This works for MediaTek SoC ONLY!! XA XA1 and variants of C4/5's, M5's, L1, L2 and Maybe even L3's
Update: A Bootless/System only Root is now reported as working again thanks to diplomatic.
Can XA1 users who have benefited from mtk-su and the System only Root please report back their experience here also so other XA1 users will know what to expect.
Thanks to dev @diplomatic All Sony Mediatek devices should now be able to obtain a /ta partition backup before unlocking their bootloader. :victory:
It works by getting temporary "root" with a easy to use method which will then allow you to grab a /ta backup via the dd cmd
I did some testing for diplomatic and I can confirm this works with my locked bootloader XA1 on Android 8.0 lesser versions should also work.
I also tested this on my other Mediatek devices with the same successful results upto and including Android 8.1
Please visit diplomatic's Thread HERE for instructions and details also remember to Hit his Thanks Button or the :good: Thumbs Up Button if your using a phone app.
How do I backup the /ta ???
See this here.
Use MTK-SU to get temp root then use my dd backup helper script
Thread is HERE for instructions and info
https://github.com/bigrammy/dd-backup-helper-script/blob/master/dd-backup.sh
I am new to Sony whats all this stuff mean???
The below will help anyone new to Sony Gain a little insight into the slight differences over stock Android.
So take time to read it
New to Sony then read the info HERE it will save you a lot of head scratching and google time and I created the thread for just such as you. :good:
As a Footnote for the over enthusiastic:
You only need dd backup what is specific to your device so everything that is NOT included in the FlashTool/Xperifirm firmwares. Like the /TA, /Protect_f, /Protect_s, to name a few for example.
Backing up stock boot or fotakernel is kinda pointless because these are contained in the XperiFirm/FlashTool firmwares and can be easily restored using FlashTool or xflasher to flash those Stock ROM parts.
This is all a little over my head, to be honest. But it looks like I won't be able to install TWRP unless I unlock my bootloader if I'm reading this right?
My phone's bootloader can't be unlocked so that'll be a real shame if that's so.
Ticklefish said:
This is all a little over my head, to be honest. But it looks like I won't be able to install TWRP unless I unlock my bootloader if I'm reading this right?
My phone's bootloader can't be unlocked so that'll be a real shame if that's so.
Click to expand...
Click to collapse
Sure. But you will be able to temp root phone.
Ticklefish said:
This is all a little over my head, to be honest. But it looks like I won't be able to install TWRP unless I unlock my bootloader if I'm reading this right?
My phone's bootloader can't be unlocked so that'll be a real shame if that's so.
Click to expand...
Click to collapse
Sorry for the super late reply but for some reason I don't get a notification when someone post's I guess I must have forgot to subscribe to my own thread. :silly:
Why cant you unlock your bootloader
bigrammy said:
Sorry for the super late reply but for some reason I don't get a notification when someone post's I guess I must have forgot to subscribe to my own thread. :silly:
Why cant you unlock your bootloader
Click to expand...
Click to collapse
I have the message "bootloader unlock allowed: no" so I'm stuck.
I was hoping to be able to install TWRP so I can start modding my system apps.
Sent from my Sony Xperia XA1 using XDA Labs
Ticklefish said:
I have the message "bootloader unlock allowed: no" so I'm stuck.
I was hoping to be able to install TWRP so I can start modding my system apps.
Sent from my Sony Xperia XA1 using XDA Labs
Click to expand...
Click to collapse
Hmm My XA1 is with a relative just now so can't check but we used to have this problem on the C4 and C5.
I just Ignored that and tried the unlock code anyway. It worked for me on the C4 and XA but but not tested it on the XA1 so no guarantee's.
The other option is to use xflasher which worked for me on my XA1 (BL Locked) and flash only the system, boot, recovery, oem and userdata of the earliest 7.0 you can get your hands on and see if it boots. :fingers-crossed: It may even work for the preloader lk etc but I did not want to risk bricking the XA1 so never tried to flash those sensitive area's
If it does let you flash a earlier version then just wait for the ota and install it. The OTA will flash the perloader and lk of the next 7.x update and hopefully that will allow you to unlock the BL unless your phone is locked to specific carrier then I am unsure about that.
Again this is the method used on the C4/5 for rolling back to 5.0 so we could unlock the bootloader.
bigrammy said:
Hmm My XA1 is with a relative just now so can't check but we used to have this problem on the C4 and C5.
I just Ignored that and tried the unlock code anyway. It worked for me on the C4 and XA but but not tested it on the XA1 so no guarantee's.
The other option is to use xflasher which worked for me on my XA1 (BL Locked) and flash only the system, boot, recovery, oem and userdata of the earliest 7.0 you can get your hands on and see if it boots. :fingers-crossed: It may even work for the preloader lk etc but I did not want to risk bricking the XA1 so never tried to flash those sensitive area's
If it does let you flash a earlier version then just wait for the ota and install it. The OTA will flash the perloader and lk of the next 7.x update and hopefully that will allow you to unlock the BL unless your phone is locked to specific carrier then I am unsure about that.
Again this is the method used on the C4/5 for rolling back to 5.0 so we could unlock the bootloader.
Click to expand...
Click to collapse
Interesting. I might try the unlock code just to see what it does. I think Vodafone may have locked my phone, which is understandable but annoying.
I can't afford a new handset and all my old ones are either broken or so underpowered that they're pretty useless, so I won't try flashing anything right now. Too risky.
Ticklefish said:
Interesting. I might try the unlock code just to see what it does. I think Vodafone may have locked my phone, which is understandable but annoying.
I can't afford a new handset and all my old ones are either broken or so underpowered that they're pretty useless, so I won't try flashing anything right now. Too risky.
Click to expand...
Click to collapse
Hmm I thought they could only really sim lock the device but maybe that's why your not been shown the Option to unlock the bootloader.
If you have the sim lock removed by fair or fowl means then the unlock option may become available to you. I have flashed full Vodafone Virgin O2 ROM's with FlashTool before now and none ever locked the bootloader I have only ever heard of people having problems who accidentally flash the sim.lock part of the firmware. :silly:
PS: I have used these before for sim unlocking and all was ok. HERE also cheaper than most.
New bootless/System Only Root
A Heads up for everyone!!!
Well @diplomatic has done it again with a New bootless Root for locked bootloaders it has been reported to be working on the XA1 which I am sure will be good news for many. :victory:
Remember to Hit the thanks button of diplomatic or better still buy him a Beer or Pizza for liberating your phone. :good:
https://forum.xda-developers.com/showpost.php?p=79626434&postcount=135
@Ticklefish
Bootless magisk root
Bootless magisk root working on XA1!!!
Updated tutorial: https://forum.xda-developers.com/showpost.php?p=79626434&postcount=135
Wow, cool! You mean I don't have to unlock my phone to get root? Can't wait to try it on my XA1...
---------------------
But seriously, this bootless root may be a bigger headline than the temp root shell itself.
diplomatic said:
Wow, cool! You mean I don't have to unlock my phone to get root? Can't wait to try it on my XA1...
---------------------
But seriously, this bootless root may be a bigger headline than the temp root shell itself.
Click to expand...
Click to collapse
Awesome work all round and yes you are correct it may even warrant a thread of its own since itś not limited to MTK devices.
On a side note.
Safestrap recovery would be the next logical thing for the XA1 then the locked bootloader circle should be complete.
It will be like running the Fire Phone again :laugh:
https://github.com/bigrammy/android_bootable_recovery-safestrap
Yeah, you're right, I'll make a new thread eventually. Just wanted to start slow and see where it goes...
Unfortunately, safestrap recovery will be problematic because this method doesn't let you write to /system or boot. It doesn't do anything about dm-verity and all that.
diplomatic said:
Yeah, you're right, I'll make a new thread eventually. Just wanted to start slow and see where it goes...
Unfortunately, safestrap recovery will be problematic because this method doesn't let you write to /system or boot. It doesn't do anything about dm-verity and all that.
Click to expand...
Click to collapse
I need to get around to unpacking the boot of the XA1 and look at the lk too. If they moved the fstab to system/vendor then there maybe a way.
My thoughts are as yet untested and based off vague memories but if I manage to put them all together I will let you know.
Real busy just now with Work and ongoing home improvements so not got much time for playing
Read this before thinking about bootless recovery:
https://source.android.com/security/verifiedboot/dm-verity
Any method to root with magisk that allows modifying / system?
leonardo.teseyra said:
Any method to root with magisk that allows modifying / system?
Click to expand...
Click to collapse
Yes for sure but you need to be officially bootloader unlocked for that.
You use the mtk-su to gain temp root then make a couple of dd backups of your /ta and any other partition you think maybe useful which is basically
anything not contained in a firmware package using FlashTool/Xperifirm
EG:
ta
nvram
nvdata
protect_f
protect_s
When you have what you need Unlock the bootloader officially.
Convert your boot.elf to boot.img have Magisk patch the new boot.img and flash it via fastboot.
If you need more detail please provide more such as your device etc it make helping easier. :good:
bigrammy said:
Yes for sure but you need to be officially bootloader unlocked for that.
You use the mtk-su to gain temp root then make a couple of dd backups of your /ta and any other partition you think maybe useful which is basically
anything not contained in a firmware package using FlashTool/Xperifirm
EG:
ta
nvram
nvdata
protect_f
protect_s
When you have what you need Unlock the bootloader officially.
Convert your boot.elf to boot.img have Magisk patch the new boot.img and flash it via fastboot.
If you need more detail please provide more such as your device etc it make helping easier. :good:
Click to expand...
Click to collapse
Thanks for the help, I have a Sony Xperia XA1 with android 8.0. Do you know of any tutorial I can follow? I need to root with magisk to be able to hide the root.
leonardo.teseyra said:
Thanks for the help, I have a Sony Xperia XA1 with android 8.0. Do you know of any tutorial I can follow? I need to root with magisk to be able to hide the root.
Click to expand...
Click to collapse
Backup your ta partition then unlock your bootloader using Sonys official method.
Flash the boot and recovery for your device which are located in this thread HERE
Format your data again with TWRP and flash magisk thats it your done.
To revert your devices back to 100% stock dd back your ta backup and reflash the 100% stock ROM using FlashTool or maybe Sonys official tool.
bigrammy said:
Backup your ta partition then unlock your bootloader using Sonys official method.
Flash the boot and recovery for your device which are located in this thread HERE
Format your data again with TWRP and flash magisk thats it your done.
To revert your devices back to 100% stock dd back your ta backup and reflash the 100% stock ROM using FlashTool or maybe Sonys official tool.
Click to expand...
Click to collapse
How can I backup my TA partition?. I have root access but I can't find /ta any where
Related
Hello Everyone
I understand that many of the users have tough time rooting their device and thus I have decided to look into Rooting using Exploit method over USB commands rather than flashing ROM. I would just look into what could be done as there are few differences between Z3 Compact device series but all use the same Snapdragon 801. This guide is intended for UNLOCKED & LOCKED BOOTLOADER. Make sure you check each method if it supports locked/unlocked bootloader or not. In case it is not mentioned, it is to be understood that it supports locked bootloader as well. However, if the method fails, please provide feedback and also update SuperSU in the script files.
All Credits to the developers for their tools!
HTML:
I take no responsibility for world wars, broken phones, flying machines,
UFO invasions, bricked phones, dead sd card . If you agree to go ahead with this,
it is your choice and no blame should come to any developer/contributor whatsoever
PREREQUISITE
-USB DEBUGGING
For this guide to work, make sure usb debugging is enabled.
Go to Settings> About>Build Number> tap it 7 times and "Developer Options" should appear in settings.
In Developer Options> Enable USB Debugging.
-USB DRIVERS
For these I suggest use Flashtool. However if you still have problem. I would update a guide for that as well
http://www.flashtool.net/index.php
METHOD 1 (Kitkat/Lollipop. Unlocked/Locked Bootloaders)
1.Download latest SuperSU from HERE
2.Place supersu in your sd card
3.Install recovery from the link HERE and use the method as stated in the thread.
4.Once booted into recovery, flash supersu.zip. Make sure it is 2.37 or above for LP.
5.Done
Check FAQ 1
How to make a TA backup.
1. Download the latest version of Backup TA from here DOWNLOAD HERE
2. Extract the ZIP file to a folder location of your choosing.
3. Navigate to the folder location of Backup TA.
4. Make sure no other script or application which is using ADB is running.
5. Make sure the device is booted in normal mode (the way you normally use it).
6. Run Backup-TA.bat
7. Read the last paragraph of the license before continuing.
8. Read the information and follow the instructions given by the tool.
Someone pointed out that the script needs root to work.
UNLOCK bootloader from Official Website
http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/
Please note! It will only be possible to unlock the boot loader for certain releases of this model. You can check if it is possible to unlock the boot loader of your device by checking the service menu.
Open the Contacts app.
Click the menu button in the top right.
Click Settings.
Long press (for about 5 seconds) somewhere in the empty space just above soft key bar, and then release your finger. A button named Enter service code will then appear in the same area (this may take a few tries).
Click Enter service code. A dialler will appear.
Enter *#*#7378423#*#* in the dialler.
Tap Service info > Configuration > Rooting Status. If Bootloader unlock allowed says Yes, then you can continue with the next step. If it says No, or if the status is missing, your device cannot be unlocked(bootloader).
If your bootloader can be unlocked, proceed to the above website and follow the on screen instructions. You do not need to download full adb , just download the platform tools attached with this guide.
Once you have working drivers, unlock bootloader, made backups and have usb enabled, you can proceed to the actual rooting process.
Backs are highly recommended but not a must .
There are a few methods due to differences in devices and one might work on all, one or none. The methods are arranged in preferred order but not necessarily to work in the same order.
METHOD 2: Kitkat Unlocked Bootloader
Download boot.img from attachment
unlock bootloader via Sony
Flash boot.img via flashtool or fastboot commands
METHOD#3
Use Kingo Root app
Enable USB debugging and run the application.
Download from here
http://www.kingoapp.com/
You can use apk file as well but PC method is more effective.
METHOD 4
CHINESE METHOD
http://www.mgyun.com/en/GetVRoot
KingUser be installed.
Install SuperSU from market and replace Kinguser with SuperSU in SuperSU options
METHOD 5
Run kingo and Vroot at the same time using a PC!
At times this works with few devices
ROOT CHECKER BASIC FROM PLAYSTORE to check if you have root.
Credits
zxz0O0 for rootkit
If you think I have missed your name and you deserve to be in the list, please do not hesitate to inbox and I would gladly update it.
Reserved FAQ
FAQ 1
If you do not wish to flash recovery and only want to gain root. Use boot command instead of flash. Or delete files as stated in the recovery guide
I have an error/question!
stuck at cleaning up
Close the tool and run again.
.
error: more than one device or emulator
Check if you have installed any windows android emulater like bluestacks etc
.
stuck at Waiting for device
Make sure device is connected
Make sure USB-debugging is enabled
Make sure no Sony PC Companion or other Sony software is running
Make sure you have adb drivers installed
Make sure the computer is permanently authorized for connection on the phone (you get a dialog the first time you connect)
.[*]How to unroot?
Flash factory firmware in flashtool. Exclude everything except system. No need to wipe anything.
.
[*]Will I keep root after factory reset?
Yes
"PREREQUISITE : USB DEBUGGING + USB DRIVERS"
"Firstly I suggest you make a full backup of your applications/data especially TA backup."
As you make a backup of TA without root?
Backup TA -> http://forum.xda-developers.com/showthread.php?t=2292598
Q: Do I need root for this?
A: Yes, you do need root for both backup and restore to work. I would advice to use @DooMLoRD's excellent Easy Rooting Toolkit for this, when not already rooted.
kvi said:
"PREREQUISITE : USB DEBUGGING + USB DRIVERS"
"Firstly I suggest you make a full backup of your applications/data especially TA backup."
As you make a backup of TA without root?
Backup TA -> http://forum.xda-developers.com/showthread.php?t=2292598
Q: Do I need root for this?
A: Yes, you do need root for both backup and restore to work. I would advice to use @DooMLoRD's excellent Easy Rooting Toolkit for this, when not already rooted.
Click to expand...
Click to collapse
Thank you so much for your feedback. The guide is still in process and I would make necessary changes as well once it is completed.
Making TA is a suggestion and NOT by any means a step to the process. I am going to work a bit as it needs editing at places
UPDATE :
Guide updated
waichai said:
Hi Hnk1,
Sorry bothering you.
I have read so many threads on xda, and they all have too many steps and risk. I found your thread is simple and easiest to follow.
I have read your thread from http://forum.xda-developers.com/z3-tablet-compact/general/root-flashing-construction-t3091763
My device: SGP621 (LTE version) Build number 23.1.A.0.167 Kitkat 4.4.4. Bootloader is Locked.
I would like to root and TA backup. Can I just follow these step from your tutorial below? Thanks.
PREREQUISITE..............................................
Click to expand...
Click to collapse
Firstly always quote me in the right forum and NEVER ASK me questions in PM. If you next time do it, I will simply ignore.
Well, The recovery clearly states it works for your device so go ahead and flash it.
Hnk1 said:
Firstly always quote me in the right forum and NEVER ASK me questions in PM. If you next time do it, I will simply ignore.
Well, The recovery clearly states it works for your device so go ahead and flash it.
Click to expand...
Click to collapse
I apologize for the PM. I should have read your signature. Thank you for your reply.
I am on 4.4.4 and 23.0.1.A.0.167. I tried method 1,3,5 and none of them works, i thinks it's because of the 23.0.1.A.0.167 is not rootable using the exploit method ?
-Zeta- said:
I am on 4.4.4 and 23.0.1.A.0.167. I tried method 1,3,5 and none of them works, i thinks it's because of the 23.0.1.A.0.167 is not rootable using the exploit method ?
Click to expand...
Click to collapse
I suggest you try the Chinese method. I rooted with that but download the Chinese version because it's 1.83 while English version stands at 1.78
Noob question... unlocking bootloader will make me lose DRM right?
Lrclaros said:
Noob question... unlocking bootloader will make me lose DRM right?
Click to expand...
Click to collapse
It is wise to make @ backup. However, I have always unlocked my boot loader via official Sony website and never had any problems even without a TA backup.
Good luck
Guide updated and changes made!
I have unlocked bootloader, by oficiall way (Sony site). Phone is full reseted now. Can I back all data, whole system? I've made backup of all on the internal mem with TRWP. Will everything works normaly after that?
So if I access the service menu in the root section it says I cannot unlock the bootloader.
Is there a way to do so through unofficial means?
I did backup my TA so I just need to be able to do that :/
So far I'm unable to unlock the bootloader and never upload a custom recovery.
My model is D6603 with version 6.x of Android OS.
Is the capacity to to unlock the Bootloader bound to the android version?
I heard that I could root the phone if I downgrade to an older OS version and then do it... anybody can confirm?
For those with any trouble and that can't flash twrp, a full procedure for injecting TWRP into the kernel is here:
https://forum.xda-developers.com/showpost.php?p=74528751&postcount=22
But... why?
Well, many people like and buy the Xperia line of devices currently on the market who previously owned a Samsung, LG or HTC. There are many differences in hardware, but most certainly in how Sony perceives the Android ecosystem and how it differs from the other major brands. This (noob) guide is meant to help people on the path to the Sony side I'm sure it contains lots of info which is even useful for the old timers
Things which differ a LOT from the other brands:
First and foremost: no recovery partition;
Second but not least: no download mode.
Sony has replaced the Android recovery partition with the FOTA kernel, which is meant to aid the device in rolling out OTA updates, which allow kernel updates without the risk of bricking the device. I hear you scream: "But wait, what about the recovery partition announcement by Sony themselves!?", well the answer is simple: that is meant for unlocked bootloader devices ONLY, as a part of their "Open Devices" program.
What is Flashmode, Flashtool and what are these FTF and SIN files I am reading about?
I'm going to quote @Androxyde here (it's a straight copy of his index page), as he is the maintainer of the tool:
Flashtool is a S1 flashing software that works for all Sony phones from X10 to Xperia Z Ultra. They all use the S1 protocol for flashing firmwares.
This program was originally made to flash sin files downloaded by SEUS/SUS or PC Companion.
Based on a command line tool written by @Bin4ry (Andreas Makris), I brought a user interface to sin files flashing.
We worked together to add more features to the tool such as rooting methods implementation or TA backup / restore.
Then I took the lead and got some advice and help from him occasionally on some features like rom cleaner or bootloader unlocking.
From time to time, sin files have been bundled into what is now well known FTF (Flash Tool Firmwares) and more features have been implemented.
But flashing firmwares is still the core of Flashtool (that is updated at least to follow Sony improvements around sin files) and the reason of its name.
Flashtool can also easily unlock the bootloader of the phone using the BLU icon as far as the bootloader of your phone is unlockable
The flashing feature as well as bootloader unlock feature are available whatever the phone is recognized or not by the application. What is only mandatory for flashing is to own the FTF file according to the device you want to flash it on.
Why should I use Flashtool?
Once bootloader unlocked, official sony tools do not work anymore.
Using official sony tools, you can only upgrade. No downgrade possible.
Using flashtool, you can choose what to flash and what not to flash. This said, many rooting scenarios are available implying kernel only downgrade to retrieve a patched rooting exploit and then flash back the right kernel.
You said unlocking bootloader?
This process gives you the opportunity to flash custom roms such as CyanogenMod ROMs.
I invite you to visit the FXP Project that brings CM and AOSP to xperia devices.
Click to expand...
Click to collapse
To complete this explanation, Sony devices know 2 bootloader based flash modes:
Flashmode (This is the S1 flash protocol @Androxyde wrote about)
Fastboot (This is the original, unmodified fastboot mode from Google)
In the past there was the Sony-Ericsson Update Software/Service (SEUS, later named SUS because Ericsson got removed from the name) which could update your device to the latest software or recover it from an inoperable state. PC Companion was less of a tool for updating and more of making backups, installing applications and managing the device storage. Sometime the past 3-4 years Sony merged the 2 programs, so if people on XDA or anywhere on the web talk about using PC Companion to restore their device, they are not wrong, they are simply using the latest version
Sony recently released their own package called 'flash tool' (to add to the confusion of noobs in the community), which deep down is a little easier to use and stripped down version of EMMA, which is a tool we mere mortals will probably never use as EMMA is the flash tool for Sony's repair shops and tech support. It's primary function is to allow owners of an unlocked bootloader device (or, 'open device' as Sony named it) to still use Sony firmwares and update their device, because as soon as you unlock the bootloader, the OTA updates will stop.
Things to remember on the files used by these tools:
An FTF file is basically not more then a ZIP archive containing multiple SIN files, you can open the FTF using 7z/WinZip/WinRar and look inside it.
A SIN file is a disk/partition image, which is encrypted by Sony. S1 (the bootloader) will check this encryption to make sure the image was not tampered with before it accepts it for flashing.
Fastboot flashing will always fail when the device is still in a locked bootloader state. For some models it is even disabled entirely or non-functional until you unlock the bootloader.
I am reading about the TA, what is it, why should I make a backup?
The TA partition (Trim Area) is a signed partition which holds various things which are unique to your device, like the device's IMEI, DRM keys and bootloader settings and configuration options. This partition can not be exchanged between devices, because it really is unique. If you would flash the TA backup from someone else it will cause a hard-brick rendering your device only useful as a paperweight...
When you unlock your bootloader you will lose all the DRM features on your device, this makes it valuable to have a backup of the unmodified version stowed away somewhere safe. You will need root level access to create that backup before unlocking. There is a tool called Backup TA which is widely used to create and restore backups of the TA partition. TWRP in XZDualRecovery can do the same.
When you restore the backup TA partition you made before unlocking the bootloader you will essentially re-lock the bootloader and restores the DRM keys. This process is (as far as we know up to now) undetectable by Sony's support staff, which makes it easy to restore the phone to stock for warranty driven support issues as unlocking your bootloader will void your warranty on the device (it is subject to local law though). That is why, for a lot of owners of a Sony device at least, it is considered to be the "Holy Grail" and is usually the reason for a lot of users to wait for a root exploit to be found before unlocking their bootloader.
Okay, I get it now. I would like to unlock my bootloader, how to proceed?
I'm not here to rewrite everything other people or Sony themselves can write just as well or even better, so I have a link for you:
http://developer.sonymobile.com/unlockbootloader/
Read it, it will teach you just about everything you need to know.
Once your bootloader is unlocked, your device will be much like a Nexus device when it comes to rooting, excluding the recovery partition, so that's why we flash or hotboot a custom kernel with a recovery, by using fastboot. If you are afraid of a terminal and typing commands, you can use a tool like QuickIMG or Flashtool to make your life easier.
Right, now I want root!
Well, if you have an 'open device', this is a lot easier then you think. Just remember that using root exploit kits is unnecessary and in some cases even risky as some packages do funky things or jeopardize your privacy.
Try to find a 'stock based' custom kernel. These are custom kernels built by the community to add features to the kernel but are meant to work with Sony's stock firmwares. I'm the maintainer of XZDualRecovery myself and created the Kernel Builder for the supported devices.
These custom kernels will NOT root your device (unless otherwise stated by the creator), but introduce a recovery to the boot process and with that you will be able to flash SuperSU to root your ROM.
But you just said Sony devices don't have a recovery partition, please... UN-confuse me!!
Yes, I did, and I'm right: there have been bright minds in the community who included a recovery in the boot image (the kernel partition) in the past and that way included a recovery on our Sony devices.
With the current 'open devices' policy from Sony, we now have:
Recovery stored inside the system partition, which is meant for locked bootloader devices (closed devices) because they can not run custom kernels;
Recovery stored in the boot image (for open devices);
Recovery stored on the FOTA partition, but with a trigger from the regular boot image at boot (also for open devices);
Recovery stored on the FOTA partition -renamed to recovery- together with an updated bootloader (for open devices, of course).
Hmm, okay... it's still confusing, but OK. My service menu says I'm rooted, but none of the root apps work properly, what gives?!
If you open the phone dialer app and on the keys see the letters below the digits, you can spell the word SERVICE. Type *#*#SERVICE#*#* and a service menu will pop up. Tap 'Service Info' and then 'Configuration'. Then you will see one of these lines there almost on the bottom of the list:
"Rooting status: unknown": it's probably unlocked, but it was unable to verify that;
"Rooting status: rooted": you have unlocked the bootloader;
"Unlock bootloader allowed: YES/NO": this tells you if the bootloader is (vendor-) locked or not, if it says NO, you're out of luck.
The rooting status there is not telling your system is rooted, it tells you your bootloader is and will allow custom rom/kernel flashing. Don't confuse these two.
I'm not allowed to unlock my bootloader But I still want root, can I?
In some cases you can. It depends on the bugs found in specific firmware versions which allow a root exploit to be developed.
From the 2015 range of Xperia devices Sony started using dm-verity, which causes a bootloop once the system partition is modified. This modification of the system partition will be required to include a SU binary in the system to obtain root, so until a dm-verity defeating option is found, locked bootloader root or recovery will not be possible.
For older models, check the device forums and the cross device development forums to check out the community rootkits available. Usually it will tell you what ROM version it is intended for. Be careful with rootkits/roottools though, some are also found to be introducing malware to your device or sending privacy sensitive data to the creators. Use common sense, if you have no valid use for the root user level, keep it off your phone. If you already have recovery, you can use that to modify or clean your device instead.
I have rooted my phone, but whenever I try to modify something on it it spontaneously reboots or I get a message 'Permission denied" when trying to remount the system partition R/W! Why is that?
Like all manufacturers, Sony tries to make it difficult (or downright impossible) to modify the Android base system they created. Because if you can, anyone or anything which obtains root access can. This is a serious security risk, because if it's malware which puts itself on the system partition and locks up your phone, the only way around this is to wipe your entire device and restore a stock ROM using PC Companion or Flashtool. Of course, they have their own proprietary software to protect as well, but security is the main objective here. The really sensitive bits are stored in the TA partition as I explained earlier.
Sony (-Ericsson) had a service called RIC, which in time moved partially in to a kernel feature. What it does is monitor if system is remounted writeable. This usually is a situation you want to avoid at all costs so RIC will deny you permission, cause a kernel panic OR simply reboots your device to get out of that state.
"Remount-Reboot fix", RICKiller, RICDefeat, and XZDualRecovery all (attempt to) disable this service or stop the kernel from acting on a remount of system.
Hard-bricks, Soft-bricks, bootloops??
They are simple to understand, really:
Hard-brick, TYPICALLY NOT RECOVERABLE: The bootloader stopped functioning, this can be caused by a bad flash/update or by restoring the wrong TA backup.
Soft-Brick, ALWAYS RECOVERABLE: the system partition is corrupted or just simply empty, this causes the device to stall at boot. A soft-brick can also make the screen remain off, because of a bad or missing kernel image.
Bootloops, ALWAYS RECOVERABLE: If the system gets powered up and then reboots during the start. This can be at the kernel splash screen or during the boot animation.
In case of a Soft-brick or Bootloop:
Use the installed recovery (if it still works), PC Companion, QuickIMG or Flashtool to restore your device to working order.
In case of a Hard-brick:
You can never recover from that state without physically opening your device and do some heavy duty engineering (JTagging) on it to flash back the correct bootloader/TA (read that link to see what it would take!). This is way too difficult for 98% of the community, which means that hard-bricking your device is typically the creation of a very expensive paper weight.
Please, be extremely careful when dealing with the TA partition.
*********************************************
I will be updating the above text for sure, if you feel anything is missing, please write a post in this thread with the text you wish to include. I want this to be a community driven guide and I know a lot, but I can't know everything
*********************************************
Extended the text some more to include ideas from:
@Klaos3000
@Yenkazu
Thanks for the suggestions/additions guys! :highfive:
As it concern the recovery, i think you can create a partition with EMMA.
Sent from Greece
kos25k said:
As it concern the recovery, i think you can create a partition with EMMA.
Sent from Greece
Click to expand...
Click to collapse
Please, re-read the first part...
Can I root my iPhone 6 with this guide?
That was a bad joke.
Very useful guide. We should probably educate people around here about what an unlocked bootloader actually means and what it let us do. I'm shocked by the number of people using Kingroot and other risky closed-sourced tools, especially the ones with an unlocked bootloader.
People of earth, if your bootloader is unlocked, it means that your device will be much like a Nexus device when it comes to rooting, sans the recovery partition, so that's why we flash or hotboot a custom kernel with a recovery, by using fastboot. If you're afraid of a terminal and commands, then you can use a tool like QuickIMG. After that, you simply flash SuperSU. That's it!
You can add something about TA Partition and RIC server. :3
Good thread btw
Yenkazu said:
You can add something about TA Partition and RIC server. :3
Good thread btw
Click to expand...
Click to collapse
I'd say, give me a piece of text on the subject for the OP and I'll include it :good:
[NUT] said:
I'd say, give me a piece of text on the subject for the OP and I'll include it :good:
Click to expand...
Click to collapse
RIC, from your thread :3
http://forum.xda-developers.com/xpe...b-definitive-root-remount-reboot-fix-t2317432
But, it's kinda useless if people already use your DualRec, since it's already integrated xD
But more info didn't hurt (?)
TA Partition
http://forum.xda-developers.com/xperia-z/help/ta-partition-t2451186
Not really details, but user should know the impact of unlocking bootloader
Updated the OP to include info on the TA partition and RIC protection. Also included a part of the post by @Klaos3000, because it contained some useful info
Thanks guys :highfive:
Very usefull! :good: But for me 2-3 Weeks to late. I'm still quite new on Z3C and I collect all those info the old style
Without this thread you would need days to catch all dependencies - With this you would need approx. 10 min!
Very helpfull and good to link new user to...
And yes - I came form the Sammy side (of the moon ) and was a bit shocked what sony did with "open source android".
Not because of SystemUI ( I love it...) but because of all this "anti modding" stuff they build in.
Sticky? Sure - must be!
Updated the OP to include info on Hard-bricks, Soft-bricks and bootloops.
Please people, if you have anything to add to the OP, let me know!
As I said, I know a lot, but I can't know everything there is to know about Sony devices...
Good work (...as usual from your side) :good:
Very useful tutorial.
No need to write long explanations to Sony beginners anymore - just add a link from here.
Really Helpful
Brilliant.....Really it deserves place at (Sticky Threads).I think if you add minimum One Custom Kernel(for stock firmware)
of every devices..That would b very helpful to recover from Soft bricks.Then this thread will be an "ALL IN 1" thread.Its my Opinion after all...Brilliant work.
Need a little advice.
Hi,
I have a ZL with Locked bootloader and your ZL-lockeddualrecovery2.8.22 installed
I am on stock 5.0.2 now Rooted thanks to your awesome recovery.
Question is now I have your dual recovery would I be able to simply flash crDroid CM zip Thread Here and others like it or would I still need to unlock the bootloader Edit OP of ROM says it is required
So if I flashed the above would it replace your recovery with the boot.img in the zip
Sorry for the noob questions but I am new to Sony devices and still taking baby steps with this phone
I can unlock the bootloader no problem but I am more concerned about your recovery been replaced.
Thanks in advance :good:
bigrammy said:
Hi,
I have a ZL with Locked bootloader and your ZL-lockeddualrecovery2.8.22 installed
I am on stock 5.0.2 now Rooted thanks to your awesome recovery.
Question is now I have your dual recovery would I be able to simply flash crDroid CM zip Thread Here and others like it or would I still need to unlock the bootloader Edit OP of ROM says it is required
So if I flashed the above would it replace your recovery with the boot.img in the zip
Sorry for the noob questions but I am new to Sony devices and still taking baby steps with this phone
I can unlock the bootloader no problem but I am more concerned about your recovery been replaced.
Thanks in advance :good:
Click to expand...
Click to collapse
As long as your phone is locked, you only can flash stockroms and stock-kernels.
You also have to use recovery for stockrom, because you kernel is "untouchable" and recovery have to put in /data and /system partition and can't be put in kernel.
All other roms/kernels will end in errors while flashing.
If you have unlocked your BL, you can flash any rom and kernel you want, as long as your phone is supporting it.
Yes, by flashing a zip, your kernel will be replaced and in most cases they have a recovery in it.
By flashing a rom from another version or changing from stock-based roms to i.e. CM-roms or Omni and vice versa, you have to unpack the kernel (boot.img) by hand and flash (fastboot) this first, before you flash (after a reboot in recovery) the whole zip.
Otherwise it could end in bootloop.
Because of (i most cases) wiping /system, /data while installation, your stock-recovery will deleted too. This depends of the work of the installer in the zip file.
Btw... before unlocking your phone, backup your TA ( with FlashTool). This TA is unique and you may use it to lock your phone again later.
And... if your phone is unlocked - no fear of losing recovery. You always can flash another one with fastboot again.
Someone correct me, if i was wrong or forgot something.
@bigrammi, you can always try yo repack the CM kernel using my kernel builder, that way you will still have XZDualRecovery but then included in the boot image, so no risk of losing it...
akkufix said:
As long as your phone is locked, you only can flash stockroms and stock-kernels.
You also have to use recovery for stockrom, because you kernel is "untouchable" and recovery have to put in /data and /system partition and can't be put in kernel.
All other roms/kernels will end in errors while flashing.
If you have unlocked your BL, you can flash any rom and kernel you want, as long as your phone is supporting it.
Yes, by flashing a zip, your kernel will be replaced and in most cases they have a recovery in it.
By flashing a rom from another version or changing from stock-based roms to i.e. CM-roms or Omni and vice versa, you have to unpack the kernel (boot.img) by hand and flash (fastboot) this first, before you flash (after a reboot in recovery) the whole zip.
Otherwise it could end in bootloop.
Because of (i most cases) wiping /system, /data while installation, your stock-recovery will deleted too. This depends of the work of the installer in the zip file.
Btw... before unlocking your phone, backup your TA ( with FlashTool). This TA is unique and you may use it to lock your phone again later.
And... if your phone is unlocked - no fear of losing recovery. You always can flash another one with fastboot again.
Someone correct me, if i was wrong or forgot something.
Click to expand...
Click to collapse
Thanks yet again bro :highfive:
Wow these Sony Xperia's take some figuring out :laugh:
I think I have just about got my head around it all now
I have managed to get the TA backed up with TWRP and Flashtool so I should be safe now
I will have to unlock the bootloader just to stop it nagging me to upgrade :laugh:
@Nut Thanks bro I will take a look at your suggestion it's a little more complicated than what I am used to or should I say different.
bigrammy said:
[...]
@Nut Thanks bro I will take a look at your suggestion it's a little more complicated than what I am used to or should I say different.
Click to expand...
Click to collapse
Well, i saw HTC M7 in your signature. If you were able to unlocked, s-off-ed, re-flashed firmware and rooted this beast - you don't need to have any fear about a Sony device.
[NUT] said:
@bigrammymi, you can always try yo repack the CM kernel using my kernel builder, that way you will still have XZDualRecovery but then included in the boot image, so no risk of losing it...
Click to expand...
Click to collapse
Hi @Nut,
I thought I would take your advice and expected to download a tool to unpack everything and pick through the files and start editing init.rc etc etc :silly:
I had no idea this was a fully automated Online tool
I still can't quite believe it you're a genius!! :angel:
A BIG THANKS to All the Xperia dev's helpful community members and especially the tool creators XZDualRecovery, Flashtool, XperiFirm and PRFCreator etc you're all Awesome :highfive:
I fear I will become lazy with such great dev's :laugh:
bigrammy said:
Hi @Nut,
I thought I would take your advice and expected to download a tool to unpack everything and pick through the files and start editing init.rc etc etc :silly:
I had no idea this was a fully automated Online tool
I still can't quite believe it you're a genius!! :angel:
A BIG THANKS to All the Xperia dev's helpful community members and especially the tool creators XZDualRecovery, Flashtool, XperiFirm and PRFCreator etc you're all Awesome :highfive:
I fear I will become lazy with such great dev's :laugh:
Click to expand...
Click to collapse
Thanks, glad to have been of help to you
Well, I have investigated a way to root and backup the drm keys before unlock the bootloader, and i found this guide to root an impossible tablet SGP21 with a system of a z3 phone d6603 vulnerable firmware and kernel:
http://forum.xda-developers.com/z3-...t/root-root-locked-bootloader-sgp621-t3013534
So maybe we can adapt this guide to work with our device and root with giefroot or with kingroot, what do you think guys?
Cause i wanna try to flash the system of a z3 first and see if it boots but i don´t know if is possible to damage my phone or i can revert back without problem?
Thanks for reading my thoughts.....
Your idea is similar to this http://forum.xda-developers.com/xperia-z5/general/flash-z3-firmware-to-root-flash-z5-t3310611
The problem is, apart from the risk of bricking, that we don't have a rootable stock rom to flash for the Z5 line: Z4 has no locked bl root and Z3/Z3c have a completely different hardware and their firmware would probably not boot on a Z5.
I think that noone can tell you that you'll brick or not your phone, if you really wish, you have to try yourself. But, in my opinion, it's stupid to do so as it won't boot properly.
You are right , and how about this guide?
http://forum.xda-developers.com/att-galaxy-s6/general/root-5-1-1-qa-oj7-root-snag-t3334546
It looks like a tethered root is possible in a locked environment, it requires that each reboot you have to manually set selinux to permissive via adb in order to get your phone to boot, so may be we can implement in that way only to backup the DRM Keys and then unlock the bootloader and the phones with locked bootloader can achieve root with a tethered solution, is this possible in this phone? :fingers-crossed:
We need someone to help us
unfortunately this in not possible, because of dm-verity protection we have on Z5 devices, look here
http://www.xda-developers.com/a-look-at-marshmallow-root-verity-complications/
and my answer here:
http://forum.xda-developers.com/xperia-z5/general/root-using-vulnerabilities-snapdragon-t3338173
The only available option seems temporary root/system priviledges and backup of the TA partition, then unlock the bootloader
Hi,
I'll received my XC this week, and I'd like to root it.
I don't want a custom ROM, but just a stock one with xposed and remove some bloatwares.
Here are my needs:
keep DRM
latest stock rom
twrp
untouched system partition
easy OTA
XC Genesis kernel
xposed + module
Do you think it possible to achieve such a configuration?
How-to?
Thanks
EDIT: I'll update this post to make it an HOW-To for futures users with same questions.
Assuming you're unable to unlock your BL the steps are as follows...
Flash back to 198.
Backup your TA.
Unlock your BL
Update to 311
Extract kernel - ftf/sin/elf
Run elf through Rootkernel_v5.23 - (In cmd prompt window - rootkernel kernel.elf boot.img)
Create DK ftf with Rootkernel_v5.23 (In cmd prompt window - flash_dk TA-19022017.img DK.ftf)
Flash new boot.img
Flash TWRP.img
Flash Super User zip
Flash DK.ftf with Flashtool 9.22
...and that should be it.
Latest stock Rom + xposed will not be possible...
mika91 said:
Hi,
I'll received my XC this week, and I'd like to root it.
I don't want a custom ROM, but just a stock one with xposed and remove some bloatwares.
Here are my needs:
keep DRM
latest stock rom
twrp
untouched system partition
easy OTA
XC Genesis kernel
xposed + module
Do you think it possible to achieve such a configuration?
How-to?
Thanks
EDIT: I'll update this post to make it an HOW-To for futures users with same questions.
Click to expand...
Click to collapse
Forget about OTA when rooted...
I though that using xposed leave the system partition untouched, so OTA updates are possible...
mika91 said:
I though that using xposed leave the system partition untouched, so OTA updates are possible...
Click to expand...
Click to collapse
OTA is not possible once bootloader is unlocked. System partition touched or not played no role.
ok.
So if I want root the XC, I have to unlock the bootloader, loose DRM and ota?
How is the camera quality without the drm keys?
Thanks
mika91 said:
ok.
So if I want root the XC, I have to unlock the bootloader, loose DRM and ota?
Click to expand...
Click to collapse
See my post to get a rooted stock with DRM.
mika91 said:
ok.
So if I want root the XC, I have to unlock the bootloader, loose DRM and ota?
How is the camera quality without the drm keys?
Thanks
Click to expand...
Click to collapse
You HAVE to unlock. There is NO root on LOCKED bootloader.
Unlocking bootloader deletes TA partition, containing DRM keys. You should BACKUP your TA partition BEFORE unlocking using DirtyCow Backup tool from Sony Cross Devices forum.
After unlocking, you can either flash kernel that supports DRM patching either by using fake DRM libraries, or your real DRM keys, either flashed in alternative location (see RootKernel tool in Z5 forums, works on almost all modern Xperias) or PoC TA tool from Sony Cross devices, that mounts your TA backup as TA partition, therefore your phone looks as having DRM keys and locked.
XperienceD said:
Assuming you're unable to unlock your BL the steps are as follows...
Flash back to 198.
Backup your TA.
[*]Unlock your BL
[*]Update to 311
[*]Extract kernel - ftf/sin/elf
[*]Run elf through Rootkernel_v5.23 - (In cmd prompt window - rootkernel kernel.elf boot.img)
[*]Create DK ftf with Rootkernel_v5.23 (In cmd prompt window - flash_dk TA-19022017.img DK.ftf)
[*]Flash new boot.img
[*]Flash TWRP.img
[*]Flash Super User zip
[*]Flash DK.ftf with Flashtool 9.22
...and that should be it.
Click to expand...
Click to collapse
Would you mind detailing a bit more those steps, especially the first 2? Im coming from a really old phone so im still a bit lost. (where can i learn about ftf/sin/elf?)
How can we flash back to 198? Flashing doesnt require an unlocked BL, wich to be achieved deletes your TA?
im on a brand new X Compact, 7.0 (34.2.A.0.292), secure patch 01/01/17
managed to get flashtool, adb/fastboot and Universal TA Backup v2 on my pc but no dice on TA backup yet
fredsky2 said:
Would you mind detailing a bit more those steps, especially the first 2? Im coming from a really old phone so im still a bit lost. (where can i learn about ftf/sin/elf?)
Click to expand...
Click to collapse
Sure. You don't really need to learn about those stuff but is handy to know, you'll pick stuff up along the way. They are basically firmware files.
fredsky2 said:
How can we flash back to 198? Flashing doesnt require an unlocked BL, wich to be achieved deletes your TA?
Click to expand...
Click to collapse
Open the flashtool and run Xperifirm (icon with XI) on it, then browse to the XC, then click on F5321 and it will load up the different regions and available firmware. If you click on "check all" it will then show which FW is available to download, Central Europe 5 still shows as 198, so you need to select it on the right of the screen under the picture of the phone, it will then download and it's simply a matter of following the instructions to flash it.
fredsky2 said:
im on a brand new X Compact, 7.0 (34.2.A.0.292), secure patch 01/01/17
managed to get flashtool, adb/fastboot and Universal TA Backup v2 on my pc but no dice on TA backup yet
Click to expand...
Click to collapse
When you get 198 on your phone then you'll be able to back your TA. If you get stuck give us a shout.
XperienceD said:
Sure. You don't really need to learn about those stuff but is handy to know, you'll pick stuff up along the way. They are basically firmware files.
Open the flashtool and run Xperifirm (icon with XI) on it, then browse to the XC, then click on F5321 and it will load up the different regions and available firmware. If you click on "check all" it will then show which FW is available to download, Central Europe 5 still shows as 198, so you need to select it on the right of the screen under the picture of the phone, it will then download and it's simply a matter of following the instructions to flash it.
When you get 198 on your phone then you'll be able to back your TA. If you get stuck give us a shout.
Click to expand...
Click to collapse
Thank you, i was able to successfully backup my TA earlier yesterday. But now im struggling with how to restore it in MM 6.0.1 (34.1.A.1.198).
I've read that i'll need a custom kernel for that (and to get TWRP+supersu+magisk+xposed) but im unsure if i should use Genesis (probably unsuported but the only one that says it'll restore MY TA) or Advanced Stock Kernel from Androplus. Ive read that messing with TA can hardbrick my phone so im trying to be extra careful.
atm im following ondrejvaroscak's quickrecap to make sure everything goes smooth with my TA keys and then i plan to downgrade to 6.0, install Advanced Stock Kernel, supersu 2.79 and magisk and then pray for the best (without reflashing my own DK.ftf?)
fredsky2 said:
Thank you, i was able to successfully backup my TA earlier yesterday. But now im struggling with how to restore it in MM 6.0.1 (34.1.A.1.198).
Click to expand...
Click to collapse
Download Flashtool 9.22.3 and flash your DK.ftf, flashing with a newer version doesn't work, you should then be able to verify it's worked in the service menu.
fredsky2 said:
I've read that i'll need a custom kernel for that (and to get TWRP+supersu+magisk+xposed) but im unsure if i should use Genesis (probably unsuported but the only one that says it'll restore MY TA) or Advanced Stock Kernel from Androplus. Ive read that messing with TA can hardbrick my phone so im trying to be extra careful.
Click to expand...
Click to collapse
You can use the RootKernel tool to modify your own kernel, extract the kernel.sin from the ftf with a zip program, then use the flashtool to extract the kernel.elf, Tools-Sin Editor-Extract Data then run it through the RootKernel tool and flash the boot.img it creates, then flash TWRP separately to the recovery partition which will allow you then to flash SuperSU.
SuperSU and BusyBox are the only options I didn't include when creating my kernel. Others will have to help with the other two things you want as I refuse to use them.
XperienceD said:
Download Flashtool 9.22.3 and flash your DK.ftf, flashing with a newer version doesn't work, you should then be able to verify it's worked in the service menu.
You can use the RootKernel tool to modify your own kernel, extract the kernel.sin from the ftf with a zip program, then use the flashtool to extract the kernel.elf, Tools-Sin Editor-Extract Data then run it through the RootKernel tool and flash the boot.img it creates, then flash TWRP separately to the recovery partition which will allow you then to flash SuperSU.
SuperSU and BusyBox are the only options I didn't include when creating my kernel. Others will have to help with the other two things you want as I refuse to use them.
Click to expand...
Click to collapse
Thanks again. I was worried that the drm-fix from the kernel editing tool could corrupt my TA partition but thankfully i was wrong on that .
Im now at MM 6.0, original DRM keys, TWRP, xposed, rooted with magisk and im almost sure that with busybox. Why do you refuse to use them? Just curious!
Thanks a lot for your help, cheers
fredsky2 said:
Thanks again. I was worried that the drm-fix from the kernel editing tool could corrupt my TA partition but thankfully i was wrong on that .
Click to expand...
Click to collapse
I flashed a kernel I made with the Rootkernel tool without the drm fix but it showed some mumbo jumbo where it should say ok and provisioned, included the drm fix in the next one and it worked fine then.
fredsky2 said:
Im now at MM 6.0, original DRM keys, TWRP, xposed, rooted with magisk and im almost sure that with busybox. Why do you refuse to use them? Just curious!
Thanks a lot for your help, cheers
Click to expand...
Click to collapse
You're welcome. I refuse because I prefer to know how to mod apks directly and I found Xposed to be quite buggy. I can see the benefits, it's just not for me.
NOTE :
I created this guide for the Sony Japan AU KDDI version of Xperia XZ Oreo 8.0 users and i have difficulty installing the global version and many that do not support such as NFC Japan are very different from global. Please report this text before you root SOV34 check your sim lock if (x) Network Subset [5] = this is a Carrier Restriction that only allows certain SIM cards. In Japan, CDMA are dominant networks. I think since this is a GSM network, they set a Network Subset lock to restrict exporting. If you already unlock your bootloader, then sim not detected again. So please check this sim lock from dial *#*#7378423#*#*. Forget about root if your Network Subset is locked.
Since there is no ftf file for XZ AU KDDI's, here is the guide from me for rooting it.
You need backup your TA.img. Downgrade your android to Marshmallow for FTF file you can find from this link [url]https://ftf.andro.plus/[/URL] you may use the version 39.0.C.0.282 and for guide step how to backup TA you can use this link [url]https://forum.xda-developers.com/crossdevice-dev/sony/universal-dirtycow-based-ta-backup-t3514236[/URL].
Update your SOV34 to Oreo 8.0 via Xperia Companion (since no ftf for Oreo) and unlocked your bootloader. For Unlock booloader you can use Flashtool or from ADB. Make sure that the OEM Unlocking in Developer Option is ON
Make your phone plugin to pc to Fastboot Mode ( Power Up + Volume Up ) and go to ADB and flash Recovery.
Code:
fastboot flash recovery twrp.img
you can download TWRP from my drive [url]https://drive.google.com/open?id=1IlisSeKaMhvCQkUddgyLOdDSg_988zvZ[/URL] and factory reset via TWRP[to eliminate the password entry during bootup]
Flash the created from me for boot.img using fastboot and restart to TWRP
Code:
fastboot flash boot boot.img
Flash instal Zip Magisk, DRM Fix and Safetynet Patch. ( Put this Zip in SD Card) you can find this zip in my drive [url]https://drive.google.com/open?id=1IlisSeKaMhvCQkUddgyLOdDSg_988zvZ[/URL]
All done.
Credit : @donedos ( For inspiration to me make this guide )
You can see my attached Screenshot for already to be root My SOV34. If you need Q & A you can send me email [email protected] or you can PM.
seyrarms said:
Finally I could make this guide for Sony SOV34 a few months to learn the difference between this system and the global system. Actually, in a case that might have never happened for Sony Japan is to open the Unlock Bootloader because by default it always says: "Unlock Bootloader Allowed: NO". One day I read in a Forum and finally, I found a bright spot about this bootloader. And finally my phone bootloader is allowed yes. If you need ask about how to change this bootloader from Japan Smartphone just PM me.
NOTE :
I created this guide for the AU KDDI version of Xperia XZ Oreo 8.0 users and i have difficulty installing the global version and many that do not support such as NFC Japan are very different from global.
Since there is no ftf file for XZ AU KDDI's, here is the short guide for rooting it.
You need backup your TA.img. Downgrade your android to Marshmallow for FTF file you can find from this link https://ftf.andro.plus/ you may use the version 39.0.C.0.282 and for guide step how to backup TA you can use this link https://forum.xda-developers.com/crossdevice-dev/sony/universal-dirtycow-based-ta-backup-t3514236.
Update your SOV34 to Oreo 8.0 via Xperia Companion (since no ftf for Oreo) and unlocked your bootloader. For Unlock booloader you can use Flashtool or from ADB. Make sure that the OEM Unlocking in Developer Option is ON
Make your phone plugin to pc to Fastboot Mode ( Power Up + Volume Up ) and go to ADB and flash Recovery.
Code:
fastboot flash recovery twrp.img
you can download TWRP from my drive https://drive.google.com/open?id=1IlisSeKaMhvCQkUddgyLOdDSg_988zvZ and factory reset via TWRP[to eliminate the password entry during bootup]
Flash the created from me for boot.img using fastboot and restart to TWRP
Code:
fastboot flash boot boot.img
Flash instal Zip Magisk, DRM Fix and Safetynet Patch. ( Put this Zip in SD Card) you can find this zip in my drive https://drive.google.com/open?id=1IlisSeKaMhvCQkUddgyLOdDSg_988zvZ
All done.
Credit : @donedos ( For inspiration to me make this guide )
You can see my attached Screenshot for already to be root My SOV34. If you need Q & A you can send me email [email protected] or you can PM.
Click to expand...
Click to collapse
This it's very help me thanks and working. Are you have project again for about this device?
Mervell said:
This it's very help me thanks and working. Are you have project again for about this device?
Click to expand...
Click to collapse
IDK. I will try about this, since no custom rom full support for this device SOV34
seyrarms said:
IDK. I will try about this, since no custom rom full support for this device SOV34
Click to expand...
Click to collapse
I look forward to it, you have reccom for tweak gaming for like PUBG ?
Mervell said:
I look forward to it, you have reccom for tweak gaming for like PUBG ?
Click to expand...
Click to collapse
For me just delete file config thermal in folder system/vendor/etc
Find this file and delete and instal kernel auditor for tweak
I got this problem while im trying to flash au mm rom
Any help?
Muurica said:
I got this problem while im trying to flash au mm rom
Any help?
Click to expand...
Click to collapse
Your device? single or dual?
or use other version of flashtool.
J.M.Siyath said:
Your device? single or dual?
or use other version of flashtool.
Click to expand...
Click to collapse
Single,
And what version can i use for it ?
Muurica said:
Single,
And what version can i use for it ?
Click to expand...
Click to collapse
I use flashtool 0.9.26 but now already released latest version 0.9.27.
Muurica said:
I got this problem while im trying to flash au mm rom
Any help?
Click to expand...
Click to collapse
You need update that's flashtool
How can I install adb driver for sony xperia xz sov34? I try install sony companion but It is not work.
seyrarms said:
NOTE :
I created this guide for the Sony Japan AU KDDI version of Xperia XZ Oreo 8.0 users and i have difficulty installing the global version and many that do not support such as NFC Japan are very different from global.
Since there is no ftf file for XZ AU KDDI's, here is the guide from me for rooting it.
You need backup your TA.img. Downgrade your android to Marshmallow for FTF file you can find from this link https://ftf.andro.plus/ you may use the version 39.0.C.0.282 and for guide step how to backup TA you can use this link https://forum.xda-developers.com/crossdevice-dev/sony/universal-dirtycow-based-ta-backup-t3514236.
Update your SOV34 to Oreo 8.0 via Xperia Companion (since no ftf for Oreo) and unlocked your bootloader. For Unlock booloader you can use Flashtool or from ADB. Make sure that the OEM Unlocking in Developer Option is ON
Make your phone plugin to pc to Fastboot Mode ( Power Up + Volume Up ) and go to ADB and flash Recovery.
Code:
fastboot flash recovery twrp.img
you can download TWRP from my drive https://drive.google.com/open?id=1IlisSeKaMhvCQkUddgyLOdDSg_988zvZ and factory reset via TWRP[to eliminate the password entry during bootup]
Flash the created from me for boot.img using fastboot and restart to TWRP
Code:
fastboot flash boot boot.img
Flash instal Zip Magisk, DRM Fix and Safetynet Patch. ( Put this Zip in SD Card) you can find this zip in my drive https://drive.google.com/open?id=1IlisSeKaMhvCQkUddgyLOdDSg_988zvZ
All done.
Credit : @donedos ( For inspiration to me make this guide )
You can see my attached Screenshot for already to be root My SOV34. If you need Q & A you can send me email [email protected] or you can PM.
Click to expand...
Click to collapse
how are you able to unlock the bootloader on SOV34 if it says "bootloader unlocked allowed:no" , really need your help here, the thermal throttling is driving me mad
hi! can you please make the same tutorial for softbank 601so?
Hendii said:
hi! can you please make the same tutorial for softbank 601so?
Click to expand...
Click to collapse
I'm use too 601SO but for me. I'm use global rom, since Softbank not release Oreo update OTA so i'm use from global
seyrarms said:
I'm use too 601SO but for me. I'm use global rom, since Softbank not release Oreo update OTA so i'm use from global
Click to expand...
Click to collapse
you haven't answered my question for days, how did you able to unlock the bootloader if it said "unlock bootloader allowed:no" ?
seyrarms said:
I'm use too 601SO but for me. I'm use global rom, since Softbank not release Oreo update OTA so i'm use from global
Click to expand...
Click to collapse
seriously dude? is this guide legit or not? can't give a simple answer?
Enrico Vialli said:
you haven't answered my question for days, how did you able to unlock the bootloader if it said "unlock bootloader allowed:no" ?
Click to expand...
Click to collapse
You need use S1 Tools Network for unlock thats
Hendii said:
hi! can you please make the same tutorial for softbank 601so?
Click to expand...
Click to collapse
I'm use too 601so but you need flash to global cause from softbank haven't updated oreo.
seyrarms said:
You need use S1 Tools Network for unlock thats
Click to expand...
Click to collapse
it took you over a month to answer my question, and your answer is that tool, which i need to pay £35(which is big amount in my country) just to use it to unlock bootloader... totally not worth it
time wasted, very dissapointed
Enrico Vialli said:
it took you over a month to answer my question, and your answer is that tool, which i need to pay £35(which is big amount in my country) just to use it to unlock bootloader... totally not worth it
time wasted, very dissapointed
Click to expand...
Click to collapse
Sorry for late answer i'm very busy, yeah if you need unlock for use that. If not worth it don't root you device or change your device.