[Guide] Rooting and unlocking bootloader (bonus) back up DRM - Xperia Z5 General

Hi Everyone.I see some members are new to Sony phones and some to unlocked boot loader.So here is a simple guide.
BTW I'm not the developer of any of these methods.that's why I won't post any links for downloads and will redirect you to original threads.
Do it at your own risk
So let's begin.You have either updated your Z5 to MM or still on LP.
.First step is to flash a kernel that can be rooted.If your Kernel is older than december then you are good to go.If not follow these steps.
1.Download the latest Flashtool
http://www.flashtool.net/downloads.php
2.Download 32.0.A.6.200 or any older build for your Z5.(pay attention to download the right firmware. for example you may have E6633 or E6653)
3.Flash it and power on your phone.
4.Download Iovyroot and use it to back up your DRM key.(don't forget to enable USB debugging)
http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
5.Copy your DRM keys to a safe back up.(warning:never try to flash another handsets DRM key or you will hardbrick your phone)
6.Update back to MM.You can use Sony PC companion to update if you have Locked bootloader or simply download and flash your latest FTF file
7.Unlock your bootloader now.request keys from here.follow the guide
http://developer.sonymobile.com/unlockbootloader/start-unlocking-your-boot-loader/
8.Now to keep your DRM intact and have root and xposed this is the best choice.Download this tool and patch your kernel
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
9.after patching your kernel with your own TA back up just power down your phone.press and hold volume up while plugging USB cable to PC to go to fastboot mode.
10.use this command to flash your new kernel
fastboot flash boot boot.img
11.Download latest SuperSu zip and copy it to your phone or memory card
http://www.supersuroot.com/download.html
12.restart your handset.Keep pressing volume up to go to TWRP recovery.Flash the superSU zip.Now you are rooted with locked bootloader
13.(optional)download and flash Xposed zip http://dl-xda.xposed.info/framework/sdk23/arm64/

Fix camera apps FC after updating xposed.
connect your phone to PC with usb.(USB debugging must be on).open ADB shell ans type SU
grant superuser permission to ADB then copy and paste this to ADB and press enter.that's it
/system/bin/dex2oat --runtime-arg -classpath --runtime-arg /system/framework/XposedBridge.jar --instruction-set=arm --instruction-set-features=smp,div,atomic_ldrd_strd --runtime-arg -Xnorelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=cortex-a53 --instruction-set-features=default --dex-file=/system/priv-app/CameraCommon/oat/arm/CameraCommon.odex --oat-file=/data/dalvik-cache/arm/[email protected]@[email protected]@classes.dex

Is this really working?
Sent from my E6603 using XDA-Developers mobile app

many many thanks josephnero.
I've experience with other devices but I find Xperia rooting quite confusing.
Any chance you can also post a brief tutorial on how to return full stock with locked bootloader after having rooted the device?
So we can use OTA updates again.
I suppose it should be:
1) full wipe
2) flash stock rom with flashtool
3) use Iovyroot tool to restore TA (this should automatically relock BL)
but not sure.

indianmeister said:
Is this really working?
Sent from my E6603 using XDA-Developers mobile app
Click to expand...
Click to collapse
Ofcourse.I'm using it myself
here is a screen shot

Aklo01 said:
many many thanks josephnero.
I've experience with other devices but I find Xperia rooting quite confusing.
Any chance you can also post a brief tutorial on how to return full stock with locked bootloader after having rooted the device?
So we can use OTA updates again.
I suppose it should be:
1) full wipe
2) flash stock rom with flashtool
3) use Iovyroot tool to restore TA (this should automatically relock BL)
but not sure.
Click to expand...
Click to collapse
you mean to unroot and return to full stock?if so yes. make sure to flash the same firmware that you used to back up TA. you can also use The Ta back up tool to restore.no need to full wipe before flashing,you can use wipe option in flashtool

josephnero said:
Hi Everyone.I see some members are new to Sony phones and some to unlocked boot loader.So here is a simple guide.
BTW I'm not the developer of any of these methods.that's why I won't post any links for downloads and will redirect you to original threads.
So let's begin.You have either updated your Z5 to MM or still on LP.
.First step is to flash a kernel that can be rooted.If your Kernel is older than december then you are good to go.If not follow these steps.
1.Download the latest Flashtool
http://www.flashtool.net/downloads.php
2.Download 32.0.A.6.200 or any older build for your Z5.(pay attention to download the right firmware. for example you may have E6633 or E6653)
3.Flash it and power on your phone.
4.Download Iovyroot and use it to back up your DRM key.(don't forget to enable USB debugging)
http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
5.Copy your DRM keys to a safe back up.(warning:never try to flash another handsets DRM key or you will hardbrick your phone)
6.Update back to MM.You can use Sony PC companion to update if you have Locked bootloader or simply download and flash your latest FTF file
7.Unlock your bootloader now.request keys from here.follow the guide
http://developer.sonymobile.com/unlockbootloader/start-unlocking-your-boot-loader/
8.Now to keep your DRM intact and have root and xposed plus locked bootloader this is the best choice.Download this tool and patch your kernel
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
9.after patching your kernel with your own TA back up just power down your phone.press and hold volume up while plugging USB cable to PC to go to fastboot mode.
10.use this command to flash your new kernel
fastboot flash boot boot.img
11.Download latest SuperSu zip and copy it to your phone or memory card
http://www.supersuroot.com/download.html
12.restart your handset.Keep pressing volume up to go to TWRP recovery.Flash the superSU zip.Now you are rooted with locked bootloader
13.(optional)download and flash Xposed zip http://dl-xda.xposed.info/framework/sdk23/arm64/
Click to expand...
Click to collapse
In step 12. You got root with locked bootloader? I don't think so cause any modification in kernel required to have unlock bootloader if not phone got boot loop or won't boot at all

devilmaycry2020 said:
In step 12. You got root with locked bootloader? I don't think so cause any modification in kernel required to have unlock bootloader if not phone got boot loop or won't boot at all
Click to expand...
Click to collapse
Remember this is not a custom kernel.It's your own stock kernel just RIC and Dm protection patched
After step 10 you have locked bootloader with a patched Kernel and recovery.no DM variety to stop root afterwards

josephnero said:
Remember this is not a custom kernel.It's your own stock kernel just RIC and Dm protection patched
After step 10 you have locked bootloader with a patched Kernel and recovery.no DM variety to stop root afterwards
Click to expand...
Click to collapse
Show your bootloader status please. Thanks

devilmaycry2020 said:
Show your bootloader status please. Thanks
Click to expand...
Click to collapse
This one?

josephnero said:
you mean to unroot and return to full stock?if so yes. make sure to flash the same firmware that you used to back up TA. you can also use The Ta back up tool to restore.no need to full wipe before flashing,you can use wipe option in flashtool
Click to expand...
Click to collapse
When I will be rooted I don't think I'll need to "flash the same firmware that I used to back up TA" to restore TA and go back to stock & unrooted.
There will be no need to use an exploit to restore TA.
It will be just a matter of :
dd if=TA.img of=....
and then flash lastest stock ROM.
am I wrong ?

If I made a Backup on my Unrooted Z5 MM. 163 with Xperia Backup in settings.
I downgrade. Root my Z5 etc. Update to.. 163 again.
Unlock Bootloader, then Root.
Can I restore that Backup?
Or might that not work?
Sent from my E6653 using XDA-Developers mobile app

This tutorial works and I used it some days ago.
But when you flash kernel with your Ta and Sony release update you must unlock bootloader and wiping system once again to flash new kernel. Update via ota is not recomended. Of course we can flash firmware without kernel in Flashtool, but when I tried mobile notify that new update from .185 to 185 is ready....
Wysłane z mojego E6653 przy użyciu Tapatalka

This guide works fine.
Thanks again

jugglerpl said:
This tutorial works and I used it some days ago.
But when you flash kernel with your Ta and Sony release update you must unlock bootloader and wiping system once again to flash new kernel. Update via ota is not recomended. Of course we can flash firmware without kernel in Flashtool, but when I tried mobile notify that new update from .185 to 185 is ready....
Wysłane z mojego E6653 przy użyciu Tapatalka
Click to expand...
Click to collapse
Maybe We can extract and patch the kernel then flash it with flashtool?

Duvel999 said:
If I made a Backup on my Unrooted Z5 MM. 163 with Xperia Backup in settings.
I downgrade. Root my Z5 etc. Update to.. 163 again.
Unlock Bootloader, then Root.
Can I restore that Backup?
Or might that not work?
Sent from my E6653 using XDA-Developers mobile app
Click to expand...
Click to collapse
I would strongly recommend to use another back up app.In my experience Sony back up failed many times

Aklo01 said:
When I will be rooted I don't think I'll need to "flash the same firmware that I used to back up TA" to restore TA and go back to stock & unrooted.
There will be no need to use an exploit to restore TA.
It will be just a matter of :
dd if=TA.img of=....
and then flash lastest stock ROM.
am I wrong ?
Click to expand...
Click to collapse
Honestly I'm not sure but better safe than sorry

I currently have (had ) UB and root on .163 MM, today decided to update and LB follow this guide.
I download and flash .185 MM via flashtool (without wipes), in meanwhile I unpack kernel from stock .185 and patched it with my TAbackup.img After flash I disconnect usb cable, don't reboot system, pluged again in fastboot mode, open cmd window with adb, pushed patched with my TA backup stock .185 kernel and latest twrp, next i start device and don't let them start fully but first go to recovery, in twrp choose reboot recovery and after that flash latest root package. Then reboot system and everything works exellent.
Now if i think correctly I have latest MM with UB and stock kernel with my DRM and ofcourse root.

jackq said:
I currently have (had ) UB and root on .163 MM, today decided to update and LB follow this guide.
I download and flash .185 MM via flashtool (without wipes), in meanwhile I unpack kernel from stock .185 and patched it with my TAbackup.img After flash I disconnect usb cable, don't reboot system, pluged again in fastboot mode, open cmd window with adb, pushed patched with my TA backup stock .185 kernel and latest twrp, next i start device and don't let them start fully but first go to recovery, in twrp choose reboot recovery and after that flash latest root package. Then reboot system and everything works exellent.
Now if i think correctly I have latest MM with LB and stock kernel with my DRM and ofcourse root.
Click to expand...
Click to collapse
So can we flash kernel from fastboot in current state?I don't think so because our BL is locked now.did you use patched kernel before update or did you have unlocked BL?

josephnero said:
So can we flash kernel from fastboot in current state?I don't think so because our BL is locked now.did you use patched kernel before update or did you have unlocked BL?
Click to expand...
Click to collapse
Like i wrote, i had unlocked BL when i start.
I flash MM in flashtool
after that unplug device (dont start system) and flash patched kernel trought adb, flash twrp, and all steps mentioned...

Related

[GUIDE][ROOT]How to root Xperia Z KitKat (10.5.A.0.230) and regain Locked Bootloader

I know rooting Sony devices is pain in arse. But believe me, it's fun. Follow the steps to root your beloved Sony Xperia Z.
1. Downgrade to 4.2.2 (10.3.1.A.2.67) by flashing the ftf file of your region. Search the thread to find ftf corresponding to your region.
for C6502 India
http://forum.xda-developers.com/xperia-z/general/xz-c6602-stock-indian-4-2-2-fw-67-ftf-t2573610
2. Root this firmware by cubeundcube method.
http://forum.xda-developers.com/showthread.php?t=2559009
3. Take a TA partition backup using DevShaft's method. This is necessary for relocking your bootloader later.
http://forum.xda-developers.com/showthread.php?t=2292598
4. Upgrade to Kitkat using PCC or SUS (or flash a Kitkat ftf which is meant for your region). Don't panic that you've lost root. Read further.
5. Make a ftf file of the update files that has been downloaded to your computer using flashtool (if you upgraded via PCC or SUS).
http://forum.xda-developers.com/xperia-u/general/guide-how-make-ftf-stock-firmware-sus-t2075736 OR
http://forum.xda-developers.com/xperia-z/development/noobs-guide-create-stock-firmware-ftf-t2188129
6. Unlock bootloader by visiting this link (take a backup of all your data before unlocking bootloader). (Unlocking bootloader voids warranty. But don't worry you can relock it if you have backup of TA)
http://unlockbootloader.sonymobile.com
7. Download the latest update super su.zip from Chainfire's website. Save it in external micro SD card of your phone.
http://download.chainfire.eu/supersu
8. Flash a custom kernel by DooMLoRD. This is a modified stock kernel with CWM recovery built-in. Enter into the CWM recovery and flash the super su.zip you downloaded earlier to root your phone and turn off the phone in recovery itself.
http://forum.xda-developers.com/xperia-z/development/cwm-based-recovery-6-0-4-5-xperia-z-t2167381
9. To get back to stock recovery, use the ftf file you downloaded (or created) at step 4. above and Flash only the kernel and fotakernel.
10. Now relock your bootloader by restoring the TA partition backup you made at step 3. Your phone is rooted now with locked bootloader.
P.S.
>Users who already have a backup of TA, unlock your bootloader and follow steps from 7.
>Users whose bootloader can't be unlocked, follow first two steps, visit this thread to install [NUT]'s dual recovery.
http://forum.xda-developers.com/showthread.php?t=2261606
and flash this pre-rooted zip
http://forum.xda-developers.com/xperia-z/development/stock-update-to-10-5-0-230-t2761629
There already is a guide about this here:
http://forum.xda-developers.com/xperia-z/development/guide-how-to-root-101-firmware-lb-t2656698
Thread closed.

[How-to] Rooted stock SGP621 firmware with DRM keys

Note: Since lowtraxx's guide has included how to get back to stock rom since the time this post was made, I strongly suggest to follow his guide instead.
==========================
Disclaimer:
I make no claims to any of the codes, scripts and programs listed in this post. Credit goes to the creators.
This serves as a extension of lowtraxx's guide (which left your device on a rooted SGP621 on a D6603 system).
These are what I did to get stock rooted firmware on my SGP621 while keeping the bootloader locked and most importantly, the DRM keys intact. I make no guarantees that you will not brick your device, but I did quite a lot of trial and error flashing without messing things up, so if you know what you are doing, these steps should be relatively safe.
Files/Tools Required:
Backup TA by DevShaft
Flashtool by Androxyde
Stock SGP621 FTF (I compiled my own by downloading the firmware using XperiFirm by laguCool and bundling the FTF using Flashtool. Alternatively, you can just use the one provided in lowtraxx's guide.)
Advanced Stock Kernel by krabappel2548
PRFCreator by zxz0O0
SuperSU by Chainfire
SonyRICDefeat by dosomder
Prerequisite:
Follow lowtraxx's guide to completion.
Steps:
Backup TA partition using Backup TA.
Return to stock unrooted by flashing the SGP621 FTF using Flashtool.
Unlock the bootloader (You'll lose the DRM keys here, but it doesn't matter anymore since you already have them backed up using Backup TA).
Flash the Advanced Stock Kernel using Flashtool in FastBoot mode. At this point your device will be unlocked, with DRM keys lost, and rooted with custom recovery.
Using PRFCreator on the SGP621 FTF and the SuperSU zip, create a rooted stock firmware flashable zip. Note: Be sure to check all the checkboxes under the "Include" section.
Copy the resulting zip onto your device's internal storage or external SD card.
Also copy the SonyRICDefeat zip to the same location.
Boot into TWRP on your device (Boot up the device and press the Volume down key when the purple LED lights up on the Sony boot screen).
Flash the rooted stock firmware zip followed by the SonyRICDefeat zip.
Once complete, reboot into system and set up the device for USD Debugging.
Restore the TA partition using Backup TA.
Reboot the device again and you now have the device on rooted stock firmware, with DRM keys intact.
CubicU07 said:
Disclaimer:
I make no claims to any of the codes, scripts and programs listed in this post. Credit goes to the creators.
This serves as a extension of lowtraxx's guide (which left your device on a rooted SGP621 on a D6603 system).
These are what I did to get stock rooted firmware on my SGP621 while keeping the bootloader locked and most importantly, the DRM keys intact. I make no guarantees that you will not brick your device, but I did quite a lot of trial and error flashing without messing things up, so if you know what you are doing, these steps should be relatively safe.
Files/Tools Required:
Backup TA by DevShaft
Flashtool by Androxyde
Stock SGP621 FTF (I compiled my own by downloading the firmware using XperiFirm by laguCool and bundling the FTF using Flashtool. Alternatively, you can just use the one provided in lowtraxx's guide.)
Advanced Stock Kernel by krabappel2548
PRFCreator by zxz0O0
SuperSU by Chainfire
SonyRICDefeat by dosomder
Prerequisite:
Follow lowtraxx's guide to completion.
Steps:
Backup TA partition using Backup TA.
Return to stock unrooted by flashing the SGP621 FTF using Flashtool.
Unlock the bootloader (You'll lose the DRM keys here, but it doesn't matter anymore since you already have them backed up using Backup TA).
Flash the Advanced Stock Kernel using Flashtool in FastBoot mode. At this point your device will be unlocked, with DRM keys lost, and rooted with custom recovery.
Using PRFCreator on the SGP621 FTF and the SuperSU zip, create a rooted stock firmware flashable zip.
Copy the resulting zip onto your device's internal storage or external SD card.
Also copy the SonyRICDefeat zip to the same location.
Boot into TWRP on your device (Boot up the device and press the Volume down key when the purple LED lights up on the Sony boot screen).
Flash the rooted stock firmware zip followed by the SonyRICDefeat zip.
Once complete, reboot into system and set up the device for USD Debugging.
Restore the TA partition using Backup TA.
Reboot the device again and you now have the device on rooted stock firmware, with DRM keys intact.
Click to expand...
Click to collapse
Hey, How did you manage to avoid soft bricking your tablet?
i followed your instructions but i still get softbricks.
frostmore said:
Hey, How did you manage to avoid soft bricking your tablet?
i followed your instructions but i still get softbricks.
Click to expand...
Click to collapse
At which point did you get softbricks? Try to do a data wipe from recovery and see if it helps.
CubicU07 said:
At which point did you get softbricks? Try to do a data wipe from recovery and see if it helps.
Click to expand...
Click to collapse
Step 9.
For me, I got soft brick after restoring the TA partition. Ended up repeating the whole process flashing stock firmware again. After that, I found that I need to tick all the checkbox in the PRFCreator when creating the flashable zip. After the flash and restore, I am able to boot smoothly.
Pingpoi said:
For me, I got soft brick after restoring the TA partition. Ended up repeating the whole process flashing stock firmware again. After that, I found that I need to tick all the checkbox in the PRFCreator when creating the flashable zip. After the flash and restore, I am able to boot smoothly.
Click to expand...
Click to collapse
I guess I wasn't too clear on how to use PRFCreator, apologies for that. Added a note in to reflect that in the original post.
Can i do it on unlocked bootloder?
Which step should i skip? Thanks
zalaz said:
Can i do it on unlocked bootloder?
Which step should i skip? Thanks
Click to expand...
Click to collapse
Start from Step 4 since your bootloader is unlocked.
Since lowtraxx's guide now also include guides to flash rooted stock or CM, so that means both guides do the same thing now? Since I was a little confused while reading the instruction:
Prerequisite:
Follow lowtraxx's guide to completion.
Anyway, thanks both for the great works!!
Please,i have the same confuse as ultima888 with "Prerequisite:
Follow lowtraxx's guide to completion.".
Should i only follow that guide,from this topic? (as it describe full way to get root and stock rooted FW,
or i understand some wrong?) Or i must to go all through lowtrack's guide and THEN do in ptactice the same steps from this guide?
Pls understand me, here are some confusings her, i don't like to softbrick my device and ask just to be sure...
Thanks in advance!!!
ValVK said:
Please,i have the same confuse as ultima888 with "Prerequisite:
Follow lowtraxx's guide to completion.".
Should i only follow that guide,from this topic? (as it describe full way to get root and stock rooted FW,
or i understand some wrong?) Or i must to go all through lowtrack's guide and THEN do in ptactice the same steps from this guide?
Pls understand me, here are some confusings her, i don't like to softbrick my device and ask just to be sure...
Thanks in advance!!!
Click to expand...
Click to collapse
Do lowtraxx's post first.
Then follow this post.
i am little bit confused by all of those steps to get root. (described in this and related threads)
if i understood the whole procedure right then we have to get root first
via flashing a vulnerable firmware made for another device, to be able to backup the drm keys right?
but then we lose root again while flashing back latest stock rom.
now we have to proceed with unlocking the bootloader to get root and recovery.
finally we restore drm keys and doing so bootloader is locked again ?
is this basically what all those steps are for and do i have to go through all of them
if i "just" want to get root on latest stock (no custom roms) to install xposed framework?
thanx in advance and keep up the good work.
sorry, I only speak Spanish, I used google translate:
The original firmware is not vulnerable. The only way get root is opening the bootloader (and put a custom recovery to install SuperSU) but that the drm keys are lost. To keep the drm keys have to get to backup the partition TA without opening the bootloader. To make the backup you need to root and to achieve this must be mixed before 2 firmwares.
Restoring the TA partition relock the bootloader
You should only restore the TA partition with an original kernel
Bundling the FTF question
[*]Stock SGP621 FTF (I compiled my own by downloading the firmware using XperiFirm by laguCool and bundling the FTF using Flashtool. Alternatively, you can just use the one provided in lowtraxx's guide.)
Click to expand...
Click to collapse
Thanks for the guide!
Just a newbie question. What Sony device did you select in Flashtool when you bundled the firmware? I can not find SGP621 anywhere.
/kusk
SO i made a lollipo ftf pre rooted but when i tried to flash RICDefeat it would give me an error. I rebooted the system and everything seems fine, what exactly did that zip file do. What problems im i going to have with the divice and is there any way of fixing it.
thx
Dear CubicU07.
I have a question for u. I have a z3 tablet but it's SGP641 so if i follow this guide for my z3t 641 , have any problems with this ?
Ty for reading
Works on SPG611
Thank you for the guide. Was redirected from http://forum.xda-developers.com/z3-...t-rooting-sgp611-giefroot-bootloader-t3017314 and your guide was perfect. Thank you for your effort.
Same for me
Sony RIC protection not work on Lolipop. A new Version would be nice.
Hi everyone,
In step 5,
1. do I have to check the checkbox in "Sign zip"?
2. do I have to put any recovery file under "recovery zip" section?
Thanks.
waichai said:
Hi everyone,
In step 5,
1. do I have to check the checkbox in "Sign zip"?
2. do I have to put any recovery file under "recovery zip" section?
Thanks.
Click to expand...
Click to collapse
1. no
2.no

[ROOT][5.02][XZDual Recovery][Xposed] Lollipop stock with root for WiFi SGP611 16GB

Stock lollipop and root for your device. Flash recovery and install xposed framework. Follow the instructions:
1) Backup your apps and settings
2) Make a nandroid backup
3) Download stock ftf file of Sony Xperia Z3 Tablet Compact WiFi SGP611 16GB from here: https://mega.co.nz/#!ZwoyjQbD!8J5LVBi8tH4gIv0RW503UjBYMISy9hKynL752x1W2ug
4) Create a prerooted firmware with the PRFcreator tool from this page http://forum.xda-developers.com/cro...fcreator-easily-create-pre-t2859904?nocache=1
5) Make a factory reset and flash the prerooted firmware via recovery
6) Flash XZDual Recovery from this page (version 2.8.10) http://forum.xda-developers.com/z3-tablet-compact/development/tabz3c-xzdualrecovery-qa-t3014211
7) Now from your recovery flash the zip xposed arm http://forum.xda-developers.com/showthread.php?t=3034811
8) Install xposed installer apk and done
Thanks @[NUT] , @zxz0O0 , @rovo89
Thank you worked great!
Thanks mate, I have been meaning to go back to stock to use Sky Go again.
Just flashed this via flashtool, and now I have lollipop, and I am using Sky Go again
Nice one!
Link not working
Link works for me, you have to make sure you don't take out the space in the link.
Thanks. I made prerooted zip with PRFCreator. Works like a charm.
by flashing, does it wipe the data? i.e. apps and music
Why do you first have to install a stock ftf? Why not install prerooted right away.
Update : I did not read properly. so it seems one time flashing is the case .
Sent from my SGP611 using Tapatalk
[email protected] said:
by flashing, does it wipe the data? i.e. apps and music
Click to expand...
Click to collapse
No, if You uncheck wiping in Flashtool of course.
So, just so I understand, I will end up with a Sony Z3 Compact Tablet with 5.02 LP, rooted, but with no access to recovery?
That explains my confusion then - I kept getting recovery partition errors in Flashify.
Does it require unlocked bootloader?
vonski said:
Does it require unlocked bootloader?
Click to expand...
Click to collapse
No.
BTW. To OP - please add link to RICDefeat from SGP621 thread (mounting /system r/w).
Please help me understand:
- PRFcreator will create a flashable.zip.
- the flashable.zip is a .zip and not a signed .tft; one must flash through recovery, not flashtool.
this is where I get really lost:
- In order to install any recovery (TWRP, Clock, etc), the device must be unlocked,since you cannot install recovery on locked Xperia devices (right?).
- The only way to unlock the device is to request the unlock code from Sony which voids the DRM keys, etc.
Please help me figure this out, since I want to root my SGP611, but I don't want to lose my DRM keys.
Hobbes2099 said:
Please help me understand:
- PRFcreator will create a flashable.zip.
- the flashable.zip is a .zip and not a signed .tft; one must flash through recovery, not flashtool.
this is where I get really lost:
- In order to install any recovery (TWRP, Clock, etc), the device must be unlocked,since you cannot install recovery on locked Xperia devices (right?).
- The only way to unlock the device is to request the unlock code from Sony which voids the DRM keys, etc.
Please help me figure this out, since I want to root my SGP611, but I don't want to lose my DRM keys.
Click to expand...
Click to collapse
You may want to root your device first and backup your DRM keys with giefroot and BackupTA.
http://forum.xda-developers.com/z3-...t-rooting-sgp611-giefroot-bootloader-t3017314
Thanks for your reply. Just to clarify; I will generate a .zip file with PFRCreator that can only be flashed in recovery, correct?
Forgive the noobness: can I flash a .zip file with Flashtool?
Before i had the 4.4.4 running, rooted with the giefroot-method and i also did a ta-backup.
Now i upgraded it using the mentioned way and i do still have root - but now i cant get PS4-Remoteplay to work again.
I get a errorcode which is known to say: You rooted your device and the drm-keys are gone (88001003).
so i restored my 4.4.4 ta-backup again - but it still doesnt work.
Also the proprietary Sony-Updateprog for their pre-installed xperia software is gone.
any ideas how to fix this ?
You created the backup BEFORE opening the bootloader?
Have restored the backup after getting root on the stock firmware?
You must enter the special menu contact ( *#*#7378423#*#* , service tests, security ) , all keys should be ok
I read that some have had this error (withremote play) simply by having SuperSU or superuser installed
Edit: I tried to uninstall SuperSU from the app itself (option cleaning to reinstall after from google play) and now to open remote play does not give the error 88001003. Apparently sony detects if you have the app installed
busybox
I had the stock kitkat rom, which I rooted prior to installing a prerooted lollipop rom.
I still have root access, but I do not have busybox installed and can't seem to install it.
I get the same error message using "busybox installer" and using Stephen (Stericson's) Busybox.
Any suggestions?
You may have forgotten to install ricdefeat (download SGP621-RICDefeat.zip , unzip, run install.bat)
system r/w?
kvi said:
You created the backup BEFORE opening the bootloader?
Have restored the backup after getting root on the stock firmware?
Click to expand...
Click to collapse
yes
kvi said:
Edit: I tried to uninstall SuperSU from the app itself (option cleaning to reinstall after from google play) and now to open remote play does not give the error 88001003. Apparently sony detects if you have the app installed
Click to expand...
Click to collapse
Strange - i'm pretty sure it worked on 4.4.4 while i had superSU installed.
I read here https://talk.sonymobile.com/t5/Xperia-Z3-Z3-Dual/error-88001003-remote-play/td-p/873247

Summary/tutorial: Root on Sony Xperia Z5 Compact (E5823) with DRM keys backup

Hi everybody,
None of the following is my own novel work, I just took some time to go through the process step by step and document how to root the Z5 compact while preserving both the DRM keys (in a backup) and the functionality normally lost by unlocking the bootloader (using the DRM credentials patch). This post may serve as a tutorial for people starting to root their Z5 compact for the first time.
The device I tested it with is an E5823 with German firmware (originally shipped with CDA 1298-1220_R1C) that was already updated to build 32.1.A.1.163 (Android 6.0, patch level 2016-02-01) via OTA. For devices with other CDA regions, please adapt accordingly by using the respective firmware files.
1. Backup settings and apps
This will be required for restoring after unlocking the bootloader (which wipes the user data partition). For some reason, including the "-shared" option (i.e. contents of the internal emulated SD card, aka media storage) did not work, so make sure to save any media files (pictures takes with the camera, downloads, etc.) separately, e.g. via MTP.
Use Sony backup to SDcard functionality
adb backup -apk -all -f sony-xperia-z5c-noshared.ab
2. Backup TA partition (DRM keys)
Downgrade to exploitable firmware release (LP). Note that downgrading without wiping will make the phone unstable and may cause an automatic reboot after 1-2 min. Therefore either manually wipe the phone during flashing (ticking the checkbox in Flashtool) or be quick with the second (root/backup TA) step.
Download XperiFirm from http://forum.xda-developers.com/cro...xperifirm-xperia-firmware-downloader-t2834142 (I use it under Linux with mono) - UPDATE: For downloading the .185 MM firmware, I had to update to XperiFirm 4.9.1. For downloading 32.2.A.0.253, I used XperiFirm 5.0.0.
Download firmware build 32.0.A.6.200 for the root exploit based on CVE 2015-1805. I used E5823_StoreFront_1299-6910_32.0.A.6.200_R2B downloaded with XperiFirm 4.8.2 (or newer) on 2016-04-01
Download flashtool from http://www.flashtool.net/index.php, I used flashtool-0.9.20.0-linux.tar.7z (or newer version)
Create FTF file in Flashtool with menu Tools->Bundles->Create
Flash in flashmode (flashing system.sln takes 8-10 minutes, be patient...)
Use temporary root exploit to backup TA partition (http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597)
I used iovyroot_v0.3.zip as of 2016-04-02
Connect USB in ADB mode
adb push "root/iovyroot" "/data/local/tmp/iovyroot"
adb push "root/backup.sh" "/data/local/tmp/backup.sh"
open shell: adb shell
chmod 777 /data/local/tmp/iovyroot
chmod 777 /data/local/tmp/backup.sh
mkdir /data/local/tmp/tabackup
/data/local/tmp/iovyroot /data/local/tmp/backup.sh
exit
adb pull "/data/local/tmp/tabackup/" .
3. Upgrade again to MM and unlock bootloader with official method
Create FTF from E5823_Customized DE_1298-1220_32.1.A.1.163_R1C with Flashtool and flash in flashmode.
Optional: Verify that DRM keys are still OK: In dialer enter "*#*#service#*#*", then "Service tests" --> "Security" and it should look like this:
MARLIN [Key OK] [Active]
WIDEVINE [Key OK] [Active]
CKB [Key OK] [Active]
HUK: <device specific hex representation of key>
PROPID_AID: 004
OTP_LOCK_CONFIG: 0155
OTP_LOCK_STATUS: LOCKED
AUTH_ENABLE: 07
DEVICE_ID: <your device ID>
FIDO_KEYS: Provisioned
Factory Reset Reason: No device reset information found.
Click to expand...
Click to collapse
Allow bootloader unlock in developer settings
Follow steps from http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/ . There is not much to add here, as Sony describes the process well and in sufficient detail. Please note that this WILL WIPE YOUR DATA PARTITION, INCLUDING SHARED FILES. Make sure that you have a backup before executing this step (and best do it before downgrading to LP, because some parts will not work after the downgrade without a wipe, and may make the phone reboot after 1-2 min).
Reboot in fastboot mode: hold volume-up and connect USB cable to turn on
fastboot -i 0x0fce oem unlock <your unlock code>
After unlock: check key status
Blobs: generic error!
HUK: generic error!
PROPID_AID: 004
OTP_LOCK_CONFIG: 0155
OTP_LOCK_STATUS: LOCKED
AUTH_ENABLE: 07
DEVICE_ID: <your device ID>
FIDO_KEYS: Not provisioned, SUNTORY error
Factory Reset Reason: No device reset information found.
Click to expand...
Click to collapse
Optional: Try restoring TA partition (will lock bootloader again if successful!). This can be skipped entirely if you trust the tools used in this tutorial, but I chose to verify that restoring the DRM keys works as expected (not that you can do anything about it at that step if it doesn't work...).
Flash E5823_StoreFront_1299-6910_32.0.A.6.200_R2B again with Flashtool
Enable developer mode, connect USB in ADB mode
adb push "root/iovyroot" "/data/local/tmp/iovyroot"
adb push "root/restore.sh" "/data/local/tmp/restore.sh"
adb push TA-02042016.img "/data/local/tmp/TA.img"
open shell
chmod 777 /data/local/tmp/iovyroot
chmod 777 /data/local/tmp/restore.sh
/data/local/tmp/iovyroot /data/local/tmp/restore.sh
Flash E5823_Customized DE_1298-1220_32.1.A.1.163_R1C again with Flashtool
Check key status --> exactly the same as before, so successfully restored
Unlock again in fastboot mode (will wipe data again...)
fastboot -i 0x0fce oem unlock <your unlock code>
UPDATE: Updating to newer MM releases
After the first version of this post, Sony has already released an updated MM firmware (.253 at the time of this writing). If at any point in time you wish to update to a newer release, start at this point of the tutorial. Theoretically, this should be possible without wiping. However, I would not try it without a backup.
Create a backup, e.g. with adb backup or Sony backup.
Download new firmware with XperiFirm. At the time of this writing, I used "E5823_Customized DE_1298-1220_32.2.A.0.253_R2C", downloaded with XperiFirm 5.0.0.
Create FTF file in Flashtool with menu Tools->Bundles->Create
Flash in flashmode (flashing system.sln takes 8-10 minutes, be patient...)
4. Root MM
This will also give you TWRP recovery (which can be entered by pressing the volume up or down button a few seconds after power-on, as soon as the LED starts to change color).
DEPRECATED Alternative 1: with custom kernel but original system image: http://forum.xda-developers.com/z5-compact/general/root-e5823-marshmallow-t3336346
Download Androplus kernel from https://www.androidfilehost.com/?w=files&flid=52185 (I used v22c)
Download TWRP 3.0 from http://forum.xda-developers.com/z5-compact/orig-development/twrp-suzuran-twrp-3-0-t3334568 (I used "March 25, 2016 version") --> twrp-3.0-recovery.img
Download SuperSU v2.71 beta from https://download.chainfire.eu/932/SuperSU/BETA-SuperSU-v2.71-20160331103524.zip
With unlocked bootloader, you can now use fastboot mode. The easiest way is to do this from a running Android system:
adb reboot bootloader
Flash kernel:
unzip Z5C_AndroPlusKernel_v22c.zip
sudo fastboot flash boot boot.img
Flash recovery:
sudo fastboot flash recovery twrp-3.0-recovery.img
Install SuperSU:
boot into Android, copy BETA-SuperSU-v2.71-20160331103524.zip to internal storage (ADB sideload doesn't seem to work with this experimental TWRP at the moment...)
boot into TWRP by pressing volume-up when LED blinks immediately after turning on (and choose option "Keep Read Only" for the system partion)
Install SuperSU zip --> systemless mode
DEPRECATED Alternative 2: with modified system partition: http://forum.xda-developers.com/z5-...rnel-stock-kernel-dm-verity-sony-ric-t3350341
RECOMMENDED Alternative 3: with stock kernel patched for root and original system partition: http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Download rootkernel_V4.51_Windows_Linux.zip from URL above (or the newest version available at that time) and unpack
Patch the kernel from your currently flashed Sony firmware release:
Flashtool -> Tools -> SIN Editor to extract the kernel from kernel.sin in the directory created by XperiFirm --> .elf file
Copy latest SuperSU*.zip (v2.76 at the time of this last update) to the folder where rootkernel*.zip was extracted to.
Note: if using the firmware 32.2.A.0.224, you will need the latest beta SuperSU.zip from https://download.chainfire.eu/964/SuperSU/BETA-SuperSU-v2.74-2-20160519174328.zip . For 32.2.A.0.253 (the latest at the time of this update), use SuperSU v2.76 (non-beta).
./rootkernel.sh kernel.elf kernel-patched.elf
My personal recommendation for the options: don't disable RIC, install TWRP, don't install busybox, install DRM fix
sudo fastboot flash boot kernel-patched.elf
./flash_dk TA-02042016.img DK.ftf
Flash DK.ftf with flashtool for a more complete restore of DRM-based functionality with the original TA partition backup
UPDATED: Thanks to ninestarkoko for pointing out that also the AndroPlus kernel disables dm-verity to enable more flexibility for root-using apps. Originally I assumed that dm-verity would still be intact with alternative 1, which in fact it is not. As of 2016-05-11, I used alternative 3 instead of alternative 1.
Now that Xposed can be installed system-less (http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268), it should be possible to use with dm-verity intact. However, I have not tried this so far.
5. [Optional] Install Xposed
Sony MM firmware no longer seems to have the odex problem documented in http://forum.xda-developers.com/crossdevice-dev/sony/z4-z5-z5c-fix-camera-fc-installing-t3246962/, so no additional steps before/after "normally" installing Xposed are required
Download latest arm64 "sdk23" framework from http://dl-xda.xposed.info/framework/ (I used v81)
UPDATE: There is now a system-less version v86, which may even support OTA upgrades of the system image. At the time of this last update, I used the version linked from http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268.
Download XposedInstaller_3.0-alpha4.apk from http://forum.xda-developers.com/showthread.php?t=3034811 and install
UPDATE: For the system-less Xposed version, instead use XposedInstaller_by_dvdandroid.apk from http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268.
Install xposed-v86.1-sdk23-topjohnwu.zip via TWRP
6. Restore functionality relying on DRM credentials
Note: This is not necessary if you used alternative 3 for rooting above - that one already includes the DRM fix in the patched kernel image.
Using TWRP flashed in the step before, flash the ZIP to patch Sony credentials checks from http://forum.xda-developers.com/xperia-z5/development/sony-credentials-restore-unlocking-t3296383 .
Copy drmrestore.zip from above link to internal storage and install via TWRP
That's it!
Sorry, I have never been totally clear on the relationship of firmware and kernels. If I install .163 and go through all the root steps here, if I then install .185 will I no longer have root or will the kernel still be rooted? Or after I upgrade will I be required to go through the root process again? Or by chance is there just no root available for the .185 release yet? Thanks
I would like to make some observations to this useful post, because it seems there's a bit of confusion:
About point 2)
to backup TA partition, just connect the phone and run tabackup.bat from iovyroot zip .
It will execute adb commands automatically.
About point 3)
i would stick with Lollipop and unlock directly on Lollipop, there's no need to flash MM before. You need to flash a firmware using flashtool if you have already unlocked. Temporary root exploit does not alter in any way the current system.
About point 4)
All the modded kernels on xda seems to have dm-verity and sony ric disabled. Androplus kernel too ( https://kernel.andro.plus/kitakami_r2.html from the first changelog ). /system partition modification is also necessary for DRM restore functions.
I think that root priviledges for apps with DM-verity enabled on /system would be quite "dangerous". As soon as an app edit the system partition (just a simple mod), the phone would go in bootloop.
It's been one or two weeks since Tobias released a more advanced and updated technique to restore DRM functions, and just flashing a .zip is no more sufficient (now .zip flashing + .ftf flashing with flashtool)
The gold standard regarding the kernel part is:
-use a modded stock kernel (TWRP recovery and advanced DRM restore function included) following this guide:
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
-or use custom kernels like Androplus,... (TWRP might or might not be included) and then restore DRM functions following the instructions from the same post above (drmonly command from the package)
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Thank you for making a guide on Z5c forums. I've seen one only on z5 forums
Frontier3 said:
Sorry, I have never been totally clear on the relationship of firmware and kernels. If I install .163 and go through all the root steps here, if I then install .185 will I no longer have root or will the kernel still be rooted? Or after I upgrade will I be required to go through the root process again? Or by chance is there just no root available for the .185 release yet? Thanks
Click to expand...
Click to collapse
If you are on Lollipop, i suggest flashing directly MM .185 . If you are on MM .163 then flashing the whole firmware package will/could wipe everything, kernel included. I don't know exactly if the kernel from .163 is exactly the same as the one in .185. If your kernel gets wiped then root, DRM restore, TWRP would go away.
Let me explain: You need a modded kernel in order to install SuperSU, which gives root access to apps. SuperSU runs fine on many phones, Z5C MM included. If you upgrade using a .ftf file flashing, then the chance is high that you need to mod/install a custom kernel again, restore DRM functions and install SuperSU again.
If I root my phone, and then I turn it off and then on will the root still be usable?
What I'm asking is if its like iPhone's tethered and untethered jailbreaks?
I have rooted (unlocked bootloader), TWRP installed. How can I update to MM?
Many thanks for any help!
damn_son said:
If I root my phone, and then I turn it off and then on will the root still be usable?
What I'm asking is if its like iPhone's tethered and untethered jailbreaks?
Click to expand...
Click to collapse
Yes, it will be rooted, until you unroot!
Thanks for the tutorial.
Which region firmware should I choose for Canada? There's not even USA firmware available. Does it matter at all?
You mentioned using E5823_StoreFront_1299-6910_32.0.A.6.200_R2B to downgrade.
I'm currently on MM .185 Customized UK.
Does it matter what region I use?
fisheyes1 said:
You mentioned using E5823_StoreFront_1299-6910_32.0.A.6.200_R2B to downgrade.
I'm currently on MM .185 Customized UK.
Does it matter what region I use?
Click to expand...
Click to collapse
You'd have to go back to an exploitable firmware. Version working are mentioned here: http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
In the Z5c case E5823_StoreFront_1299-6910_32.0.A.6.200_R2B is the best solution IMO
ninestarkoko said:
I would like to make some observations to this useful post, because it seems there's a bit of confusion:
About point 2)
to backup TA partition, just connect the phone and run tabackup.bat from iovyroot zip .
It will execute adb commands automatically.
Click to expand...
Click to collapse
As I used Linux, the .bat script won't be directly applicable. The commands listed in my post will work with all host OS. (This is in addition to my personal disinclination to execute downloaded scripts directly on my development host .)
ninestarkoko said:
About point 3)
i would stick with Lollipop and unlock directly on Lollipop, there's no need to flash MM before. You need to flash a firmware using flashtool if you have already unlocked. Temporary root exploit does not alter in any way the current system.
Click to expand...
Click to collapse
Fully correct. I was already on MM before starting the whole process, so I had to go back to LL first.
ninestarkoko said:
About point 4)
All the modded kernels on xda seems to have dm-verity and sony ric disabled. Androplus kernel too ( https://kernel.andro.plus/kitakami_r2.html from the first changelog ). /system partition modification is also necessary for DRM restore functions.
I think that root priviledges for apps with DM-verity enabled on /system would be quite "dangerous". As soon as an app edit the system partition (just a simple mod), the phone would go in bootloop.
It's been one or two weeks since Tobias released a more advanced and updated technique to restore DRM functions, and just flashing a .zip is no more sufficient (now .zip flashing + .ftf flashing with flashtool)
The gold standard regarding the kernel part is:
-use a modded stock kernel (TWRP recovery and advanced DRM restore function included) following this guide:
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
-or use custom kernels like Androplus,... (TWRP might or might not be included) and then restore DRM functions following the instructions from the same post above (drmonly command from the package)
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Click to expand...
Click to collapse
Many thanks for that correction - I was wrong to assume that dm-verity would still be intact with Androplus kernel. I have updated my post accordingly.
Would have been good for me, to have boot and recovery bold. Just recalled the fastboot flash boot command to flash the recovery over
besides that: *****
sudo fastboot flash boot boot.img
Flash recovery:
sudo fastboot flash recovery twrp-3.0-recovery.img
Click to expand...
Click to collapse
smartphone-tester said:
As I used Linux, the .bat script won't be directly applicable. The commands listed in my post will work with all host OS. (This is in addition to my personal disinclination to execute downloaded scripts directly on my development host .)
Fully correct. I was already on MM before starting the whole process, so I had to go back to LL first.
Many thanks for that correction - I was wrong to assume that dm-verity would still be intact with Androplus kernel. I have updated my post accordingly.
Click to expand...
Click to collapse
Great to see updates to the first post, it will be useful for many new Z5c users out there
hi, im new z5c user
just received it and ill take this tuto for the root
thank you
Hey quick question, what exactly is stored in the DRM keys? I heard it's no longer the low-light camera stuff, so what is? If it's not too relevant isn't it just much easier to OEM unlock on MM, flash twrp and supersu (do you need the custom kernel to do so, btw?) and be done with it?
ApplepieFTW said:
Hey quick question, what exactly is stored in the DRM keys? I heard it's no longer the low-light camera stuff, so what is? If it's not too relevant isn't it just much easier to OEM unlock on MM, flash twrp and supersu (do you need the custom kernel to do so, btw?) and be done with it?
Click to expand...
Click to collapse
Some Sony-proprietary functions are dependent on the keys (e.g. low-light algorithms in the stock camera, seemingly also some screen optimizations, or potentially also stuff like screen mirroring - although I have not tried myself what is missing without real/fake DRM keys) as well as DRM management via Widevine. With the restore patches, you get most of the Sony functionality back even when the keys themselves have been deleted. Widevine might not work without the original keys available.
I just have a question cause I seem to be getting 0 answers elsewhere.
I want the latest lollipop on my Z5C and NOT Marshmallow. I believe it's the 32.0.A.6.200 build.
Anyway, I thought I could update to it like OTA, only not all the way to MM but staying at LP. Do I have to unlockbootloader, root and then use flashtool with the 32.0.A.6.200 build (which I've founda few online)? Is there no way to just install it like a "normal" update as I am currently still on stock 32.0.A.4.11. Is my only salvation to unlock bootloader, root and install the update?
You shouldn't have to unlock or root to use flash tool to flash 32.0.A.6. 200
Ive tried multiple different versions now, but it always stop at "Processing modem.sin", even tried leaving it for 20min. No results.
Anyone with a solution?
Edit: Also tried it on my macbook, same problem!
To clarify: Talking about downgrading to .200
It is not clear to me to try it and I doesnt want to brick my handy. Any way to make a video tutorial, including all, unlocking BL, backuk and restore DRM and also a way to turn back the device to a stock rom, for a warannty purposes (my camera is very very bad).
Thank you.
Sorry guys, but just to confirm: if I manage to successfully back up my TA partition, I can always go back and re-lock the boot loader, right? I am also skeptical about voiding warranty Sony speaks about on their corresponding web site. Do you think they save a record whenever someone requests an unlock code from them? In other words, if I need to restore stock ROM and TA partition later on (e.g. due to RMA), would it be possible for my vendor (Telekom) to check with Sony if I have ever unlocked my boot loader?
Many thanks for your great work!

Help me to twrp/root/xposed/kernel my XC

Hi,
I'll received my XC this week, and I'd like to root it.
I don't want a custom ROM, but just a stock one with xposed and remove some bloatwares.
Here are my needs:
keep DRM
latest stock rom
twrp
untouched system partition
easy OTA
XC Genesis kernel
xposed + module
Do you think it possible to achieve such a configuration?
How-to?
Thanks
EDIT: I'll update this post to make it an HOW-To for futures users with same questions.
Assuming you're unable to unlock your BL the steps are as follows...
Flash back to 198.
Backup your TA.
Unlock your BL
Update to 311
Extract kernel - ftf/sin/elf
Run elf through Rootkernel_v5.23 - (In cmd prompt window - rootkernel kernel.elf boot.img)
Create DK ftf with Rootkernel_v5.23 (In cmd prompt window - flash_dk TA-19022017.img DK.ftf)
Flash new boot.img
Flash TWRP.img
Flash Super User zip
Flash DK.ftf with Flashtool 9.22
...and that should be it.
Latest stock Rom + xposed will not be possible...
mika91 said:
Hi,
I'll received my XC this week, and I'd like to root it.
I don't want a custom ROM, but just a stock one with xposed and remove some bloatwares.
Here are my needs:
keep DRM
latest stock rom
twrp
untouched system partition
easy OTA
XC Genesis kernel
xposed + module
Do you think it possible to achieve such a configuration?
How-to?
Thanks
EDIT: I'll update this post to make it an HOW-To for futures users with same questions.
Click to expand...
Click to collapse
Forget about OTA when rooted...
I though that using xposed leave the system partition untouched, so OTA updates are possible...
mika91 said:
I though that using xposed leave the system partition untouched, so OTA updates are possible...
Click to expand...
Click to collapse
OTA is not possible once bootloader is unlocked. System partition touched or not played no role.
ok.
So if I want root the XC, I have to unlock the bootloader, loose DRM and ota?
How is the camera quality without the drm keys?
Thanks
mika91 said:
ok.
So if I want root the XC, I have to unlock the bootloader, loose DRM and ota?
Click to expand...
Click to collapse
See my post to get a rooted stock with DRM.
mika91 said:
ok.
So if I want root the XC, I have to unlock the bootloader, loose DRM and ota?
How is the camera quality without the drm keys?
Thanks
Click to expand...
Click to collapse
You HAVE to unlock. There is NO root on LOCKED bootloader.
Unlocking bootloader deletes TA partition, containing DRM keys. You should BACKUP your TA partition BEFORE unlocking using DirtyCow Backup tool from Sony Cross Devices forum.
After unlocking, you can either flash kernel that supports DRM patching either by using fake DRM libraries, or your real DRM keys, either flashed in alternative location (see RootKernel tool in Z5 forums, works on almost all modern Xperias) or PoC TA tool from Sony Cross devices, that mounts your TA backup as TA partition, therefore your phone looks as having DRM keys and locked.
XperienceD said:
Assuming you're unable to unlock your BL the steps are as follows...
Flash back to 198.
Backup your TA.
[*]Unlock your BL
[*]Update to 311
[*]Extract kernel - ftf/sin/elf
[*]Run elf through Rootkernel_v5.23 - (In cmd prompt window - rootkernel kernel.elf boot.img)
[*]Create DK ftf with Rootkernel_v5.23 (In cmd prompt window - flash_dk TA-19022017.img DK.ftf)
[*]Flash new boot.img
[*]Flash TWRP.img
[*]Flash Super User zip
[*]Flash DK.ftf with Flashtool 9.22
...and that should be it.
Click to expand...
Click to collapse
Would you mind detailing a bit more those steps, especially the first 2? Im coming from a really old phone so im still a bit lost. (where can i learn about ftf/sin/elf?)
How can we flash back to 198? Flashing doesnt require an unlocked BL, wich to be achieved deletes your TA?
im on a brand new X Compact, 7.0 (34.2.A.0.292), secure patch 01/01/17
managed to get flashtool, adb/fastboot and Universal TA Backup v2 on my pc but no dice on TA backup yet
fredsky2 said:
Would you mind detailing a bit more those steps, especially the first 2? Im coming from a really old phone so im still a bit lost. (where can i learn about ftf/sin/elf?)
Click to expand...
Click to collapse
Sure. You don't really need to learn about those stuff but is handy to know, you'll pick stuff up along the way. They are basically firmware files.
fredsky2 said:
How can we flash back to 198? Flashing doesnt require an unlocked BL, wich to be achieved deletes your TA?
Click to expand...
Click to collapse
Open the flashtool and run Xperifirm (icon with XI) on it, then browse to the XC, then click on F5321 and it will load up the different regions and available firmware. If you click on "check all" it will then show which FW is available to download, Central Europe 5 still shows as 198, so you need to select it on the right of the screen under the picture of the phone, it will then download and it's simply a matter of following the instructions to flash it.
fredsky2 said:
im on a brand new X Compact, 7.0 (34.2.A.0.292), secure patch 01/01/17
managed to get flashtool, adb/fastboot and Universal TA Backup v2 on my pc but no dice on TA backup yet
Click to expand...
Click to collapse
When you get 198 on your phone then you'll be able to back your TA. If you get stuck give us a shout.
XperienceD said:
Sure. You don't really need to learn about those stuff but is handy to know, you'll pick stuff up along the way. They are basically firmware files.
Open the flashtool and run Xperifirm (icon with XI) on it, then browse to the XC, then click on F5321 and it will load up the different regions and available firmware. If you click on "check all" it will then show which FW is available to download, Central Europe 5 still shows as 198, so you need to select it on the right of the screen under the picture of the phone, it will then download and it's simply a matter of following the instructions to flash it.
When you get 198 on your phone then you'll be able to back your TA. If you get stuck give us a shout.
Click to expand...
Click to collapse
Thank you, i was able to successfully backup my TA earlier yesterday. But now im struggling with how to restore it in MM 6.0.1 (34.1.A.1.198).
I've read that i'll need a custom kernel for that (and to get TWRP+supersu+magisk+xposed) but im unsure if i should use Genesis (probably unsuported but the only one that says it'll restore MY TA) or Advanced Stock Kernel from Androplus. Ive read that messing with TA can hardbrick my phone so im trying to be extra careful.
atm im following ondrejvaroscak's quickrecap to make sure everything goes smooth with my TA keys and then i plan to downgrade to 6.0, install Advanced Stock Kernel, supersu 2.79 and magisk and then pray for the best (without reflashing my own DK.ftf?)
fredsky2 said:
Thank you, i was able to successfully backup my TA earlier yesterday. But now im struggling with how to restore it in MM 6.0.1 (34.1.A.1.198).
Click to expand...
Click to collapse
Download Flashtool 9.22.3 and flash your DK.ftf, flashing with a newer version doesn't work, you should then be able to verify it's worked in the service menu.
fredsky2 said:
I've read that i'll need a custom kernel for that (and to get TWRP+supersu+magisk+xposed) but im unsure if i should use Genesis (probably unsuported but the only one that says it'll restore MY TA) or Advanced Stock Kernel from Androplus. Ive read that messing with TA can hardbrick my phone so im trying to be extra careful.
Click to expand...
Click to collapse
You can use the RootKernel tool to modify your own kernel, extract the kernel.sin from the ftf with a zip program, then use the flashtool to extract the kernel.elf, Tools-Sin Editor-Extract Data then run it through the RootKernel tool and flash the boot.img it creates, then flash TWRP separately to the recovery partition which will allow you then to flash SuperSU.
SuperSU and BusyBox are the only options I didn't include when creating my kernel. Others will have to help with the other two things you want as I refuse to use them.
XperienceD said:
Download Flashtool 9.22.3 and flash your DK.ftf, flashing with a newer version doesn't work, you should then be able to verify it's worked in the service menu.
You can use the RootKernel tool to modify your own kernel, extract the kernel.sin from the ftf with a zip program, then use the flashtool to extract the kernel.elf, Tools-Sin Editor-Extract Data then run it through the RootKernel tool and flash the boot.img it creates, then flash TWRP separately to the recovery partition which will allow you then to flash SuperSU.
SuperSU and BusyBox are the only options I didn't include when creating my kernel. Others will have to help with the other two things you want as I refuse to use them.
Click to expand...
Click to collapse
Thanks again. I was worried that the drm-fix from the kernel editing tool could corrupt my TA partition but thankfully i was wrong on that .
Im now at MM 6.0, original DRM keys, TWRP, xposed, rooted with magisk and im almost sure that with busybox. Why do you refuse to use them? Just curious!
Thanks a lot for your help, cheers
fredsky2 said:
Thanks again. I was worried that the drm-fix from the kernel editing tool could corrupt my TA partition but thankfully i was wrong on that .
Click to expand...
Click to collapse
I flashed a kernel I made with the Rootkernel tool without the drm fix but it showed some mumbo jumbo where it should say ok and provisioned, included the drm fix in the next one and it worked fine then.
fredsky2 said:
Im now at MM 6.0, original DRM keys, TWRP, xposed, rooted with magisk and im almost sure that with busybox. Why do you refuse to use them? Just curious!
Thanks a lot for your help, cheers
Click to expand...
Click to collapse
You're welcome. I refuse because I prefer to know how to mod apks directly and I found Xposed to be quite buggy. I can see the benefits, it's just not for me.

Categories

Resources