[ROOT][Z-Z3] How to root 5.0 Lollipop with rootkitXperia

[osckeitaro]

rootkitXperia_E2303_26.1.A.1.128
https://www.dropbox.com/s/9pys6qgxtc1hixs/rootkitXperia_E2303_26.1.A.1.128.zip?dl=0

I almost edited only install.bat because E2303 kernel image is mostly the same as E2363 one.

--- UPDATE ---

success ROOT !
M4 Aqua E2306 26.1A.1.112 just editing @cubeundcube .128 install.bat file :

@echo --- E2306 26.1.A.1.112 rootkit 2015/10/30 ---
@echo;
@echo waiting for device...
@adb wait-for-device

@for /f %%x in ('adb shell getprop ro.build.product') do @set DEVICENAME=%%x
@if %DEVICENAME% neq E2306 goto notsupport
@for /f %%x in ('adb shell getprop ro.build.id') do @set BUILDID=%%x
@if %BUILDID% neq 26.1.A.1.112 goto notsupport

@adb push files\getroot /data/local/tmp/
@adb push files\su /data/local/tmp/
@adb push files\supolicy /data/local/tmp/
@adb push files\libsupol.so /data/local/tmp/
@adb push files\Superuser.apk /data/local/tmp/
@adb push files\busybox /data/local/tmp/
@adb push files\99SuperSUDaemon /data/local/tmp/
@adb push files\install-recovery.sh /data/local/tmp/
@adb push files\install_tool.sh /data/local/tmp/

@adb shell "chmod 0755 /data/local/tmp/getroot"
@adb shell "chmod 0755 /data/local/tmp/busybox"
@adb shell "chmod 0755 /data/local/tmp/install_tool.sh"

@echo;
@echo getroot start.
@adb shell "/data/local/tmp/getroot /data/local/tmp/install_tool.sh"
@adb shell reboot
@ping localhost -n 10 > nul

@echo;
@echo waiting for device...
@adb wait-for-device
@ping localhost -n 10 > nul
@adb wait-for-device

@echo;
@echo removing temporary files...
@adb shell "rm /data/local/tmp/getroot"
@adb shell "rm /data/local/tmp/su"
@adb shell "rm /data/local/tmp/supolicy"
@adb shell "rm /data/local/tmp/libsupol.so"
@adb shell "rm /data/local/tmp/Superuser.apk"
@adb shell "rm /data/local/tmp/busybox"
@adb shell "rm /data/local/tmp/99SuperSUDaemon"
@adb shell "rm /data/local/tmp/install-recovery.sh"
@adb shell "rm /data/local/tmp/install_tool.sh"

@goto finish

:notsupport
@echo;
@echo Your device is not supported.

:finish
@echo;
@echo --- all finished ---
@pause

waiting for .167 exploit.
thanks!

 

[cubeundcube]

Great!

And about firmware update keeping rooted, I'm building TWRP for BL locked M4 Aqua.

 

[zohaib0001]

@AndroPlus

Please try to make Root method for Z5 family also

 

[Minakawa89]

rootkitXperia is back again!

A Japanese developer, @cubeundcube made it possible to root some Android 5.0 Lollipop firmware directly (not 5.1 and 64bit devices, sadly...).
With new rootkitXperia, you don't need to roll back to KitKat when you lose root on locked bootloader!

Download
Download (only for M4 Aqua Dual E2363 *)
Download (for M4 Aqua E2303 **)

Supported device/version
Z2/Z3 variant
23.2.A.1.62
23.1.A.1.28
17.1.1.B.3.240 or .245 *Japanese model
23.0.B.1.38 *Japanese model
23.0.B.1.59 *Japanese model
23.0.C.0.350 *Japanese model
23.0.H.0.334 *Japanese model

Z1 variant
14.5.A.0.270
14.3.B.0.310 *Japanese model

Z variant
10.6.A.0.454

M4 Aqua Dual E2363 *
26.1.B.1.85

M4 Aqua E2303 **
26.1.A.1.128

* You can see some 5.1 firmwares in "support.txt", but "封鎖" means "blocked/patched", so they are not supported.

How to use rootkitXperia
1. Install adb driver for your device
2. Go to Settings > Developer options and tick USB debugging
3. Go to Settings > Security and tick Unknown sources
4. Connect your phone to your computer
5. Extract rootkitXperia_20150926.zip and run install.bat
6. When you see "— all finished —" in console, rooting is done.

NOTE: rootkitXperia won't install recovery or kill ric,
so you have to install XZDualRecovery.

Donate link for cubeundcube is here.
If you want to thank him, his first post for dev threads is here

how do i Run install.bat ... it won't run

 

[Minakawa89]

Hi, I'm new to rooting, the install.bat file won't run, do I need to modify it or something

 

[juanpirulo]

how do i Run install.bat ... it won't run

You Will have to Stract files from zip first to pc and then run install bat. Cheers

Hi, I'm new to rooting, the install.bat file won't run, do I need to modify it or something

Enviado desde mi D6603 mediante Tapatalk

 

[cubeundcube]

Great!

And about firmware update keeping rooted, I'm building TWRP for BL locked M4 Aqua.

Finally, I've released TWRP for BL locked M4 Aqua.
http://forum.xda-developers.com/m4-aqua/development/bl-locked-twrp-touch-recovery-bl-locked-t3257430

 

[skylinestan]

Bro.. Can you please help out for us on C5 Ultra for root and BL?

Sent from my E5563 using XDA Premium HD app

 

[waffledup]

new to rooting and unsure if it will work for E2306, .167

 

[Alaa | Google Android]

Please support 5.1.1 - 232

 

[sanderbouw]

--- UPDATE ---

success ROOT !
M4 Aqua E2306 26.1A.1.112 just editing @cubeundcube .128 install.bat file :

Anyone tried this trick for .2.167?

----------------
Update:

Tried it, doesn't work.

 

[Saiyajin]

Hey guys, I have a E2363 (M4 Aqua Dual) and Build 26.1.B.2.147 - the script provided in the first post for the dual version is not working. is it safe to edit the batch-file, so it accepts my build number?


Ok - I tried it and it didn't work. I can't unlock the bootloader and rooting is also not possible. I just want to edit the messed up GPS.conf.

 

[Rootk1t]

Hey guys, I have a E2363 (M4 Aqua Dual) and Build 26.1.B.2.147 - the script provided in the first post for the dual version is not working. is it safe to edit the batch-file, so it accepts my build number?

There should be a vulnerability in firmware to obtain root via. If it is patched editing script is useless.

 

[hussein1]

rootkitXperia is back again!

A Japanese developer, @cubeundcube made it possible to root some Android 5.0 Lollipop firmware directly (not 5.1 and 64bit devices, sadly...).
With new rootkitXperia, you don't need to roll back to KitKat when you lose root on locked bootloader!

Download
Download (only for M4 Aqua Dual E2363 *)
Download (for M4 Aqua E2303 **)

Supported device/version
Z2/Z3 variant
23.2.A.1.62
23.1.A.1.28
17.1.1.B.3.240 or .245 *Japanese model
23.0.B.1.38 *Japanese model
23.0.B.1.59 *Japanese model
23.0.C.0.350 *Japanese model
23.0.H.0.334 *Japanese model

Z1 variant
14.5.A.0.270
14.3.B.0.310 *Japanese model

Z variant
10.6.A.0.454

M4 Aqua Dual E2363 *
26.1.B.1.85

M4 Aqua E2303 **
26.1.A.1.128

* You can see some 5.1 firmwares in "support.txt", but "封鎖" means "blocked/patched", so they are not supported.

How to use rootkitXperia
1. Install adb driver for your device
2. Go to Settings > Developer options and tick USB debugging
3. Go to Settings > Security and tick Unknown sources
4. Connect your phone to your computer
5. Extract rootkitXperia_20150926.zip and run install.bat
6. When you see "— all finished —" in console, rooting is done.

NOTE: rootkitXperia won't install recovery or kill ric,
so you have to install XZDualRecovery.

Donate link for cubeundcube is here.
If you want to thank him, his first post for dev threads is here

New Exploit for Xperia Z5 Line & C4 M4 M5 ...
http://perception-point.io/2016/01/...f-a-linux-kernel-vulnerability-cve-2016-0728/

 

[artssa]

Does it mean it works with Xperia C4 Dual also??

 

[langeveld024]

Does it mean it works with Xperia C4 Dual also??

If your dual has the CVE-2016-0728 on some firmware, yes. But still someone has to exploit it to root user.

 

[Shikaiya]

Hi, is it working on Xperia M4 dual with Blocked Bootloader? I mean the method to root the phone
@AndroPlus could u help me?

 

[Rootk1t]

New Exploit for Xperia Z5 Line & C4 M4 M5 ...

If smb compiles it for android, it may work.
But for latest models things a complicated:

From the first models released in 2015 up to now Sony has implemented dm-verity, which means locked bootloader root and recovery will be impossible.

It covers not only latest flagmans Z5/Z5C/Z5P, but also previous flagman Z3+/Z4, "super mid-range" M5 and C5 Ultra.

 

[Shikaiya]

Hi, is it working on Xperia M4 dual with Blocked Bootloader? I mean the method to root the phone
@AndroPlus could u help me?

Someone could help me? Please!

@-;--

 

[raedq]

Didn't work on Sony Xperia Z3C running 5.1.1