Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[GUIDE] Back up DRM Keys & unlock/relock Bootloader (Noob proof)

OP zxz0O0

9th February 2014, 01:52 PM   |  #1  
zxz0O0's Avatar
OP Senior Member
Thanks Meter: 1,420
 
916 posts
Join Date:Joined: Apr 2011
Donate to Me
More
This is a step by step tutorial on how to back up your DRM keys (TA Partition, to revert to factory state in case of warranty issue) and unlock the bootloader. After unlocking the bootloader you will lose your DRM keys so it's good to make a backup of it (it's optional though). Basically no DRM keys means no warranty and unlocked bootloader means no warranty. Read also here for additional info: http://forum.xda-developers.com/show....php?t=2292598

Make sure to read the 'Questions' (bottom of the post) if you encounter any problems!

Rooting
First of all you need to have root access to backup your DRM keys.

Follow this thread to get root: http://forum.xda-developers.com/show....php?t=2784900


Old method:
Follow these steps, after that you will have an unbranded UK KitKat (4.4) firmware with root access (if you rather want JellyBean 4.3, check out 'Questions' down below). Thanks to Darkimmortal for the steps (I added some steps and made it easier to follow).

Take a backup of your phone because it will be wiped!

Video:

Video by @shem2409

  1. Contribute to this thread: http://forum.xda-developers.com/show...php?p=52011642
  2. Install Z1 Compact USB drivers ( http://developer.sonymobile.com/downloads/drivers/ )
    It's possible that Z1 Compact drivers are already installed, if you have installed Sony PC Companion.
  3. Install Flashtool ( http://www.flashtool.net/index.php )
  4. Install fastboot & flashmode drivers from Flashtool (go to the installation directory and open the folder drivers/) (note: if you have Windows 8.1 64bit you need to disable Driver Signature check: Link)
  5. Download SuperSU and put on your SD card (do not unzip) ( http://download.chainfire.eu/supersu )
    Note: There might be problems with large SD cards (32GB and bigger). You can also put the files on your internal storage: Follow steps 5-7 after step 11.
  6. Download latest Z1C-lockeddualrecovery(...)flashable.zip and put on your SD card (do not unzip) ( http://nut.xperia-files.com/ )
  7. Download z1c-44-uk.system.flashable.zip and put on your SD card (do not unzip) ( https://drive.google.com/file/d/0B8n...it?usp=sharing | mega mirror )
  8. Download SO-02F_14.1.H.1.281_docomo.ftf and put it in the installation directory of flashtool in the folder firmwares/ ( http://dl.weeaboo.com/Z1Compact/SO-0...281_docomo.ftf | share-online mirror | mega mirror )
  9. Open flashtool, select Flash => Flashmode and flash SO-02F_14.1.H.1.281_docomo.ftf (select Wipe [Check ALL] and Exclude [Check TA, BASEBAND, FOTA])
  10. Wait atleast 30 seconds then power off your phone, hold volume down and plug in your USB cable (your phone will boot in flashmode)
  11. After flashtool flashed the firmware successfully, remove the cable and power on the phone (will take some time) and go to Settings => 'About phone' and press 7 times on 'Android Build'. This will unlock the Developer options in Settings. Enable USB debugging under Developer options and check 'Unknown sources' under Security.
  12. Now flash C6903_14.1.G.534_ianford10_UK Unbranded_modified.ftf in flashmode (boot phone in flashmode again) (select Exclude [Uncheck ALL] and Wipe should be empty) ( https://drive.google.com/file/d/0B8n...it?usp=sharing | mediafire mirror | share-online mirror )
  13. Start your phone normally and plug in your USB cable (screen will be black, this is normal and it will stay like that until you finish step 16)
  14. Download and extract Z1C-lockeddualrecovery(...)installer.zip. Then run install.bat and select option 3 [Installation on unrooted ROM] ( http://nut.xperia-files.com/ )
    Note: This is actually a different file as the one you downloaded on step 6. You're supposed to run this one here on your computer.
  15. After the process is finished and you get a confirmation that your device is rooted, hold Volume Up and hold the power button. After the phone vibrated 3 times it will shut down. (This is force power off)
  16. Flash D5503_14.3.A.0.681_Generic_UK-nosystem.ftf in flashmode (boot phone in flashmode again) (select Wipe [Uncheck ALL] and Exclude [Uncheck ALL]) ( http://www.mediafire.com/download/g1...K-nosystem.ftf | mega mirror )
  17. Go to the Recovery Menu. To do that, power off your phone. Then power it on again. After the vibrate and the green LED turns on, hold Volume Up (LED will turn violet). PhilZ Touch recovery will open.
  18. Try to flash SuperSU zip. If it doesn't work, switch to TWRP recovery (Volume Down) and try there.
  19. Now format /system (located under Mounts & Storage) (Important: Do NOT reboot until advised so or you will have to start again)
  20. Do a factory reset in the Recovery Menu
  21. Install the following files in this order (Important) (see steps 5 - 7)
    1. z1c-44-uk.system.flashable.zip
    2. Z1C-lockeddualrecovery(...)flashable.zip
    3. UPDATE-SuperSU-v1.(...).zip
  22. Optional: Update to the latest firmware with this guide: http://forum.xda-developers.com/show....php?t=2688933
  23. Reboot your phone
  24. Congratulations, your phone is now rooted (bootloader still locked)

DRM keys Backup
Now since your phone is rooted you can proceed with backing up your DRM keys (TA partition). Follow these steps:
  1. Enable USB debugging on your phone (go to Settings => 'About phone' and press 7 times on 'Android Build'. This will unlock the Developer options in Settings. Enable USB debugging under Developer options and check 'Unknown sources' under Security.)
  2. Download Backup TA and start Backup-TA.bat ( http://forum.xda-developers.com/show....php?t=2292598 )
  3. Select Option 1 (Backup) to backup your TA partition
  4. After the process succeded your backup will be in the folder backup/ (Make a backup of the backup!)
  5. Congratulations, you have now a backup of your DRM keys. You can also use Backup TA to restore your TA partition. It is recommend to have the same firmware when restoring as you had when you backed it up (see here: http://forum.xda-developers.com/show...&postcount=299 )

Unlocking bootloader
Now if you have a backup of your DRM keys you are ready to unlock the bootloader. You need to have an unlocked bootloader to install Custom Roms, test builds, etc.

Make a backup because your SD card will be formatted!

Follow this guide to unlock the bootloader: http://forum.xda-developers.com/show....php?t=2440597
Yes, it also works for Z1 Compact, all the steps are the same. You can skip installing the drivers since you should already have them from the steps above.


Relock bootloader only
If you want to relock your bootloader (e.g. for downloading official sony updates in Sony Update Service) you can do so with flashtool. This only works if you already unlocked the bootloader with the official method.
Note: This does not restore the DRM keys. If you have a warranty issue you should restore your TA parition (which will relock your bootloader and restore DRM keys) with Backup TA.
  1. Open flashtool
  2. Click on the BLU icon
  3. Connect your phone in flashmode (hold volume down and plug in your USB cable)
  4. Flashtool will ask you about the device model, choose Sony XPERIA Z1 (if Z1 compact is not in the list)
  5. Flashtool will read your IMEI and your unlock code. Check if those are correct (compare unlock code with the one you received by email from Sony when you unlocked the bootloader)
  6. Flashtool will save the unlock code in its program folder under custom/mydevices.
  7. Click "Lock bootloader" (-> If you want to unlock it again, repeat the steps (it will automatically detect that your bootloader is locked))


Questions
  • How do I power off my phone if the screen is blank or the phone is not responding? (Force power off)
    Quote:

    • Hold Volume Up and then hold the power button. After the phone vibrated 3 times it will shut down.

  • My Antivirus detects flashtool as malware?
    Quote:

    • That's a false positive. flashtool is not malware.

  • How can I verify if my bootloader is locked/unlocked?
    Quote:

    • Type in phone *#*#7378423#*#* and go to Service Info => Configuration. If bootloader is unlocked it will say: "Bootloader unlocked: Yes". If it says something else like "Bootloader unlock allowed: Yes", it means the bootloader is locked.

  • I am currently on firmware x, can I still follow this guide?
    Quote:

    • Yes, it does not matter which firmware you come from.

  • How to remove recovery and root?
    Quote:

    • Simply flash an official firmware ftf in flashtool. Wipe userdata is not required, but recommend.


Questions from old guide:
  • Is my language still available after flashing this English firmware?
    Quote:

    • Yes, (almost) all languages should be available.

  • After flashing docomo firmware, my phone is not recognized anymore?
    Quote:

    • Boot the phone up normally and let Windows install the drivers (thanks AnDroiD178)

  • I don't like KitKat (4.4), what can I do to get on JellyBean (4.3) rooted?
    Quote:

  • My browser saved the ftf files as *.zip. Is it ok to just rename them to .ftf?
    Quote:

    • Yes, as long as the hashes are correct.

  • I finished the guide but I still have some leftovers of DoComo (apps, sheep sound)?
    Quote:

  • I don't want to flash the UK firmware, are there any other firmwares?
    Quote:

  • I can't access the flashable files in recovery, there are error messages in recovery "can't mount"?
  • Flashtool does not recognize the firmwares, even though I put it into the correct folder?
    Quote:

    • Make sure the files have the correct hashes:
    • SO-02F_14.1.H.1.281_docomo.ftf
      • SHA1: 365C185A3D5B8DA64B8B84ECBEE62DD882739E4A / MD5: 259221BCEEB54F3AD7F9721111E0EF1D
    • C6903_14.1.G.534_ianford10_UK Unbranded_modified.ftf
      • SHA1: 273A6A618BD7ACDAF4066F8AD66A5F925C88AC19 / MD5: CFE9703BC519894948BD5B9F05E0A1B9
    • D5503_14.3.A.0.681_Generic_UK-nosystem.ftf
      • SHA1: 5ADE48599414BE47A0A7DD1BCB37C0F5518F7CCB / MD5: 5D1BDD44DF531280984B60E810A87FFA
    • z1c-44-uk.system.flashable.zip
      • SHA1: FB594821FBEA030657CA5D048DE2593194F18DF8 / MD5: 148BDD3BEAEDE850CAF085ED82518FF9

  • Why is the rooting procedure so damn complicated?
    Quote:

    • If the bootloader is locked, the device can only be rooted with an exploit. But the exploit known working for the Z1 Compact does not work on current firmwares, so you first need to flash an old firmware to perform the exploit.

  • How do I install the Z1 Compact USB drivers? There is no exe file?
    Quote:

  • I can't install the Z1 Compact drivers because my phone doesn't boot?
    Quote:

    • There are 3 possible solutions
    • a) Flash Sony stock rom to make the phone boot
    • b) Install Z1 Compact from Flashtool (same as step 4, just search in the list for Z1C)
    • c) Skip installing drivers until step 11 and install it then

  • I can not install dualrecovery, Windows says it's unable to install MTP drivers?
    Quote:

    • Try changing the USB port on your computer.

  • I can not install dualrecovery, it says "Waiting for device to connect"?
    Quote:

    • Reboot your phone and try a few times again (thanks D_R_Z_87)
    • Check your device manager if everything is all right ( http://forum.xda-developers.com/show...2&postcount=51 ) (thanks marcolorenzo)
    • You might have forgot to check USB debugging as advised on step 11. (thanks Riyal)
    • You might have wiped the user partiton on step 12 because you check the wrong options (make sure to uncheck all under Wipe) (thanks Riyal)



Many thanks to:
  • Darkimmortal
  • RyokoN
  • [NUT]
  • DooMLoRD
  • All the great devs that made these tools
  • raph84
Last edited by zxz0O0; 24th June 2014 at 11:28 AM. Reason: Clean questions
The Following 94 Users Say Thank You to zxz0O0 For This Useful Post: [ View ]
9th February 2014, 02:32 PM   |  #2  
Senior Member
Thanks Meter: 44
 
321 posts
Join Date:Joined: Oct 2006
A short question, because for people like me, that never had a Sony device before, it's confusing.

If i unlock the boot-loader, the DRM keys are lost and some Sony integrated programs don't work anymore. That's clear.
But is it possible after bl unlock to restore the keys and have the boot loader unlocked ? Or will it relock immediately ?

Another another unclarified thing is the flash back and forth thing for rooting. This is done in the tuts with country/regions specific firmwares.
How do I know, what's the right fw for my device, if I want to restore to stock ? And where can I dl stock fw for my country/region ?
The Following User Says Thank You to scorpio16v For This Useful Post: [ View ]
9th February 2014, 02:48 PM   |  #3  
zxz0O0's Avatar
OP Senior Member
Thanks Meter: 1,420
 
916 posts
Join Date:Joined: Apr 2011
Donate to Me
More
Quote:
Originally Posted by scorpio16v

A short question, because for people like me, that never had a Sony device before, it's confusing.

If i unlock the boot-loader, the DRM keys are lost and some Sony integrated programs don't work anymore. That's clear.
But is it possible after bl unlock to restore the keys and have the boot loader unlocked ? Or will it relock immediately ?

Another another unclarified thing is the flash back and forth thing for rooting. This is done in the tuts with country/regions specific firmwares.
How do I know, what's the right fw for my device, if I want to restore to stock ? And where can I dl stock fw for my country/region ?

It's also my first sony phone and when doing this procedure yesterday I was very confused so I thought I'll make an easy guide
I don't know if it's possible to restore the keys after unlocking, I don't think so though. Afaik if you restore the TA partition (including the keys) it will also lock your bootloader again. The reason to back up the keys is that in case you have a problem and need to send your phone for repair (warranty) you can reset your phone back to factory state (Locked bootloader).

Yes the flashing procedure is confusing but it is required because the root exploit only works on that firmware. There is no problem in using the UK firmware. I don't know where to download stock firmwares though.

By the way can you elaborate what exactly is confusing? So I can try to make the guide better!
Last edited by zxz0O0; 9th February 2014 at 03:38 PM.
The Following User Says Thank You to zxz0O0 For This Useful Post: [ View ]
9th February 2014, 08:58 PM   |  #4  
Senior Member
Flag Stockholm
Thanks Meter: 207
 
797 posts
Join Date:Joined: Dec 2010
More
Quote:
Originally Posted by zxz0O0

It's also my first sony phone and when doing this procedure yesterday I was very confused so I thought I'll make an easy guide
I don't know if it's possible to restore the keys after unlocking, I don't think so though. Afaik if you restore the TA partition (including the keys) it will also lock your bootloader again. The reason to back up the keys is that in case you have a problem and need to send your phone for repair (warranty) you can reset your phone back to factory state (Locked bootloader).

Yes the flashing procedure is confusing but it is required because the root exploit only works on that firmware. There is no problem in using the UK firmware. I don't know where to download stock firmwares though.

By the way can you elaborate what exactly is confusing? So I can try to make the guide better!

there are a few other stock firmwares in z1c general section, it is not possible to restore drm keys after unlocking if not done before
The Following 2 Users Say Thank You to funiewski For This Useful Post: [ View ]
10th February 2014, 07:36 AM   |  #5  
Senior Member
Flag JÄRNA
Thanks Meter: 7
 
137 posts
Join Date:Joined: Apr 2009
Donate to Me
More
This ftf files are 3 big files, should both be downloaded? like 800-900 Mb x 3 . + the firmware. ? correct.
Last edited by xhizors; 10th February 2014 at 07:49 AM.
10th February 2014, 08:33 AM   |  #6  
zxz0O0's Avatar
OP Senior Member
Thanks Meter: 1,420
 
916 posts
Join Date:Joined: Apr 2011
Donate to Me
More
Quote:
Originally Posted by xhizors

This ftf files are 3 big files, should both be downloaded? like 800-900 Mb x 3 . + the firmware. ? correct.

Yes, correct. You need all of these files.
10th February 2014, 09:18 AM   |  #7  
Senior Member
Flag JÄRNA
Thanks Meter: 7
 
137 posts
Join Date:Joined: Apr 2009
Donate to Me
More
Quote:
Originally Posted by zxz0O0

Yes, correct. You need all of these files.

Okej,loaded then, just rename the zips to ftf i guess?
10th February 2014, 09:26 AM   |  #8  
zxz0O0's Avatar
OP Senior Member
Thanks Meter: 1,420
 
916 posts
Join Date:Joined: Apr 2011
Donate to Me
More
Quote:
Originally Posted by xhizors

Okej,loaded then, just rename the zips to ftf i guess?

No. The ftf files are for flashing with flashtool, while the zip are for flashing in the recovery. You don't have to rename anything (otherwise it would be stated in the guide).

Edit: If the files get saved as zip files by your browser you should rename them to ftf. Check if the hashes are correct.
Last edited by zxz0O0; 17th March 2014 at 05:21 PM.
10th February 2014, 09:58 AM   |  #9  
Junior Member
Thanks Meter: 3
 
5 posts
Join Date:Joined: Feb 2007
Hi zxz0O0,

Thanks for writing this up, even though it's essentially a rewrite of Darkimmortals tutorial.

Please be aware that this is not quite "Noob proof" yet!

As someone who hasn't flashed an Android phone since 2011, I ran into a few issues / concerns:

a) "Install fastboot & flashmode drivers from Flashtool"
Depending on the operating System (for me: Windows 8.1 x64), Driver Signature check needs to be disabled in order to do that.

b) Zips to SD-Card: It's worth pointing out that "put it on your SD Card" literarilly means "Copy the ZIP to the root of your SD Card". I wasn't sure (should I unzip it? What to do with it?)

c) It would make sense to add the flashing instructions before the "flash..." statement.
I was smart enough to read the full instructions, yet I can imagine some people to read "flash C6903 (...)"... okay. Click flash, continue reading: "select Wipe [Uncheck ALL]" oh no!

d) "Run Z1C-lockeddualrecovery(...)installer.zip's install.bat"
In order to do that, you need adb-tools (the bat would just throw "File not found" errors), possibly also extract the content of the ZIP to the ADB-Tools directory (that's what I did).

e) "Now format /system"
Afraid to do the wrong thing, I read this six times and checked Darkimmortals instructions "Factory reset and clear for rom installation" [this appeared a bit more clear]
The actual steps are called
1: "Wipe Data/Factory Reset"
2: "Clean to Install a New ROM"


Note that I stopped after "Congratulations, your phone is now rooted (bootloader still locked)"
I just wanted Root for some tools and am quite happy with the factory Rom (want to keep my DRM Keys and Warranty).

Thanks!
raph
The Following 3 Users Say Thank You to raph84 For This Useful Post: [ View ]
10th February 2014, 10:00 AM   |  #10  
Senior Member
Flag JÄRNA
Thanks Meter: 7
 
137 posts
Join Date:Joined: Apr 2009
Donate to Me
More
Quote:
Originally Posted by zxz0O0

No. The tft files are for flashing with flashtool, while the zip are for flashing in the recovery. You don't have to rename anything (otherwise it would be stated in the guide).

Hey.

I fixed it, but still have problem, after step 11. when i should start the phone, its all black, i cant se anything on screen.

I guess it should be black, next problem.

When installing the lockeddualrecovery it copies the files, and then step 2 back to promt. ?

Last edited by xhizors; 10th February 2014 at 11:56 AM.

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes