A new tool has just been released to backup TA using the Dirty Cow exploit. After that, you should be able to unlock bootloader, flash recovery, flash su and restore TA. Then your device should be rooted with DRM retained.
I don't have a XC so I'm unable to test.
http://forum.xda-developers.com/crossdevice-dev/sony/universal-dirtycow-based-ta-backup-t3514236
itandy said:
A new tool has just been released to backup TA using the Dirty Cow exploit. After that, you should be able to unlock bootloader, flash recovery, flash su and restore TA. Then your device should be rooted with DRM retained.
I don't have a XC so I'm unable to test.
http://forum.xda-developers.com/crossdevice-dev/sony/universal-dirtycow-based-ta-backup-t3514236
Click to expand...
Click to collapse
I tested it on an Xperia X Compact running 34.1.A.1.198 and it seems to work, see my post here
ggow said:
I tested it on an Xperia X Compact running 34.1.A.1.198 and it seems to work, see my post here
Click to expand...
Click to collapse
Thanks!
But according to another post, actually it's impossible to keep root after TA is restored. Do you know if it's true?
itandy said:
Thanks!
But according to another post, actually it's impossible to keep root after TA is restored. Do you know if it's true?
Click to expand...
Click to collapse
That's correct. But it's important to have the TA backup for restoring full functionality.
There might be a way to use the previous DRM patches combined with flashing only the TA unit for the device key in order to have full stock functionality with root. Also would need a custom kernel for the latest stock firmware update.
Sent from my F5321 using Tapatalk
ggow said:
I tested it on an Xperia X Compact running 34.1.A.1.198 and it seems to work, see my post here
Click to expand...
Click to collapse
*Edit*
For those who are unable to navigate modern forums (like me) there is a downloads tab in the post that will have the files you need to backup TA.
JenItols said:
*Edit*
For those who are unable to navigate modern forums (like me) there is a downloads tab in the post that will have the files you need to backup TA.
Click to expand...
Click to collapse
I had the same difficulty finding where to download. lol!
but worked like a charm for me
Add firmware v.34.1.A.1.205 to the list.
http://forum.xda-developers.com/cro...ersal-dirtycow-based-ta-backup-t3514236/page7
(I have no idea why my browser crashes if I point it directly to my post lol)
I just was able to pull a copy of TA from the Customized CE1 (Central Europe) v34.1.A.3.49
When next version (hopefully Nougat) is available I plan to load the known compatible version 34.1.A.1.198 and compare checksums to verify. However, I did get a file with 34.1.A.3.49 which has the November 1st android security updates.
*edit*
After reading it appears that TA changes every boot. However, when the time comes to update software I will revert back to known version with compatibility and then re-pull TA.
ggow said:
That's correct. But it's important to have the TA backup for restoring full functionality.
There might be a way to use the previous DRM patches combined with flashing only the TA unit for the device key in order to have full stock functionality with root. Also would need a custom kernel for the latest stock firmware update.
Sent from my F5321 using Tapatalk
Click to expand...
Click to collapse
Now that we can have a backup image of TA, can we use this tool to repack the kernel and restore DRM functionality?
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
itandy said:
Now that we can have a backup image of TA, can we use this tool to repack the kernel and restore DRM functionality?
http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605
Click to expand...
Click to collapse
- Yes, I think we can. As long as the TA unit address for device key has not changed then it should work.
- After some rest when I have my Wits about me I am going to attempt it
Guys,
could someone please tell me step by step, how to restore TA?
EDIT - know, after restoring TA I have a password option - cant get over it? any ideas?
Ok... done
I can confirm, it works - backup and restoring
So...
This is an outline of how I have managed to get root with devicekey back into the TA partition.
NOTE:
- I am only interested in running rooted stock sony firmware so for me this is OK for the moment.
- I am looking into why FIDO_KEYS come back as unprovisioned, everything else seems fine.
Follow this at your own risk
- Install latest stock firmware via flashtool 34.1.A.3.49
- Backup TA Partition
- Unlock bootloader using Sony website
- Extract kernel.elf from kernel.sin using Flashtool
- Create root kernel using this tool
Code:
[email protected]:~/Desktop/rootkernel_v5.0_Windows_Linux$ ./rootkernel.sh kernel.elf boot.img
- Unpacking kernel
Found elf boot image
Kernel version: 3.10.84-perf-g2cfe3ef
Found appended DTB
- Detected vendor: somc (Sony), device: kugo, variant: row
- Unpacking initramfs
- Detected platform: 64-bit
- Detected Android version: 6.0.1 (sdk 23)
- dm-verity is enabled. Disable? (Say yes if you modify /system) [Y/n] y
Disabling dm-verity
- Sony RIC is enabled. Disable? [Y/n] y
Disabling Sony RIC
- There is no TWRP template for kugo. Install anyway? [y/N] n
- DRM fix is unsuppported/untested for model kugo. Install anyway? [y/N] y
- Install busybox? [Y/n] y
- Creating new initramfs
- Creating boot image
- Cleaning up
Done
- Create devicekey which is flashable via flashtool
Code:
[email protected]:~/Desktop/rootkernel_v5.0_Windows_Linux$ ./flash_dk.sh TA_F5321_QV705K140B_20161208-1905.img devicekey.ftf
- Extracting device key
- Creating FTF file for device F5321
- Cleaning up
Done
- Flash devicekey.ftf via flashtool
- Boot device into fastboot and flash boot.img
- I haven't flashed TWRP instead I booted it by:
Code:
fastboot boot twrp.img
- Flashed SR4-SuperSU-v2.78-SR4-20161115184928.zip
- Reboot device
Fantastic news! This is major. So in theory we should be able to get more rom availability now?
Android pay gets broken, right?
Will root now
tlxxxsracer said:
Fantastic news! This is major. So in theory we should be able to get more rom availability now?
Android pay gets broken, right?
Will root now
Click to expand...
Click to collapse
Should see new ROMs eventually surfacing
You're correct Android pay doesn't work with a rooted device
Dump question. I just downloaded the latest firmware using XperiFirm and created a FTF file using FlashTool. But FlashTool always show the following errors.
09/047/2016 22:47:46 - INFO - Start Flashing
09/047/2016 22:47:46 - INFO - No loader in the bundle. Searching for one
09/047/2016 22:47:54 - INFO - No matching loader found
09/047/2016 22:47:54 - WARN - No loader found or set manually. Skipping loader
09/047/2016 22:47:54 - INFO - Ending flash session
09/047/2016 22:47:54 - ERROR - null
09/047/2016 22:47:54 - ERROR - Error flashing. Aborted
Click to expand...
Click to collapse
itandy said:
Dump question. I just downloaded the latest firmware using XperiFirm and created a FTF file using FlashTool. But FlashTool always show the following errors.
Click to expand...
Click to collapse
When creating your FTF, did you include loader.sin ?
ggow said:
When creating your FTF, did you include loader.sin ?
Click to expand...
Click to collapse
In fact, there's no loader.sin in the download folder. I tried to download several firmwares using XperiFirm and they're the same.
itandy said:
In fact, there's no loader.sin in the download folder. I tried to download several firmwares using XperiFirm and they're the same.
Click to expand...
Click to collapse
I've never tried creating a custom FTF, so I'm not sure. I downloaded the UK version of 34.1.A.3.49 and was able to flash that successfully.
Have you unlocked your bootloader?
Just thinking FTF may be signed by Sony?
Maybe with a locked bootloader you can't flash custom FTF?
ggow said:
I've never tried creating a custom FTF, so I'm not sure. I downloaded the UK version of 34.1.A.3.49 and was able to flash that successfully.
Have you unlocked your bootloader?
Just thinking FTF may be signed by Sony?
Maybe with a locked bootloader you can't flash custom FTF?
Click to expand...
Click to collapse
Do you have the link where you downloaded the UK .49 firmware?
itandy said:
Do you have the link where you downloaded the UK .49 firmware?
Click to expand...
Click to collapse
I downloaded it via XperiFirm
Related
I've D6503 model and I'm new to Sony and Marshmallow (though I'm an advanced user and know much about flashing). I wanted to know that IF I need to backup Marshmallow ROM's system partition DO I need to Backup SYSTEM only in TWRP (3.0.2) or Both SYSTEM and SYSTEM IMAGE.
Thanks in advance.
Plus:
1 - IS it safe to backup/restore SYSTEM IMAGE or not...???
2 - Can I go back to Lollipop or KitKat by only flashing FTF without bricking or backward flashing is not allowed...???
BTW My bootloader is LOCKED.
goldenevil47 said:
I've D6503 model and I'm new to Sony and Marshmallow (though I'm an advanced user and know much about flashing). I wanted to know that IF I need to backup Marshmallow ROM's system partition DO I need to Backup SYSTEM only in TWRP (3.0.2) or Both SYSTEM and SYSTEM IMAGE.
Thanks in advance.
Plus:
1 - IS it safe to backup/restore SYSTEM IMAGE or not...???
2 - Can I go back to Lollipop or KitKat by only flashing FTF without bricking or backward flashing is not allowed...???
BTW My bootloader is LOCKED.
Click to expand...
Click to collapse
If your bootloader is locked and you have twrp then i guess you are very much familiar to sony ?.
Now come to your question , is you need to backup your system to use it again, you can backup system +data or only system from twrp. And 2 - you can go back to any firmware just flash ftf with flashtool. (Remember your ftf dont have simlock.ta and if it have then exclude simlock.ta from flashing.).Also dont disconnect the device while flashing ftf.
pixel0 said:
If your bootloader is locked and you have twrp then i guess you are very much familiar to sony .
Now come to your question , is you need to backup your system to use it again, you can backup system +data or only system from twrp. And 2 - you can go back to any firmware just flash ftf with flashtool. (Remember your ftf dont have simlock.ta and if it have then exclude simlock.ta from flashing.).Also dont disconnect the device while flashing ftf.
Click to expand...
Click to collapse
First of all Thanks buddy and secondly Yup I'm a little familiar to Sony but not much. I know flashing fones like Sony, Huawei, Lenovo, Nokia (X2), Samsung etc so Bootloader and TWRP are basics for me.
Now the point is that when I go to twrp and tap on Backup it shows me SYSTEM and SYSTEM IMAGE along with TA, Data, Boot etc.
My question is: For backing up whole system Partition (to use in future or to revert back from some other ROM) do I have to Backup SYSTEM only or SYSTEM IMAGE as well?
goldenevil47 said:
First of all Thanks buddy and secondly Yup I'm a little familiar to Sony but not much. I know flashing fones like Sony, Huawei, Lenovo, Nokia (X2), Samsung etc so Bootloader and TWRP are basics for me.
Now the point is that when I go to twrp and tap on Backup it shows me SYSTEM and SYSTEM IMAGE along with TA, Data, Boot etc.
My question is: For backing up whole system Partition (to use in future or to revert back from some other ROM) do I have to Backup SYSTEM only or SYSTEM IMAGE as well?
Click to expand...
Click to collapse
Weird, what is twrp version? And what did you use to get the recovery installed?
I don't recall seeing system image ever in twrp, but i usually backup everything except cache drive.
ticktock666 said:
Weird, what is twrp version? And what did you use to get the recovery installed?
I don't recall seeing system image ever in twrp, but i usually backup everything except cache drive.
Click to expand...
Click to collapse
Yup... I really find it weird too coz I've never seen it before.
I'm using TWRP 3.0.2-0 with existenz rom v5.6.5
I rooted the official .291 with the Tool in general section (flashing .575 kernel and rooting then going back to .291 kernel).
Before installing existenz I backed up my Official .291 ROM's system and boot partitions but SYSTEM IMAGE was not there at that time.
Now I'm on existenz and I want to make a backup of system Partition again but I'm confused b/w SYSTEM and SYSTEM IMAGE.
HERE take a look........
Update: I tried to check the contents of backed up System Image (by renaming it to .zip and opening by winrar) but winrar is unable to open it like it does not open android's .img files.
goldenevil47 said:
Yup... I really find it weird too coz I've never seen it before.
I'm using TWRP 3.0.2-0 with existenz rom v5.6.5
I rooted the official .291 with the Tool in general section (flashing .575 kernel and rooting then going back to .291 kernel).
Before installing existenz I backed up my Official .291 ROM's system and boot partitions but SYSTEM IMAGE was not there at that time.
Now I'm on existenz and I want to make a backup of system Partition again but I'm confused b/w SYSTEM and SYSTEM IMAGE.
HERE take a look........
Update: I tried to check the contents of backed up System Image (by renaming it to .zip and opening by winrar) but winrar is unable to open it like it does not open android's .img files.
Click to expand...
Click to collapse
You should reflash recovery.
Download serajr mm recovery v3 and flash it with your current recovery.
Sent from my Sony Xperia Z2 using XDA Labs
pixel0 said:
You should reflash recovery.
Download serajr mm recovery v3 and flash it with your current recovery.
Sent from my Sony Xperia Z2 using XDA Labs
Click to expand...
Click to collapse
Can you please link me to it?
goldenevil47 said:
Can you please link me to it?
Click to expand...
Click to collapse
http://forum.xda-developers.com/attachment.php?attachmentid=3787081&d=1466257973
Sent from my Sony Xperia Z2 using XDA Labs
pixel0 said:
http://forum.xda-developers.com/attachment.php?attachmentid=3787081&d=1466257973
Sent from my Sony Xperia Z2 using XDA Labs
Click to expand...
Click to collapse
Thanks man it worked like charm...
Thread Closed.
Sent from my Sony Xperia Z2 using XDA Labs
Thats it!, when i follow this from the post in this forum:
Note : Restoring TA Partiton Will Re-Lock The Boot-Loader And You Will Loose Root Access.
* Copy your TA partition backup to the TA tool's extracted folder.
* Connect your device with USB Debugging Enabled
* Open up a command prompt to the extracted folder and type in the following:
tarestore.bat {Your TA Backup File}
Example :
tarestore.bat TA-14102016.img
This new restored TA partition should persist across device wipes and Android upgrades.
Click to expand...
Click to collapse
I have those errors:
Are you sure you want to restore:
/system/bin/sh: md5: not found
Then i say "Yes I want" to the restore and it says:
Error: Device not supported.
Ta backup restored
Flash stock firmware now.
But nothing happens and i don't have things like x reality engine.
I have this stock rom: E5803: Customized Vietnam: 32.2.A.0.305_R10C
I tried with kernel stock from this rom and actually with Androplus Kernel, but nothing works. What can i do?.
SebastianAlejandro said:
Thats it!, when i follow this from the post in this forum:
I have those errors:
Are you sure you want to restore:
/system/bin/sh: md5: not found
Then i say "Yes I want" to the restore and it says:
Error: Device not supported.
Ta backup restored
Flash stock firmware now.
But nothing happens and i don't have things like x reality engine.
I have this stock rom: E5803: Customized Vietnam: 32.2.A.0.305_R10C
I tried with kernel stock from this rom and actually with Androplus Kernel, but nothing works. What can i do?.
Click to expand...
Click to collapse
I think you have to get back to the FW when you backed up the TA in the first place, because I think TA backup and restore files are in a directory where it roots your device (temporarly) and I dont recall it working on MM I think you will have to get back to lolipop first then restore I am not a pro I am just assuming here am I right guys?
still try it , wouldnt harm your device
this is the ftf i used
32.0.A.6.200_r4b_australia Generic_1298-7260.ftf
http://forum.xda-developers.com/z5-compact/general/how-to-backup-restore-ta-partition-root-t3479532
theres a download link in step 3
try to flash this ftf and then try to restore the TA and tell me what happens
madshark2009 said:
I think you have to get back to the FW when you backed up the TA in the first place, because I think TA backup and restore files are in a directory where it roots your device (temporarly) and I dont recall it working on MM I think you will have to get back to lolipop first then restore I am not a pro I am just assuming here am I right guys?
still try it , wouldnt harm your device
this is the ftf i used
32.0.A.6.200_r4b_australia Generic_1298-7260.ftf
http://forum.xda-developers.com/z5-compact/general/how-to-backup-restore-ta-partition-root-t3479532
theres a download link in step 3
try to flash this ftf and then try to restore the TA and tell me what happens
Click to expand...
Click to collapse
Thanks dude! I backed to lolipop and restore TA succesfully, and now get back to marshmallow and all is working well. Thanks again for the help. :fingers-crossed:
SebastianAlejandro said:
Thanks dude! I backed to lolipop and restore TA succesfully, and now get back to marshmallow and all is working well. Thanks again for the help. :fingers-crossed:
Click to expand...
Click to collapse
aint no thing brother
happy to keep your device breathing safely
cheers
Help me sovle a simillar case
SebastianAlejandro said:
Thanks dude! I backed to lolipop and restore TA succesfully, and now get back to marshmallow and all is working well.
Click to expand...
Click to collapse
Hi all,
I got similar case.
My phone is E6883. I flashed firmare E6883__32.0.A.6.209__Malaysia_Generic_ 5.1.1.ftf for TA partion backup. After that, I unlocked boot loader and restored TA by iovyroot_v04 tool. Next, flashed 32.3.A.0.376 firmware and rooted phone. The process was ok. However, when I use by iovyroot_v04 tool to restore TA, it do not work and get error below:
Are you sure you want to restore:
/system/bin/sh: md5: not found
Type "Yes I want" if you want to restore this file: Yes I want
Starting restore
Press any key to continue . . .
iovyroot by zxz0O0
poc by idler1984
Error: Device not supported
Click to expand...
Click to collapse
I do not know what is wrong. Please help me to solve it.
Thanks for all
Hi there.
I am trying to restore my TA-Partition with the backup i made earlier with flashtool.
How do i do that?
When I select restore and choose the TA-File it opens a Window where i have to choose the TA Units to flash.
Please help!!! :crying::crying::crying:
Kenji600 said:
Hi there.
I am trying to restore my TA-Partition with the backup i made earlier with flashtool.
How do i do that?
When I select restore and choose the TA-File it opens a Window where i have to choose the TA Units to flash.
Please help!!! :crying::crying::crying:
Click to expand...
Click to collapse
Is there nobody who knows about the s1 backup method of the flashtool?
如果你用backupTA备份过的话应该是可以的,可以恢复回去,如果没有,我也不知道怎么办了。等达人帮你解决吧。
hi , maybe try this method for restore TA . note that u have to get back to marshmallow for our device i think .
https://forum.xda-developers.com/z5-compact/general/how-to-backup-restore-ta-partition-root-t3479532
here is some thing I read on this forum:
CONFIRMATION OF TA RESTORE!
- Ran tool on Xperia X
- Unlocked bootloader
- Flashed TWRP
- Booted to system
- Got nag about being unsafe due to unlocked bootloader and wanted password. I don't have a pasword?? (nevermind)
- Booted back to TWRP (Also wants a password due to encrypted data - ignored!)
- Pushed TAbackup.img (I renamed it) to /data/local/tmp and verified md5sum is same as original backup.
: adb push /TAbackup.img /sdcard
- Did
Code:
adb shell dd if=/sdcard/TAbackup.img of=/dev/block/bootdevice/by-name/TA
- Rebooted
- Everything back as it was. Original TA restored and DRM keys all active[/QUOTE]
ps: I did it success yesterday to test lastest update :3
Hmm... You all are talking about the backup-ta tool. But the .ta file isn't compatible with that tool. It's not a img. It a TA file. When you do the backup with flashtool s1 method
max26292 said:
here is some thing I read on this forum:
CONFIRMATION OF TA RESTORE!
- Ran tool on Xperia X
- Unlocked bootloader
- Flashed TWRP
- Booted to system
- Got nag about being unsafe due to unlocked bootloader and wanted password. I don't have a pasword?? (nevermind)
- Booted back to TWRP (Also wants a password due to encrypted data - ignored!)
- Pushed TAbackup.img (I renamed it) to /data/local/tmp and verified md5sum is same as original backup.
: adb push /TAbackup.img /sdcard
- Did
Code:
adb shell dd if=/sdcard/TAbackup.img of=/dev/block/bootdevice/by-name/TA
- Rebooted
- Everything back as it was. Original TA restored and DRM keys all active
Click to expand...
Click to collapse
ps: I did it success yesterday to test lastest update :3[/QUOTE]
Can you give a more detailed walkthough please, a need a little help with this.
Can you give a more detailed walkthrough please, a need a little help with this.
Click to expand...
Click to collapse
+1 Thanks!
brianx87 said:
Can you give a more detailed walkthough please, a need a little help with this.
Click to expand...
Click to collapse
Look here: https://forum.xda-developers.com/cr...irtycow-based-ta-backup-t3514236/post70903982
Ok so I've unlocked my bootloader successfully but I can't for the life of me get a recovery option working. Trying TWRP tells me it's all good -
C:\adb>fastboot flash recovery TWRP_multirom_scorpion_windy_3.0.2.0_3.10_201611.img
sending 'recovery' (13382 KB)...
OKAY [ 0.424s]
writing 'recovery'...
OKAY [ 0.890s]
finished. total time: 1.319s
Click to expand...
Click to collapse
But when I try to boot into recovery it always just reboots normally. Using the physical buttons does nothing as well. I've tried this on Kitkat and Marshmallow. The XZDualrecovery does nothing for me. I've tried Kingroot a few times and I can't access recovery after flashing TWRP using the app. Is there another recovery method I can try, or a specific .ftf where everything goes smoother?
I'm on Windows 10, I've installed the drivers disabling the signature to get them to install properly. Flashtool works fine for .ftf and .img seems to run fine but still no recovery. Anything would be a big help...
jamchu1988 said:
Anything would be a big help...
Click to expand...
Click to collapse
EDIT: See THIS post.
Ah I see you changed your post. This might be useful, don't entirely understand steps 2 and 3 though, where do you merge kernels? Is this all from the flash program? Might try this when my head feels a bit clearer.
jamchu1988 said:
Yeah I already tried this method but I couldn't get the install.bat to work. I tried installing the SuperSU and the cwm Superuser, and also another superuser app but only the SuperSU asked kingroot for root access and all the other superuser apps were giving errors.
Click to expand...
Click to collapse
What install.bat? If you've unlocked your bootloader my method for root and TWRP is the best I've found so far.
jamchu1988 said:
Edit: Phew tried another cable and it seems to charging properly. Was starting to panic... Thanks for help btw.
Click to expand...
Click to collapse
You have to do something really silly to hard brick. No worries, I flashed my tablet numerous times yesterday trying to get a functional TWRP and now I've finally managed it.
XperienceD said:
What install.bat? If you've unlocked your bootloader my method for root and TWRP is the best I've found so far.
You have to do something really silly to hard brick. No worries, I flashed my tablet numerous times yesterday trying to get a functional TWRP and now I've finally managed it.
Click to expand...
Click to collapse
My bad, I thought this was using the Kingroot and the XZDualRecovery which I think was the one that used the install.bat.
jamchu1988 said:
Ah I see you changed your post. This might be useful, don't entirely understand steps 2 and 3 though, where do you merge kernels?
Click to expand...
Click to collapse
Start with PoC first...
1. Click the DOUBLECLICKME file and you will be asked to select your kernel.sin and TA.img
2. When you get to the next step answer each of the following as follows...
Sony ric - y
...once it's done it will build a new_boot.img.
Click to expand...
Click to collapse
...then copy that img in to the Rootkernel folder along with your SuperSU.zip ...
3. Open a cmd prompt window in the Rootkernel/Kernel Kit folder (alt + right click) then type/copy & paste the following...
rootkernel new_boot.img Z3TC_SU_TWRP.img...(you can change PoC_rk_194.img to whatever name you want btw) and answer each of the following as follows...
Sony RIC - y
TWRP - y
SuperSU - y
DRM fix - n
Busybox - n
Click to expand...
Click to collapse
...then once it's finished it will build a Z3TC_SU_TWRP.img ready to be flashed to your phone giving you rooted stock FW with TWRP, which you enter by pressing the vol+ button when a yellowish light appears.
XperienceD said:
Start with PoC first...
...then copy that img in to the Rootkernel folder along with your SuperSU.zip ...
...then once it's finished it will build a Z3TC_SU_TWRP.img ready to be flashed to your phone giving you rooted stock FW with TWRP, which you enter by pressing the vol+ button when a yellowish light appears.
Click to expand...
Click to collapse
Ok so I've got a fresh install of 291 (MM). I haven't heard of POC but I found it through google. Running the DOUBLECLICKME_MM.bat gives me:
File: TA.img not exist!
Sorry your trim area dump is not a valid!
Error validating your TA.img (TA.img)!
Click to expand...
Click to collapse
Where do I find my KERNEL.sin and TA.img ? I'm guessing I put them in the POC folder? Also the ROOTKERNEL folder? I think I'm missing a download...
jamchu1988 said:
Where do I find my KERNEL.sin and TA.img ? I'm guessing I put them in the POC folder? Also the ROOTKERNEL folder? I think I'm missing a download...
Click to expand...
Click to collapse
You can get your kernel.sin from your ftf, just use a zip program to open it. Did you not backup your TA partition?, you put those two files in the PoC folder only.
XperienceD said:
You can get your kernel.sin from your ftf, just use a zip program to open it. Did you not backup your TA partition?, you put those two files in the PoC folder only.
Click to expand...
Click to collapse
Nah I didn't. Guess I was too eager to start rooting. I should be able to backup my current one though, and use that. The only thing is, the script I've found says it needs root to work? But it's really late (early) here so I'll have a crack tomorrow. If not I might be able to find one on the net? Thanks for all your help so far, pretty optimistic about this method.
jamchu1988 said:
Nah I didn't. Guess I was too eager to start rooting. I should be able to backup my current one though, and use that.
Click to expand...
Click to collapse
No point now, once you've lost your keys there is nothing you can do, so I'd just run your kernel through Rootkernel and that should give you the same result.
XperienceD said:
No point now, once you've lost your keys there is nothing you can do, so I'd just run your kernel through Rootkernel and that should give you the same result.
Click to expand...
Click to collapse
Ah ok, no worries. I still have no idea where I can get the Rootkernel script from. The only place I found mentioning it was here:
https://forum.xda-developers.com/z5-compact/general/summary-tutorial-root-sony-xperia-z5-t3360515
Which is for the z5 and the program was rootkernel_V4.51_Windows_Linux.zip which I can't find a download for. Having trouble searching for this because of the vague rootkernel terms and I'm not 100% sure if this is what I need... I also saw that I might need to extract the .elf file from the kernel.sin?
Is this program included in the TA backup script? Totally lost. So I guess I don't need POC at all without my TA.img? Just need the rootkernel.
double post
jamchu1988 said:
Ah ok, no worries. I still have no idea where I can get the Rootkernel script from. The only place I found mentioning it was here:.
Click to expand...
Click to collapse
Get it from HERE .
XperienceD said:
Get it from HERE .
Click to expand...
Click to collapse
Ok that worked, I made new .img with my kernel.sin and my boot.img. But when I flash it I get:
03/052/2017 22:52:40 - INFO - Device should now start booting with this kernel
03/052/2017 22:52:40 - INFO - Device disconnected
03/053/2017 22:53:16 - INFO - Device disconnected
03/059/2017 22:59:14 - INFO - Device connected with USB debugging on
03/059/2017 22:59:14 - ERROR - root : this bundle is not valid
03/059/2017 22:59:14 - INFO - Connected device : Sony Xperia Z3 Tablet Compact
03/059/2017 22:59:14 - INFO - Installed version of busybox : N/A
03/059/2017 22:59:14 - INFO - Android version : 6.0.1 / kernel version : 3.4.0-perf-gc14c2d5 / Build number : 23.5.A.1.291
03/059/2017 22:59:18 - INFO - Please wait device is rebooting into fastboot mode (via ADB)
03/059/2017 22:59:19 - INFO - Device will soon enter fastboot mode
03/059/2017 22:59:19 - INFO - Device disconnected
03/059/2017 22:59:22 - INFO - Device connected in fastboot mode
03/059/2017 22:59:30 - INFO - Selected kernel (boot.img or kernel.sin): C:\Users\james\Desktop\rootkernel\Z3TC_SU_TWRP.img
03/059/2017 22:59:30 - INFO - HotBooting selected kernel
03/059/2017 22:59:30 - INFO - FASTBOOT Output:
downloading 'boot.img'...
OKAY [ 0.463s]
booting...
OKAY [ 0.055s]
finished. total time: 0.518s
Click to expand...
Click to collapse
The end result is no root, Supersu not installed and no TWRP. I tried with your options for rootkernel, and I also tried [Y] to everything which just gives the binary occupied error in SuperSU. Any idea what I'm doing wrong?
jamchu1988 said:
Ok that worked, I made new .img with my kernel.sin and my boot.img. But when I flash it I get:
The end result is no root, Supersu not installed and no TWRP. I tried with your options for rootkernel, and I also tried [Y] to everything which just gives the binary occupied error in SuperSU. Any idea what I'm doing wrong?
Click to expand...
Click to collapse
Not a clue. Upload your kernel and I'll have a look when I get home.
XperienceD said:
Get it from HERE .
Click to expand...
Click to collapse
Ok, I've got TWRP working! Thanks. I used the cmd option instead of the sony program. Still no root though, SU gives the binary occupied error. But I can always start fresh, or try doing it from TWRP.
EDIT: Finally got root through TWRP. Just want to say thanks again XperienceD! Cheers!
XperienceD said:
Start with PoC first...
...then copy that img in to the Rootkernel folder along with your SuperSU.zip ...
...then once it's finished it will build a Z3TC_SU_TWRP.img ready to be flashed to your phone giving you rooted stock FW with TWRP, which you enter by pressing the vol+ button when a yellowish light appears.
Click to expand...
Click to collapse
Hi,
Sorry just to be clear, because I'm in a similar boat, when you mention PoC, are you talking about https://forum.xda-developers.com/crossdevice-dev/sony/poc-real-trim-instead-drm-fix-t3552893 ? And when you talk about Rootkernal script/folder/etc are you talking about https://forum.xda-developers.com/xp...oot-automatic-repack-stock-kernel-dm-t3301605 ?
Soulfulgrey said:
Hi,
Sorry just to be clear, because I'm in a similar boat, when you mention PoC, are you talking about https://forum.xda-developers.com/crossdevice-dev/sony/poc-real-trim-instead-drm-fix-t3552893 ? And when you talk about Rootkernal script/folder/etc are you talking about https://forum.xda-developers.com/xp...oot-automatic-repack-stock-kernel-dm-t3301605 ?
Click to expand...
Click to collapse
Yeah that's right.
jamchu1988 said:
Ok, I've got TWRP working! Thanks. I used the cmd option instead of the sony program. Still no root though, SU gives the binary occupied error. But I can always start fresh, or try doing it from TWRP.
Click to expand...
Click to collapse
Did you put your SuperSU zip in the Rootkernel folder?
---------- Post added at 05:22 PM ---------- Previous post was at 05:18 PM ----------
Soulfulgrey said:
Hi,
Sorry just to be clear, because I'm in a similar boat, when you mention PoC, are you talking about https://forum.xda-developers.com/crossdevice-dev/sony/poc-real-trim-instead-drm-fix-t3552893 ? And when you talk about Rootkernal script/folder/etc are you talking about https://forum.xda-developers.com/xp...oot-automatic-repack-stock-kernel-dm-t3301605 ?
Click to expand...
Click to collapse
Yes, there is a link in my sig to a guide, if you have your TA backup start at step one, if not start at step 3 and simply rename "new_boot.img" to the name of your kernel.
---------- Post added at 05:57 PM ---------- Previous post was at 05:22 PM ----------
@Soulfulgrey
@jamchu1988
Try this, it includes the DRM fix too. SGP611_291_RK_noTA_SU_TWRP.img
XperienceD said:
Did you put your SuperSU zip in the Rootkernel folder?
Click to expand...
Click to collapse
D'oh! That would be it I reckon. It's all good though after you got me on TWRP I was able to flash SuperSu successfully and I have root now.
Thanks to serajr here - https://forum.xda-developers.com/showpost.php?p=75505302&postcount=2973 Go directly to that post and give thanks.
You need:
Stock O ftf (best to use Flashtool/Xperifirm)
Modded boot img for 34.4.A.2.19 - https://mega.nz/#!AgtQ2Sob!JjLRcUVjuy6FNanjGY49g-YYmkcda04witfHp4hwvmo
Modded boot img for 34.4.A.2.32 - https://mega.nz/#!Z1tzEJbZ!e9ET_RtUpKjXRwnJa_TDsMrVwvT-hPxmk06KtryHOuc
Modded boot img for 34.4.A.2.85 - https://mega.nz/#!p5UwAabR!_ofmr_WdId9RdH48Xb3cZtSIzsQ6qcTJTAFYcKHFWJE
Kernel elf file to use with rootkernel [34.4.A.2.85] - https://mega.nz/#!M102lYTZ!9bj2KE-vbNWlej3Dw0NuiXJcfpgiy16svSHud73bLfw
Modded boot img for 34.4.A.2.107 - https://mega.nz/#!Nls0EQBR!Cc4lVcA85f8YeNTo8nMqsuwLzveW5duSbyeZDlI5kDE
Kernel elf file to use with rootkernel [34.4.A.2.107] - https://mega.nz/#!Zp10CASK!iGLE94Tj1SSk1U2p4KLpVrcGmD68C3YvqKMXD6VPFjI
Modded boot img for 34.4.A.2.118 - https://mega.nz/#!14VkzCCB!GK-KEv0A-ZyhysXc1-IusyJjJEB-D5ZWOLm1DRt31tA
Kernel elf file to use with rootkernel [34.3.A.2.118] - https://mega.nz/#!Ylcm1SwA!GuX9dfd2HAqLXy1jom-C6mgP0s4jYXl9qSySkvb_mtA
TWRP - https://forum.xda-developers.com/x-compact/development/ub-twrp-v3-2-1-xperia-x-compact-t3793837
1. Flash stock ftf from Xperifirm via Flashtool
2. After flash, connect in fastboot (before booting phone) and type in command line 'fastboot flash boot boot.img' (this assumes that your modified boot img is in the current directory,and is named 'boot.img'; otherwise, you need to edit the command accordingl)
3. Then type 'fastboot flash recovery twrp-3.2.1.img' (same note as above)
Done
Now, you can flash Magisk, (or whatever), and have root access.
If you want Drm fix, flash serajr's zip here - https://forum.xda-developers.com/attachment.php?attachmentid=4404527&d=1517335127
If you want to restore your own ta with munjeni tool, you will need to patch boot img yourself with rootkernel tool here - https://forum.xda-developers.com/showpost.php?p=74724162&postcount=2793
How to get stock kernel elf and patch your boot img with rootkernel:
1. Download and build stock ftf from Xperifirm via Flashtool
2. Go to Flashtool > tools > sin editor, and navigate to stock kernel sin file, in the downloaded firmware folder. Click on sin file and choose 'exrract data', and it will create a kernel elf.
3. Follow the guide by serajr. You need only to put the kernel elf into rootkernel folder, then open a command prompt there and run 'rootkernel kernel.elf boot.img'. Answer all questions 'yes', unless you want to skip drm fix and restore your own ta, (if that's the case, you need your target file in that folder renamed to TA.img). After script runs, you will have a new boot img that you can use to follow the guide.
Done...
Magisk, MicroG, and Xposed tested... (update - I haven't tried yet, but I've read that Xposed not working on ...85; update 2 - confirmed, bootloop; update 3 - Xposed fix now available here - https://forum.xda-developers.com/x-compact/themes/xposed-fix-118-t3870673)
I made a patched boot img with rootkernel tool and uploaded it. Link in op. Don't forget to thank serajr...
Can confirm the above method worked for me. I used the TA.img instead of drm fix, and i get root and security test still have widefine and fidokeys enabled.
Just slight reminder for linux user, you need to add execute permission on both `rootkernel` and `bootimg`, otherwise rootkernel tool will fail with permission issue.
levone1 said:
I made a patched boot img with rootkernel tool and uploaded it. Link in op. Don't forget to thank serajr...
Click to expand...
Click to collapse
With which options is your modified boot image prepared?
maluus said:
With which options is your modified boot image prepared?
Click to expand...
Click to collapse
Dm-verity disable - yes
Force encrypt disable - yes
Drm fix - yes
For Drm fix you still have to flash serajr zip. If you want to restore ta with munjeni tool, you will need to patch boot yourself.
Op updated for 3-click root...
SuperSU,Xposed
Hello,
can you please help me with a little problem? I just did everything step by step, but I can't still get root access (after flashing boot.img SuperSU still shows "no root detected"). And one more question. I used that DRM fix zip, but still get "Not provisioned". Am I miss something? (but nevermind, I can use my TA backup, but I'm just curious about that).
Thanks guys.
Arsis said:
Hello,
can you please help me with a little problem? I just did everything step by step, but I can't still get root access (after flashing boot.img SuperSU still shows "no root detected"). And one more question. I used that DRM fix zip, but still get "Not provisioned". Am I miss something? (but nevermind, I can use my TA backup, but I'm just curious about that).
Thanks guys.
Click to expand...
Click to collapse
...
Arsis said:
Hello,
can you please help me with a little problem? I just did everything step by step, but I can't still get root access (after flashing boot.img SuperSU still shows "no root detected"). And one more question. I used that DRM fix zip, but still get "Not provisioned". Am I miss something? (but nevermind, I can use my TA backup, but I'm just curious about that).
Thanks guys.
Click to expand...
Click to collapse
Boot img just enables modification by disabling Sony security stuff, but you still need to flash whatever mod you want. So after flashing boot and recovery img, then flash supersu (or whatever), and you should have root.
I can't say about drm fix, since I've never used it before, but I don't think it will show fido provisioned, etc, because it simply recreates the drm functions through a different method, (not with ta).
I was able :laugh::good: Xposed release link
levone1 said:
Boot img just enables modification by disabling Sony security stuff, but you still need to flash whatever mod you want. So after flashing boot and recovery img, then flash supersu (or whatever), and you should have root.
I can't say about drm fix, since I've never used it before, but I don't think it will show fido provisioned, etc, because it simply recreates the drm functions through a different method, (not with ta).
Click to expand...
Click to collapse
Oh, well. Thank you! It's working now.
Hello,
i flashed on my sony with oreo this boot.img and twrp and im stuck on sony logo. Any ideas what could be wrong? I tried android 34.4.A.0.364 singapure and UK versions and neither of these works with this twrp.
I have the newest platform-tools and flashing went well.
Thanks
Stephenhs said:
Hello,
i flashed on my sony with oreo this boot.img and twrp and im stuck on sony logo. Any ideas what could be wrong? I tried android 34.4.A.0.364 singapure and UK versions and neither of these works with this twrp.
I have the newest platform-tools and flashing went well.
Thanks
Click to expand...
Click to collapse
Can you try running the tool and creating the boot.img yourself? I use the singapore ftf and doesn't have problem booting the system (with the boot img I created myself). I do not put twrp on boot img though. I boot twrp from fastboot when needed
I created boot.img and everything works Thanks a lot!
I dont understang the part that says :
Android Oreo ramdisk patching needs some additional files, and they must be copied from Oreo /system into the rootkernel's filesystem_files folder, prior to run the script, and they are:
Code:
/system/vendor/etc/fstab.qcom
/system/vendor/etc/init/hw/init.qcom.rc
/system/vendor/etc/init/hw/init.target.rc
(you can pull these files through adb, or even converting system.sin to system.ext4 and take them out from there - just copy them, and DO NOT touch its contents)
how to do that!? im noob...
Kianush said:
I dont understang the part that says :
Android Oreo ramdisk patching needs some additional files, and they must be copied from Oreo /system into the rootkernel's filesystem_files folder, prior to run the script, and they are:
Code:
/system/vendor/etc/fstab.qcom
/system/vendor/etc/init/hw/init.qcom.rc
/system/vendor/etc/init/hw/init.target.rc
(you can pull these files through adb, or even converting system.sin to system.ext4 and take them out from there - just copy them, and DO NOT touch its contents)
how to do that!? im noob...
Click to expand...
Click to collapse
Post linked in op has special instructions for us with Xc - skip that part.
https://forum.xda-developers.com/showpost.php?p=74724162&postcount=2793
hello guys, i've created a boot.img whit the tool of rootkernel whit my ta.backup but it does not work. the boot it's ok but if i chek my drm keys they say not provisioned. my ta.backup load 2.097.152 byte like the post shows. can someone help me? thanks
update:
sorry guys, i've done again the kernel patch whit my ta backup and this time goes perfect. i don't know why the first time didn't work but now it's ok!
I tried the 3 click method, without doing any boot image myself, but impossible to decrypt with TWRP (or reboot to system).
Wxfdswxc said:
I tried the 3 click method, without doing any boot image myself, but impossible to decrypt with TWRP (or reboot to system).
Click to expand...
Click to collapse
Twrp - https://forum.xda-developers.com/x-compact/development/twrp-3-2-1-decryption-t3751998
As for rebooting to system, can't say for sure... Root method involves only changing boot img, so shouldn't affect system. Any errors in fastboot, etc?
Original flash should be clean flash official stock ftf from Xperifirm. First boot could be 10 minutes...