EagleRootTool 2016/05/31 (Root any Xperia M2 5.1.1, LBL & UBL)

[linuxct]

EagleRootTool - Xperia M2 Lollipop Root Tool
based on iovyroot & rootkitXperia​

Hi all!
I'm very happy to announce you that, thanks to iovyroot, and with a lot of help from zxz0O0, we managed to get a new root binary working on the Sony Xperia M2, meaning we don't actually need to use Kingroot anymore to root LBL devices under Lollipop (18.6.A.0.182, and probably 18.6.A.0.175 too) :victory:


Requirements:

• Stock kernel, from Sony's stock firmware 18.6.A.0.182, Linux version 3.4.0-gc82e70f based.
• ADB enabled
  Settings -> About phone -> Click 7 times on Android Build to unlock Developer options, and USB Debbuging
• ADB drivers installed (you can pick them from Sony Mobile's website)
• Material Terminal, from Yaroslav Shevchuk, if you want to do the root process right from your device.
  You can get it on Google Play or APKmirror

Usage:

• Download the tool
• Extract the files
• Execute the install.bat with a double click if you're on Windows, or simply do "sh install_mobile.sh" on Material Terminal (remember to use cd /path/to/where/you/placed/it to change to the folder were you extracted the files)
• Wait until the process ends. Your device will reboot automatically

Download: Version 2016/05/31

Please, consider donating (or at least saying thanks!) to the people involved in the project if this tool was useful to you! zxz0O0, Cubeundcube, AleksJ & myself


Special thanks to:
- @zxz0O0 for iovyroot and his help
- @cubeundcube for his rootkitXperia scripts
- @AleksJ for providing copymodulecrc, ric_mod and testing


Enjoy! That kitty is a bad kitty!

XDA:DevDB Information
EagleRootTool (Root any Xperia M2 in 5.1.1, LBL & UBL), Tool/Utility for the Sony Xperia M2

Contributors
linuxct

Version Information
Status: Beta
Current Beta Version: 2016/05/31
Beta Release Date: 2016-05-31

Created 2016-06-02
Last Updated 2016-12-17

 

[linuxct]

Frequently Asked Questions

- Can I use the install_mobile.sh installer on Linux for PC?
No.

- Can I use any other Terminal app?
No. Have a look at the install_mobile.sh file, and you'll realize why.

- Can I use this with an already rooted device (such as kingroot) to change the SU management app?
Not advisable. Format your system first using a FTF & Flashtools.

- Is RIC working / will I have RW access to System after rooting with this?
RIC is killed by default in every boot thanks to a init.d script, called 00stop_ric, so you'll have RW access to system always.

- Will you port this to other Xperia devices?
Yes, if they decide to collaborate and it's kernel's supported (aka vulnerable to CVE-2015-1805). We'd need the full kernel offsets of that particular device, so that we can look for the ones we actually need.

 

[linuxct]

Reserved

 

[aidy.lucas]

Nice work fella, not tried it myself but beats using kingroot that's for sure. Unfortunately I may never get to try it out my M2 is getting replaced in a few weeks.

 

[NieeLz]

can i use for 4.4.4 (LOL) i just ask

 

[aidy.lucas]

can i use for 4.4.4 (LOL) i just ask

There's already a kk one linuxct made its on here somewhere.

 

[AleksJ]

Very useful and helpful, probably not only for M2.
All is fine here.

 

[linuxct]

can i use for 4.4.4 (LOL) i just ask

Just as Adrian said, there's already a tool for that lmao
RootXperia Toolkit 2015/09/26 (Or how to Root 4.4.4 without downgrading)

 

[aidy.lucas]

I think it'll work on the t2u/c3 aswell.

 

[linuxct]

I think it'll work on the t2u/c3 aswell.

As it is right now, it won't. I need the kernel offsets from those devices (T2u, C3, E4 users, I'm looking at you), which can be easily get in an already rooted device through catting /proc/kallsyms to a file using > /path/to/your/sd/kallsyms.txt, for example. (more info on getting the kallsyms here). Also, it'd be neat to have the /proc/version and the firmware version installed on the device.
Please remember, the kernel timestamp must say it was compiled before December 2015 to ensure the vulnerability is still there.
Once we got that, I can just add the offsets we need to the offsets.c database and recompile the iovyroot binary, and there shouldn't be any reason to touch the other scripts since they should work out of the box

 

[NieeLz]

Just as Adrian said, there's already a tool for that lmao
RootXperia Toolkit 2015/09/26 (Or how to Root 4.4.4 without downgrading)

There's already a kk one linuxct made its on here somewhere.

hahahah i mean if i download this i have one tool can root kitkat and lollipop btw thanks for reply

 

[LilBlinx]

why the script doesn't exist in init.d folder after using this?

 

[linuxct]

why the script doesn't exist in init.d folder after using this?

00stop_ric gets created, doesn't it?
Maybe I dropped the ball on something, can I get the full output of the script?
P.S. The init.d is in /system/etc/init.d, maybe you were looking for it somewhere else.

 

[AleksJ]

why the script doesn't exist in init.d folder after using this?

When the tool finishes its execution, 00stop_ric and 99SuperSUDaemon can be found in the /system/etc/init.d directory.

 

[LilBlinx]

00stop_ric gets created, doesn't it?
Maybe I dropped the ball on something, can I get the full output of the script?
P.S. The init.d is in /system/etc/init.d, maybe you were looking for it somewhere else.

When the tool finishes its execution, 00stop_ric and 99SuperSUDaemon can be found in the /system/etc/init.d directory.

Yes, indeed that's the folder. The folder gets created, the wp_mod.ko gets copied but the script stops at execution of stopric.sh script and after trying to remount the system. The script stops at that point and no 00stop_ric.sh script get's created. All files get stuck in data/local/tmp/ folder and nothing is created after that. I will try to run the script from terminal but I'm pretty sure that the program can't write on system at this point i.e. operation is permitted

 

[linuxct]

Yes, indeed that's the folder. The folder gets created, the wp_mod.ko gets copied but the script stops at execution of stopric.sh script and after trying to remount the system. The script stops at that point and no 00stop_ric.sh script get's created. All files get stuck in data/local/tmp/ folder and nothing is created after that. I will try to run the script from terminal but I'm pretty sure that the program can't write on system at this point i.e. operation is permitted

This situation is extremely weird, and uncommon, I would say...
If the ric_mod.ko gets copied, by using dd, then it means the case was chosen correctly, so there's no reason for not creating the 00stop_ric, since it's just about echoing some lines to the file, change the owner, the permission, and that's it, as seen in the pic attached.

May I have your current environment (firmware version, etc)? Was the device previously rooted, and un-rooted to test the tool? Any info is appreciated.

 

[LilBlinx]

This situation is extremely weird, and uncommon, I would say...
If the ric_mod.ko gets copied, by using dd, then it means the case was chosen correctly, so there's no reason for not creating the 00stop_ric, since it's just about echoing some lines to the file, change the owner, the permission, and that's it, as seen in the pic attached.

May I have your current environment (firmware version, etc)? Was the device previously rooted, and un-rooted to test the tool? Any info is appreciated.

Well I've reflashed the phone since it had some display repairs and I've tried this method to disable the ric and get root and all I've got was the root only. The ric wasn't disabled and the script to disable the ric only by alex wasn't working at all since it had conflicts with this tool. The firmware version is 18.6.A.0.182. The old fashioned way by using kingroot then changing it to SuperSU and applying the disable ric script works without a problem. I will try to reconstruct the problem by giving you the outputs from the script as soon as I can

 

[AleksJ]

Yes, indeed that's the folder. The folder gets created, the wp_mod.ko gets copied but the script stops at execution of stopric.sh script and after trying to remount the system. The script stops at that point and no 00stop_ric.sh script get's created. All files get stuck in data/local/tmp/ folder and nothing is created after that. I will try to run the script from terminal but I'm pretty sure that the program can't write on system at this point i.e. operation is permitted

Very strange results.
Tested again on clean installation (1281-1516-18.6.A.0.182).
EagleRootTool_20160531.zip
MD5: 2e59c4963e0e8824cb774726d3743513
File Size: 3947624 bytes

http://pastebin.com/hgRhqfbk

 

[tquin]

Guys can I use this with a PC? And Lollipop version? I have a D2403

 

[linuxct]

Guys can I use this with a PC? And Lollipop version? I have a D2403

Yes, and yes. Answers for both of your questions were already answered (by the context) in the OP.