UPDATE 1-APRIL-2017
I am updating repository for stock modified kernels+twrp3.02 installed for 32.3.A.2.33
https://mega.nz/#F!7VwRCaLQ!GNKLGiggp_TebbBRO1QSug
32.3.A.2.33 for all variants (E6833 E6853 E6883) + twrp Installed
I have used following configuration
Code:
- Unpacking initramfs
- Detected platform: 64-bit
- Detected Android version: 7.0
- dm-verity is enabled. Disable? (Say yes if you modify /system) [Y/n] Y
Disabling dm-verity
- Sony RIC is enabled. Disable? [Y/n] Y
Disabling Sony RIC
- Install TWRP recovery? [Y/n] Y
Installing TWRP
Compressing TWRP image
- Found superuser.zip. Install? [Y/n] N
- Install DRM fix? [Y/n] Y
- Install busybox? [Y/n] N
- Creating new initramfs
- Creating boot image
- Cleaning up
-----------------------------------------------------------------------------------------------
I have been asked to SIMPLY state down Root method for
- Xperia z5p on 32.3.A.0.376 Android N- all three variants (E6833 E6853 E6883)
- Xperia z5p on 32.3.A.0.378 Android N - E6853 ( NOBA) (EU)
Prerequisites
1. you are running 32.3.A.0.376 and usb debugging from developer options is ON. IF YOU DON"T KNOW HOW TO ENABLE USB DEBUGGING then THIS POST IS NOT FOR YOU. PLEASE READ POSTS (referenced below) TO UNDERSTAND FLASHING TECHNIQUES
2 unlocked boot loader
3. if DRM KEYS / TA.img you have manage to extract some how then read below post having details to restore
Reference
all kernels are modified using kit by @tobias.waldvogel , 5.21 / 5.22 and E6883 by 5.23
https://forum.xda-developers.com/xp...oot-automatic-repack-stock-kernel-dm-t3301605
https://forum.xda-developers.com/z5...ting-xperia-z5-z5p-variants-drm-keys-t3437902
METHOD
please download
1. 32.3.A.0.376_E68XX.img of your variant
2. superuser-r259 (put it in sdcard)
2a. phh_SuperUser_v1.0.3.3.apk (put it in sdcard)
3. if you want to use SUPERSU then skip 2 and 2a then download UPDATE-SuperSU-v2.79-20161211114519.zip and put it in sdcard
4. flash the KERNEL , reboot into recovery
5 flash superuser-r259 OR superSU
5a. reboot mobile and and install superuser.apk
6. if you had flashed superSU then skip "5a"
repository https://mega.nz/#F!3FYhTbSC!9MraM-zYNRNMPzmTkSSs9g
MAKE /SYSTEM WRITABLE
in order to remove system apps and install ADAWAY
from playstore
1. install busybox, open, grant it root access, INSTALL
2. install terminal for android, open and
type these lines and enter one by one in terminal
Code:
Code:
su
mount -o rw,remount /system
DONE
Code:
- dm-verity is enabled. Disable? (Say yes if you modify /system) [Y/n] Y
- Sony RIC is enabled. Disable? [Y/n] Y
- Install TWRP recovery? [Y/n] Y
- Install kcal kernel module? [Y/n] N
- Install DRM fix? [Y/n] Y
- Install busybox? [Y/n] N
thanking members for providing kernels @ytheekshana @luongvancanh , @ayhanornek , @atif_afzal , @ayhanornek
Thank you, it was simpler.
thanks great work. keep this
Great
Thank you for your instructions!
I have some questions in order to make clear some issues:
1) I am at 32.2.A.0.253 rooted by your method in the other post. Should I update to Nougat first and then do this process?
2) What about the DRM keys? Were they lost? Were they "imaged"? Will they be lost now with this process?
konstantinos3 said:
Thank you for your instructions!
I have some questions in order to make clear some issues:
1) I am at 32.2.A.0.253 rooted by your method in the other post. Should I update to Nougat first and then do this process?
2) What about the DRM keys? Were they lost? Were they "imaged"? Will they be lost now with this process?
Click to expand...
Click to collapse
sir
you are on oct2016 version of MM, .305 came in december16, .372 in jan17 and now inf feb .376 is the latest one.
1. YES you MUST upgrade to 32.3.A.0.376 to do the process explained above. (i.e. if you want to upgrade)
2. I am assuming that your BOOTLOADER is LOCKED and you NEVER send your imei keys to SONY asking for BOOTUNLOCKER code.
if yes then
- your DRM KEYS are intact. and you cannot ROOT it and the process above is NOT for you.
- in order to have root access, you must first research and find tools such as dirty cow script in order to EXTRACT drm KEYS -- OR downgrade to android 5.1.1 (Dec 2015 stockrom of Z5x) and use Ivory ROOT or KINGROOT to gain root access and EXTRACT DRMKEYS.
- at this point if you simply unlock your bootloader, your DRM KEYS and TA img will be wiped.
YasuHamed said:
sir
you are on oct2016 version of MM, .305 came in december16, .372 in jan17 and now inf feb .376 is the latest one.
1. YES you MUST upgrade to 32.3.A.0.376 to do the process explained above. (i.e. if you want to upgrade)
2. I am assuming that your BOOTLOADER is LOCKED and you NEVER send your imei keys to SONY asking for BOOTUNLOCKER code.
if yes then
- your DRM KEYS are intact. and you cannot ROOT it and the process above is NOT for you.
- in order to have root access, you must first research and find tools such as dirty cow script in order to EXTRACT drm KEYS -- OR downgrade to android 5.1.1 (Dec 2015 stockrom of Z5x) and use Ivory ROOT or KINGROOT to gain root access and EXTRACT DRMKEYS.
- at this point if you simply unlock your bootloader, your DRM KEYS and TA img will be wiped.
Click to expand...
Click to collapse
Thank you for your immediate answer.
In my post above, I wrote that I have my device rooted following your initial method, in which unlocking the bootloader is necessary, so my BL is certainly unlocked.
After rooting, I hadn't restored DRM keys, because the kernel has simulation.
So the question remains: what shall I do now about the DRM keys during this process?
Thank you very much in advance
konstantinos3 said:
Thank you for your immediate answer.
In my post above, I wrote that I have my device rooted following your initial method, in which unlocking the bootloader is necessary, so my BL is certainly unlocked.
After rooting, I hadn't restored DRM keys, because the kernel has simulation.
So the question remains: what shall I do now about the DRM keys during this process?
Thank you very much in advance
Click to expand...
Click to collapse
Sir
i am sorry i overlooked the part you mentioning your Root / UB status.
the answer is NO its not necessary! since the modified kernels have DRM FIX, it should work just fine.
please upgrade to .376 and flash your kernel, install superuser or superSU.
later to give /system RW access, please follow the codes to be run in TERMINAL for ANDROID app.
YasuHamed said:
I have been asked to SIMPLY state down Root method for
- Xperia z5p update on 32.3.A.0.376 Android N
I have patched kernels and all three variants (e6833 e6853 e6883)
Prerequisites
1. you are running 32.3.A.0.376 and usb debugging from developer options is ON. IF YOU DON"T KNOW HOW TO ENABLE USB DEBUGGING then THIS POST IS NOT FOR YOU. PLEASE READ POSTS (referenced below) TO UNDERSTAND FLASHING TECHNIQUES
2 unlocked boot loader
3. if DRM KEYS / TA.img you have manage to extract some how then read below post having details to restore
Reference
all kernels are modified using kit by @tobias.waldvogel , 5.21 / 5.22 and E6883 by 5.23
https://forum.xda-developers.com/xp...oot-automatic-repack-stock-kernel-dm-t3301605
https://forum.xda-developers.com/z5...ting-xperia-z5-z5p-variants-drm-keys-t3437902
METHOD
please download
1. 32.3.A.0.376_E68XX.img of your variant
2. superuser-r259 (put it in sdcard)
2a. phh_SuperUser_v1.0.3.3.apk (put it in sdcard)
3. if you want to use SUPERSU then skip 2 and 2a then download UPDATE-SuperSU-v2.79-20161211114519.zip and put it in sdcard
4. flash the KERNEL , reboot into recovery
5 flash superuser-r259 OR superSU
5a. reboot mobile and and install superuser.apk
6. if you had flashed superSU then skip "5a"
repository https://mega.nz/#F!3FYhTbSC!9MraM-zYNRNMPzmTkSSs9g
MAKE /SYSTEM WRITABLE
in order to remove system apps and install ADAWAY
from playstore
1. install busybox, open, grant it root access, INSTALL
2. install terminal for android, open and
type these lines and enter one by one in terminal
Code:
Code:
su
mount -o rw,remount /system
DONE
thanking members for providing kernels @ytheekshana @luongvancanh , @ayhanornek , @atif_afzal , @ayhanornek
Click to expand...
Click to collapse
Thanks for your help.
I have just flash 32.3.A.0.376_E6883.img, ok.
But It cannot into recovery mode (I press power+vol down button when restart phone)
I don't kown the file 32.3.A.0.376_E6883.img included recovery or not yet!
Please help me: Do I need flash recovery files? And where link can I download recovery files?
Thanks for next help.
You need to install drmky after you are root.
luongvancanh said:
Thanks for your help.
I have just flash 32.3.A.0.376_E6883.img, ok.
But It cannot into recovery mode (I press power+vol down button when restart phone)
I don't kown the file 32.3.A.0.376_E6883.img included recovery or not yet!
Please help me: Do I need flash recovery files? And where link can I download recovery files?
Thanks for next help.
Click to expand...
Click to collapse
just press power button,
on sony logo, press volume up / down and as LED turns AMBER, you will be taken to twrp
YasuHamed said:
I have been asked to SIMPLY state down Root method for
- Xperia z5p update on 32.3.A.0.376 Android N
I have patched kernels and all three variants (e6833 e6853 e6883)
Prerequisites
1. you are running 32.3.A.0.376 and usb debugging from developer options is ON. IF YOU DON"T KNOW HOW TO ENABLE USB DEBUGGING then THIS POST IS NOT FOR YOU. PLEASE READ POSTS (referenced below) TO UNDERSTAND FLASHING TECHNIQUES
2 unlocked boot loader
3. if DRM KEYS / TA.img you have manage to extract some how then read below post having details to restore
Reference
all kernels are modified using kit by @tobias.waldvogel , 5.21 / 5.22 and E6883 by 5.23
https://forum.xda-developers.com/xp...oot-automatic-repack-stock-kernel-dm-t3301605
https://forum.xda-developers.com/z5...ting-xperia-z5-z5p-variants-drm-keys-t3437902
METHOD
please download
1. 32.3.A.0.376_E68XX.img of your variant
2. superuser-r259 (put it in sdcard)
2a. phh_SuperUser_v1.0.3.3.apk (put it in sdcard)
3. if you want to use SUPERSU then skip 2 and 2a then download UPDATE-SuperSU-v2.79-20161211114519.zip and put it in sdcard
4. flash the KERNEL , reboot into recovery
5 flash superuser-r259 OR superSU
5a. reboot mobile and and install superuser.apk
6. if you had flashed superSU then skip "5a"
repository https://mega.nz/#F!3FYhTbSC!9MraM-zYNRNMPzmTkSSs9g
MAKE /SYSTEM WRITABLE
in order to remove system apps and install ADAWAY
from playstore
1. install busybox, open, grant it root access, INSTALL
2. install terminal for android, open and
type these lines and enter one by one in terminal
Code:
DONE
thanking members for providing kernels @[email protected] , @ayhanornek , @atif_afzal , @ayhanornek
Click to expand...
Click to collapse
You might want to replace phh superuser with Magisk, I think it's been deprecated (at least topjohnwu's fork has been merged directly into Magisk)
exvargos said:
You might want to replace phh superuser with Magisk, I think it's been deprecated (at least topjohnwu's fork has been merged directly into Magisk)
Click to expand...
Click to collapse
I will try and let you know, so far the superuser support was only given because superSU having problems with battery drainage and reading sdcard in some cases
Thank you,
I work, does anyone know where the terminal on busybox?
Can u suggest me which busybox to instal? So many busybox on playstore..
kendork said:
Thank you,
I work, does anyone know where the terminal on busybox?
Click to expand...
Click to collapse
Terminal is another apk.. Not on busybox..
YasuHamed said:
just press power button,
on sony logo, press volume up / down and as LED turns AMBER, you will be taken to twrp[/QUOTE
Thank for YasuHamed, press volume up will be taken to twrp. We can not use volume down.
Click to expand...
Click to collapse
luongvancanh said:
YasuHamed said:
just press power button,
on sony logo, press volume up / down and as LED turns AMBER, you will be taken to twrp[/QUOTE
Thank for YasuHamed, press volume up will be taken to twrp. We can not use volume down.
Click to expand...
Click to collapse
i will keep that in mind
thank you
Click to expand...
Click to collapse
kendork said:
Thank you,
I work, does anyone know where the terminal on busybox?
Click to expand...
Click to collapse
https://play.google.com/store/apps/details?id=stericson.busybox
here terminal. https://play.google.com/store/apps/details?id=jackpal.androidterm&hl=tr
This program should come to the device originally because android linux already, but unfortunately they do not install.
Related
By almost popular demand, making this a thread
This is a how-to root, install recovery, backup drm keys, etc. from scratch in a single thread since finding all threads can be daunting. That's basically all the things you generally want to do when you root the phone (WITHOUT UNLOCKING THE BOOTLOADER).
TL;DR - overview
If you know what you're doing, you really just need to read this part of the post. If you're unsure, read the step-by-step instead.
If you're running Android 6.0.1 MM with firmware .291 (and probably any other future firmware), want to root without unlocking the bootloader more quickly than the method below refer to this post: http://forum.xda-developers.com/z3-compact/general/recovery-root-mm-575-lb-t3418714 (get all 3 zips, rename the kernel zips to .ftf, flash kernel575.ftf with flashtool - reboot - enable dev mode, run bat script - reboot in recovery and flash supersu.zip - flash kernel291.ftf, reboot, done (for future versions you'll want to only flash the kernel from sony's ftf after rooting)
Downgrade the firmware, as the root exploit only works with older firmware such as 23.0.A.2.93.
Run the root exploit to get root
Backup the DRM keys
Upgrade the firmware to the latest version, while retaining root access (or by using a pre-rooted images that nice people made)
In the process, we'll install DualRecovery and SuperSu (having the custom recovery is what allows you to keep root as it let you flash a modified image that has SuperSU on it)
See the FAQ at the bottom in case you need additional help, about mounting /system read-write, fixing the sdcard issues, etc. These are not directly related to the rooting process, but you most likely want to perform these tasks anyway.
Step by step instructions
Read instructions carefully, there's many steps, making this slightly complex.
Ensure you backed up everything you need (files/apps/pictures/etc) first, these will be lost! - YOUR PHONE WILL BE WIPED.
-- FW DOWNGRADE AND INSTALL WITH FLASHTOOL --
Downgrade fw to 23.0.A.2.93 (Device D5803) or anything prior to 23.0.1.A.5.77 (december fw)
Global:https://mega.nz/#F!wdEG3aiD!Ej2S4hcMKGPgnmGudvAegg (look for 23.0.A.2.93) (or see http://forum.xda-developers.com/showpost.php?p=66275977&postcount=2030 for more links if this one no longer works)
Get and install Flashtool at http://www.flashtool.net/index.php
Move the fw into the C:/Flashtool/firmwares directory
Open Flashtool, click on the lightning symbol ("flash device"), select "Flashmode" and click on "OK"
Just select the name of the fw you downloaded and click on "Flash"
Wait for a window to pop up (it may take a few minutes, be patient)
Now everything is ready: turn off your phone
Push the volume DOWN button, connect the USB cable to your PC while still pushing the volume DOWN button
Once the flashing process has started, release the volume button
) Do not disconnect the USB cable, wait until flash completes (flashtool will indicate when you can unplug).
-- ROOTING W/ EXPLOIT --
Enable USB debugging on the phone (Settings => About phone => Click 7 times on Android Build to unlock developer options)
Allow mock locations (Settings => Developer Settings)
Ensure you have adb drivers installed (http://support.sonymobile.com/gb/tools/pc-companion/ don't use it to update
Download rooting tool (http://forum.xda-developers.com/devdb/project/dl/?id=10766&task=get) or latest from http://forum.xda-developers.com/crossdevice-dev/sony/giefroot-rooting-tool-cve-2014-4322-t3011598)
Unzip the rooting tool
Connect phone to your computer
Put phone in airplane mode
Run install.bat from the rooting tool (allow USB debugging when asked on the phone every time, also allow root prompt) and follow instructions from the tool
You should be rooted now, if you get an error "Device not rooted" trying running the tool once more
-- Backup DRM keys/TA Partition --
Get backup ta tool from https://github.com/DevShaft/Backup-TA/releases
Unzip it!
Ensure phone is still connected (or reconnect it)
Run Backup-TA.bat
Read the information and follow the instructions given by the tool.
-- Install latest firwmare with root, DRM keys, recovery --
Alternative 1: pre-made pre-rooted image (for fast internet, slow pc
Get a pre-rooted image:
For KitKat - fw 23.0.1.A.5.77 (android 4.4. dec 2014) at http://forum.xda-developers.com/z3-...ist-pre-rooted-firmwares-6-oct-2015-t32188206 then skip directly to step 33.
Or, for Lollipop - fw 23.1.A.0.690 (Android 5.0 March 2015) at http://forum.xda-developers.com/z3-compact/development/list-pre-rooted-firmwares-6-oct-2015-t3218820 then skip directly to step 33.
Or, for Marshmallow - fw 23.5.A.1.291 (Android 6.0 June 2016) at https://mega.nz/#!0JUA2DzR!5-5Tz1BRr3gkvrt_loqHzePsgfSeGKCD07xhQzugl4w or http://forum.xda-developers.com/z3-compact/development/list-pre-rooted-firmwares-6-oct-2015-t3218820 then skip directly to step 33.
Alternative 2, for newer fw for example - build your own pre-rooted image (fast pc, slower internet:
Get PRFC from http://forum.xda-developers.com/crossdevice-dev/sony/tool-prfcreator-easily-create-pre-t2859904
Get latest fw from http://forum.xda-developers.com/z3-compact/general/list-stock-firmwares-d5803-d5833-t2906706
Get latest SuperSU zip http://download.chainfire.eu/supersu
Get DualRecovery zip (the flashable zip, not the installer one) from http://nut.xperia-files.com/ you want Z3C-lockeddualrecoveryX.Y.Z-RELEASE.flashable.zip
Start PRFC and add the 3 zip (FTF file is the fw, SuperSU and Recovery)
Click "create" - this will take a while
Copy resulting "pre-rooted" fw to /sdcard0 on your phone (it means copy flashable.zip from the PRFC directory to the "internal storage" directory of the phone)
Get Dual Recovery installer this time, from http://nut.xperia-files.com/ you want Z3C-lockeddualrecoveryX.Y.Z-RELEASE.installer.zip notice how thats 'installer' this time, not the same file as in 30!
Unzip it
start install.bat and follow instructions (hit 1 (allow adb/root on the phone as needed)
You should be in recovery automatically now. (if not, reboot and when the LED change colors push volume UP repeatedly)
Flash the pre-rooted fw (flashable.zip) from the recovery (touch "install zip", select /storage/sdcard1/flashable.zip then confirm install) on the phone, then power off the phone (DO NOT REBOOT)
To power off, go into the "power options" and hit "power off" (dont do "reboot in flashmode" DO power off)
Unplug USB (yes this is required, DO IT)
Open Flashtool and select the non-pre-rooted fw (this is 23.5.A.1.291 for example), but DESELECT system: in "EXCLUDE" make sure you check the checkbox next to "SYSTEM", flash it.
press volume DOWN and plug USB cable while keeping volume DOWN pressed, when flashing starts, stop pressing the volume button
After flash is done and when flashtool tells you to, remove USB cable and start the phone
Congrats and enjoy, you made it to the end! you now have latest + recovery + root and backups of your DRM keys! (and of course all DRM functions enabled)
FAQ
- Some root apps don't work, because /system can't be remounted rw, what's up with that?
Sony has a special in kernel protection that disallow remounting /system read-write, even for root. Flash this in recovery (copy it to the sdcard and reboot in recovery with volume UP pressed, then install it): https://github.com/dosomder/SonyRICDefeat/raw/master/RICDefeat.zip
- I unlocked my boot loader, or lost my DRM keys some other way AFTER backing up as per above procedure. How to restore?
plug USB back in
re-enable usb debugging on the phone (Settings => About phone => Click 7 times on Android Build to unlock developer options)
Start backup TA again but this time hit restore
- I messed somewhere, phone doesn't boot or work properly, what to do!
unplug USB
if phone is on, long press the power button+volume UP until the phone turns off
go back to step 1 of the how to, follow the how to! Mainly - the howto makes you setup flashtool again, then boot the phone in flash mode with volume key and plugging in the USB cable.
- I forgot to backup DRM keys (backup ta program) but I never unlocked the bootloader, is it bad?
nope you're fine, just back them up now
- I really lost my DRM keys, can I recover them?
No you can't. But you can recover the features by using some modified software. Look for "DRM Fix" for example here.
- I don't want to wipe my phone!
Uncheck "data" before downgrading and then before upgrading in flashtool. You will get some errors when downgrading, which will go away when you revert back to .77 at the end of the process
This is at your own risk, data still risk being deleted if something goes wrong
Depending on the apps, etc. you have, there is a chance that some app would not work properly at the end of the process without a full wipe. If that's the case, you might need to go in settings>applications and "delete data" for that app.
- Some apps can't write to the sdcard!
install/run this https://play.google.com/store/apps/details?id=nextapp.sdfix&hl=en
- I don't have SuperSu on marshmallow+ ?!
It just didnt install properly into /system. That's ok. Just install it from the play store - you do have the su binary installed in /system so this will work
- Does this work on my SO-02G (Xperia Z3C Docomo NTT version) ?
@pngoc256 tested and yes, it works
- Does this work with lollipop (Android 5.0)?
- Does this work with Marshmallow (Android 6.0)?
- Will this work with Nougat (Android 7.0)?
- Will this always work?! (yes probably)
Yes.
If when doing the final reboot its stuck on the loading screen the first time, reboot again a last additional time with power + volume UP.
People who did the hard work/references thanks to them:
@istux (fw list, flashtool how to http://forum.xda-developers.com/z3-compact/general/list-stock-firmwares-d5803-d5833-t2906706)
@xzx0O0 (root exploit: http://forum.xda-developers.com/crossdevice-dev/sony/giefroot-rooting-tool-cve-2014-4322-t3011598)
@DevShaft (backup ta http://forum.xda-developers.com/showthread.php?t=2292598)
@serajr (install .77 fw http://forum.xda-developers.com/showpost.php?p=58395100&postcount=71)
dosomder (kmod for sony's RIC) https://github.com/dosomder/SonyRICDefeat
Everything worked. Thanks a ton!
Thanks for the detailed explanation with links, very thorough and helpful.
MODS PLEASE STICKY THIS THREAD, might just be the most important thread in the Z3 Compact forum.
If you're having trouble with step 34 opening a command prompt in the files folder, try pressing shift and right click on or in the "files" folder, you should see "Open command window here"
Unrelated: what's the purpose of steps 40-43 (reflashing non pre-rooted FW)?
Thanks for this manual, managed to get it work. Although if I start xposed, I get the error it can't mount the system partition. Titanium Backup works perfect. It seems the system partition is read only still? Any solution very welcome. Once again many thanks to the hard working people behind this exploit
wowz, it's finally here!!!
madlive said:
Thanks for this manual, managed to get it work. Although if I start xposed, I get the error it can't mount the system partition. Titanium Backup works perfect. It seems the system partition is read only still? Any solution very welcome. Once again many thanks to the hard working people behind this exploit
Click to expand...
Click to collapse
Follow this: http://forum.xda-developers.com/showpost.php?p=58400277&postcount=228
This is why I love this community, thanks mate, that completely fixed it
adamk7 said:
If you're having trouble with step 34 opening a command prompt in the files folder, try pressing shift and right click on or in the "files" folder, you should see "Open command window here"
Unrelated: what's the purpose of steps 40-43 (reflashing non pre-rooted FW)?
Click to expand...
Click to collapse
its here in case you need to restore DRM keys. for example if you unlocked your boot loader, or messed up something somewhere.
madlive said:
Thanks for this manual, managed to get it work. Although if I start xposed, I get the error it can't mount the system partition. Titanium Backup works perfect. It seems the system partition is read only still? Any solution very welcome. Once again many thanks to the hard working people behind this exploit
Click to expand...
Click to collapse
Fastest i found is to flash https://github.com/dosomder/SonyRICDefeat (the zip in there). its an extra protection on the sony kernel that makes /system non-remountable r/w, this module takes care of it. above post method would also work.
Hello,
Thanks a lot for this thread, but you made a typo in the step 37, in the command to remount /system: "mount -o remount,rw /system" instead of "mount -oremount,rw /system".
Had I known you were going to post such detailed instructions, I would have waited and saved tons of time!
Very helpful indeed, kudos for your work
steps 40-43
adamk7 said:
If you're having trouble with step 34 opening a command prompt in the files folder, try pressing shift and right click on or in the "files" folder, you should see "Open command window here"
Unrelated: what's the purpose of steps 40-43 (reflashing non pre-rooted FW)?
Click to expand...
Click to collapse
I think you are not suppose to open your phone until you flash the prerooted firmware since it says to turn off and not reboot. I dont know the purpose but still gonna follow.
---------- Post added at 04:58 AM ---------- Previous post was at 04:56 AM ----------
I just want to ask if its ok to flash a non-prerooted firmware that was not based on, or was not used to make the prerooted firmware that i will flash earlier in the step?
Any tips on backing up data before flashing .93?
bilboa1 said:
its here in case you need to restore DRM keys. for example if you unlocked your boot loader, or messed up something somewhere.
Fastest i found is to flash https://github.com/dosomder/SonyRICDefeat (the zip in there). its an extra protection on the sony kernel that makes /system non-remountable r/w, this module takes care of it. above post method would also work.
Click to expand...
Click to collapse
I flashed the zip in the recovery, but I still can't unintall the apps! I'm sure I have root because greenify and xposed works.
Since i have dual recovery now on my z3 compact, can i flash any zip including CM12 without unlocking the bootloader? I already backed up TA but still wondering?
I had a error when trying to flash CM12 without flashing the CM' boot.img (which asks to unlock the bootloader) because the phone codename is "aries" on Sony stock roms and CM12 want the codename "z3c". Flashing the boot.img contained in CM12 nightlies fixed the problem.
I have solve problem! Just need it to update the dual recovery by Nut with the 2.8.1 Now I can uninstall the system app (Finally)..
Thanks but TA
I make a TA backup in 23.0.A.1.93 in root.
And I changed the kernel to 23.0.A.5.77 with the root using PRFCreater.
and I unlocked my bootloader
and after that I need to re-lock the bootloader cause i need to go sony service center
i tryed the TA backup tool's restore option, but it saids that there is no TA-backup*.zip files
what should i do
reloadxero said:
Since i have dual recovery now on my z3 compact, can i flash any zip including CM12 without unlocking the bootloader? I already backed up TA but still wondering?
Click to expand...
Click to collapse
Any custom rom needs an unlocked bootloader.
Any custom kernel needs an unlocked bootloader.
Without unlocking, you can only install roms based on stock firmware with a stock kernel.
dshstudio said:
I make a TA backup in 23.0.A.1.93 in root.
And I changed the kernel to 23.0.A.5.77 with the root using PRFCreater.
and I unlocked my bootloader
and after that I need to re-lock the bootloader cause i need to go sony service center
i tryed the TA backup tool's restore option, but it saids that there is no TA-backup*.zip files
what should i do
Click to expand...
Click to collapse
Restoring the TA backup automatically relocks your bootloader.
Inside the folder where TA-backup.exe is located, you should find a sub-folder named "backup": do you see nothing within that?
Thank you so much for this thread, really easy this way. Only problem I had was in the last step when flashing version .98, which gave me a non-working wifi. Once reflashed with .77 this was resolved.
Stock lollipop and root for your device. Flash recovery and install xposed framework. Follow the instructions:
1) Backup your apps and settings
2) Make a nandroid backup
3) Download stock ftf file of Sony Xperia Z3 Tablet Compact WiFi SGP611 16GB from here: https://mega.co.nz/#!ZwoyjQbD!8J5LVBi8tH4gIv0RW503UjBYMISy9hKynL752x1W2ug
4) Create a prerooted firmware with the PRFcreator tool from this page http://forum.xda-developers.com/cro...fcreator-easily-create-pre-t2859904?nocache=1
5) Make a factory reset and flash the prerooted firmware via recovery
6) Flash XZDual Recovery from this page (version 2.8.10) http://forum.xda-developers.com/z3-tablet-compact/development/tabz3c-xzdualrecovery-qa-t3014211
7) Now from your recovery flash the zip xposed arm http://forum.xda-developers.com/showthread.php?t=3034811
8) Install xposed installer apk and done
Thanks @[NUT] , @zxz0O0 , @rovo89
Thank you worked great!
Thanks mate, I have been meaning to go back to stock to use Sky Go again.
Just flashed this via flashtool, and now I have lollipop, and I am using Sky Go again
Nice one!
Link not working
Link works for me, you have to make sure you don't take out the space in the link.
Thanks. I made prerooted zip with PRFCreator. Works like a charm.
by flashing, does it wipe the data? i.e. apps and music
Why do you first have to install a stock ftf? Why not install prerooted right away.
Update : I did not read properly. so it seems one time flashing is the case .
Sent from my SGP611 using Tapatalk
[email protected] said:
by flashing, does it wipe the data? i.e. apps and music
Click to expand...
Click to collapse
No, if You uncheck wiping in Flashtool of course.
So, just so I understand, I will end up with a Sony Z3 Compact Tablet with 5.02 LP, rooted, but with no access to recovery?
That explains my confusion then - I kept getting recovery partition errors in Flashify.
Does it require unlocked bootloader?
vonski said:
Does it require unlocked bootloader?
Click to expand...
Click to collapse
No.
BTW. To OP - please add link to RICDefeat from SGP621 thread (mounting /system r/w).
Please help me understand:
- PRFcreator will create a flashable.zip.
- the flashable.zip is a .zip and not a signed .tft; one must flash through recovery, not flashtool.
this is where I get really lost:
- In order to install any recovery (TWRP, Clock, etc), the device must be unlocked,since you cannot install recovery on locked Xperia devices (right?).
- The only way to unlock the device is to request the unlock code from Sony which voids the DRM keys, etc.
Please help me figure this out, since I want to root my SGP611, but I don't want to lose my DRM keys.
Hobbes2099 said:
Please help me understand:
- PRFcreator will create a flashable.zip.
- the flashable.zip is a .zip and not a signed .tft; one must flash through recovery, not flashtool.
this is where I get really lost:
- In order to install any recovery (TWRP, Clock, etc), the device must be unlocked,since you cannot install recovery on locked Xperia devices (right?).
- The only way to unlock the device is to request the unlock code from Sony which voids the DRM keys, etc.
Please help me figure this out, since I want to root my SGP611, but I don't want to lose my DRM keys.
Click to expand...
Click to collapse
You may want to root your device first and backup your DRM keys with giefroot and BackupTA.
http://forum.xda-developers.com/z3-...t-rooting-sgp611-giefroot-bootloader-t3017314
Thanks for your reply. Just to clarify; I will generate a .zip file with PFRCreator that can only be flashed in recovery, correct?
Forgive the noobness: can I flash a .zip file with Flashtool?
Before i had the 4.4.4 running, rooted with the giefroot-method and i also did a ta-backup.
Now i upgraded it using the mentioned way and i do still have root - but now i cant get PS4-Remoteplay to work again.
I get a errorcode which is known to say: You rooted your device and the drm-keys are gone (88001003).
so i restored my 4.4.4 ta-backup again - but it still doesnt work.
Also the proprietary Sony-Updateprog for their pre-installed xperia software is gone.
any ideas how to fix this ?
You created the backup BEFORE opening the bootloader?
Have restored the backup after getting root on the stock firmware?
You must enter the special menu contact ( *#*#7378423#*#* , service tests, security ) , all keys should be ok
I read that some have had this error (withremote play) simply by having SuperSU or superuser installed
Edit: I tried to uninstall SuperSU from the app itself (option cleaning to reinstall after from google play) and now to open remote play does not give the error 88001003. Apparently sony detects if you have the app installed
busybox
I had the stock kitkat rom, which I rooted prior to installing a prerooted lollipop rom.
I still have root access, but I do not have busybox installed and can't seem to install it.
I get the same error message using "busybox installer" and using Stephen (Stericson's) Busybox.
Any suggestions?
You may have forgotten to install ricdefeat (download SGP621-RICDefeat.zip , unzip, run install.bat)
system r/w?
kvi said:
You created the backup BEFORE opening the bootloader?
Have restored the backup after getting root on the stock firmware?
Click to expand...
Click to collapse
yes
kvi said:
Edit: I tried to uninstall SuperSU from the app itself (option cleaning to reinstall after from google play) and now to open remote play does not give the error 88001003. Apparently sony detects if you have the app installed
Click to expand...
Click to collapse
Strange - i'm pretty sure it worked on 4.4.4 while i had superSU installed.
I read here https://talk.sonymobile.com/t5/Xperia-Z3-Z3-Dual/error-88001003-remote-play/td-p/873247
Hello, guys this is my first post but i am quite sure that my methods work.If there any problems then u can surely ask in the section below. This thread will be a GUIDE TO ROOT AND INSTALL CUSTOM RECOVERY FOR MOTO G 1st Gen users.
Some prerequisites are:
1. Motorola drives (https://motorola-global-portal.custhelp.com/app/answers/detail/a_id/88481)
2.Fastboot and recovery files (https://www.dropbox.com/sh/9jf2va51ffg0pzq/AAAxDT-ETf7AESIcHGnfEgv7a?dl=0)
[ Let these files be downloaded and kept in Cdrive of ur pc and and place them on the desktop.. Please name this folder MOTO FILES]
3. SuperSu files https://download.chainfire.eu/696/supersu/ and[/url] paste it in ur phones internal memory and please do this after unlocking the bootloader cause bootloader unlocking will delete everything so its better to do it after unlocking bootloader
Download these files and ur done... Now lets continue to the fun part
This process involves three very simple steps :
1. Unlocking the Bootloader:-
This process is infact very easy to do. There are several guides on the internet regarding this process but the one that i suggest is by High On Android/ Max Lee . Follow his method and u can very easily unlock ur bootlader. Copy this url and see it for urself fellow guys...http://highonandroid.com/android-smartphones/how-to-unlock-bootloader-on-motorola-android-smartphone
2. Erasing ur previous recovery and installing a new one and rooting ur phone all in one process
Some users have been reporting that even after installing custom recovery , whenever they go into recovery they enter into stock recovery. The actual problem is that the stock rom of the Moto G rewrites over the new custom recovery installed.
So we have to install the recovery actually twice but it only takes a few minutes
i) Firstly be sure to have lots of juice in your phone
ii) Boot ur phone into the bootloader by power offing ur device and then pressing the volume down and power button together for 10 seconds and then leaving both of them together.
iii) Now connect ur device to ur pc/laptop
iv) Now open a cmd and enter the following commands(press enter after every command)
- cd Desktop
-cd MOTO FILES
-fastboot flash recovery Recovery2.img
-fastboot reboot-bootloader
[MAKE SURE NOT TO REBOOT UR DEVICE ]
v) Now ur phone has custom recovery installed in it and u shud now enter into recovery mode by choosing the option from the bootloader, by pressing volume down and then volume up while in bootloader mode.
vi) This will open the Philz recovery that i have provided with. I prefer the philz recovery over the cwm one. Now go on and install the SuperSu update zip file. And BOOM ur Device is now rooted !!!!.
vii) Now reboot ur phone and u must install
-ROOT CHECKER (to check root)
- and most importantly ROOT EXPLORER
viii) After following step (vii), now if u try to go into recovery, u will be booted to stock recovery. So to prevent that use the ROOT EXPLORER app and go to the root \system\etc and delete the file named install-recovery.sh .
ix) After deleting the file u will once again have to follow step (iv) and install custom recovery this will ensure u having custom recovery even after rebooting ur device and u will have ROOT access as well
On which android version , were you on before rooting . 5.01 or 5.1 .
This method works for both 5.1 and 5.01
Hi am new for this platform I don't know anything about it... Plz help me out my what's up number is 9901146849
Is the first post too heavy for you?!
Follow the steps and be happy.
Gesendet von meinem Moto G mit Tapatalk
Remember: In some marshmallow ROMs (e. g. CM 13 and CyanPop) flashing SuperSU causes some trouble!
Andus1988 said:
Remember: In some marshmallow ROMs (e. g. CM 13 and CyanPop) flashing SuperSU causes some trouble!
Click to expand...
Click to collapse
this method works for all lollipop versions, i dunno much about the marshmallow roms as i havent used them yet :good:
Ajay P said:
Hi am new for this platform I don't know anything about it... Plz help me out my what's up number is 9901146849
Click to expand...
Click to collapse
whats the problem u facing ?
sanilch99 said:
this method works for all lollipop versions, i dunno much about the marshmallow roms as i havent used them yet :good:
Click to expand...
Click to collapse
It could cumber the inbuilt root!
sanilch99 said:
whats the problem u facing ?
Click to expand...
Click to collapse
My phone is not going on twrp mode(custom Recovery) I have followed the steps from YouTube video... I have downloaded all the things which he has mentioned in his description but one of the link (platform tool zip file) is missing, it shows the link is not available.. Plz provide me that file or help me in other way.. I don't want to break my phone.. As am new to this form.. If something lost I can't resolve by myself.. So better to tell me easy way n simple... Thank u in advance
YouTube video(https://youtu.be/dB627nv6-cE)
Ajay P said:
My phone is not going on twrp mode(custom Recovery) I have followed the steps from YouTube video... I have downloaded all the things which he has mentioned in his description but one of the link (platform tool zip file) is missing, it shows the link is not available.. Plz provide me that file or help me in other way.. I don't want to break my phone.. As am new to this form.. If something lost I can't resolve by myself.. So better to tell me easy way n simple... Thank u in advance
YouTube video(https://youtu.be/dB627nv6-cE)
Click to expand...
Click to collapse
if u want to install twrp recovery and u have its file then i will suggest u to use my method that i have given above and instead writing the command
fastboot flash recovery Recovery2.img u can change it to fastboot flash recovery [name of the recovery file, dont forget the .img at the end]. Thats all u have to do. I saw that video prior to installing custom recovery in my phone too and noticed that his link was broken thats how i figured out my method of installing custom recovery. Its very easy. just follow the steps. :good::good::good:
sanilch99 said:
if u want to install twrp recovery and u have its file then i will suggest u to use my method that i have given above and instead writing the command
fastboot flash recovery Recovery2.img u can change it to fastboot flash recovery [name of the recovery file, dont forget the .img at the end]. Thats all u have to do. I saw that video prior to installing custom recovery in my phone too and noticed that his link was broken thats how i figured out my method of installing custom recovery. Its very easy. just follow the steps. :good::good::good:
Click to expand...
Click to collapse
Thank you
thanks man! everything worked but your supersu was missing binary files so I had to download a new version.
Thanks for the tutorial!
notuger said:
thanks man! everything worked but your supersu was missing binary files so I had to download a new version.
Thanks for the tutorial!
Click to expand...
Click to collapse
I will recheck that super su. file and make sure its perfect... Thanks for the response:good:
Once i finished steps all, When i open SuperSU, popup window says, "There is no SU binary installed, and SuperSU cannot install in it. This is the Problem!
If you just upgraded to android 5.0, you need to manually re-root - consult the relevant forums for your device!
Plz help me on this....
if i check with root checker,
Sorry! Root access is not properly installed on this device
Works but could be simplified
Thanks for this useful post. I've just followed the instructions to root my XT1032 Stock Lollipop 5.1, and they work. However, I have a few comments:
[1] I had already installed Motorola Device Manager on my (Windows 7) PC, plus 'Minimal ADB and Fastboot'. This was sufficient – I didn't need to download the files in your prerequisite 2.
[2] You can use any compatible recovery image. I prefer TWRP, so downloaded openrecovery-twrp-2.8.1.0-xt1032.img.
[3] The SuperSu zip file you've linked to is out of date. The current one is version 2.46 (for Lollipop).
[4] After flashing SuperSu it's advisable to wipe the cache and Dalvik cache.
[5] Root Checker showed that BusyBox wasn't installed, so I downloaded Stephen Erickson's BusyBox installer from the Play Store. This is an essential step, as most programs requiring root won't work without BusyBox. Perhaps it could be added to the OP?
[6] You don't need to use Root Explorer – any root-compatible file manager will do. I prefer Total Commander.
[7] Having deleted (or in my case renamed) install-recovery.sh and then rebooted, I didn't need to go back to step iv and reinstall the custom recovery; in my case TWRP was still there. I think your step ix is unnecessary; at least it's worth checking which recovery you have.
I hope these points are useful and not too nit-picking!
issam029 said:
Once i finished steps all, When i open SuperSU, popup window says, "There is no SU binary installed, and SuperSU cannot install in it. This is the Problem!
If you just upgraded to android 5.0, you need to manually re-root - consult the relevant forums for your device!
Plz help me on this....
if i check with root checker,
Sorry! Root access is not properly installed on this device
Click to expand...
Click to collapse
i have edited the previous link and given the new one. You can use this SU file. It will solve ur prob.
pcgardner said:
Thanks for this useful post. I've just followed the instructions to root my XT1032 Stock Lollipop 5.1, and they work. However, I have a few comments:
[1] I had already installed Motorola Device Manager on my (Windows 7) PC, plus 'Minimal ADB and Fastboot'. This was sufficient – I didn't need to download the files in your prerequisite 2.
[2] You can use any compatible recovery image. I prefer TWRP, so downloaded openrecovery-twrp-2.8.1.0-xt1032.img.
[3] The SuperSu zip file you've linked to is out of date. The current one is version 2.46 (for Lollipop).
[4] After flashing SuperSu it's advisable to wipe the cache and Dalvik cache.
[5] Root Checker showed that BusyBox wasn't installed, so I downloaded Stephen Erickson's BusyBox installer from the Play Store. This is an essential step, as most programs requiring root won't work without BusyBox. Perhaps it could be added to the OP?
[6] You don't need to use Root Explorer – any root-compatible file manager will do. I prefer Total Commander.
[7] Having deleted (or in my case renamed) install-recovery.sh and then rebooted, I didn't need to go back to step iv and reinstall the custom recovery; in my case TWRP was still there. I think your step ix is unnecessary; at least it's worth checking which recovery you have.
I hope these points are useful and not too nit-picking!
Click to expand...
Click to collapse
Reinstallation of custom recovery is not must its just for safety precautions and I have finally updated the SuperSu link. As far as Busybox u will have to install it customly only.
issam029 said:
once i finished steps all, when i open supersu, popup window says, "there is no su binary installed, and supersu cannot install in it. This is the problem!
If you just upgraded to android 5.0, you need to manually re-root - consult the relevant forums for your device!
Plz help me on this....
If i check with root checker,
sorry! Root access is not properly installed on this device
Click to expand...
Click to collapse
use the new su files i updated the link
facing problem after unlock bootloader mood for moto g 1st gen
Thanks a lot for your information...:good:
Bro!! I have already unlock bootloader mood.. Before rooting is it necessary to clear all data & app...??
Hi everybody,
None of the following is my own novel work, I just took some time to go through the process step by step and document how to root the Z5 compact while preserving both the DRM keys (in a backup) and the functionality normally lost by unlocking the bootloader (using the DRM credentials patch). This post may serve as a tutorial for people starting to root their Z5 compact for the first time.
The device I tested it with is an E5823 with German firmware (originally shipped with CDA 1298-1220_R1C) that was already updated to build 32.1.A.1.163 (Android 6.0, patch level 2016-02-01) via OTA. For devices with other CDA regions, please adapt accordingly by using the respective firmware files.
1. Backup settings and apps
This will be required for restoring after unlocking the bootloader (which wipes the user data partition). For some reason, including the "-shared" option (i.e. contents of the internal emulated SD card, aka media storage) did not work, so make sure to save any media files (pictures takes with the camera, downloads, etc.) separately, e.g. via MTP.
Use Sony backup to SDcard functionality
adb backup -apk -all -f sony-xperia-z5c-noshared.ab
2. Backup TA partition (DRM keys)
Downgrade to exploitable firmware release (LP). Note that downgrading without wiping will make the phone unstable and may cause an automatic reboot after 1-2 min. Therefore either manually wipe the phone during flashing (ticking the checkbox in Flashtool) or be quick with the second (root/backup TA) step.
Download XperiFirm from http://forum.xda-developers.com/cro...xperifirm-xperia-firmware-downloader-t2834142 (I use it under Linux with mono) - UPDATE: For downloading the .185 MM firmware, I had to update to XperiFirm 4.9.1. For downloading 32.2.A.0.253, I used XperiFirm 5.0.0.
Download firmware build 32.0.A.6.200 for the root exploit based on CVE 2015-1805. I used E5823_StoreFront_1299-6910_32.0.A.6.200_R2B downloaded with XperiFirm 4.8.2 (or newer) on 2016-04-01
Download flashtool from http://www.flashtool.net/index.php, I used flashtool-0.9.20.0-linux.tar.7z (or newer version)
Create FTF file in Flashtool with menu Tools->Bundles->Create
Flash in flashmode (flashing system.sln takes 8-10 minutes, be patient...)
Use temporary root exploit to backup TA partition (http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597)
I used iovyroot_v0.3.zip as of 2016-04-02
Connect USB in ADB mode
adb push "root/iovyroot" "/data/local/tmp/iovyroot"
adb push "root/backup.sh" "/data/local/tmp/backup.sh"
open shell: adb shell
chmod 777 /data/local/tmp/iovyroot
chmod 777 /data/local/tmp/backup.sh
mkdir /data/local/tmp/tabackup
/data/local/tmp/iovyroot /data/local/tmp/backup.sh
exit
adb pull "/data/local/tmp/tabackup/" .
3. Upgrade again to MM and unlock bootloader with official method
Create FTF from E5823_Customized DE_1298-1220_32.1.A.1.163_R1C with Flashtool and flash in flashmode.
Optional: Verify that DRM keys are still OK: In dialer enter "*#*#service#*#*", then "Service tests" --> "Security" and it should look like this:
MARLIN [Key OK] [Active]
WIDEVINE [Key OK] [Active]
CKB [Key OK] [Active]
HUK: <device specific hex representation of key>
PROPID_AID: 004
OTP_LOCK_CONFIG: 0155
OTP_LOCK_STATUS: LOCKED
AUTH_ENABLE: 07
DEVICE_ID: <your device ID>
FIDO_KEYS: Provisioned
Factory Reset Reason: No device reset information found.
Click to expand...
Click to collapse
Allow bootloader unlock in developer settings
Follow steps from http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/ . There is not much to add here, as Sony describes the process well and in sufficient detail. Please note that this WILL WIPE YOUR DATA PARTITION, INCLUDING SHARED FILES. Make sure that you have a backup before executing this step (and best do it before downgrading to LP, because some parts will not work after the downgrade without a wipe, and may make the phone reboot after 1-2 min).
Reboot in fastboot mode: hold volume-up and connect USB cable to turn on
fastboot -i 0x0fce oem unlock <your unlock code>
After unlock: check key status
Blobs: generic error!
HUK: generic error!
PROPID_AID: 004
OTP_LOCK_CONFIG: 0155
OTP_LOCK_STATUS: LOCKED
AUTH_ENABLE: 07
DEVICE_ID: <your device ID>
FIDO_KEYS: Not provisioned, SUNTORY error
Factory Reset Reason: No device reset information found.
Click to expand...
Click to collapse
Optional: Try restoring TA partition (will lock bootloader again if successful!). This can be skipped entirely if you trust the tools used in this tutorial, but I chose to verify that restoring the DRM keys works as expected (not that you can do anything about it at that step if it doesn't work...).
Flash E5823_StoreFront_1299-6910_32.0.A.6.200_R2B again with Flashtool
Enable developer mode, connect USB in ADB mode
adb push "root/iovyroot" "/data/local/tmp/iovyroot"
adb push "root/restore.sh" "/data/local/tmp/restore.sh"
adb push TA-02042016.img "/data/local/tmp/TA.img"
open shell
chmod 777 /data/local/tmp/iovyroot
chmod 777 /data/local/tmp/restore.sh
/data/local/tmp/iovyroot /data/local/tmp/restore.sh
Flash E5823_Customized DE_1298-1220_32.1.A.1.163_R1C again with Flashtool
Check key status --> exactly the same as before, so successfully restored
Unlock again in fastboot mode (will wipe data again...)
fastboot -i 0x0fce oem unlock <your unlock code>
UPDATE: Updating to newer MM releases
After the first version of this post, Sony has already released an updated MM firmware (.253 at the time of this writing). If at any point in time you wish to update to a newer release, start at this point of the tutorial. Theoretically, this should be possible without wiping. However, I would not try it without a backup.
Create a backup, e.g. with adb backup or Sony backup.
Download new firmware with XperiFirm. At the time of this writing, I used "E5823_Customized DE_1298-1220_32.2.A.0.253_R2C", downloaded with XperiFirm 5.0.0.
Create FTF file in Flashtool with menu Tools->Bundles->Create
Flash in flashmode (flashing system.sln takes 8-10 minutes, be patient...)
4. Root MM
This will also give you TWRP recovery (which can be entered by pressing the volume up or down button a few seconds after power-on, as soon as the LED starts to change color).
DEPRECATED Alternative 1: with custom kernel but original system image: http://forum.xda-developers.com/z5-compact/general/root-e5823-marshmallow-t3336346
Download Androplus kernel from https://www.androidfilehost.com/?w=files&flid=52185 (I used v22c)
Download TWRP 3.0 from http://forum.xda-developers.com/z5-compact/orig-development/twrp-suzuran-twrp-3-0-t3334568 (I used "March 25, 2016 version") --> twrp-3.0-recovery.img
Download SuperSU v2.71 beta from https://download.chainfire.eu/932/SuperSU/BETA-SuperSU-v2.71-20160331103524.zip
With unlocked bootloader, you can now use fastboot mode. The easiest way is to do this from a running Android system:
adb reboot bootloader
Flash kernel:
unzip Z5C_AndroPlusKernel_v22c.zip
sudo fastboot flash boot boot.img
Flash recovery:
sudo fastboot flash recovery twrp-3.0-recovery.img
Install SuperSU:
boot into Android, copy BETA-SuperSU-v2.71-20160331103524.zip to internal storage (ADB sideload doesn't seem to work with this experimental TWRP at the moment...)
boot into TWRP by pressing volume-up when LED blinks immediately after turning on (and choose option "Keep Read Only" for the system partion)
Install SuperSU zip --> systemless mode
DEPRECATED Alternative 2: with modified system partition: http://forum.xda-developers.com/z5-...rnel-stock-kernel-dm-verity-sony-ric-t3350341
RECOMMENDED Alternative 3: with stock kernel patched for root and original system partition: http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Download rootkernel_V4.51_Windows_Linux.zip from URL above (or the newest version available at that time) and unpack
Patch the kernel from your currently flashed Sony firmware release:
Flashtool -> Tools -> SIN Editor to extract the kernel from kernel.sin in the directory created by XperiFirm --> .elf file
Copy latest SuperSU*.zip (v2.76 at the time of this last update) to the folder where rootkernel*.zip was extracted to.
Note: if using the firmware 32.2.A.0.224, you will need the latest beta SuperSU.zip from https://download.chainfire.eu/964/SuperSU/BETA-SuperSU-v2.74-2-20160519174328.zip . For 32.2.A.0.253 (the latest at the time of this update), use SuperSU v2.76 (non-beta).
./rootkernel.sh kernel.elf kernel-patched.elf
My personal recommendation for the options: don't disable RIC, install TWRP, don't install busybox, install DRM fix
sudo fastboot flash boot kernel-patched.elf
./flash_dk TA-02042016.img DK.ftf
Flash DK.ftf with flashtool for a more complete restore of DRM-based functionality with the original TA partition backup
UPDATED: Thanks to ninestarkoko for pointing out that also the AndroPlus kernel disables dm-verity to enable more flexibility for root-using apps. Originally I assumed that dm-verity would still be intact with alternative 1, which in fact it is not. As of 2016-05-11, I used alternative 3 instead of alternative 1.
Now that Xposed can be installed system-less (http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268), it should be possible to use with dm-verity intact. However, I have not tried this so far.
5. [Optional] Install Xposed
Sony MM firmware no longer seems to have the odex problem documented in http://forum.xda-developers.com/crossdevice-dev/sony/z4-z5-z5c-fix-camera-fc-installing-t3246962/, so no additional steps before/after "normally" installing Xposed are required
Download latest arm64 "sdk23" framework from http://dl-xda.xposed.info/framework/ (I used v81)
UPDATE: There is now a system-less version v86, which may even support OTA upgrades of the system image. At the time of this last update, I used the version linked from http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268.
Download XposedInstaller_3.0-alpha4.apk from http://forum.xda-developers.com/showthread.php?t=3034811 and install
UPDATE: For the system-less Xposed version, instead use XposedInstaller_by_dvdandroid.apk from http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268.
Install xposed-v86.1-sdk23-topjohnwu.zip via TWRP
6. Restore functionality relying on DRM credentials
Note: This is not necessary if you used alternative 3 for rooting above - that one already includes the DRM fix in the patched kernel image.
Using TWRP flashed in the step before, flash the ZIP to patch Sony credentials checks from http://forum.xda-developers.com/xperia-z5/development/sony-credentials-restore-unlocking-t3296383 .
Copy drmrestore.zip from above link to internal storage and install via TWRP
That's it!
Sorry, I have never been totally clear on the relationship of firmware and kernels. If I install .163 and go through all the root steps here, if I then install .185 will I no longer have root or will the kernel still be rooted? Or after I upgrade will I be required to go through the root process again? Or by chance is there just no root available for the .185 release yet? Thanks
I would like to make some observations to this useful post, because it seems there's a bit of confusion:
About point 2)
to backup TA partition, just connect the phone and run tabackup.bat from iovyroot zip .
It will execute adb commands automatically.
About point 3)
i would stick with Lollipop and unlock directly on Lollipop, there's no need to flash MM before. You need to flash a firmware using flashtool if you have already unlocked. Temporary root exploit does not alter in any way the current system.
About point 4)
All the modded kernels on xda seems to have dm-verity and sony ric disabled. Androplus kernel too ( https://kernel.andro.plus/kitakami_r2.html from the first changelog ). /system partition modification is also necessary for DRM restore functions.
I think that root priviledges for apps with DM-verity enabled on /system would be quite "dangerous". As soon as an app edit the system partition (just a simple mod), the phone would go in bootloop.
It's been one or two weeks since Tobias released a more advanced and updated technique to restore DRM functions, and just flashing a .zip is no more sufficient (now .zip flashing + .ftf flashing with flashtool)
The gold standard regarding the kernel part is:
-use a modded stock kernel (TWRP recovery and advanced DRM restore function included) following this guide:
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
-or use custom kernels like Androplus,... (TWRP might or might not be included) and then restore DRM functions following the instructions from the same post above (drmonly command from the package)
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Thank you for making a guide on Z5c forums. I've seen one only on z5 forums
Frontier3 said:
Sorry, I have never been totally clear on the relationship of firmware and kernels. If I install .163 and go through all the root steps here, if I then install .185 will I no longer have root or will the kernel still be rooted? Or after I upgrade will I be required to go through the root process again? Or by chance is there just no root available for the .185 release yet? Thanks
Click to expand...
Click to collapse
If you are on Lollipop, i suggest flashing directly MM .185 . If you are on MM .163 then flashing the whole firmware package will/could wipe everything, kernel included. I don't know exactly if the kernel from .163 is exactly the same as the one in .185. If your kernel gets wiped then root, DRM restore, TWRP would go away.
Let me explain: You need a modded kernel in order to install SuperSU, which gives root access to apps. SuperSU runs fine on many phones, Z5C MM included. If you upgrade using a .ftf file flashing, then the chance is high that you need to mod/install a custom kernel again, restore DRM functions and install SuperSU again.
If I root my phone, and then I turn it off and then on will the root still be usable?
What I'm asking is if its like iPhone's tethered and untethered jailbreaks?
I have rooted (unlocked bootloader), TWRP installed. How can I update to MM?
Many thanks for any help!
damn_son said:
If I root my phone, and then I turn it off and then on will the root still be usable?
What I'm asking is if its like iPhone's tethered and untethered jailbreaks?
Click to expand...
Click to collapse
Yes, it will be rooted, until you unroot!
Thanks for the tutorial.
Which region firmware should I choose for Canada? There's not even USA firmware available. Does it matter at all?
You mentioned using E5823_StoreFront_1299-6910_32.0.A.6.200_R2B to downgrade.
I'm currently on MM .185 Customized UK.
Does it matter what region I use?
fisheyes1 said:
You mentioned using E5823_StoreFront_1299-6910_32.0.A.6.200_R2B to downgrade.
I'm currently on MM .185 Customized UK.
Does it matter what region I use?
Click to expand...
Click to collapse
You'd have to go back to an exploitable firmware. Version working are mentioned here: http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
In the Z5c case E5823_StoreFront_1299-6910_32.0.A.6.200_R2B is the best solution IMO
ninestarkoko said:
I would like to make some observations to this useful post, because it seems there's a bit of confusion:
About point 2)
to backup TA partition, just connect the phone and run tabackup.bat from iovyroot zip .
It will execute adb commands automatically.
Click to expand...
Click to collapse
As I used Linux, the .bat script won't be directly applicable. The commands listed in my post will work with all host OS. (This is in addition to my personal disinclination to execute downloaded scripts directly on my development host .)
ninestarkoko said:
About point 3)
i would stick with Lollipop and unlock directly on Lollipop, there's no need to flash MM before. You need to flash a firmware using flashtool if you have already unlocked. Temporary root exploit does not alter in any way the current system.
Click to expand...
Click to collapse
Fully correct. I was already on MM before starting the whole process, so I had to go back to LL first.
ninestarkoko said:
About point 4)
All the modded kernels on xda seems to have dm-verity and sony ric disabled. Androplus kernel too ( https://kernel.andro.plus/kitakami_r2.html from the first changelog ). /system partition modification is also necessary for DRM restore functions.
I think that root priviledges for apps with DM-verity enabled on /system would be quite "dangerous". As soon as an app edit the system partition (just a simple mod), the phone would go in bootloop.
It's been one or two weeks since Tobias released a more advanced and updated technique to restore DRM functions, and just flashing a .zip is no more sufficient (now .zip flashing + .ftf flashing with flashtool)
The gold standard regarding the kernel part is:
-use a modded stock kernel (TWRP recovery and advanced DRM restore function included) following this guide:
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
-or use custom kernels like Androplus,... (TWRP might or might not be included) and then restore DRM functions following the instructions from the same post above (drmonly command from the package)
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Click to expand...
Click to collapse
Many thanks for that correction - I was wrong to assume that dm-verity would still be intact with Androplus kernel. I have updated my post accordingly.
Would have been good for me, to have boot and recovery bold. Just recalled the fastboot flash boot command to flash the recovery over
besides that: *****
sudo fastboot flash boot boot.img
Flash recovery:
sudo fastboot flash recovery twrp-3.0-recovery.img
Click to expand...
Click to collapse
smartphone-tester said:
As I used Linux, the .bat script won't be directly applicable. The commands listed in my post will work with all host OS. (This is in addition to my personal disinclination to execute downloaded scripts directly on my development host .)
Fully correct. I was already on MM before starting the whole process, so I had to go back to LL first.
Many thanks for that correction - I was wrong to assume that dm-verity would still be intact with Androplus kernel. I have updated my post accordingly.
Click to expand...
Click to collapse
Great to see updates to the first post, it will be useful for many new Z5c users out there
hi, im new z5c user
just received it and ill take this tuto for the root
thank you
Hey quick question, what exactly is stored in the DRM keys? I heard it's no longer the low-light camera stuff, so what is? If it's not too relevant isn't it just much easier to OEM unlock on MM, flash twrp and supersu (do you need the custom kernel to do so, btw?) and be done with it?
ApplepieFTW said:
Hey quick question, what exactly is stored in the DRM keys? I heard it's no longer the low-light camera stuff, so what is? If it's not too relevant isn't it just much easier to OEM unlock on MM, flash twrp and supersu (do you need the custom kernel to do so, btw?) and be done with it?
Click to expand...
Click to collapse
Some Sony-proprietary functions are dependent on the keys (e.g. low-light algorithms in the stock camera, seemingly also some screen optimizations, or potentially also stuff like screen mirroring - although I have not tried myself what is missing without real/fake DRM keys) as well as DRM management via Widevine. With the restore patches, you get most of the Sony functionality back even when the keys themselves have been deleted. Widevine might not work without the original keys available.
I just have a question cause I seem to be getting 0 answers elsewhere.
I want the latest lollipop on my Z5C and NOT Marshmallow. I believe it's the 32.0.A.6.200 build.
Anyway, I thought I could update to it like OTA, only not all the way to MM but staying at LP. Do I have to unlockbootloader, root and then use flashtool with the 32.0.A.6.200 build (which I've founda few online)? Is there no way to just install it like a "normal" update as I am currently still on stock 32.0.A.4.11. Is my only salvation to unlock bootloader, root and install the update?
You shouldn't have to unlock or root to use flash tool to flash 32.0.A.6. 200
Ive tried multiple different versions now, but it always stop at "Processing modem.sin", even tried leaving it for 20min. No results.
Anyone with a solution?
Edit: Also tried it on my macbook, same problem!
To clarify: Talking about downgrading to .200
It is not clear to me to try it and I doesnt want to brick my handy. Any way to make a video tutorial, including all, unlocking BL, backuk and restore DRM and also a way to turn back the device to a stock rom, for a warannty purposes (my camera is very very bad).
Thank you.
Sorry guys, but just to confirm: if I manage to successfully back up my TA partition, I can always go back and re-lock the boot loader, right? I am also skeptical about voiding warranty Sony speaks about on their corresponding web site. Do you think they save a record whenever someone requests an unlock code from them? In other words, if I need to restore stock ROM and TA partition later on (e.g. due to RMA), would it be possible for my vendor (Telekom) to check with Sony if I have ever unlocked my boot loader?
Many thanks for your great work!
I rooted my phone following the guide from user "smartphone-tester". I wanted to update his post as there were 1 or 2 mistakes, and shorten in to make rooting seem a little less scary. His original post is here: http://forum.xda-developers.com/z5-compact/general/summary-tutorial-root-sony-xperia-z5-t3360515
STEP 1 Backup your device
Move everything you want to keep onto the SD card or your PC. Your phone will be completely wiped.
STEP 2 Downgrade to exploitable firmware release
2.1 Download XperiFirm from http://forum.xda-developers.com/crossdevice-dev/sony/pc-xperifirm-xperia-firmware-downloader-t2834142
2.2 In XperiFirm - download firmware build 32.0.A.6.200 with XperiaFirm (E5823_StoreFront_1299-6910_32.0.A.6.200_R2B)
2.3 Download flashtool from http://www.flashtool.net/index.php(get latest version)
2.4 In Flashtool - Create FTF file. Select Tools->Bundles->Create
2.5 In FlashTool - Flash the FTF in flashmode. Make sure to select the checkboxes under Wipe. (Takes 10 minutes)
STEP 3 TA / DRM Keys Backup and root current firmware
3.1 Download Ivy Root http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
3.2 Connect your phone in ADB mode, in a command window run:
adb push "root/iovyroot" "/data/local/tmp/iovyroot"
adb push "root/backup.sh" "/data/local/tmp/backup.sh"
open shell: adb shell
chmod 777 /data/local/tmp/iovyroot
chmod 777 /data/local/tmp/backup.sh
mkdir /data/local/tmp/tabackup
/data/local/tmp/iovyroot /data/local/tmp/backup.sh
exit
adb pull "/data/local/tmp/tabackup/"
STEP 4 UPGRADE TO LASTEST ANDROID (6.01)
4.1 In XperiFirm - download firmware 32.2.A.6.224 (get the build for your model, mine is E5823_Customized TW_1298-7315_32.2.A.0.224_R9C)
4.2 In Flashtool - create FTF file from E5823_Customized TW_1298-7315_32.2.A.0.224_R9C and flash in flashmode.
4.3 In your phones setting, under develop options - select "Enable OEM Unlock"
4.4 Unlock your bootloader by following these steps excactly :http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/
STEP 5 ROOT ANDROID 6.01
5.1 Download SuperSu 2.74 or greater. Copy the zip file onto your Z5 Compacts internal storage https://download.chainfire.eu/964/SuperSU/BETA-SuperSU-v2.74-2-20160519174328.zip
5.2 In Flashtool -> Tools -> SIN Editor , then extract the kernel from kernel.sin in the directory created by XperiFirm when you downloaded 32.2.A.6.224. It creates an .elf file
5.3 Download rootkernal tool from http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605 extract the zip into a folder, then copy the .elf file into the folder
5.4 In a cmd window go into your extracted rootkernal folder, run the command: rootkernel kernel.elf kernel-patched.elf
5.5 When rootkernel is running, select Disable Sony RIC, install TWRP, install busybox, install DRM fix
5.6 Put your phone into fastboot mode (Turn off phone, hold volume up and plug in USB)
5.7 Flash your patched Kernel to your phone with this command: fastboot flash boot kernel-patched.elf
5.8 Go Into TWRP(unplug usb, turn phone on, then keep hitting volume up until phone goes into TWRP)
5.9 Install SuperSu : Select Install, Select SuperSU zip --> systemless mode
STEP 6
6.1 Restart your Device and your done!
DRM KEYS: While we did make a backup for the TA partition containing the DRM keys, this tutorial did not explain how to restore that because in STEP 5 when patching the kernel we selected to use the DRM Fix. This DRM Fix should be good enough - as everything on my phone is working 100%, but should you ever need to restore your TA partition in the future you have your backup.
nice
you should make a video on how to do this (this is my 1st time rooting and i am completely lost)
I'm an occasional user of all those rooting methods. Here I'm fairly stuck at the Iovyroot step.
I was able to unlock bootload, to flashboot the thing, to even revert to 5.1.1, but then, at the Iovyroot step, I can no long see where to open the cmd. Even when I enter adb devices or android devices, nothing is shown. Although I changed the path in the variables.
I'm getting frustrated big time with the lack of user friendly infos on those tutos. Half of the stuff I had to search for third party tutos to understand how I should go to the next step. Please, help someone who doesn't have his translator on.
EDIT: Well, in the end I couldn't do the backup part, but I just did the rooting and the phone seems all good. Powerful and versatile tool in my pocket, I'm pretty satisfied. Thank you for the tuto, be more user friendly though next time. Some people come here with little knowledge, they need to find their way properly.
Why so many steps when all you have to do is unlock the bootloader, flash twrp and that's it? I rooted on lollipop so I'm confused where it git so complicated.
civicsr2cool said:
Why so many steps when all you have to do is unlock the bootloader, flash twrp and that's it? I rooted on lollipop so I'm confused where it git so complicated.
Click to expand...
Click to collapse
The tutorial covers backing up the TA partition that holds the Sony DRM stuff that's used by the camera (and maybe some other stuff).
This is "just in case" the DRM work around stops working, or if something in the future requires the actual TA partition to have the data there.
If you don't care about anything that is affected by the DRM stuff and don't care that not having a backup could prove to be detrimental in the future, you do only need the few steps of 1) unlock bootloader, 2) flash twrp, 3) flash supersu.
what are those step exactly (sorry new to this)
---------- Post added at 03:47 PM ---------- Previous post was at 03:31 PM ----------
I am stuck on "2.5 In FlashTool - Flash the FTF in flashmode. Make sure to select the checkboxes under Wipe. (Takes 10 minutes)" all i get is a window with source folder, device, branding, version. and I don't see the word wipe at all
greenkabbage said:
The tutorial covers backing up the TA partition that holds the Sony DRM stuff that's used by the camera (and maybe some other stuff).
This is "just in case" the DRM work around stops working, or if something in the future requires the actual TA partition to have the data there.
If you don't care about anything that is affected by the DRM stuff and don't care that not having a backup could prove to be detrimental in the future, you do only need the few steps of 1) unlock bootloader, 2) flash twrp, 3) flash supersu.
Click to expand...
Click to collapse
Gotcha. I see no reason to worry about backing up ta, the fix has been working for nearly 7 months and no reported troubles
ISO_Metric said:
you should make a video on how to do this (this is my 1st time rooting and i am completely lost)
Click to expand...
Click to collapse
If this rooting turortial is too difficult try this: http://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294
With this app, you can fully debloat your phone on a completely stock firmware, locked bootloader etc. Because its your phone is not rooted though, you cannot get Xposed framework or CM13, or other advanced stuff - but for those of us who wanted root just to clean up our devices - this method is definitly the best!
1|[email protected]:/ $ /data/local/tmp/iovyroot /data/local/tmp/backup.sh
iovyroot by zxz0O0
poc by idler1984
Error: Device not supported
Someone knows ho to solve this error in step 3.2? Thank you in advance for the help
can I do this tutorial with 32.0.A.6.152 in step 2 and 32.2.A.0.256 in step 5 ?
sheraro said:
can I do this tutorial with 32.0.A.6.152 in step 2 and 32.2.A.0.256 in step 5 ?
Click to expand...
Click to collapse
There is a .256 firmware?
flopower1996 said:
There is a .256 firmware?
Click to expand...
Click to collapse
sorry .253 , I found that iovyroot works only with .200 for E5823 so never mind
Hi all, sorry for the dumb question, but is there any hope for a root without the bootloader unlocked?
gabbodj95 said:
Hi all, sorry for the dumb question, but is there any hope for a root without the bootloader unlocked?
Click to expand...
Click to collapse
No
Thank you
Hi @Dean F , I appreciate your effort to simplify the steps here as it's a bit messy from the original post.
I've been rooting from Xperia Ray to Xperia Z1 but Z5 have been very challenging for me probably due to the lack of understanding from "How to root post" before you actually made this one.
Thank you my friend :good:
Pardon me for being an idiot
Hello Dean F!
Thanks for this tutoial. But before I'll try this, I have two quetions:
1) How do I use your steps WITH restoring the backuped TA-partition?
2) Is the descriped process also usable with a Xperia Z3 Tablet?
Thanks and greetings from GErmany
"klausstoertebeker"
hi,
i cannot download 32.0.A.6.200_R2B from XperiFirm,
"unable to read data from the transport connection: The connection was closed."
i tried like 10 times, and always same i cannot download until done,
are you or member in here know where i can download firmware 32.0.A.6.200_R2B (E5803) for unlock and rooting my phone?
thankyou very much
nb: sorry for my bad english.
bintangsofyan said:
hi,
i cannot download 32.0.A.6.200_R2B from XperiFirm,
"unable to read data from the transport connection: The connection was closed."
i tried like 10 times, and always same i cannot download until done,
are you or member in here know where i can download firmware 32.0.A.6.200_R2B (E5803) for unlock and rooting my phone?
thankyou very much
nb: sorry for my bad english.
Click to expand...
Click to collapse
Hi, you should download the AU Telstra. That's the only working one for that firmware. You can check the firmware of AU Telstra to double confirm if it's the right firmware.
How to root 32.0.A.6.200 please?