[ROOT][Kernel][TWRP] repack of the stock kernel with dm-verity and SONY RIC off
- Thread starter tobias.waldvogel
- Start date
Hi guys!
I'm a noob and I have three issues:
1. I have a z5 docomo (SO-01H) with bootloader unlock allowed: Yes. I'm on nougat but it only updates via OTA so I only have marshmallow FTF.
How do I extract kernel and system.sin from my phone? If I unlock bootloader on marshmallow I'll be stuck on 6.0 because OTA won't work. Can I use other FTF kernel? I have customized AU ftf on 7.0 or 7.1 for e6653.
2. BackupTA never works, I've been trying for the whole week with no luck. I used flashtool to backup TA partition and now I have two files (1.ta and 2.ta) I don't know what to do with them. Please guide.
3. Can I flash e6653 ftf after bootloader unlock (it gives device not compatible error on flash tool now) and/or use custom roms e6653?
Please guide, I wanna root. Thanks
I'm a noob and I have three issues:
1. I have a z5 docomo (SO-01H) with bootloader unlock allowed: Yes. I'm on nougat but it only updates via OTA so I only have marshmallow FTF.
How do I extract kernel and system.sin from my phone? If I unlock bootloader on marshmallow I'll be stuck on 6.0 because OTA won't work. Can I use other FTF kernel? I have customized AU ftf on 7.0 or 7.1 for e6653.
2. BackupTA never works, I've been trying for the whole week with no luck. I used flashtool to backup TA partition and now I have two files (1.ta and 2.ta) I don't know what to do with them. Please guide.
3. Can I flash e6653 ftf after bootloader unlock (it gives device not compatible error on flash tool now) and/or use custom roms e6653?
Please guide, I wanna root. Thanks
casouzaj
Senior Member
Don't unlock your phone's bootloader before you achieve a backup of its TA partition. Backup TA V2 will be able to perform such a backup only if you downgrade to a stock Marshmallow firmware. Use Flashtool to flash it in flashmode. Wipe its data partition, in order to have a stable Marshmallow setup (you'll loose your data during the bootloader unlocking procedure, anyway). Whilst on Marshmallow, activate USB debugging connect your phone to your computer and run the backup TA tool. It will be successful if it produces a 2MB-long TA img file. Run flash_dk with this TA img file to create your DK.tft file.
You can now flash your Nougat ROM back, again through Flashtool.
Copy that ROM's ftf file to the unpacked rootkernel folder, and rename its extention to zip. Extract kernel.sin out of it. In Flashtool, click on Tools > Sin editor, select that kernel.sin file and click on Extract data. A kernel.elf file will be produced. You can use it in rootkernel to produce a new_boot.img. Choose to disable Sony RIC during the process. Say No to all the other questions.
Now unlock your phone's bootloader. Use fastboot commands to flash a TWRP img file to the FOTAKernel partition and the new_boot.img file to the boot partition. To enter TWRP, hold both the power and the volume down buttons. When your phone vibrates, release the power button. When the screen lights up, release the volume down button. Install Magisk. In my Z5 Compact phone I used the stable 19.2 version (had issues with the Canary builds). Install also the DRM fix zip file.
Now copy the DK.tft file produced by flash_dk to C:\Users\your_username\.flashTool\firmwares, and select Device keys in Flashtool, in flashmode. Flash it.
OK, turn your phone on and tweak Magisk Manager the way you have, most probably, read a lot about.
Hope to have not forgotten something important.
Sent from my Xperia Z5 Compact using XDA Labs
Thank you so much. But as I stated, I don't have nougat ROM ftf file and its available nowhere. The only ftf files available are lollipop and marshmallow.
I downgraded it to lollipop and marshmallow countless times but backupTA doesn't work at all. So I can't have a TA backup except with flash tool which gives me two files with the extension .ta. I don't know which one to use and what to do with the .ta file.
So j have to extract kernel from my phone which is running nougat. I can downgrade to lollipop or marshmallow but to get back to nougat I have to download OTA. With bootloader unlocked, OTA won't work and i will be stuck with marshmallow, unless I could use ftf files for other models such as e6653, Which currently I can't.
Hope you understood the issue. Thanks
casouzaj
Senior Member
After you manage to get a backup of your TA partition through Backup TA v2, whist running Marshmallow,, prior to unlocking the bootloader, you can perform the OTA upgrade to Nougat and move on.
Sent from my Xperia Z5 Compact using XDA Labs
Tried that hundreds of times even on lollipop. No success. Back TA V2 doesn't work for my phone
casouzaj
Senior Member
I'll try to make some tests with TA backup performed by Flashtool, thing I've never made so far, and return to you with my findings.
Sent from my Xperia Z5 Compact using XDA Labs
Thank you sir. I finally managed to get the TA backup successfully. I downloaded all MM roms and tried with each one of them. One worked and I got ~2MB img file.
Then i proceeded to unlock the bootloader as stated on Sony's website. The phone did a factory reset (telling from the time it took to bootup).
Did the process and got the modified boot.img while being on MM. Also got the DK.ftf file.
fastboot flash boot boot.img command didnt work while being in the same command window so copied the boot.img in the ADB tools folder, flashed the boot.img via fastboot. No errors.
But when the phone turns on there is no Super SU, i cant manage to boot into TWRP and it seems as if nothing happened. Even the OTA is downloading.
Should i try unlocking the bootloader again? The service menu--> configuration still shows Bootloader unlock allowed: yes and all keys in security test are [Key OK] [Active] except FIDO_KEYS: Not provisioned, provision failed.
I havent flashed the DK.ftf yet.
If the boot.img got pushed successfully, I dont know what i did wrong. the phone works fine as it did before. Even flashtool says root access denied.
Thank you, once again for your support.
Last edited:
casouzaj
Senior Member
As I stated in my first (long) reply to you, use Magisk (stable v19.2) to get root access. SuperSU is deprecated. Yes, flash the DK.tft file in flashmode, through Flashtool. Use a fastboot command to flash a TWRP img file to the FOTAKernel (the exact way it's written) partition. Then, enter TWRP by holding both the power and the volume down buttons. Once in TWRP, install the Magisk zip file and the DRM fix zip file, as well.
Sent from my Xperia Z5 Compact using XDA Labs
Thank you sir. I finally managed to get root and TWRP. But i am stuck on MM because i cant flash any other variant's FTF or even international one. It always gives errors and OTAs wont work.
All custom roms bootloop so no use.
But at least Im rooted and debloated on stock MM.
Thank you for your help.
All custom roms bootloop so no use.
But at least Im rooted and debloated on stock MM.
Thank you for your help.
casouzaj
Senior Member
If I remember it right, I stated that you did the OTA upgrade right after you managed to have a backup of your TA partition, prior to unlocking the bootloader. Well, since you have that backup, you could use either Flashtool or a dd command to re-lock your bootloader, then start the whole thing all over again, but now from Nougat. It's your choice.
Sent from my Xperia Z5 Compact using XDA Labs
I just flashed drm fix via twrp for my Xperia X android 8.0.0 doesn't fix x-reality, vivid mode
I don't want to quote the entire post, but I've found out something that is very relevant to it;
When using rootkernel on an Xperia X Compact (stock Oreo 8.0), and using munjeni's TA.img hack, there are big problems for users if/when the battery runs out completely (to 0%), and the phone shuts down. This has happened twice to me so far, but I've only just bothered with fixing the issue today.
The problem is that after draining the battery completely and the phone shutting down, the cellular radio no longer works. It finds available networks, but refuses to connect to any of them. At one point it kept saying the SIM card was locked and kept asking for the SIM PIN, every few seconds.
Looking at the logcat, the system implies an error with the 'tad' process being unable to find a `TA.img`:
Code:
07-07 15:24:44.157 2476 2476 E tad : Failed to open /data/local/tmp/TA.img (No such file or directory)
Code:
cat init.ta_poc-log.txt
Executing init.ta_poc.sh:
- /data/local/tmp/TA.img not found!
- Copying /sbin/TA.img to /data/local/tmp/TA.img
cp: bad '/sbin/TA.img': Permission denied
- Wiping drm folders (credmgr, drm and mediadrm)
All done!
Executing init.ua_modem_switcher.sh:
- Removing old modem_switcher_status file
- Running /sbin/ua-modem-switcher binary
- ua-modem-switcher finished with status 255
All done!
Code:
cat init.ta_poc-log.txt
Executing init.ta_poc.sh:
- Found /data/local/tmp/TA.img
- Chown-ing /data/local/tmp/TA.img
- Chmod-ing /data/local/tmp/TA.img
All done!
Executing init.ua_modem_switcher.sh:
- Removing old modem_switcher_status file
- Running /sbin/ua-modem-switcher binary
- ua-modem-switcher finished with status 0
All done!After this, in the logcat, a process called `tadif` complains that it cannot connect to `tad`, literally in the first line of my logcat. This error goes away some hundred lines later, when `tad` announces that it is "Accepting connections." So the problem seems to be fixed.
I have no idea why or how the TA.img gets deleted, or why `init.ta_poc.sh` doesn't have permission to copy it (because it does exist inside /sbin/), or why the TA.img is necessary for the modem to work properly.
Any answers or suggestions are of course appreciated, I just felt the need to share this bug I've found, and how I fixed it; It might help somebody in the future, thinking of flashing the system anew.
______________
EDIT (July 9th, 2019): The 'phone' Android process stops every few hours if I'm abusing my phone and using mobile data constantly. This disables mobile data and calls. Pressing "Ok" in the Android force close prompt reboots the process and mobile network functionality goes back to normal within a few seconds.
This could be a major problem, especially if it happens during a call or some such. I haven't debugged it yet, but I'm jotting it down here just in case I ever come back to this. I don't know what exactly, or why it happens, but after using exclusively mobile data for a few hours of continuous screen on time, it happens seemingly sporadically. It happened to me at least twice yesterday.
I also haven't tried draining the battery to 0% again to see if the TA.img disappears again (as one wouldn't normally try and discharge their phone completely). I also hope to update you on this if I'm ever unfortunate enough to run out of battery again (which, by my recent track record, should happen again by the end of the month, haha).
______________
EDIT (July 14th, 2019): My phone just froze after System UI became unresponsive and I was forced to reboot the device. Upon boot, the TA.img was again missing and my mobile data again broken. It's only by luck that I have my TA.img saved on Google Drive and have a laptop with me on vacation.
I've noticed that the TA.img in /sbin does exist, but it seems to be corrupt, as its size shows 0MB (my TA.img clocks in at about 2MB). It might be that fixing the TA.img inside /sbin could be a permanent fix, but as of right now, all I did was I whipped up a zip to flash my TA.img to /data/local/tmp/TA.img in recovery and saved the zip locally on my phone for any future use. Sadly I didn't manage to get any ADB logs of the SystemUI crash to figure out how and why exactly this crash affected the TA.img specifically, but I'm again just jotting ideas down for any future readers (and very likely my future self as well).
So, a total of 7 days without a mobile data crash -- I wonder if this is a coincidence? I'll of course edit this post in the future if I find any new data.
Last edited:
Code:
Rootkernel V5.23
- Unpacking kernel
Found elf boot image
Kernel version: 3.18.66-perf-g6b8cda40c6b9
Found appended DTB
- Detected vendor: somc (Sony), device: kagura, variant: kddi
- Unpacking initramfs
- Detected platform: 64-bit
- Detected Android version: 8.0.0I have waited about five minutes and nothing happened
I know what happen can't use, because i use official root kernel and thanks for this tool to give my sony japan can do use this tool :good:
Last edited:
You can't use this tutor cause for oreo maybe from first page can do. I can help for make this boot for you
Which device version? H43311 or H4331 . I can try but i havent L2 Duo.
---------- Post added at 03:27 PM ---------- Previous post was at 03:19 PM ----------
Hi man can you update twrp version pls?
---------- Post added at 03:46 PM ---------- Previous post was at 03:27 PM ----------
I can help you.
@tobias.waldvogel Hi man can you update twrp version pls?
I need TWPR for L2 H4331. Can you help me? Thanks.
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
284Changelog:
- V5.23 Fix for Android 6 (Freeze on boot logo)
Installation of kcal kernel module for supported kernels. Get the app from https://forum.xda-developers.com/android/software-hacking/dev-kcal-advanced-color-control-t3032080 - V5.22 Bug in the vendor overlay creation. Existing directories (like /vendor/bin) have not been replicated correctly
- V5.21 Fix issue when running on Linux (some CR/LF)
Patch libsepol in bootimg for backwards compatibility with Android 6 - V5.20 Support for superuser as an alternative to SuperSU (https://github.com/phhusson/Superuser)
Fix for the missing internal storage link in TWRP - V5.11 Support for Android 7.0
Fix in the overlay layout which could prevent some libraries from loading and cause battery drain - V5.1 Support for Android 7.0
Updated bootimg to deal with Android 7.0 policies
New tool inside bootimg for adding new contexts to binary file contexts
New system overlay layout due to a more restrictive linker in Android 7 - V5.0 New system overlay method using the /vendor directory. As this directory is also in the library search path even libraries can be easily replaced without modifying the system partition
System-less SuperSU integration improved (Version 2.76 or higher recommended)
System-less xposed integration (using the standard distribution)
Support for 32.A.0.253 - V4.51 Fix for awk script for Linux kernel version detection when running on Linux
- V4.5 Fixed adb and mtp file access in TWRP for 32.2.A.0.224
- V4.42 Added support for Z2 (Sirius) and TWRP fstab fix for leo and aries (thanks to waleedsq81)
- V4.41 Fixed issue with Y/N choice on non-english Windows. Added support for Z3 (leo)
- V4.4 Support for Z3+/Z4, Tablet Z2, Tablet Z3 and Tablet Z4 added (Z4 still has an issue with TWRP, but DRM fix works)
SuperSU integration reworked in order to need less SELinux exceptions and to be more secure
All tasks can now be individually selected. Therefore there is no separate DRM only script required - V4.31 Renabled Z5P (satsuki) and Z5C (suzuran) for TWRP and drmfix
- V4.3 Support for older Lollipop added
Script execution for Linux fixed - V4.24 Fix for for a bug in SuperSU integration in V4.23
- V4.23 Fix for repacking 3rd party kernel (Some permissions were on custom directories were lost)
- V4.22 Bugfix for readta (flash_dk reported unit not)
- V4.21 Fix for the Linux binary of bootimg
- V4.2 Updated TWRP to 3.0.2
- V4.1
Fix for WideWine (if you have your device key) Thanks a lot to goofnorf101 for testing
unpackinitfs and makeinitfs in my bootimg tool now maintain date/time of files correctly
Automatic SuperSU installation - V4.0
Fix for older kernels (Lollipop)
Binary for Linux (The older version had the ARM version packaged)
Device is not stored in the kernel image anymore
TWRP updated to version 3.0.1
FAQ - Please read
- Is is possible to have root with locked bootloader?
Short answer: no
Long answer: The locked bootloader only boots unmodified kernel packages signed by Sony. The stock kernel only mounts unmodified /system partitions (dm-veritiy) -> No modification without unlocking
So any change to the kernel (like this script) or system partition requires unlocked bootloader - What is dm-verity?
A hash checksum on all blocks of a filesystem in order to verify the integrity - What is Sony RIC?
A protection to avoid mounting the root filesystem or system read/write - What happens if I unlock my bootloader
The device key (TA unit 0x1046b) will be wiped, which deactives everything DRM related. In addition a full wipe of your phone will be perfomed.
So extract your TA partition before with this great tool http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597 from zxz0O0
If you already unlocked the bootloader before, then at least the credentials will be restored, which will reactivate stuff like x-reality and camera de-noise - Why do I need to flash my device key?
Without your device only some functions can be reactivated, like x-reality. Other functions like widevine do not work with out your device key. - How do I enter TWRP recovery?
Restart your phone and press the volume key up as soon as the LED switches to yellow - I want to use a custom kernel with the DRM fix
Just say "N" to all other options. Nevertheless be prepared for problems if the custom kernel does not match your Android version. - What should I do if there is an update to this script?
First check if you really need to run this update by checking the changelog. E.g. if it says binary for Linux fixed and you are using Windows then probably you don't care. If you did not change your Android version then all you have to do is to update the kernel package with fastboot flash boot. If you do not use the automatic SuperSU integration then you have to reinstall SuperSU in TWRP.
This tool repacks an existing kernel package (usually the stock kernel) in order to make it rootable and adds TWRP recovery as well. Version 4 has been succesfully tested with LP and MM.
In particular it adresses the following issues:
- DM-Verity: Android is now using dm-verity to verfy the integrity of the system partition. Until you switch it off your phone won't boot after modifying /system
- SONY RIC: RIC is blocking the write access to the system partition
- DRM Keys: After unlocking the bootloader your device key is wiped, which deactivates some functionaliy. E.g. x-reality, denoise in camera aso.
Recompiling the kernel is not required as only the init ramdisk needs to be modified. You can run these scripts either in Windows or Linux.
Thanks to the excellent work of zxz0O0 you can now backup the TA partition before unlocking the bootloader with this tool http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597
If you managed to backup your TA partition before you unlocked the bootloader then this version will fully reactivate your keys as well. (many thanks to addicted1900 for helping me with the testing)
As there has been some confusion I would like to point out one more time that you cannot run any kernel package which is not signed by Sony without unlocking the bootloader. So this works only with unlocked bootloader.
As it seems that it is not clear to everyone I also want to mention that <...> is a placeholder. E.g. <extracted kernel> means that you should replace it with then name of your extracted kernel, which could be kernel.elf
There was a report that having SuperSU in the system partition installed may lead to a bootloop. Therfore you shoud first install the bootimage created by this script and then install SuperSU afterwards, as it will then use the system-less strategy.
In order to use these scripts you need the kernel boot image of your current version. There two different ways to obtain it:
Method1:
If you have a .ftf image then open it with zip application (7Zip, WinZip, Windows Compressed Folder) and extract kernel.sin. Afterwards use Flashtool -> Tools -> SIN Editor to extract the kernel. You should end up with the boot image with extension .elf.
Method2:
Run your favourite recovery and connect viaNow runCode:adb -d shell
Code:find /dev -name boot dd if=<output of the find command before> of=/sdcard/kernel.img
Once you have the kernel image you are ready to use the script.
The newest version support superuser as an alternative to SuperSU. This is available open source and can be verified. In order to integrated you need the current superuser.zip from http://superuser.phh.me/superuser.zip and to be install the app afterwards from Google Play (look for superuser phh) or build it yourself from github.
To integrate the kernel part just place superuser.zip in the rootkernel directory.
You can also still use SuperSU, although it is causing a huge battery draining on my Z5 with Android 7.0 If you place SuperSU in the same directory (SuperSU*.zip, case sensitive) then it will be also installed automatically . It did all the tests with 2.76, but newer versions should work as well. Please be aware that you can not update SuperSU within the application. For a newer SuperSU version you need to rerun the script.
If you want to integrate xposed as well just place the distribution for you device and Android version in the same directory. (e.g. xposed-v86-sdk23-arm64.zip). Only support with Android 6.0 (sdk 23) and higher.
xPosed for Android 7.0+ is still not available.
You are prompted for several choices:Code:rootkernel <extracted kernel> boot.img
- Sony RIC is enabled. Disable?
I prefer not to disable it in order to keep my phone more secure. Unfortunately there are a lot of bad guys in this world and SELinux and RIC still can save us if someone discovers a new kernel exploit.
Sony RIC basically prevents mounting the /system partition for write. You can still modify it in recovery of of course, but if you require write access to /system without entering recovery then you need to disable it. - Install TWRP recovery? Here you should say yes unless you are trying to patch a non-stock kernel, which comes already with a recovery
- Install busybox? For security reasons I prefer not to install. In recovery you have it anyway. This choice is only available if you chose install TWRP
- Found SuperSU-v....zip. Install? Integrates SuperSU. For this option to show up you have to place the SuperSU package into the same directory with the name SuperSU*.zip (case sensitive)
- Found superuser.zip. Install? Integrates superuser. For this option to show up you have to place superuser.zip into the same directory (case sensitive)
- # Make su permissive (Permits any action as su)? This only appears if you install superuser. Permissive means you can anything as root, without it is restricted mainly to file operations (sufficient for e.g. Titanium Backup)
- Found xposed-v....zip. Install? Integrates xposed system-less. For this option to show up you have to place the xposed for your device and Android version into the same directory. (e.g. xposed-v86-sdk23-arm64.zip)
- Install DRM fix? Installs the DRM fix. First it tries to use the device key which you flashed with flash_dk. If it does not exist it uses an alternative method which cannot fix everything (e.g. Widevine will not work, but X-reality, Camera denoise etc. will work)
Now put your phone into fastboot mode (Volume Up + connect USB) and then run:
To test it without actually flashing it:For flashing it:Code:fastboot boot boot.imgCode:fastboot flash boot boot.img
If you managed to backup for TA partition before then you can reactivate your original device key as follows:
Flashing this file with flashtool will write your device key to an alternative unit, from where the drmfix library will pick it up.Code:flash_dk <ta backup image> DK.ftf
This is a one-time task. It will survive a complete reset of the phone or Android system upgrade. The device key has a length of just 16 bytes, so it is correct that the resulting DK.ftf has a size of only aprox. 500 bytes.
If you like my work you can buy me a coffee
Some background information:
There are two main tools involved (for both Android and Windows)
- busybox
Probably everyone knows it
- bootimg
A multicall binary with several tools for unpacking and packing the boot image as well as adapting the SELinux policy. Part of the code is written by me from scratch, some other parts are cherry picked from other projects. I will also provide the source for it. As Windows doesn't have softlinks I modified the tools for unpacking and packing the init ramdisk to write text files with __lnk__ at the end instead.63Rootkernel V5.23 (UNOFFICIAL 2.5) - OREO - Xperia X, X Comp., X Perf., XZ and XZs
Xperia X Performance, XZ and XZs ONLY (Xperia X and Xperia X Compact must skip this):
Android Oreo ramdisk patching needs some additional files, and they must be copied from Oreo /system into the rootkernel's filesystem_files folder, prior to run the script, and they are:
(you can pull these files through adb, or even converting system.sin to system.ext4 and take them out from there - just copy them, and DO NOT touch its contents)Code:/system/vendor/etc/[B][COLOR="Blue"]fstab.qcom[/COLOR][/B] /system/vendor/etc/init/hw/[B][COLOR="blue"]init.qcom.rc[/COLOR][/B] /system/vendor/etc/init/hw/[B][COLOR="blue"]init.target.rc[/COLOR][/B]
Rootkernel's procedure for Oreo kernel ONLY:
1. Download and extract attached Rootkernel V5.23 (UNOFFICIAL 2.5)
2. Download attached flashable zip (DRM-fix_System_Mode.zip) and push it somewhere in your device (internal memory or sdcard)
3. Run rootkernel script with Oreo stock kernel.elf (eg.: rootkernel kernel.elf boot.img)
4. Say yes (Y) to everything - If you want munjeni's TA PoC option, ensure your TA.img (case sensitive) is located at rootkernel's root folder, and say no (N) to DRM fix
5. You're done!
Rootkernel's output should look like this:
Flash patched kernel:
1. Flash Oreo ftf (wiping everything, excluding nothing - except *.ta files - if any)
2. Unplug device and DO NOT turn it on
3. Fastboot newly created boot.img
4. Fastboot TWRP for your device
5. Unplug device and DO NOT turn it on again
6. Enter TWRP recovery and flash: DRM-fix_System_Mode.zip << YOU CAN SKIP THIS STEP IF YOU CHOOSE munjeni's TA PoC OPTION!!
7. You're done!
Root:
- After step 6 above, flash latest Magisk zip (SuperSU seems not to work properly yet)
Known issues:
- Magisk zip installation may fail, and device may also fall in a bootloop
- If you're facing this ^, do whole procedure again, but DO NOT flash Magisk zip, instead, turn device on, install latest Magisk Manager, patch boot.img and flash it (fastboot it)!
As always, TRY IT AT YOUR OWN RISK!
Credits:
@tobias.waldvogel ofc
@sToRm// for additional ramdisk files hint (man, you're insane!)
Enjoy it!41Niugat related only... I don't know maybe you didn't noticed but seinject tool from OP is not working for nougat selinux, if you remove -q parameter yiu will see that
I was very busy the last months, so there were not that many updates.
Now that Android 7 is out I made a new version to supports it as well.
xPosed is currently not included in but you can still flash it from TWRP if you need it.
The script itself is hosted on github now: https://github.com/tobiaswaldvogel/android_rootkernel
If you interested in the source of bootimg have a look at https://github.com/tobiaswaldvogel/and_boot_tools
Cheers,
Tobias36DRM Fix Workaround and Sony RIC disabler for Nougat - System Mode!
Tool still can not fully handle Nougat's kernel, even after my changes. That's why I didn't share it yet!
With that kernel we're able to disable dm-verity ONLY, which leads us to create a fully working DRM fix workaround (system mode):
1. Download attached flashable zip (DRM fix libs are inside it)
2. Run rootkernel tool with Nougat's stock kernel.elf, and choose Y for dm-verity ONLY! << MANDATORY to avoid bootloop
3. When tool asks you for - Install busybox?, do nothing yet, and...Code:- dm-verity is enabled. Disable? (Say yes if you modify /system) [Y/n] [B][COLOR="Blue"]Y[/COLOR][/B]
4. Enter \ramdisk folder and edit init.target.rc@0750 file (with notepad++)
5. Add the blue lines exactly as shown below (between "on early-init" and "on fs" sections):
5.1 - If "on post-fs" section already exists, add :libdrmfix.so at the final of the line underneath it:Code:[B]on early-init[/B] mkdir /firmware 0771 system system mkdir /bt_firmware 0771 system system symlink /data/tombstones /tombstones mkdir /dsp 0771 media media [B][COLOR="Blue"]on post-fs export LD_PRELOAD libdrmfix.so[/COLOR][/B] [B]on fs[/B] wait /dev/block/bootdevice
6. Save the file and exit \ramdisk folderCode:[B]on post-fs[/B] export LD_PRELOAD libNimsWrap.so[B][COLOR="Red"]:libdrmfix.so[/COLOR][/B]
7. Back to the rootkernel's screen and choose N for busybox (boot.img will be created)
8. Open downloaded file with 7Zip and drag'n'drop your newly created boot.img file into its content screen (root)
8.1. rootkernel_Nougat_boot_and_drmfix_flashable.zip contents will be:
9. Close 7ZipCode:META_INF system [B]boot.img[/B]
10. Enter TWRP recovery (fota kernel recovery) and flash the zip
11. Done!
Sony RIC, TWRP recovery (internal), DRM fix (internal) and busybox WILL NOT WORK AND THEY MUST BE SKIPPED by choosing N.
TRY IT OUT AT YOUR OWN RISK
Disabling Sony RIC (do this before performing step 7 above):
1. Enter \ramdisk folder and edit init.sony-platform.rc@0750 file (with notepad++)
2. Insert the blue line and add the red # mark, exactly as shown below (look for "on boot" section):
3. Save the file and exit \ramdisk folderCode:[B]on boot[/B] # Setting to use rndis_qc driver exec u:r:usb_device_mode:s0 -- /system/bin/sh /init.usbmode.platform.sh "set_rndis_qc" # SONY: for Bluesleep chown bluetooth net_bt /proc/bluetooth/sleep/lpm chown bluetooth net_bt /proc/bluetooth/sleep/btwrite chmod 0660 /proc/bluetooth/sleep/lpm chmod 0660 /proc/bluetooth/sleep/btwrite # SONY: Enable Sony RIC mount securityfs securityfs /sys/kernel/security nosuid nodev noexec [B][COLOR="Blue"]write /sys/kernel/security/sony_ric/enable 0[/COLOR][/B] [B][COLOR="Red"]#[/COLOR][/B] chmod 0640 /sys/kernel/security/sony_ric/enable # SONY: Enable wakeup irq module write /sys/devices/platform/wakeup_debug.0/enable 1
4. Done > Proceed now to step 7 above
For development purposes only! You don't need to do that!! - If you wanna dare and play with file_contexts.bin as a plain text file, do this before performing step 7 above:
31Rootkernel V5.23 (UNOFFICIAL 2.4) - OREO - Xperia X, X Comp., X Perf., XZ and XZs
What's new:
- Xperia X and Xperia X Compact compatibility (Oreo)
(X and XC users, please, do read first line of the post, in red)
Output:
>> Enjoy it! <<
(please, do read instructions before proceeding and patching your STOCK kernel, also, do always use the elf format as the input file) - V5.23 Fix for Android 6 (Freeze on boot logo)
New posts
-
Question LOS 20 GSI Cannot connect to 5Ghz Wifi- Latest: gabrl12345678900