After much tampering I managed to identify a procedure to root our phone(s) leaving the Stock ROM intact (addition of rooting apart, sure). This will remove the requirement to do an OTA update, which in the future could remove the rooting if any update will be available (Lollipop maybe?).
The process is very straightforward and has been tested in both OS X and Windows. Here it follows:
GENERAL GUIDELINES:
(*) In some phones (Xperia Z?) rootkitXperia may not get stuck. If the phone reboots the rooting should be complete. Just flash back your original kernel and it should be done (untested).
The following section will explain in great detail every single step needed. It also includes all the links to the SW and procedures needed:
COMPREHENSIVE TUTORIAL:
PREPARATION:
ROOTING:
At this point, with the phone still in bootloop, you may check if the rooting has been successful. Just type the command:
which should report
If it doesn't something went wrong (it shouldn't).
DISABLE THE RIC (enable /system read/write):
What to do next:
Unrooting/Recovery
(**) Thanks to Vino Kulafu for the tip.
JB Kernel from the Xperia M2 D2303 FTF attached:
It's confirmed working with the following devices:
The process is very straightforward and has been tested in both OS X and Windows. Here it follows:
THIS SHOULD WORK FOR ALL XPERIA PHONES WITH KITKAT INSTALLED WHICH HAD A PREVIOUS ROM VULNERABLE TO TOWELROOT.
If your phone started with KitKat 4.4.4 or later and you want to keep the locked bootloader you may be doomed.
If your phone started with KitKat 4.4.4 or later and you want to keep the locked bootloader you may be doomed.
GENERAL GUIDELINES:
- Be sure to have the full FTF for the stock ROM you are currently running
- Flash only the kernel of a ROM for your phone vulnerable to the Towelroot exploit unchecking the wipe checkboxes
- Reboot the phone:
The phone will bootloop, but it doesn't matter. The Linux kernel and adb are alive and thus the "Towelroot" vulnerability is exploitable by rootkitXperia - Run rootkitXperia. After the rooting it should get stuck when trying to reboot the phone(*). Interrupt it with CTRL-C
- Flash back the kernel for the ROM in your phone
- Reboot the phone
- Manually run the command to have the RIC permanently disabled:
Code:adb shell "su -c /data/local/tmp/install_tool.sh"
(*) In some phones (Xperia Z?) rootkitXperia may not get stuck. If the phone reboots the rooting should be complete. Just flash back your original kernel and it should be done (untested).
The following section will explain in great detail every single step needed. It also includes all the links to the SW and procedures needed:
COMPREHENSIVE TUTORIAL:
PREPARATION:
- Have your phone updated to the last ROM
- Download Flashtool: link
- Download rootkitXperia: link
- Have adb installed: Suggested links: OSX/Linux - Windows
- - Windows only: Install the phone drivers (probably using Sony PC Companion. I dunno, I don't use that Windows junk
) - Enable the USB debugging: HowTo
- In Settings/Security enable "Unknown sources"
- Make it sure Flashtool/adb can connect to the phone: just try "adb shell" from the terminal.
- Download a Jelly Bean stock ROM for YOUR phone: link for D2303
Otherwise for D2303 (but it is confirmed working with the M2 Aqua D2403 as well) you can use the attached FTF (kernel only) - From Flashtool download the FTF of your latest ROM (Menu "Devices/Check Updates" at least in OS X). Be sure to use the same ID
- You may want to make a full backup using the Sony system app "Backup and restore" (or equivalent in other languages)
ROOTING:
- Launch Flashtool in your Mac/PC
- Power off the phone
- While holding the Volume Down key connect the phone to the Mac/PC via USB
- The phone top led should blink red and then green
- Flashtool should report that the phone is connected in flash mode
- Select the JB FTF of your choice (full RoM/kernel only).
In OSX Flashtool is glitched. You may need to select an FTF and then move upward with the arrow keys - Exclude all but the kernel. Uncheck the wipe checkboxes
- Proceed with the kernel flashing . The blu icon with a thunder
- After the flashing has terminated disconnect the phone from the USB
- Start the phone:
This is the tricky part. Android now will bootloop. But we don't care, because the underlying Linux is well alive!! adb works and so it does the Linux kernel/OS.
And that is all we need, because rootkitXperia exploits the Towelroot vulnerability but without the need of launching the graphical interface. Just hurry a bit because it may or may not last forever. - Connect the phone via USB
- From the terminal cd into the rootkitXperia directory
- Launch the script: install.sh in OSX/Linux - install.bat in Windows
- When the script gets stuck at the phone reboot terminate it (CTRL-C)
At this point, with the phone still in bootloop, you may check if the rooting has been successful. Just type the command:
Code:
adb shell "su -c id"
Code:
uid=0(root) gid=0(root) context=u:r:init:s0DISABLE THE RIC (enable /system read/write):
- Disconnect the phone
- Power it off
- Hold the Volume Down key and connect it to the computer
- In Flashtool flash the kernel of your latest ROM.
Like before exclude all but the kernel, no wipe needed
Also there is an issue with 18.3.1.C.1.15 installed via PC Companion/Sony Bridge for Mac. One should flash (thus not excluding it) the "BOOTBUNDLE" as well as shown in this post - Disconnect the phone from the USB and reboot it
- Connect the phone
- Manually run the command:
Code:adb shell "su -c /data/local/tmp/install_tool.sh" - Reboot and enjoy your rooted phone!
What to do next:
- Press "Thanks!"
- Backup your TA partition: link for OS X
- Put a copy in your most favorite Cloud service (Dropbox/iCloud/Google Drive/Whatever). It's better be safe than sorry.
- Update SuperSU binary and apk
- Install adaway to get a rid of those annoying commercial
- Anything else you rooted your phone for!
Unrooting/Recovery
- You may need to use the OFF button near the SIM card slot if anything went wrong (like if you forgot to uncheck the wipe flags). That shuts down the phone. You would need a needle (or something very small) to push it. (**)
- Flash with Flashtool the kernel and system from the ROM you previously downloaded to keep your data - or -
- Rebuild the ROM with Sony Bridge For Mac/PC Companion
(**) Thanks to Vino Kulafu for the tip.
JB Kernel from the Xperia M2 D2303 FTF attached:
It's confirmed working with the following devices:
- Xperia M2 D2303
- Xperia M2 Aqua D2403
Last edited:
