Z2 Root Exploit

Search This thread

xsacha

Senior Member
Sep 18, 2008
327
230
Hey guys, this is a cross-post of sorts. I just got root execution on my stock Z2 Tablet and it appears that the same method should work for Z2 phone. I have a Z2 phone but just haven't tested it on that one yet.

Here is my Windows, Linux and Mac OSX script to grab the TA partition from Sony devices and deploy full root (superuser + reboot script):
https://mega.co.nz/#!jRB1FBJT!RKIi13TRj__mi7pKIGXP654CBJHi2gc0bIlYONcSfZQ [Update, v11]

Requirements:
1. Be on a firmware earlier than .402
Instructions:
1. Extract exploit.tar.gz and run ./root.sh (Linux) or root.bat (Windows)
2. Follow the instructions and your TA.img will be given and su will be deployed.

Features:
This disables SELinux, takes out sony_ric and then deploys su to /system/xbin/su
This works on ALL Sony Android mobile phones.
This can be run on any operating system.
Survives reboots [thanks to chargemon by DooMLoRD]
 
Last edited:

sfex3best

Senior Member
Jun 27, 2011
420
44
Awesome work if it is working. Unfortunately I'm on .402 :(

Sent from my D6503 using Tapatalk
 

in_finity

Member
Nov 23, 2012
43
11
Awesome if this in fact works on the Z2!

And who cares if it requires .69 and doesn't run under .402? The only reason I currently don't want to unlock my BL is the loss of my TA partition. So one could simply downgrade to .69, backup TA, upgrade to .402 again and unlock BL (and insert DRM keys again), right? :eek:
 
  • Like
Reactions: rajaraj

xsacha

Senior Member
Sep 18, 2008
327
230
Awesome if this in fact works on the Z2!

And who cares if it requires .69 and doesn't run under .402? The only reason I currently don't want to unlock my BL is the loss of my TA partition. So one could simply downgrade to .69, backup TA, upgrade to .402 again and unlock BL (and insert DRM keys again), right? :eek:

That's exactly what I did.



Technically it should work on 55 too but just not sure because I copy all the vendor libs from 69 tablet.

Someone could easily make a generic firmware that works on all phones with all firmwares but that's not my focus. I just wanted to get this out here and working for Sony because I'm surprised it isn't out already.
 

TheOnlyIntruder

Senior Member
Jan 13, 2009
218
76
34
Sony Xperia XZ1
Sony Xperia 1 II
That's exactly what I did.



Technically it should work on 55 too but just not sure because I copy all the vendor libs from 69 tablet.

Someone could easily make a generic firmware that works on all phones with all firmwares but that's not my focus. I just wanted to get this out here and working for Sony because I'm surprised it isn't out already.

I'll have a go with it on .55, I've been having some problems with .402 anyway so it gives me an excuse to roll back the update, now I just need to get my hands on a linux live disc. (should have one knocking about).
 

cchant

Senior Member
May 11, 2010
1,037
161
Awesome I hope this works. I'll have a try tomorrow

Sent from my D6503 using XDA Free mobile app
 

AndroPlus

Senior Member
Mar 13, 2013
1,898
4,155
Kyoto
androplus.org
Lenovo P11
Xiaomi Mix Fold 2
Which error did you get? Can you check output in logcat?

Here is the log:
View attachment log.zip

files are in /data/local/tmp but not executed.
aa.jpg
(don't mind su)
 
Last edited:

xsacha

Senior Member
Sep 18, 2008
327
230
I tested with D6503 17.1.A.2.69 Orange FR, and successfully crashed service menu,
but TA.img was not backuped.

My bootloader is already unlocked, but it should not affect backing up TA.

Here is the log:
View attachment 2795383

files are in /data/local/tmp but not executed.
View attachment 2795394
(don't mind su)

Awesome. Looks like everything worked right up to the last vdc which was run by the wrong user. Easy fix. Looks like this definitely works on z2 phone then.

Funnily enough I actually had it right in the first version I made and quickly changed it to run as system a few minutes later.

Try my original script instead: https://mega.co.nz/#!PFoGEBAR!ulKWKy407aYE1vi0F9eZtNVROdG7DbJfFkKLcuIjDko
 
Last edited:

chesterr

Senior Member
Nov 27, 2010
997
167
Galle
Awesome. Looks like everything worked right up to the last vdc which was run by the wrong user. Easy fix. Looks like this definitely works on z2 phone then.

Bro, Who are you? You just made my day. I was about to unlock my phone since there's no exploit.

Today is the best day of my life.
Finished the graduation Exam. Received Z2 Tab, Saw that this awesome being found an exploit. I am literally happy right now. :highfive:
 

xsacha

Senior Member
Sep 18, 2008
327
230
Bro, Who are you? You just made my day. I was about to unlock my phone since there's no exploit.

Today is the best day of my life.
Finished the graduation Exam. Received Z2 Tab, Saw that this awesome being found an exploit. I am literally happy right now. :highfive:

Great news. I'm just a happy z2 user that can't live without root. Made a root utility for my last tablet (Blackberry Playbook) too.

I might improve this script to have more checks in it. More logging.
 

juicejuice

Senior Member
Jul 15, 2007
212
60
Gold Coast
Awesome. Looks like everything worked right up to the last vdc which was run by the wrong user. Easy fix. Looks like this definitely works on z2 phone then.

Funnily enough I actually had it right in the first version I made and quickly changed it to run as system a few minutes later.

Try my original script instead: https://mega.co.nz/#!PFoGEBAR!ulKWKy407aYE1vi0F9eZtNVROdG7DbJfFkKLcuIjDko

I haven't had success yet (running exploit scripts under MacOSX 10.9).

First attempt (from exploit in first post): http://pastebin.com/jwTKWwPu
Second attempt (from exploit "original script"): http://pastebin.com/N7FXRAAw

I'm on a stock standard Telstra Z2 phone (17.1.A.2.55).
 

Top Liked Posts

  • There are no posts matching your filters.
  • 88
    Hey guys, this is a cross-post of sorts. I just got root execution on my stock Z2 Tablet and it appears that the same method should work for Z2 phone. I have a Z2 phone but just haven't tested it on that one yet.

    Here is my Windows, Linux and Mac OSX script to grab the TA partition from Sony devices and deploy full root (superuser + reboot script):
    https://mega.co.nz/#!jRB1FBJT!RKIi13TRj__mi7pKIGXP654CBJHi2gc0bIlYONcSfZQ [Update, v11]

    Requirements:
    1. Be on a firmware earlier than .402
    Instructions:
    1. Extract exploit.tar.gz and run ./root.sh (Linux) or root.bat (Windows)
    2. Follow the instructions and your TA.img will be given and su will be deployed.

    Features:
    This disables SELinux, takes out sony_ric and then deploys su to /system/xbin/su
    This works on ALL Sony Android mobile phones.
    This can be run on any operating system.
    Survives reboots [thanks to chargemon by DooMLoRD]
    41
    and its done!!! full root achieved! no more remount /system issues :)

    doing some final testing with @norti!
    38
    @xsacha

    great work!

    i am just cleaning up some of the code and making it more automated for a full root :)
    30
    Till the time I am figuring this out here is a windows port of the exploit...

    Download: exploitv4-TA_BACKUP-WINDOWS.7z


    its a bit cleaner... slightly more automated....

    just follow the instructions which come in the command prompt!

    it will automatically pull the TA.img too :)


    regards,

    DooMLoRD
    29
    and its done!!!


    tested on Xperia Z2 .69 & .55 firmwares!!!



    [FULL ROOT] Community Rootkit v01! (using ASEC vulnerability) [20140615]


    HUGE THANKS TO: xsacha, GranPC, DooMLoRD, norti, RyokoN, [NUT] & jcase


    file is now available for download!



    regards,

    DooMLoRD