Root Xperia Z5 Compact Android 6.01 (Tested and Working) - Xperia Z5 Compact General

I rooted my phone following the guide from user "smartphone-tester". I wanted to update his post as there were 1 or 2 mistakes, and shorten in to make rooting seem a little less scary. His original post is here: http://forum.xda-developers.com/z5-compact/general/summary-tutorial-root-sony-xperia-z5-t3360515
STEP 1 Backup your device
Move everything you want to keep onto the SD card or your PC. Your phone will be completely wiped.
STEP 2 Downgrade to exploitable firmware release
2.1 Download XperiFirm from http://forum.xda-developers.com/crossdevice-dev/sony/pc-xperifirm-xperia-firmware-downloader-t2834142
2.2 In XperiFirm - download firmware build 32.0.A.6.200 with XperiaFirm (E5823_StoreFront_1299-6910_32.0.A.6.200_R2B)
2.3 Download flashtool from http://www.flashtool.net/index.php(get latest version)
2.4 In Flashtool - Create FTF file. Select Tools->Bundles->Create
2.5 In FlashTool - Flash the FTF in flashmode. Make sure to select the checkboxes under Wipe. (Takes 10 minutes)
STEP 3 TA / DRM Keys Backup and root current firmware
3.1 Download Ivy Root http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
3.2 Connect your phone in ADB mode, in a command window run:
adb push "root/iovyroot" "/data/local/tmp/iovyroot"
adb push "root/backup.sh" "/data/local/tmp/backup.sh"
open shell: adb shell
chmod 777 /data/local/tmp/iovyroot
chmod 777 /data/local/tmp/backup.sh
mkdir /data/local/tmp/tabackup
/data/local/tmp/iovyroot /data/local/tmp/backup.sh
exit
adb pull "/data/local/tmp/tabackup/"
STEP 4 UPGRADE TO LASTEST ANDROID (6.01)
4.1 In XperiFirm - download firmware 32.2.A.6.224 (get the build for your model, mine is E5823_Customized TW_1298-7315_32.2.A.0.224_R9C)
4.2 In Flashtool - create FTF file from E5823_Customized TW_1298-7315_32.2.A.0.224_R9C and flash in flashmode.
4.3 In your phones setting, under develop options - select "Enable OEM Unlock"
4.4 Unlock your bootloader by following these steps excactly :http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/
STEP 5 ROOT ANDROID 6.01
5.1 Download SuperSu 2.74 or greater. Copy the zip file onto your Z5 Compacts internal storage https://download.chainfire.eu/964/SuperSU/BETA-SuperSU-v2.74-2-20160519174328.zip
5.2 In Flashtool -> Tools -> SIN Editor , then extract the kernel from kernel.sin in the directory created by XperiFirm when you downloaded 32.2.A.6.224. It creates an .elf file
5.3 Download rootkernal tool from http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605 extract the zip into a folder, then copy the .elf file into the folder
5.4 In a cmd window go into your extracted rootkernal folder, run the command: rootkernel kernel.elf kernel-patched.elf
5.5 When rootkernel is running, select Disable Sony RIC, install TWRP, install busybox, install DRM fix
5.6 Put your phone into fastboot mode (Turn off phone, hold volume up and plug in USB)
5.7 Flash your patched Kernel to your phone with this command: fastboot flash boot kernel-patched.elf
5.8 Go Into TWRP(unplug usb, turn phone on, then keep hitting volume up until phone goes into TWRP)
5.9 Install SuperSu : Select Install, Select SuperSU zip --> systemless mode
STEP 6
6.1 Restart your Device and your done!
DRM KEYS: While we did make a backup for the TA partition containing the DRM keys, this tutorial did not explain how to restore that because in STEP 5 when patching the kernel we selected to use the DRM Fix. This DRM Fix should be good enough - as everything on my phone is working 100%, but should you ever need to restore your TA partition in the future you have your backup.

nice
you should make a video on how to do this (this is my 1st time rooting and i am completely lost)

I'm an occasional user of all those rooting methods. Here I'm fairly stuck at the Iovyroot step.
I was able to unlock bootload, to flashboot the thing, to even revert to 5.1.1, but then, at the Iovyroot step, I can no long see where to open the cmd. Even when I enter adb devices or android devices, nothing is shown. Although I changed the path in the variables.
I'm getting frustrated big time with the lack of user friendly infos on those tutos. Half of the stuff I had to search for third party tutos to understand how I should go to the next step. Please, help someone who doesn't have his translator on.
EDIT: Well, in the end I couldn't do the backup part, but I just did the rooting and the phone seems all good. Powerful and versatile tool in my pocket, I'm pretty satisfied. Thank you for the tuto, be more user friendly though next time. Some people come here with little knowledge, they need to find their way properly.

Why so many steps when all you have to do is unlock the bootloader, flash twrp and that's it? I rooted on lollipop so I'm confused where it git so complicated.

civicsr2cool said:
Why so many steps when all you have to do is unlock the bootloader, flash twrp and that's it? I rooted on lollipop so I'm confused where it git so complicated.
Click to expand...
Click to collapse
The tutorial covers backing up the TA partition that holds the Sony DRM stuff that's used by the camera (and maybe some other stuff).
This is "just in case" the DRM work around stops working, or if something in the future requires the actual TA partition to have the data there.
If you don't care about anything that is affected by the DRM stuff and don't care that not having a backup could prove to be detrimental in the future, you do only need the few steps of 1) unlock bootloader, 2) flash twrp, 3) flash supersu.

what are those step exactly (sorry new to this)
---------- Post added at 03:47 PM ---------- Previous post was at 03:31 PM ----------
I am stuck on "2.5 In FlashTool - Flash the FTF in flashmode. Make sure to select the checkboxes under Wipe. (Takes 10 minutes)" all i get is a window with source folder, device, branding, version. and I don't see the word wipe at all

greenkabbage said:
The tutorial covers backing up the TA partition that holds the Sony DRM stuff that's used by the camera (and maybe some other stuff).
This is "just in case" the DRM work around stops working, or if something in the future requires the actual TA partition to have the data there.
If you don't care about anything that is affected by the DRM stuff and don't care that not having a backup could prove to be detrimental in the future, you do only need the few steps of 1) unlock bootloader, 2) flash twrp, 3) flash supersu.
Click to expand...
Click to collapse
Gotcha. I see no reason to worry about backing up ta, the fix has been working for nearly 7 months and no reported troubles

ISO_Metric said:
you should make a video on how to do this (this is my 1st time rooting and i am completely lost)
Click to expand...
Click to collapse
If this rooting turortial is too difficult try this: http://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294
With this app, you can fully debloat your phone on a completely stock firmware, locked bootloader etc. Because its your phone is not rooted though, you cannot get Xposed framework or CM13, or other advanced stuff - but for those of us who wanted root just to clean up our devices - this method is definitly the best!

1|[email protected]:/ $ /data/local/tmp/iovyroot /data/local/tmp/backup.sh
iovyroot by zxz0O0
poc by idler1984
Error: Device not supported
Someone knows ho to solve this error in step 3.2? Thank you in advance for the help

can I do this tutorial with 32.0.A.6.152 in step 2 and 32.2.A.0.256 in step 5 ?

sheraro said:
can I do this tutorial with 32.0.A.6.152 in step 2 and 32.2.A.0.256 in step 5 ?
Click to expand...
Click to collapse
There is a .256 firmware?

flopower1996 said:
There is a .256 firmware?
Click to expand...
Click to collapse
sorry .253 , I found that iovyroot works only with .200 for E5823 so never mind

Hi all, sorry for the dumb question, but is there any hope for a root without the bootloader unlocked?

gabbodj95 said:
Hi all, sorry for the dumb question, but is there any hope for a root without the bootloader unlocked?
Click to expand...
Click to collapse
No

Thank you
Hi @Dean F , I appreciate your effort to simplify the steps here as it's a bit messy from the original post.
I've been rooting from Xperia Ray to Xperia Z1 but Z5 have been very challenging for me probably due to the lack of understanding from "How to root post" before you actually made this one.
Thank you my friend :good:

Pardon me for being an idiot

Hello Dean F!
Thanks for this tutoial. But before I'll try this, I have two quetions:
1) How do I use your steps WITH restoring the backuped TA-partition?
2) Is the descriped process also usable with a Xperia Z3 Tablet?
Thanks and greetings from GErmany
"klausstoertebeker"

hi,
i cannot download 32.0.A.6.200_R2B from XperiFirm,
"unable to read data from the transport connection: The connection was closed."
i tried like 10 times, and always same i cannot download until done,
are you or member in here know where i can download firmware 32.0.A.6.200_R2B (E5803) for unlock and rooting my phone?
thankyou very much
nb: sorry for my bad english.

bintangsofyan said:
hi,
i cannot download 32.0.A.6.200_R2B from XperiFirm,
"unable to read data from the transport connection: The connection was closed."
i tried like 10 times, and always same i cannot download until done,
are you or member in here know where i can download firmware 32.0.A.6.200_R2B (E5803) for unlock and rooting my phone?
thankyou very much
nb: sorry for my bad english.
Click to expand...
Click to collapse
Hi, you should download the AU Telstra. That's the only working one for that firmware. You can check the firmware of AU Telstra to double confirm if it's the right firmware.

How to root 32.0.A.6.200 please?

Related

[GUIDE][ROOT] How to Root 101 / 230 Firmware with Locked Bootloader

ROOT JB (101) AND KITKAT (230) FIRMWARE WITH LOCKED BOOTLOADER
This thread is now officially obsolete. There is a new, simple and efficient ROOT method created by @geohot, based on the asec exploit. This method is valid for all versions of android with kernel dates older(earlier) than 04 June. The method probably works on any phone / tablet device EXCEPT the HTC M8, Moto G & E, and devices with Intel chipsets. Go to this thread for details:
http://forum.xda-developers.com/showthread.php?t=2783863
The guide below is obsolete and remains only for info. Please do not follow?.
DISCLAIMER: The steps WILL INVOLVE OBTAINING BOOTLOADER UNLOCK CODE FROM SONY, However, after unlocking, you will be guided to re-lock bootloader so that the end result will be a phone with Marlin Keys, Bravia Engine2 and Bootloader INTACT (LOCKED).
Starting Assumptions:
1. You have a Sony Xperia Z (C66XX) L-39H (Duh! Obvious!)
2. You have some knowledge of Root, SUPERUSER and enabling developer options, enabling USB Debugging mode, switching off and connecting your phone to USB & Computer with vol Up / Down Pressed to enable Fastboot mode or Flash Mode. If not, then go slowly and patiently, read every screen that flashes in front of you on your PC/Laptop and choose dilligently.
3. The bootloader status of your phone is BOOTLOADER UNLOCK ALLOWED--YES. This is the general case if you are on a no-contract plan with your service provider, or you have brought the phone at a full premium price (No discounted price by your wireless service provider). US / Canadian users, please obtain your unlock codes before you proceed further, all your phone's bootloaders ARE LOCKED. If you have bought the phone second-hand or from a dubious source check the bootloader lock status by opening the dialler and entering *#*#7378423#*#* (star-hash-star-hash S E R V I C E hash-star-hash-star). You will see four options 1. Service Info, 2. Service Tests, 3. Calibrations and 4. Customisation Settings. To check the bootloader status tap on Service Info>(next page)>tap on configuration>(next page) the last item is your bootloader status. It must read bootloader unlock allowed-YES If it reads "bootloader unlock allowed-NO" then you need unlock codes from your wireless service provider. If it reads "bootloader-UNLOCKED", then you have lost your Marlin keys and bootloader (This also means you cannot flash Sony updates, but you have a wide open field to flash any ROM and kernel of your choice!).
4. Loads of Patience....
5. Some coffee / favourite non-alcoholic brew at hand for sustenance (alcoholic beverages can be for later, till you're done with the process / you are past the legal age. Until then go easy....)
6. It is assumed that you have a Windows PC / Laptop (Win32/64) with all necessary drivers loaded. If not just download and install PC Companion, it will install the necessary Sony drivers.
Step-1
Locked bootloader with 4.2.2 (67 or lower firmware) ROOT status idoesn't matter.
Locked Bootloader with 4.3 (.569 / Commercial & Journalist's firmware) rooted / unrooted.
If on 4.2 firmware, then ROOT your device using BINARY's Method or cubeundcube's method (DOOMLORD's method works below 67 firmware, but I may be wrong) Links:
Binary's Thread: http://forum.xda-developers.com/showthread.php?t=1886460
cubeundcube nethod: http://forum.xda-developers.com/showthread.php?t=2559009
DOOMLORD's thread: http://forum.xda-developers.com/showthread.php?t=2327472
If on 4.3 firmware and not rooted, then downgrade to 4.2.2 (67 firmware) by flashing a ftf file of your region. Links for flashtool thread is given below. Use thread search to find ftf file for your region and download it.
If you are already rooted on 4.3, 569 firmware AND have a locked bootloader, then start from this point.
Make a backup of your Trim Area (TA) by using the tool created by DevShaft at this thread: http://forum.xda-developers.com/showthread.php?t=2292598 This Step is VERY IMPORTANT!!!!!
Step-2
You now have a rooted phone on 4.2.2 (67 firmware) or 4.3 (569 firmware), AND you have made a backup of yourphone's TA.
Now, upgrade to 4.3 (101 firmware) by connecting your phone to the PC (USB cable) using PC Companion or by using SUS. Use the UPGRADE option and not the CLEAN INSTALL option to retain data. On the first boot after upgrade you will realize that you've lost ROOT and any recovery that you had earlier installed.
Make a FTF file of the upgraded ROM by following the instructions from this thread by deadmask (http://forum.xda-developers.com/xperia-u/general/guide-how-make-ftf-stock-firmware-sus-t2075736) or from Stage-3 of this thread by VipeR (http://forum.xda-developers.com/showthread.php?t=2188129)
Step-3
You now have a phone on the latest firmware (without root) AND you have a backup of TA from 4.2 firmware, AND ALSO have a FTF file for the latest firmware.
Obtain the unlock code for your bootloader from the Sony website. Link: http://unlockbootloader.sonymobile.com/
enter your phone's IMEI number and your email to recieve the unlock code. Legal eagles, obtaining an unlock code DOES NOT MEAN THAT you have actually used it!!! Open your e-mail inbox and check for mail from SONY containing your unlock code.
Custom Kernel Download First download a custom kernel by DOOMLORD (with CWM) recovery for use immediately after unlocking the bootloader from this thread by DOOMLORD: http://forum.xda-developers.com/showthread.php?t=2167381 . Download the custom kernel and place it on your computer's desktop/folder of your choice. Extract the contents of the zip file and we'll come back to it later.
ADB+Fastboot Tools Download a set of ADB and fastboot tools made by anonymous and hosted at the Dev-host site Download link : http://d-h.st/I8l
After the zip file has downloaded extract it to get a folder fastboot+ADB Now take out the boot.img file from the zip file containing DOOMLORD's kernel above, and copy it to the win32subfolder inside the fastboot+ADB folder. Make a note of the location (Drive/folder) where this folder has been saved. (preferred storage on the desktop)
CWM Flashable SuperSU Download Download the latest flashable Super SU by Chainfire from the OP of this thread: http://forum.xda-developers.com/showthread.php?t=1538053 . Download the latest cwm flashable superSU.zip and place it in your phone's external SD Card
Use Androxyde's Flashtool (thread link:http://forum.xda-developers.com/showthread.php?t=920746) to unlock your bootloader It is a painless one-click procedure using the BL button. follow the instructions in the flashtool and let the phone reboot (after unplugging USB) Now recheck if ADB debigging mode and Unknown sources are enabled in phone settings.
Now click START on your PC and enter 'cmd' in the search box. Right click on the command prompt / DOS box (cmd.exe) and choose "run as administrator". Enter the administrator password if prompted by the PC. In the command prompt window type the following commands:
cd\
cd users\(your login username)\desktop\fastboot+adb\win32\ (in case you stored the fastboot+adb file on your desktop) or navigate to the folder where you stored the extracted files....
fastboot flash boot boot.img (did you extract and store the boot.img file from doomlord's kernel to the win32 file of fastboot+adb?)
wait for the results to flash and then type fastboot reboot andWAIT before you hit ENTER
Click to expand...
Click to collapse
Hold the phone in your hand and do the reboot command. As soon as the blue light goes off and the SONY logo appears wait for the phone LED to turn violet. Press Vol UP button on seeing the violet LED and release-press-release-press two to three times for good measure (Sometimes a constant press also works) till the LED goes off and the phone boots into CWM. In the CWM menu use the Vol up/down to tab move between the options and use the power button to select. There is also a touch-swipe down/up to tab-move and swipe right to select or swipe left to go back, use this method only if you are confident/familiar with the touch-select method. Select flash a Zip from external SD card and navigate to the folder where you stored the update-superSU-1.93.zip and select it. confirm by moving down to select Yes, Flash update-supersu1.93.zip and let CWM finish flasing the SU. go back to the main page and reboot to system from CWM.
After the phone reboots check Super SU is loaded on your phone in /System/app/ and check full root access on your phone....
Step-4
You now have a rooted phone on the Latest 101 firmware, with unlocked bootloader, AND you have a backup of your phone's TA and also have a ftf file of the latest firmware.
Now you have one last step to go back to stock kernel for locking your bootloader. Start Flashtool and select the flash (lightning) button select flash mode. Now select the latest firmware, which you had converted to FTF and on the right side top, (wipe options) untick all wipe options. On the right bottom (exclude), tick mark to exclude everything EXCEPT kernel and fotakernel. See that the centre window (flash content) shows only kernel.sin, fotakernel.sin and loader.sin. (Check Screenshot for reference) Now hit the flash button and put the phone into flash mode.Unplug and Reboot
Step-5
Now you have a rooted phone with the latest firmware on stock kernel (no CWM) AND you have a backup of the TA from your phone.
Now's the time to flash the TA. Do you remember the steps of making backup/restoring TA. check DevShaft's thread again, and remember it is better to do a dry run for restoring TA, before the final restore. DO IT.
Finally, you have rooted the phone with the latest firmware, and relocked your bootloader, and all with a ROM/Kernel and customisation of your region/choice.
Future Steps:
Flash a recovery. [NUT]'s dual recovery for locked bootloader is the best. Thread link : http://forum.xda-developers.com/showthread.php?t=2261606
Acknowledgements:
All DEVs and OPs whose threads, posts, tools and files as mentioned in this post. I have only placed them in one order. You may thank each thread OP &/or Dev for their tools, files and guides.
Unlock bootloader?
And re-lock at the end.... You wanna?
Dead Cookies leave no trails...
In 67 you can root with Doomlord solution, no need to unlock the bootloader.
Then need to update with cwm method other than rom flash.
Simple and easy to follow I now have a rooted Xperia Z on Android 4.3
johan8 said:
In 67 you can root with Doomlord solution, no need to unlock the bootloader.
Then need to update with cwm method other than rom flash.
Click to expand...
Click to collapse
hi there, would you pls advise the step for Doomlord's solution? I follow this threat http://forum.xda-developers.com/showthread.php?t=2386405 but fail at step 2 flash older rootable version (tried XperiaZ_C660X_KernelOnly_10.3.A.0.423_Generic_NL.f tf - 7.12 MB and C6603_10.4.1.B.0.101_Stripped.ftf). phone boot loop.
That's why I didn't advise using doomlord's method in op. Read again. Root using bin4ry's method/cubeundcube method and proceed as per op. There's no need for striped and full ftf, just the ftf you create from your upgrade is enough.
Dead Cookies leave no trails...
If you're going to go back to 2.67 anyway its easier to just flash NUTs upgrade to 4.3.
You will also have root and no fiddling with bootloader required.
Managed it successful. Thanks for your detailed tutorial. Very nice, now let's look forward to KK!
Sent from my GT-I8160 using xda app-developers app
I got a question,Is there a way I can unlock my bootloader without losing all my data?
I posted this thread only after verifying the steps on my device. I was initially on 569 with locked bootloader and rooted. I did the exact steps and found that I had not lost any data, personal or on the internal sd card. Try... But Pls make a backup, just in case (I did it too).
Dead Cookies leave no trails...
Cookie Ninja said:
I posted this thread only after verifying the steps on my device. I was initially on 569 with locked bootloader and rooted. I did the exact steps and found that I had not lost any data, personal orion internal sd card. Try... But Pls make a backup, just in case (I did it too).
Dead Cookies leave no trails...
Click to expand...
Click to collapse
I have a nandroid backup of 4.2.2 so I guess I could just restore that If I happen to lose my stuff. Or maybe I have to downgrade and then restore?
Edit: But Honestly it's really risky. maybe I'll just wait till someone comes up with an exploit for 4.3.
May have to wait a long time till a roast duck flies into your open mouth.....
Dead Cookies leave no trails...
Cookie Ninja said:
May have to wait a long time till a roast duck flies into your open mouth.....
Dead Cookies leave no trails...
Click to expand...
Click to collapse
You don't have to be a **** about it
First thanks
If i had download 4.3 101 on my copmputer and flash it manual can i skip step 2
- And when i flash framework and electocity cut can damage my phone ??!!
Sent from my C6603 using XDA Premium 4 mobile app
Wow too BIG post for root 4.3 and also i didnt understand anything:silly:
Huh! With every new phone I bought,rooting is harder.Samsung phones was so easy to root.LG was a little bit harder,but this... :-S
Sent from my C6603 using Tapatalk
Guys, it is not sooo hard as it sounds. If you are familiar with the usage of the flashtool and have a little bit trust in yourself, then THIS is definitive the right thread to get root access and a relocked bootloader on your .101 firmware. Follow exactly the steps and don't - please don't - listen to some smart heads who suggest to flash a prerooted fw. Take the hard way and you'll be definitive successfull. I did so with this tut, and my Z is totally ok. Thanks to Cookie Ninja again.
Sent from my rooted C6603 using xda app-developers app
hi all
ive got xperia z 6603 with 101 firmware..i try to flash 569 stripped file and then when i check back it doest even change anything at about phone..it still on 101..please someone..please provide more detailed instructions..im on LB..
Great tutorial. I've been linking people to it fairly regularly.
Just some input; you're advising people to get unlock codes from their network provider when it states 'Bootloader unlock allowed : No' in the service menu.
I'm fairly (almost completely) certain that there is no way for people in that situation to get the status changed at all, including by their network provider or Sony. Network/sim unlocking the device does not affect the bootloader unlock status.
Also, Flashtool has a fastboot mode that allows flashing of the boot.img, which may be easier for some that aren't confident working with the command line.
Anyway, they're small issues in what is a thorough tutorial.
Sent from my C6603 using Tapatalk

How-to: root, keep and backup DRM keys, etc. [KitKat/Lollipops/Marshmallow/etc.]

By almost popular demand, making this a thread
This is a how-to root, install recovery, backup drm keys, etc. from scratch in a single thread since finding all threads can be daunting. That's basically all the things you generally want to do when you root the phone (WITHOUT UNLOCKING THE BOOTLOADER).
TL;DR - overview
If you know what you're doing, you really just need to read this part of the post. If you're unsure, read the step-by-step instead.
If you're running Android 6.0.1 MM with firmware .291 (and probably any other future firmware), want to root without unlocking the bootloader more quickly than the method below refer to this post: http://forum.xda-developers.com/z3-compact/general/recovery-root-mm-575-lb-t3418714 (get all 3 zips, rename the kernel zips to .ftf, flash kernel575.ftf with flashtool - reboot - enable dev mode, run bat script - reboot in recovery and flash supersu.zip - flash kernel291.ftf, reboot, done (for future versions you'll want to only flash the kernel from sony's ftf after rooting)
Downgrade the firmware, as the root exploit only works with older firmware such as 23.0.A.2.93.
Run the root exploit to get root
Backup the DRM keys
Upgrade the firmware to the latest version, while retaining root access (or by using a pre-rooted images that nice people made)
In the process, we'll install DualRecovery and SuperSu (having the custom recovery is what allows you to keep root as it let you flash a modified image that has SuperSU on it)
See the FAQ at the bottom in case you need additional help, about mounting /system read-write, fixing the sdcard issues, etc. These are not directly related to the rooting process, but you most likely want to perform these tasks anyway.
Step by step instructions
Read instructions carefully, there's many steps, making this slightly complex.
Ensure you backed up everything you need (files/apps/pictures/etc) first, these will be lost! - YOUR PHONE WILL BE WIPED.
-- FW DOWNGRADE AND INSTALL WITH FLASHTOOL --
Downgrade fw to 23.0.A.2.93 (Device D5803) or anything prior to 23.0.1.A.5.77 (december fw)
Global:https://mega.nz/#F!wdEG3aiD!Ej2S4hcMKGPgnmGudvAegg (look for 23.0.A.2.93) (or see http://forum.xda-developers.com/showpost.php?p=66275977&postcount=2030 for more links if this one no longer works)
Get and install Flashtool at http://www.flashtool.net/index.php
Move the fw into the C:/Flashtool/firmwares directory
Open Flashtool, click on the lightning symbol ("flash device"), select "Flashmode" and click on "OK"
Just select the name of the fw you downloaded and click on "Flash"
Wait for a window to pop up (it may take a few minutes, be patient)
Now everything is ready: turn off your phone
Push the volume DOWN button, connect the USB cable to your PC while still pushing the volume DOWN button
Once the flashing process has started, release the volume button
) Do not disconnect the USB cable, wait until flash completes (flashtool will indicate when you can unplug).
-- ROOTING W/ EXPLOIT --
Enable USB debugging on the phone (Settings => About phone => Click 7 times on Android Build to unlock developer options)
Allow mock locations (Settings => Developer Settings)
Ensure you have adb drivers installed (http://support.sonymobile.com/gb/tools/pc-companion/ don't use it to update
Download rooting tool (http://forum.xda-developers.com/devdb/project/dl/?id=10766&task=get) or latest from http://forum.xda-developers.com/crossdevice-dev/sony/giefroot-rooting-tool-cve-2014-4322-t3011598)
Unzip the rooting tool
Connect phone to your computer
Put phone in airplane mode
Run install.bat from the rooting tool (allow USB debugging when asked on the phone every time, also allow root prompt) and follow instructions from the tool
You should be rooted now, if you get an error "Device not rooted" trying running the tool once more
-- Backup DRM keys/TA Partition --
Get backup ta tool from https://github.com/DevShaft/Backup-TA/releases
Unzip it!
Ensure phone is still connected (or reconnect it)
Run Backup-TA.bat
Read the information and follow the instructions given by the tool.
-- Install latest firwmare with root, DRM keys, recovery --
Alternative 1: pre-made pre-rooted image (for fast internet, slow pc
Get a pre-rooted image:
For KitKat - fw 23.0.1.A.5.77 (android 4.4. dec 2014) at http://forum.xda-developers.com/z3-...ist-pre-rooted-firmwares-6-oct-2015-t32188206 then skip directly to step 33.
Or, for Lollipop - fw 23.1.A.0.690 (Android 5.0 March 2015) at http://forum.xda-developers.com/z3-compact/development/list-pre-rooted-firmwares-6-oct-2015-t3218820 then skip directly to step 33.
Or, for Marshmallow - fw 23.5.A.1.291 (Android 6.0 June 2016) at https://mega.nz/#!0JUA2DzR!5-5Tz1BRr3gkvrt_loqHzePsgfSeGKCD07xhQzugl4w or http://forum.xda-developers.com/z3-compact/development/list-pre-rooted-firmwares-6-oct-2015-t3218820 then skip directly to step 33.
Alternative 2, for newer fw for example - build your own pre-rooted image (fast pc, slower internet:
Get PRFC from http://forum.xda-developers.com/crossdevice-dev/sony/tool-prfcreator-easily-create-pre-t2859904
Get latest fw from http://forum.xda-developers.com/z3-compact/general/list-stock-firmwares-d5803-d5833-t2906706
Get latest SuperSU zip http://download.chainfire.eu/supersu
Get DualRecovery zip (the flashable zip, not the installer one) from http://nut.xperia-files.com/ you want Z3C-lockeddualrecoveryX.Y.Z-RELEASE.flashable.zip
Start PRFC and add the 3 zip (FTF file is the fw, SuperSU and Recovery)
Click "create" - this will take a while
Copy resulting "pre-rooted" fw to /sdcard0 on your phone (it means copy flashable.zip from the PRFC directory to the "internal storage" directory of the phone)
Get Dual Recovery installer this time, from http://nut.xperia-files.com/ you want Z3C-lockeddualrecoveryX.Y.Z-RELEASE.installer.zip notice how thats 'installer' this time, not the same file as in 30!
Unzip it
start install.bat and follow instructions (hit 1 (allow adb/root on the phone as needed)
You should be in recovery automatically now. (if not, reboot and when the LED change colors push volume UP repeatedly)
Flash the pre-rooted fw (flashable.zip) from the recovery (touch "install zip", select /storage/sdcard1/flashable.zip then confirm install) on the phone, then power off the phone (DO NOT REBOOT)
To power off, go into the "power options" and hit "power off" (dont do "reboot in flashmode" DO power off)
Unplug USB (yes this is required, DO IT)
Open Flashtool and select the non-pre-rooted fw (this is 23.5.A.1.291 for example), but DESELECT system: in "EXCLUDE" make sure you check the checkbox next to "SYSTEM", flash it.
press volume DOWN and plug USB cable while keeping volume DOWN pressed, when flashing starts, stop pressing the volume button
After flash is done and when flashtool tells you to, remove USB cable and start the phone
Congrats and enjoy, you made it to the end! you now have latest + recovery + root and backups of your DRM keys! (and of course all DRM functions enabled)
FAQ
- Some root apps don't work, because /system can't be remounted rw, what's up with that?
Sony has a special in kernel protection that disallow remounting /system read-write, even for root. Flash this in recovery (copy it to the sdcard and reboot in recovery with volume UP pressed, then install it): https://github.com/dosomder/SonyRICDefeat/raw/master/RICDefeat.zip
- I unlocked my boot loader, or lost my DRM keys some other way AFTER backing up as per above procedure. How to restore?
plug USB back in
re-enable usb debugging on the phone (Settings => About phone => Click 7 times on Android Build to unlock developer options)
Start backup TA again but this time hit restore
- I messed somewhere, phone doesn't boot or work properly, what to do!
unplug USB
if phone is on, long press the power button+volume UP until the phone turns off
go back to step 1 of the how to, follow the how to! Mainly - the howto makes you setup flashtool again, then boot the phone in flash mode with volume key and plugging in the USB cable.
- I forgot to backup DRM keys (backup ta program) but I never unlocked the bootloader, is it bad?
nope you're fine, just back them up now
- I really lost my DRM keys, can I recover them?
No you can't. But you can recover the features by using some modified software. Look for "DRM Fix" for example here.
- I don't want to wipe my phone!
Uncheck "data" before downgrading and then before upgrading in flashtool. You will get some errors when downgrading, which will go away when you revert back to .77 at the end of the process
This is at your own risk, data still risk being deleted if something goes wrong
Depending on the apps, etc. you have, there is a chance that some app would not work properly at the end of the process without a full wipe. If that's the case, you might need to go in settings>applications and "delete data" for that app.
- Some apps can't write to the sdcard!
install/run this https://play.google.com/store/apps/details?id=nextapp.sdfix&hl=en
- I don't have SuperSu on marshmallow+ ?!
It just didnt install properly into /system. That's ok. Just install it from the play store - you do have the su binary installed in /system so this will work
- Does this work on my SO-02G (Xperia Z3C Docomo NTT version) ?
@pngoc256 tested and yes, it works
- Does this work with lollipop (Android 5.0)?
- Does this work with Marshmallow (Android 6.0)?
- Will this work with Nougat (Android 7.0)?
- Will this always work?! (yes probably)
Yes.
If when doing the final reboot its stuck on the loading screen the first time, reboot again a last additional time with power + volume UP.
People who did the hard work/references thanks to them:
@istux (fw list, flashtool how to http://forum.xda-developers.com/z3-compact/general/list-stock-firmwares-d5803-d5833-t2906706)
@xzx0O0 (root exploit: http://forum.xda-developers.com/crossdevice-dev/sony/giefroot-rooting-tool-cve-2014-4322-t3011598)
@DevShaft (backup ta http://forum.xda-developers.com/showthread.php?t=2292598)
@serajr (install .77 fw http://forum.xda-developers.com/showpost.php?p=58395100&postcount=71)
dosomder (kmod for sony's RIC) https://github.com/dosomder/SonyRICDefeat
Everything worked. Thanks a ton!
Thanks for the detailed explanation with links, very thorough and helpful.
MODS PLEASE STICKY THIS THREAD, might just be the most important thread in the Z3 Compact forum.
If you're having trouble with step 34 opening a command prompt in the files folder, try pressing shift and right click on or in the "files" folder, you should see "Open command window here"
Unrelated: what's the purpose of steps 40-43 (reflashing non pre-rooted FW)?
Thanks for this manual, managed to get it work. Although if I start xposed, I get the error it can't mount the system partition. Titanium Backup works perfect. It seems the system partition is read only still? Any solution very welcome. Once again many thanks to the hard working people behind this exploit
wowz, it's finally here!!!
madlive said:
Thanks for this manual, managed to get it work. Although if I start xposed, I get the error it can't mount the system partition. Titanium Backup works perfect. It seems the system partition is read only still? Any solution very welcome. Once again many thanks to the hard working people behind this exploit
Click to expand...
Click to collapse
Follow this: http://forum.xda-developers.com/showpost.php?p=58400277&postcount=228
This is why I love this community, thanks mate, that completely fixed it
adamk7 said:
If you're having trouble with step 34 opening a command prompt in the files folder, try pressing shift and right click on or in the "files" folder, you should see "Open command window here"
Unrelated: what's the purpose of steps 40-43 (reflashing non pre-rooted FW)?
Click to expand...
Click to collapse
its here in case you need to restore DRM keys. for example if you unlocked your boot loader, or messed up something somewhere.
madlive said:
Thanks for this manual, managed to get it work. Although if I start xposed, I get the error it can't mount the system partition. Titanium Backup works perfect. It seems the system partition is read only still? Any solution very welcome. Once again many thanks to the hard working people behind this exploit
Click to expand...
Click to collapse
Fastest i found is to flash https://github.com/dosomder/SonyRICDefeat (the zip in there). its an extra protection on the sony kernel that makes /system non-remountable r/w, this module takes care of it. above post method would also work.
Hello,
Thanks a lot for this thread, but you made a typo in the step 37, in the command to remount /system: "mount -o remount,rw /system" instead of "mount -oremount,rw /system".
Had I known you were going to post such detailed instructions, I would have waited and saved tons of time!
Very helpful indeed, kudos for your work
steps 40-43
adamk7 said:
If you're having trouble with step 34 opening a command prompt in the files folder, try pressing shift and right click on or in the "files" folder, you should see "Open command window here"
Unrelated: what's the purpose of steps 40-43 (reflashing non pre-rooted FW)?
Click to expand...
Click to collapse
I think you are not suppose to open your phone until you flash the prerooted firmware since it says to turn off and not reboot. I dont know the purpose but still gonna follow.
---------- Post added at 04:58 AM ---------- Previous post was at 04:56 AM ----------
I just want to ask if its ok to flash a non-prerooted firmware that was not based on, or was not used to make the prerooted firmware that i will flash earlier in the step?
Any tips on backing up data before flashing .93?
bilboa1 said:
its here in case you need to restore DRM keys. for example if you unlocked your boot loader, or messed up something somewhere.
Fastest i found is to flash https://github.com/dosomder/SonyRICDefeat (the zip in there). its an extra protection on the sony kernel that makes /system non-remountable r/w, this module takes care of it. above post method would also work.
Click to expand...
Click to collapse
I flashed the zip in the recovery, but I still can't unintall the apps! I'm sure I have root because greenify and xposed works.
Since i have dual recovery now on my z3 compact, can i flash any zip including CM12 without unlocking the bootloader? I already backed up TA but still wondering?
I had a error when trying to flash CM12 without flashing the CM' boot.img (which asks to unlock the bootloader) because the phone codename is "aries" on Sony stock roms and CM12 want the codename "z3c". Flashing the boot.img contained in CM12 nightlies fixed the problem.
I have solve problem! Just need it to update the dual recovery by Nut with the 2.8.1 Now I can uninstall the system app (Finally)..
Thanks but TA
I make a TA backup in 23.0.A.1.93 in root.
And I changed the kernel to 23.0.A.5.77 with the root using PRFCreater.
and I unlocked my bootloader
and after that I need to re-lock the bootloader cause i need to go sony service center
i tryed the TA backup tool's restore option, but it saids that there is no TA-backup*.zip files
what should i do
reloadxero said:
Since i have dual recovery now on my z3 compact, can i flash any zip including CM12 without unlocking the bootloader? I already backed up TA but still wondering?
Click to expand...
Click to collapse
Any custom rom needs an unlocked bootloader.
Any custom kernel needs an unlocked bootloader.
Without unlocking, you can only install roms based on stock firmware with a stock kernel.
dshstudio said:
I make a TA backup in 23.0.A.1.93 in root.
And I changed the kernel to 23.0.A.5.77 with the root using PRFCreater.
and I unlocked my bootloader
and after that I need to re-lock the bootloader cause i need to go sony service center
i tryed the TA backup tool's restore option, but it saids that there is no TA-backup*.zip files
what should i do
Click to expand...
Click to collapse
Restoring the TA backup automatically relocks your bootloader.
Inside the folder where TA-backup.exe is located, you should find a sub-folder named "backup": do you see nothing within that?
Thank you so much for this thread, really easy this way. Only problem I had was in the last step when flashing version .98, which gave me a non-working wifi. Once reflashed with .77 this was resolved.

Summary/tutorial: Root on Sony Xperia Z5 Compact (E5823) with DRM keys backup

Hi everybody,
None of the following is my own novel work, I just took some time to go through the process step by step and document how to root the Z5 compact while preserving both the DRM keys (in a backup) and the functionality normally lost by unlocking the bootloader (using the DRM credentials patch). This post may serve as a tutorial for people starting to root their Z5 compact for the first time.
The device I tested it with is an E5823 with German firmware (originally shipped with CDA 1298-1220_R1C) that was already updated to build 32.1.A.1.163 (Android 6.0, patch level 2016-02-01) via OTA. For devices with other CDA regions, please adapt accordingly by using the respective firmware files.
1. Backup settings and apps
This will be required for restoring after unlocking the bootloader (which wipes the user data partition). For some reason, including the "-shared" option (i.e. contents of the internal emulated SD card, aka media storage) did not work, so make sure to save any media files (pictures takes with the camera, downloads, etc.) separately, e.g. via MTP.
Use Sony backup to SDcard functionality
adb backup -apk -all -f sony-xperia-z5c-noshared.ab
2. Backup TA partition (DRM keys)
Downgrade to exploitable firmware release (LP). Note that downgrading without wiping will make the phone unstable and may cause an automatic reboot after 1-2 min. Therefore either manually wipe the phone during flashing (ticking the checkbox in Flashtool) or be quick with the second (root/backup TA) step.
Download XperiFirm from http://forum.xda-developers.com/cro...xperifirm-xperia-firmware-downloader-t2834142 (I use it under Linux with mono) - UPDATE: For downloading the .185 MM firmware, I had to update to XperiFirm 4.9.1. For downloading 32.2.A.0.253, I used XperiFirm 5.0.0.
Download firmware build 32.0.A.6.200 for the root exploit based on CVE 2015-1805. I used E5823_StoreFront_1299-6910_32.0.A.6.200_R2B downloaded with XperiFirm 4.8.2 (or newer) on 2016-04-01
Download flashtool from http://www.flashtool.net/index.php, I used flashtool-0.9.20.0-linux.tar.7z (or newer version)
Create FTF file in Flashtool with menu Tools->Bundles->Create
Flash in flashmode (flashing system.sln takes 8-10 minutes, be patient...)
Use temporary root exploit to backup TA partition (http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597)
I used iovyroot_v0.3.zip as of 2016-04-02
Connect USB in ADB mode
adb push "root/iovyroot" "/data/local/tmp/iovyroot"
adb push "root/backup.sh" "/data/local/tmp/backup.sh"
open shell: adb shell
chmod 777 /data/local/tmp/iovyroot
chmod 777 /data/local/tmp/backup.sh
mkdir /data/local/tmp/tabackup
/data/local/tmp/iovyroot /data/local/tmp/backup.sh
exit
adb pull "/data/local/tmp/tabackup/" .
3. Upgrade again to MM and unlock bootloader with official method
Create FTF from E5823_Customized DE_1298-1220_32.1.A.1.163_R1C with Flashtool and flash in flashmode.
Optional: Verify that DRM keys are still OK: In dialer enter "*#*#service#*#*", then "Service tests" --> "Security" and it should look like this:
MARLIN [Key OK] [Active]
WIDEVINE [Key OK] [Active]
CKB [Key OK] [Active]
HUK: <device specific hex representation of key>
PROPID_AID: 004
OTP_LOCK_CONFIG: 0155
OTP_LOCK_STATUS: LOCKED
AUTH_ENABLE: 07
DEVICE_ID: <your device ID>
FIDO_KEYS: Provisioned
Factory Reset Reason: No device reset information found.
Click to expand...
Click to collapse
Allow bootloader unlock in developer settings
Follow steps from http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/ . There is not much to add here, as Sony describes the process well and in sufficient detail. Please note that this WILL WIPE YOUR DATA PARTITION, INCLUDING SHARED FILES. Make sure that you have a backup before executing this step (and best do it before downgrading to LP, because some parts will not work after the downgrade without a wipe, and may make the phone reboot after 1-2 min).
Reboot in fastboot mode: hold volume-up and connect USB cable to turn on
fastboot -i 0x0fce oem unlock <your unlock code>
After unlock: check key status
Blobs: generic error!
HUK: generic error!
PROPID_AID: 004
OTP_LOCK_CONFIG: 0155
OTP_LOCK_STATUS: LOCKED
AUTH_ENABLE: 07
DEVICE_ID: <your device ID>
FIDO_KEYS: Not provisioned, SUNTORY error
Factory Reset Reason: No device reset information found.
Click to expand...
Click to collapse
Optional: Try restoring TA partition (will lock bootloader again if successful!). This can be skipped entirely if you trust the tools used in this tutorial, but I chose to verify that restoring the DRM keys works as expected (not that you can do anything about it at that step if it doesn't work...).
Flash E5823_StoreFront_1299-6910_32.0.A.6.200_R2B again with Flashtool
Enable developer mode, connect USB in ADB mode
adb push "root/iovyroot" "/data/local/tmp/iovyroot"
adb push "root/restore.sh" "/data/local/tmp/restore.sh"
adb push TA-02042016.img "/data/local/tmp/TA.img"
open shell
chmod 777 /data/local/tmp/iovyroot
chmod 777 /data/local/tmp/restore.sh
/data/local/tmp/iovyroot /data/local/tmp/restore.sh
Flash E5823_Customized DE_1298-1220_32.1.A.1.163_R1C again with Flashtool
Check key status --> exactly the same as before, so successfully restored
Unlock again in fastboot mode (will wipe data again...)
fastboot -i 0x0fce oem unlock <your unlock code>
UPDATE: Updating to newer MM releases
After the first version of this post, Sony has already released an updated MM firmware (.253 at the time of this writing). If at any point in time you wish to update to a newer release, start at this point of the tutorial. Theoretically, this should be possible without wiping. However, I would not try it without a backup.
Create a backup, e.g. with adb backup or Sony backup.
Download new firmware with XperiFirm. At the time of this writing, I used "E5823_Customized DE_1298-1220_32.2.A.0.253_R2C", downloaded with XperiFirm 5.0.0.
Create FTF file in Flashtool with menu Tools->Bundles->Create
Flash in flashmode (flashing system.sln takes 8-10 minutes, be patient...)
4. Root MM
This will also give you TWRP recovery (which can be entered by pressing the volume up or down button a few seconds after power-on, as soon as the LED starts to change color).
DEPRECATED Alternative 1: with custom kernel but original system image: http://forum.xda-developers.com/z5-compact/general/root-e5823-marshmallow-t3336346
Download Androplus kernel from https://www.androidfilehost.com/?w=files&flid=52185 (I used v22c)
Download TWRP 3.0 from http://forum.xda-developers.com/z5-compact/orig-development/twrp-suzuran-twrp-3-0-t3334568 (I used "March 25, 2016 version") --> twrp-3.0-recovery.img
Download SuperSU v2.71 beta from https://download.chainfire.eu/932/SuperSU/BETA-SuperSU-v2.71-20160331103524.zip
With unlocked bootloader, you can now use fastboot mode. The easiest way is to do this from a running Android system:
adb reboot bootloader
Flash kernel:
unzip Z5C_AndroPlusKernel_v22c.zip
sudo fastboot flash boot boot.img
Flash recovery:
sudo fastboot flash recovery twrp-3.0-recovery.img
Install SuperSU:
boot into Android, copy BETA-SuperSU-v2.71-20160331103524.zip to internal storage (ADB sideload doesn't seem to work with this experimental TWRP at the moment...)
boot into TWRP by pressing volume-up when LED blinks immediately after turning on (and choose option "Keep Read Only" for the system partion)
Install SuperSU zip --> systemless mode
DEPRECATED Alternative 2: with modified system partition: http://forum.xda-developers.com/z5-...rnel-stock-kernel-dm-verity-sony-ric-t3350341
RECOMMENDED Alternative 3: with stock kernel patched for root and original system partition: http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Download rootkernel_V4.51_Windows_Linux.zip from URL above (or the newest version available at that time) and unpack
Patch the kernel from your currently flashed Sony firmware release:
Flashtool -> Tools -> SIN Editor to extract the kernel from kernel.sin in the directory created by XperiFirm --> .elf file
Copy latest SuperSU*.zip (v2.76 at the time of this last update) to the folder where rootkernel*.zip was extracted to.
Note: if using the firmware 32.2.A.0.224, you will need the latest beta SuperSU.zip from https://download.chainfire.eu/964/SuperSU/BETA-SuperSU-v2.74-2-20160519174328.zip . For 32.2.A.0.253 (the latest at the time of this update), use SuperSU v2.76 (non-beta).
./rootkernel.sh kernel.elf kernel-patched.elf
My personal recommendation for the options: don't disable RIC, install TWRP, don't install busybox, install DRM fix
sudo fastboot flash boot kernel-patched.elf
./flash_dk TA-02042016.img DK.ftf
Flash DK.ftf with flashtool for a more complete restore of DRM-based functionality with the original TA partition backup
UPDATED: Thanks to ninestarkoko for pointing out that also the AndroPlus kernel disables dm-verity to enable more flexibility for root-using apps. Originally I assumed that dm-verity would still be intact with alternative 1, which in fact it is not. As of 2016-05-11, I used alternative 3 instead of alternative 1.
Now that Xposed can be installed system-less (http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268), it should be possible to use with dm-verity intact. However, I have not tried this so far.
5. [Optional] Install Xposed
Sony MM firmware no longer seems to have the odex problem documented in http://forum.xda-developers.com/crossdevice-dev/sony/z4-z5-z5c-fix-camera-fc-installing-t3246962/, so no additional steps before/after "normally" installing Xposed are required
Download latest arm64 "sdk23" framework from http://dl-xda.xposed.info/framework/ (I used v81)
UPDATE: There is now a system-less version v86, which may even support OTA upgrades of the system image. At the time of this last update, I used the version linked from http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268.
Download XposedInstaller_3.0-alpha4.apk from http://forum.xda-developers.com/showthread.php?t=3034811 and install
UPDATE: For the system-less Xposed version, instead use XposedInstaller_by_dvdandroid.apk from http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268.
Install xposed-v86.1-sdk23-topjohnwu.zip via TWRP
6. Restore functionality relying on DRM credentials
Note: This is not necessary if you used alternative 3 for rooting above - that one already includes the DRM fix in the patched kernel image.
Using TWRP flashed in the step before, flash the ZIP to patch Sony credentials checks from http://forum.xda-developers.com/xperia-z5/development/sony-credentials-restore-unlocking-t3296383 .
Copy drmrestore.zip from above link to internal storage and install via TWRP
That's it!
Sorry, I have never been totally clear on the relationship of firmware and kernels. If I install .163 and go through all the root steps here, if I then install .185 will I no longer have root or will the kernel still be rooted? Or after I upgrade will I be required to go through the root process again? Or by chance is there just no root available for the .185 release yet? Thanks
I would like to make some observations to this useful post, because it seems there's a bit of confusion:
About point 2)
to backup TA partition, just connect the phone and run tabackup.bat from iovyroot zip .
It will execute adb commands automatically.
About point 3)
i would stick with Lollipop and unlock directly on Lollipop, there's no need to flash MM before. You need to flash a firmware using flashtool if you have already unlocked. Temporary root exploit does not alter in any way the current system.
About point 4)
All the modded kernels on xda seems to have dm-verity and sony ric disabled. Androplus kernel too ( https://kernel.andro.plus/kitakami_r2.html from the first changelog ). /system partition modification is also necessary for DRM restore functions.
I think that root priviledges for apps with DM-verity enabled on /system would be quite "dangerous". As soon as an app edit the system partition (just a simple mod), the phone would go in bootloop.
It's been one or two weeks since Tobias released a more advanced and updated technique to restore DRM functions, and just flashing a .zip is no more sufficient (now .zip flashing + .ftf flashing with flashtool)
The gold standard regarding the kernel part is:
-use a modded stock kernel (TWRP recovery and advanced DRM restore function included) following this guide:
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
-or use custom kernels like Androplus,... (TWRP might or might not be included) and then restore DRM functions following the instructions from the same post above (drmonly command from the package)
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Thank you for making a guide on Z5c forums. I've seen one only on z5 forums
Frontier3 said:
Sorry, I have never been totally clear on the relationship of firmware and kernels. If I install .163 and go through all the root steps here, if I then install .185 will I no longer have root or will the kernel still be rooted? Or after I upgrade will I be required to go through the root process again? Or by chance is there just no root available for the .185 release yet? Thanks
Click to expand...
Click to collapse
If you are on Lollipop, i suggest flashing directly MM .185 . If you are on MM .163 then flashing the whole firmware package will/could wipe everything, kernel included. I don't know exactly if the kernel from .163 is exactly the same as the one in .185. If your kernel gets wiped then root, DRM restore, TWRP would go away.
Let me explain: You need a modded kernel in order to install SuperSU, which gives root access to apps. SuperSU runs fine on many phones, Z5C MM included. If you upgrade using a .ftf file flashing, then the chance is high that you need to mod/install a custom kernel again, restore DRM functions and install SuperSU again.
If I root my phone, and then I turn it off and then on will the root still be usable?
What I'm asking is if its like iPhone's tethered and untethered jailbreaks?
I have rooted (unlocked bootloader), TWRP installed. How can I update to MM?
Many thanks for any help!
damn_son said:
If I root my phone, and then I turn it off and then on will the root still be usable?
What I'm asking is if its like iPhone's tethered and untethered jailbreaks?
Click to expand...
Click to collapse
Yes, it will be rooted, until you unroot!
Thanks for the tutorial.
Which region firmware should I choose for Canada? There's not even USA firmware available. Does it matter at all?
You mentioned using E5823_StoreFront_1299-6910_32.0.A.6.200_R2B to downgrade.
I'm currently on MM .185 Customized UK.
Does it matter what region I use?
fisheyes1 said:
You mentioned using E5823_StoreFront_1299-6910_32.0.A.6.200_R2B to downgrade.
I'm currently on MM .185 Customized UK.
Does it matter what region I use?
Click to expand...
Click to collapse
You'd have to go back to an exploitable firmware. Version working are mentioned here: http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
In the Z5c case E5823_StoreFront_1299-6910_32.0.A.6.200_R2B is the best solution IMO
ninestarkoko said:
I would like to make some observations to this useful post, because it seems there's a bit of confusion:
About point 2)
to backup TA partition, just connect the phone and run tabackup.bat from iovyroot zip .
It will execute adb commands automatically.
Click to expand...
Click to collapse
As I used Linux, the .bat script won't be directly applicable. The commands listed in my post will work with all host OS. (This is in addition to my personal disinclination to execute downloaded scripts directly on my development host .)
ninestarkoko said:
About point 3)
i would stick with Lollipop and unlock directly on Lollipop, there's no need to flash MM before. You need to flash a firmware using flashtool if you have already unlocked. Temporary root exploit does not alter in any way the current system.
Click to expand...
Click to collapse
Fully correct. I was already on MM before starting the whole process, so I had to go back to LL first.
ninestarkoko said:
About point 4)
All the modded kernels on xda seems to have dm-verity and sony ric disabled. Androplus kernel too ( https://kernel.andro.plus/kitakami_r2.html from the first changelog ). /system partition modification is also necessary for DRM restore functions.
I think that root priviledges for apps with DM-verity enabled on /system would be quite "dangerous". As soon as an app edit the system partition (just a simple mod), the phone would go in bootloop.
It's been one or two weeks since Tobias released a more advanced and updated technique to restore DRM functions, and just flashing a .zip is no more sufficient (now .zip flashing + .ftf flashing with flashtool)
The gold standard regarding the kernel part is:
-use a modded stock kernel (TWRP recovery and advanced DRM restore function included) following this guide:
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
-or use custom kernels like Androplus,... (TWRP might or might not be included) and then restore DRM functions following the instructions from the same post above (drmonly command from the package)
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Click to expand...
Click to collapse
Many thanks for that correction - I was wrong to assume that dm-verity would still be intact with Androplus kernel. I have updated my post accordingly.
Would have been good for me, to have boot and recovery bold. Just recalled the fastboot flash boot command to flash the recovery over
besides that: *****
sudo fastboot flash boot boot.img
Flash recovery:
sudo fastboot flash recovery twrp-3.0-recovery.img
Click to expand...
Click to collapse
smartphone-tester said:
As I used Linux, the .bat script won't be directly applicable. The commands listed in my post will work with all host OS. (This is in addition to my personal disinclination to execute downloaded scripts directly on my development host .)
Fully correct. I was already on MM before starting the whole process, so I had to go back to LL first.
Many thanks for that correction - I was wrong to assume that dm-verity would still be intact with Androplus kernel. I have updated my post accordingly.
Click to expand...
Click to collapse
Great to see updates to the first post, it will be useful for many new Z5c users out there
hi, im new z5c user
just received it and ill take this tuto for the root
thank you
Hey quick question, what exactly is stored in the DRM keys? I heard it's no longer the low-light camera stuff, so what is? If it's not too relevant isn't it just much easier to OEM unlock on MM, flash twrp and supersu (do you need the custom kernel to do so, btw?) and be done with it?
ApplepieFTW said:
Hey quick question, what exactly is stored in the DRM keys? I heard it's no longer the low-light camera stuff, so what is? If it's not too relevant isn't it just much easier to OEM unlock on MM, flash twrp and supersu (do you need the custom kernel to do so, btw?) and be done with it?
Click to expand...
Click to collapse
Some Sony-proprietary functions are dependent on the keys (e.g. low-light algorithms in the stock camera, seemingly also some screen optimizations, or potentially also stuff like screen mirroring - although I have not tried myself what is missing without real/fake DRM keys) as well as DRM management via Widevine. With the restore patches, you get most of the Sony functionality back even when the keys themselves have been deleted. Widevine might not work without the original keys available.
I just have a question cause I seem to be getting 0 answers elsewhere.
I want the latest lollipop on my Z5C and NOT Marshmallow. I believe it's the 32.0.A.6.200 build.
Anyway, I thought I could update to it like OTA, only not all the way to MM but staying at LP. Do I have to unlockbootloader, root and then use flashtool with the 32.0.A.6.200 build (which I've founda few online)? Is there no way to just install it like a "normal" update as I am currently still on stock 32.0.A.4.11. Is my only salvation to unlock bootloader, root and install the update?
You shouldn't have to unlock or root to use flash tool to flash 32.0.A.6. 200
Ive tried multiple different versions now, but it always stop at "Processing modem.sin", even tried leaving it for 20min. No results.
Anyone with a solution?
Edit: Also tried it on my macbook, same problem!
To clarify: Talking about downgrading to .200
It is not clear to me to try it and I doesnt want to brick my handy. Any way to make a video tutorial, including all, unlocking BL, backuk and restore DRM and also a way to turn back the device to a stock rom, for a warannty purposes (my camera is very very bad).
Thank you.
Sorry guys, but just to confirm: if I manage to successfully back up my TA partition, I can always go back and re-lock the boot loader, right? I am also skeptical about voiding warranty Sony speaks about on their corresponding web site. Do you think they save a record whenever someone requests an unlock code from them? In other words, if I need to restore stock ROM and TA partition later on (e.g. due to RMA), would it be possible for my vendor (Telekom) to check with Sony if I have ever unlocked my boot loader?
Many thanks for your great work!

[HOW-TO][Root+TWRP Recovery][LB]Stock Marshmallow 6.0.1 (23.5.A.0.575/.291)

Hello everyone,
Update 27.08.2016: It also works for version 23.5.A.1.291 (OS update that includes STAMINA). The procedure is identical, you just have to use the latest firmware available and create a pre-rooted .zip to update your tablet device.
I am pretty sure that I couldn't find a how-to guide anywhere that explains how rooting our precious Xperia Z3 Tablet Compact on Android 6.0.1 with locked bootloader works. This post simply shows the process of how I got root on my device (SGP611) and I am going to write the steps only in moderate detail so that hopefully everyone can follow without hassle. There are some steps that I'm not going to explain too much in detail but instead I highly recommend you to look around a bit on XDA to find theses already explained steps (I just want to get to the point on how to get root so that's why it may not be super noob friendly).
Edit: A little bit more info and additional steps that might help you further can be read in post #5.
Standard disclaimer:
Your warranty is now void.
I am not responsible for bricked devices, dead SD cards, or any other issues that may arise from not following the steps correctly/carefully.
Click to expand...
Click to collapse
Also, I am not a developer so I am very sorry if I can't give you an answer to questions relating to problems with the tools we are going to use in this tutorial. It's better to ask the developers directly( I will link you to the needed threads).
Steps:
1. Downgrade device if necessary
2. Root using KingRoot exploit
3. Install XZDualRecovery custom recovery
4.1 Get the latest Marshmallow firmware and create FTF file
4.2 Create the pre-rooted .zip file
5. Flashing the pre-rooted .zip file correctly
Extra: Already created pre-rooted .zip file download for the lazy ones (At the very bottom)
1. First thing you need to know is that if you're device is currently bootloader locked and on Android Marshmallow 6.0.1 (23.5.A.0.575), as of the time I am writing this, you will not be able to achieve root directly through some kind of rooting tool. What you need to do now is to downgrade your device to an older version of Android, e.g. Android 5.0.2 or KitKat are good enough.
To do this you need to find the older firmware:
-Try this link to look for it: http://xperiafirmware.com/ (If you can't find Android 5.0.2 for example, use Google or look around XDA)
-Downgrading the device will wipe data/factory reset, so BACK UP YOUR STUFF before downgrading.
-Use flashtool to flash the firmware and downgrade: http://www.flashtool.net/index.php (I will expect you to know how to use flsahtool to flash ftf. files, there are many tutorials on how to do this)
2. Why you have to downgrade is because older firmwares have an exploit that can be used to root the device even when the bootloader is locked. So yes, something like a one-click root method is possible now.
-You may use this tool called KingRoot to root your tablet: http://forum.xda-developers.com/android/apps-games/one-click-root-tool-android-2-x-5-0-t3107461
Read the info carefully before doing anything.
3. Now, you should have managed to root your device with Android version other than 6.0.1. That is when another great tool comes in which is called XZDualrecovery. XZDualRecovery is "a" custom recovery that you'll need to be able to proceed from here.
-Install XZDualRecovery using the root method. That's the only way to get it onto the device.
-Link: http://forum.xda-developers.com/showthread.php?t=2261606 (Read the instruction there carefully)
4. Great! Now you should have root and custom recovery. If not, you did something wrong.
This is when you can create something called a "pre-rooted" firmware which is basically all you need to get root on Marshmallow 6.0.1.
4.1
-Use the tool called Xperifirm to download the Android 6.0.1: http://forum.xda-developers.com/cro...xperifirm-xperia-firmware-downloader-t2834142
-Launch Xperifirm and on the left hand side browse to "Xperia Z3 Tablet Compact -> the model number of your device (look under settings on your device to find out model number)"
-On the right side top you'll see "Check all", click it to let it check for latest firmware number
-Android 6.0.1 would be 23.5.A.0.575 23.5.A.1.291 (latest firmware). You can choose any Market or Operator you want (Tip: Use "Customized XXX" and avoid carriers)
-After downloading you'll need flashtool again to convert those downloaded files to .ftf format (Again, there are instrutions on the internet that you can look for)
4.2
-Make sure you have the .ftf file
-Get two .zip files
--1) RecRoot: http://forum.xda-developers.com/z3/general/wip-sony-android-6-0-mm-t3337357
--2) A dummy flashable file: http://forum.xda-developers.com/z3/...oid-6-0-mm-t3337357/post66569699#post66569699
-Get PRFCreator: http://forum.xda-developers.com/crossdevice-dev/sony/tool-prfcreator-easily-create-pre-t2859904
-Open PRFCreator and put the .ftf file to FTF, the RecRoot .zip file to RECOVERY, and the dummy_flashable.zip to SUPERSU. Don't do any other way!
-Tick Kernel, FOTAKernel, Modem, LTALable and Sign Zip
-Click "Create" to create the pre-rooted Marshmallow firmware
5. You should have created the pre-rooted Android 6.0.1 firmware now.
-Put the pre-rooted .zip file and the RecRoot .zip file onto your device's SD card/storage (anywhere where you can find them later)
-Reboot your tablet into TWRP recovery. (XZDualRecovery even provides you an app to choose and reboot to recovery) Don't reboot into any other recovery!
-Now, in TWRP recovery, erase dalvik cache, cache and system just to be clean.
-FIRSTLY, flash the pre-rooted.zip that you have put on your device. After flashing successfully, DON'T REBOOT YET!
-SECONDLY, flash the RecRoot.zip file
-Now you can reboot and if you did everything correctly, your Z3 Tablet Compact should boot up with Chainfire's SuperSU root and TWRP recovery (to access TWRP recovery, you have to reboot the device and while a green LED light appears for a moment, press and hold the volume down button. Then you will enter TWRP recovery. As for now, you cannot access the recovery any other way like using a reboot app, it will not work!).
CONGRATULATIONS! You have a rooted Z3 tablet with locked bootloader and you haven't lost Sony features. :laugh::good:
Thank you for reading this tutorial. And don't forget to thank all these devs that provided us the needed tools.
Extra: I will also put a link here where you can download my created pre-rooted Marshmallow firmware. It's build 23.5.A.0.575 Customized Germany and for SGP611 only!
https://mega.nz/#!TQ4AwbSZ!LNw11quAWurER_Tl9zHDyX_TiwZnzeVM1M0s10eyt4g
Just followed your instructions with my SGP621, worked great!
Teella said:
Just followed your instructions with my SGP621, worked great!
Click to expand...
Click to collapse
Great!
Would you be so kind and share your pre-rooted SGP621 ROM?
janla said:
Great!
Would you be so kind and share your pre-rooted SGP621 ROM?
Click to expand...
Click to collapse
I would love too, but my upload is very very slow and would take week to upload. Follow the instructions it's very easy, it was the first time I've ever touched and FTF or made a prerooted rom. Well not really made, just clicked a few buttons in flashtool and waited.
SGP621 additions
Hey man,
thanks for this concise guide to unroot our beloved tablet! I tried a few times before, but always gave up under the flood of outdated info available. With your guide, I successfully rooted my SGP621 (= Sony Z3 Tablet Compact with LTE).
Since you refer to "available info on the net" quite often, I had a few moments where I was unsure what to do exactly. Maybe the following hints can help others like me who are new to the world of Sony android devices.
Step 1:
You could probably also downgrade to 5.1, but to be safe, I chose 5.0.2. The needed ftf files for SGP621 as well as the SGP611 and SGP612 are avilable here.
I used the most current version of the flashtool, which is 0.9.22.3 as of this posting. I followed this (German) guide for installing and using the flashtool. To install the needed drivers, you'll have to navigate to wherever you installed the Flashtool to, there to the subfolder drivers, and execute the driver installer you find there. In the driver selection dialog install the first two, and of course the Z3TC driver you find somewhere in the list. Got two errors during the driver installs, ignored them, all went well.
Step 2:
Kingroot is a one-click-rooting solution you install directly on the phone, no pc connection necessary. After the tool is installed, you have to start it, swipe up a couple of times, and then tap on "Purify". The description in the xda thread made me think "Purify" is just an ad for an additional app, but it does start the rooting process.
Step 3:
After downloading and extracting XZDualRecovery, start the install.bat (under Windows, obviously). Connect your tablet, then choose menu item 1 (Install with SuperSU).
Step 4.1:
Many guides describe a decrypt / unpack step, you don't need this. The files are already unpacked after the download through XperiFirm. I did, however, delete the file "fwinfo.xml" from the downloaded files. No idea if that's needed, but it didn't hurt either.
To convert the downloaded files into an ftf file in the flashtool, select "Tools > Bundles > Create".
As "Source Folder" select the folder that XperiFirm created in the download path you specified. You'll then see a bunch of files in the "folder list" - select everything but the ".ta"-files (there were 5 ta-files in my case).
Doubleclick the empty "Device:" line, select the correct device.
I guess you can enter whatever in Branding and Version, I entered "German" and "23.5.A.1.291".
Step 4.2:
The "RecRoot"-File mentioned is indeed called "RecRoot_combined.zip". If you download that file, you're good to go. The PRFCreator tool needs to have Java installed for the last step (signing the prerooted rom). The file with the prerooted rom is saved in the PRFCreator dir itself.
Hoping this'll help someone!
@pull.me.under I am glad that I could help. Also, I'll thank you for your time extending my guide a bit with more detailed steps. That'll help users who are new to this stuff for sure. ?
Gesendet von meinem SGP611 mit Tapatalk
Hi,
If I follow this way, can I restore my tablet in stock settings if I have any trouble?
cheers
bozo13 said:
Hi,
If I follow this way, can I restore my tablet in stock settings if I have any trouble?
cheers
Click to expand...
Click to collapse
For restoring your tablet to stock, you only need flashtool with Xperifirm. It's like the first step where you have to download the stock firmware from Xperifirm and flash it with flashtool. Then you only have stock and clean operating system on your device. Unless, I'm not sure what you mean with stock settings?
Sent from my Sony E6553 using XDA Labs
Thanks for the guide. Using this guide, how can i install xposed on prerooted MM.
Shud i flash it after flashing recroot. Or shud i enter the system and then do it.
Following these steps will i lose recovery once i reboot to the system?
worked for me but god i kept soft bricking it. twrp kept wanting to reboot after wiping. now to wait and see if it will charge above 49%
Thank you for your efforts and detailed instructions. I did it smoothly on my 612. In my case the RecRoot was named as RecRootV4_combined.
Oddly, MobileUncle does not restart device to TWRP recovery, although it is doable the hard way
tzitzi2 said:
Thank you for your efforts and detailed instructions. I did it smoothly on my 612. In my case the RecRoot was named as RecRootV4_combined.
Oddly, MobileUncle does not restart device to TWRP recovery, although it is doable the hard way
Click to expand...
Click to collapse
Yes.
SGP612, can not enter TWRP recovery.
Sgp612 enters TWRP just fine, it does not do so thru mobileuncle
tzitzi2 said:
Sgp612 enters TWRP just fine, it does not do so thru mobileuncle
Click to expand...
Click to collapse
steps in details?
just did it with 23.5.A.1.291_R2D. seems ok
thanks!
Thanks for the Guide.
Post #5 is almost as important. It goes through a lot of details and problems I encountered (like the no neede to decrypt or the need to install Java to sign it).
For those who like the shortest path, here's a pre-rooted flashable zip:
Customized IBE Version 23.5.A.0.575 R8D for the SGP621
Decrypt key is:
!8G97O9eDtnF-_PntdsGh8uoRo7KQFpS7_D2c_FNaI-I
(edit) Lost root and I can't figure out why.
One moment I had 5.0.2 rooted with XZDualRecovery the next moment after step 5, I had 6.0.1 but root was lost.
XZDualRecovery is still there. I tried booting into TWRP and re-flashing RecRootV4_combined.zip to no avail. I had already done it according to the instructions right after the pre rooted ROM.
Anyone has an idea of what I could have missed?
For those who like the shortest path said:
Customized IBE Version 23.5.A.0.575 R8D for the SGP621 [/URL]
Click to expand...
Click to collapse
Tnx for pre-rooted rom
Your link need Decryption key.
WanderMax said:
steps in details?
Click to expand...
Click to collapse
Sorry for late answer.
Nothing fancy, just the usual way. Power off, power on, when led is green press volume -. TWRP is there
blue8 said:
Tnx for pre-rooted rom
Your link need Decryption key.
Click to expand...
Click to collapse
Updated on OP. But beware that something isn't probably right. I lost root as soon as I flashed MM.
Thanks for this wonderful guide:good:. I was able to install MM .291 to my SGP612 without any issues. I am attaching a picture of the PRF creator instruction followed if it might help others.
The install process after creating the prf zip file was quick. Also I noticed that I still have small apps after upgrading

[F31xx][F32xx][Guide][MM] How to root your Xperia XA (as noob friendly as possible)

Hi all,
I'm happy to share with you an updated guide on how to root the Xperia XA and Ultra, big thanks to @luis1981 for the update.
This guide is Only for Marshmallow (Android 6.0), for Nougat (Android 7.0) it's here: https://forum.xda-developers.com/xperia-xa/how-to/f31xx-how-to-root-xperia-xa-noob-t3638727
## How to root the Sony Xperia XA
The Sony Xperia XA is a midrange smartphone with a bezeless design. It has adequate specs and run Android aptly. These aspects make this phone a great daily driver, however the Sony stock Android is plagued with trashware and all the hurdles Android itself has several privacy problems.
By rooting the phone one can circumvent these limitations. You will be able to install the Xposed framework, improve sound with Viper4Android, block hosts, install dns-crypt and improve overall customability. In the follwing sections I will present the steps to root your phone.
But before proceeding a word of caution (or why you wouldn't like to root your phone):
1. Unlocking your BootLoader will void your warranty, break your device DRM and lose X-Reality and image optimisation on low light when taking pictures, I found a workaround here: http://forum.xda-developers.com/crossdevice-dev/sony/xperia-z1-z2-z3-series-devices-drm-t2930672, use zip for Z3+ devices.
2. You can save your DRM keys (TA backup) by following this guide: http://forum.xda-developers.com/crossdevice-dev/sony/universal-dirtycow-based-ta-backup-t3514236. You have to do it BEFORE unlocking the bootloader, for now you can't restore your backup.
3. You can re-lock your phone but it will not restore DRM
4. Unlocking your bootloader will wipe the device (factory reset)
5. If you have confidential files in your phone don't unlock your bootloader, as long as your phone is locked your data are officially secured.
## Method
1. Find out whether if you bootloader is unlocked, which is needed to proceed. Type: *#*#7378423#*#* then choose Service info ---> Configuration ---> Check for "Bootloader unlock allowed: Yes". At this point if the phone has No or any other answer at the screen you shouldn't porceed as rooting will be impossible.
2. Download XA ADB and Fastboot drivers: https://developer.sonymobile.com/downloads/drivers/
3. Download FLASHTOOL with integrated Xperifirm 0.9.22.3 for Windows, note that you can also use it to unlock your bootloader(http://www.flashtool.net/downloads_windows.php)
4. Follow the official Sony instructions for getting the unlock code from [here](https://developer.sonymobile.com/unlockbootloader/). Further paste the code in BLU menu of Flashtool. You can also find video instructions [here](https://www.youtube.com/watch?v=6lKWd5LlUoA).
5. Root Your Stock Rom with TWRP and in order to do that you will need the proper files for your phone version:
SuperSu zip package for all XA: http://www.supersu.com/download
For XA single sim = F3111, F3113, F3115
TWRP recovery: https://forum.xda-developers.com/xperia-xa/development/f3111-f3113-f3115-twrp-recovery-xa-t3606488
Boot: https://forum.xda-developers.com/xp...3111-f3113-f3115-stock-kernels-built-t3573119
For XA dual sim = F3112,F3116
TWRP recovery: https://forum.xda-developers.com/xp...3112-f3116-twrp-recovery-xa-dual-sim-t3606232
Boot: https://forum.xda-developers.com/xp...12-f3116-stock-kernels-built-sources-t3526496
6. Copy SuperSu zip package on your MicroSD.
7. Enter the phone in Fastboot mode (when power off, hold Vol+ and plug the phone). The led should be blue.
8. Flash recovery and boot with "fastboot flash boot boot.img" and "fastboot flash recovery recovery.img" commands (rename downloaded boot/recovery image if needed). The simplest way is to use fastboot from Flashtool in x10flasher folder, copy recovery and boot in it, open command prompt, flash them and then delete them.
9. Unplug the phone, hold "Vol-" and "Power" buttons. Release all buttons after phone vibrate.
10. You are in TWRP recovery, on password prompt press "Cancel"
11. On next screen press "Swipe to allow".
12. Go to "Install", "Select Storage", click "Micro SDCard". Optionally, you can format "userdata" partition now and remove internal encrytion for restoring TWRP backups/acces of /data partition, go to "wipe" and tap "format data".
13. Go to your SuperSu zip directory and click on it to install. Optionally, If you want to flash Xposed, DRM fix or any flashable zip, repeat the previous step for each zip. You can mount your SD to PC in TWRP for easy access.
14. Reboot the phone, during init the phone will reboot one more time.
15. Your phone is rooted
You can optionally switch from SuperSu to Magisk by following this guide:
https://forum.xda-developers.com/xperia-xa/how-to/guide-how-to-install-magisk-xperia-xa-t3555911
## Conclusion
After these steps your phone should be rooted and you will be able to have root access to the system. This tutorial comes with no garanties that it will work and the author does not take any responsibility for you bricking your device. Also, installing third party files are a security liability, you should be aware of that. Despite these issues, rooting the Xperia XA has been confirmed to work in all models.
Note that this the guide is the same for XA Ultra, the only differences are the boot/recovery files. You can find files for XA Ultra in their respective forums.
## Old guide with video
Hi all
As requested I make a "how to" video to be more noob friendly, the video is probably not perfect and my English too but I do my best to be understandable to all
PLEASE READ
I'm not a dev and I have no responsability if you flash my files.
As said in the video you must wipe "userdata" partition when flashing IF your phone memory IS crypted or if you don't know the uncrypt password, someone on the web speak of "default password" but what is it ?? If cryped (with no password) you can't backup /data and can't mount internal memory in TWRP. You can manually enable encryption and be able to set YOUR OWN password, but you can't revert back. And in theory you can make full nandroid backup and mount /data partition when in TWRP but can't mount inernal memory.
Regarding mounting /system rw in TWRP, seen on other tuto, you must never "swipe to allow modification" when prompted, after installing root package /system is mounted rw with no problem (look at "mount" menu). EDIT: tested on my device without issues but be careful.
IF YOU UPDATE OR FLASH STOCK BOOT and power on the device to Android, it will encrypt again the internal memory and if you shutdown the device before the end (xperia screen for hours) it will corrupt your data, not the SD card).
For futur, if you want to update, ask me and will release modified boot. I don't know what it does if you update stock after setting password encryption :/
Why I changed that by replacing "FORCENCRYPT" by "ENCRYPTABLE" in fstab Boot:
http://arstechnica.com/gadgets/2015...-mandatory-device-encryption-for-new-devices/
and
http://www.androidcentral.com/inside-marshmallow-adoptable-storage
Before continue, you must understand that unlocking your BootLoader will void your warranty, break your device DRM and lose X-Reality and image optimisation on low light when taking pictures (seen some workaround but not for XA).
You can't re-lock your phone and it will not restore DRM.
If you have confidentials files in your phone don't unlock your bootloader, as long as your phone is locked your data are officially secured.
This will be repeated when following Sony step by step guide. YOU ARE AWARE !
To verify bootloader lock state after unlock, on phone dialer:
*#*#7378423#*#* ---> Service info ---> Configuration ---> Check for "Bootloader unlocked: Yes" IT MUST BE YES !!!
By rooting your phone you will be able to install/uninstall system apps, install Xposed framework (Gravity Box, Dark Pokemon Go,...) or Viper4Android for an awesome sound! You can tweak and mod your phone deeper (battery,CPU,...), build and flash custom ROMs and many other things
If you have problems or want to unroot you can flash stock firmware like in the video with Flashtool, no need to wipe userdata.
Please watch my video one time before begin, to understand what you have to do.
Free to you to distribute or modify my files but please link this thread as source.
BY FOLLOWING THIS GUIDE YOUR PHONE WILL PERFORM A FACTORY RESET WHEN UNLOCKING BL ( it will not format SD card) , MAKE BACKUPS !
Edit 3/08/2016: Found a workaround for Sony DRM function restoration for UB devices based on Z line and working on XA Please read the thread, download package zip for Xperia Z3+ and install it with TWRP, that's all! I recommend you to install it just after SuperSU zip package (working too if not doing this). Thanks to @jimRnor
http://forum.xda-developers.com/crossdevice-dev/sony/xperia-z1-z2-z3-series-devices-drm-t2930672
EDIT 13/08/2016: TWRP is 99% working (can't wipe /cache), you can do all as you want, as long as no encrypted partition is present or locked.
Let's begin!
YOU NEED:
My first video guide : http://www.youtube.com/watch?v=nnOoLo31ka0
MP4 offline video download: https://mega.nz/#!RlwVSAKC!6lTBZxVnLQ-Mxz8er0_dg1r36dCNnUWIq8lEUfSp4Zw
Download XA ADB drivers, all models for Windows
http://dl-developer.sonymobile.com/drivers/Xperia_XA_driver.zip
Download XA Fastboot drivers, all models for Windows (if needed, installation is same as ADB drivers in video)
http://developer.sonymobile.com/downloads/drivers/fastboot-driver/
Download FLASHTOOL with integrated Xperifirm 0.9.22.3 for Windows
http://www.flashtool.net/downloads_windows.php
(if needed you can unlock bootloader with it, I unlocked my device with it)
Just follow official way and when you get the unlock code, paste it in BLU menu of Flashtool. (faster way)
The step by step guide to unlock BootLoader by official way:
http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/
Video (not mine): https://www.youtube.com/watch?v=6lKWd5LlUoA
(Just select Xperia XA when asked)
Now depending the firmware you want to root ( the one you downloaded with Xperifirm) choose your rootpack:
For XA single sim (33.2.A.x.xx) = F3111, F3113, F3115
33.2.A.x.x: https://mega.nz/#!ZsQhwbTC!rvw437H0ZujR5Ic02Rhlap6fQ4sLLyPmSRjyfZlMFiU
For XA dual sim (33.2.B.x.xx) = F3112,F3116
33.2.B.x.x: https://mega.nz/#!xgoXxBTa!DKAwKELVs0UvkZN0X53ZVM7I4U_XnCgG73RswzMPUi0
EDIT 29/11:
I see some users who ask without searching (a very little) before, PM messages inclued, some others who spam threads not related to their problem or create new thread for nothing and who do not know what politeness is at all . Until now I was nice and answered them but now I will change that, NO MORE HELP FOR THAT KIND OF USER !!!
Now if you have no answer from me you will know why.
Good luck
Many thanks for the effort mate. Will try it.
Btw, what is the bug with google store and user data, right after root.
edit
01/039/2016 11:39:08 - ERROR - Processing of boot.sin finished with errors. As u said data wipe is needed when unlocking the bl, but i have my BL unlocked earlier without data wiped...so i started the flash method ,on my old version of flashtool.Now i have the newest version, so got to try it...or i should skip the flash and go to root step...
edit2
01/006/2016 13:06:39 - INFO - Ending flash session
01/006/2016 13:06:39 - INFO - Flashing finished.
For this phone use the newest version of flashtool.
Edit3: I need to enter some kind of password on boot menu.Now what ?
rrvuhpg said:
Hi all
As requested I make a "how to" video to be more noob friendly, the video is probably not perfect and my English too but I do my best to be understandable to all
PLEASE READ
I'm not a dev and I have no responsability if you flash my files.
As said in the video you must wipe "userdata" partition when flashing IF your phone memory IS crypted or if you don't know the uncrypt password, someone on the web speak of "default password" but what is it ?? If cryped (with no password) you can't backup /data and can't mount internal memory in TWRP. You can manually enable encryption and be able to set YOUR OWN password, but you can't revert back. And in theory you can make full nandroid backup and mount /data partition when in TWRP but can't mount inernal memory.
Regarding mounting /system rw in TWRP, seen on other tuto, you must never "swipe to allow modification" when prompted, after installing root package /system is mounted rw with no problem (look at "mount" menu).
IF YOU UPDATE OR FLASH STOCK BOOT and power on the device to Android, it will encrypt again the internal memory and if you shutdown the device before the end (xperia screen for hours) it will corrupt your data, not the SD card).
For futur, if you want to update, ask me and will release modified boot. I don't know what it does if you update stock after setting password encryption :/
Why I changed that by replacing "FORCENCRYPT" by "ENCRYPTABLE" in fstab Boot:
http://arstechnica.com/gadgets/2015...-mandatory-device-encryption-for-new-devices/
and
http://www.androidcentral.com/inside-marshmallow-adoptable-storage
Before continue, you must understand that unlocking your BootLoader will void your warranty, break your device DRM and lose X-Reality and image optimisation on low light when taking pictures (seen some workaround but not for XA).
You can't re-lock your phone and it will not restore DRM.
If you have confidentials files in your phone don't unlock your bootloader, as long as your phone is locked your data are officially secured.
This will be repeated when following Sony step by step guide. YOU ARE AWARE !
To verify bootloader lock state after unlock, on phone dialer:
*#*#7378423#*#* ---> Service info ---> Configuration ---> Check for "Bootloader unlocked: Yes" IT MUST BE YES !!!
By rooting your phone you will be able to install/uninstall system apps, install Xposed framework (Gravity Box, Dark Pokemon Go,...) or Viper4Android for an awesome sound! You can tweak and mod your phone deeper (battery,CPU,...), build and flash custom ROMs and many other things
If you have problems or want to unroot you can flash stock firmware like in the video with Flashtool, no need to wipe userdata.
Please watch my video one time before begin, to understand what you have to do.
Free to you to distribute or modify my files but please link this thread as source.
BY FOLLOWING THIS GUIDE YOUR PHONE WILL PERFORM A FACTORY RESET WHEN UNLOCKING BL ( it will not format SD card) , MAKE BACKUPS !
Tested on my device F3112 and reported as working on F3116, other models may work as well if you do ALL steps. Will confirm after positive feedbacks.
Let's begin!
YOU NEED:
My first video guide (will be on youtube after validation) : https://mega.nz/#!RlwVSAKC!6lTBZxVnLQ-Mxz8er0_dg1r36dCNnUWIq8lEUfSp4Zw
Download XA ADB drivers, all models for Windows
http://dl-developer.sonymobile.com/drivers/Xperia_XA_driver.zip
Download XA Fastboot drivers, all models for Windows (if needed, installation is same as ADB drivers in video)
http://developer.sonymobile.com/downloads/drivers/fastboot-driver/
Download FLASHTOOL with integrated Xperifirm 0.9.22.3 for Windows
http://www.flashtool.net/downloads_windows.php
(if needed you can unlock bootloader with it, I unlocked my device with it)
Just follow official way and when you get the unlock code, paste it in UB menu of Flashtool. (faster way)
The step by step guide to unlock BootLoader by official way:
http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/
Video (not mine): https://www.youtube.com/watch?v=6lKWd5LlUoA
(Just select Xperia XA when asked)
Now depending the firmware you want to root ( the one you downloaded with Xperifirm) choose your rootpack:
For XA single sim (33.2.A.2.xx) = F3111, F3113, F3115
33.2.A.2.73: https://mega.nz/#!ZsQhwbTC!rvw437H0ZujR5Ic02Rhlap6fQ4sLLyPmSRjyfZlMFiU (NOT TESTED)
For XA dual sim (33.2.B.2.xx) = F3112,F3116
33.2.B.2.35: https://mega.nz/#!5lZFhapC!SrYt1HmOICEyMh2Afl2EUn4nY0bRwL-Pd1f0Bpkireg
33.2.B.2.73: https://mega.nz/#!xgoXxBTa!DKAwKELVs0UvkZN0X53ZVM7I4U_XnCgG73RswzMPUi0
Good luck
Click to expand...
Click to collapse
Will this work with F3116 running 33.2.B.2.66 firmware?
@hp6830s you talk about bugs seen in video? If I remember, error in TWRP is about wiping /cache but no a real problem and in video got 2 force close of Play service because I'm updated from .35 without wiping userdata (not crypted /data) and I think update wasn't fully finished. Never FC again after that and no problems. But if YOU have errors about /data in TWRP it's because of encrypted phone memory. During tests I got 1 bootloop in TWRP but can't repeat the problem again after wiped userdata on first root. That's why I recommend wipe. And that's strange if your phone not wiped when unlocked, for me no choice...
@tthmatt It works but really not recommended (for boot.img), as ramdisk and kernel are from an other firmware. For recovery it's less problematic. You can try and feedback us
Ok ,how to remove phone encyption on boot menu ,so i can install custom user ?
hp6830s said:
Many thanks for the effort mate. Will try it.
Btw, what is the bug with google store and user data, right after root.
edit
01/039/2016 11:39:08 - ERROR - Processing of boot.sin finished with errors. As u said data wipe is needed when unlocking the bl, but i have my BL unlocked earlier without data wiped...so i started the flash method ,on my old version of flashtool.Now i have the newest version, so got to try it...or i should skip the flash and go to root step...
edit2
01/006/2016 13:06:39 - INFO - Ending flash session
01/006/2016 13:06:39 - INFO - Flashing finished.
For this phone use the newest version of flashtool.
Edit3: I need to enter some kind of password on boot menu.Now what ?
Click to expand...
Click to collapse
I don't know the password to enter, seem to be randomly generated on first init by phone or a unknown default password is set. That's why you have to wipe userdata and after if you want you can recrypt phone in security menu and set your own password to use in TWRP. Have you seen a password in my video?? As said before I'm not a dev and my help is limited, my step by step guide is working, confirmed on F3116 and tested many times on my device. But if you want to not follow all steps you can but you will probably have problems. I said to use 0.9.22.3 Flashtool since first days, you use an older one and have problem. I said to flash and root and you want to root directly. I said to wipe and you don't do it... and finally problem again. Please follow ALL steps as described and at end if you have problems I will help you. If you want to continue with experimental way, just click Cancel on password prompt, on next screen don't swipe to allow modification, press "keep read only". At end if you have a recovery bootloop or corrupted userdata, don't ask why I don't want to say that my way is the only one but for now it's the working one (if you follow it carefully)
I didnt said - not following your guide. I did every step, as soon i discovered error on flashing (from the older version). But i did wipe everything, now my phone is empty. Yet it asks for password in order to install superUser, do i need to perform factory reset from recovery menu ?
edit: Wipe/ Factory - OK. FORMAT - YES...and password should be gone.
edit2: phone is rooted, and installing apps.
hp6830s said:
I didnt said - not following your guide. I did every step, as soon i discovered error on flashing (from the older version). But i did wipe everything, now my phone is empty. Yet it asks for password in order to install superUser, do i need to perform factory reset from recovery menu ?
Click to expand...
Click to collapse
Flash full stock firmware with Flashtool and check "userdata" in "wipe" column as in the video (don't wipe/factory reset from Android) , JUST AFTER flash boot.img and recovery.img with Fastboot (don't boot android before that) . Boot to Android to verify and set up your phone, when finished reboot to TWRP to install UpdateSuperSU.zip No passwords needed if followed that, if you defined pin/password for lockscreen or to start phone, try it. Or don't set any password before the end of root process. I don't understand why it ask for a password
Its all set.Battery seem more stable now...but cant find some of diagnostics tools in About Phone, like battery optimization (but i use greenify now) and move apps to SD card wizzard.
Do i need to create backup from flashtool / boot ?
hp6830s said:
Its all set.Battery seem more stable now...but cant find some of diagnostics tools in About Phone, like battery optimization (but i use greenify now) and move apps to SD card wizzard.
Do i need to create backup from flashtool / boot ?
Click to expand...
Click to collapse
You finally successfully rooted your phone :good:
You can find battery optimization in "settings " --> "battery". You can't move apps on external SD since a looong time (or with workaround) , just pictures, videos, music ????
For that go "settings" --> "storage and memory".
Android 6 have a new feature "Adoptable Storage" to integrate external SD as phone memory like "ARCHOS Storage Fusion" (but it encrypt SD and is no more readable on PC with USB readers, disable acces to internal memory, not good if you break your phone) but seem to not be present in our firmwares. Next challenge is to enable feature and make encryption as a choice for user.
And for your last question I recommend you make full backup with TWRP, by this way you can backup all partitions. Not sure if it works for XA with Flashtool.
rrvuhpg said:
You finally successfully rooted your phone :good:
And for your last question I recommend you make full backup with TWRP, by this way you can backup all partitions. Not sure if it works for XA with Flashtool.
Click to expand...
Click to collapse
thx ,but i cant backup, my m card is less than 8 gb (8.2 gb backup img) so i have to wait till my 16 gb card arrives.i
btw what is Xposed framework , Viper4Android. And how to tweek my battery settings more deeper...or greenify hibernate its fine.
hp6830s said:
btw what is Xposed framework , Viper4Android. And how to tweek my battery settings more deeper...or greenify hibernate its fine.
Click to expand...
Click to collapse
Google is your friend ????
http://www.howtogeek.com/195476/7-t...ramework-on-a-rooted-android-phone-or-tablet/
http://forum.xda-developers.com/showthread.php?t=2191223
I will make a guide for installing Xposed and Viper4Android with all working packages for XA.
Yippee-ki-yay! DRM keys are back! Noice reduction and screen optimizations are working again. Used DRM fix found on XDA. Look screens of DRM keys state and the time stamps. Verified with comparative pictures/screenshots :fingers-crossed:
Link to the fix: http://forum.xda-developers.com/crossdevice-dev/sony/xperia-z1-z2-z3-series-devices-drm-t2930672
Use zip for Z3+
rrvuhpg said:
Yippee-ki-yay! DRM keys are back! Noice reduction and screen optimizations are working again. Used DRM fix found on XDA. Look screens of DRM keys state and the time stamps. Verified with comparative pictures/screenshots :fingers-crossed:
Link to the fix: http://forum.xda-developers.com/crossdevice-dev/sony/xperia-z1-z2-z3-series-devices-drm-t2930672
Use zip for Z3+
Click to expand...
Click to collapse
There not really back there still gone for good, know idea how he does it, but it fools/emulates the keys tricking the Sony software into reactivating the Bravia engine+x-reality+camera imaging/low light algorithms. Good to know that there are two ways to do it now though. If I can be bothered I need to try this ivyroot tool for backing up your drm keys before unlocking the Bootloader. Until I know I can back up the keys I won't be unlocking the Bootloader.
Sent from my Xperia XA using XDA Labs
aidy.lucas said:
There not really back there still gone for good, know idea how he does it, but it fools/emulates the keys tricking the Sony software into reactivating the Bravia engine+x-reality+camera imaging/low light algorithms. Good to know that there are two ways to do it now though. If I can be bothered I need to try this ivyroot tool for backing up your drm keys before unlocking the Bootloader. Until I know I can back up the keys I won't be unlocking the Bootloader.
Click to expand...
Click to collapse
iovyroot seem to use a security exploit in LP (kernels before Dec 2015) but patched in MM (or missed the news) and no LP firmware for XA to flash, next exploit for MM can take months or more to come... But I can understand your opinion, the choice is difficult, root or warranty. For me rooting my phones is not optional, when you used custom ROMs, Xposed, Viper4Android, Lucky Patcher and GameKiller one time you can't stay without them after and say f**k to the warranty . If we talk about Xperia X I'm fully OK with you as it cost $$$ and will try to preserve the warranty.
EDIT: The fix is really good, ALL is working again (backup with Xperia PC Compagnon too) and very interesting thing it can show my REAL warranty date in Xperia Care as before. That's strange ...
Looking forsome help
Umm I got the boot loader unlock code. From sony on there web sit, I am new to this. But do I have to flash the phone if my bootloader is unlocked?? I don't want to mess it up I just got it and payed full price i rooted my other phones easy I just am new to android 6
just check XFirmware and xxx.73 version is only available in Brazil
should I tried it?
my version is customizedVN :crying:
Willismetal said:
Umm I got the boot loader unlock code. From sony on there web sit, I am new to this. But do I have to flash the phone if my bootloader is unlocked?? I don't want to mess it up I just got it and payed full price i rooted my other phones easy I just am new to android 6
Click to expand...
Click to collapse
You can test, don't worry about phone brick as long as you don't play with preloader, in Flashtool stay in "normal" mode. I hard bricked XA many times during my private tests (no screen, no sound, only charging led) and always unbricked Mtk are strong for that.
@caosugai you can flash without problem but don't know if it's good for daily use. Tested .66 TW on .35 FR before . 73 out for France, but for test only.
Look here for more:
http://techbeasts.com/how-to-download-sony-xperia-official-firmware-and-create-ftf-file/
Think i lost access to my personal prediction settings, the one that pinpoints my email when entering on login screens over the apps /web ( for example on typing Us3r ,the texting app predicts my mail : [email protected] ,so i dont need typing the whole email over and over )
rrvuhpg said:
You can test, don't worry about phone brick as long as you don't play with preloader, in Flashtool stay in "normal" mode. I hard bricked XA many times during my private tests (no screen, no sound, only charging led) and always unbricked Mtk are strong for that.
@caosugai you can flash without problem but don't know if it's good for daily use. Tested .66 TW on .35 FR before . 73 out for France, but for test only.
Look here for more:
http://techbeasts.com/how-to-download-sony-xperia-official-firmware-and-create-ftf-file/
Click to expand...
Click to collapse
then it's a soft brick not a hard brick. A hard bricked Xperia is irreversible. Bootloop is always recoverable as is a device with only led response when connected to USB and if it does nothing on connection to USB and pc doesn't recognize the device it's a paperweight, that's what I learnt when I first got into rooting and modding my old m2 device.
Sent from my Xperia XA using XDA Labs
---------- Post added at 04:12 PM ---------- Previous post was at 04:05 PM ----------
hp6830s said:
Think i lost access to my personal prediction settings, the one that pinpoints my email when entering on login screens over the apps /web ( for example on typing Us3r ,the texting app predicts my mail : [email protected] ,so i dont need typing the whole email over and over )
Click to expand...
Click to collapse
Mines the same or at least it was earlier on not bringing up email address when logging on to pretty much anything, maybe it's something to do with this SwiftKey thing going off where it predicts someone else's email address and stored words. Maybe it's turned off at there end while sorting the issue out.
Sent from my Xperia XA using XDA Labs

Categories

Resources