[GUIDE] Getting Your Ultra Rooted And Ready For Flashing [UPDATED]

Search This thread

LordManhattan

Senior Member
Oct 20, 2007
15,039
5,495
Kepler-34b
GETTING YOUR ULTRA ROOTED AND
READY FOR FLASHING

This guide should in theory make your Ultra ready for flashing custom ROMs, and with that said...

...here comes the warning: Your warranty is now voided. I am not responsible for bricked
devices, or whatever you might end up with.


TABLE OF CONTENT

ROOT ALL THE THINGS
ROOTING .108
ROOTING .757
ROOTING .681
ROOTING .290/.136
ROOTING .532
ROOTING GPe
DOWNGRADING
BACKUP TA PARTITION
CHANGE CDA
UNLOCKING THE BOOTLOADER
INSTALLING RECOVERY AND TWRP
FLASHING A CUSTOM ROM
BACK TO STOCK
BOOTLOOP
MISSING IMEI
CREDITS






BACKUP YOUR TA PARTITION BEFORE YOU UNLOCK THE BOOTLOADER

IF YOU'RE NEW AROUND HERE AND YOU WANT TO ROOT .757, DOWNGRADE TO .532 AND ROOT, AND THEN BACKUP YOUR TA PARTITION. PROCEED TO UNLOCK YOUR BOOTLOADER, UPGRADE TO .757 AGAIN AND ROOT BY FOLLOWING THE SHORT GUIDE HERE.


ROOT ALL THE THINGS:


Thanks to @geohot, we're now able to root (almost) all the things, meaning there is now one tool for rooting. This tool doesn't touch the bootloader, so it also works on locked bootloaders. Be sure to backup your TA partition after you've rooted (in case you want to unlock the bootloader). You can find the tool here.

Note: This tool will not work on the GPe model.


ROOTING .108:

Go to this thread and follow the steps.

ROOTING .757:


Same procedure as with .681, so just go to this thread and follow the steps. Requires an unlocked bootloader.

ROOTING .681:


Rooting .681 (first KitKat build) is pretty straight forward and requires an unlocked bootloader.
After that, just flash the kernel and then SuperSU. You can download and follow the short guide here. The kernel includes Recovery.


ROOTING .290/.136:

.290
• Unlocked bootloader: Follow this thread.
• Locked bootloader: Follow this thread.
.136
• Unlocked bootloader: Follow this thread.

ROOTING .532:


• Use this tool to root

ROOTING GPe:

GPe OWNERS: DO NOT TRY TO FLASH FTFs OR OTHER "XPERIA" ROMs AND KERNELS.
YOU WILL BRICK YOUR DEVICE.

Go to this thread and follow the steps. Thanks to @blueether.

DOWNGRADING:

• Download and install Flashtool (if you're running Windows 8, follow this installation guide) (Jump down to "Part 2" of the guide)
If you're having issues with driver installation, install this one.
If you have issues, or simply have no clue how to install ADB and Fastboot, install and run this.

• Download NUT's 532 firmware from here
• Flash it by following this short guide


BACKUP TA PARTITION:


The TA partition holds all your unique DRM keys, and X-Reality won't work without it (except if you're on .681 or later).
Once you lose it, you can't get it back, so back it up and upload it to your Dropbox or something. So how do you backup your TA partition?

Download this tiny tool on your computer and run it.

Here's a video tutorial by @hamdogg


CHANGE CDA (OLD):

This step is no longer necessary.

Install a file explorer from the Play Store. I recommend Solid Explorer or ES File Explorer.
• Navigate to /system and open build.prop
• Change your CDA to: C6833_1275-8026 (there are three different places this has to be changed.
Just take your time and try to find something that resembles the CDA code above.
• Next you'll want to find "ro.somc.customerid" and change it to 436
Next you'll want to find "ro.semc.version.cust_revision" and change it to R11A
• Now reboot your device
The OTA update should arrive now. If it doesn't, go to "Update Center" (app) and manually refresh.
• Update to 257
• The root app (i'm not sure what app it installs) might be gone, so just install
SuperSU from the Play Store if it's not in your app drawer anymore. Update binaries and choose "Normal".


UNLOCKING THE BOOTLOADER:

This may wipe your phone, so backup your stuff

• Go to Sony's dev site
• Request the unlock key and check your mail straight away. Email is quick these days.
• Open Flashtool on your computer (yes, the one you installed earlier)
• Click the "BLU" icon
• Follow the steps and enter your unlock key

INSTALLING RECOVERY AND TWRP:

• Just run this tool on your computer.
• Boot into Recovery (POWER + VOL UP)and take a NAND backup ASAP.
It'll "save your life" (or time) when you're soft bricking your Ultra.


FLASHING A CUSTOM ROM:

• Find a ROM
• Move the ROM (and gapps if it is required) to a folder on your Ultra and remember where you put them
• You'll see that you'll need to flash a "boot.img" before you flash anything, so download this
• Now go to this thread and download QuickIMG and follow the short guide
• Flash the boot.img
• Now unplug from the computer and enter Recovery by pressing the Power button.
Once you see the green LED, push and hold VOL UP. If you fail, just press and hold POWER + VOL UP until you
notice some rapid vibrations. Now try again.
• Once you're in Recovery it's the usual stuff. Flash the ROM and gapps and wipe data/cache/dalvik etc.
• Reboot

BACK TO STOCK:

So you have to send your Ultra to a service center and you want to get it back to 100% stock.
Be sure to be on a STOCK kernel before restoring the TA partition or re-locking the bootloader.

• Restore your TA partition using the tool from the "Backup TA Partition" part of this guide.
• If your bootloader hasn't been locked by the TA tool, use Flashtool and press the BLU button and choose "Relock".
• You may not be able to boot now if you're on a custom ROM, so fire up Flashtool again and flash a stock ROM.

BLINKING RED LED:

So, you locked it while on a custom kernel, and all you get now is a blinking red LED above your screen.
Simply unlock the bootloader in Flashtool again, and it'll work again.
You should now be back on stock, un-rooted and with TA and bootloader in place. If you're back on stock,
but the bootloader is still unlocked, get back to 532, root, lock the bootloader, and then flash a FTF in Flashtool again.


BOOTLOOP:


You've ended in a bootloop and you have no idea what to do. A bootloop is when the boot animation is looping, and you're stuck.
We'll start out easy and go harder as we go down the list.


• [SAFE] Boot into Recovery and wipe cache and go to "Advanced" and wipe Dalvik. Reboot and see if it boots now.
• [SAFE] Boot into Recovery and re-flash the ROM and see if that does the job
• [WIPE] Boot into Recovery and wipe data (this will wipe everything) and reboot
• [WIPE] Boot into Recovery and flash a different ROM (wipe data after flash) and reboot
• [LAST RESORT] Fire up Flashtool and flash a stock FTF and get a new hobby

MISSING IMEI:

You downgraded from 290 or later, didn't you? Well, you'll have to update again or flash [NUT]'s .532 build.

CREDITS:


- @herogjan - The mighty discoverer of the OTA root method
- @krabappel2548 - The Belgian Don (guides, ROMs etc.)
- @RyokoN - ROOT Wizard
- @hamdogg - Bootloader help
- @
fastest83 - Achievement unlocked [1/168]
- @sfagundes - For the GPe root guide
- @hamdogg
- For helping people and for the video(s)
- [FONT=Arial [user=3534362]@blueether[/user] - For helping an incredible amount of people around here[/FONT]
 
Last edited:

abuihsan

Senior Member
Jul 16, 2012
200
51
Banten
............

DOWN THE ROAD:

"I want to go back! Back to stock!"

- Boot into Recovery and restore the NAND backup you made after you installed Recovery. If you didn't; "son, i am disappoint".

CREDITS:

- @herogjan - The mighty discoverer of the OTA root method
- @krabappel2548 - The Belgian Don (guides, ROMs etc.)
- @RyokoN - ROOT Wizard

- @LarryPage - Coffee

Maybe/sometime you will loose(?) the recovery after the backup restored. It happen to me at the latest back-to-stock from CM10.2.

I just need to get the recovery back with this:
http://xdaforums.com/showthread.php?t=2426739
 

LordManhattan

Senior Member
Oct 20, 2007
15,039
5,495
Kepler-34b

abuihsan

Senior Member
Jul 16, 2012
200
51
Banten
Shouldn't happen if your backup already has the right kernel with Recovery, but i've seen stranger things happen, so i'll add that if it happens, then just re-install Recovery. Thanks : )

Yes it strange as it only happen with my latest back-to-stock. my stock backup is with rooted .257 where as far as I know still don't have proper kernel+recovery like .526 or .532 has.
 

pTeronaut

Senior Member
May 28, 2012
711
217
Lafayette, IN
Nice guide, where was it last week? :p

Would it be possible for you to add a "So you need so send your ZU back to Sony" section covering restoring the TA partition and relocking the bootloader?
 

nathlynn22

Senior Member
Apr 8, 2013
2,103
242
Shouldn't happen if your backup already has the right kernel with Recovery, but i've seen stranger things happen, so i'll add that if it happens, then just re-install Recovery. Thanks :)







Maybe/sometime you will loose(?) the recovery after the backup restored. It happen to me at the latest back-to-stock from CM10.2.

I just need to get the recovery back with this:
http://xdaforums.com/showthread.php?t=2426739







Yes it strange as it only happen with my latest back-to-stock. my stock backup is with rooted .257 where as far as I know still don't have proper kernel+recovery like .526 or .532 has.

I have noticed when I restored my nand a couple times when I then try reboot it comes up about not installing stock recovery there's about 10 no's which if you click installs stock you need to click the one yes not install stock recovery....


Sent from my HTC One using Tapatalk
 

hamdogg

Senior Member
May 14, 2012
1,512
1,024
New Zealand
www.youtube.com
Sure, but I'm busy right now so that has to wait.

Sent from my C6833 using Tapatalk

requested sticky...

here is a video I made on how to backup TA partition. also discusses what to do to restore your TA partition..

youtube ID : 8TowVR7CNQQ

I'll do a more comprehensive video in 3 days I hope... but for the moment this should be fine.
feel free to shove that in the OP

PS... can't believe that I'm the only one thats said thanks so far... tick... tick... BOOM!
 
Last edited:

LordManhattan

Senior Member
Oct 20, 2007
15,039
5,495
Kepler-34b
Alright, i can add the "going back to stock" part, but i have never relocked the bootloader and restored the TA, so i'm not sure in what order we should do it. Relocking the bootloader is easy. Just use the TA backup tool and restore your backup, and it will lock the bootloader again. But, here's my question. This requires root, so we can't do it when we've flashed the stock firmware using Flashtool since we'll lose root. So i guess if a person is running CM, he'll have to restore TA and also lock the bootloader while on CM, but this will cause a soft brick, but then he can just flash the stock TFT in Flashtool?

Any ideas? I'm asking because i don't want to write something that's not 100% right.
 
  • Like
Reactions: kramnod

LordManhattan

Senior Member
Oct 20, 2007
15,039
5,495
Kepler-34b
requested sticky...

here is a video I made on how to backup TA partition. also discusses what to do to restore your TA partition..

youtube ID : 8TowVR7CNQQ

I'll do a more comprehensive video in 3 days I hope... but for the moment this should be fine.
feel free to shove that in the OP

PS... can't believe that I'm the only one thats said thanks so far... tick... tick... BOOM!
@hamdogg Added! And thank you :) Btw, do you have any ideas regarding my relocking of the bootloader? Check my post above this one.
 

abuihsan

Senior Member
Jul 16, 2012
200
51
Banten
Alright, i can add the "going back to stock" part, but i have never relocked the bootloader and restored the TA, so i'm not sure in what order we should do it. Relocking the bootloader is easy. Just use the TA backup tool and restore your backup, and it will lock the bootloader again. But, here's my question. This requires root, so we can't do it when we've flashed the stock firmware using Flashtool since we'll lose root. So i guess if a person is running CM, he'll have to restore TA and also lock the bootloader while on CM, but this will cause a soft brick, but then he can just flash the stock TFT in Flashtool?

Any ideas? I'm asking because i don't want to write something that's not 100% right.

I ever restored TA backup once but that was before I flash Cm at the first time.

When I back-to-stock by restoring nand, bootloader still unlocked.
I wondered if we have nandroid stock (with locked bootloader) , then we unlock, then we flash CM or other custom roms,
can we then just restore the nandroid stok (with locked boot loader) without any problem and we will have our TA partition back and relocked without restore the TA first?
 
Last edited:
  • Like
Reactions: LordManhattan

hamdogg

Senior Member
May 14, 2012
1,512
1,024
New Zealand
www.youtube.com
@hamdogg Added! And thank you :) Btw, do you have any ideas regarding my relocking of the bootloader? Check my post above this one.

When I sent mine in for repair I had to reroot first... But most people will be rooted.. so:

1)restored the TA partition,
2)locked the bootloader (checked after restoring the TA partition and it was still unlocked)
3)flashed a stock FTF.

Then it was completely stock.



Post this in the OP for locking bootloader

____________________________________________________________________________________________

Download the latest flashtool from:
http://ul.to/3kjpyj70 [v0.9.13.0]

Before you relock the bootloader you have to be on a stock kernel or else the device WILL NOT BOOT.
-We recommend that you will need to return to a Sony STOCK FTF if you are currently on a custom ROM-



Steps:
1) Download Flashtool. Start Flashtool and click on BLU button
2) You will be asked to connect device in flashmode
3) Once you connect the device, you'll be prompted to "Relock"
4) Click on it, and when prompted, disconnect your Ultra
 
Last edited:
  • Like
Reactions: LordManhattan

hamdogg

Senior Member
May 14, 2012
1,512
1,024
New Zealand
www.youtube.com
Thanks, I'll add it to the guide in a couple of minutes :)

Sent from my C6833 using Tapatalk

there is a new flashtool driver version too. It probably wont matter... but you could add it into the FAQ section or something. For those having issues with flashtool...

v1.1 drivers for flashtool and xperia 2013 devices.

http://d-h.st/Wyk
 
  • Like
Reactions: LordManhattan

LordManhattan

Senior Member
Oct 20, 2007
15,039
5,495
Kepler-34b
Thank you very much! I've added it under downgrading, and I also added the ADB and Fastboot Windows installer for people that have trouble installing those manually.

Sent from my C6833 using Tapatalk
 

Reb0rn

Senior Member
Sep 19, 2007
2,251
993
Ulricehamn
Oh me gawd. Information overload :D

WoW. Very Read. Total Information. Much Thanks. WoW.

da9ysehu.jpg


Srsly thou. Great job :)

Sent from my Xperia Z Ultra using Tapatalk 4
 
  • Like
Reactions: LordManhattan

ChillyChan

Senior Member
Mar 15, 2011
396
199
- You'll see that you'll need to flash a "boot.img" before you flash anything, so download this
- Now go to this thread and download QuickIMG and follow the short guide
- Flash the boot.img

I didn't need to do that. I was on stock Sony build 257 and had never flashed AOSP before. All I did was root the phone, update OTA, install recovery and just flash a ROM. Looks like Sony's official unlock is unlike HTC dev unlock and doesn't need a PC (fastboot) to flash ROMs.
 
Last edited:

LordManhattan

Senior Member
Oct 20, 2007
15,039
5,495
Kepler-34b
I didn't need to do that. I was on stock Sony build 257 and had never flashed AOSP before. All I did was root the phone, update OTA, install recovery and just flash a ROM. Looks like Sony's official unlock is unlike HTC and doesn't need a PC (fastboot) to flash ROMs.

Yeah, it seems like it's a hit or miss with the whole boot.img. First time i tried to flash Omni (coming from 257) it wouldn't flash if i didn't flash the boot.img first, but it worked just fine after flashing it, so it seems like people have different experiences and outcomes with the whole ROM flashing, and that's why i just included it so the people that uses this guide gets to the finish line. It's a "fail safe" way of doing it.
 
  • Like
Reactions: ChillyChan

ChillyChan

Senior Member
Mar 15, 2011
396
199
Yeah, it seems like it's a hit or miss with the whole boot.img. First time i tried to flash Omni (coming from 257) it wouldn't flash if i didn't flash the boot.img first, but it worked just fine after flashing it, so it seems like people have different experiences and outcomes with the whole ROM flashing, and that's why i just included it so the people that uses this guide gets to the finish line. It's a "fail safe" way of doing it.

True that. It appears (as someone mentioned) there's a problem with Omni's install script. Other ROMs flash fine from stock without the need for fastboot.
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 63
    GETTING YOUR ULTRA ROOTED AND
    READY FOR FLASHING

    This guide should in theory make your Ultra ready for flashing custom ROMs, and with that said...

    ...here comes the warning: Your warranty is now voided. I am not responsible for bricked
    devices, or whatever you might end up with.


    TABLE OF CONTENT

    ROOT ALL THE THINGS
    ROOTING .108
    ROOTING .757
    ROOTING .681
    ROOTING .290/.136
    ROOTING .532
    ROOTING GPe
    DOWNGRADING
    BACKUP TA PARTITION
    CHANGE CDA
    UNLOCKING THE BOOTLOADER
    INSTALLING RECOVERY AND TWRP
    FLASHING A CUSTOM ROM
    BACK TO STOCK
    BOOTLOOP
    MISSING IMEI
    CREDITS






    BACKUP YOUR TA PARTITION BEFORE YOU UNLOCK THE BOOTLOADER

    IF YOU'RE NEW AROUND HERE AND YOU WANT TO ROOT .757, DOWNGRADE TO .532 AND ROOT, AND THEN BACKUP YOUR TA PARTITION. PROCEED TO UNLOCK YOUR BOOTLOADER, UPGRADE TO .757 AGAIN AND ROOT BY FOLLOWING THE SHORT GUIDE HERE.


    ROOT ALL THE THINGS:


    Thanks to @geohot, we're now able to root (almost) all the things, meaning there is now one tool for rooting. This tool doesn't touch the bootloader, so it also works on locked bootloaders. Be sure to backup your TA partition after you've rooted (in case you want to unlock the bootloader). You can find the tool here.

    Note: This tool will not work on the GPe model.


    ROOTING .108:

    Go to this thread and follow the steps.

    ROOTING .757:


    Same procedure as with .681, so just go to this thread and follow the steps. Requires an unlocked bootloader.

    ROOTING .681:


    Rooting .681 (first KitKat build) is pretty straight forward and requires an unlocked bootloader.
    After that, just flash the kernel and then SuperSU. You can download and follow the short guide here. The kernel includes Recovery.


    ROOTING .290/.136:

    .290
    • Unlocked bootloader: Follow this thread.
    • Locked bootloader: Follow this thread.
    .136
    • Unlocked bootloader: Follow this thread.

    ROOTING .532:


    • Use this tool to root

    ROOTING GPe:

    GPe OWNERS: DO NOT TRY TO FLASH FTFs OR OTHER "XPERIA" ROMs AND KERNELS.
    YOU WILL BRICK YOUR DEVICE.

    Go to this thread and follow the steps. Thanks to @blueether.

    DOWNGRADING:

    • Download and install Flashtool (if you're running Windows 8, follow this installation guide) (Jump down to "Part 2" of the guide)
    If you're having issues with driver installation, install this one.
    If you have issues, or simply have no clue how to install ADB and Fastboot, install and run this.

    • Download NUT's 532 firmware from here
    • Flash it by following this short guide


    BACKUP TA PARTITION:


    The TA partition holds all your unique DRM keys, and X-Reality won't work without it (except if you're on .681 or later).
    Once you lose it, you can't get it back, so back it up and upload it to your Dropbox or something. So how do you backup your TA partition?

    Download this tiny tool on your computer and run it.

    Here's a video tutorial by @hamdogg


    CHANGE CDA (OLD):

    This step is no longer necessary.

    Install a file explorer from the Play Store. I recommend Solid Explorer or ES File Explorer.
    • Navigate to /system and open build.prop
    • Change your CDA to: C6833_1275-8026 (there are three different places this has to be changed.
    Just take your time and try to find something that resembles the CDA code above.
    • Next you'll want to find "ro.somc.customerid" and change it to 436
    Next you'll want to find "ro.semc.version.cust_revision" and change it to R11A
    • Now reboot your device
    The OTA update should arrive now. If it doesn't, go to "Update Center" (app) and manually refresh.
    • Update to 257
    • The root app (i'm not sure what app it installs) might be gone, so just install
    SuperSU from the Play Store if it's not in your app drawer anymore. Update binaries and choose "Normal".


    UNLOCKING THE BOOTLOADER:

    This may wipe your phone, so backup your stuff

    • Go to Sony's dev site
    • Request the unlock key and check your mail straight away. Email is quick these days.
    • Open Flashtool on your computer (yes, the one you installed earlier)
    • Click the "BLU" icon
    • Follow the steps and enter your unlock key

    INSTALLING RECOVERY AND TWRP:

    • Just run this tool on your computer.
    • Boot into Recovery (POWER + VOL UP)and take a NAND backup ASAP.
    It'll "save your life" (or time) when you're soft bricking your Ultra.


    FLASHING A CUSTOM ROM:

    • Find a ROM
    • Move the ROM (and gapps if it is required) to a folder on your Ultra and remember where you put them
    • You'll see that you'll need to flash a "boot.img" before you flash anything, so download this
    • Now go to this thread and download QuickIMG and follow the short guide
    • Flash the boot.img
    • Now unplug from the computer and enter Recovery by pressing the Power button.
    Once you see the green LED, push and hold VOL UP. If you fail, just press and hold POWER + VOL UP until you
    notice some rapid vibrations. Now try again.
    • Once you're in Recovery it's the usual stuff. Flash the ROM and gapps and wipe data/cache/dalvik etc.
    • Reboot

    BACK TO STOCK:

    So you have to send your Ultra to a service center and you want to get it back to 100% stock.
    Be sure to be on a STOCK kernel before restoring the TA partition or re-locking the bootloader.

    • Restore your TA partition using the tool from the "Backup TA Partition" part of this guide.
    • If your bootloader hasn't been locked by the TA tool, use Flashtool and press the BLU button and choose "Relock".
    • You may not be able to boot now if you're on a custom ROM, so fire up Flashtool again and flash a stock ROM.

    BLINKING RED LED:

    So, you locked it while on a custom kernel, and all you get now is a blinking red LED above your screen.
    Simply unlock the bootloader in Flashtool again, and it'll work again.
    You should now be back on stock, un-rooted and with TA and bootloader in place. If you're back on stock,
    but the bootloader is still unlocked, get back to 532, root, lock the bootloader, and then flash a FTF in Flashtool again.


    BOOTLOOP:


    You've ended in a bootloop and you have no idea what to do. A bootloop is when the boot animation is looping, and you're stuck.
    We'll start out easy and go harder as we go down the list.


    • [SAFE] Boot into Recovery and wipe cache and go to "Advanced" and wipe Dalvik. Reboot and see if it boots now.
    • [SAFE] Boot into Recovery and re-flash the ROM and see if that does the job
    • [WIPE] Boot into Recovery and wipe data (this will wipe everything) and reboot
    • [WIPE] Boot into Recovery and flash a different ROM (wipe data after flash) and reboot
    • [LAST RESORT] Fire up Flashtool and flash a stock FTF and get a new hobby

    MISSING IMEI:

    You downgraded from 290 or later, didn't you? Well, you'll have to update again or flash [NUT]'s .532 build.

    CREDITS:


    - @herogjan - The mighty discoverer of the OTA root method
    - @krabappel2548 - The Belgian Don (guides, ROMs etc.)
    - @RyokoN - ROOT Wizard
    - @hamdogg - Bootloader help
    - @
    fastest83 - Achievement unlocked [1/168]
    - @sfagundes - For the GPe root guide
    - @hamdogg
    - For helping people and for the video(s)
    - [FONT=Arial [user=3534362]@blueether[/user] - For helping an incredible amount of people around here[/FONT]
    4
    Maybe/sometime you will loose(?) the recovery after the backup restored. It happen to me at the latest back-to-stock from CM10.2.

    I just need to get the recovery back with this:
    http://xdaforums.com/showthread.php?t=2426739

    Shouldn't happen if your backup already has the right kernel with Recovery, but i've seen stranger things happen, so i'll add that if it happens, then just re-install Recovery. Thanks :)
    3
    ............

    DOWN THE ROAD:

    "I want to go back! Back to stock!"

    - Boot into Recovery and restore the NAND backup you made after you installed Recovery. If you didn't; "son, i am disappoint".

    CREDITS:

    - @herogjan - The mighty discoverer of the OTA root method
    - @krabappel2548 - The Belgian Don (guides, ROMs etc.)
    - @RyokoN - ROOT Wizard

    - @LarryPage - Coffee

    Maybe/sometime you will loose(?) the recovery after the backup restored. It happen to me at the latest back-to-stock from CM10.2.

    I just need to get the recovery back with this:
    http://xdaforums.com/showthread.php?t=2426739
    3
    Well **** me, i'm never trying that again. Do you know how to extract an .IMG file that's not an archive? Neither do i. Seriously, **** that ****. I've tried half a dozen tools, but non of them are capable of unpacking satans best joke yet, the TA file. You got a system.img? Oh, that's okay. TA.img? **** you.

    right tool for the right job...

    Linux and hexedit will pull stuff out

    It looks like there are still keys in there, whether they are the original one or not will need more digging (and my TA backups are not on this PC)

    Some interesting things in the .img:
    C6833
    EURO-LTE_14.3.A.0.757 - Current firmware
    1271-5715_14.3.A.0.681 - Last firmware?
    <.D.E.V.C.E.R.T. .v.e.r.s.i.o.n.=.".1...0.".>.<.C.E.R.T.I.F.I.C.A.T.E. .t.y.p.e.=.".D.E.V.I.C.E.".>.<.D.A.T.A.>.<.U.N.I.Q.U.E.I.D. .p.r.i.v.a.t.e.=.".1.".> [what looks like a key here]
    Certs for w3, lots of marlin TMO urls, octopus DRM urls and what look like keys, X509 certs,
    urn:marlin:drmservices
    a 'keytable' that is all 0's for a few bytes at the start
    GPS time-server stuff


    And it looks to have a backup of it's self within the TA
    3
    Guys just got my Xperia Z Ultra again, this time with the white one.. Looks really good.

    Anyways, kinda mastered the steps before when I still had the black one, but after going though 2 cellphones after. I'm kinda lost again.. Hehe

    Need help, I already updated mine to. 757 but don't mind downgrading..

    Can someone have steps so that I'll be able to back up my TA and have an unlocked boot loader and root access.

    Thanks.

    1. Downgrade to 532
    2. Root using Bin4ry's tool
    3. Backup Ta
    4. Unlock bootloader
    5. Update to 757 again
    6. Root by flashing Jackie's 757 kernel and flash SuperSU

    Once you have an unlocked bootloader you can start at step 6 the next time :p An unlocked bootloader solves everything, lol.