So I've got myself a Sony Xperia Z1 and I'm a little unsure about how you root it.
From my understanding you need root to backup the DRM keys. but to get root apparently I need to unlock the bootloader to be able to put a certain version of the ROM on (which wipes the DRM keys).
Then I can root the phone.
Then I can backup the DRM keys
I'm seeing a loop here and I'm not sure what the first step would be. if anyone could point me in the right direction it would be heavily appreciated.
Hunter-Nyan said:
So I've got myself a Sony Xperia Z1 and I'm a little unsure about how you root it.
From my understanding you need root to backup the DRM keys. but to get root apparently I need to unlock the bootloader to be able to put a certain version of the ROM on (which wipes the DRM keys).
Then I can root the phone.
Then I can backup the DRM keys
I'm seeing a loop here and I'm not sure what the first step would be. if anyone could point me in the right direction it would be heavily appreciated.
Click to expand...
Click to collapse
You do not need to backup the TA area (Which contains the DRM keys) if you just want to root. you only need to do that if you unlock the bootloader.
First, read this about unlocking the bootloader
http://unlockbootloader.sonymobile.com/
If you can and you want to unlock the bootloader then do so, making sure you have backed up your TA
If you cant (And in any case you must do this in order to backup your TA) you must
1) Downgrade to 4.2
2) Root using Bin4rys method, google it
3) Install dual recovery for 4.2, Its in the development thread
4) Flash a prerooted 4.4 Rom, in the development section.
If you still want to unlock the bootloader, backup the TA
I have a locked BL VZW XT1060 on 4.4.2 stock
It was/is rooted.
It has SuperSU installed but without binaries installed.
A little history:
Originally on 4.2.2 then OTA to 4.4.
Downgraded to 4.2.2 and applied SlapMyMoto.
I believe I took OTA to 4.4 with the intention to sit tight there.
I accidentally took OTA to 4.4.2.
This is where it gets weird.
Root was still intact but write protection was temporary, meaning after reboot, I lose it.
This was fine as it allowed me to temporarily disable write protection and enable the native hotspot.
Then, one day I was updating some apps on my phone, I noticed that I completely lost the ability to disable to write protection. I tried uninstalling all to the app updates to no avail.
What are my options to get WiFi tether/Hotspot back?
Sunshine, unlock the bootloader, and have a fully unlocked device. Anything else and you'll likely run into issues similar to what you have now.
Sent from my Moto X
What the guy above me said.
@slingblade01 what you described is exactly what happens.
The vulnerability which MotoWpNoMo exploited to disable write protection was patched in 4.4.2, so if you have a LOCKED Bootloader, and updated from 4.4 you could keep root, but write protection became enabled with no way to disable it again.
If you don't care about upgrading past 4.4.2, you can search for TowelPieRoot, and gain temp root to.
Otherwise, as @imnuts and @nhizzat say, If you are still on 4.4.2, and have its bootloader, then you can use Sunshine to unlock the bootloader, after witch your phone will be just like a Developer Edition, or other edition with the bootloader unlocked.
In other words, once you unlock using Sunshine, you may root by following -> http://forum.xda-developers.com/moto-x/moto-x-qa/instructions-unlocking-rooting-dev-ed-t2649738 Just please be sure to use the latest TWRP fastboot IMG file and Installable ZIP of SuperSU. Once completed, you will have root with write protection disabled.
And it does not matter what Stock ROM or Android version is on your phone (Android 5 has some changes, so stay tuned) , once your bootloader is unlocked, you can always root or re-root it. (You just can't take OTA with custom recovery on there!!).
For Sunshine discussion see -> http://forum.xda-developers.com/moto-x/general/request-help-exploit-moto-x-bl-t2828471
and -> http://forum.xda-developers.com/showthread.php?t=2792487
and most importantly....
http://theroot.ninja/
Sunshine will check if its compatible with your phone first, if it is, it will charge you $25 before proceeding to unlock you. Unlike using the bootloader unlock code from Moto or the middleman, using Sunshine to unlock your bootloader is not destructive.
Once your bootloader is unlocked via Sunshine, do NOT attempt to re-lock it. because if you do relock it, you wont be able to unlock it again!! BTW, there is no need to relock anyway. It doesn't impact taking OTAs, etc.
Thank you and last question.
Thanks, that was the answer I was expecting but wanted professional opinions first.
Before I use Sunshine, do I need to do any prep work first, such as disable/remove root (remove SuperSU)?
Thanks again.
slingblade01 said:
Thanks, that was the answer I was expecting but wanted professional opinions first.
Before I use Sunshine, do I need to do any prep work first, such as disable/remove root (remove SuperSU)?
Thanks again.
Click to expand...
Click to collapse
Because I have a developer edition, I got my bootloader unlock code from moto, and haven't tried Sunshine.
From my brief reading/following of the Sunshine thread, I don't think you have to un-do anything. But I would consider flashing back to stock to remove any traces of SlapMyMoto and the like AFTER you unlock via Sunshine.
Hey,
So as mentioned in the large "How to root" thread, any update after 4.4.3 will essentially make your device unrootable (or unwritable).
I have the xt1058, which is one of the devices with a locked bootloader. This device is also compatible with Android 5.0, so I was wondering if I flash a captured OTA of 5.0 for the xt1058, will that lock out my bootloader and ensure that I can never root again?
Thanks!
5.0 > 4.4.3 so logic would lead me to say yes, you're stuck running stock.
If you are locked, you will not be able to Root on 5.0 for now, or for awhile.... If ever.
---------- Post added at 10:26 AM ---------- Previous post was at 10:26 AM ----------
Once it comes out of course.
---------- Post added at 10:27 AM ---------- Previous post was at 10:26 AM ----------
if you really want to Root.... Best to not update, as they may figure out how to Root kit Kat and not Lollipop. Usually how it goes.
themsftcpu said:
Hey,
So as mentioned in the large "How to root" thread, any update after 4.4.3 will essentially make your device unrootable (or unwritable).
I have the xt1058, which is one of the devices with a locked bootloader. This device is also compatible with Android 5.0, so I was wondering if I flash a captured OTA of 5.0 for the xt1058, will that lock out my bootloader and ensure that I can never root again?
Thanks!
Click to expand...
Click to collapse
Not sure what you mean by "flash a captured OTA" but with a locked bootloader all you can flash is a ROM or OTA which is digitally signed by Moto and meant for your phone and its CID value. In other words, you can't capture an OTA zip file, modify, repack it and flash it to include Root, if you have a locked bootloader.
If you want usable root on the X you need two parts 1. Root Exploit, and 2. An Exploit that allows for disabling Write Protection.
If you have a locked bootloader you need someone to find these exploits and create a repeatable process to use them to gain root and disabling write protection. You basically need to find and exploit a flaw or vulnerability in the phone, or its software. i.e. Hack It.
When Write Protection is enabled (the phone's default state with locked bootloader, or the state you are in after you install 4.4.2), any changes made to /system, or the like, (including, but not limited to, App installs, file modifications, deletions, renames, etc) are not permanent and are lost at power off/on.
On a locked bootloader you are relying on someone finding vulnerabilities in the phone or its software to both root and disable write protection. Period. No way around that.
As it stands right now, no one has released info on any vulnerabilities which could gain root on a locked bootloader 2013 X which have been upgraded to 4.4.4. So there is no process for rooting those locked bootloader phones.
While JCASE's Sunshine tool can exploit a vulnerability to unlock the bootloader (disabling write protection), it needs to be able to ROOT, or Temp Root, the phone first, which leaves out phones on 4.4.4 (unless I've missed a change recently). (and before you ask, no, you can NOT safely downgrade from 4.4.4 to 4.4.2 or lower, nor can you get to a state where Sunshine will work once you have 4.4.4 on your phone.)
With further security enhancements as android evolves, its only going to get more difficult finding vulnerabilities to exploit and creating repeatable processes for those with locked bootloaders. In other words while there might be a chance someone comes up with something for locked bootloader 2013 X's on Lollipop, I wouldn't count on it happening, nor would I "bet the farm" that it will ever happen.
KidJoe said:
Not sure what you mean by "flash a captured OTA" but with a locked bootloader all you can flash is a ROM or OTA which is digitally signed by Moto and meant for your phone and its CID value. In other words, you can't capture an OTA zip file, modify, repack it and flash it to include Root, if you have a locked bootloader.
If you want usable root on the X you need two parts 1. Root Exploit, and 2. An Exploit that allows for disabling Write Protection.
If you have a locked bootloader you need someone to find these exploits and create a repeatable process to use them to gain root and disabling write protection. You basically need to find and exploit a flaw or vulnerability in the phone, or its software. i.e. Hack It.
When Write Protection is enabled (the phone's default state with locked bootloader, or the state you are in after you install 4.4.2), any changes made to /system, or the like, (including, but not limited to, App installs, file modifications, deletions, renames, etc) are not permanent and are lost at power off/on.
On a locked bootloader you are relying on someone finding vulnerabilities in the phone or its software to both root and disable write protection. Period. No way around that.
As it stands right now, no one has released info on any vulnerabilities which could gain root on a locked bootloader 2013 X which have been upgraded to 4.4.4. So there is no process for rooting those locked bootloader phones.
While JCASE's Sunshine tool can exploit a vulnerability to unlock the bootloader (disabling write protection), it needs to be able to ROOT, or Temp Root, the phone first, which leaves out phones on 4.4.4 (unless I've missed a change recently). (and before you ask, no, you can NOT safely downgrade from 4.4.4 to 4.4.2 or lower, nor can you get to a state where Sunshine will work once you have 4.4.4 on your phone.)
With further security enhancements as android evolves, its only going to get more difficult finding vulnerabilities to exploit and creating repeatable processes for those with locked bootloaders. In other words while there might be a chance someone comes up with something for locked bootloader 2013 X's on Lollipop, I wouldn't count on it happening, nor would I "bet the farm" that it will ever happen.
Click to expand...
Click to collapse
What about using safestrap? I also own a locked moto x and am currently running a rooted 4.4.4 ROM via safestrap.
Would this be possible to do with lollipop while retaining root?
frenchie007 said:
What about using safestrap? I also own a locked moto x and am currently running a rooted 4.4.4 ROM via safestrap.
Would this be possible to do with lollipop while retaining root?
Click to expand...
Click to collapse
You'll likely still need to find a software vulnerability to exploit to gain root. And if Lillipop uses a new Kernel (which is does) it may not be compatible with the current Safestrap. And Hash stopped developing Safestrap.
That being said.. Safe strap requires the host phone/os be rooted with write protection disabled. So if you are running Safestrap on a 2013 X, you likely have Android 4.4 or lower as your host OS and have used something like SlapMyMoto/RockMyMoto along with MotoWpNoMo to root and disable write protection on your host OS. If this is the case, use Sunshine to unlock your bootloader. It will be much easier.
KidJoe said:
You'll likely still need to find a software vulnerability to exploit to gain root. And if Lillipop uses a new Kernel (which is does) it may not be compatible with the current Safestrap. And Hash stopped developing Safestrap.
That being said.. Safe strap requires the host phone/os be rooted with write protection disabled. So if you are running Safestrap on a 2013 X, you likely have Android 4.4 or lower as your host OS and have used something like SlapMyMoto/RockMyMoto along with MotoWpNoMo to root and disable write protection on your host OS. If this is the case, use Sunshine to unlock your bootloader. It will be much easier.
Click to expand...
Click to collapse
Yep, I was holding out on unlocking with sunshine but seems like its necessary to keep root for lollipop. Thanks!
frenchie007 said:
Yep, I was holding out on unlocking with sunshine but seems like its necessary to keep root for lollipop. Thanks!
Click to expand...
Click to collapse
Why would you ever wait to unlock your bootloader if you're able to? You wouldn't have to worry about any of this with an unlocked bootloader.
nhizzat said:
Why would you ever wait to unlock your bootloader if you're able to? You wouldn't have to worry about any of this with an unlocked bootloader.
Click to expand...
Click to collapse
My only guess would be.... he is still under warranty and isn't in a hurry to void it?
nhizzat said:
Why would you ever wait to unlock your bootloader if you're able to? You wouldn't have to worry about any of this with an unlocked bootloader.
Click to expand...
Click to collapse
KidJoe said:
My only guess would be.... he is still under warranty and isn't in a hurry to void it?
Click to expand...
Click to collapse
Because sunshine costs money and yes, I'm in no hurry to unlock it (until lollipop comes along that is)
frenchie007 said:
Because sunshine costs money and yes, I'm in no hurry to unlock it (until lollipop comes along that is)
Click to expand...
Click to collapse
Just keep in mind.... As soon as you update to 4.4.4 or Lollipop, There's no guarantee you'll ever be able to unlock with Sunshine.
You likely know this... But just checking. ?
Darth said:
Just keep in mind.... As soon as you update to 4.4.4 or Lollipop, There's no guarantee you'll ever be able to unlock with Sunshine.
You likely know this... But just checking. ��
Click to expand...
Click to collapse
using safestrap to flash only parts of 4.4.4 (excluding bootloader if I'm not mistaken) allows me to retain full root even on 4.4.4 even with a locked bootloader. however from what I understand you're right this won't be possible for lollipop :/
frenchie007 said:
using safestrap to flash only parts of 4.4.4 (excluding bootloader if I'm not mistaken) allows me to retain full root even on 4.4.4. however from what I understand you're right this won't be possible for lollipop
Click to expand...
Click to collapse
Maybe it could..... But based on the issues I've seen in the N5 section, likely not. Lollipop probably won't play well with anything kit Kat or earlier.
Pretty hard to test too... Who knows what would happen if you tried. Also, who knows when or if SBF files will turn up.
---------- Post added at 05:15 PM ---------- Previous post was at 05:13 PM ----------
Off topic.... But I will feel bad for anyone who has Lollipop complaints and tries downgrading. Could be the end of their device.
Unless moto changes that quirk with their bootloader.
Since root has been achieved will this aid in unlocking the bootloader? Did it ever happen with the S5?
Root and bootloader unlock are two very different things tbh. Just because we have root doesn't mean it'll help unlock bootloader. Only thing is that maybe the devs attention will be turned to BL now that they don't need to worry about root.
SSJ_Gomike said:
Root and bootloader unlock are two very different things tbh. Just because we have root doesn't mean it'll help unlock bootloader. Only thing is that maybe the devs attention will be turned to BL now that they don't need to worry about root.
Click to expand...
Click to collapse
Ok, I didn't know if having greater access to the system would help with the bootloader issue. Thanks!
Finding root gives you elevated access to the file system. To get a customer recovery, the bootloader must be modified (which requires root to access). But, to modify our locked bootloader to put on a customer recovery, you'll needs it's encryption key. Without it, no changes can be made and the 'chain of trust' is broken and the phone won't boot.
I just received a Sony Xperia Z3+(E6533) on stock Marshmallow 6.0 and I've looked up how to root but only got ways to root while it's on Lollipop. Is there anyway for me to root on this software or downgrade from Marshmallow to Lollipop on this phone?
You can also root your phone while on MM. You can unlock the bootloader, flash a rootable kernel followed by a recovery and than flash the SuperSu zip. No problem.
But it is not recommended to do so, because you will loose the DRM keys/functionality when unlocking the bootloader. And once the keys are gone there is no way to get them back.
The better way is to downgrade to LP (e.g. .266), backup the DRM keys (TA Backup) and proceed with unlocking the bootloader and rooting the phone.
That's also the way I did yesterday, when I got the Z3+.
And of course you will have to read... a lot...
Thanks for the heads up , I've been trying to figure out ways for my specific model all morning and last night.
So to downgrade I'll just unlock the bootloader first then get a Lollipop firmware and flash using flash tool then do the other steps such as getting a rootable kernel and so on?
No, that is not what I wrote. Before unlocking the bootloader you will have to flash a LP firmware assumed that you want to backup the TA partition with the DRM keys first. This can only be done under LP.
I think you will have to read a little bit:
How to root Xperia Z3+?!
iovyroot - (temp) root tool
[Rootable Kernel SXZ3+ IVY/IVY_DSDS Marshsmellow ] [32.1.A.1.163]
What are the issues if we loose Drm keys? Will it affect non DRM normal contents? Or will it altogether disable Netflix or any other apps using Drm or other encryption?
You may have a look here:
Loss of DRM Keys or
Unlock your boot loader (Risk section)
Why don't create a guide?
Do some readings