This is a how-to root, install recovery, backup drm keys, etc. from scratch in a single thread since finding all threads can be daunting. That's basically all the things you generally want to do when you root the phone (WITHOUT UNLOCKING THE BOOTLOADER).
TL;DR - overview
If you know what you're doing, you really just need to read this part of the post. If you're unsure, read the step-by-step instead.
If you're running Android 6.0.1 MM with firmware .291 (and probably any other future firmware), want to root without unlocking the bootloader more quickly than the method below refer to this post: http://forum.xda-developers.com/z3-c...75-lb-t3418714 (get all 3 zips, rename the kernel zips to .ftf, flash kernel575.ftf with flashtool - reboot - enable dev mode, run bat script - reboot in recovery and flash supersu.zip - flash kernel291.ftf, reboot, done (for future versions you'll want to only flash the kernel from sony's ftf after rooting)
- Downgrade the firmware, as the root exploit only works with older firmware such as 23.0.A.2.93.
- Run the root exploit to get root
- Backup the DRM keys
- Upgrade the firmware to the latest version, while retaining root access (or by using a pre-rooted images that nice people made)
- In the process, we'll install DualRecovery and SuperSu (having the custom recovery is what allows you to keep root as it let you flash a modified image that has SuperSU on it)
See the FAQ at the bottom in case you need additional help, about mounting /system read-write, fixing the sdcard issues, etc. These are not directly related to the rooting process, but you most likely want to perform these tasks anyway.
Step by step instructions
Read instructions carefully, there's many steps, making this slightly complex.
- Ensure you backed up everything you need (files/apps/pictures/etc) first, these will be lost! - YOUR PHONE WILL BE WIPED.
-- FW DOWNGRADE AND INSTALL WITH FLASHTOOL --
- Downgrade fw to 23.0.A.2.93 (Device D5803) or anything prior to 23.0.1.A.5.77 (december fw)
- Global:https://mega.nz/#F!wdEG3aiD!Ej2S4hcMKGPgnmGudvAegg (look for 23.0.A.2.93) (or see http://forum.xda-developers.com/show...postcount=2030 for more links if this one no longer works)
- Get and install Flashtool at http://www.flashtool.net/index.php
- Move the fw into the C:/Flashtool/firmwares directory
- Open Flashtool, click on the lightning symbol ("flash device"), select "Flashmode" and click on "OK"
- Just select the name of the fw you downloaded and click on "Flash"
- Wait for a window to pop up (it may take a few minutes, be patient)
- Now everything is ready: turn off your phone
- Push the volume DOWN button, connect the USB cable to your PC while still pushing the volume DOWN button
- Once the flashing process has started, release the volume button
- ) Do not disconnect the USB cable, wait until flash completes (flashtool will indicate when you can unplug).
-- ROOTING W/ EXPLOIT --
- Enable USB debugging on the phone (Settings => About phone => Click 7 times on Android Build to unlock developer options)
- Allow mock locations (Settings => Developer Settings)
- Ensure you have adb drivers installed (http://support.sonymobile.com/gb/tools/pc-companion/ don't use it to update
- Download rooting tool (http://forum.xda-developers.com/devd...10766&task=get) or latest from http://forum.xda-developers.com/cros...-4322-t3011598)
- Unzip the rooting tool
- Connect phone to your computer
- Put phone in airplane mode
- Run install.bat from the rooting tool (allow USB debugging when asked on the phone every time, also allow root prompt) and follow instructions from the tool
- You should be rooted now, if you get an error "Device not rooted" trying running the tool once more
-- Backup DRM keys/TA Partition --
- Get backup ta tool from https://github.com/DevShaft/Backup-TA/releases
- Unzip it!
- Ensure phone is still connected (or reconnect it)
- Run Backup-TA.bat
- Read the information and follow the instructions given by the tool.
-- Install latest firwmare with root, DRM keys, recovery --
Alternative 1: pre-made pre-rooted image (for fast internet, slow pc
- Get a pre-rooted image:
- For KitKat - fw 23.0.1.A.5.77 (android 4.4. dec 2014) at http://forum.xda-developers.com/z3-c...2015-t32188206 then skip directly to step 33.
- Or, for Lollipop - fw 23.1.A.0.690 (Android 5.0 March 2015) at http://forum.xda-developers.com/z3-c...-2015-t3218820 then skip directly to step 33.
- Or, for Marshmallow - fw 23.5.A.1.291 (Android 6.0 June 2016) at https://mega.nz/#!0JUA2DzR!5-5Tz1BRr...KCD07xhQzugl4w or http://forum.xda-developers.com/z3-c...-2015-t3218820 then skip directly to step 33.
- Get PRFC from http://forum.xda-developers.com/cros...e-pre-t2859904
- Get latest fw from http://forum.xda-developers.com/z3-c...d5833-t2906706
- Get latest SuperSU zip http://download.chainfire.eu/supersu
- Get DualRecovery zip (the flashable zip, not the installer one) from http://nut.xperia-files.com/ you want Z3C-lockeddualrecoveryX.Y.Z-RELEASE.flashable.zip
- Start PRFC and add the 3 zip (FTF file is the fw, SuperSU and Recovery)
- Click "create" - this will take a while
- Copy resulting "pre-rooted" fw to /sdcard0 on your phone (it means copy flashable.zip from the PRFC directory to the "internal storage" directory of the phone)
- Get Dual Recovery installer this time, from http://nut.xperia-files.com/ you want Z3C-lockeddualrecoveryX.Y.Z-RELEASE.installer.zip notice how thats 'installer' this time, not the same file as in 30!
- Unzip it
- start install.bat and follow instructions (hit 1 (allow adb/root on the phone as needed)
- You should be in recovery automatically now. (if not, reboot and when the LED change colors push volume UP repeatedly)
- Flash the pre-rooted fw (flashable.zip) from the recovery (touch "install zip", select /storage/sdcard1/flashable.zip then confirm install) on the phone, then power off the phone (DO NOT REBOOT)
- To power off, go into the "power options" and hit "power off" (dont do "reboot in flashmode" DO power off)
- Unplug USB (yes this is required, DO IT)
- Open Flashtool and select the non-pre-rooted fw (this is 23.5.A.1.291 for example), but DESELECT system: in "EXCLUDE" make sure you check the checkbox next to "SYSTEM", flash it.
- press volume DOWN and plug USB cable while keeping volume DOWN pressed, when flashing starts, stop pressing the volume button
- After flash is done and when flashtool tells you to, remove USB cable and start the phone
- Congrats and enjoy, you made it to the end! you now have latest + recovery + root and backups of your DRM keys! (and of course all DRM functions enabled)
- Some root apps don't work, because /system can't be remounted rw, what's up with that?
- Sony has a special in kernel protection that disallow remounting /system read-write, even for root. Flash this in recovery (copy it to the sdcard and reboot in recovery with volume UP pressed, then install it): https://github.com/dosomder/SonyRICD.../RICDefeat.zip
- I unlocked my boot loader, or lost my DRM keys some other way AFTER backing up as per above procedure. How to restore?
- plug USB back in
- re-enable usb debugging on the phone (Settings => About phone => Click 7 times on Android Build to unlock developer options)
- Start backup TA again but this time hit restore
- I messed somewhere, phone doesn't boot or work properly, what to do!
- unplug USB
- if phone is on, long press the power button+volume UP until the phone turns off
- go back to step 1 of the how to, follow the how to! Mainly - the howto makes you setup flashtool again, then boot the phone in flash mode with volume key and plugging in the USB cable.
- I forgot to backup DRM keys (backup ta program) but I never unlocked the bootloader, is it bad?
- nope you're fine, just back them up now
- I really lost my DRM keys, can I recover them?
- No you can't. But you can recover the features by using some modified software. Look for "DRM Fix" for example here.
- I don't want to wipe my phone!
- Uncheck "data" before downgrading and then before upgrading in flashtool. You will get some errors when downgrading, which will go away when you revert back to .77 at the end of the process
- This is at your own risk, data still risk being deleted if something goes wrong
- Depending on the apps, etc. you have, there is a chance that some app would not work properly at the end of the process without a full wipe. If that's the case, you might need to go in settings>applications and "delete data" for that app.
- Some apps can't write to the sdcard!
- install/run this https://play.google.com/store/apps/d...pp.sdfix&hl=en
- I don't have SuperSu on marshmallow+ ?!
- It just didnt install properly into /system. That's ok. Just install it from the play store - you do have the su binary installed in /system so this will work
- Does this work on my SO-02G (Xperia Z3C Docomo NTT version) ?
- @pngoc256 tested and yes, it works
- Does this work with lollipop (Android 5.0)?
- Does this work with Marshmallow (Android 6.0)?
- Will this work with Nougat (Android 7.0)?
- Will this always work?! (yes probably)
- If when doing the final reboot its stuck on the loading screen the first time, reboot again a last additional time with power + volume UP.
People who did the hard work/references thanks to them:
@istux (fw list, flashtool how to http://forum.xda-developers.com/z3-c...d5833-t2906706)
@xzx0O0 (root exploit: http://forum.xda-developers.com/cros...-4322-t3011598)
@DevShaft (backup ta http://forum.xda-developers.com/show....php?t=2292598)
@serajr (install .77 fw http://forum.xda-developers.com/show...0&postcount=71)
dosomder (kmod for sony's RIC) https://github.com/dosomder/SonyRICDefeat