Hello there,
I hope someone can help me. I got a Sony Xperia XZ today and I wanted to have it rooted of course. That I got to work pretty easily, but I now have the problem that in the Service Info almost everything is "Unknown". Also in the Developer options "OEM unlocking" is disabled (which I find weird) and when I want to enable it it jumps back to disabled. Not sure any of it will cause problems, but that's also why I posted this Thread.
Here's what I've done:
Downgraded from Oreo / 41.3.A.2.99 to Marshmallow 6.0.1 with Flashtool
Created a TA-Backup using Guide: TA Backup v2 | Universal (Dirtycow-based)
Downloaded and flashed to Oreo / 41.3.A.2.107 through Flashtool
Pulled fstab.qcom, init.qcom.rc and init.target.rc
Unlocked Bootloader through Flashtool
Created Kernel.elf from the downloaded Oreo Firmware through Flashtool Sin Editor
Created boot.img as it's decribed in [GUIDE][Oreo 8.0] Stock Kernel + ROOT + TWRP + DRM Fix | 41.3.A.2.99 with my TA.img
and flashed everything as described in the [Guide] above and in Rootkernel V5.23 (UNOFFICIAL 2.5) - OREO - Xperia X, X Comp., X Perf., XZ and XZs and with help of Install TWRP and Root Xperia XZ on Android 8.0 Oreo [DRM Fix] | ThemeFoxx:
Reflashed Oreo 41.3.A.2.107 through Flashtool with checked everything in "Sin"
Flashed my created boot.img through "fastboot flash boot boot.img"
Flashed TWRP through "fastboot flash recovery twrp-3.2.1-0-kagura.img"
Wiped data and formated userdata through TWRP, because TWRP was asking for decryption code
Skipped "Step 6" / flashing DRM-fix_System_Mode.zip through TWRP, because I used munjeni's TA PoC option (But tried it the 2nd time with the DRM-fix too)
Flashed Magisk Magisk-v14.5(1456) through TWRP (Edit: Also tried with v16.1 now)
Installed TWRP app as System App and rebooted normally
Now phone is rooted as I want it, but in *#*#7378423#*#* almost everything in Sercive Info is now "Unknown". When I click the menu "SIM Lock" the Service Menu App crashes, though I don't have inserted a SIM Card yet (but it worked before at the very beginning before I downgraded to Marshmallow)
I've done all this 3 times already, always the same result.
I've searched through this forum and googled for a solution, but I didn't find anything that matches my case/problem.
Screenshots added.
I flashed a Telecom branded 41.3.A.2.99 now with all the files in the Google Drive link from [GUIDE][Oreo 8.0] Stock Kernel + ROOT + TWRP + DRM Fix | 41.3.A.2.99 and now everything looks fine in the Service Menu.
I compared the files. fstab.qcom, init.qcom.rc and init.target.rc are binary indentical as well as kernel.elf. And when I creating the kernel with the files from the Google Drive link (and with DRM-fix instead of my TA.img) it creates a boot.img that is binary different to the one from the Google Drive link.
So every boot.img I have created causes my problem, so it looks like I create wrong boot.img files... I guess I'll post my problem in [ROOT][Kernel][TWRP] repack of the stock kernel with dm-verity and SONY RIC off
I'll leave this thread open for a few days in case anyone has any idea what I can do or until my problem got solved in the meantime.
Edit: I also tried to create a working boot.img with the files from Rooted Kernels F8331 & F8332 41.3.A.2.107 OREO 05APRIL2018, tried with and without my TA.img - both didn't work.
After many tried I'm now just using the KERNEL_F8331_41.3.A.2.107_CLEAN.img from that thread and followed the instructions. I'd like to use my TA.img backup so that under "FIDO KEYS" it doesn't says "not provisioned, provision failed" anymore.
PS: Did a post here now
I had to downgrade to Nougat, because of too many other problems occurred (which still haven't all been solved with Nougat. On Marshmallow they would all be solved, but I don't really want to stay on Marshmallow...)
So this Thread can be closed. If I can help solve that problem, I'll post it in [ROOT][Kernel][TWRP] repack of the stock kernel with dm-verity and SONY RIC off
Related
Have now done the following .
1. Cell unroot per SuperSU ( If only a short note, then the app closed )
2. boot into TWRP manually and flashed Magisk - v6
3. next phh 's systemless superuser ) with Super SU magisk version already tried )
4. Mobile launched new
5. After that, it will not boot - When loading only the LED that flashes red and I have to flash a new firmware ...
Anyone know what I'm doing wrong ?
Have a Sony Xperia Z3 D6603
gerooted and SuperSU ( 2.78 )
TWRP 3.0.2-0
Rom : PureX v5 ( Android 6.0.1 - 23.5.A.1.291 )
Locked Blootloader
would be great if he had a solution for me ...
smellz said:
Have now done the following .
1. Cell unroot per SuperSU ( If only a short note, then the app closed )
2. boot into TWRP manually and flashed Magisk - v6
3. next phh 's systemless superuser ) with Super SU magisk version already tried )
4. Mobile launched new
5. After that, it will not boot - When loading only the LED that flashes red and I have to flash a new firmware ...
Anyone know what I'm doing wrong ?
Have a Sony Xperia Z3 D6603
gerooted and SuperSU ( 2.78 )
TWRP 3.0.2-0
Rom : PureX v5 ( Android 6.0.1 - 23.5.A.1.291 )
Locked Blootloader
would be great if he had a solution for me ...
Click to expand...
Click to collapse
I had the same, but maybe the SU can't uninstall. I'm on existenz Rom...
Don't you need an unlocked bootloader?
Sent from my D6633 using Tapatalk
at magisk was nothing about it because that an unlocked bootloader is required.
Yes unlocked Bootloader is required. My Bootloader is unlocked. But can't delete the superuser.apk. That's bad
Exactly the same happened to me. I tried SLiMM 3.1 and PureX V5. After installing Magisk in TWRP device is like dead - only led flashes. If I used Elite kernel, system boots, but the system gets random restarts. Now flashing eXistenZ.
Maybe cause you need to be on stock rom and stock kernel
I use the stock kernel with custom Rom based on the latest official version
Got same issue when using stock kernel on my Xperia Z2, switched to Advanced stock kernel Marshmallow 6.0.1 'cause it has Systemless root support and SElinux permissive and now everything works.
I have try it again, with unroot and install Magisk. Now it works with the advanced stock kernel. But I have some reboots when root is enabled.
Hi All,
I have the same problem, I can see S1 /SOMC Flash Device in Device Manager.
Could someone please post step by step instructions to restore a to Marshmellow?
Will I have to download an Image and a Flashtool?
I have D6603 with TWRP, I am not able to boot to recovery.
Z3- said:
Hi All,
I have the same problem, I can see S1 /SOMC Flash Device in Device Manager.
Could someone please post step by step instructions to restore a to Marshmellow?
Will I have to download an Image and a Flashtool?
I have D6603 with TWRP, I am not able to boot to recovery.
Click to expand...
Click to collapse
Resolved using Emma. I installed the S1 SOMC Flash Device Drivers and I was able to download lollypop.
I will attempt now to reinstall recovery, new rom, and Magisk
Hi,
I have seen that the Samsung Galaxy edge 7 with a Qualcomm Snapdragon 820 cpu, running Nougat & has a permanently locked bootloader has been rooted. As seen here:
https://forum.xda-developers.com/tm...eres-how-rooted-nougat-s7-edge-g935t-t3567502
My question is, could that same method be applied to the Xperia XZ, just using Flashtool instead of Odin & obviously using XZ drivers instead of samsung?
GoodguyUK said:
Hi,
Could that same method be applied to the Xperia XZ, just using Flashtool instead of Odin?
Click to expand...
Click to collapse
Short: No
I have not found the boot.tar he mentions ...
Odin is a different beast than Flashtool.
Interesting for me is that the contents of the magical boot.tar flashed via Odin totally enable mounting, modifying system etc.
To make root.bat work adb must run as root on the device!
Not easy but can be achieved. I did this with a modified kernel in 2015 when rooting the first DM-Verity protected device from SONY. Find a link for that (long read) in my [GUIDE]. I guess here are similar things at work, maybe with the patched libs in the Nougat_S7_Root_2_82_All_Carriers_V1.zip
But to use this you have to be root in adb to get the libs to the proper places in /system.
For SONY devices DM-Verity and SONY-RIC are in the stock kernels. Modifying anything on the kernel or system partitions will result in a bootloop.
This can not be defeated unless you have SONY's private key to sign your ROM.
In order to modify (e.g. rooting) /system you need a kernel with DM-Verity and SONY-RIC off and an unlocked bootloader to boot this kernel.
I can imagine a way using the exploit that enables us to backup the TA to copy a modified/patched kernel onto the kernel partition.
Will it be possible for the locked bootloader to boot this kernel? I do not know.
BTW I wonder that Flashfire is included. AFAIK this is payware from @Chainfire
On SONY devices I would not bother.
On devices where there is Marshmallow available you can backup your TA and afterwards unlock the bootloader to do what you intend: rooting or flashing custom ROMs or ....
When you sell the device you just restore the TA and flash a stock ROM -> everything SONY blessed and locked again.
Hi Everybody,
the last days I was reading several threats and posts about backing up TA-Partition (using iovyroot), repacking the Stock Kernel (with RootKernel) and how to root my Z5 Dual (E6633). But I still have some questions.
First of all: I backed up my TA-Partition, my BL is still locked and my phone isn't rooted till now.
Now my questions:
1) What is the difference between including the TA-Partition into my repacked Kernel and flashing it with FlashTool (creating a FTF from my TA-Partition with Top-RootKernel)? And what is the better option?
2) If the TA-Partition is included in the repacked Kernel (created with RootKernel), do I still have to flash the TA-Partition (as a FTF) afterwards? I think “no“ but I'm not sure.
3) Is there any way I can root my Z5 Dual using a repacked Kernel and flashing my TA-Partition back without losing SU-Privileges and/or BL getting relocked? If yes, ... how can I do this?
Would be great if someone can help me
https://forum.xda-developers.com/xp...oot-automatic-repack-stock-kernel-dm-t3301605
Checked this?
What I previously did ...
Let me show you, what I previously did.
I downgraded to Lollipop and backed up my TA-Partition using iovyroot. After backing up my TA-Partition, I upgraded again to Android Nougat 7.1.1 using Flashtool.
Afther this, I made my own Kernel for Android Nougat (32.4.A.1.54_1309-3895) using the latest Version of RootKernel (which I downloaded from here).
Everything worked fine up till now. But when I was reading the following threats, I got confused.
iovyroot - (temp) root tool
[ROOT][Kernel][TWRP] repack of the stock kernel with dm-verity and SONY RIC off
As far as I know, the Bootloader will be relocked and I will loose Root-Privilegs if I flash back the TA-Partition. If I flash back the TA-Partition using Flashtool as described in the RootKernel-Threat, do I still have unlocked Bootloader and Root-Privilegs?
I am also not sure, when I have to flash back the TA-Partition. If I am using this guide to root my phone, do I have to flash back the TA-Partition as the final step (after flashing the kernel, twrp, and rooting my phone)? Or do I have to flash back the TA-Partition after flashing the kernel and twrp but before rooting my device?
https://twigstechtips.blogspot.com/2016/04/sony-z5-compact-root-without-losing-ta.html?m=1
Check this. You did it right.
I've done it many times
Duvel999 said:
https://twigstechtips.blogspot.com/2016/04/sony-z5-compact-root-without-losing-ta.html?m=1
Check this. You did it right.
I've done it many times
Click to expand...
Click to collapse
Tanks for the link. Now everything has become clear to me and I know what I have to do
Nevertheless I still have some questions.
I know that RootKernel gives me the option to include SuperSU and TWRP directly into a patched kernel.
However, I wonder what would be the better option (perhaps for performance reason or whatever). Is it better to include SuperSU/TWRP into the patched kernel using RootKernel? Or is it better to flash SuperSU/TWRP separately? And what exactly is the difference between the two methods (apart from the obvious)? Anyone who can explain it to me?
Hello community, I have decided to root and install a custom rom to my xzp,
I have followed j4nn guide downgrade my xzp G8141 from 9.0 to 8.0 for temp root and TA backup before unlocking the bootloader, I have saved all 3 copies well, things have gone wrong after unlocking the bootloader, installing the latest fw with newflasher, in the menu service has changed, now I have these errors. I have the eXistenZ pie on my xzp, the video enhancement not working.
Here are 3 screenshots in comparison
1 first of all, with stock 9.0 fw,
2. the one after downgrade to 8.0 without modifying anything,
3. 8.0 fw after unlocking the bootloader
4. after installing custom rom and with TA-locked.img restored. a hide unlock kernel flashed, continue with ERROR
Thanks to all in advance
Hello all,
I hope someone can help since at the moment I can't do anything with my phone. I wanted to give a new live to my Sony XZP since I am tired of the phone, so I decied to unlock the bootloader and install twrp/root so I could test some of the available Android 10 roms here in XDA.
The unlock bootloader part was ok (once I realised that windows 10 wasn't installing the drivers properly and I sorted that), the problems started when I installed twrp twrp-3.3.1-0-maple, when I restarted into recovery twrp I couldn't see any of my files and there was actually an error saying can't mount /data and when I tried to do select storage everything said 0 MB.
I did what is mentioned on this post: https://forum.xda-developers.com/android/general/how-to-fix-unable-to-mount-data-t3830897
After this when I rebooted my phone was stuck on the Xperia screen, from there I just have been tried to restore anything there, however I am not an advanced users I tried a few things:
1- Used XperiFirm embeeded in Flashtool to download the Europe CE1 image for my device G8142 dual and tried to flash it using Flashtool but it seems the phone doesn't do anything after getvar-max-download-size or something similar
2 - Tried to use newflasher to flash the same image, but it also fails in the same step
AFter this I realised I could push files to the phone using ADB, so I tried the following:
3 - Pushed the SuperSU to the phone and flashed it
4 - Pushed a few roms (LineageOS 17.1 for XZP, eXistenZ Pie v10.0.0 47.2.A.10.107 )
5 - I tried to flash eXistenZ Pie v10.0.0 47.2.A.10.107 but the phone entered in a restart loop that was going always to the TWRP recovery
6 - I tried to flash LineageOS 17.1 for XZP but aftert reboot the phone doesn't do nothing, I can't power one, not fastboot, no flashmode nothing, now it seems that I really bricked.
Any help will be much appreciated.
Thanks in advance.
Hello,
This can be closed, I was able to restore my phone, I noticed flashmode still worked, once I found a tutorial explaining how to prepare the firmware downloaded by XperiFirm so it could be used with newflasher I was able to flash the most current CE1 firmware and the phone is working. I wanted to leave it here for someone else's reference.
However it would be nice to have a single article explaining how to unlock the booloader, install twrp and root and use that to flash a custom rom. If anyone knows about such article can you please share?
I searched the forum but I can only find bits and pieces nothing really explaining it in a simple way that someone that doesn't know much about this can use.
fattheman said:
Hello,
This can be closed, I was able to restore my phone, I noticed flashmode still worked, once I found a tutorial explaining how to prepare the firmware downloaded by XperiFirm so it could be used with newflasher I was able to flash the most current CE1 firmware and the phone is working. I wanted to leave it here for someone else's reference.
However it would be nice to have a single article explaining how to unlock the booloader, install twrp and root and use that to flash a custom rom. If anyone knows about such article can you please share?
I searched the forum but I can only find bits and pieces nothing really explaining it in a simple way that someone that doesn't know much about this can use.
Click to expand...
Click to collapse
Try using the twrp linked below, its an older version (3.2.1) but works flawlessly. Install it in fastboot mode, using the same command as the other recovery (fastboot flash recovery TWRPA10.img).
Twrp: https://drive.google.com/file/d/109obOcD_FVMg7rLP5g5wlxgpM9OsxZOG/view?usp=drivesdk
Also find magisk 20.4 attached below