Database Users

[How-to] Rooted stock SGP621 firmware with DRM keys

Note: Since lowtraxx's guide has included how to get back to stock rom since the time this post was made, I strongly suggest to follow his guide instead.
==========================
Disclaimer:
I make no claims to any of the codes, scripts and programs listed in this post. Credit goes to the creators.
This serves as a extension of lowtraxx's guide (which left your device on a rooted SGP621 on a D6603 system).
These are what I did to get stock rooted firmware on my SGP621 while keeping the bootloader locked and most importantly, the DRM keys intact. I make no guarantees that you will not brick your device, but I did quite a lot of trial and error flashing without messing things up, so if you know what you are doing, these steps should be relatively safe.
Files/Tools Required:
Backup TA by DevShaft
Flashtool by Androxyde
Stock SGP621 FTF (I compiled my own by downloading the firmware using XperiFirm by laguCool and bundling the FTF using Flashtool. Alternatively, you can just use the one provided in lowtraxx's guide.)
Advanced Stock Kernel by krabappel2548
PRFCreator by zxz0O0
SuperSU by Chainfire
SonyRICDefeat by dosomder
Prerequisite:
Follow lowtraxx's guide to completion.
Steps:
Backup TA partition using Backup TA.
Return to stock unrooted by flashing the SGP621 FTF using Flashtool.
Unlock the bootloader (You'll lose the DRM keys here, but it doesn't matter anymore since you already have them backed up using Backup TA).
Flash the Advanced Stock Kernel using Flashtool in FastBoot mode. At this point your device will be unlocked, with DRM keys lost, and rooted with custom recovery.
Using PRFCreator on the SGP621 FTF and the SuperSU zip, create a rooted stock firmware flashable zip. Note: Be sure to check all the checkboxes under the "Include" section.
Copy the resulting zip onto your device's internal storage or external SD card.
Also copy the SonyRICDefeat zip to the same location.
Boot into TWRP on your device (Boot up the device and press the Volume down key when the purple LED lights up on the Sony boot screen).
Flash the rooted stock firmware zip followed by the SonyRICDefeat zip.
Once complete, reboot into system and set up the device for USD Debugging.
Restore the TA partition using Backup TA.
Reboot the device again and you now have the device on rooted stock firmware, with DRM keys intact.

CubicU07 said:
Disclaimer:
I make no claims to any of the codes, scripts and programs listed in this post. Credit goes to the creators.
This serves as a extension of lowtraxx's guide (which left your device on a rooted SGP621 on a D6603 system).
These are what I did to get stock rooted firmware on my SGP621 while keeping the bootloader locked and most importantly, the DRM keys intact. I make no guarantees that you will not brick your device, but I did quite a lot of trial and error flashing without messing things up, so if you know what you are doing, these steps should be relatively safe.
Files/Tools Required:
Backup TA by DevShaft
Flashtool by Androxyde
Stock SGP621 FTF (I compiled my own by downloading the firmware using XperiFirm by laguCool and bundling the FTF using Flashtool. Alternatively, you can just use the one provided in lowtraxx's guide.)
Advanced Stock Kernel by krabappel2548
PRFCreator by zxz0O0
SuperSU by Chainfire
SonyRICDefeat by dosomder
Prerequisite:
Follow lowtraxx's guide to completion.
Steps:
Backup TA partition using Backup TA.
Return to stock unrooted by flashing the SGP621 FTF using Flashtool.
Unlock the bootloader (You'll lose the DRM keys here, but it doesn't matter anymore since you already have them backed up using Backup TA).
Flash the Advanced Stock Kernel using Flashtool in FastBoot mode. At this point your device will be unlocked, with DRM keys lost, and rooted with custom recovery.
Using PRFCreator on the SGP621 FTF and the SuperSU zip, create a rooted stock firmware flashable zip.
Copy the resulting zip onto your device's internal storage or external SD card.
Also copy the SonyRICDefeat zip to the same location.
Boot into TWRP on your device (Boot up the device and press the Volume down key when the purple LED lights up on the Sony boot screen).
Flash the rooted stock firmware zip followed by the SonyRICDefeat zip.
Once complete, reboot into system and set up the device for USD Debugging.
Restore the TA partition using Backup TA.
Reboot the device again and you now have the device on rooted stock firmware, with DRM keys intact.
Click to expand...
Click to collapse
Hey, How did you manage to avoid soft bricking your tablet?
i followed your instructions but i still get softbricks.

frostmore said:
Hey, How did you manage to avoid soft bricking your tablet?
i followed your instructions but i still get softbricks.
Click to expand...
Click to collapse
At which point did you get softbricks? Try to do a data wipe from recovery and see if it helps.

CubicU07 said:
At which point did you get softbricks? Try to do a data wipe from recovery and see if it helps.
Click to expand...
Click to collapse
Step 9.

For me, I got soft brick after restoring the TA partition. Ended up repeating the whole process flashing stock firmware again. After that, I found that I need to tick all the checkbox in the PRFCreator when creating the flashable zip. After the flash and restore, I am able to boot smoothly.

Pingpoi said:
For me, I got soft brick after restoring the TA partition. Ended up repeating the whole process flashing stock firmware again. After that, I found that I need to tick all the checkbox in the PRFCreator when creating the flashable zip. After the flash and restore, I am able to boot smoothly.
Click to expand...
Click to collapse
I guess I wasn't too clear on how to use PRFCreator, apologies for that. Added a note in to reflect that in the original post.

Can i do it on unlocked bootloder?
Which step should i skip? Thanks

zalaz said:
Can i do it on unlocked bootloder?
Which step should i skip? Thanks
Click to expand...
Click to collapse
Start from Step 4 since your bootloader is unlocked.

Since lowtraxx's guide now also include guides to flash rooted stock or CM, so that means both guides do the same thing now? Since I was a little confused while reading the instruction:
Prerequisite:
Follow lowtraxx's guide to completion.
Anyway, thanks both for the great works!!

Please,i have the same confuse as ultima888 with "Prerequisite:
Follow lowtraxx's guide to completion.".
Should i only follow that guide,from this topic? (as it describe full way to get root and stock rooted FW,
or i understand some wrong?) Or i must to go all through lowtrack's guide and THEN do in ptactice the same steps from this guide?
Pls understand me, here are some confusings her, i don't like to softbrick my device and ask just to be sure...
Thanks in advance!!!

ValVK said:
Please,i have the same confuse as ultima888 with "Prerequisite:
Follow lowtraxx's guide to completion.".
Should i only follow that guide,from this topic? (as it describe full way to get root and stock rooted FW,
or i understand some wrong?) Or i must to go all through lowtrack's guide and THEN do in ptactice the same steps from this guide?
Pls understand me, here are some confusings her, i don't like to softbrick my device and ask just to be sure...
Thanks in advance!!!
Click to expand...
Click to collapse
Do lowtraxx's post first.
Then follow this post.

i am little bit confused by all of those steps to get root. (described in this and related threads)
if i understood the whole procedure right then we have to get root first
via flashing a vulnerable firmware made for another device, to be able to backup the drm keys right?
but then we lose root again while flashing back latest stock rom.
now we have to proceed with unlocking the bootloader to get root and recovery.
finally we restore drm keys and doing so bootloader is locked again ?
is this basically what all those steps are for and do i have to go through all of them
if i "just" want to get root on latest stock (no custom roms) to install xposed framework?
thanx in advance and keep up the good work.

sorry, I only speak Spanish, I used google translate:
The original firmware is not vulnerable. The only way get root is opening the bootloader (and put a custom recovery to install SuperSU) but that the drm keys are lost. To keep the drm keys have to get to backup the partition TA without opening the bootloader. To make the backup you need to root and to achieve this must be mixed before 2 firmwares.
Restoring the TA partition relock the bootloader
You should only restore the TA partition with an original kernel

Bundling the FTF question
[*]Stock SGP621 FTF (I compiled my own by downloading the firmware using XperiFirm by laguCool and bundling the FTF using Flashtool. Alternatively, you can just use the one provided in lowtraxx's guide.)
Click to expand...
Click to collapse
Thanks for the guide!
Just a newbie question. What Sony device did you select in Flashtool when you bundled the firmware? I can not find SGP621 anywhere.
/kusk

SO i made a lollipo ftf pre rooted but when i tried to flash RICDefeat it would give me an error. I rebooted the system and everything seems fine, what exactly did that zip file do. What problems im i going to have with the divice and is there any way of fixing it.
thx

Dear CubicU07.
I have a question for u. I have a z3 tablet but it's SGP641 so if i follow this guide for my z3t 641 , have any problems with this ?
Ty for reading

Works on SPG611
Thank you for the guide. Was redirected from http://forum.xda-developers.com/z3-...t-rooting-sgp611-giefroot-bootloader-t3017314 and your guide was perfect. Thank you for your effort.

Same for me
Sony RIC protection not work on Lolipop. A new Version would be nice.

Hi everyone,
In step 5,
1. do I have to check the checkbox in "Sign zip"?
2. do I have to put any recovery file under "recovery zip" section?
Thanks.

waichai said:
Hi everyone,
In step 5,
1. do I have to check the checkbox in "Sign zip"?
2. do I have to put any recovery file under "recovery zip" section?
Thanks.
Click to expand...
Click to collapse
1. no
2.no

[Guide] Rooting and unlocking bootloader (bonus) back up DRM

Hi Everyone.I see some members are new to Sony phones and some to unlocked boot loader.So here is a simple guide.
BTW I'm not the developer of any of these methods.that's why I won't post any links for downloads and will redirect you to original threads.
Do it at your own risk
So let's begin.You have either updated your Z5 to MM or still on LP.
.First step is to flash a kernel that can be rooted.If your Kernel is older than december then you are good to go.If not follow these steps.
1.Download the latest Flashtool
http://www.flashtool.net/downloads.php
2.Download 32.0.A.6.200 or any older build for your Z5.(pay attention to download the right firmware. for example you may have E6633 or E6653)
3.Flash it and power on your phone.
4.Download Iovyroot and use it to back up your DRM key.(don't forget to enable USB debugging)
http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
5.Copy your DRM keys to a safe back up.(warning:never try to flash another handsets DRM key or you will hardbrick your phone)
6.Update back to MM.You can use Sony PC companion to update if you have Locked bootloader or simply download and flash your latest FTF file
7.Unlock your bootloader now.request keys from here.follow the guide
http://developer.sonymobile.com/unlockbootloader/start-unlocking-your-boot-loader/
8.Now to keep your DRM intact and have root and xposed this is the best choice.Download this tool and patch your kernel
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
9.after patching your kernel with your own TA back up just power down your phone.press and hold volume up while plugging USB cable to PC to go to fastboot mode.
10.use this command to flash your new kernel
fastboot flash boot boot.img
11.Download latest SuperSu zip and copy it to your phone or memory card
http://www.supersuroot.com/download.html
12.restart your handset.Keep pressing volume up to go to TWRP recovery.Flash the superSU zip.Now you are rooted with locked bootloader
13.(optional)download and flash Xposed zip http://dl-xda.xposed.info/framework/sdk23/arm64/

Fix camera apps FC after updating xposed.
connect your phone to PC with usb.(USB debugging must be on).open ADB shell ans type SU
grant superuser permission to ADB then copy and paste this to ADB and press enter.that's it
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg /system/framework/XposedBridge.jar --instruction-set=arm --instruction-set-features=smp,div,atomic_ldrd_strd --runtime-arg -Xnorelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=cortex-a53 --instruction-set-features=default --dex-file=/system/priv-app/CameraCommon/oat/arm/CameraCommon.odex --oat-file=/data/dalvik-cache/arm/[email protected]@[email protected]@classes.dex

Is this really working?
Sent from my E6603 using XDA-Developers mobile app

many many thanks josephnero.
I've experience with other devices but I find Xperia rooting quite confusing.
Any chance you can also post a brief tutorial on how to return full stock with locked bootloader after having rooted the device?
So we can use OTA updates again.
I suppose it should be:
1) full wipe
2) flash stock rom with flashtool
3) use Iovyroot tool to restore TA (this should automatically relock BL)
but not sure.

indianmeister said:
Is this really working?
Sent from my E6603 using XDA-Developers mobile app
Click to expand...
Click to collapse
Ofcourse.I'm using it myself
here is a screen shot

Aklo01 said:
many many thanks josephnero.
I've experience with other devices but I find Xperia rooting quite confusing.
Any chance you can also post a brief tutorial on how to return full stock with locked bootloader after having rooted the device?
So we can use OTA updates again.
I suppose it should be:
1) full wipe
2) flash stock rom with flashtool
3) use Iovyroot tool to restore TA (this should automatically relock BL)
but not sure.
Click to expand...
Click to collapse
you mean to unroot and return to full stock?if so yes. make sure to flash the same firmware that you used to back up TA. you can also use The Ta back up tool to restore.no need to full wipe before flashing,you can use wipe option in flashtool

josephnero said:
Hi Everyone.I see some members are new to Sony phones and some to unlocked boot loader.So here is a simple guide.
BTW I'm not the developer of any of these methods.that's why I won't post any links for downloads and will redirect you to original threads.
So let's begin.You have either updated your Z5 to MM or still on LP.
.First step is to flash a kernel that can be rooted.If your Kernel is older than december then you are good to go.If not follow these steps.
1.Download the latest Flashtool
http://www.flashtool.net/downloads.php
2.Download 32.0.A.6.200 or any older build for your Z5.(pay attention to download the right firmware. for example you may have E6633 or E6653)
3.Flash it and power on your phone.
4.Download Iovyroot and use it to back up your DRM key.(don't forget to enable USB debugging)
http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
5.Copy your DRM keys to a safe back up.(warning:never try to flash another handsets DRM key or you will hardbrick your phone)
6.Update back to MM.You can use Sony PC companion to update if you have Locked bootloader or simply download and flash your latest FTF file
7.Unlock your bootloader now.request keys from here.follow the guide
http://developer.sonymobile.com/unlockbootloader/start-unlocking-your-boot-loader/
8.Now to keep your DRM intact and have root and xposed plus locked bootloader this is the best choice.Download this tool and patch your kernel
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
9.after patching your kernel with your own TA back up just power down your phone.press and hold volume up while plugging USB cable to PC to go to fastboot mode.
10.use this command to flash your new kernel
fastboot flash boot boot.img
11.Download latest SuperSu zip and copy it to your phone or memory card
http://www.supersuroot.com/download.html
12.restart your handset.Keep pressing volume up to go to TWRP recovery.Flash the superSU zip.Now you are rooted with locked bootloader
13.(optional)download and flash Xposed zip http://dl-xda.xposed.info/framework/sdk23/arm64/
Click to expand...
Click to collapse
In step 12. You got root with locked bootloader? I don't think so cause any modification in kernel required to have unlock bootloader if not phone got boot loop or won't boot at all

devilmaycry2020 said:
In step 12. You got root with locked bootloader? I don't think so cause any modification in kernel required to have unlock bootloader if not phone got boot loop or won't boot at all
Click to expand...
Click to collapse
Remember this is not a custom kernel.It's your own stock kernel just RIC and Dm protection patched
After step 10 you have locked bootloader with a patched Kernel and recovery.no DM variety to stop root afterwards

josephnero said:
Remember this is not a custom kernel.It's your own stock kernel just RIC and Dm protection patched
After step 10 you have locked bootloader with a patched Kernel and recovery.no DM variety to stop root afterwards
Click to expand...
Click to collapse
Show your bootloader status please. Thanks

devilmaycry2020 said:
Show your bootloader status please. Thanks
Click to expand...
Click to collapse
This one?

josephnero said:
you mean to unroot and return to full stock?if so yes. make sure to flash the same firmware that you used to back up TA. you can also use The Ta back up tool to restore.no need to full wipe before flashing,you can use wipe option in flashtool
Click to expand...
Click to collapse
When I will be rooted I don't think I'll need to "flash the same firmware that I used to back up TA" to restore TA and go back to stock & unrooted.
There will be no need to use an exploit to restore TA.
It will be just a matter of :
dd if=TA.img of=....
and then flash lastest stock ROM.
am I wrong ?

If I made a Backup on my Unrooted Z5 MM. 163 with Xperia Backup in settings.
I downgrade. Root my Z5 etc. Update to.. 163 again.
Unlock Bootloader, then Root.
Can I restore that Backup?
Or might that not work?
Sent from my E6653 using XDA-Developers mobile app

This tutorial works and I used it some days ago.
But when you flash kernel with your Ta and Sony release update you must unlock bootloader and wiping system once again to flash new kernel. Update via ota is not recomended. Of course we can flash firmware without kernel in Flashtool, but when I tried mobile notify that new update from .185 to 185 is ready....
Wysłane z mojego E6653 przy użyciu Tapatalka

This guide works fine.
Thanks again

jugglerpl said:
This tutorial works and I used it some days ago.
But when you flash kernel with your Ta and Sony release update you must unlock bootloader and wiping system once again to flash new kernel. Update via ota is not recomended. Of course we can flash firmware without kernel in Flashtool, but when I tried mobile notify that new update from .185 to 185 is ready....
Wysłane z mojego E6653 przy użyciu Tapatalka
Click to expand...
Click to collapse
Maybe We can extract and patch the kernel then flash it with flashtool?

Duvel999 said:
If I made a Backup on my Unrooted Z5 MM. 163 with Xperia Backup in settings.
I downgrade. Root my Z5 etc. Update to.. 163 again.
Unlock Bootloader, then Root.
Can I restore that Backup?
Or might that not work?
Sent from my E6653 using XDA-Developers mobile app
Click to expand...
Click to collapse
I would strongly recommend to use another back up app.In my experience Sony back up failed many times

Aklo01 said:
When I will be rooted I don't think I'll need to "flash the same firmware that I used to back up TA" to restore TA and go back to stock & unrooted.
There will be no need to use an exploit to restore TA.
It will be just a matter of :
dd if=TA.img of=....
and then flash lastest stock ROM.
am I wrong ?
Click to expand...
Click to collapse
Honestly I'm not sure but better safe than sorry

I currently have (had ) UB and root on .163 MM, today decided to update and LB follow this guide.
I download and flash .185 MM via flashtool (without wipes), in meanwhile I unpack kernel from stock .185 and patched it with my TAbackup.img After flash I disconnect usb cable, don't reboot system, pluged again in fastboot mode, open cmd window with adb, pushed patched with my TA backup stock .185 kernel and latest twrp, next i start device and don't let them start fully but first go to recovery, in twrp choose reboot recovery and after that flash latest root package. Then reboot system and everything works exellent.
Now if i think correctly I have latest MM with UB and stock kernel with my DRM and ofcourse root.

jackq said:
I currently have (had ) UB and root on .163 MM, today decided to update and LB follow this guide.
I download and flash .185 MM via flashtool (without wipes), in meanwhile I unpack kernel from stock .185 and patched it with my TAbackup.img After flash I disconnect usb cable, don't reboot system, pluged again in fastboot mode, open cmd window with adb, pushed patched with my TA backup stock .185 kernel and latest twrp, next i start device and don't let them start fully but first go to recovery, in twrp choose reboot recovery and after that flash latest root package. Then reboot system and everything works exellent.
Now if i think correctly I have latest MM with LB and stock kernel with my DRM and ofcourse root.
Click to expand...
Click to collapse
So can we flash kernel from fastboot in current state?I don't think so because our BL is locked now.did you use patched kernel before update or did you have unlocked BL?

josephnero said:
So can we flash kernel from fastboot in current state?I don't think so because our BL is locked now.did you use patched kernel before update or did you have unlocked BL?
Click to expand...
Click to collapse
Like i wrote, i had unlocked BL when i start.
I flash MM in flashtool
after that unplug device (dont start system) and flash patched kernel trought adb, flash twrp, and all steps mentioned...

Summary/tutorial: Root on Sony Xperia Z5 Compact (E5823) with DRM keys backup

Hi everybody,
None of the following is my own novel work, I just took some time to go through the process step by step and document how to root the Z5 compact while preserving both the DRM keys (in a backup) and the functionality normally lost by unlocking the bootloader (using the DRM credentials patch). This post may serve as a tutorial for people starting to root their Z5 compact for the first time.
The device I tested it with is an E5823 with German firmware (originally shipped with CDA 1298-1220_R1C) that was already updated to build 32.1.A.1.163 (Android 6.0, patch level 2016-02-01) via OTA. For devices with other CDA regions, please adapt accordingly by using the respective firmware files.
1. Backup settings and apps
This will be required for restoring after unlocking the bootloader (which wipes the user data partition). For some reason, including the "-shared" option (i.e. contents of the internal emulated SD card, aka media storage) did not work, so make sure to save any media files (pictures takes with the camera, downloads, etc.) separately, e.g. via MTP.
Use Sony backup to SDcard functionality
adb backup -apk -all -f sony-xperia-z5c-noshared.ab
2. Backup TA partition (DRM keys)
Downgrade to exploitable firmware release (LP). Note that downgrading without wiping will make the phone unstable and may cause an automatic reboot after 1-2 min. Therefore either manually wipe the phone during flashing (ticking the checkbox in Flashtool) or be quick with the second (root/backup TA) step.
Download XperiFirm from http://forum.xda-developers.com/cro...xperifirm-xperia-firmware-downloader-t2834142 (I use it under Linux with mono) - UPDATE: For downloading the .185 MM firmware, I had to update to XperiFirm 4.9.1. For downloading 32.2.A.0.253, I used XperiFirm 5.0.0.
Download firmware build 32.0.A.6.200 for the root exploit based on CVE 2015-1805. I used E5823_StoreFront_1299-6910_32.0.A.6.200_R2B downloaded with XperiFirm 4.8.2 (or newer) on 2016-04-01
Download flashtool from http://www.flashtool.net/index.php, I used flashtool-0.9.20.0-linux.tar.7z (or newer version)
Create FTF file in Flashtool with menu Tools->Bundles->Create
Flash in flashmode (flashing system.sln takes 8-10 minutes, be patient...)
Use temporary root exploit to backup TA partition (http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597)
I used iovyroot_v0.3.zip as of 2016-04-02
Connect USB in ADB mode
adb push "root/iovyroot" "/data/local/tmp/iovyroot"
adb push "root/backup.sh" "/data/local/tmp/backup.sh"
open shell: adb shell
chmod 777 /data/local/tmp/iovyroot
chmod 777 /data/local/tmp/backup.sh
mkdir /data/local/tmp/tabackup
/data/local/tmp/iovyroot /data/local/tmp/backup.sh
exit
adb pull "/data/local/tmp/tabackup/" .
3. Upgrade again to MM and unlock bootloader with official method
Create FTF from E5823_Customized DE_1298-1220_32.1.A.1.163_R1C with Flashtool and flash in flashmode.
Optional: Verify that DRM keys are still OK: In dialer enter "*#*#service#*#*", then "Service tests" --> "Security" and it should look like this:
MARLIN [Key OK] [Active]
WIDEVINE [Key OK] [Active]
CKB [Key OK] [Active]
HUK: <device specific hex representation of key>
PROPID_AID: 004
OTP_LOCK_CONFIG: 0155
OTP_LOCK_STATUS: LOCKED
AUTH_ENABLE: 07
DEVICE_ID: <your device ID>
FIDO_KEYS: Provisioned
Factory Reset Reason: No device reset information found.
Click to expand...
Click to collapse
Allow bootloader unlock in developer settings
Follow steps from http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/ . There is not much to add here, as Sony describes the process well and in sufficient detail. Please note that this WILL WIPE YOUR DATA PARTITION, INCLUDING SHARED FILES. Make sure that you have a backup before executing this step (and best do it before downgrading to LP, because some parts will not work after the downgrade without a wipe, and may make the phone reboot after 1-2 min).
Reboot in fastboot mode: hold volume-up and connect USB cable to turn on
fastboot -i 0x0fce oem unlock <your unlock code>
After unlock: check key status
Blobs: generic error!
HUK: generic error!
PROPID_AID: 004
OTP_LOCK_CONFIG: 0155
OTP_LOCK_STATUS: LOCKED
AUTH_ENABLE: 07
DEVICE_ID: <your device ID>
FIDO_KEYS: Not provisioned, SUNTORY error
Factory Reset Reason: No device reset information found.
Click to expand...
Click to collapse
Optional: Try restoring TA partition (will lock bootloader again if successful!). This can be skipped entirely if you trust the tools used in this tutorial, but I chose to verify that restoring the DRM keys works as expected (not that you can do anything about it at that step if it doesn't work...).
Flash E5823_StoreFront_1299-6910_32.0.A.6.200_R2B again with Flashtool
Enable developer mode, connect USB in ADB mode
adb push "root/iovyroot" "/data/local/tmp/iovyroot"
adb push "root/restore.sh" "/data/local/tmp/restore.sh"
adb push TA-02042016.img "/data/local/tmp/TA.img"
open shell
chmod 777 /data/local/tmp/iovyroot
chmod 777 /data/local/tmp/restore.sh
/data/local/tmp/iovyroot /data/local/tmp/restore.sh
Flash E5823_Customized DE_1298-1220_32.1.A.1.163_R1C again with Flashtool
Check key status --> exactly the same as before, so successfully restored
Unlock again in fastboot mode (will wipe data again...)
fastboot -i 0x0fce oem unlock <your unlock code>
UPDATE: Updating to newer MM releases
After the first version of this post, Sony has already released an updated MM firmware (.253 at the time of this writing). If at any point in time you wish to update to a newer release, start at this point of the tutorial. Theoretically, this should be possible without wiping. However, I would not try it without a backup.
Create a backup, e.g. with adb backup or Sony backup.
Download new firmware with XperiFirm. At the time of this writing, I used "E5823_Customized DE_1298-1220_32.2.A.0.253_R2C", downloaded with XperiFirm 5.0.0.
Create FTF file in Flashtool with menu Tools->Bundles->Create
Flash in flashmode (flashing system.sln takes 8-10 minutes, be patient...)
4. Root MM
This will also give you TWRP recovery (which can be entered by pressing the volume up or down button a few seconds after power-on, as soon as the LED starts to change color).
DEPRECATED Alternative 1: with custom kernel but original system image: http://forum.xda-developers.com/z5-compact/general/root-e5823-marshmallow-t3336346
Download Androplus kernel from https://www.androidfilehost.com/?w=files&flid=52185 (I used v22c)
Download TWRP 3.0 from http://forum.xda-developers.com/z5-compact/orig-development/twrp-suzuran-twrp-3-0-t3334568 (I used "March 25, 2016 version") --> twrp-3.0-recovery.img
Download SuperSU v2.71 beta from https://download.chainfire.eu/932/SuperSU/BETA-SuperSU-v2.71-20160331103524.zip
With unlocked bootloader, you can now use fastboot mode. The easiest way is to do this from a running Android system:
adb reboot bootloader
Flash kernel:
unzip Z5C_AndroPlusKernel_v22c.zip
sudo fastboot flash boot boot.img
Flash recovery:
sudo fastboot flash recovery twrp-3.0-recovery.img
Install SuperSU:
boot into Android, copy BETA-SuperSU-v2.71-20160331103524.zip to internal storage (ADB sideload doesn't seem to work with this experimental TWRP at the moment...)
boot into TWRP by pressing volume-up when LED blinks immediately after turning on (and choose option "Keep Read Only" for the system partion)
Install SuperSU zip --> systemless mode
DEPRECATED Alternative 2: with modified system partition: http://forum.xda-developers.com/z5-...rnel-stock-kernel-dm-verity-sony-ric-t3350341
RECOMMENDED Alternative 3: with stock kernel patched for root and original system partition: http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Download rootkernel_V4.51_Windows_Linux.zip from URL above (or the newest version available at that time) and unpack
Patch the kernel from your currently flashed Sony firmware release:
Flashtool -> Tools -> SIN Editor to extract the kernel from kernel.sin in the directory created by XperiFirm --> .elf file
Copy latest SuperSU*.zip (v2.76 at the time of this last update) to the folder where rootkernel*.zip was extracted to.
Note: if using the firmware 32.2.A.0.224, you will need the latest beta SuperSU.zip from https://download.chainfire.eu/964/SuperSU/BETA-SuperSU-v2.74-2-20160519174328.zip . For 32.2.A.0.253 (the latest at the time of this update), use SuperSU v2.76 (non-beta).
./rootkernel.sh kernel.elf kernel-patched.elf
My personal recommendation for the options: don't disable RIC, install TWRP, don't install busybox, install DRM fix
sudo fastboot flash boot kernel-patched.elf
./flash_dk TA-02042016.img DK.ftf
Flash DK.ftf with flashtool for a more complete restore of DRM-based functionality with the original TA partition backup
UPDATED: Thanks to ninestarkoko for pointing out that also the AndroPlus kernel disables dm-verity to enable more flexibility for root-using apps. Originally I assumed that dm-verity would still be intact with alternative 1, which in fact it is not. As of 2016-05-11, I used alternative 3 instead of alternative 1.
Now that Xposed can be installed system-less (http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268), it should be possible to use with dm-verity intact. However, I have not tried this so far.
5. [Optional] Install Xposed
Sony MM firmware no longer seems to have the odex problem documented in http://forum.xda-developers.com/crossdevice-dev/sony/z4-z5-z5c-fix-camera-fc-installing-t3246962/, so no additional steps before/after "normally" installing Xposed are required
Download latest arm64 "sdk23" framework from http://dl-xda.xposed.info/framework/ (I used v81)
UPDATE: There is now a system-less version v86, which may even support OTA upgrades of the system image. At the time of this last update, I used the version linked from http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268.
Download XposedInstaller_3.0-alpha4.apk from http://forum.xda-developers.com/showthread.php?t=3034811 and install
UPDATE: For the system-less Xposed version, instead use XposedInstaller_by_dvdandroid.apk from http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268.
Install xposed-v86.1-sdk23-topjohnwu.zip via TWRP
6. Restore functionality relying on DRM credentials
Note: This is not necessary if you used alternative 3 for rooting above - that one already includes the DRM fix in the patched kernel image.
Using TWRP flashed in the step before, flash the ZIP to patch Sony credentials checks from http://forum.xda-developers.com/xperia-z5/development/sony-credentials-restore-unlocking-t3296383 .
Copy drmrestore.zip from above link to internal storage and install via TWRP
That's it!

Sorry, I have never been totally clear on the relationship of firmware and kernels. If I install .163 and go through all the root steps here, if I then install .185 will I no longer have root or will the kernel still be rooted? Or after I upgrade will I be required to go through the root process again? Or by chance is there just no root available for the .185 release yet? Thanks

I would like to make some observations to this useful post, because it seems there's a bit of confusion:
About point 2)
to backup TA partition, just connect the phone and run tabackup.bat from iovyroot zip .
It will execute adb commands automatically.
About point 3)
i would stick with Lollipop and unlock directly on Lollipop, there's no need to flash MM before. You need to flash a firmware using flashtool if you have already unlocked. Temporary root exploit does not alter in any way the current system.
About point 4)
All the modded kernels on xda seems to have dm-verity and sony ric disabled. Androplus kernel too ( https://kernel.andro.plus/kitakami_r2.html from the first changelog ). /system partition modification is also necessary for DRM restore functions.
I think that root priviledges for apps with DM-verity enabled on /system would be quite "dangerous". As soon as an app edit the system partition (just a simple mod), the phone would go in bootloop.
It's been one or two weeks since Tobias released a more advanced and updated technique to restore DRM functions, and just flashing a .zip is no more sufficient (now .zip flashing + .ftf flashing with flashtool)
The gold standard regarding the kernel part is:
-use a modded stock kernel (TWRP recovery and advanced DRM restore function included) following this guide:
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
-or use custom kernels like Androplus,... (TWRP might or might not be included) and then restore DRM functions following the instructions from the same post above (drmonly command from the package)
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Thank you for making a guide on Z5c forums. I've seen one only on z5 forums
Frontier3 said:
Sorry, I have never been totally clear on the relationship of firmware and kernels. If I install .163 and go through all the root steps here, if I then install .185 will I no longer have root or will the kernel still be rooted? Or after I upgrade will I be required to go through the root process again? Or by chance is there just no root available for the .185 release yet? Thanks
Click to expand...
Click to collapse
If you are on Lollipop, i suggest flashing directly MM .185 . If you are on MM .163 then flashing the whole firmware package will/could wipe everything, kernel included. I don't know exactly if the kernel from .163 is exactly the same as the one in .185. If your kernel gets wiped then root, DRM restore, TWRP would go away.
Let me explain: You need a modded kernel in order to install SuperSU, which gives root access to apps. SuperSU runs fine on many phones, Z5C MM included. If you upgrade using a .ftf file flashing, then the chance is high that you need to mod/install a custom kernel again, restore DRM functions and install SuperSU again.

If I root my phone, and then I turn it off and then on will the root still be usable?
What I'm asking is if its like iPhone's tethered and untethered jailbreaks?

I have rooted (unlocked bootloader), TWRP installed. How can I update to MM?
Many thanks for any help!

damn_son said:
If I root my phone, and then I turn it off and then on will the root still be usable?
What I'm asking is if its like iPhone's tethered and untethered jailbreaks?
Click to expand...
Click to collapse
Yes, it will be rooted, until you unroot!

Thanks for the tutorial.
Which region firmware should I choose for Canada? There's not even USA firmware available. Does it matter at all?

You mentioned using E5823_StoreFront_1299-6910_32.0.A.6.200_R2B to downgrade.
I'm currently on MM .185 Customized UK.
Does it matter what region I use?

fisheyes1 said:
You mentioned using E5823_StoreFront_1299-6910_32.0.A.6.200_R2B to downgrade.
I'm currently on MM .185 Customized UK.
Does it matter what region I use?
Click to expand...
Click to collapse
You'd have to go back to an exploitable firmware. Version working are mentioned here: http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
In the Z5c case E5823_StoreFront_1299-6910_32.0.A.6.200_R2B is the best solution IMO

ninestarkoko said:
I would like to make some observations to this useful post, because it seems there's a bit of confusion:
About point 2)
to backup TA partition, just connect the phone and run tabackup.bat from iovyroot zip .
It will execute adb commands automatically.
Click to expand...
Click to collapse
As I used Linux, the .bat script won't be directly applicable. The commands listed in my post will work with all host OS. (This is in addition to my personal disinclination to execute downloaded scripts directly on my development host .)
ninestarkoko said:
About point 3)
i would stick with Lollipop and unlock directly on Lollipop, there's no need to flash MM before. You need to flash a firmware using flashtool if you have already unlocked. Temporary root exploit does not alter in any way the current system.
Click to expand...
Click to collapse
Fully correct. I was already on MM before starting the whole process, so I had to go back to LL first.
ninestarkoko said:
About point 4)
All the modded kernels on xda seems to have dm-verity and sony ric disabled. Androplus kernel too ( https://kernel.andro.plus/kitakami_r2.html from the first changelog ). /system partition modification is also necessary for DRM restore functions.
I think that root priviledges for apps with DM-verity enabled on /system would be quite "dangerous". As soon as an app edit the system partition (just a simple mod), the phone would go in bootloop.
It's been one or two weeks since Tobias released a more advanced and updated technique to restore DRM functions, and just flashing a .zip is no more sufficient (now .zip flashing + .ftf flashing with flashtool)
The gold standard regarding the kernel part is:
-use a modded stock kernel (TWRP recovery and advanced DRM restore function included) following this guide:
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
-or use custom kernels like Androplus,... (TWRP might or might not be included) and then restore DRM functions following the instructions from the same post above (drmonly command from the package)
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Click to expand...
Click to collapse
Many thanks for that correction - I was wrong to assume that dm-verity would still be intact with Androplus kernel. I have updated my post accordingly.

Would have been good for me, to have boot and recovery bold. Just recalled the fastboot flash boot command to flash the recovery over
besides that: *****
sudo fastboot flash boot boot.img
Flash recovery:
sudo fastboot flash recovery twrp-3.0-recovery.img
Click to expand...
Click to collapse

smartphone-tester said:
As I used Linux, the .bat script won't be directly applicable. The commands listed in my post will work with all host OS. (This is in addition to my personal disinclination to execute downloaded scripts directly on my development host .)
Fully correct. I was already on MM before starting the whole process, so I had to go back to LL first.
Many thanks for that correction - I was wrong to assume that dm-verity would still be intact with Androplus kernel. I have updated my post accordingly.
Click to expand...
Click to collapse
Great to see updates to the first post, it will be useful for many new Z5c users out there

hi, im new z5c user
just received it and ill take this tuto for the root
thank you

Hey quick question, what exactly is stored in the DRM keys? I heard it's no longer the low-light camera stuff, so what is? If it's not too relevant isn't it just much easier to OEM unlock on MM, flash twrp and supersu (do you need the custom kernel to do so, btw?) and be done with it?

ApplepieFTW said:
Hey quick question, what exactly is stored in the DRM keys? I heard it's no longer the low-light camera stuff, so what is? If it's not too relevant isn't it just much easier to OEM unlock on MM, flash twrp and supersu (do you need the custom kernel to do so, btw?) and be done with it?
Click to expand...
Click to collapse
Some Sony-proprietary functions are dependent on the keys (e.g. low-light algorithms in the stock camera, seemingly also some screen optimizations, or potentially also stuff like screen mirroring - although I have not tried myself what is missing without real/fake DRM keys) as well as DRM management via Widevine. With the restore patches, you get most of the Sony functionality back even when the keys themselves have been deleted. Widevine might not work without the original keys available.

I just have a question cause I seem to be getting 0 answers elsewhere.
I want the latest lollipop on my Z5C and NOT Marshmallow. I believe it's the 32.0.A.6.200 build.
Anyway, I thought I could update to it like OTA, only not all the way to MM but staying at LP. Do I have to unlockbootloader, root and then use flashtool with the 32.0.A.6.200 build (which I've founda few online)? Is there no way to just install it like a "normal" update as I am currently still on stock 32.0.A.4.11. Is my only salvation to unlock bootloader, root and install the update?

You shouldn't have to unlock or root to use flash tool to flash 32.0.A.6. 200

Ive tried multiple different versions now, but it always stop at "Processing modem.sin", even tried leaving it for 20min. No results.
Anyone with a solution?
Edit: Also tried it on my macbook, same problem!
To clarify: Talking about downgrading to .200

It is not clear to me to try it and I doesnt want to brick my handy. Any way to make a video tutorial, including all, unlocking BL, backuk and restore DRM and also a way to turn back the device to a stock rom, for a warannty purposes (my camera is very very bad).
Thank you.

Sorry guys, but just to confirm: if I manage to successfully back up my TA partition, I can always go back and re-lock the boot loader, right? I am also skeptical about voiding warranty Sony speaks about on their corresponding web site. Do you think they save a record whenever someone requests an unlock code from them? In other words, if I need to restore stock ROM and TA partition later on (e.g. due to RMA), would it be possible for my vendor (Telekom) to check with Sony if I have ever unlocked my boot loader?
Many thanks for your great work!

Root Xperia Z5 Compact Android 6.01 (Tested and Working)

I rooted my phone following the guide from user "smartphone-tester". I wanted to update his post as there were 1 or 2 mistakes, and shorten in to make rooting seem a little less scary. His original post is here: http://forum.xda-developers.com/z5-compact/general/summary-tutorial-root-sony-xperia-z5-t3360515
STEP 1 Backup your device
Move everything you want to keep onto the SD card or your PC. Your phone will be completely wiped.
STEP 2 Downgrade to exploitable firmware release
2.1 Download XperiFirm from http://forum.xda-developers.com/crossdevice-dev/sony/pc-xperifirm-xperia-firmware-downloader-t2834142
2.2 In XperiFirm - download firmware build 32.0.A.6.200 with XperiaFirm (E5823_StoreFront_1299-6910_32.0.A.6.200_R2B)
2.3 Download flashtool from http://www.flashtool.net/index.php(get latest version)
2.4 In Flashtool - Create FTF file. Select Tools->Bundles->Create
2.5 In FlashTool - Flash the FTF in flashmode. Make sure to select the checkboxes under Wipe. (Takes 10 minutes)
STEP 3 TA / DRM Keys Backup and root current firmware
3.1 Download Ivy Root http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
3.2 Connect your phone in ADB mode, in a command window run:
adb push "root/iovyroot" "/data/local/tmp/iovyroot"
adb push "root/backup.sh" "/data/local/tmp/backup.sh"
open shell: adb shell
chmod 777 /data/local/tmp/iovyroot
chmod 777 /data/local/tmp/backup.sh
mkdir /data/local/tmp/tabackup
/data/local/tmp/iovyroot /data/local/tmp/backup.sh
exit
adb pull "/data/local/tmp/tabackup/"
STEP 4 UPGRADE TO LASTEST ANDROID (6.01)
4.1 In XperiFirm - download firmware 32.2.A.6.224 (get the build for your model, mine is E5823_Customized TW_1298-7315_32.2.A.0.224_R9C)
4.2 In Flashtool - create FTF file from E5823_Customized TW_1298-7315_32.2.A.0.224_R9C and flash in flashmode.
4.3 In your phones setting, under develop options - select "Enable OEM Unlock"
4.4 Unlock your bootloader by following these steps excactly :http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/
STEP 5 ROOT ANDROID 6.01
5.1 Download SuperSu 2.74 or greater. Copy the zip file onto your Z5 Compacts internal storage https://download.chainfire.eu/964/SuperSU/BETA-SuperSU-v2.74-2-20160519174328.zip
5.2 In Flashtool -> Tools -> SIN Editor , then extract the kernel from kernel.sin in the directory created by XperiFirm when you downloaded 32.2.A.6.224. It creates an .elf file
5.3 Download rootkernal tool from http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605 extract the zip into a folder, then copy the .elf file into the folder
5.4 In a cmd window go into your extracted rootkernal folder, run the command: rootkernel kernel.elf kernel-patched.elf
5.5 When rootkernel is running, select Disable Sony RIC, install TWRP, install busybox, install DRM fix
5.6 Put your phone into fastboot mode (Turn off phone, hold volume up and plug in USB)
5.7 Flash your patched Kernel to your phone with this command: fastboot flash boot kernel-patched.elf
5.8 Go Into TWRP(unplug usb, turn phone on, then keep hitting volume up until phone goes into TWRP)
5.9 Install SuperSu : Select Install, Select SuperSU zip --> systemless mode
STEP 6
6.1 Restart your Device and your done!
DRM KEYS: While we did make a backup for the TA partition containing the DRM keys, this tutorial did not explain how to restore that because in STEP 5 when patching the kernel we selected to use the DRM Fix. This DRM Fix should be good enough - as everything on my phone is working 100%, but should you ever need to restore your TA partition in the future you have your backup.

nice
you should make a video on how to do this (this is my 1st time rooting and i am completely lost)

I'm an occasional user of all those rooting methods. Here I'm fairly stuck at the Iovyroot step.
I was able to unlock bootload, to flashboot the thing, to even revert to 5.1.1, but then, at the Iovyroot step, I can no long see where to open the cmd. Even when I enter adb devices or android devices, nothing is shown. Although I changed the path in the variables.
I'm getting frustrated big time with the lack of user friendly infos on those tutos. Half of the stuff I had to search for third party tutos to understand how I should go to the next step. Please, help someone who doesn't have his translator on.
EDIT: Well, in the end I couldn't do the backup part, but I just did the rooting and the phone seems all good. Powerful and versatile tool in my pocket, I'm pretty satisfied. Thank you for the tuto, be more user friendly though next time. Some people come here with little knowledge, they need to find their way properly.

Why so many steps when all you have to do is unlock the bootloader, flash twrp and that's it? I rooted on lollipop so I'm confused where it git so complicated.

civicsr2cool said:
Why so many steps when all you have to do is unlock the bootloader, flash twrp and that's it? I rooted on lollipop so I'm confused where it git so complicated.
Click to expand...
Click to collapse
The tutorial covers backing up the TA partition that holds the Sony DRM stuff that's used by the camera (and maybe some other stuff).
This is "just in case" the DRM work around stops working, or if something in the future requires the actual TA partition to have the data there.
If you don't care about anything that is affected by the DRM stuff and don't care that not having a backup could prove to be detrimental in the future, you do only need the few steps of 1) unlock bootloader, 2) flash twrp, 3) flash supersu.

what are those step exactly (sorry new to this)
---------- Post added at 03:47 PM ---------- Previous post was at 03:31 PM ----------
I am stuck on "2.5 In FlashTool - Flash the FTF in flashmode. Make sure to select the checkboxes under Wipe. (Takes 10 minutes)" all i get is a window with source folder, device, branding, version. and I don't see the word wipe at all

greenkabbage said:
The tutorial covers backing up the TA partition that holds the Sony DRM stuff that's used by the camera (and maybe some other stuff).
This is "just in case" the DRM work around stops working, or if something in the future requires the actual TA partition to have the data there.
If you don't care about anything that is affected by the DRM stuff and don't care that not having a backup could prove to be detrimental in the future, you do only need the few steps of 1) unlock bootloader, 2) flash twrp, 3) flash supersu.
Click to expand...
Click to collapse
Gotcha. I see no reason to worry about backing up ta, the fix has been working for nearly 7 months and no reported troubles

ISO_Metric said:
you should make a video on how to do this (this is my 1st time rooting and i am completely lost)
Click to expand...
Click to collapse
If this rooting turortial is too difficult try this: http://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294
With this app, you can fully debloat your phone on a completely stock firmware, locked bootloader etc. Because its your phone is not rooted though, you cannot get Xposed framework or CM13, or other advanced stuff - but for those of us who wanted root just to clean up our devices - this method is definitly the best!

1|[email protected]:/ $ /data/local/tmp/iovyroot /data/local/tmp/backup.sh
iovyroot by zxz0O0
poc by idler1984
Error: Device not supported
Someone knows ho to solve this error in step 3.2? Thank you in advance for the help

can I do this tutorial with 32.0.A.6.152 in step 2 and 32.2.A.0.256 in step 5 ?

sheraro said:
can I do this tutorial with 32.0.A.6.152 in step 2 and 32.2.A.0.256 in step 5 ?
Click to expand...
Click to collapse
There is a .256 firmware?

flopower1996 said:
There is a .256 firmware?
Click to expand...
Click to collapse
sorry .253 , I found that iovyroot works only with .200 for E5823 so never mind

Hi all, sorry for the dumb question, but is there any hope for a root without the bootloader unlocked?

gabbodj95 said:
Hi all, sorry for the dumb question, but is there any hope for a root without the bootloader unlocked?
Click to expand...
Click to collapse
No

Thank you
Hi @Dean F , I appreciate your effort to simplify the steps here as it's a bit messy from the original post.
I've been rooting from Xperia Ray to Xperia Z1 but Z5 have been very challenging for me probably due to the lack of understanding from "How to root post" before you actually made this one.
Thank you my friend :good:

Pardon me for being an idiot

Hello Dean F!
Thanks for this tutoial. But before I'll try this, I have two quetions:
1) How do I use your steps WITH restoring the backuped TA-partition?
2) Is the descriped process also usable with a Xperia Z3 Tablet?
Thanks and greetings from GErmany
"klausstoertebeker"

hi,
i cannot download 32.0.A.6.200_R2B from XperiFirm,
"unable to read data from the transport connection: The connection was closed."
i tried like 10 times, and always same i cannot download until done,
are you or member in here know where i can download firmware 32.0.A.6.200_R2B (E5803) for unlock and rooting my phone?
thankyou very much
nb: sorry for my bad english.

bintangsofyan said:
hi,
i cannot download 32.0.A.6.200_R2B from XperiFirm,
"unable to read data from the transport connection: The connection was closed."
i tried like 10 times, and always same i cannot download until done,
are you or member in here know where i can download firmware 32.0.A.6.200_R2B (E5803) for unlock and rooting my phone?
thankyou very much
nb: sorry for my bad english.
Click to expand...
Click to collapse
Hi, you should download the AU Telstra. That's the only working one for that firmware. You can check the firmware of AU Telstra to double confirm if it's the right firmware.

How to root 32.0.A.6.200 please?

DRM and custom kernel

Hi all,
I have two questions:
1 What data is being stored in the drm-protected partition on the xc? I know that it was (among othets) camera related stuff on the z5c. Do I need to worry about just unlocking the bootloader without doing a tedious backup process (for which there's only good documentation for the z5c anyway)?
Do I need a custom kernel if I want to flash twrp after unlocking my bootloader? Or is update to latest software > unlock bootloader > fastboot flash recovery.img ?
Thanks a lot!

ApplepieFTW said:
1 What data is being stored in the drm-protected partition on the xc? I know that it was (among othets) camera related stuff on the z5c. Do I need to worry about just unlocking the bootloader without doing a tedious backup process (for which there's only good documentation for the z5c anyway)?
Click to expand...
Click to collapse
Only the keys to unlock the functions are stored there. So yeah, without the DRM-patch or DRM-fix there's no denoising on the camera etc. You don't have to backup the keys get full camera functionality back, check the thread from next answer.
ApplepieFTW said:
Do I need a custom kernel if I want to flash twrp after unlocking my bootloader? Or is update to latest software > unlock bootloader > fastboot flash recovery.img ?
Click to expand...
Click to collapse
If you want to go to Nougat (Android 7), check the steps here:
https://forum.xda-developers.com/showpost.php?p=70657390&postcount=60
You can just skip the TA keys flashing part as it's a bit complicated, but I would recommend doing the backup so that you can restore the phone to factory settings in case you need to use the warranty services.
Me personally I'm sticking with Android 6 as I can't imagine using any new phone without XPrivacy.

1. you will loose the same functions x-reality, denoise, all that 'special' sony stuff.
2. you can flash twrp with stock kernel.
you need to be on MM to backup the TA partition (device key) but if you are on MM a backup will take less than 2 mins and all you need is click a icon, you can also use the latest version of flashtool to back it up. but yeah if you upgraded to nougat the downgrade is a bit tedious. :/

realtuxen said:
1. you will loose the same functions x-reality, denoise, all that 'special' sony stuff.
2. you can flash twrp with stock kernel.
you need to be on MM to backup the TA partition (device key) but if you are on MM a backup will take less than 2 mins and all you need is click a icon, you can also use the latest version of flashtool to back it up. but yeah if you upgraded to nougat the downgrade is a bit tedious. :/
Click to expand...
Click to collapse
Alright thanks! It's nice that I don't have to flash the kernel since iirc that's the only way you can actually break things.
I also discovered the easy dirtycow backup, I definitely didn't want to go through the z5c backup process. Let's hope the xc I'm going to buy isn't on 7.x yet