Hi,
I was wondering, since we have got the marshmallow update, has anyone tried the chainfire's systemless root method. I wanted to try it, but don't want to void the warranty yet. Is it working or there is a fix for it applied by Sony to prevent it.
Thanks
I looked into it but requires flashing boot image specificaly made for the device
So the boot image is not available for z5?
You would need an unlocked bootloader
Flashing b oot image on Sony devices requires unlocked bootloader as our friend mentioned.and there is no one here to make modified image
How about this?
Related
My z3 dual was rooted when I upgrade it with sony pc companion I lost root, and I want to root it again without flash old rom or unlock bootloader ?
When can we root xperia z series lollipop??????????
borhan0089 said:
My z3 dual was rooted when I upgrade it with sony pc companion I lost root, and I want to root it again without flash old rom or unlock bootloader ?
When can we root xperia z series lollipop??????????
Click to expand...
Click to collapse
Probably never, because it's easier to downgrade, root, install recovery and flash a prerooted lollipop rom than to try and find another exploit in lollipop
gregbradley said:
Probably never, because it's easier to downgrade, root, install recovery and flash a prerooted lollipop rom than to try and find another exploit in lollipop
Click to expand...
Click to collapse
Never? I just did root with a custom kernel which included TWRP, and from TWRP I flashed SuperSU update the latest version, and voila.,.rooted and Xposed working.
By the way, I managed to fix the issues, it was not because the Xposed was in alpha stage, because that is the only Xposed for Lollipop, it was because I had an old TWRP.
So now I am rooted and all working good.
So you can root Lollipop without downgrading or flashing a ftf.
P.S. Ofcourse, with an unlocked bootloader.
Even if the downside of unlocking is losing the DRM Keys, well don't worry about it, the camera takes beautiful photos even so.
as you said you have to unlock the bootloader for that, not everyone wants to do that
Yes, as the op used pccompanion they obviously had a locked bootloader, hence my answer based on the fact he had a locked bootloader
Hey guys,
I tried out the Android Concept MM when it first came out and i was a huge fan and insanely satisfied due to it's stock-like android experience, however the only thing keeping me away from using it is lack of root and xposed, however i was wondering can i just make a pre-rooted ftf with the ftf of the concept with recroot 4? like i would with a normal Marshmallow ftf or am i completely wrong?
I would appreciate the help thanks!
Concept ROM uses dm-verify, so it's unrootable on locked bootloader. However I've managed to root it on unlocked bootloader before somehow. I'll try to explain as best as I can:
1. Download and flash concept FTF http://forum.xda-developers.com/z3/...arshmallow-t3229030/post66825447#post66825447 (this is latest one I could find)
2. OTA update to the latest version if you want
3. Download Systemless SuperSU zip and place it on SD card https://download.chainfire.eu/921/SuperSU/UPDATE-SuperSU-v2.65-20151226141550.zip
4. Flash recovery via fastboot (it needs unlocked bootloader) (for recovery I used this one) : http://forum.xda-developers.com/z3/development/z3-twrp-2-8-7-0-d6603-t3273996
5. Don't leave fastboot mode! Navigate with volume keys to "recovery mode" and click power button to enter it.
6. Flash SuperSu you downloaded earlier and then reboot.
7. Done, enjoy your rooted Concept.
Nojus33 said:
Concept ROM uses dm-verify, so it's unrootable on locked bootloader. However I've managed to root it on unlocked bootloader before somehow. I'll try to explain as best as I can:
1. Download and flash concept FTF http://forum.xda-developers.com/z3/...arshmallow-t3229030/post66825447#post66825447 (this is latest one I could find)
2. OTA update to the latest version if you want
3. Download Systemless SuperSU zip and place it on SD card https://download.chainfire.eu/921/SuperSU/UPDATE-SuperSU-v2.65-20151226141550.zip
4. Flash recovery via fastboot (it needs unlocked bootloader) (for recovery I used this one) : http://forum.xda-developers.com/z3/development/z3-twrp-2-8-7-0-d6603-t3273996
5. Don't leave fastboot mode! Navigate with volume keys to "recovery mode" and click power button to enter it.
6. Flash SuperSu you downloaded earlier and then reboot.
7. Done, enjoy your rooted Concept.
Click to expand...
Click to collapse
Thanks but damn that sucks, i don't really wanna' lose DRM keys plus i still have 1 year of warranty left.
Also, (http://forum.xda-developers.com/z3/development/rom-zyxxos-5-1-1-v1-0-pure-stable-fast-t3229169) ZyxxOS requires a unlocked bootloader, however is there anyway i can replace the boot.img with one that's utilized on a locked bootloader ROM or will that not work
Salaminator said:
Thanks but damn that sucks, i don't really wanna' lose DRM keys plus i still have 1 year of warranty left.
Also, (http://forum.xda-developers.com/z3/development/rom-zyxxos-5-1-1-v1-0-pure-stable-fast-t3229169) ZyxxOS requires a unlocked bootloader, however is there anyway i can replace the boot.img with one that's utilized on a locked bootloader ROM or will that not work
Click to expand...
Click to collapse
Well, ZyxxOS has Sony's Concept based kernel. The developer itself at first thought it will work on locked bootloader, but it didn't. You could try to flash original Concept .2099 kernel, but I don't think it will work.
As for DRM, you can easily backup them before unlocking, but it's up to you.
Nojus33 said:
Well, ZyxxOS has Sony's Concept based kernel. The developer itself at first thought it will work on locked bootloader, but it didn't. You could try to flash original Concept .2099 kernel, but I don't think it will work.
As for DRM, you can easily backup them before unlocking, but it's up to you.
Click to expand...
Click to collapse
I'm confused with the effect DRM has but is there anyway to avoid them? Like if i backup do i just restore them after unlocking my bootloader?
Ideally, i wanted to run a AOSP like ROM and i hoped to remove all Sony stuff etc from Concept, However i'm just reluctant to unlocking my bootloader
This is probably the stupidest idea ever, I have close to no knowledge however what happens if i put Stock Sony 6.0.1 Kernel which has already obtained recovery without unlocking bootloader and flash SuperSU via that?
Alternatively, is there anyway to convert Our current Stock 6.0.1 into True Stock Android
Salaminator said:
I'm confused with the effect DRM has but is there anyway to avoid them? Like if i backup do i just restore them after unlocking my bootloader?
Ideally, i wanted to run a AOSP like ROM and i hoped to remove all Sony stuff etc from Concept, However i'm just reluctant to unlocking my bootloader
This is probably the stupidest idea ever, I have close to no knowledge however what happens if i put Stock Sony 6.0.1 Kernel which has already obtained recovery without unlocking bootloader and flash SuperSU via that?
Alternatively, is there anyway to convert Our current Stock 6.0.1 into True Stock Android
Click to expand...
Click to collapse
Maybe, but this is beyond my knowlege. Sorry.
EDIT: Or just use concept haha
Nojus33 said:
Maybe, but this is beyond my knowlege. Sorry.
EDIT: Or just use concept haha
Click to expand...
Click to collapse
Looking into Android 6.0 Complications from this article (http://www.xda-developers.com/a-look-at-marshmallow-root-verity-complications/)
It states the following:
If you want root today, on Android Marshmallow (6.0), you’re going to need to use a modified boot image. While it remains to be seen if this remains true indefinitely, it looks likely to be the case for some time – SELinux changes make it much harder to get root access without modifying the boot image. And as modifying the boot image requires an unlocked bootloader
Click to expand...
Click to collapse
So i'm assuming Z3 Has SELinux thus preventing us from editting the boot image for Marshmallow Concept hence leaving us with the only option to unlock out bootloader?
Lastly: Is there a potential to convert Stock Sony ROM into an AOSP looking/feeling rom?
Hi guys,
Just wondering if anyone has an update on the availability or possibility of root for LB Xperia Z5s on Marshmallow?
Also, can I assume that because root is not available on Marshmallow, then it will be equally unavailable on Nougat?
Just a quick thought for the more technically minded - Would it not be possible to deconstruct a valid stock .ftf file and insert a modified kernel, allowing root, before recompiling it and flashing it? I know the locked bootloader stops us from flashing a custom kernel, but is there no way to spoof an .ftf file into using a modified kernel?
Sorry for the n00bish questions, just wondering aloud.
Cheers!
As far as I know you need to disable some security settings in the kernel to have permanent root access. But a locked bootloader won't let the system boot with this modified kernel.
I don't think there will come a method to have root without unlocking the bootloader in the near future.
Nope. No root without unlocked the BL as far as I am informed.
ianrobbie said:
Hi guys,
Just wondering if anyone has an update on the availability or possibility of root for LB Xperia Z5s on Marshmallow?
Also, can I assume that because root is not available on Marshmallow, then it will be equally unavailable on Nougat?
Just a quick thought for the more technically minded - Would it not be possible to deconstruct a valid stock .ftf file and insert a modified kernel, allowing root, before recompiling it and flashing it? I know the locked bootloader stops us from flashing a custom kernel, but is there no way to spoof an .ftf file into using a modified kernel?
Sorry for the n00bish questions, just wondering aloud.
Cheers!
Click to expand...
Click to collapse
Short answer: not possible without unlocking the bootloader.
Long answer:
There are two possible methods for acquiring permanent root on Marshmallow on the Z5:
Conventional root - you provide root by modifying certain /system files on the phone. The problem with this is that you are modifying the system partition on the phone. The stock kernels on the Z5 (and most other phones) have something called dm-verity which basically checks everything on the system partition against what it expects to be there. If the kernel notices that something in the system partition has changed, the phone will fail to boot. You can install a modified kernel that has dm-verity disabled, but then you run into the issue described with systemless root.
Systemless root - you modify the kernel to allow for root either with Systemless SuperSU or through Magisk. This allows for you to have an unmodified system partition and pass any potential system checks, however you have to modify and flash a new kernel. Herein lies the problem with a locked bootloader. A locked bootloader checks the file signature for the file you're trying to flash. These files are typically signed by the phone manufacturer or carrier, so when the bootloader checks the file signature and it matches what it expects, then it allows the flash, if the signature doesn't match, then it aborts the flash. If you modify a stock kernel to disable dm-verity or try to flash a custom kernel, you will be prevented doing so because your signature won't match what the bootloader expects. By unlocking the bootloader you are essentially disabling that signature check process.
So basically permanent root on Marshmallow isn't possible unless somebody can exploit a vulnerability in the boot chain.
As for modifying a stock ftf package. You again run into issues with the bootloader signature checks. The ftf files is basically a special zip container that contains a bunch of files. Most of these files if not all of them are signed by either the manufacturer or carrier so you are able to flash it because all of these files pass the bootloader signature checks. Once you modify one of those files within the ftf, you destroy the signature and flashing of the ftf file will abort.
In summary, you need to unlock the bootloader so that you can flash a modified kernel that has dm-verity disabled.
Thanks very much for all the replies. Looks like I'm stuck with stock for the time being.
Ever since TA backup and bypassing the TA checks was possible since MM or whatever, unlocking the bootloader is not a big deal. Very easy to backup, unlock, root, re-lock, restore.
xasbo said:
Ever since TA backup and bypassing the TA checks was possible since MM or whatever, unlocking the bootloader is not a big deal. Very easy to backup, unlock, root, re-lock, restore.
Click to expand...
Click to collapse
Yeah, but unfortunately I'm not allowed to unlock my bootloader.
ianrobbie said:
Yeah, but unfortunately I'm not allowed to unlock my bootloader.
Click to expand...
Click to collapse
Ahhh, sure, forgot that some carriers lock these phones. I had that same problem on my Z1, but fortunately they found a LB root exploit.
How long have you had your phone? If the upcoming Nokia offering looks good, I'll sell you my mint condition UB Z5
Hi,
I have seen that the Samsung Galaxy edge 7 with a Qualcomm Snapdragon 820 cpu, running Nougat & has a permanently locked bootloader has been rooted. As seen here:
https://forum.xda-developers.com/tm...eres-how-rooted-nougat-s7-edge-g935t-t3567502
My question is, could that same method be applied to the Xperia XZ, just using Flashtool instead of Odin & obviously using XZ drivers instead of samsung?
GoodguyUK said:
Hi,
Could that same method be applied to the Xperia XZ, just using Flashtool instead of Odin?
Click to expand...
Click to collapse
Short: No
I have not found the boot.tar he mentions ...
Odin is a different beast than Flashtool.
Interesting for me is that the contents of the magical boot.tar flashed via Odin totally enable mounting, modifying system etc.
To make root.bat work adb must run as root on the device!
Not easy but can be achieved. I did this with a modified kernel in 2015 when rooting the first DM-Verity protected device from SONY. Find a link for that (long read) in my [GUIDE]. I guess here are similar things at work, maybe with the patched libs in the Nougat_S7_Root_2_82_All_Carriers_V1.zip
But to use this you have to be root in adb to get the libs to the proper places in /system.
For SONY devices DM-Verity and SONY-RIC are in the stock kernels. Modifying anything on the kernel or system partitions will result in a bootloop.
This can not be defeated unless you have SONY's private key to sign your ROM.
In order to modify (e.g. rooting) /system you need a kernel with DM-Verity and SONY-RIC off and an unlocked bootloader to boot this kernel.
I can imagine a way using the exploit that enables us to backup the TA to copy a modified/patched kernel onto the kernel partition.
Will it be possible for the locked bootloader to boot this kernel? I do not know.
BTW I wonder that Flashfire is included. AFAIK this is payware from @Chainfire
On SONY devices I would not bother.
On devices where there is Marshmallow available you can backup your TA and afterwards unlock the bootloader to do what you intend: rooting or flashing custom ROMs or ....
When you sell the device you just restore the TA and flash a stock ROM -> everything SONY blessed and locked again.
Hello all xda members,
I am not new in rooting. I was rooting my phone since 2014. When KitKat and lollipop introduced. After I purchased the new redmi 8A dual, it's impossible to root with kingoroot and with others. So, I googled how to root Android 10 miui11. I found there is an app called magisk. So I installed it. Now, I searched more, I found that I have to unlock my bootloader in order to install custom recovery. I really don't wanna unlock my bootloader and custom recovery. I just wanna root for temporarily because I need to convert some application to sys apps.
Now,
I found that people doing another magisk way to root and is called 'patching boot image', . I patched my boot image and download the platform tool. Now, I am completely puzzled because I don't know what to do next! Some are saying I have unlock bootloader and some are rooting without unlocking bootloader.
If by patching boot image root is possible without bootloader then could you please write the steps! I am completely noob in magisk line.
Or,
Is there any way to root MIUI11 without unlocking bootloader? I really don't wanna loss my data.
Thanks for reading!
Riuzaki1230 said:
Hello all xda members,
I am not new in rooting. I was rooting my phone since 2014. When KitKat and lollipop introduced. After I purchased the new redmi 8A dual, it's impossible to root with kingoroot and with others. So, I googled how to root Android 10 miui11. I found there is an app called magisk. So I installed it. Now, I searched more, I found that I have to unlock my bootloader in order to install custom recovery. I really don't wanna unlock my bootloader and custom recovery. I just wanna root for temporarily because I need to convert some application to sys apps.
Now,
I found that people doing another magisk way to root and is called 'patching boot image', . I patched my boot image and download the platform tool. Now, I am completely puzzled because I don't know what to do next! Some are saying I have unlock bootloader and some are rooting without unlocking bootloader.
If by patching boot image root is possible without bootloader then could you please write the steps! I am completely noob in magisk line.
Or,
Is there any way to root MIUI11 without unlocking bootloader? I really don't wanna loss my data.
Thanks for reading!
Click to expand...
Click to collapse
Your only chance of rooting without unlocking bootloader is to find a universal rooting app or PC program that has an exploit that works on your device. But, I doubt that there is an app or PC program that can root your device, those stopped working on devices with android versions newer than Marshmallow.
Sent from my SM-S767VL using Tapatalk