Related
Note: Since lowtraxx's guide has included how to get back to stock rom since the time this post was made, I strongly suggest to follow his guide instead.
==========================
Disclaimer:
I make no claims to any of the codes, scripts and programs listed in this post. Credit goes to the creators.
This serves as a extension of lowtraxx's guide (which left your device on a rooted SGP621 on a D6603 system).
These are what I did to get stock rooted firmware on my SGP621 while keeping the bootloader locked and most importantly, the DRM keys intact. I make no guarantees that you will not brick your device, but I did quite a lot of trial and error flashing without messing things up, so if you know what you are doing, these steps should be relatively safe.
Files/Tools Required:
Backup TA by DevShaft
Flashtool by Androxyde
Stock SGP621 FTF (I compiled my own by downloading the firmware using XperiFirm by laguCool and bundling the FTF using Flashtool. Alternatively, you can just use the one provided in lowtraxx's guide.)
Advanced Stock Kernel by krabappel2548
PRFCreator by zxz0O0
SuperSU by Chainfire
SonyRICDefeat by dosomder
Prerequisite:
Follow lowtraxx's guide to completion.
Steps:
Backup TA partition using Backup TA.
Return to stock unrooted by flashing the SGP621 FTF using Flashtool.
Unlock the bootloader (You'll lose the DRM keys here, but it doesn't matter anymore since you already have them backed up using Backup TA).
Flash the Advanced Stock Kernel using Flashtool in FastBoot mode. At this point your device will be unlocked, with DRM keys lost, and rooted with custom recovery.
Using PRFCreator on the SGP621 FTF and the SuperSU zip, create a rooted stock firmware flashable zip. Note: Be sure to check all the checkboxes under the "Include" section.
Copy the resulting zip onto your device's internal storage or external SD card.
Also copy the SonyRICDefeat zip to the same location.
Boot into TWRP on your device (Boot up the device and press the Volume down key when the purple LED lights up on the Sony boot screen).
Flash the rooted stock firmware zip followed by the SonyRICDefeat zip.
Once complete, reboot into system and set up the device for USD Debugging.
Restore the TA partition using Backup TA.
Reboot the device again and you now have the device on rooted stock firmware, with DRM keys intact.
CubicU07 said:
Disclaimer:
I make no claims to any of the codes, scripts and programs listed in this post. Credit goes to the creators.
This serves as a extension of lowtraxx's guide (which left your device on a rooted SGP621 on a D6603 system).
These are what I did to get stock rooted firmware on my SGP621 while keeping the bootloader locked and most importantly, the DRM keys intact. I make no guarantees that you will not brick your device, but I did quite a lot of trial and error flashing without messing things up, so if you know what you are doing, these steps should be relatively safe.
Files/Tools Required:
Backup TA by DevShaft
Flashtool by Androxyde
Stock SGP621 FTF (I compiled my own by downloading the firmware using XperiFirm by laguCool and bundling the FTF using Flashtool. Alternatively, you can just use the one provided in lowtraxx's guide.)
Advanced Stock Kernel by krabappel2548
PRFCreator by zxz0O0
SuperSU by Chainfire
SonyRICDefeat by dosomder
Prerequisite:
Follow lowtraxx's guide to completion.
Steps:
Backup TA partition using Backup TA.
Return to stock unrooted by flashing the SGP621 FTF using Flashtool.
Unlock the bootloader (You'll lose the DRM keys here, but it doesn't matter anymore since you already have them backed up using Backup TA).
Flash the Advanced Stock Kernel using Flashtool in FastBoot mode. At this point your device will be unlocked, with DRM keys lost, and rooted with custom recovery.
Using PRFCreator on the SGP621 FTF and the SuperSU zip, create a rooted stock firmware flashable zip.
Copy the resulting zip onto your device's internal storage or external SD card.
Also copy the SonyRICDefeat zip to the same location.
Boot into TWRP on your device (Boot up the device and press the Volume down key when the purple LED lights up on the Sony boot screen).
Flash the rooted stock firmware zip followed by the SonyRICDefeat zip.
Once complete, reboot into system and set up the device for USD Debugging.
Restore the TA partition using Backup TA.
Reboot the device again and you now have the device on rooted stock firmware, with DRM keys intact.
Click to expand...
Click to collapse
Hey, How did you manage to avoid soft bricking your tablet?
i followed your instructions but i still get softbricks.
frostmore said:
Hey, How did you manage to avoid soft bricking your tablet?
i followed your instructions but i still get softbricks.
Click to expand...
Click to collapse
At which point did you get softbricks? Try to do a data wipe from recovery and see if it helps.
CubicU07 said:
At which point did you get softbricks? Try to do a data wipe from recovery and see if it helps.
Click to expand...
Click to collapse
Step 9.
For me, I got soft brick after restoring the TA partition. Ended up repeating the whole process flashing stock firmware again. After that, I found that I need to tick all the checkbox in the PRFCreator when creating the flashable zip. After the flash and restore, I am able to boot smoothly.
Pingpoi said:
For me, I got soft brick after restoring the TA partition. Ended up repeating the whole process flashing stock firmware again. After that, I found that I need to tick all the checkbox in the PRFCreator when creating the flashable zip. After the flash and restore, I am able to boot smoothly.
Click to expand...
Click to collapse
I guess I wasn't too clear on how to use PRFCreator, apologies for that. Added a note in to reflect that in the original post.
Can i do it on unlocked bootloder?
Which step should i skip? Thanks
zalaz said:
Can i do it on unlocked bootloder?
Which step should i skip? Thanks
Click to expand...
Click to collapse
Start from Step 4 since your bootloader is unlocked.
Since lowtraxx's guide now also include guides to flash rooted stock or CM, so that means both guides do the same thing now? Since I was a little confused while reading the instruction:
Prerequisite:
Follow lowtraxx's guide to completion.
Anyway, thanks both for the great works!!
Please,i have the same confuse as ultima888 with "Prerequisite:
Follow lowtraxx's guide to completion.".
Should i only follow that guide,from this topic? (as it describe full way to get root and stock rooted FW,
or i understand some wrong?) Or i must to go all through lowtrack's guide and THEN do in ptactice the same steps from this guide?
Pls understand me, here are some confusings her, i don't like to softbrick my device and ask just to be sure...
Thanks in advance!!!
ValVK said:
Please,i have the same confuse as ultima888 with "Prerequisite:
Follow lowtraxx's guide to completion.".
Should i only follow that guide,from this topic? (as it describe full way to get root and stock rooted FW,
or i understand some wrong?) Or i must to go all through lowtrack's guide and THEN do in ptactice the same steps from this guide?
Pls understand me, here are some confusings her, i don't like to softbrick my device and ask just to be sure...
Thanks in advance!!!
Click to expand...
Click to collapse
Do lowtraxx's post first.
Then follow this post.
i am little bit confused by all of those steps to get root. (described in this and related threads)
if i understood the whole procedure right then we have to get root first
via flashing a vulnerable firmware made for another device, to be able to backup the drm keys right?
but then we lose root again while flashing back latest stock rom.
now we have to proceed with unlocking the bootloader to get root and recovery.
finally we restore drm keys and doing so bootloader is locked again ?
is this basically what all those steps are for and do i have to go through all of them
if i "just" want to get root on latest stock (no custom roms) to install xposed framework?
thanx in advance and keep up the good work.
sorry, I only speak Spanish, I used google translate:
The original firmware is not vulnerable. The only way get root is opening the bootloader (and put a custom recovery to install SuperSU) but that the drm keys are lost. To keep the drm keys have to get to backup the partition TA without opening the bootloader. To make the backup you need to root and to achieve this must be mixed before 2 firmwares.
Restoring the TA partition relock the bootloader
You should only restore the TA partition with an original kernel
Bundling the FTF question
[*]Stock SGP621 FTF (I compiled my own by downloading the firmware using XperiFirm by laguCool and bundling the FTF using Flashtool. Alternatively, you can just use the one provided in lowtraxx's guide.)
Click to expand...
Click to collapse
Thanks for the guide!
Just a newbie question. What Sony device did you select in Flashtool when you bundled the firmware? I can not find SGP621 anywhere.
/kusk
SO i made a lollipo ftf pre rooted but when i tried to flash RICDefeat it would give me an error. I rebooted the system and everything seems fine, what exactly did that zip file do. What problems im i going to have with the divice and is there any way of fixing it.
thx
Dear CubicU07.
I have a question for u. I have a z3 tablet but it's SGP641 so if i follow this guide for my z3t 641 , have any problems with this ?
Ty for reading
Works on SPG611
Thank you for the guide. Was redirected from http://forum.xda-developers.com/z3-...t-rooting-sgp611-giefroot-bootloader-t3017314 and your guide was perfect. Thank you for your effort.
Same for me
Sony RIC protection not work on Lolipop. A new Version would be nice.
Hi everyone,
In step 5,
1. do I have to check the checkbox in "Sign zip"?
2. do I have to put any recovery file under "recovery zip" section?
Thanks.
waichai said:
Hi everyone,
In step 5,
1. do I have to check the checkbox in "Sign zip"?
2. do I have to put any recovery file under "recovery zip" section?
Thanks.
Click to expand...
Click to collapse
1. no
2.no
Hi everybody,
None of the following is my own novel work, I just took some time to go through the process step by step and document how to root the Z5 compact while preserving both the DRM keys (in a backup) and the functionality normally lost by unlocking the bootloader (using the DRM credentials patch). This post may serve as a tutorial for people starting to root their Z5 compact for the first time.
The device I tested it with is an E5823 with German firmware (originally shipped with CDA 1298-1220_R1C) that was already updated to build 32.1.A.1.163 (Android 6.0, patch level 2016-02-01) via OTA. For devices with other CDA regions, please adapt accordingly by using the respective firmware files.
1. Backup settings and apps
This will be required for restoring after unlocking the bootloader (which wipes the user data partition). For some reason, including the "-shared" option (i.e. contents of the internal emulated SD card, aka media storage) did not work, so make sure to save any media files (pictures takes with the camera, downloads, etc.) separately, e.g. via MTP.
Use Sony backup to SDcard functionality
adb backup -apk -all -f sony-xperia-z5c-noshared.ab
2. Backup TA partition (DRM keys)
Downgrade to exploitable firmware release (LP). Note that downgrading without wiping will make the phone unstable and may cause an automatic reboot after 1-2 min. Therefore either manually wipe the phone during flashing (ticking the checkbox in Flashtool) or be quick with the second (root/backup TA) step.
Download XperiFirm from http://forum.xda-developers.com/cro...xperifirm-xperia-firmware-downloader-t2834142 (I use it under Linux with mono) - UPDATE: For downloading the .185 MM firmware, I had to update to XperiFirm 4.9.1. For downloading 32.2.A.0.253, I used XperiFirm 5.0.0.
Download firmware build 32.0.A.6.200 for the root exploit based on CVE 2015-1805. I used E5823_StoreFront_1299-6910_32.0.A.6.200_R2B downloaded with XperiFirm 4.8.2 (or newer) on 2016-04-01
Download flashtool from http://www.flashtool.net/index.php, I used flashtool-0.9.20.0-linux.tar.7z (or newer version)
Create FTF file in Flashtool with menu Tools->Bundles->Create
Flash in flashmode (flashing system.sln takes 8-10 minutes, be patient...)
Use temporary root exploit to backup TA partition (http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597)
I used iovyroot_v0.3.zip as of 2016-04-02
Connect USB in ADB mode
adb push "root/iovyroot" "/data/local/tmp/iovyroot"
adb push "root/backup.sh" "/data/local/tmp/backup.sh"
open shell: adb shell
chmod 777 /data/local/tmp/iovyroot
chmod 777 /data/local/tmp/backup.sh
mkdir /data/local/tmp/tabackup
/data/local/tmp/iovyroot /data/local/tmp/backup.sh
exit
adb pull "/data/local/tmp/tabackup/" .
3. Upgrade again to MM and unlock bootloader with official method
Create FTF from E5823_Customized DE_1298-1220_32.1.A.1.163_R1C with Flashtool and flash in flashmode.
Optional: Verify that DRM keys are still OK: In dialer enter "*#*#service#*#*", then "Service tests" --> "Security" and it should look like this:
MARLIN [Key OK] [Active]
WIDEVINE [Key OK] [Active]
CKB [Key OK] [Active]
HUK: <device specific hex representation of key>
PROPID_AID: 004
OTP_LOCK_CONFIG: 0155
OTP_LOCK_STATUS: LOCKED
AUTH_ENABLE: 07
DEVICE_ID: <your device ID>
FIDO_KEYS: Provisioned
Factory Reset Reason: No device reset information found.
Click to expand...
Click to collapse
Allow bootloader unlock in developer settings
Follow steps from http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/ . There is not much to add here, as Sony describes the process well and in sufficient detail. Please note that this WILL WIPE YOUR DATA PARTITION, INCLUDING SHARED FILES. Make sure that you have a backup before executing this step (and best do it before downgrading to LP, because some parts will not work after the downgrade without a wipe, and may make the phone reboot after 1-2 min).
Reboot in fastboot mode: hold volume-up and connect USB cable to turn on
fastboot -i 0x0fce oem unlock <your unlock code>
After unlock: check key status
Blobs: generic error!
HUK: generic error!
PROPID_AID: 004
OTP_LOCK_CONFIG: 0155
OTP_LOCK_STATUS: LOCKED
AUTH_ENABLE: 07
DEVICE_ID: <your device ID>
FIDO_KEYS: Not provisioned, SUNTORY error
Factory Reset Reason: No device reset information found.
Click to expand...
Click to collapse
Optional: Try restoring TA partition (will lock bootloader again if successful!). This can be skipped entirely if you trust the tools used in this tutorial, but I chose to verify that restoring the DRM keys works as expected (not that you can do anything about it at that step if it doesn't work...).
Flash E5823_StoreFront_1299-6910_32.0.A.6.200_R2B again with Flashtool
Enable developer mode, connect USB in ADB mode
adb push "root/iovyroot" "/data/local/tmp/iovyroot"
adb push "root/restore.sh" "/data/local/tmp/restore.sh"
adb push TA-02042016.img "/data/local/tmp/TA.img"
open shell
chmod 777 /data/local/tmp/iovyroot
chmod 777 /data/local/tmp/restore.sh
/data/local/tmp/iovyroot /data/local/tmp/restore.sh
Flash E5823_Customized DE_1298-1220_32.1.A.1.163_R1C again with Flashtool
Check key status --> exactly the same as before, so successfully restored
Unlock again in fastboot mode (will wipe data again...)
fastboot -i 0x0fce oem unlock <your unlock code>
UPDATE: Updating to newer MM releases
After the first version of this post, Sony has already released an updated MM firmware (.253 at the time of this writing). If at any point in time you wish to update to a newer release, start at this point of the tutorial. Theoretically, this should be possible without wiping. However, I would not try it without a backup.
Create a backup, e.g. with adb backup or Sony backup.
Download new firmware with XperiFirm. At the time of this writing, I used "E5823_Customized DE_1298-1220_32.2.A.0.253_R2C", downloaded with XperiFirm 5.0.0.
Create FTF file in Flashtool with menu Tools->Bundles->Create
Flash in flashmode (flashing system.sln takes 8-10 minutes, be patient...)
4. Root MM
This will also give you TWRP recovery (which can be entered by pressing the volume up or down button a few seconds after power-on, as soon as the LED starts to change color).
DEPRECATED Alternative 1: with custom kernel but original system image: http://forum.xda-developers.com/z5-compact/general/root-e5823-marshmallow-t3336346
Download Androplus kernel from https://www.androidfilehost.com/?w=files&flid=52185 (I used v22c)
Download TWRP 3.0 from http://forum.xda-developers.com/z5-compact/orig-development/twrp-suzuran-twrp-3-0-t3334568 (I used "March 25, 2016 version") --> twrp-3.0-recovery.img
Download SuperSU v2.71 beta from https://download.chainfire.eu/932/SuperSU/BETA-SuperSU-v2.71-20160331103524.zip
With unlocked bootloader, you can now use fastboot mode. The easiest way is to do this from a running Android system:
adb reboot bootloader
Flash kernel:
unzip Z5C_AndroPlusKernel_v22c.zip
sudo fastboot flash boot boot.img
Flash recovery:
sudo fastboot flash recovery twrp-3.0-recovery.img
Install SuperSU:
boot into Android, copy BETA-SuperSU-v2.71-20160331103524.zip to internal storage (ADB sideload doesn't seem to work with this experimental TWRP at the moment...)
boot into TWRP by pressing volume-up when LED blinks immediately after turning on (and choose option "Keep Read Only" for the system partion)
Install SuperSU zip --> systemless mode
DEPRECATED Alternative 2: with modified system partition: http://forum.xda-developers.com/z5-...rnel-stock-kernel-dm-verity-sony-ric-t3350341
RECOMMENDED Alternative 3: with stock kernel patched for root and original system partition: http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Download rootkernel_V4.51_Windows_Linux.zip from URL above (or the newest version available at that time) and unpack
Patch the kernel from your currently flashed Sony firmware release:
Flashtool -> Tools -> SIN Editor to extract the kernel from kernel.sin in the directory created by XperiFirm --> .elf file
Copy latest SuperSU*.zip (v2.76 at the time of this last update) to the folder where rootkernel*.zip was extracted to.
Note: if using the firmware 32.2.A.0.224, you will need the latest beta SuperSU.zip from https://download.chainfire.eu/964/SuperSU/BETA-SuperSU-v2.74-2-20160519174328.zip . For 32.2.A.0.253 (the latest at the time of this update), use SuperSU v2.76 (non-beta).
./rootkernel.sh kernel.elf kernel-patched.elf
My personal recommendation for the options: don't disable RIC, install TWRP, don't install busybox, install DRM fix
sudo fastboot flash boot kernel-patched.elf
./flash_dk TA-02042016.img DK.ftf
Flash DK.ftf with flashtool for a more complete restore of DRM-based functionality with the original TA partition backup
UPDATED: Thanks to ninestarkoko for pointing out that also the AndroPlus kernel disables dm-verity to enable more flexibility for root-using apps. Originally I assumed that dm-verity would still be intact with alternative 1, which in fact it is not. As of 2016-05-11, I used alternative 3 instead of alternative 1.
Now that Xposed can be installed system-less (http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268), it should be possible to use with dm-verity intact. However, I have not tried this so far.
5. [Optional] Install Xposed
Sony MM firmware no longer seems to have the odex problem documented in http://forum.xda-developers.com/crossdevice-dev/sony/z4-z5-z5c-fix-camera-fc-installing-t3246962/, so no additional steps before/after "normally" installing Xposed are required
Download latest arm64 "sdk23" framework from http://dl-xda.xposed.info/framework/ (I used v81)
UPDATE: There is now a system-less version v86, which may even support OTA upgrades of the system image. At the time of this last update, I used the version linked from http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268.
Download XposedInstaller_3.0-alpha4.apk from http://forum.xda-developers.com/showthread.php?t=3034811 and install
UPDATE: For the system-less Xposed version, instead use XposedInstaller_by_dvdandroid.apk from http://forum.xda-developers.com/xposed/unofficial-systemless-xposed-t3388268.
Install xposed-v86.1-sdk23-topjohnwu.zip via TWRP
6. Restore functionality relying on DRM credentials
Note: This is not necessary if you used alternative 3 for rooting above - that one already includes the DRM fix in the patched kernel image.
Using TWRP flashed in the step before, flash the ZIP to patch Sony credentials checks from http://forum.xda-developers.com/xperia-z5/development/sony-credentials-restore-unlocking-t3296383 .
Copy drmrestore.zip from above link to internal storage and install via TWRP
That's it!
Sorry, I have never been totally clear on the relationship of firmware and kernels. If I install .163 and go through all the root steps here, if I then install .185 will I no longer have root or will the kernel still be rooted? Or after I upgrade will I be required to go through the root process again? Or by chance is there just no root available for the .185 release yet? Thanks
I would like to make some observations to this useful post, because it seems there's a bit of confusion:
About point 2)
to backup TA partition, just connect the phone and run tabackup.bat from iovyroot zip .
It will execute adb commands automatically.
About point 3)
i would stick with Lollipop and unlock directly on Lollipop, there's no need to flash MM before. You need to flash a firmware using flashtool if you have already unlocked. Temporary root exploit does not alter in any way the current system.
About point 4)
All the modded kernels on xda seems to have dm-verity and sony ric disabled. Androplus kernel too ( https://kernel.andro.plus/kitakami_r2.html from the first changelog ). /system partition modification is also necessary for DRM restore functions.
I think that root priviledges for apps with DM-verity enabled on /system would be quite "dangerous". As soon as an app edit the system partition (just a simple mod), the phone would go in bootloop.
It's been one or two weeks since Tobias released a more advanced and updated technique to restore DRM functions, and just flashing a .zip is no more sufficient (now .zip flashing + .ftf flashing with flashtool)
The gold standard regarding the kernel part is:
-use a modded stock kernel (TWRP recovery and advanced DRM restore function included) following this guide:
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
-or use custom kernels like Androplus,... (TWRP might or might not be included) and then restore DRM functions following the instructions from the same post above (drmonly command from the package)
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Thank you for making a guide on Z5c forums. I've seen one only on z5 forums
Frontier3 said:
Sorry, I have never been totally clear on the relationship of firmware and kernels. If I install .163 and go through all the root steps here, if I then install .185 will I no longer have root or will the kernel still be rooted? Or after I upgrade will I be required to go through the root process again? Or by chance is there just no root available for the .185 release yet? Thanks
Click to expand...
Click to collapse
If you are on Lollipop, i suggest flashing directly MM .185 . If you are on MM .163 then flashing the whole firmware package will/could wipe everything, kernel included. I don't know exactly if the kernel from .163 is exactly the same as the one in .185. If your kernel gets wiped then root, DRM restore, TWRP would go away.
Let me explain: You need a modded kernel in order to install SuperSU, which gives root access to apps. SuperSU runs fine on many phones, Z5C MM included. If you upgrade using a .ftf file flashing, then the chance is high that you need to mod/install a custom kernel again, restore DRM functions and install SuperSU again.
If I root my phone, and then I turn it off and then on will the root still be usable?
What I'm asking is if its like iPhone's tethered and untethered jailbreaks?
I have rooted (unlocked bootloader), TWRP installed. How can I update to MM?
Many thanks for any help!
damn_son said:
If I root my phone, and then I turn it off and then on will the root still be usable?
What I'm asking is if its like iPhone's tethered and untethered jailbreaks?
Click to expand...
Click to collapse
Yes, it will be rooted, until you unroot!
Thanks for the tutorial.
Which region firmware should I choose for Canada? There's not even USA firmware available. Does it matter at all?
You mentioned using E5823_StoreFront_1299-6910_32.0.A.6.200_R2B to downgrade.
I'm currently on MM .185 Customized UK.
Does it matter what region I use?
fisheyes1 said:
You mentioned using E5823_StoreFront_1299-6910_32.0.A.6.200_R2B to downgrade.
I'm currently on MM .185 Customized UK.
Does it matter what region I use?
Click to expand...
Click to collapse
You'd have to go back to an exploitable firmware. Version working are mentioned here: http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
In the Z5c case E5823_StoreFront_1299-6910_32.0.A.6.200_R2B is the best solution IMO
ninestarkoko said:
I would like to make some observations to this useful post, because it seems there's a bit of confusion:
About point 2)
to backup TA partition, just connect the phone and run tabackup.bat from iovyroot zip .
It will execute adb commands automatically.
Click to expand...
Click to collapse
As I used Linux, the .bat script won't be directly applicable. The commands listed in my post will work with all host OS. (This is in addition to my personal disinclination to execute downloaded scripts directly on my development host .)
ninestarkoko said:
About point 3)
i would stick with Lollipop and unlock directly on Lollipop, there's no need to flash MM before. You need to flash a firmware using flashtool if you have already unlocked. Temporary root exploit does not alter in any way the current system.
Click to expand...
Click to collapse
Fully correct. I was already on MM before starting the whole process, so I had to go back to LL first.
ninestarkoko said:
About point 4)
All the modded kernels on xda seems to have dm-verity and sony ric disabled. Androplus kernel too ( https://kernel.andro.plus/kitakami_r2.html from the first changelog ). /system partition modification is also necessary for DRM restore functions.
I think that root priviledges for apps with DM-verity enabled on /system would be quite "dangerous". As soon as an app edit the system partition (just a simple mod), the phone would go in bootloop.
It's been one or two weeks since Tobias released a more advanced and updated technique to restore DRM functions, and just flashing a .zip is no more sufficient (now .zip flashing + .ftf flashing with flashtool)
The gold standard regarding the kernel part is:
-use a modded stock kernel (TWRP recovery and advanced DRM restore function included) following this guide:
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
-or use custom kernels like Androplus,... (TWRP might or might not be included) and then restore DRM functions following the instructions from the same post above (drmonly command from the package)
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Click to expand...
Click to collapse
Many thanks for that correction - I was wrong to assume that dm-verity would still be intact with Androplus kernel. I have updated my post accordingly.
Would have been good for me, to have boot and recovery bold. Just recalled the fastboot flash boot command to flash the recovery over
besides that: *****
sudo fastboot flash boot boot.img
Flash recovery:
sudo fastboot flash recovery twrp-3.0-recovery.img
Click to expand...
Click to collapse
smartphone-tester said:
As I used Linux, the .bat script won't be directly applicable. The commands listed in my post will work with all host OS. (This is in addition to my personal disinclination to execute downloaded scripts directly on my development host .)
Fully correct. I was already on MM before starting the whole process, so I had to go back to LL first.
Many thanks for that correction - I was wrong to assume that dm-verity would still be intact with Androplus kernel. I have updated my post accordingly.
Click to expand...
Click to collapse
Great to see updates to the first post, it will be useful for many new Z5c users out there
hi, im new z5c user
just received it and ill take this tuto for the root
thank you
Hey quick question, what exactly is stored in the DRM keys? I heard it's no longer the low-light camera stuff, so what is? If it's not too relevant isn't it just much easier to OEM unlock on MM, flash twrp and supersu (do you need the custom kernel to do so, btw?) and be done with it?
ApplepieFTW said:
Hey quick question, what exactly is stored in the DRM keys? I heard it's no longer the low-light camera stuff, so what is? If it's not too relevant isn't it just much easier to OEM unlock on MM, flash twrp and supersu (do you need the custom kernel to do so, btw?) and be done with it?
Click to expand...
Click to collapse
Some Sony-proprietary functions are dependent on the keys (e.g. low-light algorithms in the stock camera, seemingly also some screen optimizations, or potentially also stuff like screen mirroring - although I have not tried myself what is missing without real/fake DRM keys) as well as DRM management via Widevine. With the restore patches, you get most of the Sony functionality back even when the keys themselves have been deleted. Widevine might not work without the original keys available.
I just have a question cause I seem to be getting 0 answers elsewhere.
I want the latest lollipop on my Z5C and NOT Marshmallow. I believe it's the 32.0.A.6.200 build.
Anyway, I thought I could update to it like OTA, only not all the way to MM but staying at LP. Do I have to unlockbootloader, root and then use flashtool with the 32.0.A.6.200 build (which I've founda few online)? Is there no way to just install it like a "normal" update as I am currently still on stock 32.0.A.4.11. Is my only salvation to unlock bootloader, root and install the update?
You shouldn't have to unlock or root to use flash tool to flash 32.0.A.6. 200
Ive tried multiple different versions now, but it always stop at "Processing modem.sin", even tried leaving it for 20min. No results.
Anyone with a solution?
Edit: Also tried it on my macbook, same problem!
To clarify: Talking about downgrading to .200
It is not clear to me to try it and I doesnt want to brick my handy. Any way to make a video tutorial, including all, unlocking BL, backuk and restore DRM and also a way to turn back the device to a stock rom, for a warannty purposes (my camera is very very bad).
Thank you.
Sorry guys, but just to confirm: if I manage to successfully back up my TA partition, I can always go back and re-lock the boot loader, right? I am also skeptical about voiding warranty Sony speaks about on their corresponding web site. Do you think they save a record whenever someone requests an unlock code from them? In other words, if I need to restore stock ROM and TA partition later on (e.g. due to RMA), would it be possible for my vendor (Telekom) to check with Sony if I have ever unlocked my boot loader?
Many thanks for your great work!
I rooted my phone following the guide from user "smartphone-tester". I wanted to update his post as there were 1 or 2 mistakes, and shorten in to make rooting seem a little less scary. His original post is here: http://forum.xda-developers.com/z5-compact/general/summary-tutorial-root-sony-xperia-z5-t3360515
STEP 1 Backup your device
Move everything you want to keep onto the SD card or your PC. Your phone will be completely wiped.
STEP 2 Downgrade to exploitable firmware release
2.1 Download XperiFirm from http://forum.xda-developers.com/crossdevice-dev/sony/pc-xperifirm-xperia-firmware-downloader-t2834142
2.2 In XperiFirm - download firmware build 32.0.A.6.200 with XperiaFirm (E5823_StoreFront_1299-6910_32.0.A.6.200_R2B)
2.3 Download flashtool from http://www.flashtool.net/index.php(get latest version)
2.4 In Flashtool - Create FTF file. Select Tools->Bundles->Create
2.5 In FlashTool - Flash the FTF in flashmode. Make sure to select the checkboxes under Wipe. (Takes 10 minutes)
STEP 3 TA / DRM Keys Backup and root current firmware
3.1 Download Ivy Root http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
3.2 Connect your phone in ADB mode, in a command window run:
adb push "root/iovyroot" "/data/local/tmp/iovyroot"
adb push "root/backup.sh" "/data/local/tmp/backup.sh"
open shell: adb shell
chmod 777 /data/local/tmp/iovyroot
chmod 777 /data/local/tmp/backup.sh
mkdir /data/local/tmp/tabackup
/data/local/tmp/iovyroot /data/local/tmp/backup.sh
exit
adb pull "/data/local/tmp/tabackup/"
STEP 4 UPGRADE TO LASTEST ANDROID (6.01)
4.1 In XperiFirm - download firmware 32.2.A.6.224 (get the build for your model, mine is E5823_Customized TW_1298-7315_32.2.A.0.224_R9C)
4.2 In Flashtool - create FTF file from E5823_Customized TW_1298-7315_32.2.A.0.224_R9C and flash in flashmode.
4.3 In your phones setting, under develop options - select "Enable OEM Unlock"
4.4 Unlock your bootloader by following these steps excactly :http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/
STEP 5 ROOT ANDROID 6.01
5.1 Download SuperSu 2.74 or greater. Copy the zip file onto your Z5 Compacts internal storage https://download.chainfire.eu/964/SuperSU/BETA-SuperSU-v2.74-2-20160519174328.zip
5.2 In Flashtool -> Tools -> SIN Editor , then extract the kernel from kernel.sin in the directory created by XperiFirm when you downloaded 32.2.A.6.224. It creates an .elf file
5.3 Download rootkernal tool from http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605 extract the zip into a folder, then copy the .elf file into the folder
5.4 In a cmd window go into your extracted rootkernal folder, run the command: rootkernel kernel.elf kernel-patched.elf
5.5 When rootkernel is running, select Disable Sony RIC, install TWRP, install busybox, install DRM fix
5.6 Put your phone into fastboot mode (Turn off phone, hold volume up and plug in USB)
5.7 Flash your patched Kernel to your phone with this command: fastboot flash boot kernel-patched.elf
5.8 Go Into TWRP(unplug usb, turn phone on, then keep hitting volume up until phone goes into TWRP)
5.9 Install SuperSu : Select Install, Select SuperSU zip --> systemless mode
STEP 6
6.1 Restart your Device and your done!
DRM KEYS: While we did make a backup for the TA partition containing the DRM keys, this tutorial did not explain how to restore that because in STEP 5 when patching the kernel we selected to use the DRM Fix. This DRM Fix should be good enough - as everything on my phone is working 100%, but should you ever need to restore your TA partition in the future you have your backup.
nice
you should make a video on how to do this (this is my 1st time rooting and i am completely lost)
I'm an occasional user of all those rooting methods. Here I'm fairly stuck at the Iovyroot step.
I was able to unlock bootload, to flashboot the thing, to even revert to 5.1.1, but then, at the Iovyroot step, I can no long see where to open the cmd. Even when I enter adb devices or android devices, nothing is shown. Although I changed the path in the variables.
I'm getting frustrated big time with the lack of user friendly infos on those tutos. Half of the stuff I had to search for third party tutos to understand how I should go to the next step. Please, help someone who doesn't have his translator on.
EDIT: Well, in the end I couldn't do the backup part, but I just did the rooting and the phone seems all good. Powerful and versatile tool in my pocket, I'm pretty satisfied. Thank you for the tuto, be more user friendly though next time. Some people come here with little knowledge, they need to find their way properly.
Why so many steps when all you have to do is unlock the bootloader, flash twrp and that's it? I rooted on lollipop so I'm confused where it git so complicated.
civicsr2cool said:
Why so many steps when all you have to do is unlock the bootloader, flash twrp and that's it? I rooted on lollipop so I'm confused where it git so complicated.
Click to expand...
Click to collapse
The tutorial covers backing up the TA partition that holds the Sony DRM stuff that's used by the camera (and maybe some other stuff).
This is "just in case" the DRM work around stops working, or if something in the future requires the actual TA partition to have the data there.
If you don't care about anything that is affected by the DRM stuff and don't care that not having a backup could prove to be detrimental in the future, you do only need the few steps of 1) unlock bootloader, 2) flash twrp, 3) flash supersu.
what are those step exactly (sorry new to this)
---------- Post added at 03:47 PM ---------- Previous post was at 03:31 PM ----------
I am stuck on "2.5 In FlashTool - Flash the FTF in flashmode. Make sure to select the checkboxes under Wipe. (Takes 10 minutes)" all i get is a window with source folder, device, branding, version. and I don't see the word wipe at all
greenkabbage said:
The tutorial covers backing up the TA partition that holds the Sony DRM stuff that's used by the camera (and maybe some other stuff).
This is "just in case" the DRM work around stops working, or if something in the future requires the actual TA partition to have the data there.
If you don't care about anything that is affected by the DRM stuff and don't care that not having a backup could prove to be detrimental in the future, you do only need the few steps of 1) unlock bootloader, 2) flash twrp, 3) flash supersu.
Click to expand...
Click to collapse
Gotcha. I see no reason to worry about backing up ta, the fix has been working for nearly 7 months and no reported troubles
ISO_Metric said:
you should make a video on how to do this (this is my 1st time rooting and i am completely lost)
Click to expand...
Click to collapse
If this rooting turortial is too difficult try this: http://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294
With this app, you can fully debloat your phone on a completely stock firmware, locked bootloader etc. Because its your phone is not rooted though, you cannot get Xposed framework or CM13, or other advanced stuff - but for those of us who wanted root just to clean up our devices - this method is definitly the best!
1|[email protected]:/ $ /data/local/tmp/iovyroot /data/local/tmp/backup.sh
iovyroot by zxz0O0
poc by idler1984
Error: Device not supported
Someone knows ho to solve this error in step 3.2? Thank you in advance for the help
can I do this tutorial with 32.0.A.6.152 in step 2 and 32.2.A.0.256 in step 5 ?
sheraro said:
can I do this tutorial with 32.0.A.6.152 in step 2 and 32.2.A.0.256 in step 5 ?
Click to expand...
Click to collapse
There is a .256 firmware?
flopower1996 said:
There is a .256 firmware?
Click to expand...
Click to collapse
sorry .253 , I found that iovyroot works only with .200 for E5823 so never mind
Hi all, sorry for the dumb question, but is there any hope for a root without the bootloader unlocked?
gabbodj95 said:
Hi all, sorry for the dumb question, but is there any hope for a root without the bootloader unlocked?
Click to expand...
Click to collapse
No
Thank you
Hi @Dean F , I appreciate your effort to simplify the steps here as it's a bit messy from the original post.
I've been rooting from Xperia Ray to Xperia Z1 but Z5 have been very challenging for me probably due to the lack of understanding from "How to root post" before you actually made this one.
Thank you my friend :good:
Pardon me for being an idiot
Hello Dean F!
Thanks for this tutoial. But before I'll try this, I have two quetions:
1) How do I use your steps WITH restoring the backuped TA-partition?
2) Is the descriped process also usable with a Xperia Z3 Tablet?
Thanks and greetings from GErmany
"klausstoertebeker"
hi,
i cannot download 32.0.A.6.200_R2B from XperiFirm,
"unable to read data from the transport connection: The connection was closed."
i tried like 10 times, and always same i cannot download until done,
are you or member in here know where i can download firmware 32.0.A.6.200_R2B (E5803) for unlock and rooting my phone?
thankyou very much
nb: sorry for my bad english.
bintangsofyan said:
hi,
i cannot download 32.0.A.6.200_R2B from XperiFirm,
"unable to read data from the transport connection: The connection was closed."
i tried like 10 times, and always same i cannot download until done,
are you or member in here know where i can download firmware 32.0.A.6.200_R2B (E5803) for unlock and rooting my phone?
thankyou very much
nb: sorry for my bad english.
Click to expand...
Click to collapse
Hi, you should download the AU Telstra. That's the only working one for that firmware. You can check the firmware of AU Telstra to double confirm if it's the right firmware.
How to root 32.0.A.6.200 please?
=========================How To Backup/Restore TA Partition And Root The Device?=======================
=========Basic Questions/Answers Related To Sony Mobiles=========
1) What Is TA Partition?
A) Sony Xperia devices store all the precious information regarding warranty status, DRM keys, etc. into a partition called â??TAâ?Â, and fortunately you can backup this TA partition before unlocking the Bootloader on your Xperia device and restore it when needed.
2) What are DRM keys?
A) DRM keys are the unique keys that enables advanced technologies like the BIONZ image processor ,X-Reality Engine etc..
3) What Happens If You Unlock Bootloader?
A) When you unlock Bootloader,the TA Partition is formatted as a result the DRM keys are lost thus we will lose technologies like the BIONZ image processor ,X-Reality Engine etc..
4) What Is DRM Fix?
A) DRM Fix is a tool that to restore the lost functions.
*******************************************************************************************************************************
===================================How To Backup TA Partiton==================================
"iovyroot" A developer has developed a tool for backing up the TA Partiton. Unfortunatly it works only on Lollipop Kernel so you will have to downgrade to Lollipop.
Downgrading To Lollipop
* Download Flashtool and install it
* Download firmware from below link :
https://goo.gl/MJSEJd
* Start Flashtool
* Click on the lightning bolt icon
* Select "Flashmode"
* Locate the Lollipop firmware you have downloaded and select it.
* In the Wipe Option Select all the partitons. (Otherwise things will crash a lot and you won't get into the phone properly.)
* Turn off the phone.
* Wait for Flashtool to finish preparing the files.
* When prompted, hold "volume DOWN" button while plugging in the USB.
* Wait for it to finish.
* Once finished reboot the device.
Backing Up TA Partiton
Now that you're on Lollipop, you can use iovyroot. With this we can gain temporary root access and dump the TA partition to a file. This file is what we use to restore the DRM keys to your device after it's been wiped by unlocking the bootloader.
*Extract iovyroot_v0.4.zip and run "tabackup.bat"
Once it's done, you should have a TA-####.img file which sorta looks like "TA-16042016.img" and is approximately 2mb in size. That's your TA backup done and dusted!
Keep it safe somewhere.
===================================Unlocking The Booloader======================================
* Go to Settings > Developer options
* Tick "Enable OEM unlock"
* Open up a browser on your computer and follow the instructions at Sony's developer website.
* After receiving your email, entering your IMEI number and accepting some user conditions will provide you with an unlock code.
* Turn off your phone.
* In Flashtool, click on "BLU"
* Hold "volume DOWN" on your phone and plug it into the computer.
* When prompted, release volume down and unplug.
* Hold volume UP and plug it back in.
* You should now get a dialog which lets you enter an unlock code.
* Paste in the unlock code and click "Unlock".
* Wait for the phone to finish doing it's thing and restart.
===================================Rooting The Device==================================
* Download Latest AndroPlus Kernel From The Below Link:
https://goo.gl/mHJOFN
* Extract the zip file and find boot.img
* Flash the boot.img using cmd and fastboot.
Then,
* Download TWRP Recovery from Below Link :
https://goo.gl/AQ9Edi
* Flash the TWRP Recovery using cmd and fastboot.
* Now Download Latest SuperSu From Below Link :
http://download.chainfire.eu/supersu
* Transfer the file in to the device.
* Now Reboot the device.
* When booting press the volume rockers to access TWRP Recovery.
* Click Install and Flash the SuperSU zip file.
That's It ! You have rooted your device !
===================================How To Restore TA Partiton?==================================
Note : Restoring TA Partiton Will Re-Lock The Boot-Loader And You Will Loose Root Access.
* Copy your TA partition backup to the TA tool's extracted folder.
* Connect your device with USB Debugging Enabled
* Open up a command prompt to the extracted folder and type in the following:
tarestore.bat {Your TA Backup File}
Example :
tarestore.bat TA-14102016.img
This new restored TA partition should persist across device wipes and Android upgrades.
===================================How To Upgrade Your Device?==================================
* Download and install Flashtool.
* You will find a XperiFirm icon on the tool. Click it and download the latest firmware of your device.
As your download completes the tool automatically creates ftf file.
* Now click on the lightning bolt icon on the Flashtool.
* Select the Flashmode.
* Now,Select The Firmware.
* Tick all the boxes under Wipe.
Note: If you don't want to wipe user data then exclude userdata from ticking.
* Click on Flash
* Connect your device in flashmode when prompted.
* Wait for the firmware to flash and reboot once done!
That's it.
Please Hit Thanks If Helped
Thank You!
***********************************************************************************************************************
Thanks iovyroot for the tool.
Thanks XperiaBlog for the firmware.
Thanks a lot for this Tuto,
I think I will ry after work....
TA restoring can be done even if I want to use custom roms?
Can I use stock .305 and your kernel : Customized Stock Kernel {32.2.A.0.305 - 6.0.1} {Update} by heptyle to have directly root and TWRP after unlocking BL ?
mickael91210 said:
Thanks a lot for this Tuto,
I think I will ry after work....
TA restoring can be done even if I want to use custom roms?
Can I use stock .305 and your kernel : Customized Stock Kernel {32.2.A.0.305 - 6.0.1} {Update} by heptyle to have directly root and TWRP after unlocking BL ?
Click to expand...
Click to collapse
Yes, you can restore TA at any time. Install and try as many roms as you want. Also you can use the kernel directly for root and twrp.
Thank You!
I use E5803. Is it ok if i use ur tft file to roll nack to lollipop? If ok will i loose my finger print scanner? How do i get it back? Thanks
paq1170 said:
I use E5803. Is it ok if i use ur tft file to roll nack to lollipop? If ok will i loose my finger print scanner? How do i get it back? Thanks
Click to expand...
Click to collapse
I think it will work with E5803 too. Even if you loose fingerprint scanner you can upgrade to marshmallow after backuping the TA partition.
Hello and sorry for noob questions...
I backed up my ta partition and I updated phone to .305...
Now :
Is it possible to unlock bootloader with Sony's site? I think yes but after:
Will it be possible to restore ta partition with adb commands in the thread?
And Will it be possible to root the device with your kernel?
Thanks a lot
Mickael
Envoyé de mon D5803 en utilisant Tapatalk
mickael91210 said:
Hello and sorry for noob questions...
I backed up my ta partition and I updated phone to .305...
Now :
Is it possible to unlock bootloader with Sony's site? I think yes but after:
Will it be possible to restore ta partition with adb commands in the thread?
And Will it be possible to root the device with your kernel?
Thanks a lot
Mickael
Envoyé de mon D5803 en utilisant Tapatalk
Click to expand...
Click to collapse
Yes, now you are very safe as you have backed up the TA Partition .
Now,you can unlock bootloader from Sony's official site.
You can restore TA partition at any time.
You may install the kernel for root access,twrp recovery and all other features.
Thank You!
mickael91210 said:
Hello and sorry for noob questions...
I backed up my ta partition and I updated phone to .305...
Now :
Is it possible to unlock bootloader with Sony's site? I think yes but after:
Will it be possible to restore ta partition with adb commands in the thread?
And Will it be possible to root the device with your kernel?
Thanks a lot
Mickael
Envoyé de mon D5803 en utilisant Tapatalk
Click to expand...
Click to collapse
Yes, go ahead and unlock your bootloader if you want. Just make sure that you have your TA backup.
Will it be possible to restore ta partition with adb commands in the thread?
Click to expand...
Click to collapse
Yes, but bootloader will be locked again if you restore your TA partition. And the TA partition is a dangerous part, make sure your backup of TA partition is not corrupted or damaged before doing it.
And Will it be possible to root the device with your kernel?
Click to expand...
Click to collapse
Take a look here, if you repack the stock kernel with this script, you'll be able to root by flashing the supersu zip via the TWRP recovery. You can also reactivate your original device key (from your TA partition) too.
ipromeh said:
Yes, but bootloader will be locked again if you restore your TA partition. And the TA partition is a dangerous part, make sure your backup of TA partition is not corrupted or damaged before doing it.
Click to expand...
Click to collapse
Is it really right? because if I have bootloader locked again I couldn't root ?
How can I check if TA backup is not corrupted? I had a succesfullness message after the backup?
ipromeh said:
Take a look here, if you repack the stock kernel with this script, you'll be able to root by flashing the supersu zip via the TWRP recovery. You can also reactivate your original device key (from your TA partition) too.
Click to expand...
Click to collapse
I thought that the heptyle's kernel will do all alone. Am I wrong?
mickael91210 said:
Is it really right? because if I have bootloader locked again I couldn't root ?
How can I check if TA backup is not corrupted? I had a succesfullness message after the backup?
I thought that the heptyle's kernel will do all alone. Am I wrong?
Click to expand...
Click to collapse
Yes,the kernel would do all. Don't worry!
There is no chance for getting the backup corrupted as you have followed steps clearly and got successful message.
I am on e5803 I rolled back to discuss lollipop firmware, now I am confused in restoring my TA. My phone now gets so hot just by texting, I tried ur above kernel(don't If I used the right one) my phone will not turn on. I give up trying to root Sony! I have rooted every other phone with out this hassle. Pls I need a detailed instruction on how to EASILY restore my TA and an ftf for e5803. Pleeeeeeese. I am a Sony nooob
paq1170 said:
I am on e5803 I rolled back to discuss lollipop firmware, now I am confused in restoring my TA. My phone now gets so hot just by texting, I tried ur above kernel(don't If I used the right one) my phone will not turn on. I give up trying to root Sony! I have rooted every other phone with out this hassle. Pls I need a detailed instruction on how to EASILY restore my TA and an ftf for e5803. Pleeeeeeese. I am a Sony nooob
Click to expand...
Click to collapse
You flashed .305 kernel on Lolliop that's the reason. Just reinstall the stock firmware again and have a TA Backup or if you have fed up rooting then Use flashtool and xperifirm and upgrade to latest .305 firmware.
I'm a bit confused. When I first bought my Xperia Z5C, I immediately backed up the DRM Keys/TA Partition. I unlocked the bootloader and later installed AndroPlusKernel which included the DRM fix. Upon checking the bootloader unlocked status, it says "Bootloader unlock allowed: Yes" Is that due to the DRM fix? Do I still need to restore my TA partition?
iArvee said:
I'm a bit confused. When I first bought my Xperia Z5C, I immediately backed up the DRM Keys/TA Partition. I unlocked the bootloader and later installed AndroPlusKernel which included the DRM fix. Upon checking the bootloader unlocked status, it says "Bootloader unlock allowed: Yes" Is that due to the DRM fix? Do I still need to restore my TA partition?
Click to expand...
Click to collapse
As you have applied kernel with drm fix you don't have to restore the TA Partiton.
heptyle said:
You flashed .305 kernel on Lolliop that's the reason. Just reinstall the stock firmware again and have a TA Backup or if you have fed up rooting then Use flashtool and xperifirm and upgrade to latest .305 firmware.
Click to expand...
Click to collapse
Pls can u give me a link to the right kernel, I didn't know I was flashing a marshmallow kernel.
paq1170 said:
Pls can u give me a link to the right kernel, I didn't know I was flashing a marshmallow kernel.
Click to expand...
Click to collapse
Download the stock firmware from below thread and flash it using Flashtool.
http://forum.xda-developers.com/z5-compact/general/stock-firmware-32-0-6-200-t3479713
Hi guys, I can't get iovyroot to see my device...
error: device not found
What am I doing wrong chaps?
Flashing went smoothly but...
l33boy said:
Hi guys, I can't get iovyroot to see my device...
error: device not found
What am I doing wrong chaps?
Click to expand...
Click to collapse
Did you enable USB Debugging from developer option?
Check whether the drivers are installed correctly.
If not
Download and install it from here :
http://developer.sonymobile.com/downloads/drivers/xperia-z5-compact-driver/
heptyle said:
Did you enable USB Debugging from developer option?
Check whether the drivers are installed correctly.
If not
Download and install it from here :
http://developer.sonymobile.com/downloads/drivers/xperia-z5-compact-driver/
Click to expand...
Click to collapse
Yep, USB debug is set.
and it flashed OK and I can see the phone in windows explorer
l33boy said:
Yep, USB debug is set.
and it flashed OK and I can see the phone in windows explorer
Click to expand...
Click to collapse
Can you send me the screen shot of windows device manager.
Hi,
I'll received my XC this week, and I'd like to root it.
I don't want a custom ROM, but just a stock one with xposed and remove some bloatwares.
Here are my needs:
keep DRM
latest stock rom
twrp
untouched system partition
easy OTA
XC Genesis kernel
xposed + module
Do you think it possible to achieve such a configuration?
How-to?
Thanks
EDIT: I'll update this post to make it an HOW-To for futures users with same questions.
Assuming you're unable to unlock your BL the steps are as follows...
Flash back to 198.
Backup your TA.
Unlock your BL
Update to 311
Extract kernel - ftf/sin/elf
Run elf through Rootkernel_v5.23 - (In cmd prompt window - rootkernel kernel.elf boot.img)
Create DK ftf with Rootkernel_v5.23 (In cmd prompt window - flash_dk TA-19022017.img DK.ftf)
Flash new boot.img
Flash TWRP.img
Flash Super User zip
Flash DK.ftf with Flashtool 9.22
...and that should be it.
Latest stock Rom + xposed will not be possible...
mika91 said:
Hi,
I'll received my XC this week, and I'd like to root it.
I don't want a custom ROM, but just a stock one with xposed and remove some bloatwares.
Here are my needs:
keep DRM
latest stock rom
twrp
untouched system partition
easy OTA
XC Genesis kernel
xposed + module
Do you think it possible to achieve such a configuration?
How-to?
Thanks
EDIT: I'll update this post to make it an HOW-To for futures users with same questions.
Click to expand...
Click to collapse
Forget about OTA when rooted...
I though that using xposed leave the system partition untouched, so OTA updates are possible...
mika91 said:
I though that using xposed leave the system partition untouched, so OTA updates are possible...
Click to expand...
Click to collapse
OTA is not possible once bootloader is unlocked. System partition touched or not played no role.
ok.
So if I want root the XC, I have to unlock the bootloader, loose DRM and ota?
How is the camera quality without the drm keys?
Thanks
mika91 said:
ok.
So if I want root the XC, I have to unlock the bootloader, loose DRM and ota?
Click to expand...
Click to collapse
See my post to get a rooted stock with DRM.
mika91 said:
ok.
So if I want root the XC, I have to unlock the bootloader, loose DRM and ota?
How is the camera quality without the drm keys?
Thanks
Click to expand...
Click to collapse
You HAVE to unlock. There is NO root on LOCKED bootloader.
Unlocking bootloader deletes TA partition, containing DRM keys. You should BACKUP your TA partition BEFORE unlocking using DirtyCow Backup tool from Sony Cross Devices forum.
After unlocking, you can either flash kernel that supports DRM patching either by using fake DRM libraries, or your real DRM keys, either flashed in alternative location (see RootKernel tool in Z5 forums, works on almost all modern Xperias) or PoC TA tool from Sony Cross devices, that mounts your TA backup as TA partition, therefore your phone looks as having DRM keys and locked.
XperienceD said:
Assuming you're unable to unlock your BL the steps are as follows...
Flash back to 198.
Backup your TA.
[*]Unlock your BL
[*]Update to 311
[*]Extract kernel - ftf/sin/elf
[*]Run elf through Rootkernel_v5.23 - (In cmd prompt window - rootkernel kernel.elf boot.img)
[*]Create DK ftf with Rootkernel_v5.23 (In cmd prompt window - flash_dk TA-19022017.img DK.ftf)
[*]Flash new boot.img
[*]Flash TWRP.img
[*]Flash Super User zip
[*]Flash DK.ftf with Flashtool 9.22
...and that should be it.
Click to expand...
Click to collapse
Would you mind detailing a bit more those steps, especially the first 2? Im coming from a really old phone so im still a bit lost. (where can i learn about ftf/sin/elf?)
How can we flash back to 198? Flashing doesnt require an unlocked BL, wich to be achieved deletes your TA?
im on a brand new X Compact, 7.0 (34.2.A.0.292), secure patch 01/01/17
managed to get flashtool, adb/fastboot and Universal TA Backup v2 on my pc but no dice on TA backup yet
fredsky2 said:
Would you mind detailing a bit more those steps, especially the first 2? Im coming from a really old phone so im still a bit lost. (where can i learn about ftf/sin/elf?)
Click to expand...
Click to collapse
Sure. You don't really need to learn about those stuff but is handy to know, you'll pick stuff up along the way. They are basically firmware files.
fredsky2 said:
How can we flash back to 198? Flashing doesnt require an unlocked BL, wich to be achieved deletes your TA?
Click to expand...
Click to collapse
Open the flashtool and run Xperifirm (icon with XI) on it, then browse to the XC, then click on F5321 and it will load up the different regions and available firmware. If you click on "check all" it will then show which FW is available to download, Central Europe 5 still shows as 198, so you need to select it on the right of the screen under the picture of the phone, it will then download and it's simply a matter of following the instructions to flash it.
fredsky2 said:
im on a brand new X Compact, 7.0 (34.2.A.0.292), secure patch 01/01/17
managed to get flashtool, adb/fastboot and Universal TA Backup v2 on my pc but no dice on TA backup yet
Click to expand...
Click to collapse
When you get 198 on your phone then you'll be able to back your TA. If you get stuck give us a shout.
XperienceD said:
Sure. You don't really need to learn about those stuff but is handy to know, you'll pick stuff up along the way. They are basically firmware files.
Open the flashtool and run Xperifirm (icon with XI) on it, then browse to the XC, then click on F5321 and it will load up the different regions and available firmware. If you click on "check all" it will then show which FW is available to download, Central Europe 5 still shows as 198, so you need to select it on the right of the screen under the picture of the phone, it will then download and it's simply a matter of following the instructions to flash it.
When you get 198 on your phone then you'll be able to back your TA. If you get stuck give us a shout.
Click to expand...
Click to collapse
Thank you, i was able to successfully backup my TA earlier yesterday. But now im struggling with how to restore it in MM 6.0.1 (34.1.A.1.198).
I've read that i'll need a custom kernel for that (and to get TWRP+supersu+magisk+xposed) but im unsure if i should use Genesis (probably unsuported but the only one that says it'll restore MY TA) or Advanced Stock Kernel from Androplus. Ive read that messing with TA can hardbrick my phone so im trying to be extra careful.
atm im following ondrejvaroscak's quickrecap to make sure everything goes smooth with my TA keys and then i plan to downgrade to 6.0, install Advanced Stock Kernel, supersu 2.79 and magisk and then pray for the best (without reflashing my own DK.ftf?)
fredsky2 said:
Thank you, i was able to successfully backup my TA earlier yesterday. But now im struggling with how to restore it in MM 6.0.1 (34.1.A.1.198).
Click to expand...
Click to collapse
Download Flashtool 9.22.3 and flash your DK.ftf, flashing with a newer version doesn't work, you should then be able to verify it's worked in the service menu.
fredsky2 said:
I've read that i'll need a custom kernel for that (and to get TWRP+supersu+magisk+xposed) but im unsure if i should use Genesis (probably unsuported but the only one that says it'll restore MY TA) or Advanced Stock Kernel from Androplus. Ive read that messing with TA can hardbrick my phone so im trying to be extra careful.
Click to expand...
Click to collapse
You can use the RootKernel tool to modify your own kernel, extract the kernel.sin from the ftf with a zip program, then use the flashtool to extract the kernel.elf, Tools-Sin Editor-Extract Data then run it through the RootKernel tool and flash the boot.img it creates, then flash TWRP separately to the recovery partition which will allow you then to flash SuperSU.
SuperSU and BusyBox are the only options I didn't include when creating my kernel. Others will have to help with the other two things you want as I refuse to use them.
XperienceD said:
Download Flashtool 9.22.3 and flash your DK.ftf, flashing with a newer version doesn't work, you should then be able to verify it's worked in the service menu.
You can use the RootKernel tool to modify your own kernel, extract the kernel.sin from the ftf with a zip program, then use the flashtool to extract the kernel.elf, Tools-Sin Editor-Extract Data then run it through the RootKernel tool and flash the boot.img it creates, then flash TWRP separately to the recovery partition which will allow you then to flash SuperSU.
SuperSU and BusyBox are the only options I didn't include when creating my kernel. Others will have to help with the other two things you want as I refuse to use them.
Click to expand...
Click to collapse
Thanks again. I was worried that the drm-fix from the kernel editing tool could corrupt my TA partition but thankfully i was wrong on that .
Im now at MM 6.0, original DRM keys, TWRP, xposed, rooted with magisk and im almost sure that with busybox. Why do you refuse to use them? Just curious!
Thanks a lot for your help, cheers
fredsky2 said:
Thanks again. I was worried that the drm-fix from the kernel editing tool could corrupt my TA partition but thankfully i was wrong on that .
Click to expand...
Click to collapse
I flashed a kernel I made with the Rootkernel tool without the drm fix but it showed some mumbo jumbo where it should say ok and provisioned, included the drm fix in the next one and it worked fine then.
fredsky2 said:
Im now at MM 6.0, original DRM keys, TWRP, xposed, rooted with magisk and im almost sure that with busybox. Why do you refuse to use them? Just curious!
Thanks a lot for your help, cheers
Click to expand...
Click to collapse
You're welcome. I refuse because I prefer to know how to mod apks directly and I found Xposed to be quite buggy. I can see the benefits, it's just not for me.