Database Users

[Tool] [Unmaintained] dd Flasher (v2.0 beta)

Due to new security measures added on recent Android versions (mainly dm-verity), using dd Flasher on newer devices or recent firmwares (Marshmallow, Nougat, etc) will certainly result in a bootloop. dd Flasher probably still works if you have a unlocked bootloader and a modified kernel disabling dm-verity, but due lack of free time and other priorities, this tool is currently unmaintained.
Introduction
This tool is a new version of Nicki Root (originally released for Xperia M), but now compatible with almost any device. The purpose of dd Flasher is keeping root access in any firmware version assuming your device already have an exploitable firmware...
How it works?
Sony updates are packed in .sin files, generally stored in FTF packages. Using FlashTool, you can get an image of the system partition (system.ext4) of the latest firmware available, which is sideloaded into your device by dd Flasher. Next, it'll mount the update image (system.ext4) in a loop device, place SuperSU binaries (and when needed, disable RIC protection) and after that, stop all running processes and "flash" the modified image back into your device by using dd binary.
After dd Flasher finishes its work, all you need to do is rebooting your device into flash mode in order to flash the rest of the FTF file (excluding system partition, of course) with FlashTool. In the end, your device will be running the latest available firmware with full root access, making dd Flasher extremely useful for devices with locked bootloader that have exploitable firmwares but lack recoveries or other means to get root access.
Requirements
• Your device must already have root access. You can downgrade to an older firmware and root it with some known exploit, if needed. Also, if you don't have root access, dd Flasher won't work at all.
• You will need FlashTool and an FTF file of the firmware version you want to upgrade your device to.
• Your device should have enough free space to store system partition image of the update temporarily (around 1.5-2.5GB, depending of the device/firmware). At the moment you can store the image either on its Internal Storage or in external SD Card (when possible). USB OTG support is planned too.
• If pushing system image to SD Card, make sure your phone is connected in MTP mode (in Mass Storage mode only Internal Storage is accessible and dd Flasher will fail)
Instructions
Getting system partition image: FTF files are just ordinary .zip files with lots of .sin files inside, format commonly used by Sony in their firmwares for Xperia devices. We are interested in system.sin (it's the one with the partition image), to use it with dd Flasher, so:
• Open the FTF file with WinRAR or 7-Zip (or any other program compatible with .zip files);
• Extract system.sin somewhere you have easy access;
• Open FlashTool and go to Tools => SIN editor;
• A new window will open. Locate system.sin we extracted before, click in "Extract Data" and wait until FlashTool finishes extracting it
• If everything went well, now you should have a system.ext4 file in the same place you extracted system.sin before (you can already delete system.sin -- we won't need it anymore).
Using dd Flasher: now that we got our system partition image, we can move on to dd Flasher:
• If you didn't already have extracted dd Flasher somewhere, do it now (DUH!). Make sure FlashTool isn't running as well -- it's known to interfere with ADB interface;
• Move system.ext4 extracted previously to the same folder you've extracted dd Flasher (where dd_flasher.bat/dd_flasher.sh is located);
• Open dd_flasher.bat (or start dd_flasher.sh from a Terminal if you're on Linux) and follow the instructions. After selecting a storage device, dd Flasher will do its work;
• Please note some steps take a while to complete (mainly pushing the system image and flashing it), your device will look like it's dead and won't respond but don't worry, it's normal (on compatible devices the notification LED will pulse in different colors to indicate the the script is running);
• If everything went well, dd Flasher will notify you (and your notification light will be green, if compatible). After that, you'll need to power cycle the device, disconnect the USB cable and pull your battery off (if your battery is non-removable, use the Off/Reset microswitch). Wait some seconds and put your battery back but don't turn your device on yet.
Flashing the remaining with FlashTool: at this stage, your device have the latest firmware from the FTF you used and full root access but still have old versions of kernel, baseband, etc., so, trying to start your device now will probably result in a boot loop or something like that, so, let's finish it:
• Open FlashTool again and flash the FTF you used to extract system.ext4 in flash mode, however, make sure you've excluded SYSTEM, if you forget to do so, everything the tool did will be lost and you'll need to restart from the beginning;
• After flashing ends, disconnect the USB cable and start your phone. The first boot may take several minutes but if everything went well you should be now running the latest firmware, with full root access!
Compatibility
This tool uses an internal database to automatically set up everything needed in the officially supported devices, with at the moment are:
• Xperia E series (C1504, C1505, C1604, C1605)
• Xperia E3 series (D2202, D2203, D2206, D2212, D2243)
• Xperia M series (C1904, C1905, C2004, C2005)
What to do if my device isn't officially supported? dd Flasher also comes with a "default" config which is automatically selected when used in a unknown device. It should work by default in any Xperia (and may even work in devices from other brands), but if dd Flasher still refuses to work, PM me your device model and firmware version, I'll try to support it
FAQ
Soon
Credits
Although I wrote this script from scratch, it uses some pieces of code written originally by @zxz0O0, @[NUT] and @Chainfire, so, credits to them. I would like to thank also everyone who helped directly or indirectly in the conception of the original Nicki Root script, which became what we know today as dd Flasher
Changelog
Soon
Download
All currently released versions available in downloads tab.
XDA:DevDB Information
dd Flasher, Tool/Utility for the OEM Cross Device Development
Contributors
mbc07
Version Information
Status: Beta
Current Beta Version: 2.0
Beta Release Date: 2015-03-19
Created 2015-03-19
Last Updated 2015-03-19

Awesome!
Incredible!
Thanks for sharing this with the community.

Nice
Thanks for everything

Amazing
Thank you so much!

Who try it with android 5.0.2 of z2,z3,z3c,??? And is is full root, isn't it????

nhoc_huhu said:
Who try it with android 5.0.2 of z2,z3,z3c,??? And is is full root, isn't it????
Click to expand...
Click to collapse
Not ready yet =/
The current SuperSU package included in this beta version is unlikely to work in Lollipop -- I was working into that but it didn't made it into this beta. I'll try to get it ready for the stable version...

Error: can't stat '/data/local/tmp/ddFlasher/system/bin/sh':
Hallo,
i tried this on a xperia m (C1905) and get this error:
---------------------------------------------------
Initializing ADB [DONE]
Waiting for device [DONE]
Waiting root access [DONE]
Preparing script [DONE]
Pushing system image [DONE]
Stopping device [DONE]
Mounting system image [DONE]
Installing packages...
- SuperSU v2.46 (SELinux) cp: can't stat '/data/local/tmp/ddFlasher/system/bin/sh': No such file or directory
[DONE]
- Disable RIC (RAM Disk) [DONE]
Saving changes [DONE]
Flashing image [DONE]
System partition updated.
Reboot your phone into flash mode to finish.
NOTE: device won't respond in current state, that's
normal, pull your battery or use Off/Reset switch.
Press any key to exit...
--------------------------------------------
I used C1905_15.4.A.1.9_CE.ftf for the system.sin.
rootchecker says everything is fine but "folderMount", for example, dosnt work, it does a "hard" restart without request.... the screen went black and then reboots.
Before the rooting i also had 15.4.A.1.9 on the phone.
for "prerooting" i used towlroot v3
Could someone please help me with this.
I like to get more space for apps on the xperia m. with something like folderMount or swapinternal 2 external SD and i really tried a lot rooting technics and rootfixer and so on but nothing works.
its really frustrating.
kind regards
Oliver

olliD said:
rootchecker says everything is fine but "folderMount", for example, dosnt work, it does a "hard" restart without request.... the screen went black and then reboots.
Click to expand...
Click to collapse
You have partial root access, that's why the device reboots. I added that in to-do list, should be fixed in the stable release of dd Flasher. Since you have Xperia M, it's much easier and quicker to root it with TowelRoot and then applying the root fixer (there's a tutorial in Xperia M forums). In the meantime, if TowelRoot still fails, you can try again with the old Nicki Root, although old and not supported anymore, they should still work, at least with Xperia M...

What is the difference with the prfcreator tool?.cheers

juanpirulo said:
What is the difference with the prfcreator tool?.cheers
Click to expand...
Click to collapse
PRF Creator generates a flashable ZIP, you'll need a recovery to use it, differing from dd Flasher that archive this through ADB bridge, so, it works even if there's no recovery for your device...

Hi mbc07,
thanks for the reply.
I did this (with TowelRoot and then applying the root fixer (there's a tutorial in Xperia M forums).) several times. I have 2 Versions of the rootfixer on my pc in the moment, tried both but dosent work. I also looked for the tutorial you mentioned, but i didnt find it, sorry.
Could you please link to the tutorial or the correct rootfixer.
I just saw that i dont tell you that i have a locked bootloader, just for info.
kind regards
Oliver

Try this tutorial @olliD...

Got SuperSU v2.46 (SELinux) cp: can't stat '/data/local/tmp/ddFlasher/system/bin/sh': No such file or directory
and some related errors

[Guide]How to backup DRM, unlock and root(for noobs)

Hey friends! I was looking at this thread: http://forum.xda-developers.com/xperia-z5/general/guide-rooting-unlocking-bootloader-t3354307 and I decided to create my own thread about the same topic, however this thread is much more simplified and is for those people who are new to rooting Xperia smartphones.
So without further ado here are the steps
Part One: downloading prerequisites
in order to flash .ftf firmware files to downgrade your phone to lollipop for TA backup you will need.
1. Java JDK :
http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
2. XperiFirm(not neccesary if you plan to stay on LP)
http://forum.xda-developers.com/cro...xperifirm-xperia-firmware-downloader-t2834142
3. Flashtool
http://www.flashtool.net/downloads.php
4. Android SDK
http://developer.android.com/sdk/index.html#downloads
5. iovyroot(not necessary if you do not want to backup DRM)
http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
other prerequisites:
Patience
Mountain Dew or Starbucks
A small bit of knowledge on command line interfaces
Part Two: Downloading firmware
1. Open up XperiFirm
2. Select your device from the list
3. Select your model number(can be checked in Settings > about phone > Model Number
4. Pick your country and carrier(does'nt really matter, best firmware to use is UK customised and Singapore customised)
5. Click the latest release in 'available releases'
6. A dialogue should pop up, tick 'automatic unpack'
7. Wait for download to complete
Part 2.5: Creating FTF
Open up Flashtool
1. Click on tools > bundles > Create
2. Select the firmware folder
3. Double click on the Device section and select your device
4. Type in the firmware build number(at the end of the folder name) as for branding type in the country and carrier from which you downloaded the firmware from.
5. Go to file explorer and delete 'fwinfo.xml' from the firmware folder
6. IMPORTANT DO NOT TRANSFER THE FILES WITH A .TA FILE EXTENSION IT WILL BRICK YOUR DEVICE with that disclaimer out of the way go back to flashtool, transfer all the files using the arrows (except those with a .ta file extension)
7. Click create, you should be able to sit back and relax while it does its thing
Part Three: Downgrading firmware
Download the firmware here: http://www.xperiablog.net/forum/resources/xperia-z5_e6653_32-0-a-6-152_central-europe-5_generic.477/
1. Place the file in c: Users/*account name*/.flashtool/firmwares
Open up Flashtool
2. Press the lightning bolt icon
3. Choose Flashmode and click ok
4. choose the firmware you downloaded(Do not choose the one you created)
5. Tick "user data" in the box at the top right hand corner
6. Press flash and wait
Part Four: DRM backup and unlock
1.Extract iovyroot
2. make sure USB debugging and unknown sources are enabled
3. Open up backupdrm.bat and wait
4. make sure there are no errors before proceeding(this usually takes a couple of tries)
5. IMPORTANT keep a safe online backup of your DRM keys.
6. Open up flashtool
7. click on BLU
8. Go to http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/
9. Select your device and follow the instructions
9. after getting the unlock key, paste it inside the BLU dialogue in flashtool
10. wait, then profit!
11. now flash the .FTF that you created
12. boot your device into fastboot(plug in power cable and press vol down when your phone is switched off)
13. Download androplus kernel v23 and above from here: https://kernel.andro.plus/
14. Extract boot.img and put it in the android SDK inside of 'platform-tools'
15. Press shift+right click inside of the same folder
be sure to install xperia z5 fastboot drivers)
16. click 'open command window here'
17. run fastboot devices and make sure it detects your device
18. run this command here : fastboot flash boot boot.img
19. Reboot and DONE

Just a quick note, from my experience with downgrading in the past, you MUST wipe your user data, the phone won't boot else. This happened on multiple Sony phones with multiple different firmware versions.

gamer649 said:
Just a quick note, from my experience with downgrading in the past, you MUST wipe your user data, the phone won't boot else. This happened on multiple Sony phones with multiple different firmware versions.
Click to expand...
Click to collapse
I just corrected it, thanks for the quick note. Btw my z5 booted with minor issues when downgrading without wiping userdata

_LLJY said:
I just corrected it, thanks for the quick note. Btw my z5 booted with minor issues when downgrading without wiping userdata
Click to expand...
Click to collapse
Every other Sony phone I've owned (M, Z1 compact, Z2) refused to boot after a downgrade. The main thing to remember when downgrading is to take a backup before doing so to prevent data loss, I've experienced it myself firsthand so I know how stressful it can be.

In the TA backup part you should add a step to make sure the script actually worked and didn't stop with an error, before proceeding on to unlocking BL. I had to reboot my phone & run the script several times before successfully pulling it off.

Hello!
I'm new to the Sony family as you can see in my signature and I wouldn't call myself n00b, but the whole procedure with the extra partitions is so confusing! Thank you for trying to break it down!
the usual 3 step way (1 unlock bootloader, 2 flash recovery, 3 flash SuperSU) is still present but there are some other steps before them.
As i can understand, all the hassle is just for the backup of the TA partition.
I think that we must start with your step 3, just to avoid confusion such as the step 3.4. Please post a direct link to the firmware you suggest, I can't download it because it requires me to register there too.
Also, you should break the part 4 at the step 11. If I'm not mistaken, the order should be 1, 3, 4 (1-10), 2 , 2.5, 4 (11-19).

In the guide, restoring DRM keys also should be added. ?
Nice guide mate.
Sent from my E6683 using Tapatalk

DeathStroke said:
In the guide, restoring DRM keys also should be added. ?
Nice guide mate.
Sent from my E6683 using Tapatalk
Click to expand...
Click to collapse
Latest andro kernel have drm keys intergrated bro

working for e6633 dual ?

I had a doubt! On Part Three, can I use the given E6653 ftf for my E6683? Or I should download the .152 ftf for my exact device model i.e. E6683?
Help me bro @_LLJY

good guide
easy follow
had overheat problem i need help...!
any one please ?
updated from support ( device no pc)
after update full overheat on camera use

Can you guys please help me?
My friend got a 5803, I backed up his DRM keys and unlocked the bootloader but can't root it.
If someone could be so kind to help us it'll be great, I did it to my 6653 but for some reason I can't root this one.
Sent from my E6653 using XDA-Developers mobile app

i am trying to downgrade my z5 from 6.0.1 to a 5.1.1 ftf...but when i begin to flash it stops ERROR - processing of loader.sin finished with errors....please someone can help me?

feesta said:
i am trying to downgrade my z5 from 6.0.1 to a 5.1.1 ftf...but when i begin to flash it stops ERROR - processing of loader.sin finished with errors....please someone can help me?
Click to expand...
Click to collapse
Unpack firmware Ftf file with flashtool and see is there file called FWINFO.Delete this file and pack Ftf using Ftool and you will not have peoblems with flash.
Sent from my Sony Xperia Z5

Here is a stupid question, what now that i have don all steps? i still dont have cmw or root?

feesta said:
i am trying to downgrade my z5 from 6.0.1 to a 5.1.1 ftf...but when i begin to flash it stops ERROR - processing of loader.sin finished with errors....please someone can help me?
Click to expand...
Click to collapse
I did two things to try to fix this:
1: Use the previous version of flashtool (0.9.18.6) instead of the current one
2: Use the Software Repair function of Sony's Xperia Companion application
I don't know which of these helped (it might have been neither, actually) but in the end I was able to flash Lollipop 5.1.1 onto my Z5 and use iovyroot to back up the TA partition.

Hi, this is kind of off-topic but this is the best thread for this question I could find.
I was in a hurry to get rid of the bloated, horrible stock rom, and I did not back up my DRM keys. I did patch my current kernel with the DRM fix from another thread here at XDA. Now my question is:
What kind of functionality did I lose from this, except not being able to restore to stock and relocking bootloader?

klemen241 said:
Here is a stupid question, what now that i have don all steps? i still dont have cmw or root?
Click to expand...
Click to collapse
Hello, look at this video:
h**ps:.youtube.com/watch?v=dTlosea6SJE
But at first, i installed at my Z5 the latest Kernal v36 and then i installed the TWRP 2.8.7.0, but i think you can install the newest TWRP too.
At last you install the SuperSu with TWRP, than you have full root!

Creating FTF not possible
hej,
i have a problem creating the FTF as described in Part 2.5:
-i downloaded the latest version via xperifirm (E6653_Customized DE_1298-3675_32.2.A.0.253_R3C)
-i deleted the fwinfo.xml & all .TA files from the folder
-flashtool is hanging here now:
-05/016/2016 09:16:25 - INFO - Streaming from file : C:\Users\hek\Desktop\Sony Xperia Z5\E6653_Customized DE_1298-3675_32.2.A.0.253_R3C\boot\boot_delivery.xml
05/016/2016 09:16:25 - INFO - Adding rpm_S1_Boot_MSM8994_LA1_2_2_40_AID_1_KITAKAMI-TEST-HWID009400E1-SWID0A-OEM0-AID1-DEBUG00_S1-BOOT-TEST-B316-0001-MMC.sin to the bundle
05/016/2016 09:16:25 - INFO - Adding Sumire_S1BootConfig_MiscTA.ta to the bundle
-tried it with singapore customized and german customized (&not deleting the .TA-files & manually unselecting all TA files in flashtool)
what could be the issue here or is there another way to get the latest version on the phone after unlocking it?
or is it safe just to install the latest version as described here without deleting the .TA-files? (http://forum.xda-developers.com/xperia-z5/general/guide-sony-xperia-z5-unlock-root-tweaks-t3298224)
thanks for any input!
--
Part 2.5: Creating FTF
Open up Flashtool
1. Click on tools > bundles > Create
2. Select the firmware folder
3. Double click on the Device section and select your device
4. Type in the firmware build number(at the end of the folder name) as for branding type in the country and carrier from which you downloaded the firmware from.
5. Go to file explorer and delete 'fwinfo.xml' from the firmware folder
6. IMPORTANT DO NOT TRANSFER THE FILES WITH A .TA FILE EXTENSION IT WILL BRICK YOUR DEVICE with that disclaimer out of the way go back to flashtool, transfer all the files using the arrows (except those with a .ta file extension)
7. Click create, you should be able to sit back and relax while it does its thing

I used iovyroot and it created taxxxxxx.img that it has 2mb. I think so I read so time ago that taxxxxx.img had 500kb... Is it my ta wrong?? Or it's normal??
Thanks!
Enviado desde mi Z1 mediante Tapatalk

[Guide] How to root Z5C - the new, less painful way (using dirtycow exploit)

Why yet another guide? Why should you follow this guide?
This is more of a future reference for myself, but might be beneficial to some other people, hence why I decided to post it.
Thanks to the "dirty cow" exploit (CVE-2016-5195), we now have a more simple way of backing up the TA partition compared to existing guides, which all relied on another exploit that involved downgrading the firmware, thus making the whole process a bit more complicated.
Unfortunately, as you can probably tell, it's still not a painless ordeal, just "less" painful. But hey, at least you have a choice.
To keep this step-by-step walkthrough guide simple and straightforward, I am focusing on just the steps and skipping the explanations.
Let's get started!
Prerequisites
Important: Your phone must be vulnerable to the "dirty cow" exploit, any firmware version with security patch level 2016-12-01 or earlier should work, such as 32.2.A.5.11. Basically, any MM or LP firmware.
Currently there is no way of backing up the TA partition on Android 7.0 Nougat firmware, you will need to downgrade to MM or earlier firmware first.
Remember to backup all your data before you downgrade, since a downgrade is akin to a factory reset. Downgrade instructions:
Follow Step 0, skip Step 1 and 2
In Step 3, download a MM or LP version firmware. For the sake of simplicity, I suggest you download the one labeled Storefront.
Follow Step 4 and 5
Done, your phone is now downgraded, skip the remaining steps. Continue with the guide as usual from Step 1
Note: If the DRM keys are irrelevant to you (TA partition already backed up/restored/lost) and would just like to root, then you can root using this guide on all firmware versions including Android 7.0 Nougat without downgrading. In this case, you can skip Step 1 and Step 7. Depending on your situation, you can also skip other parts of this guide, such as Step 2 if your bootloader is already unlocked, or in Step 5 don't wipe anything (leave all boxes unchecked) to retain your apps and data for a firmware upgrade.
Computer setup with correct drivers and adb/fastboot connection ability.
Enable USB debugging on the phone:
Settings > About phone > Tap multiple times on Build number until Developer options is enabled
Settings > Developer options > USB debugging > Toggle ON
XperiFirm for downloading official Sony firmware directly from Sony's servers
Flashtool for flashing firmware
Battery preferably more than 80% remaining, loss of power while flashing can brick your phone
Step 0 - Backup your phone (optional)
Move all your data to your SD card using the native tool: Settings > Storage > Transfer data to SD card
Use Sony's Backup & restore app to make a backup: Settings > Backup & reset > Xperia Backup & restore > More > Manual backup > Select SD card > Select content to backup
Personally, I choose everything except apps, they can be re-downloaded from the Play Store at any time, plus they take a long time to backup and restore not to mention eats up free space
Step 1 - Backup the TA partition
Download this wonderful TA Backup tool, unzip to desired location
With the phone powered on, connect the USB cable to the computer, then plug the micro USB end to the phone
Open command prompt (Start > Run > cmd), navigate to the directory where you unzipped the TA Backup tool
Run the following command:
Code:
backupTA
The tool will run and if successful, you should see at the bottom the words "TA Successfully pulled to TA_E5823.img".
TA_E5823.img is the TA partition image file, actual filename will be longer and differ for everyone so to keep it simple we'll just refer to it as TA_E5823.img in this guide.
Please check that the file is 2,097,152 bytes. If not or file is missing, then the backup has failed.
If it fails, just run the tool again a few times, or try rebooting your phone then rerun the tool. If you just can't get it to work, seek help from the tool thread.
Step 2 - Unlock the boot loader
Visit Sony's website and follow the instructions carefully
Important: Pay attention to the warnings. No, really, unlocking the boot loader will wipe your DRM keys (hence the need to back them up in Step 1) and trigger a factory reset, erasing everything on your phone.
After you've successfully unlocked the boot loader, unplug your phone and leave it powered off
Step 3 - Download stock firmware
Run XperiFirm, locate the correct Xperia Z5 Compact version of your phone (E5803/E5823) and download the firmware of your choice.
General recommendation is to download the "Customized" version that's available for your country.
Step 4 - Create a FTF file from the firmware
Open Flashtool
Tools > Bundle > Create
Select source file > Locate the folder where you saved the firmware from XperiFirm in step 3 > You should see your device name appear automatically in Device and the folder list below populated
Branding > The same as Operator in XperiFirm, e.g. Customized AU
Version > The version you downloaded, e.g. 32.2.A.5.11
Hint: Both Branding and Version information is in the folder name
In folder list, select the first item, hold SHIFT and select the last item so that all items are highlighted, then click the "- >" button > The folder list should now be empty, and the Firmware content field populated
Click Create, if successful you will see "Bundle creation finished"
Note: The FTF file is saved to %userprofile%\.flashTool\firmwares by default
Step 5 - Flash the FTF file
Click the lightning symbol in Flashtool > Flashmode
Source folder should be pre-selected to the default location mentioned above and "Sony Xperia Z5 Compact" listed in Firmwares
Expand all the arrows and select the version number
Under Wipe/Sin check all options (APPS_LOG, DIAG, SSD, USERDATA), leave all other options unchecked
Click Flash, wait for an instruction prompt to pop up
Plug the USB cable to your computer if it isn't already plugged
Turn off your phone if it isn't powered off, hold the VOLUME DOWN button while connecting the micro USB end to your phone. Keep the VOL DOWN button held until the prompt disappears, which indicates that Flashtool has detected it and is correctly in flashmode.
Flashtool will begin flashing the firmware automatically. It can take a long time, 10~15 minutes is normal, wait until completed
Unplug your phone and do not power it on yet
Step 6 - Patch the kernel
Download this awesome rootkernel tool, unzip to desired location.
Extract the kernel image file kernel.sin from the FTF file using any file compression program such as 7zip, WinZip, WinRAR, etc.
Open Flashtool > Tools > Sin Editor > Sin file > Locate the kernel you just extracted > Click Extract data. You should now have a file named kernel.elf in the same folder
Copy kernel.elf to the rootkernel folder
Download the latest stable version of the SuperSU ZIP file and copy the entire ZIP file to the rootkernel folder. Do NOT unzip it!
Rename the SuperSU ZIP file name so that it starts with SuperSU (case sensitive) instead of UPDATE-SuperSU, e.g. SuperSU-v2.79-20161211114519.zip
Note: if you're patching Nougat firmware, you may want to use phh's superuser instead of SuperSU due to potential battery drain. See rootkernel thread for more info. If you use phh's superuser, you will need to install the apk from the Play store after Step 8.
(optional) Download the latest Xposed framework ZIP file and copy it to the rootkernel folder. Do NOT unzip it!
Note: this only works with rootkernel v5.0 or later, if you're using an earlier version of the rootkernel tool, skip this and skip Step 9
At time of this edit (2017/2/22), Xposed does not support Android 7.0 (Nougat), so if you're trying to patch a Nougat kernel, do not include xposed. You can check the official Xposed thread for latest announcements to see if it's supported
Open command prompt and navigate to the rootkernel directory
Enter the following command:
Code:
rootkernel kernel.elf boot.img
You will be prompted to make a series of choices, including whether you want to install SuperSU and Xposed. Type Y for all of them.
If you didn't see the prompt for SuperSU (required) or Xposed (optional), check the filename of the ZIP files. Remember they're case sensitive.
You should now have a boot.img file in the rootkernel folder, that is your rooted kernel
Step 7 - Flash the DRM keys (one-time procedure)
tobias.waldvogel (rootkernel developer) said:
Flashing this file with flashtool will write your device key to an alternative unit, from where the drmfix library will pick it up.
This is a one-time task. It will survive a complete reset of the phone or Android system upgrade.
Click to expand...
Click to collapse
Copy the TA backup file TA_E5823.img from Step 1 to the rootkernel folder, then enter the following command in command prompt:
Code:
flash_dk TA_E5823.img DK.ftf
This will create a DK.ftf file in the rootkernel folder
Open Flashtool > Click the lightning symbol > Flashmode > Source folder > Locate the rootkernel folder
"Sony Xperia Z5 Compact" should appear under Firmwares, expand the arrows until you see DeviceKey and 1.0. Select 1.0, click Flash and wait for an instruction prompt to pop up
Hold the VOLUME DOWN button while connecting the micro USB end to your phone. Keep the VOL DOWN button held until the prompt disappears, which indicates that Flashtool has detected it and is correctly in flashmode.
Wait until operation is completed, then unplug the cable from your phone. Do not power on yet
Step 8 - Flash the kernel
Hold the VOLUME UP button and plug in the micro USB cable. Wait until the LED indicator turns blue, then release the VOL UP button.
Enter the following command in command prompt to flash the rooted kernel:
Code:
fastboot flash boot boot.img
After completion, congratulations, you've successfully rooted your phone!
Now you can turn on your phone, the first boot will take a very long time to initialize, don't worry.
If you see the boot animation for more than 30 minutes, then it's time to worry. First try again from Step 6, and if you still can't complete boot, go up a step starting from Step 5. If that still fails, start over from Step 3.
Step 9 - Finish installation of Xposed (optional)
In Step 6, if you chose to include the Xposed ZIP file, which means you want to install Xposed, then there's one more step to complete the installation.
Download the unofficial Material Design Xposed Installer.
Currently, this is the only Xposed Installer that works with the systemless Xposed integration method used by the rootkernel tool. Using the official Xposed Installer will not work.
Go to Settings > Security > Unknown sources > Toggle ON
Copy the Xposed Installer apk to your phone and install it.
Done!
Personal list of xposed modules to install for self reference. This is in no way a recommendation list, your preferences will vary.
Amplify
Android Phone Vibrator
App Locale
BootManager
Disable Low Battery Notifications
DynamicAlarmIcon 2
HideBatteryLowAlert
Keep Trash (broken at the moment)
Lockscreen Album Art Remover
MinMinGuard
NeoPowerMenu
NoHeadsetNotification
Ringer and Notification Volume Unlink
RootCloak
Use USB for Marshmallow V 1.2
XperiaFMwoHS
Xposed Torch: Physical keys
Youtube AdAway
Bonus - How to unroot/fully restore DRM/return to 100% factory state

Thank you for taking the time to write this guide!

best guide for root, thanks!

Fantastic guide, Thank you very much for that!
I had trouble getting the latest version of flashtool (09231) to work (mac and PC). It froze when I was trying to create the new bundle.
After downloading the older version (09186) it worked without problems.
However, currently I am stuck at step 6, running cmd 'rootkernel kernel.elf boot.img':
I get the message:
Code:
Rootkernel V5.11
- Unpacking kernel
error: Android boot magic not found
Unknown boot image format
Aborting
UPDATE:
I found the reason for the img file creation failure.
I was not patient enough in copying the kernel.elf file over. While the flashtool says file with size X created it was still compiling and only a minute later or so finished writing the file. In other words, I copied over the 'unfinished' kernel.elf and that's what caused the issue.
Trying to boot now
Thanks again for this nice guide!
Cheers,
Malcolm

Hey Malcolm, did you manage to complete the process successfully?

good news
thanks for your help. very good tutorial, realy made easy to understand
successfully rooted my nougat z5c with this,
you the best thanks

brokich said:
Hey Malcolm, did you manage to complete the process successfully?
Click to expand...
Click to collapse
Hi Brokich,
Unfortunately not (yet).
After finishing step 7 my device is stuck at the bootloader
I've tried now several times re-flashing (steps 5-7) but unfortunately no luck yet...Will try to repeat the whole procedure over the next days again.

I am getting problem with flashing kernel :
FAILED (remote: Command not allowed) my bootloader status was unknown at first, then I got unlock code at sony website, then it said my bootloader is unlocked, followed your tutorial and now I not able to flash kernel..

Hello guys
On step 5 i get this error
5/031/2017 13:31:03 - INFO - Device connected in flash mode
05/031/2017 13:31:28 - INFO - Selected Bundle for Sony Xperia Z5 Compact(E5823). FW release : 1298-5497_32.2.A.5.11_R13C. Customization : Customized UK
05/031/2017 13:31:28 - INFO - Preparing files for flashing
05/033/2017 13:33:12 - INFO - Please connect your device into flashmode.
05/033/2017 13:33:13 - INFO - Opening device for R/W
05/033/2017 13:33:14 - INFO - Start Flashing
05/033/2017 13:33:14 - INFO - Processing loader.sin
05/033/2017 13:33:14 - INFO - Checking header
05/033/2017 13:33:14 - ERROR - Processing of loader.sin finished with errors.
05/033/2017 13:33:14 - INFO - Ending flash session
05/033/2017 13:33:14 - ERROR - null
05/033/2017 13:33:14 - ERROR - Error flashing. Aborted
05/033/2017 13:33:14 - INFO - Device connected in flash mode
Any idea why ?

notabene said:
I am getting problem with flashing kernel :
FAILED (remote: Command not allowed) my bootloader status was unknown at first, then I got unlock code at sony website, then it said my bootloader is unlocked, followed your tutorial and now I not able to flash kernel..
Click to expand...
Click to collapse
Did you backup your TA-partition before the bootloader status was unknown?

zegovernator said:
Did you backup your TA-partition before the bootloader status was unknown?
Click to expand...
Click to collapse
Yes, why?
---------- Post added at 01:13 PM ---------- Previous post was at 12:49 PM ----------
zegovernator said:
Did you backup your TA-partition before the bootloader status was unknown?
Click to expand...
Click to collapse
I was able to flash FTF file. But not the kernel.

notabene said:
yes.
Click to expand...
Click to collapse
Okay. It sounds like you wiped your TA partition. On which firmware did you backup your TA? Lollipop using Iovy.root or Marshmallow using this guide? I experienced the same problem once. I recovered my TA partition via Iovy.root. (because back then the only possibility was to downgrade to LP and then backup/restore TA).
Check if the service menue states:
[Bootloader unlock allowed:no] and [Remote Lock State: Locked]
If so, restore TA.

zegovernator said:
Okay. It sounds like you wiped your TA partition. On which firmware did you backup your TA? Lollipop using Iovy.root or Marshmallow using this guide? I experienced the same problem once. I recovered my TA partition via Iovy.root. (because back then the only possibility was to downgrade to LP and then backup/restore TA).
Check if the service menue states:
[Bootloader unlock allowed:no] and [Remote Lock State: Locked]
If so, restore TA.
Click to expand...
Click to collapse
This guide, latest firmware 32.2.A.5.11.
Currently my phone stucked at after boot in TM logo.
Trying to repair via PC Companion
Phone booted. Will check if bootloader is really unlocked.
Bootloader unlock allowed : yes
Remote Lock state : UnLockd
Checked DRM all OK

notabene said:
This guide, latest firmware 32.2.A.5.11.
Currently my phone stucked at after boot in TM logo.
Trying to repair via PC Companion
Phone booted. Will check if bootloader is really unlocked.
Click to expand...
Click to collapse
Flash a .tft from the MM version your backed up your TA image from. When flashing, ensure to tick everything under wipe except TA Misc.

Well finally was able to do all the steps, but phone wont boot. Stucked in Sony logo, led is yellow and then power off..

Yeah, same here.
Tried now multiple times but it always gets stuck at the xperia screen with orange/yellow LED
One thing that I noticed was "ERROR - root : this bundle is not valid" when I start to create the bundle. Straight after locating the custom firmware that I dowloaded with Xperifirm the message comes up in the log. Thought that this is not an issue though, or is it?
Cheers,
Malcolm

Need to use phone tomorrow, how can i revert to stock for a while since I cannot do it throught Xperia companion?
---------- Post added at 03:37 PM ---------- Previous post was at 03:26 PM ----------
Malcolm143 said:
Yeah, same here.
Tried now multiple times but it always gets stuck at the xperia screen with orange/yellow LED
One thing that I noticed was "ERROR - root : this bundle is not valid" when I start to create the bundle. Straight after locating the custom firmware that I dowloaded with Xperifirm the message comes up in the log. Thought that this is not an issue though, or is it?
Cheers,
Malcolm
Click to expand...
Click to collapse
Did you use customized firmware? I did not, i used Tmobile CZ
Now with bootloader unlocked even PC Companion doesnt work..
So the problem is after flashing custom kernel with rootkernel+DRM fix.
So after hours of trying from step 5 with different settings for kernel, I ended up with stock rom flashed via flashtool..
tried to flash back DRM keys from Dirty cow TA Backup, using this command flash_dk TA_E5823.img DK.ftf but when rebooted in service menu drm keys are still gone..
EDIT:
Seems like there is more users with same issue with Z5C and latest rootkernel
https://forum.xda-developers.com/xp...matic-repack-stock-kernel-dm-t3301605/page200

Hmm, I never ran into the stuck at boot problem, and I just successfully flashed a new phone on the same day I posted the guide. That said, I was using v5.0 of the rootkernel tool, not the latest v5.11. The rootkernel developer mentioned that there's battery drain problems with v5.11, so I decided to use the older v5.0 that helped me root two Z5C's several times in the past. Try patching the kernel again using v5.0 and see if that fixes it.
Note that v5.0 only supports up to firmware version 32.A.0.253 out of the box, you will need to make the following modification to support up to 32.2.A.5.11:
Download and unzip rootkernel v5.11 and v5.0.
Open folder \rootkernel_v5.11_Windows_Linux\Android\twrp_common_kmodules
Copy and overwrite all 7 sub-folders (folder names look like 3.10.49-perf-g83fc9bc etc.) to \rootkernel_v5.0_Windows_Linux\Android\twrp_common_kmodules
Then patch the kernel using v5.0 tool.

mhaha said:
Hmm, I never ran into the stuck at boot problem, and I just successfully flashed a new phone on the same day I posted the guide. That said, I was using v5.0 of the rootkernel tool, not the latest v5.11. The rootkernel developer mentioned that there's battery drain problems with v5.11, so I decided to use the older v5.0 that helped me root two Z5C's several times in the past. Try patching the kernel again using v5.0 and see if that fixes it.
Note that v5.0 only supports up to firmware version 32.A.0.253 out of the box, you will need to make the following modification to support up to 32.2.A.5.11:
Download and unzip rootkernel v5.11 and v5.0.
Open folder \rootkernel_v5.11_Windows_Linux\Android\twrp_common_kmodules
Copy and overwrite all 7 sub-folders (folder names look like 3.10.49-perf-g83fc9bc etc.) to \rootkernel_v5.0_Windows_Linux\Android\twrp_common_kmodules
Then patch the kernel using v5.0 tool.
Click to expand...
Click to collapse
Thanks, will try in the evening.

Just to know, if I'm upgrading from previous firmware version, do I have to do all steps or I can start from step 4 (flashing ftf file)?

Xperia x F5121 ( 34.0.A.1.264) Android 6.0.1 (Prototype)

Greetings.. I bought Xperia x F5121 ( 34.0.A.1.264) Android 6.0.1 (Prototype) online & found its prototype.Possible for me to root & flash custom rom.If theres a way,could anyone guide me .Thks in advance.I appreciate it.

My apologies admin.If i post wrong section pls delete it.

if the BOOTUNLOCK is allowed on your PROTOTYPE DEVICE then
short answer is : YES
dial *#*#7378423#*#* goto SERVICE INFO >> CONFIGURATIONS
HERE you will see alot of info, search for BOOTLOADER UNLOCK ALLOWED text and see what shows ,,, if NO then sorry! this device is locked by SONY and only they can unlock it
if BOOTLOADER UNLOCK ALLOWED has YES then MAGIC CAN BE DONE
IF YOU ARE NEW TO SONY WORLD then you must save XPERIA X DRM KEYS
since you are already on ANDROID 6 (YAY)
just enable USB DEBUGGING from DEVELOPER OPTIONS
and
download the UNIVERSAL (DIRTYCOW-BASED) TABACKUP SCRIPT ( DOWNLOAD FROM HERE ( REFERECE MASTER POST BY RAYMAN
uzip the script on desktop and RUN the .BAT file, it will ask permission on your mobile screen, ALLOW it and after few seconds, the SCRIPT will EXTRACT TA-xxx-xxxx-xxxx-date+timeStamp.IMG file (2mb in size) IN THE SAME FOLDER
you can run .bat mulitiple times! each time it will extact the same TA.img file with different file name , i ran it thrice
now you have your DRM KEYS FILE (SOME USERS SAYS ITS NOT NECESSARY BUT TRUST ME! IT IS! ) KEEP THIS TA.img file SAVED on cloud!
------------------------
UNLOCKING BOOTLOADER
SONY official handout unlocking keys for FREE at
https://developer.sony.com/develop/open-devices/get-started/unlock-bootloader/
follow the steps! select your device model from list, provide them your email, they will send you one time link , to generate BOOT UNLOCK KEY AGAINS YOUR "IMEI" NUMBER ( dial *#06# on your F5121 to obtain IMEI number) (its even given on configuration page, where you checked the bootulock status )
- flashtool (www.flashtool.net) can ALSO unlock xperia Bootloader! (install flashtool and then install drivers also ( c:\flashtool\drivers)
- clicking BLU while device is CONNECTED IN FASTBOOT MODE ( it will prompt you) and giving SONY's generated KEY will UNLOCK your F5121's bootloader! device will JERK, ANDROID BOT WILL APPEAR and ALL PARTITIONS (accpt system) will be FORMATED and you will loose all your data, accounts, details , DRM KEYS ... (make sure you take backup of your photos/videos/music)
--------------------------------------------------
NOW IF YOU WANA STAY ON 34.0.A1.264 and DONT wana UPGRADE to ANY OTHER BUILD came after this then
you need to do this
0. put magisk16.0.zip in sdcard (if you don't have sd card then UTG drive, flashdrive, etc)
1. unlock bootloader
2. flash TWRP (via fasboot
3. FLASH modified kernel ( the MASTER TOOL of SONY WORLD www.flashtool.net) (installing Xperia COMPANION + Google Minimal ADB & Fastboot.zip is M - U - S -T )
4. BOOT in to twrp, flash MAGISK16.0 from sdcard
and reboot device
the device will boot ROOTED 34.0.A.1.264
NOW IF YOU WANT TO UPGRADE TO NOUGAT FROM 34.0.A1.264 and ROOT IT THEN
-the recommended NOUGAT Stockrom version is 34.3.A.0.252 (releasedin dec2017)
1. download the .252 ftf file from xda post
https://forum.xda-developers.com/xperia-x/how-to/sonyx-f5121-downgrade-8-0-0-to-7-1-1-to-t3754986
2. flash it via flashtool / you need to see solid tutorial for that! please do research , flashing xperia is TRICKY
3. flash twrp
4. flash modified kernel
5 boot into twrp and flash MAGISK and REBOOT.
NOW IF YOU WANT TO UPGRADE TO OREO FROM 34.0.A1.264 and ROOT IT THEN
-for OREO the RECOMMENDED STOCKROM version is 34.4.A.2.97 (released in JULY2018)
1. you must download the latest stockrom
2. flash it
3 flash modified Kernel
4. boot in to twrp and
(a) flash the DRMFIX.zip
(b) Magisk16.0.zip
5. reboot
ALL KERNELS BY YEARS/BUILD WITH DRMFIX FILES ETC ARE GIVEN IN MY POST
https://forum.xda-developers.com/xperia-x/how-to/root-xperia-x-f5122-android-n-34-2-2-47-t3594502
PLEASE READ THOROUGHLY !
I have tested all these kernels my self since I have F5122 however if anything goes wrong please note that XDA or any member is NOT responsible
try it on your own risk

Thks again for the fast reply.I'm choosing upgrading to Oreo. I download Germany o2 DE ( 34.4.A.2.97 /R2E ) & i'm using the latest flashtool v0.9.25.0 .I'm stuck at fsc script shown ( Those data are not in the FSC script and will be skipped. RESET-NON-SECURE-ADB. Do u want to continue? )i click no & close it. I download the fsc script 34.4fsc from your site & overwrite paste it on C:\Users\USERNAME\.flashTool\devices\F51XX .Once done,i reopen the flashtool & flash.Same problems occurs.i even restart my pc..No success..

jingaro said:
Thks again for the fast reply.I'm choosing upgrading to Oreo. I download Germany o2 DE ( 34.4.A.2.97 /R2E ) & i'm using the latest flashtool v0.9.25.0 .I'm stuck at fsc script shown ( Those data are not in the FSC script and will be skipped. RESET-NON-SECURE-ADB. Do u want to continue? )i click no & close it. I download the fsc script 34.4fsc from your site & overwrite paste it on C:\Users\USERNAME\.flashTool\devices\F51XX .Once done,i reopen the flashtool & flash.Same problems occurs.i even restart my pc..No success..
Click to expand...
Click to collapse
click yes and proceed
what about drmkeys extraction part?
have you done that

[MuXCustoM][ROM]+[Kernel][Z3CTW][ SGP611][23.5.A.1.291][Magisk 20.4][TWRP]

Custom Rom Xperia Z3CTW SGP611 Build 23.5.A.1.291_1290-4947_R2D By Mux
if you have questions or need files just PM me on XDA and i will try to help where i can...
the reason i made this tut is because there is almost no roms for this device available...
(not Responsible for any damages to device or peripherals through the process since there is always a chance something happens **but i had my device in almost every state and with the tools mentioned u should be able to revive it ** )
Included in this ROM (for you to build)
- Passes Saftynet
- Rooted with Magisk 20.4 (magisk hide working)
- Custom Kernel For Booting System and TWRP (made with rootkernel_v4.51_Windows_Linux.zip)
- Sony Ric Disabled / Enabled Depends on Rootkernel Config
- Netflix working
- Kernel can be set to Permissive via Terminal command.
- TWRP 3.0.2 (from Rootkernel_4.5.1)
- Remoteplay only works with Ric enabled and magisk uninstalled (make 2 boot.img for swapping in twrp)(due to sony device)
Apps i sugest u dl on ur rooted device
- FX File explorer
- Terminal for Android
- Netflix
- Vanced Manager
- Busybox (if needed)
IMPORTANT!! This Tutorial Ignores TA Partition So if you want to save them google How to Backup TA for SGP611 Before Following this Tutorial (some functionality can be regained through DRM opt in RootKernel
A Tutorial to Reproduce (*Do not Worry the Harder You Try The easier it gets)
1. Install Drivers for Fastboot and ADB in Device Manager for your device
- Boot Device to Fastboot by pressing Vol+ while Pluging USB Cable to PC Blue led indicates Fastboot Mode
- Go to Device Manager and Install Driver for S1boot
- Verify Driver installed Correctly
2. Install Flashtool Xperifirm, Flashtool Emma from Sony, Xperia Companion, copy Platform-tools folder to C:
(if u need any files PM)
3. Unlock Your Bootloader following instruction on Sony Developer Website (not going in to Details) *read warning above
before this
4. Download FTF firmware file With Flashtool Xperifirm For Your Device in My Case SGP611_23.5.A.1.291_1290-4947_R2D
By selecting XF Button in Flashtool after Closing xperifirm Flashtool will convert the files and they will be stored to
%user%\.flashTool\firmwares
5. Extract Kernel.sin Using 7zip or winrar from SGP611_23.5.A.1.291_1290-4947_R2D.ftf for patching boot.img
6. Open Flashtool and go to Tools menu select Sin Editor search and select the Kernel.sin Previously Extracted and press Extract
Data this will Create Kernel.elf
7. Go to RootKernelv4.51 Folder and copy the Kernel.elf there open CMD in address bar to folder and enter the command
(rootkernel kernel.elf boot.img) Select the option u like by Pressing y I selected all Options because I don’t have TA Backup
this will create a file Boot.img which is your Custom Boot Image if you want Recovery make Shure to say y when asked about
TWRP
8. Open PRFcreator and select all options click on the … for ftf and load the SGP611_23.5.A.1.291_1290-4947_R2D.ftf file
downloaded in step 3 click on the … for SuperSU and select the Magisk_20.4.zip set all check marks and create Flashable Zip
Zip is found in PRFcreator folder (this is your stock firmware zip)
9. Copy all files listed into a folder on your Internal storage
- Flashable-prerooted-signed.zip (created with PRFcreator)
- Moded Boot.img (Created with Rootkernelv4.51)
- Disable_ric_file.zip (if not moded in Boot.img)
- Magisk_20.4.zip (for Flashing Magisk After Flashing Boot.img)
10. Boot Phone in to Fastboot mode, Run CMD in address bar of Platform-tools folder, and Flash twrp 2.8.7.0 (yes will be
updated after Flashing Boot.img) by entering this command in ( Fastboot flash boot twrp-2.8.7.0-scorpion_windy.img )(**this
flashed to boot because u dont have recovery befor flashing the moded boot.img and this will be changed back by flashing
the stock ftf downloaded**)
if successful Unplug and boot tab it should boot to Teamwin TWRP recovery
11. In TWRP go to WIPE, Advanced Wipe, (Wipe: Cache, Dalvik-Cache, and System,)
before Flashing the Firmware Files
12. On main screen TWRP go to INSTALL and Install files following order
- Flashable-prerooted-signed.zip
- Moded Boot.img (by selecting flash image button at the bottom in TWRP)
- Disable_ric_file.zip
- Magisk_20.4.zip
13. Reboot to System Buy yourself a beer and Enjoy

where are the files ?