• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[Guide] Rooting and unlocking bootloader (bonus) back up DRM

Search This thread

josephnero

Senior Member
Mar 23, 2011
2,174
720
Sanford NC
Hi Everyone.I see some members are new to Sony phones and some to unlocked boot loader.So here is a simple guide.
BTW I'm not the developer of any of these methods.that's why I won't post any links for downloads and will redirect you to original threads.
Do it at your own risk

So let's begin.You have either updated your Z5 to MM or still on LP.

.First step is to flash a kernel that can be rooted.If your Kernel is older than december then you are good to go.If not follow these steps.

1.Download the latest Flashtool
http://www.flashtool.net/downloads.php

2.Download 32.0.A.6.200 or any older build for your Z5.(pay attention to download the right firmware. for example you may have E6633 or E6653)

3.Flash it and power on your phone.

4.Download Iovyroot and use it to back up your DRM key.(don't forget to enable USB debugging)
http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597

5.Copy your DRM keys to a safe back up.(warning:never try to flash another handsets DRM key or you will hardbrick your phone)

6.Update back to MM.You can use Sony PC companion to update if you have Locked bootloader or simply download and flash your latest FTF file

7.Unlock your bootloader now.request keys from here.follow the guide
http://developer.sonymobile.com/unlockbootloader/start-unlocking-your-boot-loader/

8.Now to keep your DRM intact and have root and xposed this is the best choice.Download this tool and patch your kernel
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605

9.after patching your kernel with your own TA back up just power down your phone.press and hold volume up while plugging USB cable to PC to go to fastboot mode.

10.use this command to flash your new kernel

fastboot flash boot boot.img

11.Download latest SuperSu zip and copy it to your phone or memory card
http://www.supersuroot.com/download.html

12.restart your handset.Keep pressing volume up to go to TWRP recovery.Flash the superSU zip.Now you are rooted with locked bootloader

13.(optional)download and flash Xposed zip http://dl-xda.xposed.info/framework/sdk23/arm64/
 
Last edited:

josephnero

Senior Member
Mar 23, 2011
2,174
720
Sanford NC
Fix camera apps FC after updating xposed.

connect your phone to PC with usb.(USB debugging must be on).open ADB shell ans type SU
grant superuser permission to ADB then copy and paste this to ADB and press enter.that's it

/system/bin/dex2oat --runtime-arg -classpath --runtime-arg /system/framework/XposedBridge.jar --instruction-set=arm --instruction-set-features=smp,div,atomic_ldrd_strd --runtime-arg -Xnorelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=cortex-a53 --instruction-set-features=default --dex-file=/system/priv-app/CameraCommon/oat/arm/CameraCommon.odex --oat-file=/data/dalvik-cache/arm/[email protected]@[email protected]@classes.dex
 
Last edited:
  • Like
Reactions: Kaktusdeutschmann

Aklo01

Member
Mar 10, 2016
46
7
many many thanks josephnero.

I've experience with other devices but I find Xperia rooting quite confusing.

Any chance you can also post a brief tutorial on how to return full stock with locked bootloader after having rooted the device?
So we can use OTA updates again.

I suppose it should be:
1) full wipe
2) flash stock rom with flashtool
3) use Iovyroot tool to restore TA (this should automatically relock BL)

but not sure.
 

josephnero

Senior Member
Mar 23, 2011
2,174
720
Sanford NC

Attachments

  • _20160407_090418.JPG
    _20160407_090418.JPG
    130.1 KB · Views: 4,268
Last edited:

josephnero

Senior Member
Mar 23, 2011
2,174
720
Sanford NC
many many thanks josephnero.

I've experience with other devices but I find Xperia rooting quite confusing.

Any chance you can also post a brief tutorial on how to return full stock with locked bootloader after having rooted the device?
So we can use OTA updates again.

I suppose it should be:
1) full wipe
2) flash stock rom with flashtool
3) use Iovyroot tool to restore TA (this should automatically relock BL)

but not sure.
you mean to unroot and return to full stock?if so yes. make sure to flash the same firmware that you used to back up TA. you can also use The Ta back up tool to restore.no need to full wipe before flashing,you can use wipe option in flashtool
 
Last edited:

devilmaycry2020

Senior Member
Apr 27, 2013
1,377
245
Hi Everyone.I see some members are new to Sony phones and some to unlocked boot loader.So here is a simple guide.
BTW I'm not the developer of any of these methods.that's why I won't post any links for downloads and will redirect you to original threads.

So let's begin.You have either updated your Z5 to MM or still on LP.

.First step is to flash a kernel that can be rooted.If your Kernel is older than december then you are good to go.If not follow these steps.

1.Download the latest Flashtool
http://www.flashtool.net/downloads.php

2.Download 32.0.A.6.200 or any older build for your Z5.(pay attention to download the right firmware. for example you may have E6633 or E6653)

3.Flash it and power on your phone.

4.Download Iovyroot and use it to back up your DRM key.(don't forget to enable USB debugging)
http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597

5.Copy your DRM keys to a safe back up.(warning:never try to flash another handsets DRM key or you will hardbrick your phone)

6.Update back to MM.You can use Sony PC companion to update if you have Locked bootloader or simply download and flash your latest FTF file

7.Unlock your bootloader now.request keys from here.follow the guide
http://developer.sonymobile.com/unlockbootloader/start-unlocking-your-boot-loader/

8.Now to keep your DRM intact and have root and xposed plus locked bootloader this is the best choice.Download this tool and patch your kernel
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605

9.after patching your kernel with your own TA back up just power down your phone.press and hold volume up while plugging USB cable to PC to go to fastboot mode.

10.use this command to flash your new kernel

fastboot flash boot boot.img

11.Download latest SuperSu zip and copy it to your phone or memory card
http://www.supersuroot.com/download.html

12.restart your handset.Keep pressing volume up to go to TWRP recovery.Flash the superSU zip.Now you are rooted with locked bootloader

13.(optional)download and flash Xposed zip http://dl-xda.xposed.info/framework/sdk23/arm64/
In step 12. You got root with locked bootloader? I don't think so cause any modification in kernel required to have unlock bootloader if not phone got boot loop or won't boot at all
 
  • Like
Reactions: frostmore

josephnero

Senior Member
Mar 23, 2011
2,174
720
Sanford NC
In step 12. You got root with locked bootloader? I don't think so cause any modification in kernel required to have unlock bootloader if not phone got boot loop or won't boot at all
Remember this is not a custom kernel.It's your own stock kernel just RIC and Dm protection patched
After step 10 you have locked bootloader with a patched Kernel and recovery.no DM variety to stop root afterwards
 
Last edited:

Aklo01

Member
Mar 10, 2016
46
7
you mean to unroot and return to full stock?if so yes. make sure to flash the same firmware that you used to back up TA. you can also use The Ta back up tool to restore.no need to full wipe before flashing,you can use wipe option in flashtool


When I will be rooted I don't think I'll need to "flash the same firmware that I used to back up TA" to restore TA and go back to stock & unrooted.

There will be no need to use an exploit to restore TA.
It will be just a matter of :
dd if=TA.img of=....

and then flash lastest stock ROM.

am I wrong ?
 

jugglerpl

Senior Member
Nov 8, 2011
139
18
Warsaw
www.xperiasite.pl
This tutorial works and I used it some days ago.

But when you flash kernel with your Ta and Sony release update you must unlock bootloader and wiping system once again to flash new kernel. Update via ota is not recomended. Of course we can flash firmware without kernel in Flashtool, but when I tried mobile notify that new update from .185 to 185 is ready....


Wysłane z mojego E6653 przy użyciu Tapatalka
 

josephnero

Senior Member
Mar 23, 2011
2,174
720
Sanford NC
This tutorial works and I used it some days ago.

But when you flash kernel with your Ta and Sony release update you must unlock bootloader and wiping system once again to flash new kernel. Update via ota is not recomended. Of course we can flash firmware without kernel in Flashtool, but when I tried mobile notify that new update from .185 to 185 is ready....


Wysłane z mojego E6653 przy użyciu Tapatalka

Maybe We can extract and patch the kernel then flash it with flashtool?
 

josephnero

Senior Member
Mar 23, 2011
2,174
720
Sanford NC
If I made a Backup on my Unrooted Z5 MM. 163 with Xperia Backup in settings.

I downgrade. Root my Z5 etc. Update to.. 163 again.

Unlock Bootloader, then Root.
Can I restore that Backup?

Or might that not work?

Sent from my E6653 using XDA-Developers mobile app

I would strongly recommend to use another back up app.In my experience Sony back up failed many times
 
  • Like
Reactions: Duvel999

josephnero

Senior Member
Mar 23, 2011
2,174
720
Sanford NC
When I will be rooted I don't think I'll need to "flash the same firmware that I used to back up TA" to restore TA and go back to stock & unrooted.

There will be no need to use an exploit to restore TA.
It will be just a matter of :
dd if=TA.img of=....

and then flash lastest stock ROM.

am I wrong ?

Honestly I'm not sure but better safe than sorry
 

jackq

Senior Member
Mar 1, 2012
805
711
B-B
I currently have (had ;)) UB and root on .163 MM, today decided to update and LB follow this guide.
I download and flash .185 MM via flashtool (without wipes), in meanwhile I unpack kernel from stock .185 and patched it with my TAbackup.img After flash I disconnect usb cable, don't reboot system, pluged again in fastboot mode, open cmd window with adb, pushed patched with my TA backup stock .185 kernel and latest twrp, next i start device and don't let them start fully but first go to recovery, in twrp choose reboot recovery and after that flash latest root package. Then reboot system and everything works exellent.
Now if i think correctly I have latest MM with UB and stock kernel with my DRM and ofcourse root. :D
 
Last edited:
  • Like
Reactions: josephnero

josephnero

Senior Member
Mar 23, 2011
2,174
720
Sanford NC
I currently have (had ;)) UB and root on .163 MM, today decided to update and LB follow this guide.
I download and flash .185 MM via flashtool (without wipes), in meanwhile I unpack kernel from stock .185 and patched it with my TAbackup.img After flash I disconnect usb cable, don't reboot system, pluged again in fastboot mode, open cmd window with adb, pushed patched with my TA backup stock .185 kernel and latest twrp, next i start device and don't let them start fully but first go to recovery, in twrp choose reboot recovery and after that flash latest root package. Then reboot system and everything works exellent.
Now if i think correctly I have latest MM with LB and stock kernel with my DRM and ofcourse root. :D

So can we flash kernel from fastboot in current state?I don't think so because our BL is locked now.did you use patched kernel before update or did you have unlocked BL?
 

jackq

Senior Member
Mar 1, 2012
805
711
B-B
So can we flash kernel from fastboot in current state?I don't think so because our BL is locked now.did you use patched kernel before update or did you have unlocked BL?

Like i wrote, i had unlocked BL when i start.
I flash MM in flashtool
after that unplug device (dont start system) and flash patched kernel trought adb, flash twrp, and all steps mentioned...
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 27
    Hi Everyone.I see some members are new to Sony phones and some to unlocked boot loader.So here is a simple guide.
    BTW I'm not the developer of any of these methods.that's why I won't post any links for downloads and will redirect you to original threads.
    Do it at your own risk

    So let's begin.You have either updated your Z5 to MM or still on LP.

    .First step is to flash a kernel that can be rooted.If your Kernel is older than december then you are good to go.If not follow these steps.

    1.Download the latest Flashtool
    http://www.flashtool.net/downloads.php

    2.Download 32.0.A.6.200 or any older build for your Z5.(pay attention to download the right firmware. for example you may have E6633 or E6653)

    3.Flash it and power on your phone.

    4.Download Iovyroot and use it to back up your DRM key.(don't forget to enable USB debugging)
    http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597

    5.Copy your DRM keys to a safe back up.(warning:never try to flash another handsets DRM key or you will hardbrick your phone)

    6.Update back to MM.You can use Sony PC companion to update if you have Locked bootloader or simply download and flash your latest FTF file

    7.Unlock your bootloader now.request keys from here.follow the guide
    http://developer.sonymobile.com/unlockbootloader/start-unlocking-your-boot-loader/

    8.Now to keep your DRM intact and have root and xposed this is the best choice.Download this tool and patch your kernel
    http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605

    9.after patching your kernel with your own TA back up just power down your phone.press and hold volume up while plugging USB cable to PC to go to fastboot mode.

    10.use this command to flash your new kernel

    fastboot flash boot boot.img

    11.Download latest SuperSu zip and copy it to your phone or memory card
    http://www.supersuroot.com/download.html

    12.restart your handset.Keep pressing volume up to go to TWRP recovery.Flash the superSU zip.Now you are rooted with locked bootloader

    13.(optional)download and flash Xposed zip http://dl-xda.xposed.info/framework/sdk23/arm64/
    4
    12.restart your handset.Keep pressing volume up to go to TWRP recovery.Flash the superSU zip.Now you are rooted with locked bootloader

    please,you need to change your guide and header. you cannot have locked bootloader with root. a forummer here have already tried it with backup TA v9.11 (100% confirmation to lock bootloader) and his phone does not boot on modified stock kernel(dm-verity off and ric defeat).

    the only way to have root, is on unlocked bootloader with modified kernel. the security keys you got back is due to the work around by tobias and he has stated very clearly in his post:
    Long answer: The locked bootloader only boots unmodified kernel packages signed by Sony. The stock kernel only mounts unmodified /system partitions (dm-veritiy) -> No modification without unlocking
    So any change to the kernel (like this script) or system partition requires unlocked bootloader


    if you managed to backup for TA partition before then you can reactivate your original device key as follows:
    Code:

    flash_dk <TA backup> DK.ftf

    Flashing this file with flashtool will write your device key to an alternative unit, from where the drmfix library will pick it up.
    So its a false positive on an unlocked bootloader if you see everything is ok when you check your DRM keys

    this will stop the unnecessary confusion and also prevent the noobs from doing things that voids their warranty unknowingly.
    3
    you can check it by keying these codes in dailer *#*#7378423#*#* -> Service tests -> security

    once you tap security, the screen will show you all the keys are ok including marlin.

    if you are in stock kernel with locked bootloader,then for sure if all these statuses are ok,your TA partition is restored in locked bootloader.

    the author of rootkernel already stated that the status in locked bootloader shows ok is due to the workaround,literally,you are still on unlocked bootloader and its a false positive on the security keys.

    backup TA program restoration of TA partition locks bootloader,if you are on older sony devices without dm-verity, the device can still boot with locked bootloader,on newer devices,locking bootloader would mean you need a signed kernel by sony,any modification will mean your device cannot boot unless on stock unmodified...i.e no root,no modification to system partition..so unless you have accessto sony's signature....

    thanks for testing it out.saved me a few hours of testing on my device.
    thanks for confirming once more :)

    finally we can root, unroot, lock, unlock AND backup and restore TA. let the customising begin :)
    2
    For anyone having issues understanding the steps, you can follow the same guide from here, a bit more detailed. (it's for z5c but the tools and steps are exactly the same, of course don't get the wrong FW)

    http://twigstechtips.blogspot.hk/2016/04/sony-z5-compact-root-without-losing-ta.html?m=0

    Thanks OP, just did mine 2 days ago following both guides.
    2
    I've just tested it, and it seems that after restoring ta using the backup ta program, the phone will be unable to boot. But flashing a new stock rom will fix the issue and relock the bootloader. I'm not really sure how to check whether my TA partition is restored but my root was gone, xreality was working and my boot loader status says "Bootloader unlock allowed: yes"

    you can check it by keying these codes in dailer *#*#7378423#*#* -> Service tests -> security

    once you tap security, the screen will show you all the keys are ok including marlin.

    if you are in stock kernel with locked bootloader,then for sure if all these statuses are ok,your TA partition is restored in locked bootloader.

    the author of rootkernel already stated that the status in locked bootloader shows ok is due to the workaround,literally,you are still on unlocked bootloader and its a false positive on the security keys.

    backup TA program restoration of TA partition locks bootloader,if you are on older sony devices without dm-verity, the device can still boot with locked bootloader,on newer devices,locking bootloader would mean you need a signed kernel by sony,any modification will mean your device cannot boot unless on stock unmodified...i.e no root,no modification to system partition..so unless you have accessto sony's signature....

    thanks for testing it out.saved me a few hours of testing on my device.