Pictorial Guide: E58xx Android 7.1.2+ [Root + Recovery + Magisk + DRM + SafetyNet]

Search This thread

NeoBeum

Senior Member
Feb 25, 2017
223
81
0
E5803/E5823
Android Nougat 7.1.2+ Bootable Recovery

(TWRP) Android Bootable Recovery v3.1.1-0

NB:14OCT17 - I will be rebuilding the base Recovery Image, as it was using a mix of 7.1.2 for Omnirom and TWRP, and 7.1.1 r17, while I'm still technically ahead of the Sony AOSP, they are now using 7.1.1 r55
13 OCTOBER 2017
Step 1 - Get correct files
Step 2 - Read & know to use exact same process, without going back to Lollipop to relock the bootloader.
Step 3 - Flash correct recovery to recovery partition 'fastboot flash recovery CRC#######v-###.img'
A OR B, NOT BOTH
Step 4a - Rootkernel the 324A0160Kernel Elf and patch it for DM Verity & Sony RIC Disable, and 'Fastboot flash boot 324A0160KernelElf.img'
Step 4b - Rootkernel the 324A154 Kernel Elf and patch it for DM Verity & Sony RIC Disable, and 'Fastboot flash boot 324A154KernelElf.img'

Step 5 - Install Magisk v14 via TWRP Recovery.
Done.
nMRF8pUl.png
PKJhVOyl.png
zIwSJdvl.png

See you all next Patch





13OCTOBER2017
Recovery Build v2.1.54 is complete for FTF 32.4.A.1.54 - currently untested by me, but should be ok - I'll be testing 2 versions, there'll be another coming up in a few days - it's related to Device Encryption & Location for Blocks. This version is basically the updated recovery build, with all the same settings, but correct partitions. The next release will test the Device Encryption Location, from /dev/block/data (what it is currently), to /dev/block/dm-0
I'll be testing Flashing and Installing of Magisk with both of my devices and using different methods to test flexibility in capturing the boot image and hash.
Got other things to do currently and my laptop is still in bits and pieces - this was just done to get something out of the way and working.
There's new partitions you should be able to see in Recovery, in addition to the extra ones I had originally.
The 'Misc' partition from Lollipop is back, and FOTAKernel has been renamed to 'recovery'. Everything else is labelled overthetop style.
Back everything up. Once you get a good recovery and successful restore, then you can skimp out and just backup the 'userdata' partition which is now called 'data'..

Expect another update if Sony are nice, and decide to patch the Bluetooth security flaws... While I was building, the bluetooth directories compiled with no errors - and I was getting most faults with QCOM stuff because I had quad and tri merges happening (just the way I set up my mirrors)- but it means that Bluetooth wasn't really touched . CVE-2017-0781 ... CVE-2017-0785.
I could be wrong, and patches could have been included.

Initial Tests:
Installing Magisk.zip in Recovery without disabling Sony RIC or DM Verity will cause the device to become unstable.
Currently - it's looking like a similar process to lock boot loader, for clean install, and patch of boot image to disable RIC and Verity.
I have access to all functions in TWRP and have done a successful restore and backup.



CRCD0FF4662-recovery-v2.1.54.img is attached to the post.
====================​
Device Targets
FTF 32.4.A.0.160 ONLY
CRC81D43A45-recovery-v1.1
Magisk: v14.0
Magisk Manager: v5.3.0
====================

====================​
Device Targets
FTF 32.4.A.1.54 ONLY - Magisk Requires RIC & Verity Disabled Prior to Installing in Recovery
CRCD0FF4662-recovery-v2.1.54
Magisk: v14.0
Magisk Manager: v5.3.0
====================​




12OCTOBER2017
Don't go updating to 32.4.A.1.54 and trying to use the recovery here... much breakage... much change... (actually - the changes I saw I actually added a while ago in FSTAB which is probably why things weren't breaking compared to other recovery with Magisk.... busy making the recovery at the moment but the repo has shifted things so I'll do it over the weekend because I'm busy doing Windows PE programming) Recap. Don't upgrade to 32.4.A.1.54 and use this recovery -- read the rainbow colour device targets above... don't mix and match
13OCT2017: Recovery is compiling for 32.4.A.1.54 ... I screwed up my laptop and I accidentally Raided my storage drive, so my build disk is not on a SSD.. it should be done in an hour or so
MINI ANNOUNCEMENT: 04 OCTOBER 2017
NOTE: Decryption may fail during boot to recovery - currently investigating - Reinstallation of Magisk or Google FOTA Updates may trigger a crash and password properties may be lost somewhere
MINI ANNOUNCEMENT: 26 SEPTEMBER 2017
Device and SD Card Encryption is fully functional.
CURRENT ANNOUNCEMENT: 8 SEPTEMBER 2017
Magisk Manager 5.3.0 and Magisk v14.0 is out.
New feature for Magisk Manager Hide and Unhide.

Load for this is different to previous.

Use Magisk 5.1.1 In-App Auto Download and Install zip package v14.0
Take a Backup beforehand.
The intrinsic nature will make future ad-lib/on the go Root/CTS pass more complex, but perhaps easier to Complete Uninstall in Recovery, Reboot Cycle, and Install v14.0 in Recovery - with less errors to previous versions. (I haven't completely zeroed all errors on my other device that I purposely broke beyond broken.. doing some extreme hide/unhide testing).

Di1t8zqm.png
v3r5Cqqm.png


Leaving APK 5.1.1 attached for users to leapfrog

Here's a sample of the broken device getting back to Root Access + CTS
aWuqSbBm.png


7fzPE7nm.png
uhIWOGPm.png

LMxG8c3m.png
Cnpb2lDm.png

qjnvjbvm.png
veBNI6wm.png





PREVIOUS ANNOUNCEMENT LOG
ANNOUNCEMENT: 28 JULY 2017
gnQE3Uum.jpg

Added temperature example in TWRP.
CTS Pass. All MMC blocks are R/W. may cause bugs - to revert permissions, Magisk Manager must set "Mount namespace mode":
All root sessions use the global mount namespace


Following the procedure with Magisk Manager 4.3.3 and Magisk v12.0 installed:
  • Install 5.1.1 APK.
  • Launch Magisk Manager and accept 13.3 download and install.



Users experiencing problems with adaptive brightness must use Magisk hide for com.qualcomm.cabl, and an example of temperature difference with Global R/W on eMMC blocks
oOqVyDul.jpg



ANNOUNCEMENT: 13 JULY 2017 Regarding Magisk eMMC Global R/W changes to v13.1
Magisk Manager 5.0.4 is able to be installed via APK attachment & Magisk v12.0 Only with 81D43A45-recovery-v1.1
I'm working on getting v13.1+(E5823) on to the device without problems. Further reading may be done further in the thread regarding the issue below.
- [General] Unlock all block devices for read-write support instead of emmc only (just figured not all devices uses emmc lol)
  • One of the distinct behaviours; Qualcomm Adaptive Brightness - sensitivity & lag - The gradient isn't smooth as it should be, and is erratic (AND EXCESSIVE HEAT)
This is a preview for the short debrief - and there are video examples to view. Read more here: https://forum.xda-developers.com/z5...at-7-0-android-bootable-t3609358/post73005789
POST VIDEOS
VJWdMj1.png
jPaa4cK.png


====================​

PREVIOUS ANNOUNCEMENT LOG
17 JULY 2017
CTS Failure. All versions
There's some changes to NFC stack that I'll be adding later this week

ANNOUNCEMENT: 11 JULY 2017 - 20:00 ACST UTC+09:30
Do not flash or install Magisk 13.1 - Manager 5.0.4
I noticed my device acting strange - so I ran through everything on my phone - and I'm retracting the announcement earlier as a recommendation.
I'll try and iron out what exactly is at fault - but for now - just stay at MagiskSU 12.0 and MManager 4.4.3
Appologies to anyone who managed to get 5.0.4 working.
I might head over to the Magisk thread and see if there are any others encountering the problems I see.
I'm going to leave the APK and previous annoucement recorded, for users who aren't bothered by things not really being exactly as they should be.
NB: I found exactly what I was looking for written in the Change Log, after I briefly skimmed through 10 pages of problems today @ the Magisk Board.
This will cause conflicts for future changes in TWRP and Sony Firmware - so it's up to you, how you proceed - but the result will be a repeat of Marshmallow to Nougat problems.
- [General] Unlock all block devices for read-write support instead of emmc only (just figured not all devices uses emmc lol)
  • One of the distinct behaviours; Qualcomm Adaptive Brightness - sensitivity & lag - The gradient isn't smooth as it should be, and is erratic
  • Device heat
  • Security & Play Services background updates - sometimes causes the phone to suddenly reboot
  • WLAN/BT/NFC - RFCOMM - UID errors
  • Possible errors during restore and backup function in TWRP - possible that file permissions and attributes are or aren't transferred inheritance R/W
ANNOUNCEMENT - 08 JULY 2017
Sony made some changes to Init and Sec Pol for Audio. Now included in build CRC81D43A45-recovery-v1.1
If you've already followed this guide to flash v1.0, there's no need to repeat everything - just use:
Code:
fastboot flash recovery recovery.img
I've also started on the Omnirom port, so my GitHub will be updated soon.

ANNOUNCEMENT - 11 JULY 2017 - See also 08JUL17 Announcement
Magisk 13.1 is out - with Manager 5.0.4.
roqQRA5m.png
7SQaH8Gm.png

For experienced users, you can manually update. APK attached. Turn off core mode, and hide and modules before install. I don't use modules, but that's probably the best option.
I will update guide soon. If you don't upgrade correctly, you will lose CTS and Root. I did this live, without a PC.
NB: I've now done both of my devices, and can confirm that an improper installation by Initiating the 13.1 Install from within Magisk Manager 4.3.3 will cause overheating. Modules and Core Only must be unloaded and Off, and APK installation must be done first after confirming modules are disabled. 13.1 zip file may then be installed in Recovery, to update SU binary, and Installation from inside Manager 5.0.4 needs to be initiated and will require 2 powercycles to load in to Magisk Hide with Core Only Disabled, for CTS Pass.
Update 4/7/2016 - Happy 4th of July to the Yanks... Here's a present from Down Under.
TWRP 3.1.1 on Android 7.1.1 Firmware 32.4.A.0.160 - I'm using the source for Android 7.1.2 R17
I'll update the build later this week and upload an image - as I'm cleaning up the process and making sure everything is working properly. I started again from scratch on 32.0.A.6.200 going all the way to 32.4.A.0.160. My GitHub doesn't have the source at the moment, because I'm rebuilding my Build Environment, so I can switch between Omnirom and AOSP using the same Repo. I'm just working out the best way to sync without fetch errors.

====================
______________________________
Users on Android Nougat 7.0 (32.3.A.X.XXX)
Upgrading to 7.1.1 will cause you to lose root if you have FOTA-Kernel Recovery and flash 32.4.A.0.160 and exclude FOTA Kernel in Flashtool

This has now been tested on both of my Devices.
______________________________​



REQUIREMENTS:
Flashtool
IOVYroot
Rootkernel
Recovery Image - Find Attachment CRC32 81D43A45 for 32.4.A.0.160 Find Attachment CRC32 D0FF4662 for 32.4.A.1.54
TA Image
Bootloader Unlock Code

USER INSTRUCTIONS
Downgrading to 32.0.A.6.200 to restore keys and lock bootloader
Ensure that you have signed out of any Google Accounts prior to flashing to prevent a Reset Lock
Use Flashtool to downgrade to Android 5.1.1 Lollipop
Use IOVYroot to backup or restore your TA Partition
gmBSI9Z.png

If you previously have lost your original Device Keys, you may be able to use Rootkernel to patch a DRM fix on the 32.0.A.6.200 Kernel.ELF, and then have IOVYroot backup the key
Enable USB Debugging in Developers Options and connect your device to the PC
Use IOVYroot to restore the TA to your device and there will be a message to flash stock firmware
bdAHY01.png

Restart the device as there is no need to flash again and confirm that the device keys are restored


Preparing to flash 32.4.A.0.160
Before starting the Flash process, navigate to the 'prepared' directory in Flashtool's firmware directories and find copy 'kernel.sin' to the Rootkernel directory
xXmHYmX.png

Use Flashtool's 'Sin Editor' found in the 'Tools' to extract a 'kernel.elf' from 'kernel.sin'
Use Rootkernel to create a DRM fix patched Boot image
zLvS3qu.png


Flashing 32.4.A.0.160
uWBnMFJ.png

Flash Android Nougat 7.1.1 and boot the device and confirm that DRM keys are present
Enable Developers Option and Enable 'Enable OEM Unlock' then turn off the device
mMzMCEh.png
CmfoscX.png

Connect the device to the PC and prepare the Bootloader unlock


Unlocking 7.1.1 Bootloader, Catching the Device Key & Flashing the Recovery
Confirm that device is in USB Debugging Mode
Then send the reboot command via 'adb reboot-bootloader'
fastboot flash boot 'patched-kernel.img'
fastboot flash recovery 'fotakernel-recovery.img'
yfa5b0H.png

Disconnect the device and do not power on
Use Flashtool to flash your Device Key
hULZB8W.png

Once done, Power On
Andy the Android should briefly display with his guts spilled open upgrading himself (If he doesn't something isn't right)
Complete the Android Welcome Setup
Congratulations
Recovery instructions below.

Flash Magisk v12.0 zip with Sony Fix, in TWRP Recovery
Flash or install using current announcement instructions, or your own preferred Superuser App
rMRhXZs.png
Y6xR2ds.png
D73VzJv.png
qkaQ778.png
bTSKuo4.png
lMkqgTd.png




====================​

XpeRicoverE5823 History
The Original Project intended to have the Z5 Compact an official device tree for TWRP. This project is still on going as the completed AOSP Recovery is currently not supported by Team Win as there is no room for new devices using AOSP build base on the Gerrit Build Server. As a result, the project has two branches; OmniROM and AOSP. Assuming everything runs smoothly, these projects using Android Bootable Recovery source, should almost be "plug and play" with source of other ROM, so if time permits, I'll get the LineageOS Build environment and build the recovery image.

https://github.com/NeoBeum/android_device_sony_suzuran
====================​


TWRP AOSP Recovery
Recovery Source:
Device Tree: Prototype Completed
Recovery Build:
Recovery Image Upload:
Target Kernel: LA.1.2.3_45, 3.10.84 - Sony Stock 32.4.A.0.160
Flash Instructions for device:
Code:
fastboot flash recovery recovery.img
Entry: Power + Volume Down (Until vibration) after 10 seconds, Magenta LED indicates recovery boot process.
Additional notes:
Previous Builds:
CRC665582E7-Recovery-v1.0.zip - [Click for QR Code] (14.18 MB, 104 views) - v1.1 @08JUL2017


Stock AOSP Recovery
Recovery Source:
Recovery Build: Complete
Recovery Image Upload:
Target Kernel: LA.BR.1.3.3_rb2.14


OmniROM Recovery
Recovery Source:
Recovery Build: In Progress
Recovery Image Upload: N/A
Target Kernel: OmniROM 7.1



Time Permits
LineageOS Recovery
Recovery Source: N/A
Recovery Build: Planning Stage/Not Started
Recovery Image Upload: N/A
Target Kernel: LineageOS 7.X.X




====================​
ORIGINAL POST
Android Bootable Recovery (TWRP) 3.1.1-0
The TWRP port and device tree is almost done.
Just got it working after about 16 hours straight of trying to get bionic to spew out overflow.
7Fej4jZm.png
EyolLYxm.png

FQfbSwGm.png
SBK6xLBm.png

p3VTFxGm.png
Ohf49IWm.png

The short and sweet guide is:
Get the Recovery Image and Fastboot flash to Recovery
Have your TA-Partition.img or DK.ftf
Flash 32.3.A.2.33 with Flashtool and Select All for Wipe, and Exclude FOTA Partition
Boot to recovery, Zip install Magisk 12.0
Power Cycle for the default Freakout-Google-Recovery-Refresh
Fastboot flash PatchKernel.img to Boot
Boot to recovery, Restore TA partition from image.

If you have your original DRM Key, I have the TA partition backup to restore the DRM Key once the Kernel gets patched.
You'll still need the TA if you want complete key signature - but the patch will still fix DRM loss when you initially flash TWRP to the recovery partition. (Because that action requires an unlocked bootloader)
I'll post a guide up soon, I'm just off for errands.

Once I fix up the device tree, and TeamWin's gerrit recovers from it's heartattack, you will be using all your own resources to do this, and won't need a prebuilt recovery. You can use your own stock kernel extracted with Flashtool. Everything should run smoothly because of less handover with prebuilt images and have the DRM fix patch the kernel that you actually have, and not for some other region..
 

Attachments

  • CRC81D43A45-recovery-v1.1.img.zip
    14.2 MB · Views: 2,033
  • magisk.5.1.1.apk
    4.5 MB · Views: 1,379
  • CRCD0FF4662-recovery-v2.1.54.img.zip
    14.1 MB · Views: 1,569
Last edited:

NeoBeum

Senior Member
Feb 25, 2017
223
81
0
Just an update: TWRP Build server doesn't have enough room for new devices using the AOSP Build Base, so I have to make an OmniROM port to get the device supported officially. However, there are also changes being made to the Kitakami Platform (Z5 Family), which is the parent of the Suzuran device, so I need to wait to find out what's happening there. Should be in the next few weeks - as I was told sometime in June.
 

NeoBeum

Senior Member
Feb 25, 2017
223
81
0
Wait, seriously? We will see OmniROM ported to our device?

Yeah, I'm getting there... hopefully They're changing the Kitakami platform base, so I'm waiting for humberos or someone that knows what's happening to finish doing what they're doing.
They told me to not use the Kitakami tree for now.
You probably haven't read my other posts, I'm new to this, and this is my first android project.

But I will still be able to get the recovery supported without a complete OmniROM System build.


I updated the main post too
 

NeoBeum

Senior Member
Feb 25, 2017
223
81
0
The Recovery for Android 7.1 was a bi-product of testing a Android 7.1 build base for the Z5C, before I start working on the OmniROM 7.1, so I've added it to the list of Recovery images.

Esperando esto con ansias para poder ser root
root is working, it was at the beginning, I just assumed everyone would think Magisk set root, I added root to the title to make it clear
 
Last edited:

netaccs

Senior Member
Oct 26, 2012
134
2
38
Can you please provide guide step-by-step to stock firmware + root, recovery, drm fix, RIC and all other sony stuffs,
so we can easily root our z5 compact phones ?

Really I can't understand when to flash, what to flash.

When I do
fastboot flash recovery recovery.img
and boot to recovery I cannot install anything, (Magisk) it is "read only"
 
Last edited:

NeoBeum

Senior Member
Feb 25, 2017
223
81
0
Can you please provide guide step-by-step to stock firmware + root, recovery, drm fix, RIC and all other sony stuffs,
so we can easily root our z5 compact phones ?

Really I can't understand when to flash, what to flash.

When I do
fastboot flash recovery recovery.img
and boot to recovery I cannot install anything, (Magisk) it is "read only"
ill need to get on my pc to reply


if you still have the recovery image I compiled flashed to recovery, you can leave it there.
Now what you need to do is use Flashtool and Flash 32.3.A.2.33, with normal settings, with the addition of Exclude FOTAKERNEL
XDA.PNG


While you're checking everything is set correctly, go in to the Flashtool prepared directory, %USER%/.flashTool/firmwares/prepared
Find the Kernel.sin, (not FotaKernel) - You need Kernel.sin because this is where the boot image is, and use flashtool to extract to Kernel.ELF.

Use the Rootkernel tool, Disable DM-Verity, Disable RIC, do not install TWRP, do not install SuperSU, do not install Busybox.
Flash the resulting Kernel.img using
Code:
fastboot flash boot Kernel.img

Now, if you boot to recovery and install Magisk, and then in usermode you still receive a fail for CTS/SafetyNet. The reason is because Magisk captured the modified Boot we just flashed.
To get around this (if you encounter this problem)- is to flash 32.3.A.2.33 again with the same settings as before, remembering to check Exclude FOTAKERNEL.
This time, when you go in to recovery, or boot, magisk will capture the correct Hash for a "virgin" System.

Done. This process is identical to @mhaha 's guide https://forum.xda-developers.com/z5-compact/general/guide-how-to-root-z5c-painful-using-t3549388, it just uses the recovery, instead of boot. I'm trying to get in contact with Tobias & Androxyde, as I'm going to try and make a windows gui that does all of this together. I need a C# project for an assignment.
 
Last edited:

netaccs

Senior Member
Oct 26, 2012
134
2
38
I choose options you described. From "prepared" folder, copy kernel.sin, extract it
using Flashtool and now I have kernel.img

Starting rootkernel like this:
rootkernel kernel.elf kernel.img
Rootkernel V5.23

- Unpacking kernel
Found elf boot image
Kernel version: 3.10.84-perf-g1016077
Found appended DTB
- Detected vendor: somc (Sony), device: suzuran (Xperia Z5 compact), variant: row
- Unpacking initramfs
- Detected platform: 64-bit
- Detected Android version: 7.0
- dm-verity is enabled. Disable? (Say yes if you modify /system) [Y/n] Y
Disabling dm-verity
- Sony RIC is enabled. Disable? [Y/n] Y
Disabling Sony RIC
- Skipping TWRP recovery. No kernel modules for 3.10.84-perf-g1016077 available
- Install DRM fix? [Y/n] Y
- Install busybox? [Y/n] N
- Creating new initramfs
- Creating boot image
- Cleaning up
Done

Now flash firmware E5823_32.3.A.2.33_R2D_MobilTel EAD BG.ftf
When it is complited, unplug the phone, but not power on yet
Connect via fastboot (volume up while powering) and run
fastboot flash boot Kernel.img
boot into recovery (power + volume down) - it is read only
reflash again ftf with Flashtool (wipe all, exclude FOTA),
enter to recovery and trying to flash the Magisk


When I install Magisk same errors: failed to mount, unable to mount.
I will wayt for full guide step by step.
 

NeoBeum

Senior Member
Feb 25, 2017
223
81
0
When I install Magisk same errors: failed to mount, unable to mount.
I will wayt for full guide step by step.

You grabbed the correct Magiskv12 with Sony Fix?
what link did you use for Magisk
I'm going to download and try to get your error.
 

netaccs

Senior Member
Oct 26, 2012
134
2
38
I try several ways to root + recovery + nougat. Other recovery example are working in different way.
Here it doesn't show the size of partitions when I select storage and other unusual things.
I will try with supersu instead of Magisk, but I din't the problem is in the recovery, not the Magisk.

pp. what is the difference between both, only the way of root, or Magisk has something more ?

This is the first phone I was unable to root :/
 
Last edited:

Merkur9

New member
Jun 17, 2016
2
0
0
I'm trying to get in contact with Tobias & Androxyde, as I'm going to try and make a windows gui that does all of this together. I need a C# project for an assignment.

I am 100% certain that a lot of people would be super thankful for that. Thanks in advance from my side!
 

Merkur9

New member
Jun 17, 2016
2
0
0
I get the same errors unfortunately:
"Failed to mount '/system' (Operation not permitted)
Failed to mount '/data' (Operation not permitted)
Failed to mount '/cache' (Operation not permitted)
Failed to mount '/oem' (Operation not permitted)
Failed to mount '/lta-label' (Operation not permitted)"

I choose options you described. From "prepared" folder, copy kernel.sin, extract it
using Flashtool and now I have kernel.img

Starting rootkernel like this:
rootkernel kernel.elf kernel.img
Rootkernel V5.23

- Unpacking kernel
Found elf boot image
Kernel version: 3.10.84-perf-g1016077
Found appended DTB
- Detected vendor: somc (Sony), device: suzuran (Xperia Z5 compact), variant: row
- Unpacking initramfs
- Detected platform: 64-bit
- Detected Android version: 7.0
- dm-verity is enabled. Disable? (Say yes if you modify /system) [Y/n] Y
Disabling dm-verity
- Sony RIC is enabled. Disable? [Y/n] Y
Disabling Sony RIC
- Skipping TWRP recovery. No kernel modules for 3.10.84-perf-g1016077 available
- Install DRM fix? [Y/n] Y
- Install busybox? [Y/n] N
- Creating new initramfs
- Creating boot image
- Cleaning up
Done

Now flash firmware E5823_32.3.A.2.33_R2D_MobilTel EAD BG.ftf
When it is complited, unplug the phone, but not power on yet
Connect via fastboot (volume up while powering) and run
fastboot flash boot Kernel.img
boot into recovery (power + volume down) - it is read only
reflash again ftf with Flashtool (wipe all, exclude FOTA),
enter to recovery and trying to flash the Magisk


When I install Magisk same errors: failed to mount, unable to mount.
I will wayt for full guide step by step.
 

AiMwasNeD

Senior Member
Mar 13, 2012
56
25
0
I choose options you described. From "prepared" folder, copy kernel.sin, extract it
using Flashtool and now I have kernel.img

Starting rootkernel like this:
rootkernel kernel.elf kernel.img
Rootkernel V5.23

- Unpacking kernel
Found elf boot image
Kernel version: 3.10.84-perf-g1016077
Found appended DTB
- Detected vendor: somc (Sony), device: suzuran (Xperia Z5 compact), variant: row
- Unpacking initramfs
- Detected platform: 64-bit
- Detected Android version: 7.0
- dm-verity is enabled. Disable? (Say yes if you modify /system) [Y/n] Y
Disabling dm-verity
- Sony RIC is enabled. Disable? [Y/n] Y
Disabling Sony RIC
- Skipping TWRP recovery. No kernel modules for 3.10.84-perf-g1016077 available
- Install DRM fix? [Y/n] Y
- Install busybox? [Y/n] N
- Creating new initramfs
- Creating boot image
- Cleaning up
Done

Now flash firmware E5823_32.3.A.2.33_R2D_MobilTel EAD BG.ftf
When it is complited, unplug the phone, but not power on yet
Connect via fastboot (volume up while powering) and run
fastboot flash boot Kernel.img
boot into recovery (power + volume down) - it is read only
reflash again ftf with Flashtool (wipe all, exclude FOTA),
enter to recovery and trying to flash the Magisk


When I install Magisk same errors: failed to mount, unable to mount.
I will wayt for full guide step by step.

I get the same errors unfortunately:
"Failed to mount '/system' (Operation not permitted)
Failed to mount '/data' (Operation not permitted)
Failed to mount '/cache' (Operation not permitted)
Failed to mount '/oem' (Operation not permitted)
Failed to mount '/lta-label' (Operation not permitted)"

I made exactly the same & got the same error until I tried another recovery...... THIS HERE
No more mount errors and finally root work for me, but it will not pass SafetyNet check on my phone.

EDIT: after enabe Magisk Hide it pass SafetyNet check!
 
Last edited:

svekke01

Member
May 18, 2015
17
1
0
51
Hi, just wait for me to fix some stuff because Magisk has been removed from Play Store... and also because I've only just come back after my router died

Magisk V13 is out in unofficial state. I would also like to know the step by step instructions to make it work. Thanks in advance for sorting things out NeoBeum
 

NeoBeum

Senior Member
Feb 25, 2017
223
81
0
I have a working build for 7.1.1, I'm going to write up a proper guide this time, so I've removed the old one, and I should have it up later this week.
 
  • Like
Reactions: dlee390

Top Liked Posts

  • There are no posts matching your filters.
  • 16
    E5803/E5823
    Android Nougat 7.1.2+ Bootable Recovery

    (TWRP) Android Bootable Recovery v3.1.1-0

    NB:14OCT17 - I will be rebuilding the base Recovery Image, as it was using a mix of 7.1.2 for Omnirom and TWRP, and 7.1.1 r17, while I'm still technically ahead of the Sony AOSP, they are now using 7.1.1 r55
    13 OCTOBER 2017
    Step 1 - Get correct files
    Step 2 - Read & know to use exact same process, without going back to Lollipop to relock the bootloader.
    Step 3 - Flash correct recovery to recovery partition 'fastboot flash recovery CRC#######v-###.img'
    A OR B, NOT BOTH
    Step 4a - Rootkernel the 324A0160Kernel Elf and patch it for DM Verity & Sony RIC Disable, and 'Fastboot flash boot 324A0160KernelElf.img'
    Step 4b - Rootkernel the 324A154 Kernel Elf and patch it for DM Verity & Sony RIC Disable, and 'Fastboot flash boot 324A154KernelElf.img'

    Step 5 - Install Magisk v14 via TWRP Recovery.
    Done.
    nMRF8pUl.png
    PKJhVOyl.png
    zIwSJdvl.png

    See you all next Patch





    13OCTOBER2017
    Recovery Build v2.1.54 is complete for FTF 32.4.A.1.54 - currently untested by me, but should be ok - I'll be testing 2 versions, there'll be another coming up in a few days - it's related to Device Encryption & Location for Blocks. This version is basically the updated recovery build, with all the same settings, but correct partitions. The next release will test the Device Encryption Location, from /dev/block/data (what it is currently), to /dev/block/dm-0
    I'll be testing Flashing and Installing of Magisk with both of my devices and using different methods to test flexibility in capturing the boot image and hash.
    Got other things to do currently and my laptop is still in bits and pieces - this was just done to get something out of the way and working.
    There's new partitions you should be able to see in Recovery, in addition to the extra ones I had originally.
    The 'Misc' partition from Lollipop is back, and FOTAKernel has been renamed to 'recovery'. Everything else is labelled overthetop style.
    Back everything up. Once you get a good recovery and successful restore, then you can skimp out and just backup the 'userdata' partition which is now called 'data'..

    Expect another update if Sony are nice, and decide to patch the Bluetooth security flaws... While I was building, the bluetooth directories compiled with no errors - and I was getting most faults with QCOM stuff because I had quad and tri merges happening (just the way I set up my mirrors)- but it means that Bluetooth wasn't really touched . CVE-2017-0781 ... CVE-2017-0785.
    I could be wrong, and patches could have been included.

    Initial Tests:
    Installing Magisk.zip in Recovery without disabling Sony RIC or DM Verity will cause the device to become unstable.
    Currently - it's looking like a similar process to lock boot loader, for clean install, and patch of boot image to disable RIC and Verity.
    I have access to all functions in TWRP and have done a successful restore and backup.



    CRCD0FF4662-recovery-v2.1.54.img is attached to the post.
    ====================​
    Device Targets
    FTF 32.4.A.0.160 ONLY
    CRC81D43A45-recovery-v1.1
    Magisk: v14.0
    Magisk Manager: v5.3.0
    ====================

    ====================​
    Device Targets
    FTF 32.4.A.1.54 ONLY - Magisk Requires RIC & Verity Disabled Prior to Installing in Recovery
    CRCD0FF4662-recovery-v2.1.54
    Magisk: v14.0
    Magisk Manager: v5.3.0
    ====================​




    12OCTOBER2017
    Don't go updating to 32.4.A.1.54 and trying to use the recovery here... much breakage... much change... (actually - the changes I saw I actually added a while ago in FSTAB which is probably why things weren't breaking compared to other recovery with Magisk.... busy making the recovery at the moment but the repo has shifted things so I'll do it over the weekend because I'm busy doing Windows PE programming) Recap. Don't upgrade to 32.4.A.1.54 and use this recovery -- read the rainbow colour device targets above... don't mix and match
    13OCT2017: Recovery is compiling for 32.4.A.1.54 ... I screwed up my laptop and I accidentally Raided my storage drive, so my build disk is not on a SSD.. it should be done in an hour or so
    MINI ANNOUNCEMENT: 04 OCTOBER 2017
    NOTE: Decryption may fail during boot to recovery - currently investigating - Reinstallation of Magisk or Google FOTA Updates may trigger a crash and password properties may be lost somewhere
    MINI ANNOUNCEMENT: 26 SEPTEMBER 2017
    Device and SD Card Encryption is fully functional.
    CURRENT ANNOUNCEMENT: 8 SEPTEMBER 2017
    Magisk Manager 5.3.0 and Magisk v14.0 is out.
    New feature for Magisk Manager Hide and Unhide.

    Load for this is different to previous.

    Use Magisk 5.1.1 In-App Auto Download and Install zip package v14.0
    Take a Backup beforehand.
    The intrinsic nature will make future ad-lib/on the go Root/CTS pass more complex, but perhaps easier to Complete Uninstall in Recovery, Reboot Cycle, and Install v14.0 in Recovery - with less errors to previous versions. (I haven't completely zeroed all errors on my other device that I purposely broke beyond broken.. doing some extreme hide/unhide testing).

    Di1t8zqm.png
    v3r5Cqqm.png


    Leaving APK 5.1.1 attached for users to leapfrog

    Here's a sample of the broken device getting back to Root Access + CTS
    aWuqSbBm.png


    7fzPE7nm.png
    uhIWOGPm.png

    LMxG8c3m.png
    Cnpb2lDm.png

    qjnvjbvm.png
    veBNI6wm.png





    PREVIOUS ANNOUNCEMENT LOG
    ANNOUNCEMENT: 28 JULY 2017
    gnQE3Uum.jpg

    Added temperature example in TWRP.
    CTS Pass. All MMC blocks are R/W. may cause bugs - to revert permissions, Magisk Manager must set "Mount namespace mode":
    All root sessions use the global mount namespace


    Following the procedure with Magisk Manager 4.3.3 and Magisk v12.0 installed:
    • Install 5.1.1 APK.
    • Launch Magisk Manager and accept 13.3 download and install.



    Users experiencing problems with adaptive brightness must use Magisk hide for com.qualcomm.cabl, and an example of temperature difference with Global R/W on eMMC blocks
    oOqVyDul.jpg



    ANNOUNCEMENT: 13 JULY 2017 Regarding Magisk eMMC Global R/W changes to v13.1
    Magisk Manager 5.0.4 is able to be installed via APK attachment & Magisk v12.0 Only with 81D43A45-recovery-v1.1
    I'm working on getting v13.1+(E5823) on to the device without problems. Further reading may be done further in the thread regarding the issue below.
    - [General] Unlock all block devices for read-write support instead of emmc only (just figured not all devices uses emmc lol)
    • One of the distinct behaviours; Qualcomm Adaptive Brightness - sensitivity & lag - The gradient isn't smooth as it should be, and is erratic (AND EXCESSIVE HEAT)
    This is a preview for the short debrief - and there are video examples to view. Read more here: https://forum.xda-developers.com/z5...at-7-0-android-bootable-t3609358/post73005789
    POST VIDEOS
    VJWdMj1.png
    jPaa4cK.png


    ====================​

    PREVIOUS ANNOUNCEMENT LOG
    17 JULY 2017
    CTS Failure. All versions
    There's some changes to NFC stack that I'll be adding later this week

    ANNOUNCEMENT: 11 JULY 2017 - 20:00 ACST UTC+09:30
    Do not flash or install Magisk 13.1 - Manager 5.0.4
    I noticed my device acting strange - so I ran through everything on my phone - and I'm retracting the announcement earlier as a recommendation.
    I'll try and iron out what exactly is at fault - but for now - just stay at MagiskSU 12.0 and MManager 4.4.3
    Appologies to anyone who managed to get 5.0.4 working.
    I might head over to the Magisk thread and see if there are any others encountering the problems I see.
    I'm going to leave the APK and previous annoucement recorded, for users who aren't bothered by things not really being exactly as they should be.
    NB: I found exactly what I was looking for written in the Change Log, after I briefly skimmed through 10 pages of problems today @ the Magisk Board.
    This will cause conflicts for future changes in TWRP and Sony Firmware - so it's up to you, how you proceed - but the result will be a repeat of Marshmallow to Nougat problems.
    - [General] Unlock all block devices for read-write support instead of emmc only (just figured not all devices uses emmc lol)
    • One of the distinct behaviours; Qualcomm Adaptive Brightness - sensitivity & lag - The gradient isn't smooth as it should be, and is erratic
    • Device heat
    • Security & Play Services background updates - sometimes causes the phone to suddenly reboot
    • WLAN/BT/NFC - RFCOMM - UID errors
    • Possible errors during restore and backup function in TWRP - possible that file permissions and attributes are or aren't transferred inheritance R/W
    ANNOUNCEMENT - 08 JULY 2017
    Sony made some changes to Init and Sec Pol for Audio. Now included in build CRC81D43A45-recovery-v1.1
    If you've already followed this guide to flash v1.0, there's no need to repeat everything - just use:
    Code:
    fastboot flash recovery recovery.img
    I've also started on the Omnirom port, so my GitHub will be updated soon.

    ANNOUNCEMENT - 11 JULY 2017 - See also 08JUL17 Announcement
    Magisk 13.1 is out - with Manager 5.0.4.
    roqQRA5m.png
    7SQaH8Gm.png

    For experienced users, you can manually update. APK attached. Turn off core mode, and hide and modules before install. I don't use modules, but that's probably the best option.
    I will update guide soon. If you don't upgrade correctly, you will lose CTS and Root. I did this live, without a PC.
    NB: I've now done both of my devices, and can confirm that an improper installation by Initiating the 13.1 Install from within Magisk Manager 4.3.3 will cause overheating. Modules and Core Only must be unloaded and Off, and APK installation must be done first after confirming modules are disabled. 13.1 zip file may then be installed in Recovery, to update SU binary, and Installation from inside Manager 5.0.4 needs to be initiated and will require 2 powercycles to load in to Magisk Hide with Core Only Disabled, for CTS Pass.
    Update 4/7/2016 - Happy 4th of July to the Yanks... Here's a present from Down Under.
    TWRP 3.1.1 on Android 7.1.1 Firmware 32.4.A.0.160 - I'm using the source for Android 7.1.2 R17
    I'll update the build later this week and upload an image - as I'm cleaning up the process and making sure everything is working properly. I started again from scratch on 32.0.A.6.200 going all the way to 32.4.A.0.160. My GitHub doesn't have the source at the moment, because I'm rebuilding my Build Environment, so I can switch between Omnirom and AOSP using the same Repo. I'm just working out the best way to sync without fetch errors.

    ====================
    ______________________________
    Users on Android Nougat 7.0 (32.3.A.X.XXX)
    Upgrading to 7.1.1 will cause you to lose root if you have FOTA-Kernel Recovery and flash 32.4.A.0.160 and exclude FOTA Kernel in Flashtool

    This has now been tested on both of my Devices.
    ______________________________​



    REQUIREMENTS:
    Flashtool
    IOVYroot
    Rootkernel
    Recovery Image - Find Attachment CRC32 81D43A45 for 32.4.A.0.160 Find Attachment CRC32 D0FF4662 for 32.4.A.1.54
    TA Image
    Bootloader Unlock Code

    USER INSTRUCTIONS
    Downgrading to 32.0.A.6.200 to restore keys and lock bootloader
    Ensure that you have signed out of any Google Accounts prior to flashing to prevent a Reset Lock
    Use Flashtool to downgrade to Android 5.1.1 Lollipop
    Use IOVYroot to backup or restore your TA Partition
    gmBSI9Z.png

    If you previously have lost your original Device Keys, you may be able to use Rootkernel to patch a DRM fix on the 32.0.A.6.200 Kernel.ELF, and then have IOVYroot backup the key
    Enable USB Debugging in Developers Options and connect your device to the PC
    Use IOVYroot to restore the TA to your device and there will be a message to flash stock firmware
    bdAHY01.png

    Restart the device as there is no need to flash again and confirm that the device keys are restored


    Preparing to flash 32.4.A.0.160
    Before starting the Flash process, navigate to the 'prepared' directory in Flashtool's firmware directories and find copy 'kernel.sin' to the Rootkernel directory
    xXmHYmX.png

    Use Flashtool's 'Sin Editor' found in the 'Tools' to extract a 'kernel.elf' from 'kernel.sin'
    Use Rootkernel to create a DRM fix patched Boot image
    zLvS3qu.png


    Flashing 32.4.A.0.160
    uWBnMFJ.png

    Flash Android Nougat 7.1.1 and boot the device and confirm that DRM keys are present
    Enable Developers Option and Enable 'Enable OEM Unlock' then turn off the device
    mMzMCEh.png
    CmfoscX.png

    Connect the device to the PC and prepare the Bootloader unlock


    Unlocking 7.1.1 Bootloader, Catching the Device Key & Flashing the Recovery
    Confirm that device is in USB Debugging Mode
    Then send the reboot command via 'adb reboot-bootloader'
    fastboot flash boot 'patched-kernel.img'
    fastboot flash recovery 'fotakernel-recovery.img'
    yfa5b0H.png

    Disconnect the device and do not power on
    Use Flashtool to flash your Device Key
    hULZB8W.png

    Once done, Power On
    Andy the Android should briefly display with his guts spilled open upgrading himself (If he doesn't something isn't right)
    Complete the Android Welcome Setup
    Congratulations
    Recovery instructions below.

    Flash Magisk v12.0 zip with Sony Fix, in TWRP Recovery
    Flash or install using current announcement instructions, or your own preferred Superuser App
    rMRhXZs.png
    Y6xR2ds.png
    D73VzJv.png
    qkaQ778.png
    bTSKuo4.png
    lMkqgTd.png




    ====================​

    XpeRicoverE5823 History
    The Original Project intended to have the Z5 Compact an official device tree for TWRP. This project is still on going as the completed AOSP Recovery is currently not supported by Team Win as there is no room for new devices using AOSP build base on the Gerrit Build Server. As a result, the project has two branches; OmniROM and AOSP. Assuming everything runs smoothly, these projects using Android Bootable Recovery source, should almost be "plug and play" with source of other ROM, so if time permits, I'll get the LineageOS Build environment and build the recovery image.

    https://github.com/NeoBeum/android_device_sony_suzuran
    ====================​


    TWRP AOSP Recovery
    Recovery Source:
    Device Tree: Prototype Completed
    Recovery Build:
    Recovery Image Upload:
    Target Kernel: LA.1.2.3_45, 3.10.84 - Sony Stock 32.4.A.0.160
    Flash Instructions for device:
    Code:
    fastboot flash recovery recovery.img
    Entry: Power + Volume Down (Until vibration) after 10 seconds, Magenta LED indicates recovery boot process.
    Additional notes:
    Previous Builds:
    CRC665582E7-Recovery-v1.0.zip - [Click for QR Code] (14.18 MB, 104 views) - v1.1 @08JUL2017


    Stock AOSP Recovery
    Recovery Source:
    Recovery Build: Complete
    Recovery Image Upload:
    Target Kernel: LA.BR.1.3.3_rb2.14


    OmniROM Recovery
    Recovery Source:
    Recovery Build: In Progress
    Recovery Image Upload: N/A
    Target Kernel: OmniROM 7.1



    Time Permits
    LineageOS Recovery
    Recovery Source: N/A
    Recovery Build: Planning Stage/Not Started
    Recovery Image Upload: N/A
    Target Kernel: LineageOS 7.X.X




    ====================​
    ORIGINAL POST
    Android Bootable Recovery (TWRP) 3.1.1-0
    The TWRP port and device tree is almost done.
    Just got it working after about 16 hours straight of trying to get bionic to spew out overflow.
    7Fej4jZm.png
    EyolLYxm.png

    FQfbSwGm.png
    SBK6xLBm.png

    p3VTFxGm.png
    Ohf49IWm.png

    The short and sweet guide is:
    Get the Recovery Image and Fastboot flash to Recovery
    Have your TA-Partition.img or DK.ftf
    Flash 32.3.A.2.33 with Flashtool and Select All for Wipe, and Exclude FOTA Partition
    Boot to recovery, Zip install Magisk 12.0
    Power Cycle for the default Freakout-Google-Recovery-Refresh
    Fastboot flash PatchKernel.img to Boot
    Boot to recovery, Restore TA partition from image.

    If you have your original DRM Key, I have the TA partition backup to restore the DRM Key once the Kernel gets patched.
    You'll still need the TA if you want complete key signature - but the patch will still fix DRM loss when you initially flash TWRP to the recovery partition. (Because that action requires an unlocked bootloader)
    I'll post a guide up soon, I'm just off for errands.

    Once I fix up the device tree, and TeamWin's gerrit recovers from it's heartattack, you will be using all your own resources to do this, and won't need a prebuilt recovery. You can use your own stock kernel extracted with Flashtool. Everything should run smoothly because of less handover with prebuilt images and have the DRM fix patch the kernel that you actually have, and not for some other region..
    3
    Just an update: TWRP Build server doesn't have enough room for new devices using the AOSP Build Base, so I have to make an OmniROM port to get the device supported officially. However, there are also changes being made to the Kitakami Platform (Z5 Family), which is the parent of the Suzuran device, so I need to wait to find out what's happening there. Should be in the next few weeks - as I was told sometime in June.
    3
    Recovery Build v2.1.54 is complete for FTF 32.4.A.1.54 - currently untested by me, but should be ok - I'll be testing 2 versions, there'll be another coming up in a few days - it's related to Device Encryption & Location for Blocks. This version is basically the updated recovery build, with all the same settings, but correct partitions. The next release will test the Device Encryption Location, from /dev/block/data (what it is currently), to /dev/block/dm-0
    I'll be testing Flashing and Installing of Magisk with both of my devices and using different methods to test flexibility in capturing the boot image and hash.
    Got other things to do currently and my laptop is still in bits and pieces - this was just done to get something out of the way and working.
    There's new partitions you should be able to see in Recovery, in addition to the extra ones I had originally.
    The 'Misc' partition from Lollipop is back, and FOTAKernel has been renamed to 'recovery'. Everything else is labelled overthetop style.
    Back everything up. Once you get a good recovery and successful restore, then you can skimp out and just backup the 'userdata' partition which is now called 'data'..

    Expect another update if Sony are nice, and decide to patch the Bluetooth security flaws... While I was building, the bluetooth directories compiled with no errors - and I was getting most faults with QCOM stuff because I had quad and tri merges happening (just the way I set up my mirrors)- but it means that Bluetooth wasn't really touched . CVE-2017-0781 ... CVE-2017-0785.
    I could be wrong, and patches could have been included.

    CRCD0FF4662-recovery-v2.1.54.img is attached to the post.
    2
    Wait, seriously? We will see OmniROM ported to our device?

    Yeah, I'm getting there... hopefully They're changing the Kitakami platform base, so I'm waiting for humberos or someone that knows what's happening to finish doing what they're doing.
    They told me to not use the Kitakami tree for now.
    You probably haven't read my other posts, I'm new to this, and this is my first android project.

    But I will still be able to get the recovery supported without a complete OmniROM System build.


    I updated the main post too
    2
    Okay if I understand correctly, fixing 7.1.1 is as easy as flashing the recovery and my mobile data problems and battery problems will disappear?
    Only if you find Jesus along the way
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone