Related
@MODS
request you to sticky this thread
hello friends,
let me begin by introducing myself, i am developer for Xperia devices (X10, ARC, PLAY, S, T, Z) and am the Lead Developer of Team UtterChaos, member of Team ICX and was associated with Team FreeXperia, ... i have some experience in development for Xperia devices, specifically in kernels, rooting & recoveries and i have various how-to, reference threads which are very helpful to new & advanced users alike across various device communities... i hope even this thread will be useful to everyone... if you would like to know what things i have worked on before feel free to check some of the links in my signature below...
so some of u must be new to the Sony Xperia family & even if u are not this should be useful... this thread should get u up to speed on what you need to know for this device...
i will try to cover some very basic things and try to touch upon some advanced topics...
i will be dividing this thread into various sections, and each section will point to an individual post...
following is the list of sections covered:
Basics
FlashTool
Bootloader Unlocking & Relocking
Rooting
Recovery
Flashing Custom Kernel
Flashing Custom ROMs
for those who are interested in development are free to contact me via p.m.... BUT PLEASE do not ask generic questions, post all generic queries at the forums/threads...
regards,
DooMLoRD
Basics
[ various bootmodes ]
newest Sony devices have three boot modes... these bootmodes can be reached when device is powered off...
Normal - just press power button and device starts booting
Flashmode - this mode is used to flash stock OFFICIAL firmware using flashtool, denoted by GREEN LED (this is similar to DOWNLOAD/ODIN mode of the Samsung devices)
Fastboot mode - this is a special mode, denoted by BLUE LED, used when we want to flash custom kernel, custom system images, for that we need to unlock bootloader, i will tell more details about this later...
[ various key combinations ]
this is most important part...
known key combinations so far:
while device is power OFF
Volume Up + USB cable connected to PC -> FASTBOOT MODE (BLUE LED will light up)
Volume Down + USB cable connected to PC -> FLASHMODE (GREEN LED will light up and quickly disappear)
while device is power ON
There is a special button under a small back cover
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Button Pressed and hold for 5 seconds -> resets the battery, its like removing the battery and putting it back in
Button Pressed and hold for >10 seconds -> will power off hard, device will power down [device will vibrate thrice]
[ understanding About Device ]
What it all means for u:
Kernel version:
Sony has released this device with 3.4.0 kernel. When custom kernels are released (they will surely be soon) this string will change (as can be seen from the screenshot).
Model number:
The Xperia SP has model number as C530x and has three main variants....
C5302
C5303
C5306
the difference is in the radio frequencies each variant supports
Android version: http://en.wikipedia.org/wiki/Android_(operating_system)
Sony officially launched this phone with android version 4.1.2 (aka Jelly Bean).
Baseband version: [linked to firmware version]
(Crudely) this is a software interface which communicates with radio -> gsm/wcdma (2g/3g)/LTE, basically acts as a base for the main OS to ‘talk-to’ the hardware on the phone [I know this explanation isn’t precise even partly incorrect.. if someone can help me out I will update it]
This is similar to the "radio" image of the HTC devices.
Build number: [aka firmware version]
This is dependent on which firmware u flash on ur phone and is linked to the baseband version.
Btw some devs use this field to add their own ‘signature’ to the ROM so if u are using custom ROMs this field might be varying. Though the Baseband version for a particular firmware remains same.
what is firmware?
The firmware is a package containing all the official software for a particular build. It will contain system, kernel & baseband files. Generally the firmware is supplied (on forums) in form of FTF package (a container file ending with .ftf) which can be flashed via FlashTool.
what are the ways to update/repair firmware?
SEUS (Sony Ericsson Update Service) / PCC (PC Companion) / EMMA are all official ways to update to new or repair existing firmware on your device. SEUS/PCC are available to all users (consumers), EMMA is special and is only available to select individuals. This requires you to connect device to PC and then the software will check for updates and download them over the internet.
Updates can also be sent as FOTA (Firmware over-the-air)/OTA (over-the-air) updates where in you can download and install the updates without the need to connect to PC/any software.
FlashTool is an unofficial user-created tool, but the best way to flash official firmwares. Generally the firmware is supplied in form of FTF package (a container file ending with .ftf) which can be flashed via FlashTool. Thus FlashTool is the easiest way to do offline updates, just download the FTF file, it keep on PC and flash ur device when ever you want to.
FlashTool
Flashtool is one of the MOST IMPORTANT piece of software for ur phone, it is an unofficial, but the best way to flash official firmwares on both locked and unlocked bootloader devices. Generally the firmware is supplied in form of FTF package (a container file ending with .ftf) which can be flashed via FlashTool. Thus FlashTool is the easiest way to do offline updates, just download the FTF and keep on PC and flash ur device when ever you want to. One can also flash select partitions using FlashTool, say you want to flash baseband(radio) from newer/older firmware but want to keep the main system the same u can do that using newest FlashTool! FlashTool also supports fastboot modes! so if you are not very comfortable with command line then u can use the FastBoot Toolbox inbuilt into FlashTool to fastboot the kernels!
FlashTool can be used to flash both locked and unlocked bootloaders devices.
For all flashtool informations (download links, release notes, FAQ) go to the Flashtool Homepage
Flashtool specifically for 2013 Xperia devices released!
Flashtool is on github : FlashTool GitHub repo
[FLASHTOOL GUIDE] HOW TO for n00bies (excellent guide for new users, HIGHLY RECOMMENDED!! The info for Rooting, Recovery & Bootloader UNlock in that thread is for older Xperia devices...)
i will try n get more links for FlashTool and post it here
Sony also provides an official FlashTool but it can be used only with unlocked bootloader devices
Bootloader Unlocking & Relocking
[Tutorial] Xperia SP Bootloader Unlocking/Relocking
Rooting
[ROOT][SP] How-to for rooting newest firmware 12.0.A.2.245
[ROOT] DooMLoRD Easy Rooting Toolkit
Recovery
if you are not familiar with custom Android recoveries i suggest that u read this:
http://www.addictivetips.com/mobile...-and-how-to-use-it-on-android-complete-guide/
FOR UNLOCKED BOOTLOADERS:
Currently CWM Recovery is available for this device and come as a part of kernel (stock or custom kernel)
Recoveries on stock kernel:
[Recovery] CWM (UNLOCKED Bootloaders)
FOR LOCKED BOOTLOADERS:
[Recovery] CWM (LOCKED Bootloaders)
kindly post queries related to specific recovery at the corresponding thead
Flashing Custom Kernel
CUSTOM KERNELS ARE SPECIFIC TO ROMs...
you cant use stock kernel on CM ROM and you cant use CM kernel on stock ROM....
there are two ways to flash custom kernel
first download the kernel file... if it is a boot.img then use Method 1 (fastboot mode) or if its a update.zip file then use Method 2 (recovery)
Method 1 - fastboot mode
if you get kernel in boot.img format then do the following
reboot device into fastboot mode
then flash the kernel using following command:
Code:
fastboot flash boot kernel.elf
then reboot from fastboot
Code:
fastboot reboot
thats it now device should start booting that kernel
Method 2 - recovery
if you already have recovery working on your device then do the following
save the update.zip on SDCARD
reboot into recovery
flash the update.zip which contains the kernel
reboot into system
thats it now device should start booting that kernel
Flashing Custom ROMs
Most custom ROMs are provided as update.zip. Its a technical term, basically its a special signed ZIP file which can be flashed via custom recovery.
Download the ZIP file and save it on ur PC
now connect ur device and save the ROMs ZIP file on the SDCARD
disconnect the device (after copying is over)
reboot into recovery
go to install ZIP from sdcard menu and navigate to the folder where you saved the ZIP file
now select it
recovery will start flashing the ROM
after flashing is over just reboot device and you will be on the custom ROM
Tips:
some CUSTOM roms require specific kernels (like CM10) in that case FIRST flash the corresponding kernel and then follow the instuctions posted above
sometimes the ROM requires cleaning /data & /cache partitions. you can wipe these before flashing the ROM! [WARNING YOU WILL LOSE UR DATA BY DOING THIS!]
thread is now completed and ready
Very informative thank
Sim-Unlock?
I see no information about unlocking C5303. Is it possible to unlock O2 UK C5303 with any method mentioned above?
Ok.. so I rooted, unlocked bootloader and installed CWM for unlocked bootloader... but I still have my BE2 in settings!
sarkar1990 said:
Ok.. so I rooted, unlocked bootloader and installed CWM for unlocked bootloader... but I still have my BE2 in settings!
Click to expand...
Click to collapse
It will stay in the settings,but without the DRM keys it no longer works for pictures, just video. Also you may not be able to share music likes with walkman, alsoyou cannot share your location via MMS
Thank, it was usefull
Thanks!! Your post made the transition from Samsung to Xperia easy.. :good:
Not so easy compared to Physical buttons of Samsung phones..:cyclops:
[Q] 2-way Call Recording
Thanks for so detailed informations. i have xperia arc s now, and hoping switch to xperia sp.
I use doomkernel v22 GB for my xperia arc s. it work nicely on my phone and 2-way call recording is my favorite fitur.
[Q] Would it be "2-way call recording" on Xperia SP Kernel?
Thanks in advance
NB: sorry for my bad English
i've a 5303 but i cant install flashmode driver and flashtool don't see the phone..
First started rooting my phones 18 months ago when I ran out of memory on my old Xperia Mini Pro and needed to delete all the bloatware.....now after a rooted LG 4x HD, Iv'e just got the new SP and again have it rooted, running on .257
Thanks for your guide and links, worked a treat
anyone have firmware 12.0.A.2.245 generic for C5302 ? i want to back it up incase i ever needed it.
edit: without any modification.
kinda lost
sry bout to ask this here, but im trying to install doomlord's kernel v2 on my xperia sp, but looks like dev-host isn't working at all, is there other way to get that kernel? i just bought my sp yesterday and today unlocked the bootloader and made the backup TA, but since i cant download the kernel i cant install cwm :c hope u guys give me any advice, i still dont have enough posts, thats why im posting here.
PD: sry bout my english, is my 2nd lang, im from Chile. Greetings.
ROOT JB (101) AND KITKAT (230) FIRMWARE WITH LOCKED BOOTLOADER
This thread is now officially obsolete. There is a new, simple and efficient ROOT method created by @geohot, based on the asec exploit. This method is valid for all versions of android with kernel dates older(earlier) than 04 June. The method probably works on any phone / tablet device EXCEPT the HTC M8, Moto G & E, and devices with Intel chipsets. Go to this thread for details:
http://forum.xda-developers.com/showthread.php?t=2783863
The guide below is obsolete and remains only for info. Please do not follow?.
DISCLAIMER: The steps WILL INVOLVE OBTAINING BOOTLOADER UNLOCK CODE FROM SONY, However, after unlocking, you will be guided to re-lock bootloader so that the end result will be a phone with Marlin Keys, Bravia Engine2 and Bootloader INTACT (LOCKED).
Starting Assumptions:
1. You have a Sony Xperia Z (C66XX) L-39H (Duh! Obvious!)
2. You have some knowledge of Root, SUPERUSER and enabling developer options, enabling USB Debugging mode, switching off and connecting your phone to USB & Computer with vol Up / Down Pressed to enable Fastboot mode or Flash Mode. If not, then go slowly and patiently, read every screen that flashes in front of you on your PC/Laptop and choose dilligently.
3. The bootloader status of your phone is BOOTLOADER UNLOCK ALLOWED--YES. This is the general case if you are on a no-contract plan with your service provider, or you have brought the phone at a full premium price (No discounted price by your wireless service provider). US / Canadian users, please obtain your unlock codes before you proceed further, all your phone's bootloaders ARE LOCKED. If you have bought the phone second-hand or from a dubious source check the bootloader lock status by opening the dialler and entering *#*#7378423#*#* (star-hash-star-hash S E R V I C E hash-star-hash-star). You will see four options 1. Service Info, 2. Service Tests, 3. Calibrations and 4. Customisation Settings. To check the bootloader status tap on Service Info>(next page)>tap on configuration>(next page) the last item is your bootloader status. It must read bootloader unlock allowed-YES If it reads "bootloader unlock allowed-NO" then you need unlock codes from your wireless service provider. If it reads "bootloader-UNLOCKED", then you have lost your Marlin keys and bootloader (This also means you cannot flash Sony updates, but you have a wide open field to flash any ROM and kernel of your choice!).
4. Loads of Patience....
5. Some coffee / favourite non-alcoholic brew at hand for sustenance (alcoholic beverages can be for later, till you're done with the process / you are past the legal age. Until then go easy....)
6. It is assumed that you have a Windows PC / Laptop (Win32/64) with all necessary drivers loaded. If not just download and install PC Companion, it will install the necessary Sony drivers.
Step-1
Locked bootloader with 4.2.2 (67 or lower firmware) ROOT status idoesn't matter.
Locked Bootloader with 4.3 (.569 / Commercial & Journalist's firmware) rooted / unrooted.
If on 4.2 firmware, then ROOT your device using BINARY's Method or cubeundcube's method (DOOMLORD's method works below 67 firmware, but I may be wrong) Links:
Binary's Thread: http://forum.xda-developers.com/showthread.php?t=1886460
cubeundcube nethod: http://forum.xda-developers.com/showthread.php?t=2559009
DOOMLORD's thread: http://forum.xda-developers.com/showthread.php?t=2327472
If on 4.3 firmware and not rooted, then downgrade to 4.2.2 (67 firmware) by flashing a ftf file of your region. Links for flashtool thread is given below. Use thread search to find ftf file for your region and download it.
If you are already rooted on 4.3, 569 firmware AND have a locked bootloader, then start from this point.
Make a backup of your Trim Area (TA) by using the tool created by DevShaft at this thread: http://forum.xda-developers.com/showthread.php?t=2292598 This Step is VERY IMPORTANT!!!!!
Step-2
You now have a rooted phone on 4.2.2 (67 firmware) or 4.3 (569 firmware), AND you have made a backup of yourphone's TA.
Now, upgrade to 4.3 (101 firmware) by connecting your phone to the PC (USB cable) using PC Companion or by using SUS. Use the UPGRADE option and not the CLEAN INSTALL option to retain data. On the first boot after upgrade you will realize that you've lost ROOT and any recovery that you had earlier installed.
Make a FTF file of the upgraded ROM by following the instructions from this thread by deadmask (http://forum.xda-developers.com/xperia-u/general/guide-how-make-ftf-stock-firmware-sus-t2075736) or from Stage-3 of this thread by VipeR (http://forum.xda-developers.com/showthread.php?t=2188129)
Step-3
You now have a phone on the latest firmware (without root) AND you have a backup of TA from 4.2 firmware, AND ALSO have a FTF file for the latest firmware.
Obtain the unlock code for your bootloader from the Sony website. Link: http://unlockbootloader.sonymobile.com/
enter your phone's IMEI number and your email to recieve the unlock code. Legal eagles, obtaining an unlock code DOES NOT MEAN THAT you have actually used it!!! Open your e-mail inbox and check for mail from SONY containing your unlock code.
Custom Kernel Download First download a custom kernel by DOOMLORD (with CWM) recovery for use immediately after unlocking the bootloader from this thread by DOOMLORD: http://forum.xda-developers.com/showthread.php?t=2167381 . Download the custom kernel and place it on your computer's desktop/folder of your choice. Extract the contents of the zip file and we'll come back to it later.
ADB+Fastboot Tools Download a set of ADB and fastboot tools made by anonymous and hosted at the Dev-host site Download link : http://d-h.st/I8l
After the zip file has downloaded extract it to get a folder fastboot+ADB Now take out the boot.img file from the zip file containing DOOMLORD's kernel above, and copy it to the win32subfolder inside the fastboot+ADB folder. Make a note of the location (Drive/folder) where this folder has been saved. (preferred storage on the desktop)
CWM Flashable SuperSU Download Download the latest flashable Super SU by Chainfire from the OP of this thread: http://forum.xda-developers.com/showthread.php?t=1538053 . Download the latest cwm flashable superSU.zip and place it in your phone's external SD Card
Use Androxyde's Flashtool (thread link:http://forum.xda-developers.com/showthread.php?t=920746) to unlock your bootloader It is a painless one-click procedure using the BL button. follow the instructions in the flashtool and let the phone reboot (after unplugging USB) Now recheck if ADB debigging mode and Unknown sources are enabled in phone settings.
Now click START on your PC and enter 'cmd' in the search box. Right click on the command prompt / DOS box (cmd.exe) and choose "run as administrator". Enter the administrator password if prompted by the PC. In the command prompt window type the following commands:
cd\
cd users\(your login username)\desktop\fastboot+adb\win32\ (in case you stored the fastboot+adb file on your desktop) or navigate to the folder where you stored the extracted files....
fastboot flash boot boot.img (did you extract and store the boot.img file from doomlord's kernel to the win32 file of fastboot+adb?)
wait for the results to flash and then type fastboot reboot andWAIT before you hit ENTER
Click to expand...
Click to collapse
Hold the phone in your hand and do the reboot command. As soon as the blue light goes off and the SONY logo appears wait for the phone LED to turn violet. Press Vol UP button on seeing the violet LED and release-press-release-press two to three times for good measure (Sometimes a constant press also works) till the LED goes off and the phone boots into CWM. In the CWM menu use the Vol up/down to tab move between the options and use the power button to select. There is also a touch-swipe down/up to tab-move and swipe right to select or swipe left to go back, use this method only if you are confident/familiar with the touch-select method. Select flash a Zip from external SD card and navigate to the folder where you stored the update-superSU-1.93.zip and select it. confirm by moving down to select Yes, Flash update-supersu1.93.zip and let CWM finish flasing the SU. go back to the main page and reboot to system from CWM.
After the phone reboots check Super SU is loaded on your phone in /System/app/ and check full root access on your phone....
Step-4
You now have a rooted phone on the Latest 101 firmware, with unlocked bootloader, AND you have a backup of your phone's TA and also have a ftf file of the latest firmware.
Now you have one last step to go back to stock kernel for locking your bootloader. Start Flashtool and select the flash (lightning) button select flash mode. Now select the latest firmware, which you had converted to FTF and on the right side top, (wipe options) untick all wipe options. On the right bottom (exclude), tick mark to exclude everything EXCEPT kernel and fotakernel. See that the centre window (flash content) shows only kernel.sin, fotakernel.sin and loader.sin. (Check Screenshot for reference) Now hit the flash button and put the phone into flash mode.Unplug and Reboot
Step-5
Now you have a rooted phone with the latest firmware on stock kernel (no CWM) AND you have a backup of the TA from your phone.
Now's the time to flash the TA. Do you remember the steps of making backup/restoring TA. check DevShaft's thread again, and remember it is better to do a dry run for restoring TA, before the final restore. DO IT.
Finally, you have rooted the phone with the latest firmware, and relocked your bootloader, and all with a ROM/Kernel and customisation of your region/choice.
Future Steps:
Flash a recovery. [NUT]'s dual recovery for locked bootloader is the best. Thread link : http://forum.xda-developers.com/showthread.php?t=2261606
Acknowledgements:
All DEVs and OPs whose threads, posts, tools and files as mentioned in this post. I have only placed them in one order. You may thank each thread OP &/or Dev for their tools, files and guides.
Unlock bootloader?
And re-lock at the end.... You wanna?
Dead Cookies leave no trails...
In 67 you can root with Doomlord solution, no need to unlock the bootloader.
Then need to update with cwm method other than rom flash.
Simple and easy to follow I now have a rooted Xperia Z on Android 4.3
johan8 said:
In 67 you can root with Doomlord solution, no need to unlock the bootloader.
Then need to update with cwm method other than rom flash.
Click to expand...
Click to collapse
hi there, would you pls advise the step for Doomlord's solution? I follow this threat http://forum.xda-developers.com/showthread.php?t=2386405 but fail at step 2 flash older rootable version (tried XperiaZ_C660X_KernelOnly_10.3.A.0.423_Generic_NL.f tf - 7.12 MB and C6603_10.4.1.B.0.101_Stripped.ftf). phone boot loop.
That's why I didn't advise using doomlord's method in op. Read again. Root using bin4ry's method/cubeundcube method and proceed as per op. There's no need for striped and full ftf, just the ftf you create from your upgrade is enough.
Dead Cookies leave no trails...
If you're going to go back to 2.67 anyway its easier to just flash NUTs upgrade to 4.3.
You will also have root and no fiddling with bootloader required.
Managed it successful. Thanks for your detailed tutorial. Very nice, now let's look forward to KK!
Sent from my GT-I8160 using xda app-developers app
I got a question,Is there a way I can unlock my bootloader without losing all my data?
I posted this thread only after verifying the steps on my device. I was initially on 569 with locked bootloader and rooted. I did the exact steps and found that I had not lost any data, personal or on the internal sd card. Try... But Pls make a backup, just in case (I did it too).
Dead Cookies leave no trails...
Cookie Ninja said:
I posted this thread only after verifying the steps on my device. I was initially on 569 with locked bootloader and rooted. I did the exact steps and found that I had not lost any data, personal orion internal sd card. Try... But Pls make a backup, just in case (I did it too).
Dead Cookies leave no trails...
Click to expand...
Click to collapse
I have a nandroid backup of 4.2.2 so I guess I could just restore that If I happen to lose my stuff. Or maybe I have to downgrade and then restore?
Edit: But Honestly it's really risky. maybe I'll just wait till someone comes up with an exploit for 4.3.
May have to wait a long time till a roast duck flies into your open mouth.....
Dead Cookies leave no trails...
Cookie Ninja said:
May have to wait a long time till a roast duck flies into your open mouth.....
Dead Cookies leave no trails...
Click to expand...
Click to collapse
You don't have to be a **** about it
First thanks
If i had download 4.3 101 on my copmputer and flash it manual can i skip step 2
- And when i flash framework and electocity cut can damage my phone ??!!
Sent from my C6603 using XDA Premium 4 mobile app
Wow too BIG post for root 4.3 and also i didnt understand anything:silly:
Huh! With every new phone I bought,rooting is harder.Samsung phones was so easy to root.LG was a little bit harder,but this... :-S
Sent from my C6603 using Tapatalk
Guys, it is not sooo hard as it sounds. If you are familiar with the usage of the flashtool and have a little bit trust in yourself, then THIS is definitive the right thread to get root access and a relocked bootloader on your .101 firmware. Follow exactly the steps and don't - please don't - listen to some smart heads who suggest to flash a prerooted fw. Take the hard way and you'll be definitive successfull. I did so with this tut, and my Z is totally ok. Thanks to Cookie Ninja again.
Sent from my rooted C6603 using xda app-developers app
hi all
ive got xperia z 6603 with 101 firmware..i try to flash 569 stripped file and then when i check back it doest even change anything at about phone..it still on 101..please someone..please provide more detailed instructions..im on LB..
Great tutorial. I've been linking people to it fairly regularly.
Just some input; you're advising people to get unlock codes from their network provider when it states 'Bootloader unlock allowed : No' in the service menu.
I'm fairly (almost completely) certain that there is no way for people in that situation to get the status changed at all, including by their network provider or Sony. Network/sim unlocking the device does not affect the bootloader unlock status.
Also, Flashtool has a fastboot mode that allows flashing of the boot.img, which may be easier for some that aren't confident working with the command line.
Anyway, they're small issues in what is a thorough tutorial.
Sent from my C6603 using Tapatalk
Hey guys,
I jumped through several threads here until i found all steps needed to get my Z1 compact D5503 from my rooted KitKat 14.4.A.0.108 to a rooted 14.5.A.0.270,
[paranoia] without the need to install a firmware that someone manipulated for evil purposes[/paranoia]
In the end it was quite easy. I documented the steps - mostly for myself - and maybe someone can benefit from that.
No warranty, that it works the same flawless way for you or for any other Xperia model than Z1 compact D5503 (though it should...).
So just proceed with the steps if you know about the possible risks of killing your phone
If you find any mistakes please drop me a line...
For a cleaned up version go here - thanks
This brings your Z1 compact D5503 from a rooted 14.5.A.0.108 to a rooted 14.5.A.0.270 without any dataloss
User @codified also successfully updated a 14.4.A.0.157 with these steps (see here)
Just upgraded to 14.6.A.0.368 from 14.5.A.0.270 with these steps. Works like charm. And @JarrB reports success on upgrading from 14.4.A.0.157 to 14.6.A.0.368
Pre-requs:
- MS Windows - sorry, I don't do linuxes
- Xperia (Z1 compact) device stock(?) KitKat rooted (Newroot worked just fine without unlocking the boot loader )
- some custom recovery, the fancy dual recovery works just fine, install from rooted kitkat (dual recovery from http://nut.xperia-files.com/) - the installer.zip! not the flashable.zip
Tools needed:
- FlashTool: http://www.flashtool.net/index.php
- XPeriFirm: http://forum.xda-developers.com/cro...xperifirm-xperia-firmware-downloader-t2834142 ahh no longer needed as separate download, as it's integrated in FlashTool now
- PRFCreator: http://forum.xda-developers.com/crossdevice-dev/sony/tool-prfcreator-easily-create-pre-t2859904
Part 1: get a FTF file of the desired firmware
See also: http://www.xperiablog.net/2014/08/1...re-files-using-xperifirm-and-flashtool-guide/
UPDATED THIS PART - thanks to user codified
Open FlashTool and start XperiFirm (XF-button)
Download .270 (or .283/.368 if available) firmware with XperiFirm with auto-unpack (I chose to use the same carrier branded version that .108 was - USE Generic LAM for an unbranded version)
Have two cups of coffee - or tea if you prefer that
The .ftf is now in your .flashtool\firmwares subfolder
Original steps
Open FlashTool and start XperiFirm (XF-button)
Download .270 firmware with XperiFirm () with auto-unpack (I chose to use the same carrier branded version that .108 was)
Use FlashTool Bundle->Create
Select unpacked firmware path
Select Device From list
Add your branding info: Vodafone DE
add firmware version: 14.5.A.0.270
add all but the .ta files to the right listview
DELETE the fwinfo.xml in unpacked firmware folder THIS SEEMS TO BE ESSENTIAL - didn't dare to keep it
create
done. --> ftf file is in configured user home: C:\Users\USERNAME\.flashTool
Part 2: get your pre-rooted ftf file
Download latest SuperSU: http://download.chainfire.eu/supersu or the also as well/better working reported beta 2.49
Open PRFCreator
add D5503_14.5.A.0.270_Vodafone DE.ftf the .tft file you just created in part 1 as ftf file
add UPDATE-SuperSU-v2.46.zip as supersu zip
not needed, but also not wrong: add Z1C-lockeddualrecovery2.8.21-RELEASE.flashable.zip as recovery (dual recovery from http://nut.xperia-files.com/)
check all checkboxes, but the "sign zip"
maybe add extra zip
create
done. --> find flashable-prerooted.zip in PRFCreator folder
Part 3: flash your zip
nandroid-backup your phone
have 3 big cups of coffee - please, no tea at this step
get really nervous
wipe dalvik and cache only to get a better feeling
try dirty flash the new firmware with the pre-rooted zip via Recovery, not using Flashtool (OTA is also applied dirty, isn't it?)
whoa, flashing was fast
wipe dalvik and cache again. Could help prevent the unpredicted... could it?
AAAAHHH! booting takes so looohoooooong
Yeah! 386 Apps getting optimized...
looks good
hu? NFC firware update? OK. Go on.
Update for Google play services? YES. Go on.
done. --> be a happy Z1-compact-with-rooted-Android-5.0.2-user
totally optional part 4: Xposed
Now go on and install Xposed for Lollipop v69+ and hope for the best
rubbish! forget it for now, as it is bootlooping :/
done. --> still be a happy Z1-compact-with-rooted-Android-5.0.2-user with Xposed
regards!
done exactly this... rocking LP now
good to read, ltcdata! Happy I could provide sth. useful
While it optimizes the 327 apps in my case, I am wondering at what stage of the process does the firmware get rooted? Or is what is downloaded by Xperifirm already rooted? Very good guide BTW. Seems to go okay as long as you read everything carefully and in the right order. Thanks.
@nagusia thanks for liking my very first guide
Basically the root magic happens in part2 no 8 (pressing the create button in PRFCreator ):
PRFCreator unpacks the unrooted original stock fimrware that XPeriFirm downloaded and stuffs it into a new archive together with SuperSu and the other ZIPs you maybe added.
Code for that can be review in Job.cs at the projects GitHub repo: github.com/dosomder/PRFCreator (I'm still not allow to post outside-links here).
Pretty simple in the end...
I had a problem with charging reaching 89% and then the led randomly blinking. I did a restore to KitKat and there wasn't a problem. Then I thought I'd try flashing another of the DE generic pre-rooted roms posted on this forum. Here is where my problems started. It would get a upgrading - starting apps and then reboot. I tried making my own DE customized rom and the same problem. Then I went back to my orginal UK customized rom and ..... same problem. Finally did a factory reset in recovery and now it seems all good. I don't don't if I still have the charging issue yet. I have a theory that a dirty flash is OK the firs time, but a clean flash or factory reset after subsequent flashes may be necessary.
Dirty flashed from .242 to .270, without losing data. Only had to re-flash the Xposed alpha 4 zip (xposed-sdk21-arm-20150430.zip). It probably saves more time to just add this zip during part 2, step 7...
Thanks a lot for the guide.
Sweet guide dude. but I had trouble finding my region's KitKat firmware and downloading then rooting again seems like so much of a hassle so I did it the dirty way. Beware that this is very RISKY! I first downloaded Kingroot and rooted my device successfully, then installed NUT Recovery Installer version and installed TWRP via PC, then try to remove Kingroot using this guide. Thereafter, I followed your guide sans the flash KitKat step. And it works, Bootloader is still Unlocked. Thanks a lot dude!
uchihakurtz said:
Sweet guide dude. but I had trouble finding my region's KitKat firmware and downloading then rooting again seems like so much of a hassle so I did it the dirty way. Beware that this is very RISKY! I first downloaded Kingroot and rooted my device successfully, then installed NUT Recovery Installer version and installed TWRP via PC, then try to remove Kingroot using this guide. Thereafter, I followed your guide sans the flash KitKat step. And it works, Bootloader is still Unlocked. Thanks a lot dude!
Click to expand...
Click to collapse
The method is not at all risky, as long as You use the proper files!
Also, many people don't prefer using Kingroot as it is said that it shares Your phone information (like IMEI number) to some servers.
Hopefully You meant locked bootloader in last sentence!
Mirhawk said:
The method is not at all risky, as long as You use the proper files!
Also, many people don't prefer using Kingroot as it is said that it shares Your phone information (like IMEI number) to some servers.
Hopefully You meant locked bootloader in last sentence!
Click to expand...
Click to collapse
Actually by risky, I meant that part, you'll never know what Kingroot does, lol. Oh right, I meant the bootloader stays locked.
I already have updated to .270 via sony companion. Can I follow these same steps and replace current .270 with rooted .270?
@jooxxo
No, you need a custom recovery (root) to flash the resulting .zip file.
jooxxo said:
I already have updated to .270 via sony companion. Can I follow these same steps and replace current .270 with rooted .270?
Click to expand...
Click to collapse
No, but You can do this.
ok... well I took a nandroid backup of my kitkat (rooted & recovery obviously) before updating to .270 lollipop. If I restore that backup, will it restore recovery as well?
edit: I just dont want to lose all my apps & settings.
Any way to root if 5.0 is already on my phone?
Locked bootloader.
jooxxo said:
ok... well I took a nandroid backup of my kitkat (rooted & recovery obviously) before updating to .270 lollipop. If I restore that backup, will it restore recovery as well?
edit: I just dont want to lose all my apps & settings.
Click to expand...
Click to collapse
If You restore Your KitKat nandroid over backup (assuming the backup consists of system and data partitions), then it will cause You problems. The easiest way to keep Your apps and data is backing up them with an app since You are rooted, and then restoring them using the same app to restore apps and data on Lollipop. Don't use the Sony backup app, KitKat backups don't work on Lollipop. ALso to get a recovery after Lollipop, just simply install the XDualZRecovery.
EZY-E said:
Any way to root if 5.0 is already on my phone?
Locked bootloader.
Click to expand...
Click to collapse
Refer My post just 1 post before You.
Did it with latest 14.5.A.0.283 on my Z1C ... all good.
Thank you
Easy to follow tutorial for rooting your Z1's latest firmware Thanks!
@kalaja: 283? When did that happen?
sunbeam906 said:
Easy to follow tutorial for rooting your Z1's latest firmware Thanks!
@kalaja: 283? When did that happen?
Click to expand...
Click to collapse
from xperiablog net:
Xperia Z1 Compact sees new firmware (14.5.A.0.283) for carriers in Austria and Germany
by XB on 16/06/2015
in FIRMWARE, XPERIA Z1
Xperia Z1 Compact. A new firmware update with build number 14.5.A.0.283 has been released for the Sony Xperia Z1 Compact (D5503). The update has so far only been released for T-Mobile Austria and Telekom.de in Germany. However, users on these carriers were still rocking Android KitKat (14.4.A.0.157), so this update brings them a first taste of Android Lollipop. It is unclear whether this ‘283’ firmware will see a global release, the same build number has also been certified for the Xperia Z1 and Xperia Z Ultra, although those updates are not live right now.
Thanks for the info, kalaja Much appreciated.
But... why?
Well, many people like and buy the Xperia line of devices currently on the market who previously owned a Samsung, LG or HTC. There are many differences in hardware, but most certainly in how Sony perceives the Android ecosystem and how it differs from the other major brands. This (noob) guide is meant to help people on the path to the Sony side I'm sure it contains lots of info which is even useful for the old timers
Things which differ a LOT from the other brands:
First and foremost: no recovery partition;
Second but not least: no download mode.
Sony has replaced the Android recovery partition with the FOTA kernel, which is meant to aid the device in rolling out OTA updates, which allow kernel updates without the risk of bricking the device. I hear you scream: "But wait, what about the recovery partition announcement by Sony themselves!?", well the answer is simple: that is meant for unlocked bootloader devices ONLY, as a part of their "Open Devices" program.
What is Flashmode, Flashtool and what are these FTF and SIN files I am reading about?
I'm going to quote @Androxyde here (it's a straight copy of his index page), as he is the maintainer of the tool:
Flashtool is a S1 flashing software that works for all Sony phones from X10 to Xperia Z Ultra. They all use the S1 protocol for flashing firmwares.
This program was originally made to flash sin files downloaded by SEUS/SUS or PC Companion.
Based on a command line tool written by @Bin4ry (Andreas Makris), I brought a user interface to sin files flashing.
We worked together to add more features to the tool such as rooting methods implementation or TA backup / restore.
Then I took the lead and got some advice and help from him occasionally on some features like rom cleaner or bootloader unlocking.
From time to time, sin files have been bundled into what is now well known FTF (Flash Tool Firmwares) and more features have been implemented.
But flashing firmwares is still the core of Flashtool (that is updated at least to follow Sony improvements around sin files) and the reason of its name.
Flashtool can also easily unlock the bootloader of the phone using the BLU icon as far as the bootloader of your phone is unlockable
The flashing feature as well as bootloader unlock feature are available whatever the phone is recognized or not by the application. What is only mandatory for flashing is to own the FTF file according to the device you want to flash it on.
Why should I use Flashtool?
Once bootloader unlocked, official sony tools do not work anymore.
Using official sony tools, you can only upgrade. No downgrade possible.
Using flashtool, you can choose what to flash and what not to flash. This said, many rooting scenarios are available implying kernel only downgrade to retrieve a patched rooting exploit and then flash back the right kernel.
You said unlocking bootloader?
This process gives you the opportunity to flash custom roms such as CyanogenMod ROMs.
I invite you to visit the FXP Project that brings CM and AOSP to xperia devices.
Click to expand...
Click to collapse
To complete this explanation, Sony devices know 2 bootloader based flash modes:
Flashmode (This is the S1 flash protocol @Androxyde wrote about)
Fastboot (This is the original, unmodified fastboot mode from Google)
In the past there was the Sony-Ericsson Update Software/Service (SEUS, later named SUS because Ericsson got removed from the name) which could update your device to the latest software or recover it from an inoperable state. PC Companion was less of a tool for updating and more of making backups, installing applications and managing the device storage. Sometime the past 3-4 years Sony merged the 2 programs, so if people on XDA or anywhere on the web talk about using PC Companion to restore their device, they are not wrong, they are simply using the latest version
Sony recently released their own package called 'flash tool' (to add to the confusion of noobs in the community), which deep down is a little easier to use and stripped down version of EMMA, which is a tool we mere mortals will probably never use as EMMA is the flash tool for Sony's repair shops and tech support. It's primary function is to allow owners of an unlocked bootloader device (or, 'open device' as Sony named it) to still use Sony firmwares and update their device, because as soon as you unlock the bootloader, the OTA updates will stop.
Things to remember on the files used by these tools:
An FTF file is basically not more then a ZIP archive containing multiple SIN files, you can open the FTF using 7z/WinZip/WinRar and look inside it.
A SIN file is a disk/partition image, which is encrypted by Sony. S1 (the bootloader) will check this encryption to make sure the image was not tampered with before it accepts it for flashing.
Fastboot flashing will always fail when the device is still in a locked bootloader state. For some models it is even disabled entirely or non-functional until you unlock the bootloader.
I am reading about the TA, what is it, why should I make a backup?
The TA partition (Trim Area) is a signed partition which holds various things which are unique to your device, like the device's IMEI, DRM keys and bootloader settings and configuration options. This partition can not be exchanged between devices, because it really is unique. If you would flash the TA backup from someone else it will cause a hard-brick rendering your device only useful as a paperweight...
When you unlock your bootloader you will lose all the DRM features on your device, this makes it valuable to have a backup of the unmodified version stowed away somewhere safe. You will need root level access to create that backup before unlocking. There is a tool called Backup TA which is widely used to create and restore backups of the TA partition. TWRP in XZDualRecovery can do the same.
When you restore the backup TA partition you made before unlocking the bootloader you will essentially re-lock the bootloader and restores the DRM keys. This process is (as far as we know up to now) undetectable by Sony's support staff, which makes it easy to restore the phone to stock for warranty driven support issues as unlocking your bootloader will void your warranty on the device (it is subject to local law though). That is why, for a lot of owners of a Sony device at least, it is considered to be the "Holy Grail" and is usually the reason for a lot of users to wait for a root exploit to be found before unlocking their bootloader.
Okay, I get it now. I would like to unlock my bootloader, how to proceed?
I'm not here to rewrite everything other people or Sony themselves can write just as well or even better, so I have a link for you:
http://developer.sonymobile.com/unlockbootloader/
Read it, it will teach you just about everything you need to know.
Once your bootloader is unlocked, your device will be much like a Nexus device when it comes to rooting, excluding the recovery partition, so that's why we flash or hotboot a custom kernel with a recovery, by using fastboot. If you are afraid of a terminal and typing commands, you can use a tool like QuickIMG or Flashtool to make your life easier.
Right, now I want root!
Well, if you have an 'open device', this is a lot easier then you think. Just remember that using root exploit kits is unnecessary and in some cases even risky as some packages do funky things or jeopardize your privacy.
Try to find a 'stock based' custom kernel. These are custom kernels built by the community to add features to the kernel but are meant to work with Sony's stock firmwares. I'm the maintainer of XZDualRecovery myself and created the Kernel Builder for the supported devices.
These custom kernels will NOT root your device (unless otherwise stated by the creator), but introduce a recovery to the boot process and with that you will be able to flash SuperSU to root your ROM.
But you just said Sony devices don't have a recovery partition, please... UN-confuse me!!
Yes, I did, and I'm right: there have been bright minds in the community who included a recovery in the boot image (the kernel partition) in the past and that way included a recovery on our Sony devices.
With the current 'open devices' policy from Sony, we now have:
Recovery stored inside the system partition, which is meant for locked bootloader devices (closed devices) because they can not run custom kernels;
Recovery stored in the boot image (for open devices);
Recovery stored on the FOTA partition, but with a trigger from the regular boot image at boot (also for open devices);
Recovery stored on the FOTA partition -renamed to recovery- together with an updated bootloader (for open devices, of course).
Hmm, okay... it's still confusing, but OK. My service menu says I'm rooted, but none of the root apps work properly, what gives?!
If you open the phone dialer app and on the keys see the letters below the digits, you can spell the word SERVICE. Type *#*#SERVICE#*#* and a service menu will pop up. Tap 'Service Info' and then 'Configuration'. Then you will see one of these lines there almost on the bottom of the list:
"Rooting status: unknown": it's probably unlocked, but it was unable to verify that;
"Rooting status: rooted": you have unlocked the bootloader;
"Unlock bootloader allowed: YES/NO": this tells you if the bootloader is (vendor-) locked or not, if it says NO, you're out of luck.
The rooting status there is not telling your system is rooted, it tells you your bootloader is and will allow custom rom/kernel flashing. Don't confuse these two.
I'm not allowed to unlock my bootloader But I still want root, can I?
In some cases you can. It depends on the bugs found in specific firmware versions which allow a root exploit to be developed.
From the 2015 range of Xperia devices Sony started using dm-verity, which causes a bootloop once the system partition is modified. This modification of the system partition will be required to include a SU binary in the system to obtain root, so until a dm-verity defeating option is found, locked bootloader root or recovery will not be possible.
For older models, check the device forums and the cross device development forums to check out the community rootkits available. Usually it will tell you what ROM version it is intended for. Be careful with rootkits/roottools though, some are also found to be introducing malware to your device or sending privacy sensitive data to the creators. Use common sense, if you have no valid use for the root user level, keep it off your phone. If you already have recovery, you can use that to modify or clean your device instead.
I have rooted my phone, but whenever I try to modify something on it it spontaneously reboots or I get a message 'Permission denied" when trying to remount the system partition R/W! Why is that?
Like all manufacturers, Sony tries to make it difficult (or downright impossible) to modify the Android base system they created. Because if you can, anyone or anything which obtains root access can. This is a serious security risk, because if it's malware which puts itself on the system partition and locks up your phone, the only way around this is to wipe your entire device and restore a stock ROM using PC Companion or Flashtool. Of course, they have their own proprietary software to protect as well, but security is the main objective here. The really sensitive bits are stored in the TA partition as I explained earlier.
Sony (-Ericsson) had a service called RIC, which in time moved partially in to a kernel feature. What it does is monitor if system is remounted writeable. This usually is a situation you want to avoid at all costs so RIC will deny you permission, cause a kernel panic OR simply reboots your device to get out of that state.
"Remount-Reboot fix", RICKiller, RICDefeat, and XZDualRecovery all (attempt to) disable this service or stop the kernel from acting on a remount of system.
Hard-bricks, Soft-bricks, bootloops??
They are simple to understand, really:
Hard-brick, TYPICALLY NOT RECOVERABLE: The bootloader stopped functioning, this can be caused by a bad flash/update or by restoring the wrong TA backup.
Soft-Brick, ALWAYS RECOVERABLE: the system partition is corrupted or just simply empty, this causes the device to stall at boot. A soft-brick can also make the screen remain off, because of a bad or missing kernel image.
Bootloops, ALWAYS RECOVERABLE: If the system gets powered up and then reboots during the start. This can be at the kernel splash screen or during the boot animation.
In case of a Soft-brick or Bootloop:
Use the installed recovery (if it still works), PC Companion, QuickIMG or Flashtool to restore your device to working order.
In case of a Hard-brick:
You can never recover from that state without physically opening your device and do some heavy duty engineering (JTagging) on it to flash back the correct bootloader/TA (read that link to see what it would take!). This is way too difficult for 98% of the community, which means that hard-bricking your device is typically the creation of a very expensive paper weight.
Please, be extremely careful when dealing with the TA partition.
*********************************************
I will be updating the above text for sure, if you feel anything is missing, please write a post in this thread with the text you wish to include. I want this to be a community driven guide and I know a lot, but I can't know everything
*********************************************
Extended the text some more to include ideas from:
@Klaos3000
@Yenkazu
Thanks for the suggestions/additions guys! :highfive:
As it concern the recovery, i think you can create a partition with EMMA.
Sent from Greece
kos25k said:
As it concern the recovery, i think you can create a partition with EMMA.
Sent from Greece
Click to expand...
Click to collapse
Please, re-read the first part...
Can I root my iPhone 6 with this guide?
That was a bad joke.
Very useful guide. We should probably educate people around here about what an unlocked bootloader actually means and what it let us do. I'm shocked by the number of people using Kingroot and other risky closed-sourced tools, especially the ones with an unlocked bootloader.
People of earth, if your bootloader is unlocked, it means that your device will be much like a Nexus device when it comes to rooting, sans the recovery partition, so that's why we flash or hotboot a custom kernel with a recovery, by using fastboot. If you're afraid of a terminal and commands, then you can use a tool like QuickIMG. After that, you simply flash SuperSU. That's it!
You can add something about TA Partition and RIC server. :3
Good thread btw
Yenkazu said:
You can add something about TA Partition and RIC server. :3
Good thread btw
Click to expand...
Click to collapse
I'd say, give me a piece of text on the subject for the OP and I'll include it :good:
[NUT] said:
I'd say, give me a piece of text on the subject for the OP and I'll include it :good:
Click to expand...
Click to collapse
RIC, from your thread :3
http://forum.xda-developers.com/xpe...b-definitive-root-remount-reboot-fix-t2317432
But, it's kinda useless if people already use your DualRec, since it's already integrated xD
But more info didn't hurt (?)
TA Partition
http://forum.xda-developers.com/xperia-z/help/ta-partition-t2451186
Not really details, but user should know the impact of unlocking bootloader
Updated the OP to include info on the TA partition and RIC protection. Also included a part of the post by @Klaos3000, because it contained some useful info
Thanks guys :highfive:
Very usefull! :good: But for me 2-3 Weeks to late. I'm still quite new on Z3C and I collect all those info the old style
Without this thread you would need days to catch all dependencies - With this you would need approx. 10 min!
Very helpfull and good to link new user to...
And yes - I came form the Sammy side (of the moon ) and was a bit shocked what sony did with "open source android".
Not because of SystemUI ( I love it...) but because of all this "anti modding" stuff they build in.
Sticky? Sure - must be!
Updated the OP to include info on Hard-bricks, Soft-bricks and bootloops.
Please people, if you have anything to add to the OP, let me know!
As I said, I know a lot, but I can't know everything there is to know about Sony devices...
Good work (...as usual from your side) :good:
Very useful tutorial.
No need to write long explanations to Sony beginners anymore - just add a link from here.
Really Helpful
Brilliant.....Really it deserves place at (Sticky Threads).I think if you add minimum One Custom Kernel(for stock firmware)
of every devices..That would b very helpful to recover from Soft bricks.Then this thread will be an "ALL IN 1" thread.Its my Opinion after all...Brilliant work.
Need a little advice.
Hi,
I have a ZL with Locked bootloader and your ZL-lockeddualrecovery2.8.22 installed
I am on stock 5.0.2 now Rooted thanks to your awesome recovery.
Question is now I have your dual recovery would I be able to simply flash crDroid CM zip Thread Here and others like it or would I still need to unlock the bootloader Edit OP of ROM says it is required
So if I flashed the above would it replace your recovery with the boot.img in the zip
Sorry for the noob questions but I am new to Sony devices and still taking baby steps with this phone
I can unlock the bootloader no problem but I am more concerned about your recovery been replaced.
Thanks in advance :good:
bigrammy said:
Hi,
I have a ZL with Locked bootloader and your ZL-lockeddualrecovery2.8.22 installed
I am on stock 5.0.2 now Rooted thanks to your awesome recovery.
Question is now I have your dual recovery would I be able to simply flash crDroid CM zip Thread Here and others like it or would I still need to unlock the bootloader Edit OP of ROM says it is required
So if I flashed the above would it replace your recovery with the boot.img in the zip
Sorry for the noob questions but I am new to Sony devices and still taking baby steps with this phone
I can unlock the bootloader no problem but I am more concerned about your recovery been replaced.
Thanks in advance :good:
Click to expand...
Click to collapse
As long as your phone is locked, you only can flash stockroms and stock-kernels.
You also have to use recovery for stockrom, because you kernel is "untouchable" and recovery have to put in /data and /system partition and can't be put in kernel.
All other roms/kernels will end in errors while flashing.
If you have unlocked your BL, you can flash any rom and kernel you want, as long as your phone is supporting it.
Yes, by flashing a zip, your kernel will be replaced and in most cases they have a recovery in it.
By flashing a rom from another version or changing from stock-based roms to i.e. CM-roms or Omni and vice versa, you have to unpack the kernel (boot.img) by hand and flash (fastboot) this first, before you flash (after a reboot in recovery) the whole zip.
Otherwise it could end in bootloop.
Because of (i most cases) wiping /system, /data while installation, your stock-recovery will deleted too. This depends of the work of the installer in the zip file.
Btw... before unlocking your phone, backup your TA ( with FlashTool). This TA is unique and you may use it to lock your phone again later.
And... if your phone is unlocked - no fear of losing recovery. You always can flash another one with fastboot again.
Someone correct me, if i was wrong or forgot something.
@bigrammi, you can always try yo repack the CM kernel using my kernel builder, that way you will still have XZDualRecovery but then included in the boot image, so no risk of losing it...
akkufix said:
As long as your phone is locked, you only can flash stockroms and stock-kernels.
You also have to use recovery for stockrom, because you kernel is "untouchable" and recovery have to put in /data and /system partition and can't be put in kernel.
All other roms/kernels will end in errors while flashing.
If you have unlocked your BL, you can flash any rom and kernel you want, as long as your phone is supporting it.
Yes, by flashing a zip, your kernel will be replaced and in most cases they have a recovery in it.
By flashing a rom from another version or changing from stock-based roms to i.e. CM-roms or Omni and vice versa, you have to unpack the kernel (boot.img) by hand and flash (fastboot) this first, before you flash (after a reboot in recovery) the whole zip.
Otherwise it could end in bootloop.
Because of (i most cases) wiping /system, /data while installation, your stock-recovery will deleted too. This depends of the work of the installer in the zip file.
Btw... before unlocking your phone, backup your TA ( with FlashTool). This TA is unique and you may use it to lock your phone again later.
And... if your phone is unlocked - no fear of losing recovery. You always can flash another one with fastboot again.
Someone correct me, if i was wrong or forgot something.
Click to expand...
Click to collapse
Thanks yet again bro :highfive:
Wow these Sony Xperia's take some figuring out :laugh:
I think I have just about got my head around it all now
I have managed to get the TA backed up with TWRP and Flashtool so I should be safe now
I will have to unlock the bootloader just to stop it nagging me to upgrade :laugh:
@Nut Thanks bro I will take a look at your suggestion it's a little more complicated than what I am used to or should I say different.
bigrammy said:
[...]
@Nut Thanks bro I will take a look at your suggestion it's a little more complicated than what I am used to or should I say different.
Click to expand...
Click to collapse
Well, i saw HTC M7 in your signature. If you were able to unlocked, s-off-ed, re-flashed firmware and rooted this beast - you don't need to have any fear about a Sony device.
[NUT] said:
@bigrammymi, you can always try yo repack the CM kernel using my kernel builder, that way you will still have XZDualRecovery but then included in the boot image, so no risk of losing it...
Click to expand...
Click to collapse
Hi @Nut,
I thought I would take your advice and expected to download a tool to unpack everything and pick through the files and start editing init.rc etc etc :silly:
I had no idea this was a fully automated Online tool
I still can't quite believe it you're a genius!! :angel:
A BIG THANKS to All the Xperia dev's helpful community members and especially the tool creators XZDualRecovery, Flashtool, XperiFirm and PRFCreator etc you're all Awesome :highfive:
I fear I will become lazy with such great dev's :laugh:
bigrammy said:
Hi @Nut,
I thought I would take your advice and expected to download a tool to unpack everything and pick through the files and start editing init.rc etc etc :silly:
I had no idea this was a fully automated Online tool
I still can't quite believe it you're a genius!! :angel:
A BIG THANKS to All the Xperia dev's helpful community members and especially the tool creators XZDualRecovery, Flashtool, XperiFirm and PRFCreator etc you're all Awesome :highfive:
I fear I will become lazy with such great dev's :laugh:
Click to expand...
Click to collapse
Thanks, glad to have been of help to you
Hi everybody,
None of the following is my own novel work, I just took some time to go through the process step by step and document how to root the Z5 compact while preserving both the DRM keys (in a backup) and the functionality normally lost by unlocking the bootloader (using the DRM credentials patch). This post may serve as a tutorial for people starting to root their Z5 compact for the first time.
The device I tested it with is an E5823 with German firmware (originally shipped with CDA 1298-1220_R1C) that was already updated to build 32.1.A.1.163 (Android 6.0, patch level 2016-02-01) via OTA. For devices with other CDA regions, please adapt accordingly by using the respective firmware files.
1. Backup settings and apps
This will be required for restoring after unlocking the bootloader (which wipes the user data partition). For some reason, including the "-shared" option (i.e. contents of the internal emulated SD card, aka media storage) did not work, so make sure to save any media files (pictures takes with the camera, downloads, etc.) separately, e.g. via MTP.
Use Sony backup to SDcard functionality
adb backup -apk -all -f sony-xperia-z5c-noshared.ab
2. Backup TA partition (DRM keys)
Downgrade to exploitable firmware release (LP). Note that downgrading without wiping will make the phone unstable and may cause an automatic reboot after 1-2 min. Therefore either manually wipe the phone during flashing (ticking the checkbox in Flashtool) or be quick with the second (root/backup TA) step.
Download XperiFirm from http://forum.xda-developers.com/cro...xperifirm-xperia-firmware-downloader-t2834142 (I use it under Linux with mono) - UPDATE: For downloading the .185 MM firmware, I had to update to XperiFirm 4.9.1. For downloading 32.2.A.0.253, I used XperiFirm 5.0.0.
Download firmware build 32.0.A.6.200 for the root exploit based on CVE 2015-1805. I used E5823_StoreFront_1299-6910_32.0.A.6.200_R2B downloaded with XperiFirm 4.8.2 (or newer) on 2016-04-01
Download flashtool from http://www.flashtool.net/index.php, I used flashtool-0.9.20.0-linux.tar.7z (or newer version)
Create FTF file in Flashtool with menu Tools->Bundles->Create
Flash in flashmode (flashing system.sln takes 8-10 minutes, be patient...)
Use temporary root exploit to backup TA partition (http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597)
I used iovyroot_v0.3.zip as of 2016-04-02
Connect USB in ADB mode
adb push "root/iovyroot" "/data/local/tmp/iovyroot"
adb push "root/backup.sh" "/data/local/tmp/backup.sh"
open shell: adb shell
chmod 777 /data/local/tmp/iovyroot
chmod 777 /data/local/tmp/backup.sh
mkdir /data/local/tmp/tabackup
/data/local/tmp/iovyroot /data/local/tmp/backup.sh
exit
adb pull "/data/local/tmp/tabackup/" .
3. Upgrade again to MM and unlock bootloader with official method
Create FTF from E5823_Customized DE_1298-1220_32.1.A.1.163_R1C with Flashtool and flash in flashmode.
Optional: Verify that DRM keys are still OK: In dialer enter "*#*#service#*#*", then "Service tests" --> "Security" and it should look like this:
MARLIN [Key OK] [Active]
WIDEVINE [Key OK] [Active]
CKB [Key OK] [Active]
HUK: <device specific hex representation of key>
PROPID_AID: 004
OTP_LOCK_CONFIG: 0155
OTP_LOCK_STATUS: LOCKED
AUTH_ENABLE: 07
DEVICE_ID: <your device ID>
FIDO_KEYS: Provisioned
Factory Reset Reason: No device reset information found.
Click to expand...
Click to collapse
Allow bootloader unlock in developer settings
Follow steps from http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/ . There is not much to add here, as Sony describes the process well and in sufficient detail. Please note that this WILL WIPE YOUR DATA PARTITION, INCLUDING SHARED FILES. Make sure that you have a backup before executing this step (and best do it before downgrading to LP, because some parts will not work after the downgrade without a wipe, and may make the phone reboot after 1-2 min).
Reboot in fastboot mode: hold volume-up and connect USB cable to turn on
fastboot -i 0x0fce oem unlock <your unlock code>
After unlock: check key status
Blobs: generic error!
HUK: generic error!
PROPID_AID: 004
OTP_LOCK_CONFIG: 0155
OTP_LOCK_STATUS: LOCKED
AUTH_ENABLE: 07
DEVICE_ID: <your device ID>
FIDO_KEYS: Not provisioned, SUNTORY error
Factory Reset Reason: No device reset information found.
Click to expand...
Click to collapse
Optional: Try restoring TA partition (will lock bootloader again if successful!). This can be skipped entirely if you trust the tools used in this tutorial, but I chose to verify that restoring the DRM keys works as expected (not that you can do anything about it at that step if it doesn't work...).
Flash E5823_StoreFront_1299-6910_32.0.A.6.200_R2B again with Flashtool
Enable developer mode, connect USB in ADB mode
adb push "root/iovyroot" "/data/local/tmp/iovyroot"
adb push "root/restore.sh" "/data/local/tmp/restore.sh"
adb push TA-02042016.img "/data/local/tmp/TA.img"
open shell
chmod 777 /data/local/tmp/iovyroot
chmod 777 /data/local/tmp/restore.sh
/data/local/tmp/iovyroot /data/local/tmp/restore.sh
Flash E5823_Customized DE_1298-1220_32.1.A.1.163_R1C again with Flashtool
Check key status --> exactly the same as before, so successfully restored
Unlock again in fastboot mode (will wipe data again...)
fastboot -i 0x0fce oem unlock <your unlock code>
UPDATE: Updating to newer MM releases
After the first version of this post, Sony has already released an updated MM firmware (.253 at the time of this writing). If at any point in time you wish to update to a newer release, start at this point of the tutorial. Theoretically, this should be possible without wiping. However, I would not try it without a backup.
Create a backup, e.g. with adb backup or Sony backup.
Download new firmware with XperiFirm. At the time of this writing, I used "E5823_Customized DE_1298-1220_32.2.A.0.253_R2C", downloaded with XperiFirm 5.0.0.
Create FTF file in Flashtool with menu Tools->Bundles->Create
Flash in flashmode (flashing system.sln takes 8-10 minutes, be patient...)
4. Root MM
This will also give you TWRP recovery (which can be entered by pressing the volume up or down button a few seconds after power-on, as soon as the LED starts to change color).
DEPRECATED Alternative 1: with custom kernel but original system image: http://forum.xda-developers.com/z5-compact/general/root-e5823-marshmallow-t3336346
Download Androplus kernel from https://www.androidfilehost.com/?w=files&flid=52185 (I used v22c)
Download TWRP 3.0 from http://forum.xda-developers.com/z5-compact/orig-development/twrp-suzuran-twrp-3-0-t3334568 (I used "March 25, 2016 version") --> twrp-3.0-recovery.img
Download SuperSU v2.71 beta from https://download.chainfire.eu/932/SuperSU/BETA-SuperSU-v2.71-20160331103524.zip
With unlocked bootloader, you can now use fastboot mode. The easiest way is to do this from a running Android system:
adb reboot bootloader
Flash kernel:
unzip Z5C_AndroPlusKernel_v22c.zip
sudo fastboot flash boot boot.img
Flash recovery:
sudo fastboot flash recovery twrp-3.0-recovery.img
Install SuperSU:
boot into Android, copy BETA-SuperSU-v2.71-20160331103524.zip to internal storage (ADB sideload doesn't seem to work with this experimental TWRP at the moment...)
boot into TWRP by pressing volume-up when LED blinks immediately after turning on (and choose option "Keep Read Only" for the system partion)
Install SuperSU zip --> systemless mode
DEPRECATED Alternative 2: with modified system partition: http://forum.xda-developers.com/z5-...rnel-stock-kernel-dm-verity-sony-ric-t3350341
RECOMMENDED Alternative 3: with stock kernel patched for root and original system partition: http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Download rootkernel_V4.51_Windows_Linux.zip from URL above (or the newest version available at that time) and unpack
Patch the kernel from your currently flashed Sony firmware release:
Flashtool -> Tools -> SIN Editor to extract the kernel from kernel.sin in the directory created by XperiFirm --> .elf file
Copy latest SuperSU*.zip (v2.76 at the time of this last update) to the folder where rootkernel*.zip was extracted to.
Note: if using the firmware 32.2.A.0.224, you will need the latest beta SuperSU.zip from https://download.chainfire.eu/964/SuperSU/BETA-SuperSU-v2.74-2-20160519174328.zip . For 32.2.A.0.253 (the latest at the time of this update), use SuperSU v2.76 (non-beta).
./rootkernel.sh kernel.elf kernel-patched.elf
My personal recommendation for the options: don't disable RIC, install TWRP, don't install busybox, install DRM fix
sudo fastboot flash boot kernel-patched.elf
./flash_dk TA-02042016.img DK.ftf
Flash DK.ftf with flashtool for a more complete restore of DRM-based functionality with the original TA partition backup
UPDATED: Thanks to ninestarkoko for pointing out that also the AndroPlus kernel disables dm-verity to enable more flexibility for root-using apps. Originally I assumed that dm-verity would still be intact with alternative 1, which in fact it is not. As of 2016-05-11, I used alternative 3 instead of alternative 1.
Now that Xposed can be installed system-less (http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268), it should be possible to use with dm-verity intact. However, I have not tried this so far.
5. [Optional] Install Xposed
Sony MM firmware no longer seems to have the odex problem documented in http://forum.xda-developers.com/crossdevice-dev/sony/z4-z5-z5c-fix-camera-fc-installing-t3246962/, so no additional steps before/after "normally" installing Xposed are required
Download latest arm64 "sdk23" framework from http://dl-xda.xposed.info/framework/ (I used v81)
UPDATE: There is now a system-less version v86, which may even support OTA upgrades of the system image. At the time of this last update, I used the version linked from http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268.
Download XposedInstaller_3.0-alpha4.apk from http://forum.xda-developers.com/showthread.php?t=3034811 and install
UPDATE: For the system-less Xposed version, instead use XposedInstaller_by_dvdandroid.apk from http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268.
Install xposed-v86.1-sdk23-topjohnwu.zip via TWRP
6. Restore functionality relying on DRM credentials
Note: This is not necessary if you used alternative 3 for rooting above - that one already includes the DRM fix in the patched kernel image.
Using TWRP flashed in the step before, flash the ZIP to patch Sony credentials checks from http://forum.xda-developers.com/xperia-z5/development/sony-credentials-restore-unlocking-t3296383 .
Copy drmrestore.zip from above link to internal storage and install via TWRP
That's it!
Sorry, I have never been totally clear on the relationship of firmware and kernels. If I install .163 and go through all the root steps here, if I then install .185 will I no longer have root or will the kernel still be rooted? Or after I upgrade will I be required to go through the root process again? Or by chance is there just no root available for the .185 release yet? Thanks
I would like to make some observations to this useful post, because it seems there's a bit of confusion:
About point 2)
to backup TA partition, just connect the phone and run tabackup.bat from iovyroot zip .
It will execute adb commands automatically.
About point 3)
i would stick with Lollipop and unlock directly on Lollipop, there's no need to flash MM before. You need to flash a firmware using flashtool if you have already unlocked. Temporary root exploit does not alter in any way the current system.
About point 4)
All the modded kernels on xda seems to have dm-verity and sony ric disabled. Androplus kernel too ( https://kernel.andro.plus/kitakami_r2.html from the first changelog ). /system partition modification is also necessary for DRM restore functions.
I think that root priviledges for apps with DM-verity enabled on /system would be quite "dangerous". As soon as an app edit the system partition (just a simple mod), the phone would go in bootloop.
It's been one or two weeks since Tobias released a more advanced and updated technique to restore DRM functions, and just flashing a .zip is no more sufficient (now .zip flashing + .ftf flashing with flashtool)
The gold standard regarding the kernel part is:
-use a modded stock kernel (TWRP recovery and advanced DRM restore function included) following this guide:
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
-or use custom kernels like Androplus,... (TWRP might or might not be included) and then restore DRM functions following the instructions from the same post above (drmonly command from the package)
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Thank you for making a guide on Z5c forums. I've seen one only on z5 forums
Frontier3 said:
Sorry, I have never been totally clear on the relationship of firmware and kernels. If I install .163 and go through all the root steps here, if I then install .185 will I no longer have root or will the kernel still be rooted? Or after I upgrade will I be required to go through the root process again? Or by chance is there just no root available for the .185 release yet? Thanks
Click to expand...
Click to collapse
If you are on Lollipop, i suggest flashing directly MM .185 . If you are on MM .163 then flashing the whole firmware package will/could wipe everything, kernel included. I don't know exactly if the kernel from .163 is exactly the same as the one in .185. If your kernel gets wiped then root, DRM restore, TWRP would go away.
Let me explain: You need a modded kernel in order to install SuperSU, which gives root access to apps. SuperSU runs fine on many phones, Z5C MM included. If you upgrade using a .ftf file flashing, then the chance is high that you need to mod/install a custom kernel again, restore DRM functions and install SuperSU again.
If I root my phone, and then I turn it off and then on will the root still be usable?
What I'm asking is if its like iPhone's tethered and untethered jailbreaks?
I have rooted (unlocked bootloader), TWRP installed. How can I update to MM?
Many thanks for any help!
damn_son said:
If I root my phone, and then I turn it off and then on will the root still be usable?
What I'm asking is if its like iPhone's tethered and untethered jailbreaks?
Click to expand...
Click to collapse
Yes, it will be rooted, until you unroot!
Thanks for the tutorial.
Which region firmware should I choose for Canada? There's not even USA firmware available. Does it matter at all?
You mentioned using E5823_StoreFront_1299-6910_32.0.A.6.200_R2B to downgrade.
I'm currently on MM .185 Customized UK.
Does it matter what region I use?
fisheyes1 said:
You mentioned using E5823_StoreFront_1299-6910_32.0.A.6.200_R2B to downgrade.
I'm currently on MM .185 Customized UK.
Does it matter what region I use?
Click to expand...
Click to collapse
You'd have to go back to an exploitable firmware. Version working are mentioned here: http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
In the Z5c case E5823_StoreFront_1299-6910_32.0.A.6.200_R2B is the best solution IMO
ninestarkoko said:
I would like to make some observations to this useful post, because it seems there's a bit of confusion:
About point 2)
to backup TA partition, just connect the phone and run tabackup.bat from iovyroot zip .
It will execute adb commands automatically.
Click to expand...
Click to collapse
As I used Linux, the .bat script won't be directly applicable. The commands listed in my post will work with all host OS. (This is in addition to my personal disinclination to execute downloaded scripts directly on my development host .)
ninestarkoko said:
About point 3)
i would stick with Lollipop and unlock directly on Lollipop, there's no need to flash MM before. You need to flash a firmware using flashtool if you have already unlocked. Temporary root exploit does not alter in any way the current system.
Click to expand...
Click to collapse
Fully correct. I was already on MM before starting the whole process, so I had to go back to LL first.
ninestarkoko said:
About point 4)
All the modded kernels on xda seems to have dm-verity and sony ric disabled. Androplus kernel too ( https://kernel.andro.plus/kitakami_r2.html from the first changelog ). /system partition modification is also necessary for DRM restore functions.
I think that root priviledges for apps with DM-verity enabled on /system would be quite "dangerous". As soon as an app edit the system partition (just a simple mod), the phone would go in bootloop.
It's been one or two weeks since Tobias released a more advanced and updated technique to restore DRM functions, and just flashing a .zip is no more sufficient (now .zip flashing + .ftf flashing with flashtool)
The gold standard regarding the kernel part is:
-use a modded stock kernel (TWRP recovery and advanced DRM restore function included) following this guide:
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
-or use custom kernels like Androplus,... (TWRP might or might not be included) and then restore DRM functions following the instructions from the same post above (drmonly command from the package)
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Click to expand...
Click to collapse
Many thanks for that correction - I was wrong to assume that dm-verity would still be intact with Androplus kernel. I have updated my post accordingly.
Would have been good for me, to have boot and recovery bold. Just recalled the fastboot flash boot command to flash the recovery over
besides that: *****
sudo fastboot flash boot boot.img
Flash recovery:
sudo fastboot flash recovery twrp-3.0-recovery.img
Click to expand...
Click to collapse
smartphone-tester said:
As I used Linux, the .bat script won't be directly applicable. The commands listed in my post will work with all host OS. (This is in addition to my personal disinclination to execute downloaded scripts directly on my development host .)
Fully correct. I was already on MM before starting the whole process, so I had to go back to LL first.
Many thanks for that correction - I was wrong to assume that dm-verity would still be intact with Androplus kernel. I have updated my post accordingly.
Click to expand...
Click to collapse
Great to see updates to the first post, it will be useful for many new Z5c users out there
hi, im new z5c user
just received it and ill take this tuto for the root
thank you
Hey quick question, what exactly is stored in the DRM keys? I heard it's no longer the low-light camera stuff, so what is? If it's not too relevant isn't it just much easier to OEM unlock on MM, flash twrp and supersu (do you need the custom kernel to do so, btw?) and be done with it?
ApplepieFTW said:
Hey quick question, what exactly is stored in the DRM keys? I heard it's no longer the low-light camera stuff, so what is? If it's not too relevant isn't it just much easier to OEM unlock on MM, flash twrp and supersu (do you need the custom kernel to do so, btw?) and be done with it?
Click to expand...
Click to collapse
Some Sony-proprietary functions are dependent on the keys (e.g. low-light algorithms in the stock camera, seemingly also some screen optimizations, or potentially also stuff like screen mirroring - although I have not tried myself what is missing without real/fake DRM keys) as well as DRM management via Widevine. With the restore patches, you get most of the Sony functionality back even when the keys themselves have been deleted. Widevine might not work without the original keys available.
I just have a question cause I seem to be getting 0 answers elsewhere.
I want the latest lollipop on my Z5C and NOT Marshmallow. I believe it's the 32.0.A.6.200 build.
Anyway, I thought I could update to it like OTA, only not all the way to MM but staying at LP. Do I have to unlockbootloader, root and then use flashtool with the 32.0.A.6.200 build (which I've founda few online)? Is there no way to just install it like a "normal" update as I am currently still on stock 32.0.A.4.11. Is my only salvation to unlock bootloader, root and install the update?
You shouldn't have to unlock or root to use flash tool to flash 32.0.A.6. 200
Ive tried multiple different versions now, but it always stop at "Processing modem.sin", even tried leaving it for 20min. No results.
Anyone with a solution?
Edit: Also tried it on my macbook, same problem!
To clarify: Talking about downgrading to .200
It is not clear to me to try it and I doesnt want to brick my handy. Any way to make a video tutorial, including all, unlocking BL, backuk and restore DRM and also a way to turn back the device to a stock rom, for a warannty purposes (my camera is very very bad).
Thank you.
Sorry guys, but just to confirm: if I manage to successfully back up my TA partition, I can always go back and re-lock the boot loader, right? I am also skeptical about voiding warranty Sony speaks about on their corresponding web site. Do you think they save a record whenever someone requests an unlock code from them? In other words, if I need to restore stock ROM and TA partition later on (e.g. due to RMA), would it be possible for my vendor (Telekom) to check with Sony if I have ever unlocked my boot loader?
Many thanks for your great work!