Database Users

[Guide] Safe bootloader unlock, restore DRM, custom recovery, root, bootloader relock

** DISCLAIMER: I AM NOT A DEV AND THIS IS MY HOBBY. I ASSUME NO RESPONSIBILITY IF THIS BREAKS YOUR DEVICE **​The following is tested on model SGP-771. For Wifi-only model the procedure is the same but you should use the files and kernels for the Wifi model. Do not flash the ftf and kernel files intended for the cellular model on a Wifi-only tablet.​I am not taking credit for any of the tools and kernels here. They are all developed by others. I am only telling you how to use them.
Credits: @zxz0O0, @AndroPlus, @tobias.waldvogel
0- Prerequisites
You need to have a functioning installation of adb and fastboot tools. You need to have proper Sony drivers installed on your PC to detect your tablet when it is connected to the PC. You should be able to flash an ftf file using flashtool. If any of these sound unfamiliar to you, stop reading, go learn about them, and then come back.
1- How to unlock your bootloader without losing the DRM keys
Sony has designed this tablet such that if you unlock your bootloader you lose your TA partition PERMANENTLY which includes some of the Xperia features and licenses that have to do with image processing etc. forever. You will also no longer receive OTAs. So in theory, without a copy of this TA partition (which is unique to each tablet and cannot be copied over from another tablet) unlocking the bootloader results in an irreversible loss of some of your tablet's features. Relocking the bootloader will not bring them back.
A hack exists that allows you to backup the TA partition before you unlock the bootloader. This backup will make the process completely reversible so if you ever need to send the tablet to Sony for repair or just want to return it to its original state you have a way. Follow these instructions carefully:
1.0- Before you begin keep in mind that this procedure, especially the unlocking step, completely erases your tablet. Disable myXperia and remove your google account before proceeding. The following will likely not work well with encryption.
1.1- Start by clean flashing any 28.0.A.8.260 firmware, For this tutorial I used SGP771_Customized HK_1296-4830_28.0.A.8.260_R10A. You can download it from https://mega.nz/#!YsUWwY5Y!0775_vLpjV9-UkoGjMWP6-Yu8L31LkJVHEyUwA7X9NA. For the wifi only model SGP712 use
https://mega.nz/#!wlIl0JDa!DR0lRL6dDn5Y-K_4768oJnLGWQyrxNV0xLHgKVVesFw (thanks to @kuroneko007)
1.2- Enter service Mode by dialing *#*#7378423#*#* -> Service info -> configuration, and make sure the device is unlockable. (To access service menu on SGP712 (Wi-Fi only model) see: http://forum.xda-developers.com/showpost.php?p=66164176&postcount=5) Also check -> Service Tests -> Security and you will see a bunch of "active" and "OK" attributes. You can take screenshots for your reference.
1.3- Turn on usb debugging mode on your tablet.
1.4- Download iovyroot zip v0.4 or higher from here.
1.5- Unzip this zip file into a folder of your choice and open a command terminal there.
1.6- Connect the tablet which is now in USB debugging mode to your PC and answer yes when it asks to authorize the PC to access the tablet in USB debugging mode. You can check that the PC indeed sees the tablet by running this command
Code:
adb devices
1.7- Run the following command:
Code:
tabackup
1.8- VERY IMPORTANT: Make sure the command completes with no errors. If all goes well you will have a file with a name like TA-07102015.img (the name may be different for you) with a size of 2MB in your folder.
1.9- Save this file in a very safe place. Save it on your hard disk, AND email it to yourself, AND put it on your google drive. If you lose this file you can never reverse the bootloader unlocking process.
1.10- Reboot the device.
1.11- Now you can unlock the bootloader. Follow the instructions at Sony's official website at http://developer.sonymobile.com/unlockbootloader Also save your unlock code that you obtain in this step somewhere. You may need it some day.
1.12- Reboot the device and it will briefly enter recovery and then start the tablet initial setup.
1.13- (Optional) you can easily verify that your bootloader is unlocked by entering the fastboot mode, obtaining any boot image, and running the following command to boot your tablet with that image:
Code:
fastboot boot boot.img
1.14- (Optional) you can see that the DRM keys are erased from your tablet by repeating step 1.2 but this time you will see a bunch of errors under Service Tests -> Security.
1.15- As a side effect of unlocking the bootloader you lose the ability to receive OTA updates. Clean flash a Marshmallow ftf to continue. For this tutorial I used Marshmallow 6.0 SGP771_Customized DE_1295-6955_32.1.A.1.185_R4C (the latest firmware at the time of this writing.)
2- How to emulate DRM keys and/or root after unlocking the bootloader.
A hack exists that can emulate the DRM keys:
2.1- Obtain a kernel boot image. If you want to stick with the stock kernel you need to extract kernel.elf from the ftf that you flashed in step 1.15. If you want a custom kernel you can download one from https://kernel.andro.plus/kitakami.html Note that whatever kernel you are using in this step must match the firmware version currently installed on your system. For this example I downloaded Z4T_SGP771_AndroPlusKernel_v27.zip and extracted the boot.img file from the zip, which matches Marshmallow 32.1.A.1.185.
2.2- Download rootkernel_v4.42_Windows_Linux.zip (or a higher version) from http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605 and unzip it in a folder of your choice.
2.3- Copy the kernel (e.g. boot.img) to this folder. If you want root, place SuperSU 2.71 (or higher) in this folder as well. Make sure the name of the SuperSU zip starts with letters "SuperSU". The latest SuperSU can be obtained from: http://forum.xda-developers.com/apps/supersu/2014-09-02-supersu-v2-05-t2868133
2.4- Open a command terminal in this folder and run the rootkernel script. Your command should look similar to this:
Code:
rootkernel.cmd boot.img boot-patched.img
When prompted, answer as follows:
- Sony RIC is enabled. Disable? [Y/n] Y
- Install TWRP recovery? [Y/n] N
- Found SuperSU-v2.71-20160331103524.zip. Install? [Y/n] Y (if you want root)
- Install DRM fix? [Y/n] Y (if you want DRM emulation)​This will create a new kernel image called boot-patched.img which you will now flash on your tablet.
2.5- Boot the tablet in the fastboot mode and flash your patched image using the following fastboot command:
Code:
fastboot flash boot boot-patched.img
2.6- (Optional) You can reboot the tablet and see that the DRM keys are indeed retrieved by repeating step 1.2. You can also open settings -> display, and look under Image Enhancement. If the DRM emulation is succesfull you will see this but if it hasn't been successful you will see this.
3- How to flash a custom or stock kernel
3.1- Whether you want to use a custom kernel or stock, and whether you have done the DRM patch described above or not, to flash it on your tablet you need to restart the tablet in fastboot mode.
3.2- To flash the kernel use this command:
Code:
fastboot flash boot [I]name_of_your_kernel[/I]
You will replace name_of_your_kernel with whatever your kernel is called (e.g. boot.img, kernel.elf, etc.)
4- How to flash recovery
4.0- To install TWRP recovery you need to flash AndroPlus kernel first (see sections 2.1 and 3).
4.1- Download a TWRP image from the same webpage. For this tutorial I used TWRP-3.0.2-0-20160417.img.
4.2- Reboot into fastboot mode and run this command:
Code:
fastboot flash recovery TWRP-3.0.2-0-20160417.img
4.3- Reboot the tablet. To enter recovery touch the volume keys when the LED turns yellow during the boot splash screen.
5- How to relock bootloader and return it to original factory state
5.0- To relock the bootloader along with restoring the DRM keys the tablet must have unmodified stock firmware.
5.1- Repeat step 1.1
5.2- Repeat steps 1.3, 1.4, and 1.5
5.3- Copy the TA backup image that you had obtained in section 1 in the iovyroot folder and use the tarestore command to flash the TA partition back onto the tablet. The command will look similar to this:
Code:
tarestore TA-07102015.img
Make sure the command completes with no error. If it fails the first time try again. Reboot the tablet. Your bootloader is now locked and your DRM keys restored.
5.4- (Optional) You can verify that you are back to the original locked state by repeating step 1.2.

Reserved
For FAQ, etc.

Thanks for this great guide.
My question is this. Since it would be easier to avoid all this, can this tool help us do it without having to downgrade?
http://www.xda-developers.com/chainfires-flashfire-can-now-create-fastboot-flashable-backups/
I mean would it also backup the DRM keys? Has anyone tried (preferably with a TA backup already in place so that he may not lose the keys in case that this won't work)...

Stevethegreat said:
Thanks for this great guide.
My question is this. Since it would be easier to avoid all this, can this tool help us do it without having to downgrade?
http://www.xda-developers.com/chainfires-flashfire-can-now-create-fastboot-flashable-backups/
I mean would it also backup the DRM keys? Has anyone tried (preferably with a TA backup already in place so that he may not lose the keys in case that this won't work)...
Click to expand...
Click to collapse
No. This tool cannot help you and trust me there is no shortcut to avoid all of this.
Flashfire (the tool you mentioned) only works if you already have root access. There is no root available for this tablet without unlocking the bootloader, and unlocking the bootloader means you lose the TA partition immediately. So by the time you get this tool to work your TA partition will have been long erased.

Hi. Does this solution suit only for people who have not erased drm keys yet and are be able to backup it? For those who lost, no up-to-date solution except for that http://forum.xda-developers.com/xperia-z5/development/sony-credentials-restore-unlocking-t3296383 ?

Correct.

Not understand step:
1.1- Start by clean flashing any 28.0.A.8.260 firmware
without this step temporary root not work...
But how flash firmware if device has still locked bootloader? What tool using for this step?

mrdarek said:
Not understand step:
1.1- Start by clean flashing any 28.0.A.8.260 firmware
without this step temporary root not work...
But how flash firmware if device has still locked bootloader? What tool using for this step?
Click to expand...
Click to collapse
You can download a tool called flashtool from http://www.flashtool.net/index.php and flash an unmodified ftf firmware. Because the firmware is unmodified the bootloader doesn't have to be unlocked. Many tutorials are available on xda and elsewhere about using this tool, which you can find by doing a Google search. As I said in the prerequisite section, "You should be able to flash an ftf file using flashtool. "

anybody successfully tried this guide?

I learned how flash and succesfully do my first flash.
Currently I have problem with iovyroot
It always say
Error: Device not supported
rm: /data/local/tmp/tabackup/TA-*.img: No such file or directory
My current software is:
SGP771_28.0.A.8.251_R15A_UK Generic_1295-4697
and it earlier then december 2015 like need iovyroot
I can't find software *.260 like in guide, I don't know if this created that problem...
Maybe najoor version work because it was "customized" - it mean - with patched kernel. But if locked bootloader allow me flash customized firmware?

mrdarek said:
I learned how flash and succesfully do my first flash.
Currently I have problem with iovyroot
It always say
Error: Device not supported
rm: /data/local/tmp/tabackup/TA-*.img: No such file or directory
My current software is:
SGP771_28.0.A.8.251_R15A_UK Generic_1295-4697
and it earlier then december 2015 like need iovyroot
I can't find software *.260 like in guide, I don't know if this created that problem...
Maybe najoor version work because it was "customized" - it mean - with patched kernel. But if locked bootloader allow me flash customized firmware?
Click to expand...
Click to collapse
As you said it, the problem was that you didn't flash the 260 version, not that it wasn't customized.
If you can't find the right version I upload it and post a link in the OP. It takes a little time so check this thread again in about 5 hours.

I found "260" firmware and magically all start work . I finished all job and have now root and recovery .
It worth add tips about fastboot - you can check connection by command but also you can see - if LED on device is blue - connection in fastboot work (if not - try again)
My last question is about how check that DRM emulation work - under security after phone code is still errors. I 100% patched kernel and flash it properly.
Thanks for tutorial and support
Something just not work... Someone can check sizes ?:
boot.img - original kernel androplus 2.5: 17 756 160
andropatched.img - patched with my drm keys: 17 760 256
keys: 2 097 152

mrdarek said:
I found "260" firmware and magically all start work . I finished all job and have now root and recovery .
It worth add tips about fastboot - you can check connection by command but also you can see - if LED on device is blue - connection in fastboot work (if not - try again)
My last question is about how check that DRM emulation work - under security after phone code is still errors. I 100% patched kernel and flash it properly.
Thanks for tutorial and support
Something just not work... Someone can check sizes ?:
boot.img - original kernel androplus 2.5: 17 756 160
andropatched.img - patched with my drm keys: 17 760 256
keys: 2 097 152
Click to expand...
Click to collapse
The sizes sound about right. What errors are you getting?
You can try to relock the bootloader using the instructions and see if your TA backup works. If that works then we can see why the kernel is patched correctly.

Hi - I succesfully restored bootloader (=locked it, and no errors in service) - so I'm sure - my keys are OK. It was very hard - 3x flash, 3 x try use restore (still was errors), and at last success!!!
Now all procedure again, almost from start - but I also more try if need - I send info tomorrow
---------------------------------------
Hmmm not work... Tested original marsmallow germany kernel and androkernel 2.4. Image test described in step 2.6 fail
Under security is: Blobs : generic error!
HUK: generic error!
Flashed kernels names are properly recognized under settings. root work. I not have idea where is bug. It must be during creating andropatched image - but no errors here:
C:\rootkit>drmonly boot.img andropatched.img TA-07102015.img
- Unpacking kernel
Found android boot image
Kernel version: 3.10.84
- Detected vendor: somc (Sony), device: karin, variant: row
- Unpacking initramfs
- Detected platform: 64-bit
- Detected Android version: 6.0
- Skipping drmfix. Unsuppported/untested for model karin
- Creating new initramfs
- Creating boot image
- Cleaning up
Done
C:\rootkit>
--------------------Maybe that line is wrong!!!!!!!!
Skipping drmfix. Unsuppported/untested for model karin
but how fix it?

mrdarek said:
Hi - I succesfully restored bootloader (=locked it, and no errors in service) - so I'm sure - my keys are OK. It was very hard - 3x flash, 3 x try use restore (still was errors), and at last success!!!
Now all procedure again, almost from start - but I also more try if need - I send info tomorrow
---------------------------------------
Hmmm not work... Tested original marsmallow germany kernel and androkernel 2.4. Image test described in step 2.6 fail
Under security is: Blobs : generic error!
HUK: generic error!
Flashed kernels names are properly recognized under settings. root work. I not have idea where is bug. It must be during creating andropatched image - but no errors here:
C:\rootkit>drmonly boot.img andropatched.img TA-07102015.img
- Unpacking kernel
Found android boot image
Kernel version: 3.10.84
- Detected vendor: somc (Sony), device: karin, variant: row
- Unpacking initramfs
- Detected platform: 64-bit
- Detected Android version: 6.0
- Skipping drmfix. Unsuppported/untested for model karin
- Creating new initramfs
- Creating boot image
- Cleaning up
Done
C:\rootkit>
--------------------Maybe that line is wrong!!!!!!!!
Skipping drmfix. Unsuppported/untested for model karin
but how fix it?
Click to expand...
Click to collapse
You need to follow the instructions to the letter:
1- flash the esaxt same firmware that you made the TA backup with.
2- Restore TA backup.
I guarantee you it will work or l will help you debug it.

Not very understand. It was done. TA backup was done with "260" firmware. I'm able lock that firmware again, so it work. but it only lollipop, can't go into marshmallow from it.
Goal is: marshmallow with root twrp and drm. How achieve it?
I see - I have new device version (karin) so (hopefully) temporary this solution not work for me. I can have only marshmallow with root and twrp (no DRM) or marshmallow with DRM (no root and twrp). I must wait as developers support my device, and keep my keys in safe place to that time.

mrdarek said:
Goal is: marshmallow with root twrp and drm. How achieve it?
Click to expand...
Click to collapse
mrdarek said:
Tested original marsmallow germany kernel and androkernel 2.4. Image test described in step 2.6 fail
...
Flashed kernels names are properly recognized under settings. root work. I not have idea where is bug. It must be during creating andropatched image - but no errors here:
...
C:\rootkit>drmonly boot.img andropatched.img TA-07102015.img
...
- Skipping drmfix. Unsuppported/untested for model karin
...
Click to expand...
Click to collapse
OK, I see what is going on.
When I use drmonly script version 4.24 I get the following:
Code:
C:\Users\najoor\Desktop\rootkernel_v4.24_Windows_Linux>drmonly.cmd boot.img test.img TA-07102015.img
- Unpacking kernel
Found android boot image
- Unpacking initramfs
- 64-bit platfrom detected
- Configuring secd
- Configuring wvkbd
- Configuring drmserver
- Creating new initramfs
- Creating boot image
- Cleaning up
Done
But if I use version 4.31:
Code:
C:\Users\shervin\Desktop\working\Download\rootkernel_v4.31_Windows_Linux>drmonly
.cmd boot.img x.img TA-07102015.img
- Unpacking kernel
Found android boot image
Kernel version: 3.10.84
- Detected vendor: somc (Sony), device: karin, variant: row
- Unpacking initramfs
- Detected platform: 64-bit
- Detected Android version: 6.0
- Skipping drmfix. Unsuppported/untested for model karin
- Creating new initramfs
- Creating boot image
- Cleaning up
Done
I have no idea why @tobias.waldvogel decided to remove the support for Tablet Z4 in the latest version of the drmonly script, but I can see that the DRM works fine with the old version.
I do not have persmission from @tobias.waldvogel to post the older version of his script here so you have to ask him to either add support in the new version or give you the older version.

Thanks - so now I see where is problem. I try contact with author.
Heh - I send PM him but it was my fault [added: it not totally fault - Tobias work on new version and soon we should have new working utility for all ]
I'm enough clever to modify script in 5 minutes (it txt ), and enough stupid to flash it immediately. Now I have....
rooted marshmallow with DRM KEY and TWRP - job finished
To finish job I disabled in settings auto-update, because now it start possible

FAILED <remote dtb not found>
Unlocked the bootloader and successfully retrieved TA partion with SGP771_28.0.A.8.260 , installed stock 32.1.A.1.185, tablet runs fine without problems.
Retrieving the boot.img from Z4T_SGP771_AndroPlusKernel_v27 for my SGP771 device and running
Code:
fastboot boot boot.img
gives
downloading 'boot.img' ...
OKAY [ 0.347s]
booting ....
FAILED <remote: dtb not found>
Click to expand...
Click to collapse
This happens even with the 32.1.A.1.185 stock boot.img. Tried on Kubuntu 16.04 and WIN7. Same result. When I flash
the AndroPlusKernel_v27 boot.img,
Code:
fastboot flash boot boot.img
finishes without errors and tablet does not boot any more but -thanks God- fastboot mode still functioning.
I am lost. Can not root my tablet . Any clues?
---------- Post added at 04:14 PM ---------- Previous post was at 03:41 PM ----------
Sorry, correction:
first retrieved TA partion, then unlocked bootloader.

Hybel1507 said:
Unlocked the bootloader and successfully retrieved TA partion with SGP771_28.0.A.8.260 , installed stock 32.1.A.1.185, tablet runs fine without problems.
Retrieving the boot.img from Z4T_SGP771_AndroPlusKernel_v27 for my SGP771 device and running
Code:
fastboot boot boot.img
gives
This happens even with the 32.1.A.1.185 stock boot.img. Tried on Kubuntu 16.04 and WIN7. Same result. When I flash
the AndroPlusKernel_v27 boot.img,
Code:
fastboot flash boot boot.img
finishes without errors and tablet does not boot any more but -thanks God- fastboot mode still functioning.
I am lost. Can not root my tablet . Any clues?
---------- Post added at 04:14 PM ---------- Previous post was at 03:41 PM ----------
Sorry, correction:
first retrieved TA partion, then unlocked bootloader.
Click to expand...
Click to collapse
Please follow the following steps exactly and let me know in what step things fail. If you do not provide detailed information I will not be able to help you.
1- Clean flash a 185 ftf and make sure system boots fine.
2- extract the kernel.elf from the ftf and I use fastboot to see if you can boot using fastboot with this kernel.
3- extract boot.img from AndroPlusKernel_v27 and see if you can use fastboot to boot with this image.
4- use the procedure in the OP to patch AndroPlus kernel and see if you can use fastboot to boot with this image.
5- flash this image using fastboot to see if the system boots fine.

[FTF][Android 7.1.1][ROOT][R/W][32.4.A.1.54] E68xx + Patched Kernels (Google Drive)

So many LEECHERS exist, It's not hard to press a button..
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Hi xda users,
I am very pleased to present LATEST NOUGAT FTFs Google Drive Mirror, Patched Kernels and TWRP .
I spend lots of time and bandwidth for you, so please hit Thanks :fingers-crossed: button and comment below..
Bootloader LOCKED Devices
-Just follow 1 to 14 steps
Bootloader UN-LOCKED Devices
-Just follow 1 to 30 steps
Google Drive Mirror File List
-7.1.1 (32.4.A.1.54) FTFs (E6833, E6853, E6883)
-Patched Kernels
-TWRP 3.1.1.0 thanks to @kv123
-ROOT Methods (SuperSU, phh and Magisk)
-Flashtool, Flashtool-drivers (0.9.23.2)
Click this for List view
Patched Kernel Specifications
sony-ric
dm-verity
drm-fix
busybox-1.26.2
fully /system read&write access
If r/w didn't work for you, please do that. It will be fixed.
1.Install Termux on Play Store.
2.Write "su" command and give root access.
3.Then write this
Code:
echo 0 > /sys/kernel/security/sony_ric/enable
4.Lastly write this
Code:
busybox mount -o rw,remount,rw /system
Done
Step by Step Installation
Summary
Install Flashtool & Drivers
Flash FTF
Flash Patched Kernel & TWRP
Flash ROOT
Detailed
1-) Install flashtool-0.9.23.1-windows.exe
2-) Copy x10flasher.jar file into "C:\Flashtool", open Flashtool wait until process done then quit program.
3-) Disable "Driver Signature Verification"
Windows 7 : Tap F8 while booting and select required option
Windows 8, 8.1, 10 : Read This Instructions
4-) Install Flashtool-drivers.exe (flashmode, fastboot, z5p)
5-) Copy FTF file into "C:\Users\YOUR PC NAME\.flashTool\firmwares"
6-) Backup your Photos & Videos & Musics etc. on Internal Memory to SDCard or PC
7-) Shutdown your phone
Open Flashtool (x32 suggested)
9-) Click Flash button (top left) then Ok button, select FTF on left side
10-) Select ALL wipe options, no NEED Misc TA for every flash (SKIP this, if you want to just UPDATE and keep data)
11-) Click Flash button, wait 1 minute (you will see an info)
12-) Push VOLUME DOWN button, then connect phone to pc (green led)
13-) When flashing done, disconnect and boot-up your phone, complete setup wizard (required)
14-) If you want to use Patched Kernel or ROOT your phone then continue otherwise flashing FTF process done
You have to BL Unlocked device to continue..
15-) Shutdown your phone
16-) Push VOLUME UP button, then connect phone to pc (blue led)
17-) Copy 32.4.A.1.54_E68XX.img and twrp_recovery.img file into "C:\Flashtool\x10flasher_lib"
1 Open "C:\Flashtool\x10flasher_lib" folder
19-) Then press LEFT SHIFT and click mouse right button into this folder
20-) Then press Open command window here option
21-) Then type this code into cmd (xx your model)
Code:
fastboot.exe flash [COLOR="red"]boot[/COLOR] 32.4.A.1.54_E68[COLOR="red"]xx[/COLOR].img
then restart your phone..
fastboot.exe flash [COLOR="red"]recovery[/COLOR] twrp_recovery.img
then restart your phone..
22-) Disconnect your phone and boot-up (required)
23-) If you want to ROOT your phone then continue otherwise flashing Patched Kernel process done
24-) Put ROOT files into Internal Memory
SuperSU - Most common root solution
phh's Superuser - I think best root solution
Magisk - Module solution & It has built-in phh root solution
25-) Boot-up your phone into TWRP
-TWRP : Volume DOWN + Power
26-) If you want to use SuperSU, just flash zip and reboot
27-) If you want to use phh, just flash zip and reboot You have to install "me.phh.superuser.apk"
Latest Magisk
Latest Magisk Uninstaller
2 If you want to use SuperSU & Magisk, flash SuperSU first then Magisk then Install Magisk Manager
29-) If you want to use Magisk, flash latest Magisk then Install Magisk Manager
30-) Have fun :fingers-crossed:
You can delete ALL System Apps with System App Remover ROOT APP

I got so many messages on PM, so I decided to prepare FTFs and Patched Kernel for Z5 Premium.
Have fun :fingers-crossed:

After do this:
fastboot.exe flash boot 32.4.A.1.54_E68xx.img
fastboot.exe flash recovery twrp_recovery.img
I turn on phone, and it boot to TWRP now, then i install superSU Zip and done, but when i restart again, it still boot to TWRP. What is happen? and how to fix that.
Tks,

thanks for share friend

without bugs?

dnak47 said:
After do this:
fastboot.exe flash boot 32.4.A.1.54_E68xx.img
fastboot.exe flash recovery twrp_recovery.img
I turn on phone, and it boot to TWRP now, then i install superSU Zip and done, but when i restart again, it still boot to TWRP. What is happen? and how to fix that.
Tks,
Click to expand...
Click to collapse
You have to restart phone before doing a new thing. Use magisk..

So wait, the locked bootloader part, flashing that ftf, does it have anything different or any of the stuff u stated above or is it just stock ftf?
Ooh ok it's stock ftf, kinda confusing lol

sceryavuz said:
You have to restart phone before doing a new thing. Use magisk..
Click to expand...
Click to collapse
I try again, step by step. And now it is ok. Thanks.

Step 9. It doesn't show any FTF file that I can select. Tried it on Windows 10, Sony Xperia Z5 Premium E6853, 32.4.A.1.54. Any idea?

I would like to ask in which step should we go straight if the phone is already updated OTA to 32.4.A.1.54 and the bootloader is unlocked.
Thank you!

thanks

sceryavuz said:
I got so many messages on PM, so I decided to prepare FTFs and Patched Kernel for Z5 Premium.
Have fun :fingers-crossed:
Click to expand...
Click to collapse
Hello dude, i have a question, this root is with Energy Aware Scheduling (EAS)? And i have sony xperia z5 premium with android 7.1.1 system, never change rom (in this phone) and don't know if is blocked or not, this root is only for the system and however don't lost my files from my phone?
However with this mod there is energy battery life improved with display active?
Thanks much!

Kernal
How do developers modify the kernel for xperia z5 devices?

So, if I have a locked bootloader (unlock allowed - No) I follow steps 1-14 and it gives me root?
Am I right?

sceryavuz said:
So many LEECHERS exist, It's not hard to press a button..
Hi xda users,
I am very pleased to present LATEST NOUGAT FTFs Google Drive Mirror, Patched Kernels and TWRP .
I spend lots of time and bandwidth for you, so please hit Thanks :fingers-crossed: button and comment below..
Bootloader LOCKED Devices
-Just follow 1 to 14 steps
Bootloader UN-LOCKED Devices
-Just follow 1 to 30 steps
Google Drive Mirror File List
-7.1.1 (32.4.A.1.54) FTFs (E6833, E6853, E6883)
-Patched Kernels
-TWRP 3.1.1.0 thanks to @kv123
-ROOT Methods (SuperSU, phh and Magisk)
-Flashtool, Flashtool-drivers (0.9.23.2)
Click this for List view
Patched Kernel Specifications
sony-ric
dm-verity
drm-fix
busybox-1.26.2
fully /system read&write access
If r/w didn't work for you, please do that. It will be fixed.
1.Install Termux on Play Store.
2.Write "su" command and give root access.
3.Then write this
Code:
echo 0 > /sys/kernel/security/sony_ric/enable
4.Lastly write this
Code:
busybox mount -o rw,remount,rw /system
Done
Step by Step Installation
Summary
Install Flashtool & Drivers
Flash FTF
Flash Patched Kernel & TWRP
Flash ROOT
Detailed
1-) Install flashtool-0.9.23.1-windows.exe
2-) Copy x10flasher.jar file into "C:\Flashtool", open Flashtool wait until process done then quit program.
3-) Disable "Driver Signature Verification"
Windows 7 : Tap F8 while booting and select required option
Windows 8, 8.1, 10 : Read This Instructions
4-) Install Flashtool-drivers.exe (flashmode, fastboot, z5p)
5-) Copy FTF file into "C:\Users\YOUR PC NAME\.flashTool\firmwares"
6-) Backup your Photos & Videos & Musics etc. on Internal Memory to SDCard or PC
7-) Shutdown your phone
Open Flashtool (x32 suggested)
9-) Click Flash button (top left) then Ok button, select FTF on left side
10-) Select ALL wipe options, no NEED Misc TA for every flash (SKIP this, if you want to just UPDATE and keep data)
11-) Click Flash button, wait 1 minute (you will see an info)
12-) Push VOLUME DOWN button, then connect phone to pc (green led)
13-) When flashing done, disconnect and boot-up your phone, complete setup wizard (required)
14-) If you want to use Patched Kernel or ROOT your phone then continue otherwise flashing FTF process done
You have to BL Unlocked device to continue..
15-) Shutdown your phone
16-) Push VOLUME UP button, then connect phone to pc (blue led)
17-) Copy 32.4.A.1.54_E68XX.img and twrp_recovery.img file into "C:\Flashtool\x10flasher_lib"
1 Open "C:\Flashtool\x10flasher_lib" folder
19-) Then press LEFT SHIFT and click mouse right button into this folder
20-) Then press Open command window here option
21-) Then type this code into cmd (xx your model)
Code:
fastboot.exe flash [COLOR="red"]boot[/COLOR] 32.4.A.1.54_E68[COLOR="red"]xx[/COLOR].img
then restart your phone..
fastboot.exe flash [COLOR="red"]recovery[/COLOR] twrp_recovery.img
then restart your phone..
22-) Disconnect your phone and boot-up (required)
23-) If you want to ROOT your phone then continue otherwise flashing Patched Kernel process done
24-) Put ROOT files into Internal Memory
SuperSU - Most common root solution
phh's Superuser - I think best root solution
Magisk - Module solution & It has built-in phh root solution
25-) Boot-up your phone into TWRP
-TWRP : Volume DOWN + Power
26-) If you want to use SuperSU, just flash zip and reboot
27-) If you want to use phh, just flash zip and reboot You have to install "me.phh.superuser.apk"
Latest Magisk
Latest Magisk Uninstaller
2 If you want to use SuperSU & Magisk, flash SuperSU first then Magisk then Install Magisk Manager
29-) If you want to use Magisk, flash latest Magisk then Install Magisk Manager
30-) Have fun :fingers-crossed:
You can delete ALL System Apps with System App Remover ROOT APP
Click to expand...
Click to collapse
I have all same as you described. Installed superuser but when flash Magisk latest it says system patched with other method and fails
Sent from my E6633 using XDA-Developers Legacy app

I am.having issues in Installing lucky patcher after root. Can't install titanium back up as well
Sent from my E6633 using XDA-Developers Legacy app

Does this allow us with locked bootloaders to root our phone?

H! what resources ill lost on my z5p if I lose my drm keys? thx!

Thanks, my Z5P is happily rooted now. I'm afraid of hitting a wall sooner or later because of the unlocked bootloader but I couldn't make do without root access haha.

Battery drain
First of all! Wow! Been waiting ages for something like this as I have been stuck on 5.1.1 for a long time!
Anyway.. Installed everything as posted by the steps, all worked flawlessly I must admit, lightning fast, very stable, smooth as butter when operating the system, but over the period of 2 days I have had this rom installed I have experienced exceptional battery drain while using Bluetooth (never turn this of due to car and headset), I have never had a problem with Bluetooth using battery but as the stats read it is using about 94-98% of my battery!! It quite literally is sucking the power from my device whenever Bluetooth is turned on.
Is there anyone else experiencing this? Or can you maybe check to see if you are experiencing this?
Any fix would be greatly appreciated mate as I have looked online everywhere and can't seem to find a fix other than downgrading the rom (which is not what I want to do!)
I appreciate any answer in advance
Cheers guys!!
Sony z5p

[RECOVERY][3.3.1-17][laurel_sprout]Unofficial TWRP recovery for Xiaomi Mi A3 (Test)

Team Win Recovery Project 3.x, or twrp3 for short, is a custom recovery built with ease of use and customization in mind. Its a fully touch driven user interface no more volume rocker or power buttons to mash. The GUI is also fully XML driven and completely theme-able. You can change just about every aspect of the look and feel.
Code:
#include <std_disclaimer.h>
/*
*
* We are not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research if you have any concerns about features included in this ROM
* before flashing it! YOU are choosing to make these modifications, and if
* you point the finger at us for messing up your device, we will laugh at you.
*
*/
Features:
- TWRP boots
- TWRP seems has problems with external sdcard and otg
- Magisk Flash works
Install guide :
Remember to use the appropriate .img version
https://forum.xda-developers.com/showpost.php?p=80168528&postcount=16
Other Install guide :
1. Follow this guide to root your device
2. Flash the TWRP installer like a magisk module
3. Flashing the TWRP installer you will lose the root, so you will need to flash magisk again from magisk manager before reboot the device or you can reboot the device and flash magisk in twrp
HOW TO UPDATE a ROM and KEEP TWRP and ROOT:
Before all Disable all magisk modules for boths methods
- Put rom.zip, twrp installer.zip and magisk.zip on your internal storage;
- Flash Rom;
- Flash TWRP Installer;
- Flash magisk;
- Reboot.
If you want you can also update a stock rom from phone settings with local upgrade:
- Update the Rom WITHOUT REBOOT;
- Open Magisk Manager;
- Menu/modules/+ button/select the twrp installer.zip and flash it;
- Always in Magisk Manager, click on Install/Install/Direct Install;
- Again in Magisk Manager, click on Install/Install/Inactive Slot;
- Reboot.
Tips:
If you alread have a twrp flashed you can only flash the new installer zip or the new installation method to update your TWRP (remember to flash again magisk or your system will not boot).
If you have some problems with backup, like 255 error or something similar please check this guide: https://forum.xda-developers.com/oneplus-6/how-to/255-error-twrp-backup-restore-999-t3801632
For the Bacups use always "system_image" and "vendor_image" instead of "system" and "vendor".
Download:
TWRP 3.3.1-17 Unofficial by mauronofrio (Guide included in the link)
Source code:
https://github.com/mauronofrio/android_bootable_recovery
https://github.com/mauronofrio/android_device_xiaomi_laurel_sprout
Precompiled Stock Kernel
Donations:
Credits:
Thanks to Jyotiraditya Panda for the help with the tree
Thanks to @mdeejay for the hard testing
Created 2019-08-31

Bug
https://imgur.com/Y83Xhw2installed this TWRP but I'm with this bug, there are a way to fix this?

mauronofrio said:
Team Win Recovery Project 3.x, or twrp3 for short, is a custom recovery built with ease of use and customization in mind. Its a fully touch driven user interface no more volume rocker or power buttons to mash. The GUI is also fully XML driven and completely theme-able. You can change just about every aspect of the look and feel.
Features:
- TWRP boots
- TWRP seems has problems with external sdcard and otg
- Magisk Flash works
Install guide :
1. Follow this guide to root your device
2. Flash the TWRP installer like a magisk module
3. Flashing the TWRP installer you will lose the root, so you will need to flash magisk again from magisk manager before reboot the device or you can reboot the device and flash magisk in twrp
HOW TO UPDATE a ROM and KEEP TWRP and ROOT:
Before all Disable all magisk modules for boths methods
- Put rom.zip, twrp installer.zip and magisk.zip on your internal storage;
- Flash Rom;
- Flash TWRP Installer;
- Flash magisk;
- Reboot.
If you want you can also update a stock rom from phone settings with local upgrade:
- Update the Rom WITHOUT REBOOT;
- Open Magisk Manager;
- Menu/modules/+ button/select the twrp installer.zip and flash it;
- Always in Magisk Manager, click on Install/Install/Direct Install;
- Again in Magisk Manager, click on Install/Install/Inactive Slot;
- Reboot.
Tips:
If you alread have a twrp flashed you can only flash the new installer zip or the new installation method to update your TWRP (remember to flash again magisk or your system will not boot).
If you have some problems with backup, like 255 error or something similar please check this guide: https://forum.xda-developers.com/oneplus-6/how-to/255-error-twrp-backup-restore-999-t3801632
For the Bacups use always "system_image" and "vendor_image" instead of "system" and "vendor".
Download:
TWRP 3.3.1-15 Unofficial by mauronofrio
TWRP 3.3.1-15 Unofficial Installer by mauronofrio
Source code:
https://github.com/omnirom/android_bootable_recovery
https://github.com/mauronofrio/android_device_xiaomi_laurel_sprout
Precompiled Stock Kernel
Donations:
Credits:
Created 2019-08-31
Click to expand...
Click to collapse
Screenshots please

Rajendran Rasa said:
Screenshots please
Click to expand...
Click to collapse
For what, have you never seen TWRP?

nelinthon said:
https://imgur.com/Y83Xhw2installed this TWRP but I'm with this bug, there are a way to fix this?
Click to expand...
Click to collapse
The TWRP asked you for pattern or password when it started?

mauronofrio said:
The TWRP asked you for pattern or password when it started?
Click to expand...
Click to collapse
Can I directly flash twrp in fastboot??
fastboot flash recovery twrp.img
Because some mi devices won't boot to system after entering twrp

Thanks for your work! Is a big start for our phone!
Grazie dall'Italia!

mauronofrio said:
The TWRP asked you for pattern or password when it started?
Click to expand...
Click to collapse
yes

Rajendran Rasa said:
Can I directly flash twrp in fastboot??
fastboot flash recovery twrp.img
Because some mi devices won't boot to system after entering twrp
Click to expand...
Click to collapse
Recovery partition doesn't exist, so you can't flash it. The installation guide is explained in the first post

mauronofrio said:
The TWRP asked you for pattern or password when it started?
Click to expand...
Click to collapse
I fix it, just put the device password, so easy hahaha

nelinthon said:
I fix it, just put the device password, so easy hahaha
Click to expand...
Click to collapse
Yes that is for decryption

mauronofrio said:
Recovery partition doesn't exist, so you can't flash it. The installation guide is explained in the first post
Click to expand...
Click to collapse
That's not a guide
Explain with step 1,2,3
I have downloaded both the files given in op
Then how to flash twrp?? In fastboot
after flashing twrp do I need anything to flash for booting stock ROM
---------- Post added at 04:12 PM ---------- Previous post was at 04:07 PM ----------
Give the detailed step-by-step instructions for flashing twrp with usb drivers and adb fastboot files

Another problem
I tried to flash a GSI rom and STOCK rom but appears an error: UPDATER PROCESS ENDED WITH SIGNAL 4

Pls for cc9e also twrp

Install method explained
Hello!
Since the install steps provided on OP maybe confusing I thought on sharing here the steps I've made in order to get TWRP working....let's call it a "noob friendly guide", ok?
Here he we go:
0 - Your bootloader must be unlocked. If it's not, then follow step 1 of the instructions provided HERE.
1 - Download both twrp-3.3.1-15-laurel_sprout-mauronofrio.img and twrp-3.3.1-15-laurel_sprout-mauronofrio-installer.zip files present on OP
2 - Download latest Magisk Installer, Magisk Uninstaller and Magisk Manager from HERE.
3 - Copy all of the above to your phone internal memory (since current TWRP doesn't allow sdcard nor USB OTG yet...)
4 - Connect the phone to your PC
5 - Reboot to bootloader
Code:
adb reboot bootloader
6 - Check your current active slot
Code:
fastboot getvar current-slot
7 - Flash TWRP image into the current inactive slot (we do this just to leave the current active slot with no changes...at least for now)
If your current active is slot b, then run:
Code:
fastboot --set-active=a
Or, if your current active is slot a, then run:
Code:
fastboot --set-active=b
And afterwards, run:
Code:
fastboot flash boot twrp-3.3.1-15-laurel_sprout-mauronofrio.img
(of course that img file must be on the same path where you have adb and fastboot...)​8 - Reboot to TWRP:
Code:
fastboot reboot
NOTE: Long press Vol+ button before hitting "ENTER" and leave it pressed until you see the Android One logo (just to force boot into recovery)​
Just a heads up:
Now we are on TWRP booted on the "previously inactive slot". The "previously active slot" continues unchanged. Nothing "bad" really happened until what we decide to do next. If we want, we can just make a TWRP backup of the current slot and nothing else. Afterwards, we could always reboot to bootloader, change to the "previously active slot" again and boot system. If we do this, we continue without TWRP and root but we would now have a TWRP backup of the system present on the "inactive slot". Anyway let's presume you really want to permanently install TWRP and ROOT your device....so let's continue.
9 - While on TWRP, install twrp-3.3.1-15-laurel_sprout-mauronofrio-installer.zip
Note that, by doing this, TWRP will be permanently installed into both slots. This means that, if someday, you want to revert to stock, you'll need to reflash stock boot.img on, at least, one of your slots.​10 - After installing TWRP zip, go to reboot menu, change to the active slot (the one you had on the beginning of these steps) and reboot to TWRP
11 - After TWRP reboots, install Magisk installer zip
12 - Finally, reboot to system
13 - Enjoy
Thank you @mauronofrio and Jyotiraditya Panda for your work on bringing TWRP to Mi A3 (laurel_sprout).
I just hope you're able to fix USB OTG and SDCard bugs and, of course, make this TWRP official.
Cheers!

rom.zip
where is rom.zip

I wonder if it can work on Mi CC 9e......

Crosstyan said:
I wonder if it can work on Mi CC 9e......
Click to expand...
Click to collapse
This will not work on Mi CC 9e

Uninstall method explained (aka revert to stock)
Get boot.img, system.img and vendor.img from your stock ROM build type (EU or Global) and store them on the same folder you have adb and fastboot
Uninstall all Magisk Modules you have installed (do the same for Substratum themes, if any)
Reboot to TWRP
While on TWRP, Flash Magisk Uninstaller Zip
Reboot to bootloader
Code:
fastboot getvar current-slot
(just to make sure which slot is currently active)
Code:
fastboot flash boot boot.img
(from your stock ROM build type)
Code:
fastboot set_active [B]b[/B]
(or a, if you were on slot b)
Code:
fastboot erase boot
Code:
fastboot erase system
Code:
fastboot erase vendor
Code:
fastboot flash vendor vendor.img
(from your stock ROM build type)
Code:
fastboot flash system system.img
(from your stock ROM build type)
Code:
fastboot flash boot boot.img
(from your stock ROM build type)
Code:
fastboot reboot
By doing this your phone will now boot to the previously inactive slot, where an older system build is installed, with all your userdata preserved.
Now you just have to wait for the OTA to arrive and install it in order to have the latest stock Rom build installed without TWRP and Magisk.
NOTE:
This procedure is also intended for everyone that want to install latest stock OTA without losing userdata. The Magisk OTA Installation Tutorial could fail if you tampered with system or vendor partitions, that's why I've decided to share this procedure

There's a way to relock the bootloader???

[GUIDE] Pixel 3a "sargo": Unlock Bootloader, Update, Root, Pass SafetyNet

If you are looking for my guide on a different Pixel, find it here:
Pixel 3
Pixel 3XL
Pixel 3aXL
Pixel 4
Pixel 4XL
Pixel 4a
Pixel 4a (5G)
Pixel 5
Pixel 5a
Pixel 6
Pixel 6 Pro
For best results, use the latest stable Magisk release.
Discussion thread for migration to 24.0+.
Note: Magisk prior to Canary 23016 does not incorporate the necessary fixes for Android 12+.
WARNING: YOU AND YOU ALONE ARE RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR DEVICE. THIS GUIDE IS WRITTEN WITH THE EXPRESS ASSUMPTION THAT YOU ARE FAMILIAR WITH ADB, MAGISK, ANDROID, AND ROOT. IT IS YOUR RESPONSIBILITY TO ENSURE YOU KNOW WHAT YOU ARE DOING.
Prerequisites:
Latest SDK Platform Tools - if Platform Tools is out of date, you WILL run into problems!
USB Debugging enabled
Google USB Driver installed
I recommend using Command Prompt for these instructions; some users have difficulty with PowerShell.
Make sure the Command Prompt is running from your Platform Tools directory!
Android Source - Setting up a device for development
Spoiler: Downloads
Pixel OTA Images
Pixel Factory Images
Magisk Stable, Magisk Canary - Magisk GitHub
Spoiler: Unlock Bootloader
Follow these instructions to enable Developer Options and USB Debugging.
Enable OEM Unlocking. If this option is grayed out, unlocking the bootloader is not possible.
Connect your device to your PC, and open a command window in your Platform Tools folder.
Ensure ADB sees your device:
Code:
adb devices
If you don't see a device, make sure USB Debugging is enabled, reconnect the USB cable, or try a different USB cable.
If you see "unauthorized", you need to authorize the connection on your device.
If you see the device without "unauthorized", you're good to go.
Reboot to bootloader:
Code:
adb reboot bootloader
Unlock bootloader: THIS WILL WIPE YOUR DEVICE!
Code:
fastboot flashing unlock
Select Continue on the device screen.
Spoiler: Initial Root / Create Master Root Image
Install Magisk on your device.
Download the factory zip for your build.
Inside the factory zip is the update zip: "device-image-buildnumber.zip". Open this, and extract boot.img
Copy boot.img to your device.
Patch boot.img with Magisk: "Install" > "Select and Patch a File"
Copy the patched image back to your PC. It will be named "magisk_patched-23xxx_xxxxx.img". Rename this to "master root.img" and retain it for future updates.
Reboot your device to bootloader.
Flash the patched image:
Code:
fastboot flash boot <drag and drop master root.img here>
Reboot to Android. Open Magisk to confirm root - under Magisk at the top, you should see "Installed: <Magisk build number>
Spoiler: Update and Root Automatic OTA
Before you download the OTA, open Magisk, tap Uninstall, then Restore Images. If you have any Magisk modules that modify system, uninstall them now.
Take the OTA update when prompted. To check for updates manually, go to Settings > System > System Update > Check for Update
Allow the update to download and install. DO NOT REBOOT WHEN PROMPTED. Open Magisk, tap Install at the top, then Install to inactive slot. Magisk will then reboot your device.
You should now be updated with root.
Spoiler: Update and Root OTA Sideload
Download the OTA.
Reboot to recovery and sideload the OTA:
Code:
adb reboot sideload
Once in recovery:
Code:
adb sideload ota.zip
When the OTA completes, you will be in recovery mode. Select "Reboot to system now".
Allow system to boot and wait for the update to complete. You must let the system do this before proceeding.
Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: You can use Payload Dumper to extract the contents of the OTA if you want to manually patch the new boot image. However, I will not cover that in this guide.
Spoiler: Update and Root Factory Image
Please note that the factory update process expects an updated bootloader and radio. If these are not up to date, the update will fail.
Download the factory zip and extract the contents.
Reboot to bootloader.
Spoiler: Update bootloader if necessary
Compare bootloader versions between phone screen and bootloader.img build number
Code:
fastboot flash bootloader <drag and drop new bootloader.img here>
If bootloader is updated, reboot to bootloader.
Spoiler: Update radio if necessary
Compare baseband versions between phone screen and radio.img build number
Code:
fastboot flash radio <drag and drop radio.img here>
If radio is updated, reboot to bootloader.
Apply update:
Code:
fastboot update --skip-reboot image-codename-buildnumber.zip
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Note: If you prefer, you can update using the flash-all script included in the factory zip. You will have to copy the script, bootloader image, radio image, and update zip into the Platform Tools folder; you will then have to edit the script to remove the -w option so it doesn't wipe your device.
The scripted commands should look like this:
Code:
fastboot flash bootloader <bootloader image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot flash radio <radio image name>
fastboot reboot bootloader
ping -n 5 127.0.0.1 > nul
fastboot update --skip-reboot <image-device-buildnumber.zip>
Once this completes, you can reboot to bootloader and either boot your master patched image, or if you patched the new image, flash it at this time.
Spoiler: Update and Root using PixelFlasher <<RECOMMENDED FOR NOVICES>>
PixelFlasher by @badabing2003 is an excellent tool that streamlines the update process - it even patches the boot image for you.
The application essentially automates the ADB interface to make updating and rooting much easier. However, it is STRONGLY recommended that you still learn the "basics" of using ADB.
For instructions, downloads, and support, please refer to the PixelFlasher thread.
Spoiler: Update and Root using the Android Flash Tool
Follow the instructions on the Android Flash Tool to update your device. Make sure Lock Bootloader and Wipe Device are UNCHECKED.
When the update completes, the device will be in fastbootd. Reboot to bootloader.
Boot the master root image (See note 1):
Code:
fastboot boot <drag and drop master root.img here>
Note: If you prefer, you can download the factory zip and manually patch the new boot image, then flash it after the update. Do not flash an older boot image after updating.
Your device should boot with root. Open Magisk, tap Install, and select Direct Install.
Reboot your device. You should now be updated with root.
Spoiler: Pass SafetyNet/Play Integrity
SafetyNet has been deprecated for the new Play Integrity API. More information here.
In a nutshell, Play Integrity uses the same mechanisms as SafetyNet for the BASIC and DEVICE verdicts, but uses the Trusted Execution Environment to validate those verdicts. TEE does not function on an unlocked bootloader, so legacy SafetyNet solutions will fail.
However, @Displax has modified the original Universal SafetyNet Fix by kdrag0n; his mod is able to force basic attestation instead of hardware, meaning that the device will pass BASIC and DEVICE integrity.
Mod available here. Do not use MagiskHide Props Config with this mod.
This is my configuration that is passing Safety Net. I will not provide instructions on how to accomplish this. Attempt at your own risk.
Zygisk + DenyList enabled
All subcomponents of these apps hidden under DenyList:
Google Play Store
GPay
Any banking/financial apps
Any DRM media apps
Modules:
Universal SafetyNet Fix 2.3.1 Mod - XDA post
To check SafetyNet status:
YASNAC - GitHub
To check Play Integrity status:
Play Integrity Checker - NOTE: MEETS_STRONG_INTEGRITY will ALWAYS fail on an unlocked bootloader.
I do not provide support for Magisk or modules. If you need help with Magisk, here is the Magisk General Support thread. For support specifically with Magisk v24+, see this thread.
Points of note:
The boot image is NOT the bootloader image. Do not confuse the two - YOU are expected to know the difference. Flashing the wrong image to bootloader could brick your device.
While the Magisk app is used for patching the boot image, the app and the patch are separate. This is what you should see in Magisk for functioning root:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
"Installed" shows the version of patch in the boot image. If this says N/A, you do not have root access - the boot image is not patched, or you have a problem with Magisk.
"App" simply shows the version of the app itself.
If you do not have a patched master boot image, you will need to download the factory zip if you haven't already, extract the system update inside it, then patch boot.img.
If you prefer updating with the factory image, you can also extract and manually patch the boot image if desired.
Some Magisk modules, especially those that modify read only partitions like /system, may cause a boot loop after updating. As a general rule, disable these modules before updating. You are responsible for knowing what you have installed, and what modules to disable.
Credits:
Thanks to @badabing2003 , @pndwal , @Displax , @Az Biker , @ipdev , @kdrag0n , @Didgeridoohan , and last but not least, @topjohnwu for all their hard work!

Please everyone who can give me a tutorial of unlock OEM Pixel 3A verizon why there is no tutorial is the best from this forum I am a student please tell me about the subject I am asking.
Thank you

Filsafat00 said:
Please everyone who can give me a tutorial of unlock OEM Pixel 3A verizon why there is no tutorial is the best from this forum I am a student please tell me about the subject I am asking.
Thank you
Click to expand...
Click to collapse
Verizon branded Pixels cannot be unlocked.

Root oppo A83 CPH1729 [Magisk or SuperSU]

*I am so crazy with this phone but still have a hope that one day it will be rooted
Here are the things that I have done to my phone:
Unlocked bootloader using this tool: MTKClient (it needs testpoint so almost every people cannot get through this step)
Got stock boot image
- used MTKClient to dump boot partition (need testpoint)
- or download OTA update containing image file then this tool to decrypt that OTA file oppo_decrypt_ozip by bkerler (dont need testpoint)
*Both these stock boots worked (I've tested them)
Patched stock boot.img file (because the phone has ramdisk) by Magisk with these options enabled
- Preserve AVB 2.0/dm-verity
- Preserve enforced encryption
- Patch vbmeta in boot image (because there is no vbmeta partition in this device)
Flash patched boot img
- used MTK META Ultility to enter fastboot (no need testpoint. Power the phone off. Press and hold Volume Down button, when holding that button plug in USB cable)
+ In fastboot, enter this command : fastboot flash boot after that, drop patched boot.img file into cmd console.
+ Turn on the phone again -> bootloop in orange state -> flashed stock rom then it backed to normal
- used MTKClient to write boot (needtestpoint) (but still bootloop in orange state) -> wrote stock boot.img then it backed to normal
*I have tried unticking the first 2 options (in step 3) but bootloop still existed
Hope someone can help me get over this

[Self-Solved]
This device works with SuperSU 2.78. SuperSU can be installed in newer versions but there is no root installed
Also, it works with Magisk v14.0 and Magisk Manager v5.8.2. Newer versions cause bootloop )

Now, newer versions of Magisk is under development for supporting some old devices like this device. Waiting for changes ...

Lunarx said:
Now, newer versions of Magisk is under development for supporting some old devices like this device. Waiting for changes ...
Click to expand...
Click to collapse
From this commit, I can confirm that now you can use latest Magisk version for this device. You can download this artifacts from Github Actions for experience. (It is not stable so wait for official release if you're not sure this will work)