Dirty ROOT solution - for unlocked BL

[Zarreck]

I have a E6683 Premium Dual running 32.1.A.1.163 marshmallow 6.0, and I'm a bit unsure where to go. I've read that there might be a difference in kernels between premium and regular but can't really confirm, I've also found prepackaged kernels for 31.1.A.1.163 but they appear to be for a different model.

Anybody able to point me in the right direction? I don't know what's safe to flash onto what and any information would be hugely appreciated!

Edit: Nevermind, I'm in the wrong forum.

 

[ivanmemento]

I have ported the Z5 Compact root method to Z5.

Please note that both recovery.img and kernel img are different from the Z5 Compact thread. Do not use recovery or kernel for Z5 Compact on your regular Z5 phone.

Disclaimer
I am well aware that this is not the nicest method of rooting, but I got the phone a few hours ago and haven't got the time to put together a better way.

Credits
@Tommy-Geenexus for Zombie kernel
@AndroPlus for Z5 recovery and guidance :good:
@Chainfire for SuperSU

Guide

First, you need to unlock you bootloader (I know, I know, now stop weeping :crying::crying::crying

A rooted device does not boot using default kernel, so you need to install an insecure kernel.
I have repacked stock Z5 (32.0.A.4.11) kernel to disable Sony RIC, dm verity, make it insecure, etc.
Flash using:

fastboot flash boot z5_stock_fixed.img

Reboot your phone using:

fastboot reboot

And verify that it works as expected.

Now, reboot your phone to bootloader again (see info how to at the end of post).
Then issue:

fastboot boot recovery.img

This recovery is partly broken, but it works well enough to install root.
Thanks to @AndroPlus for TWRP.

The phone will boot to a black screen, but you can connect to it using ADB.
You need to manually mount the system and userdata partition by issuing:

adb shell mount /dev/block/platform/soc.0/by-name/system /system
adb shell mount /dev/block/platform/soc.0/by-name/userdata /data

If you get this error:
mount: mounting /dev/block/platform/soc.0/by-name/system on /system failed: No such file or directory
You probably just need to wait a while and try again. You usually have to wait ~120 sec for the mount to work. Be patient.

If you got /system and /data to mount, you can now push SuperSU to the phone and install it:

adb push UPDATE-SuperSU-v2.46.zip /data/media/0/
adb shell twrp install /data/media/0/UPDATE-SuperSU-v2.46.zip
adb shell rm /data/media/0/UPDATE-SuperSU-v2.46.zip

If it all works, just reboot and enjoy root:

adb reboot

Files
z5_stock_fixed.img
recovery.img (for Z5)

Extra info
Boot to bootloader by adb command:

adb reboot bootloader

or by turning off the phone, and then hold down VOL UP while plugging in the USB cable.

Hi, to all since i brought this phone, i feel that will be more difficult than my old z1compact, when the root process was complicated, this one is a bit more I was on the dirty root method of z5 up here , and i did not find the link of 5.1 stock rom (i mean was removed) I want to ask if someone can give me a suggestion, because the stock before 6.0 was good and many apps works correctly, at the end with root and 5.1 i think is a good product and something like call recorder will work again (not like now that 6.0 is locking all this kind of features) By the way i understand that Backup of TA partition is not possible if i don't do root and need to unlock bootloader (and this is normal) but the best way to do this kind of "project" what is? --- I found 32.---A---200 firmware on line that is last for 5.1 (really don0t know what is the personalization and i guess there is italian in it) somebody can give me a suggestion if i can use this firmware to get back lollypop and do root ? thanks a lot i hope have write not so bad with my english

 

[CloudOneX]

Is the DRM Patch working on Marshmallow?

 

[r£$%]

[deleted]

 

[slayerz]

Finally I managed to overcome the SE Linux issues and was able to create a version wich does not required any change in the kernel package anymore.
You can just flash it with recovery

Let me know if it works for you, then I will open a new thread for this.

Cheers,
Tobias

Greetings Tobias,

Is there any chance you make an updated flashable zip for Android Nougat? I get a bootloop when using it.

Kernel drm fix is not a solution as it has a some modifications that messes certificates or something that makes my VPN app (VPN Unlimited) fail to launch.
Perhaps you could guide me into modifying the system files myself (editing hex codes?).

Thanks.


Kind regards

 

[Devo7v]

Greetings Tobias,

Is there any chance you make an updated flashable zip for Android Nougat? I get a bootloop when using it.

Kernel drm fix is not a solution as it has a some modifications that messes certificates or something that makes my VPN app (VPN Unlimited) fail to launch.
Perhaps you could guide me into modifying the system files myself (editing hex codes?).

Thanks.


Kind regards

Sounds like your VPN app is performing a SafetyNet check. I would suggest following all the steps in the thread below to pass SafetyNet, this should get your VPN app working again. If you're already on Stock 7.1.1 then you only need to flash the modified kernel, recovery, and Magisk.

https://xdaforums.com/xperia-z5/development/kernel-stock-kernel-safetynet-patch-drm-t3616606

 

[slayerz]

Sounds like your VPN app is performing a SafetyNet check. I would suggest following all the steps in the thread below to pass SafetyNet, this should get your VPN app working again. If you're already on Stock 7.1.1 then you only need to flash the modified kernel, recovery, and Magisk.

https://xdaforums.com/xperia-z5/development/kernel-stock-kernel-safetynet-patch-drm-t3616606

Thanks for the input,

I have no problem running it with modded kernel and being rooted. It's just the DRM fix that messes it up.
Prior to Marshmallow, I have been using the flashable drmrestore.zip, and the VPN app worked fine.

It's actually after finding out and trying magisk/SafetyNet that I resorted to reviving this thread.

Didn't manage to get a SafetyNet pass though, I'm on Z5P.

Sent from my E6833 using Tapatalk

 

[Devo7v]

Thanks for the input,

I have no problem running it with modded kernel and being rooted. It's just the DRM fix that messes it up.
Prior to Marshmallow, I have been using the flashable drmrestore.zip, and the VPN app worked fine.

Though, it's actually after finding out and trying magisk/SafetyNet that I resorted to reviving this thread.

Didn't manage to get a SafetyNet pass though, I'm on Z5P.View attachment 4203648

Sent from my E6833 using Tapatalk

Did you enable Magisk-hide in the settings?

The only way you're going to pass SafetyNet is if you have not modified your system partition. Once you modify that, even Magisk can't help you pass SafetyNet, you'll have to start over and reflash the entire stock ROM.

 

[slayerz]

Did so just after updating to 7.1.1 and MagiskHide was on by default.

But then again, I have system apps frozen in Titanium Backup, which remains as such even when new firnware is flashed.

Just been reading, its possible there were leftovers from SuperSU, trying a 'unSU' to clean stuff.

Will investigate those and report if I get it a pass.

Thanks again.

Sent from my E6833 using Tapatalk

 

[sheri khan]

is there any video tutorial for this and will it work on sony z5 docomo so-01h?