Tmobile US Sony Z1s Root Bounty ($670.00) CLOSED Root Achieved!!!
- Thread starter epsix
- Start date
gregbradley
Retired Forum Moderator
You will not get cm to boot without an unlocked boot loader or working kexec.
In the development section there is a dead thread where kexec was tried but never got working on a locked boot loader.
Sent from my C6903 using XDA Premium 4 mobile app
I got c11 to bootamation and then looping.
Many years ago when I had the xt720 they said we would not get it to boot well we did.
I must warn people don't try to do this you have good experience.
Sent from my C6916 using xda premium
I found the method to root and also have dual recovery ..
It works on 14.3 and 14.4. I have tested them both thoroughly and it works.
For 14.4 you will need a SDcard fix to enable sdcard writing.
kitkatt 4.4 disabled the ability of apps to write to your sd card. I couldnt even delete stuff on my sd card. (wth were they thinking idk )
SO ill run down the basic road map to get you going.
1)Root with zxz0O0 Tool You might have to run it twice if it hangs under cleaning up
Thing to do to before you install, to make root work:
USB debugging enabled
Settings => About phone => Click 7 times on Android Build to unlock developer options
goto security, check on Unknown sources enabled
make sure adb drivers are installed so you can properly use the phone on your pc to install the tool
How to use
Download the tool and extract it
Start your device and plug it to your computer
Run install.bat and follow the instructions on screen
Congratulations! You should now be rooted.
2)Install SuperSU from market or from an apk apk, reboot.
3)Install Recovery Z1 Locked Bootloader. Use option 1 to install the recovery. Reboot. It may reboot into recovery. If it does, look for the option to reboot again. Let phone sit for a minute to run its course. Reboot, but this time test your recovery. Make sure the phone is unplugged. Power it on, When you feel the phone vibrate 2 times while the Sony Logo is showing, press the volume up button for CWM or volume button down for TWRP.
3)Download and save the Deodex patch Mega and flash threw recovery. Reboot. It will take a couple to re-initiate due to de-odexing.
Thats it... Youre done. You now have a rooted phone with dual boot. And it works flawlessly on 14.3 or 14.4.. Keep in mind De-odex is NOT for 14.3 so skip that step if you want to root 14.3
As for the Sdcard fix. Use FX file exporer in the play store. Install the root add-on and then install the sd card fix for it as well. You will beable to use your sd card as usual...
As for a custom rom.. forget about it...
This phone is locked. You dont need a custom rom anyway..
The rooted method with recovery is super easy and you can customize your phone the way you want, backup and restore it.
If your phone ever needs to be fully factory restored or if you soft bricked it....
just use the FLASH TOOL to install the factory TFT
The 14.4 TFT is HERE
Make sure you know how to use the flash tool before you take that dive...
If you need that tutorial GO HERE
Last edited:
It's a check box in supersu settings. Something like root keeper or something. Not guaranteed mind you.
Is there anyway to obtain root for z1s after update to 4.4.4. Had root, it's update happen when I was sleeping, no more root...Tried this method again and it didn't work this time around.
Sent from my C6916 using XDA Free mobile app
DUDE!
OMG I just posted the tutorial which is located directly above your request!
root not working!!
after several attempts to root, I have done nothing but failed. for some reason, the program hangs at:
libzxploit.so created
doing the magic
creating vm (loljavasucks)
can anyone help me?
after several attempts to root, I have done nothing but failed. for some reason, the program hangs at:
libzxploit.so created
doing the magic
creating vm (loljavasucks)
can anyone help me?
also double check and make sure your build number is 14.4.B.0.37 ... people having trouble rooting on 14.4.B.0.56
i'm having the same 14.4.B.0.56 problems -- any solutions? my z1s just updated to this build number too like last week....is this a stumbling block at this point?
i cant even get easyroot tool to the cleaning up phase because it hangs at the same location as the above user stated. quite annoyed too i'm just a user and have no developer skills, was looking forward to root and apply the pen/pencil stylus app
Until someone comes up w/ a new root method, you can do what I did. Follow these instructions to flash the previous build, then re-root with Easy Root. Then disable/freeze Update Center so it doesn't try to re-apply the new OTA unless/until there's a workaround.
Figures! I wait until phone is out of warranty and I cant do a simple root. Thanks for the reply but I have no problem waiting for a new exploit if it ever comes. Thanks again.
Those 3 commands were executed successfully but after reboot, the root checker app still show it's not rooted.
I've tried more than 5 times but still the same.
and when I type this command: adb shell su -c "/system/xbin/kill_ric.sh"
It gives an error: "/system/bin/sh: su: not found "
Any way around this?
thanks
I've tried more than 5 times but still the same.
and when I type this command: adb shell su -c "/system/xbin/kill_ric.sh"
It gives an error: "/system/bin/sh: su: not found "
Any way around this?
thanks
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
36
What is dumb is comparing access to a root exploit, to life saving medical care.
Since money is no issue to you, put it where your mouth is.
Just because of your utterly ridiculous analogy, $250 VERIFIABLE donation to a Mary Bridge Children's hospital, 100% verification must be provided along with return shipping label. Device will be mailed to my office, I will root and remove write protection, reship in the original shipping material within 3 days. Use a reusable box, that is appropriate for this purpose.
https://waystohelp.multicare.org/donate-to-mary-bridge
Make it $1500 (yourself alone) and I will will match the donation out of my pocket.
*Edit I am out of state until next week, so this can not go down until then*35Geez no one can get root working? Full details are posted everywhere. Fine, here.
Dear Sony, :/ sorry for violating my self imposed embargo, someone else outed the vulnerability and build exploits (See z2 root) based on google patches before August. It was happening with or without beaups and I. Either google needs a longer embargo, or us carriers need to be faster to allow updates.
If bounty still exists, please send to jcase@cunninglogic.com, I will split with @beaups and then dispense my half to the charity of my choice. If it doesn't, I hope everyone got their money back.
donations can also be sent to jcase@cunninglogic.com, please note what they are for so i can split them with beaups
Code:adb push pwn /data/local/tmp/pwn adb shell chmod 755 /data/local/tmp/pwn adb shell /data/local/tmp/pwn
then wait until adb works agian, and then reboot
Someone else will have to setup a proper way to disable write to system, however running /system/xbin/kill_ric.sh will disable ric and allow you to write to system until reboot. Until a better approach is setup, i suggest using some on boot app to run it as root.
You will need supersu app from the market. Dont ask me for support if you didn't follow directions, dont ask me for support unless it throws errors.
Thank you ZKillA for transferring this thread to me.
I will bare the paypal deduction fees, as of right now the moneys that i recieved from the list is $520.00. And $150.00 are unaccounted
shook187 ask to be remove from the list.
Please when you send the money make sure you transfer as "GIFT"
Update!!!
_-..zKillA..-_ 20
epsix 20 payment recieved
TravieMcFly 20 payment received
Josh McGrath 30 payment received
Silenthillnight 20 payment received
sgyee 20. payment received
brokeasshachi 20
fatannasty 20 payment received
daveakowalski 40 payment received
xndabox 10
POMF2K 40
joedeveloper 20
murdermonkey9000 20
mugetsu666 10 payment received
randaddy 20 payment received
maddeath 10 payment received
holabola 5 payment received
Jdom58 20
StephenT 150.00 payment received
TrunkleBob 25 payment received via Google Wallet
Don_Perrignon 40 payment received
camdogrs 10 payment received
h20x 20 payment received
FranzDages 15 payment received
Generalgr147 25 payment received
marksee 20 payment received
Total = $670.00 USD
PS, Dev Z1s is 32gig internal storage, we just need root. :thumbup:
krabappel2548, trying to help us get root.
Any others devs want to join the party? :thumbup:
If you guys trust me, then just send the money through PayPal and mentioned your xda username. Then I'll counted up and once we have root I send one time transfer to the Dev, it's up to you12Ok, for those looking to exploit this device.
Disabling the ric process is not enough, you still won't be able to mount system.
A friend did some kernel source checking, /sys/kernel/security/sony_ric/enable is no longer an option without changing the cmdline option oemandroidboot.security to 0, which with the locked bootloader we can't do.
It is going to take a secondary exploit, or patching the kernel memory to be able to remount /system.
Root itself was trivial, I got root on @joedeveloper 's phone (using an exploit I wrote to root my Xperia Z and Tablet Z) and was able to dump some data last night. Writing su to /system however is going to be the sticking point.
If anyone wants specific data from a rooted device, such as the boot.img please let me know and I will post it.11Seems there hasn't been much progress on the topic at hand, and this thread keeps deteriorating to "omg Sony/T-mobile/locked boot loaders suck" and how the grass must be greener with other phones and other carriers.
I respect the sentiment, but I don't think it has any place in this thread.
- No one made anybody buy the Z1s... If you didn't know the bootloader was locked and there was no public root method available, you didn't spend 15 minutes on this forum and I hope this experience has been an existential one.
- Please stop telling people guilty of the previous point to buy an international Z1. There are plenty of reasons to want a phone from tmo: warranty, JUMP program, installment payments, wifi calling (huge feature to have when dependence on higher spectrum frequently leaves you wanting inside a building or in a basement). If people bought the Z1s without consideration for any of these I would be surprised, but again, that's someone not doing their homework and repeatedly discussing it doesn't get us any closer to root.
- Per jcase root is not only possible, but also works in practice. I'm sure we all for our selfish reasons hate him a little bit for holding the keys to the castle, but it is his hard work and his prerogative which must be respected; it should instead be seen in a positive light because WE KNOW THE POSSIBILITY EXISTS.
- There has to be a million other places to talk about the S5 and carrier security measures... Why are we discussing any other phones besides the Z1s and related devices which could be used as a resource in obtaining root on the Z1s.
Sorry for the rant, I haven't been very active here because I like to keep to myself unless I have something constructive and relevant to say. Jumping on this thread to catch up every couple days has become exhausting because every lapse in optimism is followed by 2 pages of people complaining.
jcase thanks for sticking around and providing people on topic with feedback for their ideas, it's probably the only constructive dialogue happening here at this point.
Thanks to everyone else trying to get root or at least throwing ideas out there. I'd love to see this thread stay on topic and have some of the personal frustration/disappointment/whining find another avenue for discourse.
Sent from my C6916 using Tapatalk
