the bootloader? I already backed up TA but still wondering?

I had a error when trying to flash CM12 without flashing the CM' boot.img (which asks to unlock the bootloader) because the phone codename is "aries" on Sony stock roms and CM12 want the codename "z3c". Flashing the boot.img contained in CM12 nightlies fixed the problem.

I have solve problem! Just need it to update the dual recovery by Nut with the 2.8.1 Now I can uninstall the system app (Finally)..

Thanks but TA
I make a TA backup in 23.0.A.1.93 in root.
And I changed the kernel to 23.0.A.5.77 with the root using PRFCreater.
and I unlocked my bootloader
and after that I need to re-lock the bootloader cause i need to go sony service center
i tryed the TA backup tool's restore option, but it saids that there is no TA-backup*.zip files
what should i do

reloadxero said:
Since i have dual recovery now on my z3 compact, can i flash any zip including CM12 without unlocking the bootloader? I already backed up TA but still wondering?
Click to expand...
Click to collapse
Any custom rom needs an unlocked bootloader.
Any custom kernel needs an unlocked bootloader.
Without unlocking, you can only install roms based on stock firmware with a stock kernel.
dshstudio said:
I make a TA backup in 23.0.A.1.93 in root.
And I changed the kernel to 23.0.A.5.77 with the root using PRFCreater.
and I unlocked my bootloader
and after that I need to re-lock the bootloader cause i need to go sony service center
i tryed the TA backup tool's restore option, but it saids that there is no TA-backup*.zip files
what should i do
Click to expand...
Click to collapse
Restoring the TA backup automatically relocks your bootloader.
Inside the folder where TA-backup.exe is located, you should find a sub-folder named "backup": do you see nothing within that?

Thank you so much for this thread, really easy this way. Only problem I had was in the last step when flashing version .98, which gave me a non-working wifi. Once reflashed with .77 this was resolved.

Root Xperia Z5 Compact Android 6.01 (Tested and Working)

I rooted my phone following the guide from user "smartphone-tester". I wanted to update his post as there were 1 or 2 mistakes, and shorten in to make rooting seem a little less scary. His original post is here: http://forum.xda-developers.com/z5-compact/general/summary-tutorial-root-sony-xperia-z5-t3360515
STEP 1 Backup your device
Move everything you want to keep onto the SD card or your PC. Your phone will be completely wiped.
STEP 2 Downgrade to exploitable firmware release
2.1 Download XperiFirm from http://forum.xda-developers.com/crossdevice-dev/sony/pc-xperifirm-xperia-firmware-downloader-t2834142
2.2 In XperiFirm - download firmware build 32.0.A.6.200 with XperiaFirm (E5823_StoreFront_1299-6910_32.0.A.6.200_R2B)
2.3 Download flashtool from http://www.flashtool.net/index.php(get latest version)
2.4 In Flashtool - Create FTF file. Select Tools->Bundles->Create
2.5 In FlashTool - Flash the FTF in flashmode. Make sure to select the checkboxes under Wipe. (Takes 10 minutes)
STEP 3 TA / DRM Keys Backup and root current firmware
3.1 Download Ivy Root http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
3.2 Connect your phone in ADB mode, in a command window run:
adb push "root/iovyroot" "/data/local/tmp/iovyroot"
adb push "root/backup.sh" "/data/local/tmp/backup.sh"
open shell: adb shell
chmod 777 /data/local/tmp/iovyroot
chmod 777 /data/local/tmp/backup.sh
mkdir /data/local/tmp/tabackup
/data/local/tmp/iovyroot /data/local/tmp/backup.sh
exit
adb pull "/data/local/tmp/tabackup/"
STEP 4 UPGRADE TO LASTEST ANDROID (6.01)
4.1 In XperiFirm - download firmware 32.2.A.6.224 (get the build for your model, mine is E5823_Customized TW_1298-7315_32.2.A.0.224_R9C)
4.2 In Flashtool - create FTF file from E5823_Customized TW_1298-7315_32.2.A.0.224_R9C and flash in flashmode.
4.3 In your phones setting, under develop options - select "Enable OEM Unlock"
4.4 Unlock your bootloader by following these steps excactly :http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/
STEP 5 ROOT ANDROID 6.01
5.1 Download SuperSu 2.74 or greater. Copy the zip file onto your Z5 Compacts internal storage https://download.chainfire.eu/964/SuperSU/BETA-SuperSU-v2.74-2-20160519174328.zip
5.2 In Flashtool -> Tools -> SIN Editor , then extract the kernel from kernel.sin in the directory created by XperiFirm when you downloaded 32.2.A.6.224. It creates an .elf file
5.3 Download rootkernal tool from http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605 extract the zip into a folder, then copy the .elf file into the folder
5.4 In a cmd window go into your extracted rootkernal folder, run the command: rootkernel kernel.elf kernel-patched.elf
5.5 When rootkernel is running, select Disable Sony RIC, install TWRP, install busybox, install DRM fix
5.6 Put your phone into fastboot mode (Turn off phone, hold volume up and plug in USB)
5.7 Flash your patched Kernel to your phone with this command: fastboot flash boot kernel-patched.elf
5.8 Go Into TWRP(unplug usb, turn phone on, then keep hitting volume up until phone goes into TWRP)
5.9 Install SuperSu : Select Install, Select SuperSU zip --> systemless mode
STEP 6
6.1 Restart your Device and your done!
DRM KEYS: While we did make a backup for the TA partition containing the DRM keys, this tutorial did not explain how to restore that because in STEP 5 when patching the kernel we selected to use the DRM Fix. This DRM Fix should be good enough - as everything on my phone is working 100%, but should you ever need to restore your TA partition in the future you have your backup.

nice
you should make a video on how to do this (this is my 1st time rooting and i am completely lost)

I'm an occasional user of all those rooting methods. Here I'm fairly stuck at the Iovyroot step.
I was able to unlock bootload, to flashboot the thing, to even revert to 5.1.1, but then, at the Iovyroot step, I can no long see where to open the cmd. Even when I enter adb devices or android devices, nothing is shown. Although I changed the path in the variables.
I'm getting frustrated big time with the lack of user friendly infos on those tutos. Half of the stuff I had to search for third party tutos to understand how I should go to the next step. Please, help someone who doesn't have his translator on.
EDIT: Well, in the end I couldn't do the backup part, but I just did the rooting and the phone seems all good. Powerful and versatile tool in my pocket, I'm pretty satisfied. Thank you for the tuto, be more user friendly though next time. Some people come here with little knowledge, they need to find their way properly.

Why so many steps when all you have to do is unlock the bootloader, flash twrp and that's it? I rooted on lollipop so I'm confused where it git so complicated.

civicsr2cool said:
Why so many steps when all you have to do is unlock the bootloader, flash twrp and that's it? I rooted on lollipop so I'm confused where it git so complicated.
Click to expand...
Click to collapse
The tutorial covers backing up the TA partition that holds the Sony DRM stuff that's used by the camera (and maybe some other stuff).
This is "just in case" the DRM work around stops working, or if something in the future requires the actual TA partition to have the data there.
If you don't care about anything that is affected by the DRM stuff and don't care that not having a backup could prove to be detrimental in the future, you do only need the few steps of 1) unlock bootloader, 2) flash twrp, 3) flash supersu.

what are those step exactly (sorry new to this)
---------- Post added at 03:47 PM ---------- Previous post was at 03:31 PM ----------
I am stuck on "2.5 In FlashTool - Flash the FTF in flashmode. Make sure to select the checkboxes under Wipe. (Takes 10 minutes)" all i get is a window with source folder, device, branding, version. and I don't see the word wipe at all

greenkabbage said:
The tutorial covers backing up the TA partition that holds the Sony DRM stuff that's used by the camera (and maybe some other stuff).
This is "just in case" the DRM work around stops working, or if something in the future requires the actual TA partition to have the data there.
If you don't care about anything that is affected by the DRM stuff and don't care that not having a backup could prove to be detrimental in the future, you do only need the few steps of 1) unlock bootloader, 2) flash twrp, 3) flash supersu.
Click to expand...
Click to collapse
Gotcha. I see no reason to worry about backing up ta, the fix has been working for nearly 7 months and no reported troubles

ISO_Metric said:
you should make a video on how to do this (this is my 1st time rooting and i am completely lost)
Click to expand...
Click to collapse
If this rooting turortial is too difficult try this: http://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294
With this app, you can fully debloat your phone on a completely stock firmware, locked bootloader etc. Because its your phone is not rooted though, you cannot get Xposed framework or CM13, or other advanced stuff - but for those of us who wanted root just to clean up our devices - this method is definitly the best!

1|[email protected]:/ $ /data/local/tmp/iovyroot /data/local/tmp/backup.sh
iovyroot by zxz0O0
poc by idler1984
Error: Device not supported
Someone knows ho to solve this error in step 3.2? Thank you in advance for the help

can I do this tutorial with 32.0.A.6.152 in step 2 and 32.2.A.0.256 in step 5 ?

sheraro said:
can I do this tutorial with 32.0.A.6.152 in step 2 and 32.2.A.0.256 in step 5 ?
Click to expand...
Click to collapse
There is a .256 firmware?

flopower1996 said:
There is a .256 firmware?
Click to expand...
Click to collapse
sorry .253 , I found that iovyroot works only with .200 for E5823 so never mind

Hi all, sorry for the dumb question, but is there any hope for a root without the bootloader unlocked?

gabbodj95 said:
Hi all, sorry for the dumb question, but is there any hope for a root without the bootloader unlocked?
Click to expand...
Click to collapse
No

Thank you
Hi @Dean F , I appreciate your effort to simplify the steps here as it's a bit messy from the original post.
I've been rooting from Xperia Ray to Xperia Z1 but Z5 have been very challenging for me probably due to the lack of understanding from "How to root post" before you actually made this one.
Thank you my friend :good:

Pardon me for being an idiot

Hello Dean F!
Thanks for this tutoial. But before I'll try this, I have two quetions:
1) How do I use your steps WITH restoring the backuped TA-partition?
2) Is the descriped process also usable with a Xperia Z3 Tablet?
Thanks and greetings from GErmany
"klausstoertebeker"

hi,
i cannot download 32.0.A.6.200_R2B from XperiFirm,
"unable to read data from the transport connection: The connection was closed."
i tried like 10 times, and always same i cannot download until done,
are you or member in here know where i can download firmware 32.0.A.6.200_R2B (E5803) for unlock and rooting my phone?
thankyou very much
nb: sorry for my bad english.

bintangsofyan said:
hi,
i cannot download 32.0.A.6.200_R2B from XperiFirm,
"unable to read data from the transport connection: The connection was closed."
i tried like 10 times, and always same i cannot download until done,
are you or member in here know where i can download firmware 32.0.A.6.200_R2B (E5803) for unlock and rooting my phone?
thankyou very much
nb: sorry for my bad english.
Click to expand...
Click to collapse
Hi, you should download the AU Telstra. That's the only working one for that firmware. You can check the firmware of AU Telstra to double confirm if it's the right firmware.

How to root 32.0.A.6.200 please?

ROOTED STOCK KERNELS 1APRIL2017- 32.3.A.2.33 (E6833 E6853 E6883)+ twrp

UPDATE 1-APRIL-2017
I am updating repository for stock modified kernels+twrp3.02 installed for 32.3.A.2.33
https://mega.nz/#F!7VwRCaLQ!GNKLGiggp_TebbBRO1QSug
32.3.A.2.33 for all variants (E6833 E6853 E6883) + twrp Installed
I have used following configuration
Code:
- Unpacking initramfs
- Detected platform: 64-bit
- Detected Android version: 7.0
- dm-verity is enabled. Disable? (Say yes if you modify /system) [Y/n] Y
Disabling dm-verity
- Sony RIC is enabled. Disable? [Y/n] Y
Disabling Sony RIC
- Install TWRP recovery? [Y/n] Y
Installing TWRP
Compressing TWRP image
- Found superuser.zip. Install? [Y/n] N
- Install DRM fix? [Y/n] Y
- Install busybox? [Y/n] N
- Creating new initramfs
- Creating boot image
- Cleaning up
-----------------------------------------------------------------------------------------------
I have been asked to SIMPLY state down Root method for
- Xperia z5p on 32.3.A.0.376 Android N- all three variants (E6833 E6853 E6883)
- Xperia z5p on 32.3.A.0.378 Android N - E6853 ( NOBA) (EU)
Prerequisites
1. you are running 32.3.A.0.376 and usb debugging from developer options is ON. IF YOU DON"T KNOW HOW TO ENABLE USB DEBUGGING then THIS POST IS NOT FOR YOU. PLEASE READ POSTS (referenced below) TO UNDERSTAND FLASHING TECHNIQUES
2 unlocked boot loader
3. if DRM KEYS / TA.img you have manage to extract some how then read below post having details to restore
Reference
all kernels are modified using kit by @tobias.waldvogel , 5.21 / 5.22 and E6883 by 5.23
https://forum.xda-developers.com/xp...oot-automatic-repack-stock-kernel-dm-t3301605
https://forum.xda-developers.com/z5...ting-xperia-z5-z5p-variants-drm-keys-t3437902
METHOD
please download
1. 32.3.A.0.376_E68XX.img of your variant
2. superuser-r259 (put it in sdcard)
2a. phh_SuperUser_v1.0.3.3.apk (put it in sdcard)
3. if you want to use SUPERSU then skip 2 and 2a then download UPDATE-SuperSU-v2.79-20161211114519.zip and put it in sdcard
4. flash the KERNEL , reboot into recovery
5 flash superuser-r259 OR superSU
5a. reboot mobile and and install superuser.apk
6. if you had flashed superSU then skip "5a"
repository https://mega.nz/#F!3FYhTbSC!9MraM-zYNRNMPzmTkSSs9g
MAKE /SYSTEM WRITABLE
in order to remove system apps and install ADAWAY
from playstore
1. install busybox, open, grant it root access, INSTALL
2. install terminal for android, open and
type these lines and enter one by one in terminal
Code:
Code:
su
mount -o rw,remount /system
DONE
Code:
- dm-verity is enabled. Disable? (Say yes if you modify /system) [Y/n] Y
- Sony RIC is enabled. Disable? [Y/n] Y
- Install TWRP recovery? [Y/n] Y
- Install kcal kernel module? [Y/n] N
- Install DRM fix? [Y/n] Y
- Install busybox? [Y/n] N
thanking members for providing kernels @ytheekshana @luongvancanh , @ayhanornek , @atif_afzal , @ayhanornek

Thank you, it was simpler.

thanks great work. keep this

Great

Thank you for your instructions!
I have some questions in order to make clear some issues:
1) I am at 32.2.A.0.253 rooted by your method in the other post. Should I update to Nougat first and then do this process?
2) What about the DRM keys? Were they lost? Were they "imaged"? Will they be lost now with this process?

konstantinos3 said:
Thank you for your instructions!
I have some questions in order to make clear some issues:
1) I am at 32.2.A.0.253 rooted by your method in the other post. Should I update to Nougat first and then do this process?
2) What about the DRM keys? Were they lost? Were they "imaged"? Will they be lost now with this process?
Click to expand...
Click to collapse
sir
you are on oct2016 version of MM, .305 came in december16, .372 in jan17 and now inf feb .376 is the latest one.
1. YES you MUST upgrade to 32.3.A.0.376 to do the process explained above. (i.e. if you want to upgrade)
2. I am assuming that your BOOTLOADER is LOCKED and you NEVER send your imei keys to SONY asking for BOOTUNLOCKER code.
if yes then
- your DRM KEYS are intact. and you cannot ROOT it and the process above is NOT for you.
- in order to have root access, you must first research and find tools such as dirty cow script in order to EXTRACT drm KEYS -- OR downgrade to android 5.1.1 (Dec 2015 stockrom of Z5x) and use Ivory ROOT or KINGROOT to gain root access and EXTRACT DRMKEYS.
- at this point if you simply unlock your bootloader, your DRM KEYS and TA img will be wiped.

YasuHamed said:
sir
you are on oct2016 version of MM, .305 came in december16, .372 in jan17 and now inf feb .376 is the latest one.
1. YES you MUST upgrade to 32.3.A.0.376 to do the process explained above. (i.e. if you want to upgrade)
2. I am assuming that your BOOTLOADER is LOCKED and you NEVER send your imei keys to SONY asking for BOOTUNLOCKER code.
if yes then
- your DRM KEYS are intact. and you cannot ROOT it and the process above is NOT for you.
- in order to have root access, you must first research and find tools such as dirty cow script in order to EXTRACT drm KEYS -- OR downgrade to android 5.1.1 (Dec 2015 stockrom of Z5x) and use Ivory ROOT or KINGROOT to gain root access and EXTRACT DRMKEYS.
- at this point if you simply unlock your bootloader, your DRM KEYS and TA img will be wiped.
Click to expand...
Click to collapse
Thank you for your immediate answer.
In my post above, I wrote that I have my device rooted following your initial method, in which unlocking the bootloader is necessary, so my BL is certainly unlocked.
After rooting, I hadn't restored DRM keys, because the kernel has simulation.
So the question remains: what shall I do now about the DRM keys during this process?
Thank you very much in advance

konstantinos3 said:
Thank you for your immediate answer.
In my post above, I wrote that I have my device rooted following your initial method, in which unlocking the bootloader is necessary, so my BL is certainly unlocked.
After rooting, I hadn't restored DRM keys, because the kernel has simulation.
So the question remains: what shall I do now about the DRM keys during this process?
Thank you very much in advance
Click to expand...
Click to collapse
Sir
i am sorry i overlooked the part you mentioning your Root / UB status.
the answer is NO its not necessary! since the modified kernels have DRM FIX, it should work just fine.
please upgrade to .376 and flash your kernel, install superuser or superSU.
later to give /system RW access, please follow the codes to be run in TERMINAL for ANDROID app.

YasuHamed said:
I have been asked to SIMPLY state down Root method for
- Xperia z5p update on 32.3.A.0.376 Android N
I have patched kernels and all three variants (e6833 e6853 e6883)
Prerequisites
1. you are running 32.3.A.0.376 and usb debugging from developer options is ON. IF YOU DON"T KNOW HOW TO ENABLE USB DEBUGGING then THIS POST IS NOT FOR YOU. PLEASE READ POSTS (referenced below) TO UNDERSTAND FLASHING TECHNIQUES
2 unlocked boot loader
3. if DRM KEYS / TA.img you have manage to extract some how then read below post having details to restore
Reference
all kernels are modified using kit by @tobias.waldvogel , 5.21 / 5.22 and E6883 by 5.23
https://forum.xda-developers.com/xp...oot-automatic-repack-stock-kernel-dm-t3301605
https://forum.xda-developers.com/z5...ting-xperia-z5-z5p-variants-drm-keys-t3437902
METHOD
please download
1. 32.3.A.0.376_E68XX.img of your variant
2. superuser-r259 (put it in sdcard)
2a. phh_SuperUser_v1.0.3.3.apk (put it in sdcard)
3. if you want to use SUPERSU then skip 2 and 2a then download UPDATE-SuperSU-v2.79-20161211114519.zip and put it in sdcard
4. flash the KERNEL , reboot into recovery
5 flash superuser-r259 OR superSU
5a. reboot mobile and and install superuser.apk
6. if you had flashed superSU then skip "5a"
repository https://mega.nz/#F!3FYhTbSC!9MraM-zYNRNMPzmTkSSs9g
MAKE /SYSTEM WRITABLE
in order to remove system apps and install ADAWAY
from playstore
1. install busybox, open, grant it root access, INSTALL
2. install terminal for android, open and
type these lines and enter one by one in terminal
Code:
Code:
su
mount -o rw,remount /system
DONE
thanking members for providing kernels @ytheekshana @luongvancanh , @ayhanornek , @atif_afzal , @ayhanornek
Click to expand...
Click to collapse
Thanks for your help.
I have just flash 32.3.A.0.376_E6883.img, ok.
But It cannot into recovery mode (I press power+vol down button when restart phone)
I don't kown the file 32.3.A.0.376_E6883.img included recovery or not yet!
Please help me: Do I need flash recovery files? And where link can I download recovery files?
Thanks for next help.

You need to install drmky after you are root.

luongvancanh said:
Thanks for your help.
I have just flash 32.3.A.0.376_E6883.img, ok.
But It cannot into recovery mode (I press power+vol down button when restart phone)
I don't kown the file 32.3.A.0.376_E6883.img included recovery or not yet!
Please help me: Do I need flash recovery files? And where link can I download recovery files?
Thanks for next help.
Click to expand...
Click to collapse
just press power button,
on sony logo, press volume up / down and as LED turns AMBER, you will be taken to twrp

YasuHamed said:
I have been asked to SIMPLY state down Root method for
- Xperia z5p update on 32.3.A.0.376 Android N
I have patched kernels and all three variants (e6833 e6853 e6883)
Prerequisites
1. you are running 32.3.A.0.376 and usb debugging from developer options is ON. IF YOU DON"T KNOW HOW TO ENABLE USB DEBUGGING then THIS POST IS NOT FOR YOU. PLEASE READ POSTS (referenced below) TO UNDERSTAND FLASHING TECHNIQUES
2 unlocked boot loader
3. if DRM KEYS / TA.img you have manage to extract some how then read below post having details to restore
Reference
all kernels are modified using kit by @tobias.waldvogel , 5.21 / 5.22 and E6883 by 5.23
https://forum.xda-developers.com/xp...oot-automatic-repack-stock-kernel-dm-t3301605
https://forum.xda-developers.com/z5...ting-xperia-z5-z5p-variants-drm-keys-t3437902
METHOD
please download
1. 32.3.A.0.376_E68XX.img of your variant
2. superuser-r259 (put it in sdcard)
2a. phh_SuperUser_v1.0.3.3.apk (put it in sdcard)
3. if you want to use SUPERSU then skip 2 and 2a then download UPDATE-SuperSU-v2.79-20161211114519.zip and put it in sdcard
4. flash the KERNEL , reboot into recovery
5 flash superuser-r259 OR superSU
5a. reboot mobile and and install superuser.apk
6. if you had flashed superSU then skip "5a"
repository https://mega.nz/#F!3FYhTbSC!9MraM-zYNRNMPzmTkSSs9g
MAKE /SYSTEM WRITABLE
in order to remove system apps and install ADAWAY
from playstore
1. install busybox, open, grant it root access, INSTALL
2. install terminal for android, open and
type these lines and enter one by one in terminal
Code:
DONE
thanking members for providing kernels @[email protected] , @ayhanornek , @atif_afzal , @ayhanornek
Click to expand...
Click to collapse
You might want to replace phh superuser with Magisk, I think it's been deprecated (at least topjohnwu's fork has been merged directly into Magisk)

exvargos said:
You might want to replace phh superuser with Magisk, I think it's been deprecated (at least topjohnwu's fork has been merged directly into Magisk)
Click to expand...
Click to collapse
I will try and let you know, so far the superuser support was only given because superSU having problems with battery drainage and reading sdcard in some cases

Thank you,
I work, does anyone know where the terminal on busybox?

Can u suggest me which busybox to instal? So many busybox on playstore..

kendork said:
Thank you,
I work, does anyone know where the terminal on busybox?
Click to expand...
Click to collapse
Terminal is another apk.. Not on busybox..

YasuHamed said:
just press power button,
on sony logo, press volume up / down and as LED turns AMBER, you will be taken to twrp[/QUOTE
Thank for YasuHamed, press volume up will be taken to twrp. We can not use volume down.
Click to expand...
Click to collapse

luongvancanh said:
YasuHamed said:
just press power button,
on sony logo, press volume up / down and as LED turns AMBER, you will be taken to twrp[/QUOTE
Thank for YasuHamed, press volume up will be taken to twrp. We can not use volume down.
Click to expand...
Click to collapse
i will keep that in mind
thank you
Click to expand...
Click to collapse

kendork said:
Thank you,
I work, does anyone know where the terminal on busybox?
Click to expand...
Click to collapse
https://play.google.com/store/apps/details?id=stericson.busybox

here terminal. https://play.google.com/store/apps/details?id=jackpal.androidterm&hl=tr
This program should come to the device originally because android linux already, but unfortunately they do not install.

[ROOT] [STOCK] [TWRP] Root Stock Firmware of Any Modern Sony Device

At first I created a guide about rooting stock Marshmellow of Sony Xperia Z5 Premium. After some time I realized that it may be useful to users of virtually any recent Sony phone or tablet, so here is my Sony Cross-Device general rooting thread. I will mostly copy-paste bits from my previous guide, but using renewed screenshots and firmwares'/tools' versions.
Please write back in this thread which model of Sony phone you was able to root with the help of this guide.
This guide does not work for MediaTek devices.
INTRODUCTION
Sony historically provides own versions of Android OS, modified for Sony phones. These firmwares with added Sony apps are known as a stock firmware, contrary to vanilla Android developed by Google.
This guide will lead you through the process of rooting the stock firmware for your particular Sony phone. At the same time, your phone will be supercharged with TWRP recovery image, a useful tool for things such as an installation of system behavior altering apps to a whole device backup including all system partitions.
WHY ROOT?
Sony, just as any other smartphone vendor, ships its devices without the ability to alter inner system workings of Android OS. Technically speaking, default OS only allows use of non-administrator accounts, which have access only to their own user space.
Rooting is a process of allowing access to the administrator account, also known as root. This enables a possibility to alter/remove system parts of the OS: apps, settings, behaviors. For example, with root access you can block ads system-wide, from apps to browsers.
WHAT ARE CAVEATS
During the rooting procedure, the unique DRM keys will be removed from the phone. These keys are used to make some proprietary Sony features work, such as X-Reality for Mobile, camera denoise filter etc.
During the course of this guide a so called DRM fix will be apllied, which effectively emulates DRM keys, so many Sony features remain in working condition, even without actual keys. Some features, such as Widevine, will not work but majority of typical users won't even notice this. I think most of you even don't know what Widevine is.
However, in this guide I will present a way to backup your DRM keys, if you still think you need them. I will not deep dive though, since I never bothered with DRM keys export/import procedure myself and have no experience in doing this.
Some apps will refuse to work on rooted device, Pokemon Go and Android Pay are couple of notorious examples. Research your apps for rooted device compatibility. If you find such app and cannot live without it, don't root your phone.
ACCOLADES
The rooting of Sony stock firmware will not be possible without the work of these brilliant community developers:
@Androxyde — Flashtool
@IgorEisberg — XperiFirm (integrated into Flashtool)
@Dees_Troy et al. — TWRP
@Chainfire — SuperSU
@topjohnwu — Magisk
@tobias.waldvogel — Kernel repack script and DRM fix
@zxz0O0 — iovyroot
@rayman — TA Backup v2
STEPS
The whole process of rooting your stock firmware is divided into the following steps:
Getting your phone recognized by your computer (driver installation).
(optional) Backup your DRM keys.
Unlocking a bootloader.
Flashing stock firmware with Flashtool.
Repacking and flashing a kernel.
Installing SuperSU or Magisk.
(optional) Restore your DRM keys.
Optional tasks.
After the completion of this guide, your phone contents will be completely erased, so you may want to backup all what is important to you to some external locations. External microSD card will not be erased, so you may copy your stuff to it. If you are already use some rooted Android, you may want to use some specialized tools like Titanium Backup or like. TWRP also have a nice backup features, if you have one already installed.
Also, use Sony's own Backup & reset tool from the settings. You may backup your local contacts, messages and much of such stuff directly to your microSD card. After the rooting, same tool may be used to restore some (or all) of these things back.
I usually make a whole backup with TWRP, Titanium Backup for user apps and the Sony's Backup & reset for conversations and call logs.
The guide was developed using Windows 10 Pro 64-bit and Sony Xperia Z5 Premium Dual-SIM E6883 official model for the Russian market.
Let's go.
1. GETTING YOUR PHONE RECOGNIZED BY YOUR COMPUTER (DRIVER INSTALLATION)
During the course of this guide, your phone will comminicate with your computer in Fastboot and Flashmode connection modes. When connected in these modes, for the phone to be properly recognized by a computer, you have to provide special drivers. Thanks to Flashtool creators, it comes bundled with generic drivers compatible with all recent Windows operating systems, so at first you should install Flashtool. You can get installer from the official website.
Next, you should install Fastboot and Flashmode drivers for your phone.
One caveat here however, these drivers are not from a "recognized Windows developer", that is they are not Windows-certified, so to get them installed on Windows 8/10, you should reboot with the disabled driver signature enforcement. Use Google to know how to perform this.
Once booted in the aforementioned mode (or in a regular mode if you are still on Windows 7), proceed to the actual driver installation. The drivers are packed into the Flashtool\drivers\Flashtool-drivers.exe executable, but it didn't work on my system, perhaps because it is 64-bit (but feel free to try it yourself), so I simply unarchived it with 7-Zip (right-clicked it and chose 7-Zip > Extract to "Flashtool-drivers"). I got a Flashtool-drivers folder, which contained all the drivers from the executable.
Once drivers are unpacked, connect your phone in a Fastboot mode. Recent Sony devices can boot in Fastboot just like this: shutdown the phone, press and hold Volume Up rocker button and connect USB cable to the phone while the other end is connected to a running PC. The phone's LED will turn blue shortly. That's it, you are in a Fastboot mode. Open Device Manager (Win + X, Device Manager) and check if there is some unknown device (with the name S1Fastboot or something like this).
Double-click this unknown device in the Device Manager, click Update Driver..., then Browse my computer for driver software, and choose the Flashtool-drivers folder created earlier with 7-Zip (leave Include subfolders checked). Shortly you will get a red warning dialog window, which inform you that this driver doesn't have a proper signature:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Very scary. Just proceed with the install despite all the red flags, it's safe.
Once Fastboot driver is installed, plug out the USB cable off the phone and connect it in a FlashMode mode. This is done just like for Fastboot, but in this case you should press and hold Volume Down rocker button during the cable plugging in. The LED in this case will be green and not blue. The procedure to install the driver is exactly the same.
After the successful installation, try to reconnect the phone in these modes again couple more times to make sure all devices get properly recognized by Windows. If all seems good, proceed to the next step.
2. (OPTIONAL) BACKUP YOUR DRM KEYS
I encourage you to skip this step, but if you feel like you should do this anyway, here is some info.
There is a tool called iovyroot, with which you can backup your DRM keys from an unrooted phone, but at the time of the writing it doesn't support latest firmwares. It does support a lot of older firmwares so it may be useful to not upgrade your phone before checking up this tool.
If you're into this backup DRM thing, go to the original thread, download the latest version and check if it is working for you. For now I just skip this step. Basically, you want to download the zip, connect your phone in USB Debugging mode, run the tabackup.bat script and see the output.
Some people suggest to use the newer Universal (Dirtycow-based) TA Backup v2 tool instead of ageing iovyroot to backup you keys. Please check the official thread to get instructions (linked in the previous sentence).
I will not cover DRM keys extraction/restore in details, since I never did it, so I don't want to write about something I haven't myself performed. Please check corresponding threads.
Note that most proprietary Sony features will work even without DRM keys, such as X-Reality for Mobile, camera denoise filter and some others. DRM fix will be covered later in this guide. Some features will not work with DRM fix, Widevine for example. Most users will not even notice these.
3. UNLOCKING A BOOTLOADER
Sony does provide its own guide. It is a plain and simple and — good news! — if you have followed the previous steps, you just got all the prerequisites covered!
4. FLASHING STOCK FIRMWARE WITH FLASHTOOL
Now we will flash the latest available Sony firmware to the phone. In this step it will be untouched vanilla firmware, without root yet.
The Flashtool was installed on the completion of the first step, so let's start it. If you are on 64-bit Windows, start Flashtool64 (there is a shortcut in the Start menu). It does require administrator privileges.
Once you are in Flashtool, at first you need to obtain the most recent official stock firmware from Sony. Press the "XF" icon (the right-most one in the toolbar) to start XperiFirm. This is where it is:
The window will open, choose your phone from the left part of the window, then choose your particular model and after that choose your market and operator from the right part of the window. The entry will become highlighted and shortly there will be some info in the last column (Latest Firmware). This definition will be also in the right-most part of the window just under the phone thumbnail, click on it. Not a brilliant design decision, but that's it. Here is a screenshot for your reference:
If there are multiple firmwares available, pick the more recent (typically the top-most). The new window will pop up, press Download. The stock firmware will be downloaded to your computer and unpacked.
Once the download is completed, close all XperiFirm windows to return to the main Flashtool window. Flashtool will begin a creation of the .ftf file from the downloaded resources which will be used for a (subsequent) flashing. FTF-files are similar to ZIP-files, and may be opened with 7-Zip. For example, I've got E6883_32.3.A.0.376_1299-4828_R3D.ftf after the completion of this procedure. Flashtool places firmwares in the C:\Users\<Your Windows Username>\.flashTool\firmwares.
Now, once the stock firmware is downloaded, packed into .ftf and ready to be installed, let's do this.
Disconnect and switch off the phone for now, physically extract microSD card (if any) and press the left-most button on the Flashtool's toolbar (the "Lightning" one) and choose Flashmode. The Firmware Selector window will appear with a selected default folder and list of all firmware available for a flashing. I've got a single entry, the firmware I just downloaded. Before actual flashing, you can check some checkboxes from the Wipe section, I usually check all to start clean (all the data on the phone is erased). Once again, just to be safe, extract the microSD card from the phone at this moment. It is not needed for a flashing anyway. Here is how the window looked to me:
After all is set up, press Flash. The flashing process is not yet begun, since at first Flashtool just prepares firmware for a flashing.
After a while, a window will appear which will ask you to connect your phone in the Flashmode mode. With your phone off, hold the Volume Down button, connect the USB cable. Once Flashtool detects the phone in the Flashmode mode, it will start the actual flashing automatically. You may release the Volume Down button and go get some snack. The flashing will take some time.
After the completion of the flashing procedure, you'll get a stock Sony firmware installed, and now it is perfect time to proceed to the next step. You may leave your phone off at this moment, but if you are curious, start it up and check if the new Android is actually there. Note however that first start after the firmware installation takes a long time.
5. REPACKING AND FLASHING A KERNEL
Now it is a most interesting part: repacking and flashing a stock kernel. This procedure will allow the actual rooting.
To get the stock firmware rooted, you need a way to install SuperSU or Magisk. These are tools which enable root access to the Android system. To install them, you need TWRP. To run TWRP, you need a kernel, which supports both TWRP and your Android version.
Thankfully you can extract the kernel from the .ftf file, prepared by Flashtool earlier. Then you repack it, integrate TWRP (and DRM fix) into it, and finally flash it to your phone back modified. Sound like a complex task but it's definitely achievable. I did it multiple times mostly without any issues.
At first you should extract the actual kernel from the .ftf file. Reminder: it's in the C:\Users\<Your Windows Username>\.flashTool\firmwares folder and may be titled E6883_32.3.A.0.376_1299-4828_R3D.ftf or something like this. Open it as an archive (right-click on a file, 7-Zip > Open archive) and extract kernel.sin. It's your phone's packed kernel.
If it is packed, obviously you need to unpack it. Thankfully the almighty Flashtool can do this. Open Flashtool, navigate to the Tools > Sin Editor, select a kernel.sin you've just extracted and press Extract data. As a result, you'll get a kernel.elf file in the same directory where your packed kernel is residing. As you may have guessed, kernel.elf is an unpacked kernel. It can be modified, repacked and flashed back to the phone. Let's do this.
You will need a Stock kernel repack script from @tobias.waldvogel. Here is the original thread. Author of the script mentioned, that now it is hosted on GitHub, so let's just grab the latest version from there. Here is the link to the repository. In the upper-right corner there is a Clone or download button you may push it and choose Download ZIP from the menu. The script will be downloaded.
Once the contents of the zip-file with script are extracted to some directory, copy the kernel.elf there and summon command prompt in this directory (right-click in the empty space of this folder in File Explorer with the Shift button pressed and choose Open command window here).
In the command line type the following:
Code:
rootkernel.cmd kernel.elf boot.img
You'll get some questions about adding some features/tools to your kernel, feel free to answer "Yes" (type Y) to all of them. Screenshot for your reference:
If all went smoothly, you'll get a repacked kernel, boot.img in the script folder, supercharged with TWRP and DRM fix, and most importantly, which also supports rooting. Now it is time to flash it to your phone.
ATTENTION! Since the script is mostly unsupported, when new firmware get released, its kernel modules are not getting automagically added to the script package. You will get "Skipping TWRP recovery. No kernel modules for 3.10.84-perf-XXXXXXX available" error due to this. But don't worry, you can extract the required modules yourself from the firmware.
1. Open the FTF-file (firmware you downloaded) with 7-Zip, and extract system.sin file.
2. Open Flashtool, navigate to Tools > Sin Editor, choose this system.sin file, push Extract data. You'll get system.ext4 in the same directory.
3. Use the cool free Ext2Read tool to get into the ext4 filesystem in the system.ext4 (File > Open Image). Linux users can mount this filesystem as usual. Once you get into the filesystem, go to the lib/modules directory and grab the following files from there (Tools > Save):
core_ctl.ko
ecryptfs.ko
kscl.ko
mhl_sii8620_8061_drv.ko
texfat.ko
4. Once you get these files, create the 3.10.84-perf-XXXXXXX folder in the script's Android\twrp_common_kmodules directory. In my case I created 3.10.84-perf-g5e25a09 folder, just as was mentioned in the script's output in the console (when it complained about Skipping TWRP recovery). Copy these 5 files into this newly created folder.
5. Voilà! Re-run the script and see that now TWRP gets properly integrated! Thanks to @sceryavuz for his initial instructions. I just elaborated them a bit.
When all is clear, turn off your phone if it's on and connect it in a Fastboot mode: hold the Volume Up rocker button and connect USB cable. The LED on the phone will turn blue. Release the button.
Flashing images in this mode is typically done with a fastboot.exe from the Android SDK. Android SDK weighs many gigabytes but thankfully you don't need it. Fortunately Flashtool contains fastboot.exe from the SDK. It's in the Flashtool\x10flasher_lib folder. For the brevity of the following steps, I assume you have all necessary files there. To make it true, copy the newly generated boot.img to this folder.
Now Shift-right-click in the empty space of this folder window and choose Open command window here entry from the context menu. Windows console will appear.
At first try this command:
Code:
fastboot.exe devices
If all is good, there will be one device in the output of this command, just like this:
If not, perhaps there is some driver issue, so head back to the step #1 and make sure the drivers are installed correctly.
If your device is shown correctly, let's flash some files to the phone. Execute the following command to flash the modified kernel:
Code:
fastboot.exe flash boot boot.img
The proper output of this command will be like this:
If you get any errors, the first and more likely reason is that you still have a locked bootloader. Head to the step #3 to verify its state and unlock it if necessary.
If there were no errors — congratulations! — you now just flashed a stock kernel supercharged with TWRP recovery and DRM fix. You're almost done! You may plug out the cable from your phone. If you are attentive to the details, you'll notice that now, once your phone is started, its LED turns amber for 2-3 seconds. This is a special signal for those looking to boot into a recovery (TWRP). But you don't have to start your phone yet.
Although @tobias.waldvogel claims his script is able to also integrate SuperSU during the kernel repacking, I didn't managed to get this working, so the SuperSU (or Magisk) installation is a separate step in my guide. The next step.
6. INSTALLING SUPERSU OR MAGISK
Now when you have TWRP in place and latest Android installed, let's install SuperSU to it. SuperSU distributed in a TWRP-friendly .zip archives, so you should copy one to your microSD card. I used version 2.79 from here. Download TWRP / FlashFire installable ZIP, not the APK. At the time of your reading, there probably will be some newer versions available, feel free to install them them instead. Copy the downloaded ZIP-archive to your microSD. Don't bother to unpack the ZIP.
Once SuperSU zip-file is copied to your microSD card, place it into your phone and reboot to recovery (TWRP). To do this restart or power up your phone and look at the LED. Once it lights amber, press Volume Up rocker button and you'll get into recovery — TWRP. In my case it was TWRP v3.0.2-0.
To install SuperSU, press Install, go to the /external_sd and select the .zip (in my case SuperSU-v2.79-201612051815.zip). Swipe right to confirm installation. Once it is installed, press Reboot System button. Phone will reboot twice. Do not interfere with the process during these multiple reboots, the things are getting done, so just wait once Android is started. When it's started, the phone is rooted and functional!
If you would like to install Magisk instead, the instructions are exactly the same. Grab the latest ZIP from the original thread and flash it with TWRP. That's it!
7. (OPTIONAL) RESTORE YOUR DRM KEYS
If you had successfully backed up your DRM keys in step #2, it is now time to restore it back to the device. There is a flash_dk.cmd script shipped with the Root kernel repack script you used in the previous step. flash_dk.cmd can be used to flash the DRM partition back to your phone.
At first prepare the flashable .ftf:
Code:
flash_dk.cmd <ta backup image> dk.ftf
And then flash dk.ftf via Flashtool, just like you flashed the whole firmware in the step #4, but don't wipe anything this time.
8. OPTIONAL STEPS
8.1. Xposed installation
If you use Lollipop and later, you should install Xposed APK from here. At the time of writing there is XposedInstaller_3.0_alpha4.apk installer there.
Once APK is installed, grab the latest .zip from the repository, I've got xposed-v86-sdk23-arm64.zip. Install it in a regular TWRP way covered in step #6.
Once all these steps are done, you should have Xposed Installer app in your phone, and if you open it and check Framework section, if everything is alright, there will be text in green, something like "Xposed framework version 86 is active".
8.2. Resolving Voice Search and random volume up/down issues while using regular headphones
See this thread.
8.3. Disable startup notification if there is a newer firmware available
Some people get annoyed by a persistent notification, which is displayed once the new firmware become available (new Android version from Sony). Rooted users cannot just tap it and update over-the-air, because they need to perform a complex rooting procedure in beforehand (covered in this guide). It is possible to disable this notification. You may get these notifications by email anyway.
The easiest and safest way is to use some autorun manager. I used Autorun Manager Pro and disabled all receivers of system apps com.sonymobile.fota.service, fota update service and Software update. Notification vanished after a restart.
You may even freeze or remove these apps via some app manager like Titanium Backup Pro.
8.4. Disable that damned green LED light while phone is charged and attached to the cable or docked
This is a historic Xperia behavior, not easily fixable without the root. The notorious green LED is on all night no matter which settings you set up. In fact, there is no setting to switch it off.
However, if you are rooted, you can solve this issue easily. One method is to install a free Light Flow - LED Control app. Once it is installed, you need to enable the following settings in the Settings > Device Settings and Root section: Direct mode, Root mode and Run every command as root. Then you can mess around with individual notifications in the Notification settings, but I just cleared all in there and hey! — the annoying green LED is gone!
THAT'S IT
At this point you have a stock Sony Android enhanced with root privileges. SuperSU / Magisk app is also installed, so you are ready to use root right away. SuperSU now can be updated in a regular way via Play Store. Magisk has it's own updating capabilities.
P.S. WHEN NEW FIRMWARE IS AVAILABLE
Once the new firmware is released, you may perform the same procedure for it beginning from the step #4, but if it is a minor upgrade, you may want not to wipe anything during Flashtool flashing this time. If it is a major upgrade, e.g. Marshmallow > Nougat, you probably may want to start with a clean system and wipe all.

Fragmentation said:
Getting your phone recognized by your computer (driver installation).
(optional) Backup your DRM keys.
Unlocking a bootloader.
Flashing stock firmware with Flashtool.
Repacking and flashing a kernel.
Installing SuperSU.
(optional) Restore your DRM keys.
Optional tasks.
Click to expand...
Click to collapse
I'm pretty sure that once you have unlocked the bootloader, the easiest thing at that point is to use fastboot to flash a custom kernel/recovery, then boot to recovery, flash su, then reflash your original kernel. Then you're rooted.
Plus, rooting is easy now even with locked bl, since we have Kingroot, and new Sony bootloader with real recovery.
(However, I can't say for sure on every device... I appreciate you taking the time to post...)

levone1 said:
I'm pretty sure that once you have unlocked the bootloader, the easiest thing at that point is to use fastboot to flash a custom kernel/recovery, then boot to recovery, flash su, then reflash your original kernel. Then you're rooted.
Click to expand...
Click to collapse
Hey. If you'd say this to my mom, I'm sure she'll not understand any of these. And with this guide she at least have some chance of success.

levone1, why at the end would you flash your original kernel again instead of just running your custom kernel that you made like in the guide?

F2a said:
levone1, why at the end would you flash your original kernel again instead of just running your custom kernel that you made like in the guide?
Click to expand...
Click to collapse
If you flash stock-based kernel via boot.IMG in fastboot that will work with your stock ROM, great, keep it. I was just imagining easiest thing to be to flash, for example, CM boot IMG, just to be able to get into recovery to flash su. Usually stock-based kernels are zips, with other things besides just boot IMG. What I've usually done with unlocked BL and stock ROM is use fastboot to flash CM boot and recovery IMG, then go to recovery and flash supersu, then use flashtool to flash kernel only of stock ROM. Once you reboot, rooted, you can do whatever from there.

Which ROM have you flashed to 6883. The Nougat?

levone1 said:
If you flash stock-based kernel via boot.IMG in fastboot that will work with your stock ROM, great, keep it. I was just imagining easiest thing to be to flash, for example, CM boot IMG, just to be able to get into recovery to flash su. Usually stock-based kernels are zips, with other things besides just boot IMG. What I've usually done with unlocked BL and stock ROM is use fastboot to flash CM boot and recovery IMG, then go to recovery and flash supersu, then use flashtool to flash kernel only of stock ROM. Once you reboot, rooted, you can do whatever from there.
Click to expand...
Click to collapse
I am not quite sure what you mean tbh so forgive me if I missunderstand.
stock kernels are not zips they come in .elf hence the use of rootkernel to unpack/repack it to something more manageable. nowadays supersu makes changes to this partition once flashed, so if you flash stock kernel.sin containing kernel.elf again from flashtool changes will be reverted and you loose root.
the easiest way to get into twrp recovery without flashing anything is to just fastboot it.

nigeta_gr said:
Which ROM have you flashed to 6883. The Nougat?
Click to expand...
Click to collapse
Yes, the latest official firmware available for Z5P (E6883) is Nougat (7.0). I flashed it during the assembly of this guide.

I suppose it will work with my E6833 as well.
Fragmentation said:
Yes, the latest official firmware available for Z5P (E6883) is Nougat (7.0). I flashed it during the assembly of this guide.
Click to expand...
Click to collapse

nigeta_gr said:
I suppose it will work with my E6833 as well.
Click to expand...
Click to collapse
I'm sure it will.

Fragmentation said:
At first I created a guide about rooting stock Marshmellow of Sony Xperia Z5 Premium. After some time I realized that it may be useful to users of virtually any recent Sony phone, so here is my Sony Cross-Device general rooting thread. I will mostly copy-paste bits from my previous guide, but using renewed screenshots and firmwares'/tools' versions.
Click to expand...
Click to collapse
Ogromnoye spasibo bratan!
This helped me tremendously, just wanted to say thanks!
FYI, I'm using latest Nougat 333 UK firmware on Xperia X F5121 US version --- so that my fingerprint scanner works. Got stuck in a boot loop after installing TWRP but after reading your thread, I fully understood and fixed the reason why. The root tool from GitHub worked kinda --- meaning I had busybox and others but no su binary I still had to install SuperSU.zip via TWRP to actually have root. You documented a similar experience.

JZ SmartMort said:
Ogromnoye spasibo bratan!
This helped me tremendously, just wanted to say thanks!
FYI, I'm using latest Nougat 333 UK firmware on Xperia X F5121 US version --- so that my fingerprint scanner works. Got stuck in a boot loop after installing TWRP but after reading your thread, I fully understood and fixed the reason why. The root tool from GitHub worked kinda --- meaning I had busybox and others but no su binary I still had to install SuperSU.zip via TWRP to actually have root. You documented a similar experience.
Click to expand...
Click to collapse
You're welcome, zemlyak! Sure, for root you definitely need SuperSU, it just won't work without it this way. It's a shame US versions of Xperias don't have fingerprint scanner activated, but it's cool to hear, that flashing another region firmware helps.

Hi, I followed everything until the part where I need to flash the modified kernel in step 5. There is no error messages. the output is exactly like the screen captures. When I start the phone, I don't see the amber light. I cannot proceed. Where did I go wrong? Appreciate any help available.
Edit: Used a rooted stock kernel from another thread. Seems to work. Still not sure what I missed out though.

viperc said:
Hi, I followed everything until the part where I need to flash the modified kernel in step 5. There is no error messages. the output is exactly like the screen captures. When I start the phone, I don't see the amber light. I cannot proceed. Where did I go wrong? Appreciate any help available.
Edit: Used a rooted stock kernel from another thread. Seems to work. Still not sure what I missed out though.
Click to expand...
Click to collapse
Hey. If the phone don't turn on amber light for a while during the boot up, then TWRP is not there.
If you used the kernel repack script I mentioned in the guide with a very recent Sony's firmware, probably you didn't notice, that TWRP has not been integrated into the kernel due to some error. It is because this script should be frequently updated to work with any newly released firmware, and Tobias, its author, apparently have not time to do this.
However, you can update the script yourself, following this procedure.

viperc said:
Hi, I followed everything until the part where I need to flash the modified kernel in step 5. There is no error messages. the output is exactly like the screen captures. When I start the phone, I don't see the amber light. I cannot proceed. Where did I go wrong? Appreciate any help available.
Edit: Used a rooted stock kernel from another thread. Seems to work. Still not sure what I missed out though.
Click to expand...
Click to collapse
I don't have the amber LED light on boot up on my X Compact but everything works fine. I can't seem to find it but I recall reading somewhere an actual reason why I didn't see it but as far as I know it's not a problem.
Edit: Simple check, reboot and hold volume down. Do you enter TWRP? I do even though I never see the amber led.

F2a said:
I don't have the amber LED light on boot up on my X Compact but everything works fine. I can't seem to find it but I recall reading somewhere an actual reason why I didn't see it but as far as I know it's not a problem.
Edit: Simple check, reboot and hold volume down. Do you enter TWRP? I do even though I never see the amber led.
Click to expand...
Click to collapse
Maybe it wasn't a proper kernel for your rom or device, I also experienced some errors including yours but at last (after 12 try) I found a working kernel for me. I really don't know what the problem is, sometimes it just doesn't work...

Fragmentation said:
Hey. If the phone don't turn on amber light for a while during the boot up, then TWRP is not there.
If you used the kernel repack script I mentioned in the guide with a very recent Sony's firmware, probably you didn't notice, that TWRP has not been integrated into the kernel due to some error. It is because this script should be frequently updated to work with any newly released firmware, and Tobias, its author, apparently have not time to do this.
However, you can update the script yourself, following this procedure.
Click to expand...
Click to collapse
Thanks. I will look into that again when my region's Sony release the latest firmware.
F2a said:
I don't have the amber LED light on boot up on my X Compact but everything works fine. I can't seem to find it but I recall reading somewhere an actual reason why I didn't see it but as far as I know it's not a problem.
Edit: Simple check, reboot and hold volume down. Do you enter TWRP? I do even though I never see the amber led.
Click to expand...
Click to collapse
Interesting, didn't try that lol. I used another pre-rooted sick kernel to flash after my attempt failed. I can see the amber led now with the other kernel.

Tried again after re-downloading the script. It's working now. Thanks.

if not do drm-fix, and flash dk.ftf with old flashtool, the result is" FIDO KEYS NOT PROVISONED PROVISION FAILED"
any way to fix this?

This thread is a complete guide and must be sticked, Thanks :fingers-crossed:
You should add backupTA-V2 for Lollipop devices..
Thread : https://forum.xda-developers.com/crossdevice-dev/sony/universal-dirtycow-based-ta-backup-t3514236
iovyroot method is very old..

Help me to twrp/root/xposed/kernel my XC

Hi,
I'll received my XC this week, and I'd like to root it.
I don't want a custom ROM, but just a stock one with xposed and remove some bloatwares.
Here are my needs:
keep DRM
latest stock rom
twrp
untouched system partition
easy OTA
XC Genesis kernel
xposed + module
Do you think it possible to achieve such a configuration?
How-to?
Thanks
EDIT: I'll update this post to make it an HOW-To for futures users with same questions.

Assuming you're unable to unlock your BL the steps are as follows...
Flash back to 198.
Backup your TA.
Unlock your BL
Update to 311
Extract kernel - ftf/sin/elf
Run elf through Rootkernel_v5.23 - (In cmd prompt window - rootkernel kernel.elf boot.img)
Create DK ftf with Rootkernel_v5.23 (In cmd prompt window - flash_dk TA-19022017.img DK.ftf)
Flash new boot.img
Flash TWRP.img
Flash Super User zip
Flash DK.ftf with Flashtool 9.22
...and that should be it.

Latest stock Rom + xposed will not be possible...

mika91 said:
Hi,
I'll received my XC this week, and I'd like to root it.
I don't want a custom ROM, but just a stock one with xposed and remove some bloatwares.
Here are my needs:
keep DRM
latest stock rom
twrp
untouched system partition
easy OTA
XC Genesis kernel
xposed + module
Do you think it possible to achieve such a configuration?
How-to?
Thanks
EDIT: I'll update this post to make it an HOW-To for futures users with same questions.
Click to expand...
Click to collapse
Forget about OTA when rooted...

I though that using xposed leave the system partition untouched, so OTA updates are possible...

mika91 said:
I though that using xposed leave the system partition untouched, so OTA updates are possible...
Click to expand...
Click to collapse
OTA is not possible once bootloader is unlocked. System partition touched or not played no role.

ok.
So if I want root the XC, I have to unlock the bootloader, loose DRM and ota?
How is the camera quality without the drm keys?
Thanks

mika91 said:
ok.
So if I want root the XC, I have to unlock the bootloader, loose DRM and ota?
Click to expand...
Click to collapse
See my post to get a rooted stock with DRM.

mika91 said:
ok.
So if I want root the XC, I have to unlock the bootloader, loose DRM and ota?
How is the camera quality without the drm keys?
Thanks
Click to expand...
Click to collapse
You HAVE to unlock. There is NO root on LOCKED bootloader.
Unlocking bootloader deletes TA partition, containing DRM keys. You should BACKUP your TA partition BEFORE unlocking using DirtyCow Backup tool from Sony Cross Devices forum.
After unlocking, you can either flash kernel that supports DRM patching either by using fake DRM libraries, or your real DRM keys, either flashed in alternative location (see RootKernel tool in Z5 forums, works on almost all modern Xperias) or PoC TA tool from Sony Cross devices, that mounts your TA backup as TA partition, therefore your phone looks as having DRM keys and locked.

XperienceD said:
Assuming you're unable to unlock your BL the steps are as follows...
Flash back to 198.
Backup your TA.
[*]Unlock your BL
[*]Update to 311
[*]Extract kernel - ftf/sin/elf
[*]Run elf through Rootkernel_v5.23 - (In cmd prompt window - rootkernel kernel.elf boot.img)
[*]Create DK ftf with Rootkernel_v5.23 (In cmd prompt window - flash_dk TA-19022017.img DK.ftf)
[*]Flash new boot.img
[*]Flash TWRP.img
[*]Flash Super User zip
[*]Flash DK.ftf with Flashtool 9.22
...and that should be it.
Click to expand...
Click to collapse
Would you mind detailing a bit more those steps, especially the first 2? Im coming from a really old phone so im still a bit lost. (where can i learn about ftf/sin/elf?)
How can we flash back to 198? Flashing doesnt require an unlocked BL, wich to be achieved deletes your TA?
im on a brand new X Compact, 7.0 (34.2.A.0.292), secure patch 01/01/17
managed to get flashtool, adb/fastboot and Universal TA Backup v2 on my pc but no dice on TA backup yet

fredsky2 said:
Would you mind detailing a bit more those steps, especially the first 2? Im coming from a really old phone so im still a bit lost. (where can i learn about ftf/sin/elf?)
Click to expand...
Click to collapse
Sure. You don't really need to learn about those stuff but is handy to know, you'll pick stuff up along the way. They are basically firmware files.
fredsky2 said:
How can we flash back to 198? Flashing doesnt require an unlocked BL, wich to be achieved deletes your TA?
Click to expand...
Click to collapse
Open the flashtool and run Xperifirm (icon with XI) on it, then browse to the XC, then click on F5321 and it will load up the different regions and available firmware. If you click on "check all" it will then show which FW is available to download, Central Europe 5 still shows as 198, so you need to select it on the right of the screen under the picture of the phone, it will then download and it's simply a matter of following the instructions to flash it.
fredsky2 said:
im on a brand new X Compact, 7.0 (34.2.A.0.292), secure patch 01/01/17
managed to get flashtool, adb/fastboot and Universal TA Backup v2 on my pc but no dice on TA backup yet
Click to expand...
Click to collapse
When you get 198 on your phone then you'll be able to back your TA. If you get stuck give us a shout.

XperienceD said:
Sure. You don't really need to learn about those stuff but is handy to know, you'll pick stuff up along the way. They are basically firmware files.
Open the flashtool and run Xperifirm (icon with XI) on it, then browse to the XC, then click on F5321 and it will load up the different regions and available firmware. If you click on "check all" it will then show which FW is available to download, Central Europe 5 still shows as 198, so you need to select it on the right of the screen under the picture of the phone, it will then download and it's simply a matter of following the instructions to flash it.
When you get 198 on your phone then you'll be able to back your TA. If you get stuck give us a shout.
Click to expand...
Click to collapse
Thank you, i was able to successfully backup my TA earlier yesterday. But now im struggling with how to restore it in MM 6.0.1 (34.1.A.1.198).
I've read that i'll need a custom kernel for that (and to get TWRP+supersu+magisk+xposed) but im unsure if i should use Genesis (probably unsuported but the only one that says it'll restore MY TA) or Advanced Stock Kernel from Androplus. Ive read that messing with TA can hardbrick my phone so im trying to be extra careful.
atm im following ondrejvaroscak's quickrecap to make sure everything goes smooth with my TA keys and then i plan to downgrade to 6.0, install Advanced Stock Kernel, supersu 2.79 and magisk and then pray for the best (without reflashing my own DK.ftf?)

fredsky2 said:
Thank you, i was able to successfully backup my TA earlier yesterday. But now im struggling with how to restore it in MM 6.0.1 (34.1.A.1.198).
Click to expand...
Click to collapse
Download Flashtool 9.22.3 and flash your DK.ftf, flashing with a newer version doesn't work, you should then be able to verify it's worked in the service menu.
fredsky2 said:
I've read that i'll need a custom kernel for that (and to get TWRP+supersu+magisk+xposed) but im unsure if i should use Genesis (probably unsuported but the only one that says it'll restore MY TA) or Advanced Stock Kernel from Androplus. Ive read that messing with TA can hardbrick my phone so im trying to be extra careful.
Click to expand...
Click to collapse
You can use the RootKernel tool to modify your own kernel, extract the kernel.sin from the ftf with a zip program, then use the flashtool to extract the kernel.elf, Tools-Sin Editor-Extract Data then run it through the RootKernel tool and flash the boot.img it creates, then flash TWRP separately to the recovery partition which will allow you then to flash SuperSU.
SuperSU and BusyBox are the only options I didn't include when creating my kernel. Others will have to help with the other two things you want as I refuse to use them.

XperienceD said:
Download Flashtool 9.22.3 and flash your DK.ftf, flashing with a newer version doesn't work, you should then be able to verify it's worked in the service menu.
You can use the RootKernel tool to modify your own kernel, extract the kernel.sin from the ftf with a zip program, then use the flashtool to extract the kernel.elf, Tools-Sin Editor-Extract Data then run it through the RootKernel tool and flash the boot.img it creates, then flash TWRP separately to the recovery partition which will allow you then to flash SuperSU.
SuperSU and BusyBox are the only options I didn't include when creating my kernel. Others will have to help with the other two things you want as I refuse to use them.
Click to expand...
Click to collapse
Thanks again. I was worried that the drm-fix from the kernel editing tool could corrupt my TA partition but thankfully i was wrong on that .
Im now at MM 6.0, original DRM keys, TWRP, xposed, rooted with magisk and im almost sure that with busybox. Why do you refuse to use them? Just curious!
Thanks a lot for your help, cheers

fredsky2 said:
Thanks again. I was worried that the drm-fix from the kernel editing tool could corrupt my TA partition but thankfully i was wrong on that .
Click to expand...
Click to collapse
I flashed a kernel I made with the Rootkernel tool without the drm fix but it showed some mumbo jumbo where it should say ok and provisioned, included the drm fix in the next one and it worked fine then.
fredsky2 said:
Im now at MM 6.0, original DRM keys, TWRP, xposed, rooted with magisk and im almost sure that with busybox. Why do you refuse to use them? Just curious!
Thanks a lot for your help, cheers
Click to expand...
Click to collapse
You're welcome. I refuse because I prefer to know how to mod apks directly and I found Xposed to be quite buggy. I can see the benefits, it's just not for me.