[Tutorial][Oreo][2.24] Step-by-step guide to gain root access properly

Search This thread

zlRampageSlz

Senior Member
Jul 14, 2016
65
32
Pennsylvania
Please see note section before doing anything.
Though all the instructions are updated, you may want
to read through all comments.


For Oreo (both models), patch this after flashing custom kernel
View attachment drmfix.zip
in the recovery BEFORE booting into system.

Before start you need to install USB driver (for Windows). If it's not working, try using Androxyde's driver instead.

To flash stock image (not required, just for newer firmware or fingerprint support)
1. Download latest Flashtool. *make sure you patch x10flasher.jar to latest version by replacing it in your installation directory (mine was 0.9.23.2).
2. Download G82XX support for Flashtool from this thread (thanks IcemanSu)
3. Extract the file to "C:\Users\<username>\.flashTool\devices\G82XX".
4. Launch Flashtool, select Devices > Manage > Import. It should say "Loaded 95 devices" (before is 94).

2. Thanks to Androxyde, device list now includes G82XX on github so skip those steps.
3. Click Xperifirm icon (XF rightmost icon below toolbar), find and download firmware.
4. Tools > Bundle > Create. Select your firmware, choose all content then Create . If it says "a fsc script is found..." click Yes. (I tried choosing no and I cannot flash system partition (system.sin finished with errors).
5. Start devices in flash mode (hold vol. down and connect USB until LED blinking green).
6. Click Flash icon (first one) in Flashmode, select all content from bundle you created then Flash. Again, if it ask to use .fsc script, click Yes. It should finish without error.
*Device list from Github hasn't updated yet. So if you flash 41.3 (Oreo), make sure you duplicate 41.2.fsc to 41.3.fsc in C:\Users\%HOMEPATH%\.flashTool\devices\G82XX
7. Done, you can try booting to test if it works.

Starting from locked bootloader
1. Check "OEM unlocking" under developer options.
2. Unlock bootloader - follow instruction from this link. *Select Xperia XZ, it requires same unlock code as XZs. ** Data including internal storage will be wiped like typical Sony unlocking. Make sure you do some backup copy your important files out before proceed.
3. Enter fastboot - press vol. up the moment you connect USB. LED should be blue light.
4.1 Flash kernel with DRM patch *the kernel is specific to firmware version (not customizations) , so it will bootloop if you flash the wrong version.
41.3.A.2.24
41.3.A.0.401
41.2.A.7.76
41.2.A.7.65
41.2.A.7.53
41.2.A.4.35 dual sim
41.2.A.7.8 -.235

4.2 Flash TWRP (XZ still work perfectly) as recovery.
For new people, you can use Minimal ADB and Fastboot. Do "fastboot flash recovery <twrp_name>.img" and "fastboot flash boot <kernel_name>.img".
5. Once you installed recovery, give it a try. Enter recovery by holding power and vol. down when the phone is off (no LED).
6. Root your phone - Transfer SU flashable zip (only systemless for now, either Magisk with sony fix or SuperSU) to anywhere in the phone (MTP in recovery, OTG, external, or just boot up and download)
7. Install zip in recovery. If you can't mount internal and install SU, doing factory reset (format data) will remove encryption and do the trick. Magisk might work with encrypted data*see note below about magisk installation
8. Enjoy!

Note
(September 15 2017) To install Xposed
Don't install it with TWRP. Just install the module in Magisk Manager and you'll be fine.

(August 20, 2017) To disable force data encryption
I think I passed safety net by install magisk inside /data (with patched kernel).
Take a look at my thread. I also wrote how to modify it, so you can just download .img or do it yourself.

(July 31, 2017) To fix the green camera & other rooting problems on any firmware version ie. To use rootkernel tool (thanks tobias.waldvogel) to patch drm/ric fix.
Follow instruction from his thread.

TL;DR
- Download zip in the attactments and extract.
- Extract kernel.sin (using any archive manager eg. 7zip winrar) from your .ftf firmware.
- In Flashtool, use tool -> sin editor and extract your kernel.sin into .elf.
- Move your kernel image.elf in the same directory you just extracted.
- (Windows) Shift + right click -> open command windows here in the extracted directory and run "rootkernel <extracted elf> boot.img" (Linux) Just use terminal, cd to that directory and do the same.
- Select Y for everything except busybox.
- Done! you got patched kernel image.

(July 11, 2017) To make it compatible with magisk 13+
- Use the kernel with both DRM and RIC Protection patches so that it works well with magisk 13.1 and gets working camera.
Make sure you uninstall old version using uninstaller through TWRP or flash fresh kernel, wipe cache, install new one, then install latest magisk manager because it was made only for newer version.


If you have question or something goes wrong, feel free to ask me or other nice guys on XDA!
Thanks for everyone who contributes these contents.
 

Attachments

  • patch.zip
    438.2 KB · Views: 1,057
Last edited:

FartyParty

Senior Member
Jan 18, 2017
629
210
Nicely written tutorial!

The kernel isn't required. You could just unlock bootloader and flash magiskv12sonyfix directly and get root + pass in safetypass but causes the pictures you take to become green images.
The kernel from arjun.arora has DRM-fix embedded which solves the camera problem but then it doesn't pass in safetypass in magisk. Rather a working camera than a pass I guess.

Personally I flashed TWRP-3.0.2-4 because it mounts internal+external while the newest version only mounts external.
 
  • Like
Reactions: zlRampageSlz

FartyParty

Senior Member
Jan 18, 2017
629
210
Before I flashed this kernel, it didn't pass and got green screen too lol.

I tried a bunch of combination but everytime I flashed magisk directly after fresh new fw flash it passed, as soon as I flashed the kernel and then magick it stopped passing.

So for me, if I flashed magisk first it passes but then I get green image so I have to flash kernel and then magisk but then I lose safetypass, oh well :).

Obviously not worth losing camera over safetypass.
 

inteltecra1700

Senior Member
Dec 25, 2010
219
69
Is X-Reality working with arjunarora DRM kernel? and where is the link to that kernel?
Nicely written tutorial!

The kernel isn't required. You could just unlock bootloader and flash magiskv12sonyfix directly and get root + pass in safetypass but causes the pictures you take to become green images.
The kernel from arjun.arora has DRM-fix embedded which solves the camera problem but then it doesn't pass in safetypass in magisk. Rather a working camera than a pass I guess.

Personally I flashed TWRP-3.0.2-4 because it mounts internal+external while the newest version only mounts external.
 

nino_valerino

Member
May 7, 2005
9
0
this morning i unlocked bootloader, flash modified kernel and flash twrp kagura
then my phone wont boot, after sony logo directly enter twrp mode
tried flash stock rom, but failed
can someone tell whats wrong? below the log from flashtool
thanks

02/037/2017 16:37:46 - INFO - <- This level is successfully initialized
02/037/2017 16:37:47 - INFO - Flashtool Version 0.9.23.1 built on 11-01-2017 15:12:00
02/037/2017 16:37:47 - INFO - Executing search strategies to find proxy selector
02/037/2017 16:37:48 - INFO - No proxy found for IE. Trying next one
02/037/2017 16:37:48 - INFO - Strategy firefox failed trying next one : No Firefox installation found
02/037/2017 16:37:48 - INFO - No proxy found for java. Trying next one
02/037/2017 16:37:48 - INFO - Syncing devices from github
02/037/2017 16:37:48 - INFO - Opening devices repository.
02/037/2017 16:37:48 - INFO - Scanning devices folder for changes.
02/038/2017 16:38:04 - INFO - Changes have been found. Doing a hard reset (removing user modifications).
02/038/2017 16:38:04 - INFO - Pulling changes from github.
02/038/2017 16:38:05 - INFO - Quietly closing devices repository.
02/038/2017 16:38:05 - INFO - Devices sync finished.
02/038/2017 16:38:05 - INFO - Loading devices database
02/038/2017 16:38:05 - INFO - Loaded 94 devices
02/038/2017 16:38:05 - INFO - Starting phone detection
02/038/2017 16:38:10 - INFO - Device connected in flash mode
02/038/2017 16:38:29 - INFO - Loading devices database
02/038/2017 16:38:29 - INFO - Loaded 95 devices
02/039/2017 16:39:23 - INFO - Selected Bundle for Sony Xperia XZs(G8232). FW release : 41.2.A.0.235. Customization : Customized SG
02/039/2017 16:39:23 - INFO - Preparing files for flashing
02/041/2017 16:41:11 - INFO - Please connect your device into flashmode.
02/041/2017 16:41:12 - INFO - Opening device for R/W
02/041/2017 16:41:13 - INFO - Reading device information
02/041/2017 16:41:13 - INFO - Phone ready for flashmode operations.
02/041/2017 16:41:13 - INFO - Opening TA partition 2
02/041/2017 16:41:13 - INFO - Current device : G8232 - BH902M7972 - 1307-9001_R4D - 1306-8087_41.2.A.0.219 - GENERIC_41.2.A.0.219
02/041/2017 16:41:13 - INFO - Closing TA partition
02/041/2017 16:41:13 - INFO - Start Flashing
02/041/2017 16:41:13 - INFO - No loader in the bundle. Searching for one
02/041/2017 16:41:13 - INFO - No matching loader found
02/041/2017 16:41:13 - WARN - No loader found or set manually. Skipping loader
02/041/2017 16:41:13 - INFO - Loader : S1_Root_de8d - Version : 1299-4832_S1_Boot_MSM8996_LA2.0_N_115 / Boot version : 1299-4832_S1_Boot_MSM8996_LA2.0_N_115 / Bootloader status : ROOTED
02/041/2017 16:41:13 - INFO - Max packet size set to 4M
02/041/2017 16:41:13 - INFO - USB buffer size set to 512K
02/041/2017 16:41:25 - INFO - Parsing boot delivery
02/041/2017 16:41:25 - INFO - No flash script found.
02/041/2017 16:41:25 - INFO - Flash script is mandatory. Closing session
02/041/2017 16:41:25 - INFO - Ending flash session
02/041/2017 16:41:25 - INFO - Flashing finished.
02/041/2017 16:41:25 - INFO - Please unplug and start your phone
02/041/2017 16:41:25 - INFO - For flashtool, Unknown Sources and Debugging must be checked in phone settings
02/041/2017 16:41:25 - INFO - Device connected in flash mode
 

zlRampageSlz

Senior Member
Jul 14, 2016
65
32
Pennsylvania
02/037/2017 16:37:47 - INFO - Flashtool Version 0.9.23.1 built on 11-01-2017 15:12:00
Did you patch Flashtool to latest version? I didn't try 0.9.23.1 but using 0.9.23.2 did work. Simply replace x10flasher.jar in the directory you installed with new one.
It flashed nothing and there might be a problem reading that bundle.
Hope this helps!
 
Last edited:

nino_valerino

Member
May 7, 2005
9
0
finally done flashing firmware.
but after i flash kernel and twrp, i get 0mb internal

6. Boot into system. *When it ask to require PIN/Pattern at boot, SELECT NO. Otherwise, your device will be encryped and unable to install Magisk because TWRP won't let you mount internal. Download SU flashable zip (either Magisk with sony fix or SuperSU).

i don't have NO to select, only CANCEL and change language
and now im stuck at twrp
 
Last edited:

zlRampageSlz

Senior Member
Jul 14, 2016
65
32
Pennsylvania
Flashing firmware wipes almost everything, including internal. So it's normal to have 0 mb.
You will see this prompt only If you set PIN or Pattern. It should be fine not to set passcode. You can flash magisk right after flashing recovery through MTP or external.
If magisk fail to install just do factory reset. This will remove data encryption.
 
Last edited:

nino_valerino

Member
May 7, 2005
9
0
Flashing firmware wipes almost everything, including internal. So it's normal to have 0 mb.
You will see this prompt only If you set PIN or Pattern. It should be fine not to set passcode. You can flash magisk right after flashing recovery through MTP or external.
If magisk fail to install just do factory reset. This will remove data encryption.

get stuck on sony logo, after flashing recovery and magisk
 

nino_valerino

Member
May 7, 2005
9
0
Try again after factory reset and wait a bit longer.
If not, looks like system is missing. Did you flash system correctly? Try booting into recovery. In mount, check your system partition size and tell me if its 0 mb or not.
Can you also send me flashtool log?

i think my problem is recovery and root.
after flash firmware booting was normal but after flash recovery and root, it wont boot and always back to recovery

this my flashtool log
02/025/2017 21:25:40 - INFO - <- This level is successfully initialized
02/025/2017 21:25:43 - INFO - Flashtool Version 0.9.23.2 built on 19-01-2017 21:50:00
02/025/2017 21:25:43 - INFO - Executing search strategies to find proxy selector
02/025/2017 21:25:43 - INFO - No proxy found for IE. Trying next one
02/025/2017 21:25:43 - INFO - Strategy firefox failed trying next one : No Firefox installation found
02/025/2017 21:25:43 - INFO - No proxy found for java. Trying next one
02/025/2017 21:25:44 - INFO - Syncing devices from github
02/025/2017 21:25:44 - INFO - Opening devices repository.
02/025/2017 21:25:44 - INFO - Scanning devices folder for changes.
02/026/2017 21:26:01 - INFO - Pulling changes from github.
02/026/2017 21:26:02 - INFO - Quietly closing devices repository.
02/026/2017 21:26:02 - INFO - Devices sync finished.
02/026/2017 21:26:02 - INFO - Loading devices database
02/026/2017 21:26:02 - INFO - Loaded 94 devices
02/026/2017 21:26:02 - INFO - Starting phone detection
02/026/2017 21:26:07 - INFO - Device disconnected
02/027/2017 21:27:12 - INFO - Loading devices database
02/027/2017 21:27:12 - INFO - Loaded 95 devices
02/027/2017 21:27:26 - INFO - Selected Bundle for Sony Xperia XZs(G8232). FW release : 41.2.A.0.235. Customization : Customized TH
02/027/2017 21:27:26 - INFO - Preparing files for flashing
02/029/2017 21:29:57 - INFO - Please connect your device into flashmode.
02/030/2017 21:30:21 - INFO - Device connected in flash mode
02/030/2017 21:30:21 - INFO - Opening device for R/W
02/030/2017 21:30:22 - INFO - Reading device information
02/030/2017 21:30:22 - INFO - Phone ready for flashmode operations.
02/030/2017 21:30:22 - INFO - Opening TA partition 2
02/030/2017 21:30:22 - INFO - Current device : G8232 - BH902M7972 - 1307-9001_R4D - 1306-8087_41.2.A.0.219 - GENERIC_41.2.A.0.219
02/030/2017 21:30:22 - INFO - Closing TA partition
02/030/2017 21:30:22 - INFO - Start Flashing
02/030/2017 21:30:22 - INFO - No loader in the bundle. Searching for one
02/030/2017 21:30:22 - INFO - No matching loader found
02/030/2017 21:30:22 - WARN - No loader found or set manually. Skipping loader
02/030/2017 21:30:22 - INFO - Loader : S1_Root_de8d - Version : 1299-4832_S1_Boot_MSM8996_LA2.0_N_115 / Boot version : 1299-4832_S1_Boot_MSM8996_LA2.0_N_115 / Bootloader status : ROOTED
02/030/2017 21:30:22 - INFO - Max packet size set to 4M
02/030/2017 21:30:22 - INFO - USB buffer size set to 512K
02/030/2017 21:30:35 - INFO - Parsing boot delivery
02/030/2017 21:30:59 - INFO - Found a template session. Using it : C:\Users\XPS\.flashTool\devices\G82XX\41.fsc
02/030/2017 21:30:59 - INFO - Set loader configuration : [00 01 00 00 00 0C]
02/030/2017 21:30:59 - INFO - Opening TA partition 2
02/030/2017 21:30:59 - INFO - Writing TA unit 00002774. Value : 01
02/030/2017 21:30:59 - INFO - Closing TA partition
02/031/2017 21:31:00 - INFO - Processing partition.sin
02/031/2017 21:31:00 - INFO - Checking header
02/031/2017 21:31:00 - INFO - Flashing data
02/031/2017 21:31:00 - INFO - Opening TA partition 2
02/031/2017 21:31:00 - INFO - Processing cmnlib_S1_Boot_MSM8996_LA2_0_N_115_AID_4_PLATFORM-TONE-COM-LIVE-HWID009470E1-SWID0C-APPID01-OEM1-AID4-DEBUG00_S1-BOOT-LIVE-DE8D-0004-MMC.sin
02/031/2017 21:31:00 - INFO - Checking header
02/031/2017 21:31:00 - INFO - Flashing data
02/031/2017 21:31:00 - INFO - Processing devcfg_S1_Boot_MSM8996_LA2_0_N_115_AID_4_PLATFORM-TONE-COM-LIVE-HWID009470E1-SWID05-OEM1-AID4-DEBUG00_S1-BOOT-LIVE-DE8D-0004-MMC.sin
02/031/2017 21:31:00 - INFO - Checking header
02/031/2017 21:31:00 - INFO - Flashing data
02/031/2017 21:31:01 - INFO - Processing emmc_appsboot_S1_Boot_MSM8996_LA2_0_N_115_AID_4_PLATFORM-TONE-COM-LIVE-HWID009470E1-SWID09-OEM1-AID4-DEBUG00_S1-BOOT-LIVE-DE8D-0004-MMC.sin
02/031/2017 21:31:01 - INFO - Checking header
02/031/2017 21:31:01 - INFO - Flashing data
02/031/2017 21:31:01 - INFO - Processing hyp_S1_Boot_MSM8996_LA2_0_N_115_AID_4_PLATFORM-TONE-COM-LIVE-HWID009470E1-SWID15-OEM1-AID4-DEBUG00_S1-BOOT-LIVE-DE8D-0004-MMC.sin
02/031/2017 21:31:01 - INFO - Checking header
02/031/2017 21:31:01 - INFO - Flashing data
02/031/2017 21:31:02 - INFO - Closing TA partition
02/031/2017 21:31:02 - INFO - Opening TA partition 2
02/031/2017 21:31:02 - INFO - Writing TA unit 0000084F. Value : 1A CE 33 00 01 00 08 03 00 02 04 02 05 00 02 02 10 00 10 05 00 01 03 02 00 10 05 00 04 83 03 00 10 02 00 04 85 05 00 03 03 03 00 10 05 00 05 83 02 00 10 02 00 05 85 1A 00 02 00 A9 09 BE BA A9 09 00 00 B3 08 BE BA B3 08 00 00 7E 13 BE BA 7E 13 00 00 04 00 03 00 02 00 04 00 04 00 B0 04 0E 00 06 00 B8 0B 01 4B 00 00 00 03 96 00 2C 01 03 00 09 00 01
02/031/2017 21:31:02 - INFO - Writing TA unit 000008FD. Value : 00
02/031/2017 21:31:02 - INFO - Closing TA partition
02/031/2017 21:31:02 - INFO - Opening TA partition 2
02/031/2017 21:31:03 - INFO - Processing keymaster_S1_Boot_MSM8996_LA2_0_N_115_AID_4_PLATFORM-TONE-COM-LIVE-HWID009470E1-SWID0C-APPID01-OEM1-AID4-DEBUG00_S1-BOOT-LIVE-DE8D-0004-MMC.sin
02/031/2017 21:31:03 - INFO - Checking header
02/031/2017 21:31:03 - INFO - Flashing data
02/031/2017 21:31:03 - INFO - Processing pmic_S1_Boot_MSM8996_LA2_0_N_115_AID_4_PLATFORM-TONE-COM-LIVE-HWID009470E1-SWID16-OEM1-AID4-DEBUG00_S1-BOOT-LIVE-DE8D-0004-MMC.sin
02/031/2017 21:31:03 - INFO - Checking header
02/031/2017 21:31:03 - INFO - Flashing data
02/031/2017 21:31:03 - INFO - Processing rpm_S1_Boot_MSM8996_LA2_0_N_115_AID_4_PLATFORM-TONE-COM-LIVE-HWID009470E1-SWID0A-OEM1-AID4-DEBUG00_S1-BOOT-LIVE-DE8D-0004-MMC.sin
02/031/2017 21:31:03 - INFO - Checking header
02/031/2017 21:31:03 - INFO - Flashing data
02/031/2017 21:31:05 - INFO - Processing s1sbl_S1_Boot_MSM8996_LA2_0_N_115_AID_4_S1-BOOT-LIVE-DE8D-0004-ELF_S1-BOOT-LIVE-DE8D-0004-MMC.sin
02/031/2017 21:31:05 - INFO - Checking header
02/031/2017 21:31:05 - INFO - Flashing data
02/031/2017 21:31:06 - INFO - Processing tzs1attest_S1_Boot_MSM8996_LA2_0_N_115_AID_4_PLATFORM-TONE-COM-LIVE-HWID009470E1-SWID0C-APPID01-OEM1-AID4-DEBUG00_S1-BOOT-LIVE-DE8D-0004-MMC.sin
02/031/2017 21:31:06 - INFO - Checking header
02/031/2017 21:31:06 - INFO - Flashing data
02/031/2017 21:31:06 - INFO - Processing tz_S1_Boot_MSM8996_LA2_0_N_115_AID_4_PLATFORM-TONE-COM-LIVE-HWID009470E1-SWID07-OEM1-AID4-DEBUG00_S1-BOOT-LIVE-DE8D-0004-MMC.sin
02/031/2017 21:31:06 - INFO - Checking header
02/031/2017 21:31:06 - INFO - Flashing data
02/031/2017 21:31:07 - INFO - Processing tzs1sbl_S1_Boot_MSM8996_LA2_0_N_115_AID_4_PLATFORM-TONE-COM-LIVE-HWID009470E1-SWID0C-APPID01-OEM1-AID4-DEBUG00_S1-BOOT-LIVE-DE8D-0004-MMC.sin
02/031/2017 21:31:07 - INFO - Checking header
02/031/2017 21:31:07 - INFO - Flashing data
02/031/2017 21:31:07 - INFO - Processing xbl_S1_Boot_MSM8996_LA2_0_N_115_AID_4_PLATFORM-TONE-COM-LIVE-HWID009470E1-SWID00-OEM1-AID4-DEBUG00_S1-BOOT-LIVE-DE8D-0004-MMC.sin
02/031/2017 21:31:07 - INFO - Checking header
02/031/2017 21:31:07 - INFO - Flashing data
02/031/2017 21:31:08 - INFO - Closing TA partition
02/031/2017 21:31:08 - INFO - Opening TA partition 2
02/031/2017 21:31:08 - WARN - apps_log is excluded from bundle
02/031/2017 21:31:08 - WARN - diag is excluded from bundle
02/031/2017 21:31:09 - WARN - ssd is excluded from bundle
02/031/2017 21:31:09 - INFO - Processing adspso.sin
02/031/2017 21:31:09 - INFO - Checking header
02/031/2017 21:31:09 - INFO - Flashing data
02/031/2017 21:31:10 - INFO - Processing cache.sin
02/031/2017 21:31:10 - INFO - Checking header
02/031/2017 21:31:10 - INFO - Flashing data
02/031/2017 21:31:10 - INFO - Processing modem.sin
02/031/2017 21:31:10 - INFO - Checking header
02/031/2017 21:31:10 - INFO - Flashing data
02/031/2017 21:31:13 - WARN - Qnovo is excluded from bundle
02/031/2017 21:31:14 - INFO - Processing amss_fs_1.sin
02/031/2017 21:31:14 - INFO - Checking header
02/031/2017 21:31:14 - INFO - Flashing data
02/031/2017 21:31:14 - INFO - Processing amss_fs_2.sin
02/031/2017 21:31:14 - INFO - Checking header
02/031/2017 21:31:14 - INFO - Flashing data
02/031/2017 21:31:14 - INFO - Processing amss_fsg.sin
02/031/2017 21:31:14 - INFO - Checking header
02/031/2017 21:31:14 - INFO - Flashing data
02/031/2017 21:31:15 - WARN - persist is excluded from bundle
02/031/2017 21:31:15 - INFO - Processing kernel.sin
02/031/2017 21:31:15 - INFO - Checking header
02/031/2017 21:31:15 - INFO - Flashing data
02/031/2017 21:31:17 - INFO - Processing fotakernel.sin
02/031/2017 21:31:17 - INFO - Checking header
02/031/2017 21:31:18 - INFO - Flashing data
02/031/2017 21:31:19 - INFO - Processing ramdump.sin
02/031/2017 21:31:19 - INFO - Checking header
02/031/2017 21:31:19 - INFO - Flashing data
02/031/2017 21:31:29 - INFO - Processing system.sin
02/031/2017 21:31:29 - INFO - Checking header
02/031/2017 21:31:29 - INFO - Flashing data
02/034/2017 21:34:45 - INFO - Closing TA partition
02/034/2017 21:34:45 - INFO - Opening TA partition 2
02/034/2017 21:34:45 - INFO - Processing oem.sin
02/034/2017 21:34:45 - INFO - Checking header
02/034/2017 21:34:45 - INFO - Flashing data
02/034/2017 21:34:47 - WARN - userdata is excluded from bundle
02/034/2017 21:34:47 - INFO - Closing TA partition
02/034/2017 21:34:48 - INFO - Opening TA partition 2
02/034/2017 21:34:48 - WARN - Unit 2212 not found in bundle
02/034/2017 21:34:48 - INFO - Closing TA partition
02/034/2017 21:34:48 - INFO - Opening TA partition 2
02/034/2017 21:34:48 - INFO - Writing TA unit 00000964. Value : 00
02/034/2017 21:34:48 - INFO - Closing TA partition
02/034/2017 21:34:48 - INFO - Opening TA partition 2
02/034/2017 21:34:48 - INFO - Writing TA unit 000009B6. Value :
02/034/2017 21:34:48 - INFO - Closing TA partition
02/034/2017 21:34:49 - INFO - Opening TA partition 2
02/034/2017 21:34:49 - INFO - Writing TA unit 00000907. Value : 00
02/034/2017 21:34:49 - INFO - Closing TA partition
02/034/2017 21:34:50 - INFO - Opening TA partition 2
02/034/2017 21:34:50 - INFO - Writing TA unit 0000091A. Value : 00
02/034/2017 21:34:50 - INFO - Closing TA partition
02/034/2017 21:34:51 - INFO - Opening TA partition 2
02/034/2017 21:34:51 - WARN - Unit 2550 not found in bundle
02/034/2017 21:34:51 - INFO - Closing TA partition
02/034/2017 21:34:51 - INFO - Opening TA partition 2
02/034/2017 21:34:51 - WARN - Unit 2553 not found in bundle
02/034/2017 21:34:51 - INFO - Closing TA partition
02/034/2017 21:34:51 - INFO - Opening TA partition 2
02/034/2017 21:34:51 - INFO - Writing TA unit 000009A9. Value : 00
02/034/2017 21:34:51 - INFO - Closing TA partition
02/034/2017 21:34:52 - INFO - Opening TA partition 2
02/034/2017 21:34:52 - INFO - Processing elabel.sin
02/034/2017 21:34:52 - INFO - Checking header
02/034/2017 21:34:52 - INFO - Flashing data
02/034/2017 21:34:53 - INFO - Closing TA partition
02/034/2017 21:34:53 - INFO - Opening TA partition 2
02/034/2017 21:34:53 - INFO - Writing TA unit 00002725. Value : 32 30 31 37 2D 30 36 2D 30 32 20 32 31 3A 33 34 3A 35 33 00
02/034/2017 21:34:53 - INFO - Writing TA unit 00002774. Value : 00
02/034/2017 21:34:53 - INFO - Closing TA partition
02/034/2017 21:34:54 - INFO - Ending flash session
02/034/2017 21:34:54 - INFO - Flashing finished.
02/034/2017 21:34:54 - INFO - Please unplug and start your phone
02/034/2017 21:34:54 - INFO - For flashtool, Unknown Sources and Debugging must be checked in phone settings
 

zlRampageSlz

Senior Member
Jul 14, 2016
65
32
Pennsylvania
Did you flash TWRP as recovery, not system?
Recovery should be launched when you hold power and vol. down. System is launched when you hold power like normal boot. Sorry, I will be on board very soon. Coming back around 6-7 hours. You can leave any message here.
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 11
    Please see note section before doing anything.
    Though all the instructions are updated, you may want
    to read through all comments.


    For Oreo (both models), patch this after flashing custom kernel
    View attachment drmfix.zip
    in the recovery BEFORE booting into system.

    Before start you need to install USB driver (for Windows). If it's not working, try using Androxyde's driver instead.

    To flash stock image (not required, just for newer firmware or fingerprint support)
    1. Download latest Flashtool. *make sure you patch x10flasher.jar to latest version by replacing it in your installation directory (mine was 0.9.23.2).
    2. Download G82XX support for Flashtool from this thread (thanks IcemanSu)
    3. Extract the file to "C:\Users\<username>\.flashTool\devices\G82XX".
    4. Launch Flashtool, select Devices > Manage > Import. It should say "Loaded 95 devices" (before is 94).

    2. Thanks to Androxyde, device list now includes G82XX on github so skip those steps.
    3. Click Xperifirm icon (XF rightmost icon below toolbar), find and download firmware.
    4. Tools > Bundle > Create. Select your firmware, choose all content then Create . If it says "a fsc script is found..." click Yes. (I tried choosing no and I cannot flash system partition (system.sin finished with errors).
    5. Start devices in flash mode (hold vol. down and connect USB until LED blinking green).
    6. Click Flash icon (first one) in Flashmode, select all content from bundle you created then Flash. Again, if it ask to use .fsc script, click Yes. It should finish without error.
    *Device list from Github hasn't updated yet. So if you flash 41.3 (Oreo), make sure you duplicate 41.2.fsc to 41.3.fsc in C:\Users\%HOMEPATH%\.flashTool\devices\G82XX
    7. Done, you can try booting to test if it works.

    Starting from locked bootloader
    1. Check "OEM unlocking" under developer options.
    2. Unlock bootloader - follow instruction from this link. *Select Xperia XZ, it requires same unlock code as XZs. ** Data including internal storage will be wiped like typical Sony unlocking. Make sure you do some backup copy your important files out before proceed.
    3. Enter fastboot - press vol. up the moment you connect USB. LED should be blue light.
    4.1 Flash kernel with DRM patch *the kernel is specific to firmware version (not customizations) , so it will bootloop if you flash the wrong version.
    41.3.A.2.24
    41.3.A.0.401
    41.2.A.7.76
    41.2.A.7.65
    41.2.A.7.53
    41.2.A.4.35 dual sim
    41.2.A.7.8 -.235

    4.2 Flash TWRP (XZ still work perfectly) as recovery.
    For new people, you can use Minimal ADB and Fastboot. Do "fastboot flash recovery <twrp_name>.img" and "fastboot flash boot <kernel_name>.img".
    5. Once you installed recovery, give it a try. Enter recovery by holding power and vol. down when the phone is off (no LED).
    6. Root your phone - Transfer SU flashable zip (only systemless for now, either Magisk with sony fix or SuperSU) to anywhere in the phone (MTP in recovery, OTG, external, or just boot up and download)
    7. Install zip in recovery. If you can't mount internal and install SU, doing factory reset (format data) will remove encryption and do the trick. Magisk might work with encrypted data*see note below about magisk installation
    8. Enjoy!

    Note
    (September 15 2017) To install Xposed
    Don't install it with TWRP. Just install the module in Magisk Manager and you'll be fine.

    (August 20, 2017) To disable force data encryption
    I think I passed safety net by install magisk inside /data (with patched kernel).
    Take a look at my thread. I also wrote how to modify it, so you can just download .img or do it yourself.

    (July 31, 2017) To fix the green camera & other rooting problems on any firmware version ie. To use rootkernel tool (thanks tobias.waldvogel) to patch drm/ric fix.
    Follow instruction from his thread.

    TL;DR
    - Download zip in the attactments and extract.
    - Extract kernel.sin (using any archive manager eg. 7zip winrar) from your .ftf firmware.
    - In Flashtool, use tool -> sin editor and extract your kernel.sin into .elf.
    - Move your kernel image.elf in the same directory you just extracted.
    - (Windows) Shift + right click -> open command windows here in the extracted directory and run "rootkernel <extracted elf> boot.img" (Linux) Just use terminal, cd to that directory and do the same.
    - Select Y for everything except busybox.
    - Done! you got patched kernel image.

    (July 11, 2017) To make it compatible with magisk 13+
    - Use the kernel with both DRM and RIC Protection patches so that it works well with magisk 13.1 and gets working camera.
    Make sure you uninstall old version using uninstaller through TWRP or flash fresh kernel, wipe cache, install new one, then install latest magisk manager because it was made only for newer version.


    If you have question or something goes wrong, feel free to ask me or other nice guys on XDA!
    Thanks for everyone who contributes these contents.
    1
    Nicely written tutorial!

    The kernel isn't required. You could just unlock bootloader and flash magiskv12sonyfix directly and get root + pass in safetypass but causes the pictures you take to become green images.
    The kernel from arjun.arora has DRM-fix embedded which solves the camera problem but then it doesn't pass in safetypass in magisk. Rather a working camera than a pass I guess.

    Personally I flashed TWRP-3.0.2-4 because it mounts internal+external while the newest version only mounts external.
    1
    If you use latest Flashtool (0.9.23.2) and problem still persist, there is an alternative flasher (XFlasher) for xperia made by munjeni.
    Take a look in his thread here.
    Give it a try and let me know the result!
    1
    I notice that Page 1 steps have been slightly modified but I still don't think it caters for my firmware version?
    What can I do to fix the camera?
    Hi QPR_FC,
    Sorry about your holiday, it was my fault not to write it out clearly.
    The green camera happens when you lose DRM-key. The workaround is to modify kernel to make it works with the camera.
    I wrote the instruction here, it might be a bit complicated.
    I can confirm that you can download 41.2.A.7.35 from XperiaFirm.
    (July 31, 2017) To patch any kernel with drm/ric fix using rootkernel tool made by tobias.waldvogel
    follow instruction from his thread
    TL;DR
    - Download zip in the attactments and extract.
    - Extract kernel.sin from your .ftf firmware.
    - In Flashtool, use tool -> sin editor and extract your kernel.sin into .elf
    - Move your kernel image.elf in the same directory you just extracted.
    - (Windows) Shift + right click -> open command windows here in the extracted directory and run "rootkernel <extracted kernel> boot.img" (Linux) Just use terminal, cd to that directory and do the same.
    - Apple patch by choosing y/n
    - Done! you got patched kernel image.
    After I finish downloading and patching, I'll upload the modified kernel so that you don't have to do all those steps.
    Thanks for your patience, Cheers.

    PS. Please quote me so that I could reply quickly.
    1
    Thank you zlRampageSlz but I left Safetynet failing as I'm a noob and didn't want to risk anything going wrong.
    To prove I'm such a noob....this morning my xzs is offering an OTA software update to 41.2.A.7.53
    Is it ok for me to go ahead?
    What will be the impact? ie lose root
    I don't want to lose root, so if it will, then what options do I have?

    Thank you
    Don't call yourself noob, you just don't know like everyone's first time.

    You cannot install OTA update after unlocking bootloader. You can try, but It will always fail.
    If you need update, just download new firmware in Flashtool, flash them and install kernel & recovery.
    Don't be afraid, you can root anytime by flashing magisk.