rooted kernel hiding bootloader unlock
with working sony stock fw fota updates
for Sony Xperia XZ1 Compact
Firmware Over the Air system updates have been disabled/not working with sony xperia phones with unlocked bootloader.
Also many sony drm functions are disabled if fw detects unlocked bootloader even if device master key was recovered.
I've implemented a kernel patch for xperia XZ1 Compact / XZ1 / XZ Premium phones that properly masks bootloader unlock status so it appears as still locked for sony stock firmwares.
This allows FOTA updates to be installed if running completely unmodified stock firmware. This is possible if this kernel is just booted from usb via fastboot instead of flashing it.
The kernel is pre-rooted, so you can have root as usual with magisk when running this kernel (you can use magisk system less patching to make changes to system/vendor partitions without actually modifying them).
For oreo fw the boot process is patched to hide magisk from sony ric daemon that stops the boot in case it thinks the bootloader is still locked. This special patch allows to pass safetynet including cts while having properly working magisk.
This kernel may be used (flashed) just to properly enable sony drm features, like video image enhancements, if device master key was recovered via locked state TA restore.
The bellow described way to install FOTA system update works with both - phone with TA restored and phone with drm keys lost. Both variants have been tested with xz1c.
How to use this kernel while planning to do FOTA system update eventually
Update: please see here for the latest usage instructions for kernels in flashable zip archive.
Please see screenshots bellow for this kernel in action doing fota system update from oreo to pie and from pie to next pie version. There is also a video documenting this here. Few longer waiting parts have been cut out to fit the video under 15 minutes of youtube limit for not verified accounts.
if your bootloader is still locked
Use renoroot exploit to backup your TA, unlock your bootloader and restore TA-locked to recover device master key as described in
[XZ1c/XZ1/XZp] temp root exploit to backup drm keys implemented thread.
select one of the prepared kernels and download it
make sure you are running unmodified stock firmware
You need the version corresponding to the selected kernel - reflash the firmware to make sure it is unmodified.
Please note: any mount of /system or /vendor partitions in write mode would result with modifications even if nothing is copied there.
Be aware that some zip packages flashed from twrp may mount the partitions for write access even when that is not needed.
reboot the phone to fastboot mode
Use either "adb reboot bootloader" or
enter fastboot by holding powered off phone's volume up key while connecting it to PC via usb cable and use 'fastboot reboot bootloader' command.
boot the downloaded kernel via fastboot
For example:
Code:
fastboot boot boot-G8441-47.1.A.16.20-hideunlock-rooted.img
enjoy your rooted phone which thinks it is still locked
Sony apps will be offered to install/update. System FOTA update may come.
Magisk will provide your root when magisk manager app is installed (offered on the first boot).
if you need to use a custom recovery, like TWRP
Do not flash it. If you do, FOTA update verification will fail.
Instead use 'fastboot boot' the same way as with the kernel above, but instead of the kernel, boot the twrp image without flashing it.
to install a FOTA system update
just start the update as usual
let it run until it finishes the installation
try to catch the restart then and hold volume up that time to enter fastboot
you need to use following command to make next boot working
Code:
fastboot reboot bootloader
use 'fastboot boot' to boot kernel for fw to which fota updating to,
for example:
Code:
fastboot boot boot-G8441-47.2.A.4.45-hideunlock-rooted.img
if you miss the restart (or do not have the right kernel version),
it does not matter, the installation will finish even when bootloader unlock is detected with the last reboot to updated system,
so just 'fastboot boot' the corresponding 'hideunlock-rooted' kernel then
Alternative use of this kernel
If you do not like booting from usb via fastboot to startup your phone, you can flash the kernel and boot normally.
But if you like to install FOTA system update then, you would need to flash the stock kernel first in order to make the fw untouched again (assuming no other changes to the fw, like system or vendor partitions, have been done) and boot the patched kernel via 'fastboot boot' as described above.
You can backup stock kernel (and recovery) to avoid need to download full stock fw when you need to restore stock kernel & recovery when you decide to install fota system update - see here and following post for more details please.
If you do not care about FOTA, just do not install it.
And use this kernel just to enable all sony drm features that are available on a locked phone (assuming locked state TA has been restored).
In case you like to make some modifications to system or vendor partitions (as you do not care about fota), you would need to disable verity in the kernel - please see post#3 for noverity variants of oreo kernels and linked post describing howto switch verity off via magisk in all pie kernels.
Downloads
See the post#2 please.
Source code
patched kernel sources to hide bootloader unlock (my-bluhide/* branches)
https://github.com/j4nn/sonyxperiadev-kernel-copyleft
patched magisk sources to hide magisk from sony ric daemon on early boot phase (v19.1-manager-v7.1.2-ric branch)
https://github.com/j4nn/Magisk/tree/v19.1-manager-v7.1.2-ric
The patches are provided under GPL (that means you may include them in your builds, but you need to provide buildable source of released binaries /true for any kernel change btw/).
Credits
Thanks to @tonsofquestions for lot of initial testing of this concept when I did not have a phone with unlocked bootloader and for discovering the need to reboot to fastboot by a command to make the 'fastboot boot' command properly boot the supplied kernel image.
Thanks to @topjohnwu for his excelent magisk tool.
If you find my work useful, consider donating here please:
https://j4nn.github.io/donate/
Thank you.
XDA:DevDB Information
kernel_bluhide_lilac, Kernel for the Sony Xperia XZ1 Compact
Contributors
j4nn
Source Code: https://github.com/j4nn/sonyxperiadev-kernel-copyleft
Kernel Special Features: proper hiding of bootloader unlock, sony ric with magisk hack
Version Information
Status: Stable
Stable Release Date: 2019-02-10
Created 2019-02-10
Last Updated 2019-08-07
Downloads
This is for alternative use only - please see post#10 of XZ1 thread for more details.
boot-G8441-47.1.A.16.20-hideunlock-magisk-19.1-noverity.img
Screenshots of FOTA system update from pie 47.2.A.4.45 to pie 47.2.A.6.30 version
(video available here since 08:10 time)
Downloads
- hideunlock kernel pre-rooted boot images:
boot-G8441-47.1.A.8.49-hideunlock-magisk-19.1.img
boot-G8441-47.1.A.12.34-hideunlock-magisk-19.1.img
boot-G8441-47.1.A.16.20-hideunlock-magisk-19.1.img
boot-G8441-47.2.A.4.45-hideunlock-rooted.img
boot-G8441-47.2.A.6.30-hideunlock-rooted.img
boot-G8441-47.2.A.8.24-hideunlock-rooted.img
boot-G8441-47.2.A.10.28-hideunlock-rooted.img
boot-G8441-47.2.A.10.45-hideunlock-rooted.img
boot-G8441-47.2.A.10.62-hideunlock-magisk-19.3.img
- hideunlock kernels flashable to multi fw versions (see here for usage howto):
kernel-G8441-47.1.A.16.20-hideunlock.zip
kernel-G8441-47.2.A.10.62-hideunlock.zip
kernel-G8441-47.2.A.10.80-hideunlock.zip
kernel-G8441-47.2.A.10.107-hideunlock.zip
kernel-G8441-47.2.A.11.228-hideunlock.zip
Screenshots of FOTA system update from oreo 47.1.A.16.20 to pie 47.2.A.4.45
(video available here)
Hey j4. Can I use this? Haven't changed anything since we did the TA work
Hi @tramtrist, good to hear you again... sure, you can use this. If you want to try FOTA, just be sure, you have full fw flashed without any changes.
Or just use the kernel to enable all drm features having device master key recovered by TA-locked restore.
The FOTA update from oreo to pie 4.45, followed by fota update to pie 6.30 was done using DE customization. You need to flash oem partition too, to get the expected fota update.
@j4nn hey I am on Oreo .20 and my boot loader is unlocked and I didn't make any backups can I use the kernel
@danish0175, if you mean you have not backed up & restored TA - you might use the above howto with the kernel to possibly test a FOTA system update.
But if you like to stay on oreo with here posted kernel, you can, but camera would not work - if I remember correctly - it does not produce solid green pictures, it kind of hangs instead.
It cannot be quit with back button, you can switch to other app or kill camera via the square button though.
It seems I'm on 47.2.A.4.41 which there is no kernel for... And I'm pretty sure /system would have been modified by installing magisk/adaway ... Can't find an FTF for G8441-47.2.A.4.45 to do the test so...... Maybe I should just flash the latest FTF
j4nn said:
But if you like to stay on oreo with here posted kernel, you can, but camera would not work - if I remember correctly - it does not produce solid green pictures, it kind of hangs instead.
Click to expand...
Click to collapse
If I remember correctly, I observed this behavior running the last Oreo firmware (TA restored) with the default kernel. Should it be this way?! At startup, the user interface of the camera app looked normal, but when I tried to take a photo, some GUI elements were lost and no photo was saved.
wow..awesome!!
tramtrist said:
Maybe I should just flash the latest FTF
Click to expand...
Click to collapse
Just do it!
Didgesteve said:
You should be able to flash almost any firmware version, I don't think there are different modem drivers for each region any more. I have tried several regions of firmware here in the UK and none have effected signal reception or strength.
Start with Xperiafirm and download the most recent firmware build.
Download newflasher and unpack it into the same folder as the firmware.
Delete userdataXXX.sin. Deleting this file from the folder preserves your data patition in the rebuild.
Turn off phone, completely, plug it in while holding the volume down, you should see a green light come on the phone, start newflasher, type 'n' to the first two questions.
This should get you the latest build phone with your data intact
Edit: If you have issues with the Sony ADB driver, apparently answering 'y' to the first question on newflasher, gets you a zip file with the drivers you need and you just unpack them.
Click to expand...
Click to collapse
vofferz said:
I used the TA backup and restore tools by @j4nn (Thank you!), updated to Pie with newflasher by flashing all but persist.sin and .ta-files. This of course resets data, but I had a new, empty phone anyway.
[...] downloaded the new firmware with Xperifirm. Deleted persist*.sin, userdata*.sin, cache*.sin and all .ta files [but do not delete the one located in 'boot' sub folder] and flashed with newflasher. [...] Everything still works, data, apps and settings from previous Pie version remain [...]
Click to expand...
Click to collapse
tramtrist said:
It seems I'm on 47.2.A.4.41 which there is no kernel for... And I'm pretty sure /system would have been modified by installing magisk/adaway ... Can't find an FTF for G8441-47.2.A.4.45 to do the test so...... Maybe I should just flash the latest FTF
Click to expand...
Click to collapse
You can download Customized DE 47.2.A.4.45 for G8441 here:
https://www.xperiasite.pl/topic/28560-g8441-472a445-germany/
or even the oreo 47.1.A.16.20 here:
https://www.xperiasite.pl/topic/27985-g8441-471a1620-germany/
(but that would obviously involve a downgrade erasing all data in your case)
The DE customization offers fota system update from 47.1.A.16.20 right to 47.2.A.4.45 with next one being 47.2.A.6.30.
Concerning AdAway and changes to /system - it may not be the case.
Magisk contains support to simulate write access to system hosts file.
Magisk itself is flashed to kernel partition (i.e. partition named 'boot').
So your setup (if no other changes) may need to reflash just stock kernel (and recovery aka fotakernel.sin if flashed twrp) to make it untouched.
But surely if you used twrp to flash many things, most likely /system or /vendor got modified, so you would need to reflash them to make them original stock, if wanted to test fota.
This is awesome, j4nn! Fantastic work.
I'm glad to have had the small part I did in enabling this to move forward.
This almost makes me consider going back to stock, but if I end up needing more security upgrades, maybe I'll switch over....
Successfully updated 47.2.A.4.45 -> 47.2.A.6.30 via OTA with this (on unlocked bootloader + restored TA), and things are working well, including video enhancement. Not sure how reboot catching is supposed to be done as the OTA involves at least 3 reboots (I think?), it seems to be much simpler to just let it finish and after it's back in the OS "adb reboot bootloader" to load the patched kernel. Anyway thanks again for you work.
@notaz, thank you for the test.
Concerning reboot catching - it has been proved it does not matter if it is finished with stock kernel (so that updated fw detects unlocked state on it's first boot) - installation has been finished anyway.
But it is not that difficult to "catch the right reboot" - when fota progress says "Installing system update", that is there for quite a long time with progress bar moving to the right, then the "Restarting" is the one which boots back to main system, so that is the moment to catch and make it boot to fastboot.
The videos I've posted show all the reboots and what is displayed before them, so one may check how it looks in advance to be prepared...
Updated post#3 - for alternative use only - please see post#10 of XZ1 thread for more details.
How to backup the original boot.img
I successfully update my xz1c from 4.45 to 6.30.Thank you for your great job.:good:
But I want to flash your boot.img, rather than boot via the usb.
So, I use 'fastboot boot recovery.img' to go to recovery, and backup the boot Partition(64M).
Am I wrong?Is there any else method?
terrible english
You can take kernel.sin from your ftf firmware, use unsin tool and you will have stock kernel.img
@outline941, or flash simply kernel.sin via newflasher directly in flash mode.
Hello @j4nn!
Could you please patch a new released kernel 47.2.A.8.24 for G8441?
Thx.
Related
Unofficial TWRP 2.8.3.0 for Sony Smartwatch 3 (SWR50) (tetra)
If you don't know, what TWRP is then read http://teamw.in/project/twrp2 before flashing anything.
If you know, what TWRP is then read the disclaimer: use at your own risk, neither XDA, TeamWin nor I are responsible for anything bad and going wrong.
Installation Instruction
First of all you need adb and fastboot drivers and binaries installed on your PC. Grab them from the Android SDK, that suites to your PC's OS. Windows user may need the generic usb drivers. Linux users may need to start adb and fastboot with root rights, if they don't have the needed udev rules.
Unlock bootloader
If your bootloader isn't unlocked yet, then you have to unlock it. There are to ways to boot into the fastboot mode.
]1. way to boot into fastboot mode:
Turn off your device
Press and hold power button until the "Insert USB" animation appears
double press the power button to enter the boot menu. (you may need several attempts)
within the bootmenu press power once to navigate, twice to select. Press twice to boot into fastboot
now you can connect your watch with your PC.
2. way to boot into fastboot mode:
enable developer settings and ADB debugging from within the settings menu (you have to press 7 times the About->build number)
connect your watch with your PC. Enter "adb devices" in your terminal/cmd and confirm adb permission for your watch on your smartphone.
boot into bootloader with "adb reboot bootloader"
Now, in fastboot mode enter "fastboot oem unlock" twice to unlock the bootloader. Attention: this will factory reset your Smartwatch 3.
Some users reported, that their devises stuck on boot without the commands "fastboot format cache" and "fastboot format userdata", you should enter this commands before you the reboot, too.
Afterwards reboot your device and set it up again. Enable adb debugging, too.
Flashing TWRP
Boot into fastboot mode
enter "fastboot flash recovery <NAMEOFTHE.IMG>"
Power off the device
(to power off try "fastboot continue", it should boot into charging mode and then unplug the device)
Now, TWRP is installed and you should boot straight into it with holding power button and selecting "Recovery" from the boot menu (see first way to boot into fastboot mode)
If you boot into system without booting twrp once, the system overwrittes twrp with the stock recovery. If this happens to you, then boot into fastboot and boot twrp without flashing it with "fastboot boot <NAMEOFTHE.IMG>". Afterwards boot into bootloader from the recovery's reboot menu and flash twrp again.
Download link: unofficial-twrp-2.8.3.0-tetra.img Updated on 30.12.2014
Now, if you want to root your Smartwatch 3 with Wear 5.0.1, go to http://www.xda-developers.com/android/root-android-wear-5-0-1-xdatv, download the "Wear supersu.zip" and flash it with your newly installed TWRP recovery.
If you want to use "adb sideload" make sure that you have the most recent adb binary on your pc.
Kernel source code: can be downloaded from https://android.googlesource.com/ke...-wear-release/arch/arm/mach-java/sony/brooks/
TWRP device tree: https://github.com/perpe/android_device_sony_tetra
Many thanks to @Dees_Troy for making twrp avaible
Good job, I'll post stock recovery extracted from PC companion image later tonight.
I have a copy of the stock recovery, created with dd from the device. I can upload it, if it is needed
Can someone please upload a twrp image of the stock rom? I want to get rid of my pre release debug version
Sent from my SM-N910G using XDA Premium 4 mobile app
Works great, both using boot or flash recovery and both from boot menu and adb reboot recovery from system.
BTW, thanks for boot menu hint.
---------- Post added at 12:29 AM ---------- Previous post was at 12:28 AM ----------
The only issue it is extremely hard to press on home button and I was not able to press on back button
@julz
Please, can you make a backup of your prerelese version with twrp? I will upload a stock 5.0.1 version with all neccessary parts later today.
@XorZone
Nice to read. I was unsure with the overwrite, if people don't boot the twrp once, because there isn't a install-recovery.sh, but it seem that this happens.
perpe said:
@julz
Please, can you make a backup of your prerelese version with twrp? I will upload a stock 5.0.1 version with all neccessary parts later today.
@XorZone
Nice to read. I was unsure with the overwrite, if people don't boot the twrp once, because there isn't a install-recovery.sh, but it seem that this happens.
Click to expand...
Click to collapse
Yep will do! Thanks!
---------- Post added at 09:12 PM ---------- Previous post was at 08:29 PM ----------
Hey @perpe you might want to add the following to your bootloader unlock instructions as I had to go to the old rooting thread to find this out:
4. fastboot format cache
5. fastboot format userdata
6. fastboot getvar all (and verify that it is)
7. fastboot reboot
Hi all - link to the pre-release version recovery image (tetra-userdebug 4.4W KGW38C 1046 test-keys):
http://1drv.ms/1y100TI
That's incredible. as explained here but even that does not work. yet all the usb driver days with the sdk. Can not even watch fastboot mode, while in adb way possible.
I do not understand why it does not work.
the model of the watch is LWX48P
--- nvm, fixed it.---
julz said:
you might want to add the following to your bootloader unlock instructions as I had to go to the old rooting thread to find this out:
4. fastboot format cache
5. fastboot format userdata
6. fastboot getvar all (and verify that it is)
7. fastboot reboot
Click to expand...
Click to collapse
This is not needed. Look at http://source.android.com/source/building-devices.html#unlocking-the-bootloader format cache & userdata is only needed on Nexus 10. Our device formats cache and userdata automatically on bootloader unlock. getvar is useless with out telling the people what they have to verify
Many thanks for your dump, but it contains the data partition, too. Please, delete that from your zip package, because data contains your personal setup. It's not a good idea making it public.
I made a flashable zip of the stock LWX48P and will open a thread for it. I had a deeper look into the partitions and I really don't know if it's a good idea to flash the stock ROM on to your test build device. This can brick it.
My zip file contains all necessary partitons from the update KNX01V -> LWX48P, but there are some other partitions that may be necessary for you. These partitions are not included within my zip. There are 10 partition, which are part of the board firmware (recovery.fstab calls them "Needed for radio.img").
The more relevant partition for you should be the s1sbl partition, this is the Sony bootloader. I can't say, if the stock rom works with your device or if it bricks it. Have you tried flashing the stock ROM with the Sony PC Companion? You should try this first. If it doesn't work, I would recommend a binary comparison of the s1sbl partition of your device and an official release version. For this I need a copy of yours, you can make it with dd. If they are the same it should be relative safe to flash the stock ROM, if not then it gets tricky, you may want to flash the stock s1 bootloader before flashing the ROM. I really don't know, what could be the best in this case.
ced360 said:
That's incredible. as explained here but even that does not work. yet all the usb driver days with the sdk. Can not even watch fastboot mode, while in adb way possible.
I do not understand why it does not work.
the model of the watch is LWX48P
Click to expand...
Click to collapse
The problem is with your PC. Make sure there are no background Android Sync applications, like Samsung Kies, HTC Sync Manager..., are running. These applications block adb. Look into the windows device manager, too. If the Sony Smartwatch 3 has a triangle, then it is not recognized with a driver. This can happen if you have several adb drivers installed. Remove them or associate one of them manually from the device managers driver installation. I can't help you here, I'm a Linux user, not Windows.
@all
There was a little error in the recovery, I've fixed it and also removed the SuperSu install question, because it doesn't work right with wear. The recovery is updated and the old one removed, please use this one in the future.
@perpe - I had to format cache and userdata for my SmartWatch 3 to boot again - got stuck in a bootloop after unlocking.
Are you able to point me to somewhere that explains how to use DD? Do I run it via ADB Shell?
Thanks!
---------- Post added at 01:51 PM ---------- Previous post was at 01:46 PM ----------
Unfortunately the Sony PC Companion doesn't update my watch Says to update my PC Companion but then says it's up to date
Yepp, my watch needed format cache or I didn't know it that time so just reflashed with PC companion tricking it to update connected Sony smartphone (and I'm glad they are checking version from s1 and not by user selection) as PC companion was telling no new update and not giving an option to repair back then.
perpe said:
I made a flashable zip of the stock LWX48P and will open a thread for it. I had a deeper look into the partitions and I really don't know if it's a good idea to flash the stock ROM on to your test build device. This can brick it.
My zip file contains all necessary partitons from the update KNX01V -> LWX48P, but there are some other partitions that may be necessary for you. These partitions are not included within my zip. There are 10 partition, which are part of the board firmware (recovery.fstab calls them "Needed for radio.img").
The more relevant partition for you should be the s1sbl partition, this is the Sony bootloader. I can't say, if the stock rom works with your device or if it bricks it. Have you tried flashing the stock ROM with the Sony PC Companion? You should try this first. If it doesn't work, I would recommend a binary comparison of the s1sbl partition of your device and an official release version. For this I need a copy of yours, you can make it with dd. If they are the same it should be relative safe to flash the stock ROM, if not then it gets tricky, you may want to flash the stock s1 bootloader before flashing the ROM. I really don't know, what could be the best in this case.
Click to expand...
Click to collapse
Full list of files in PC Companion fileset:
Code:
abi-sec.sin
abi.sin
boot.sin
cache.sin
cp-boot.sin
cp-image.sin
dsp-dram.sin
dsp-pram.sin
dt-blob.sin
hwconf.sin
kernel-dtb.sin
loader.sin
parm-spml-dep.sin
parm-spml-ind.sin
partition-image.sin
ramdump-dtb.sin
ramdump.sin
recovery.sin
s1sbl.sin
sys-parm-dep.sin
sys-parm-ind.sin
system.sin
u-boot.sin
ubootlogo.sin
umts-cal.sin
userdata.sin
version-info.sin
@XorZone
Did you unlocked your bootloader with with current firmware or the previous one? I did it with the current one and it wasn't needed. If I lock my device and unlock it again it is also not needed. Unlock resets it everytime, but no stuck on boot. Anyway I added it.
@julz
Code:
adb shell
su
dd if=/dev/block/platform/sdhci.1/by-name/s1sbl of=/sdcard/s1sbl.img
this makes a dump of your s1 bootloader on sdcard. You need root for it. If your system is still unrooted, you can use the recovery's adb, too. In the recovery you may need to change the sdcard path.(the "of" part)
It would be good if you can make a dump of your ta partition, too. but don't give it away, because the ta partitions contains your serial number. (change s1sbl to ta in the command above).
Copy both dumps to your pc. Try to open the ta dump with a hexeditor and search for your serial number, afterward it list the model number (SWR50 on my device), then the bootloader version (1286-0320 S1BOOT_BCM23550_Release_REL105) and a timestamp of my last flash with the PC companion. Please compare them with yours.
I have found the u-boot source code on the Sony site. On boot the device first boots u-boot and u-boot handles the boot process. The s1 bootloader is only booted by user request (connecting it via usb when the USB animation appears). For me this means, s1 is only needed for recognition/updating with pc companion and it should be possible to flash it without bricking and without s1sbl. But I don't call myself a developer and this is my first Sony device. You may want to start a thread in the Sony Cross-Device General board. There are more experienced devs than me. I'm sure they know, if your devices could be flashed with pc companion if you swap the s1sbl with a regular one. There are also several unofficial tools to create and flash Sony firmware, but as I said, I'm very new to Sony and don't know how to handle them yet (and even don't know if they support a Broadcom SoC)
If you make a dump of the s1sbl, then send me a link for a compare.
Download link of the u-boot source: http://developer.sonymobile.com/dow...e-for-smartwatch-3-lwx48p-android-wear-5-0-1/ (look into /u-boot/hawaii/board/broadcom/javaboard/s1/cmd_s1boot.c for the boot selection)
perpe said:
@XorZone
Did you unlocked your bootloader with with current firmware or the previous one? I did it with the current one and it wasn't needed. If I lock my device and unlock it again it is also not needed. Unlock resets it everytime, but no stuck on boot. Anyway I added it.
Click to expand...
Click to collapse
On 4.4, they might fixed it in 5.0.
Back then this forum was blank and I had no idea how sony devices works, so spoiled by nexus experience the first thing after enabling adb I went and unlocked oem and had some skipped heartbeats when I got stuck on bootlogo.
perpe said:
There are also several unofficial tools to create and flash Sony firmware, but as I said, I'm very new to Sony and don't know how to handle them yet (and even don't know if they support a Broadcom SoC)
Click to expand...
Click to collapse
I'm using flashtool from http://www.flashtool.net/index.php to decrypt sony fileset and extract sin files, this tool should work with any s1 protocol devices, but there is no configuration for the SWR50 so I was not able to flash with it.
After flashing from test to 5.0 in twrp it might hang with power button unresponsive so the only way out would be to wait for discharge to get into s1 and then with PC Companion not updating...
BTW, @julz does PC Companion able to repair your test version, e.g. saying that there is no new update, but still asks to repair or just saying no new update bye-bye?
@XorZone
I used it also to get the stock recovery as a base for my TWRP. But I don't want to flash my device with it. I had some problems with it, dumped boot/recovery images (with sin editor) stucked on boot. I had to repack them to boot right. I wasn't able to dump cp-image. It ate all my free space and aborted. Another problem is my Linux doesn't recognize the swr50 right in s1 mode. My USB port goes wild. That's why I stand back from any flash test with it. If I don't trust a tool (or don't know how to use it right) I can't advise others to try anything with it without consulting the experts.
Configuration file should be something like this
Code:
#Fri Aug 08 18:46:20 CEST 2014
internalname=SWR50
canfastboot=true
busyboxhelper=1.20.2
recognition=SWR50,tetra
variant=SWR50,tetra
cankernel=false
busyboxinstallpath=/system/xbin
realname=Sony Smartwatch 3
loader=1f5089f1c617e5aa3e7bae0a8c2f8ae2
canrecovery=true
buildprop=ro.product.device
canflash=true
I'm unsure with the cankernel. loader.sin should be the same loader.sin that you get after the decrypt? I've created the loader md5 for it. tetra in "recognition" is needed for julz' device
perpe said:
@XorZone
I used it also to get the stock recovery as a base for my TWRP. But I don't want to flash my device with it. I had some problems with it, dumped boot/recovery images (with sin editor) stucked on boot. I had to repack them to boot right. I wasn't able to dump cp-image. It ate all my free space and aborted. Another problem is my Linux doesn't recognize the swr50 right in s1 mode. My USB port goes wild. That's why I stand back from any flash test with it. If I don't trust a tool (or don't know how to use it right) I can't advise others to try anything with it without consulting the experts.
Configuration file should be something like this
Code:
#Fri Aug 08 18:46:20 CEST 2014
internalname=SWR50
canfastboot=true
busyboxhelper=1.20.2
recognition=SWR50,tetra
variant=SWR50,tetra
cankernel=false
busyboxinstallpath=/system/xbin
realname=Sony Smartwatch 3
loader=1f5089f1c617e5aa3e7bae0a8c2f8ae2
canrecovery=true
buildprop=ro.product.device
canflash=true
I'm unsure with the cankernel. loader.sin should be the same loader.sin that you get after the decrypt? I've created the loader md5 for it. tetra in "recognition" is needed for julz' device
Click to expand...
Click to collapse
Strange, I was able to boot straight from extracted boot/recovery images. With cp-image use dump raw instead.
I have almost the same config file, but was not able to flash system sin when I screwed mine while testing first rooting boot.img.
And if PC Companion do not repair his test version, I would not proceed at least until other partitions compared to release version.
@julz, please dump version info as well:
Code:
dd if=/dev/block/platform/sdhci.1/by-name/version-info of=/sdcard/version-info.img
Oh yes, version-info is very important, u-boot checks it on boot.
I tried the raw dump, but it adds a strange header to most of my dumps.
@perpe - Thanks for the DD instructions.
I've dumped my S1SBL, TA and VERSION-INFO partitions now.
I've also had a look in my TA image and this is what is after my serial number (excluding the random ASCII):
Mine is 1286-0320 S1BOOT_BCM23550_Release_29
(yours is 1286-0320 S1BOOT_BCM23550_Release_REL105)
KGW83C (my build number)
My model simply refers to 'tetra' and not SWR50.
I had no PC companion timestamps as I can't flash with PC companion.
@XorZone - I can't select an option in PC Companion to reset/reflash my watch. Simply says no update is available.
My S1SBL and VERSION-INFO partitions are uploaded here:
http://1drv.ms/1xwGMSW
Thanks!
Update: unfortunately the Marshmallow firmware for Xperia M5 enabled verified boot (dm-verity) so the phone will refuse to boot if you use dd Flasher Minimal to root. If you want root on Marshmallow firmware and also have an unlockable bootloader, I recommend flashing the stock Marshmallow firmware then using this kernel to get root access again...
This tool is a fork of the main dd Flasher made especially for Xperia M5 family, which allows updating to latest firmware version while maintaining root access, assuming your device is currently rooted...
How it works?
Sony updates are packed in .sin files, generally stored in FTF packages. Using Androxyde's FlashTool, you can get an image of the system partition (system.ext4) of the latest firmware available, which is sideloaded into your device by this tool. Next, it'll mount the update image (system.ext4) in a loop device, place SuperSU binaries and after that, stop all running processes and "flash" the modified image back into your device by using dd binary.
After using dd Flasher Minimal, all you need to do is rebooting your device into flash mode in order to flash the rest of the FTF file (excluding system partition, of course) with FlashTool. In the end, your device will be running the firmware from the FTF file you used with full root access, which makes dd Flasher Minimal extremely useful (especially to locked bootloader users) to update to the latest firmware where there's generally no root exploit available.
Requirements
• Your device must already have root access. You can downgrade to an older firmware and root it with iovySU, if needed.
• You will need Androxyde's FlashTool and an FTF file of the firmware version you want to upgrade your device to. Also, if you crossflashed your device to another firmware region/variant in order to get root (e.g. E5653 HK crossflashed with E5603 CE1 firmware or E5633 FR crossflashed with E5643 BR), it's your chance to return to your original variant/region by using a matching FTF file.
• Your device should have enough free space to store system partition image of the update temporarily (around 2.6 GB, depending of the firmware). You can store the image either on its Internal Storage or in external SD Card (if available).
• If storing the system image into SD Card, make sure your phone is connected in MTP mode (in Mass Storage mode only Internal Storage is accessible on device side and dd Flasher Minimal will fail)
• USB Debugging must be enabled on the phone (available in Settings => Developer Settings -- if you can't see it, go to Settings => About Phone and tap 7 times on Android Build).
• ADB drivers should be installed on the computer, otherwise this tool won't see it (you can install Xperia Companion to get the drivers or use any ADB installer you prefer).
• Your computer should be running Windows or Linux (you can probably use the Linux script on Mac, but that's completely untested and not guaranteed to work at all).
Instructions
I've splitted the instructions into three smaller sections. Follow all of them:
Getting system partition image
FTF files are just normal .zip files with a different extension and lots of .sin files inside, format commonly used by Sony in their firmwares for Xperia devices. We are interested in system.sin (it's the one with the partition image), to use it with dd Flasher Minimal, so:
• Open the FTF file with WinRAR or 7-Zip (or any other program compatible with .zip files);
• Extract system.sin somewhere you have easy access;
• Open FlashTool and go to Tools => SIN editor;
• A new window will open. Locate system.sin you extracted before, click in "Extract Data" and wait until FlashTool finishes extracting it;
• If everything went well, now you should have a system.ext4 file in the same place you extracted system.sin before (you can also delete system.sin -- it's not needed anymore at this step).
Using dd Flasher Minimal
Now that you got the system partition image, we can move on to dd Flasher Minimal:
• Download the attached ZIP and unzip its contents somewhere (make sure FlashTool is closed as well -- it's known to hijack ADB interface in order to provide some of its features and thus may cause issues with dd Flasher Minimal if it's running at the same time);
• Copy system.ext4 extracted previously to the root of the Internal Storage or SD Card of your phone;
• Open ddf_min.bat (or start ddf_min.sh from Terminal if you're on Linux) and select the same location where you've copied system.ext4 (Intenal Storage/SD Card) and wait while dd Flasher Minimal do its work;
• Please note that it'll take a while to finish and your device will look like it's dead or completely frozen during the process. Don't worry, it's normal;
• If everything went well, dd Flasher Minimal will notify you. Press any key and dd Flasher Minimal will reboot your phone into fastboot mode. When the LED becomes blue, disconnect the USB cable. Your phone should power off now, don't turn it on yet;
• On some cases, it may not be possible to reboot into fastboot or the phone may not automatically turn off after unplugging the USB cable, if that occurs, make sure the USB cable is disconnected and power off your phone manually by pressing the "OFF" microswitch present next to the microSD card slot. Remember, don't turn your device on yet.
Flashing the remaining FTF contents with FlashTool
At this stage, your device have the system partition with full root access of the firmware from the FTF you used but still have the kernel, baseband, etc., from the previous firmware you were running on your phone, so, trying to start your device now will probably result in a boot loop. To correct this:
• Open FlashTool again and flash the same FTF you used to extract system.ext4 through flash mode, however, make sure you exclude SYSTEM partition. If you forget to do so, you'll lose root access and you'll need to restart from the beginning.
• Make sure that you're using FlashTool 0.9.20 or newer and answer Yes when it asks if you want to use the .fsc script! Using an older version or not using the provided .fsc script will hard brick your Xperia M5 and only Service Center will be able to repair it.
• After flashing ends, disconnect the USB cable and start your phone. The first boot may take several minutes but if everything went well you should be now running the same firmware from the FTF file you used, with full root access!
Frequently Asked Questions
Q: Help! I've enabled USB Debugging on my phone but dd Flasher Minimal keeps stuck at "Waiting for device" message!
A: This means ADB isn't "seeing" your phone, either because you didn't install ADB drivers (you can use this stand-alone driver) or because you didn't authorize the connection on your phone. If dd Flasher Minimal still can't see your phone, make sure you don't have another Android device with USB Debugging enabled plugged on your computer at the same time or emulators like BlueStacks or Genymotion running.
Q: This whole thread looks familiar. Why?
A: Most of this is copy/paste from the dd Flasher thread. I made this version aimed directly at Xperia M5 because the main dd Flasher needs to take other details in consideration like devices of different architectures, different Android versions, different write protections and so on. In fact, my plans are rewriting the next version of the main dd Flasher in a more robust language than a simple Windows/UNIX script, that's also why it's pretty much abandoned and why I haven't updated the main tool besides the current beta release yet.
Q: Why should I do this complicated procedure to update my phone instead of using KingRoot which is a one-click tool?
A: Because there's no guarantees that KingRoot will work on later firmwares. With this tool, if you currently have root access or an older firmware version which is exploitable, you can update to any new firmware version*, even if there's no exploit available. Also, this tool uses SuperSU instead of the dubious root managing app with bloat stuff built-in that KingRoot provides.
* as long as the newer firmwares don't include protections at kernel level, like dm-verity. On those cases you'll need an unlocked bootloader
Q: Is there any difference between dd Flasher Minimal and PRFCreator?
A: The concept behind both tools are exactly the same (modify the system partition image in order to include SuperSU on it). The main difference is that PRFCreator produces flashable ZIPs to be used in custom recovery and also has more features, while dd Flasher Minimal do the same but through ADB brigde, which means it can also work on devices without custom recovery available.
Q: Can I use dd Flasher Minimal with <insert device here>?
A: You can try, but there's no guarantees. Also, the target firmware should be an ARM64 version of Lollipop or newer, otherwise don't even bother trying as it'll probably result in a bootloop.
Credits
I'm the author of this script, which is based on dd Flasher (which I'm the author too). This tool uses some pieces of code written originally by @zxz0O0 and @Chainfire, so, credits (and thanks) to them.
Nice work
Thanks for you hard work, look forward to trying this soon.
Thank you very much for this amazing work. I tried it yesterday and worked perfect!!!
I tried and it works good! But I have one question: will it be possible update to android 6 by using this tool?
As long as the newer firmwares don't include protections at kernel level, like dm-verity, yes, you can use this tool with any future upate...
got my phone back from Sony, they did not change anything, even though it appears the front camera has a fixed focus. When you are at that distance the picture is razor sharp, else it is poor.
So anyway, given I have to live with it, I thought I would finally get around to rooting and getting a more up-to-date firmware than available in the UK. So used this and now on .55 on generic Spain.
Perfect!! Only we need recovery
Some good (and bad) news: first the good news, Sony started rolling out 30.2.A.0.100 firmware for single SIM variants, the long-awaited Marshmallow update, and it should come soon to dual SIM variants too (probably under 30.2.B.0.100 if Sony keeps the same naming scheme of previous updates). And now the bad news, from a preliminary look I did in the boot image of the update, it now have dm-verity enabled on the kernel, and so, by using dd Flasher Minimal to update to a Marshmallow-based firmware while maintaining root access, the phone will refuse to boot unless you unlock the boot loader and flash a modified kernel with dm-verity disabled...
mbc07 said:
Some good (and bad) news: first the good news, Sony started rolling out 30.2.A.0.100 firmware for single SIM variants, the long-awaited Marshmallow update, and it should come soon to dual SIM variants too (probably under 30.2.B.0.100 if Sony keeps the same naming scheme of previous updates). And now the bad news, from a preliminary look I did in the boot image of the update, it now have dm-verity enabled on the kernel, and so, by using dd Flasher Minimal to update to a Marshmallow-based firmware while maintaining root access, the phone will refuse to boot unless you unlock the boot loader and flash a modified kernel with dm-verity disabled...
Click to expand...
Click to collapse
That really is bad news that dm-verity is enabled on the kernel. Have you actually tested it yet? I don't suppose there's a chance that Sony complies with Google's requirement that the user must be notified of verification failure and given the option of continuing to boot despite the failure?
I haven't actually flashed the update because it's not available yet for my variant (E5643) and at the moment I want to avoid cross flashing because it's my main phone (and I had issues with cross flashing it on the past).
What I did was downloading the update for E5603 and then taking a look on the RAM Disk of the kernel image; the verity keystore is present and it's also present in the fstab, so, dm-verity is definitely enabled. Also, from the dm-verity issues in recent Xperia flagships regarding root (Z3+/Z4, Z5, Z5c, Z5p) I really don't believe Sony just set dm-verity in "warning" mode rather than enforcing it, making the phone refuse to boot if the system partition was tampered...
In other words, permanently locked bootloader owners are currently screwed if they want root in Marshmallow update for Xperia M5 series
mbc07 said:
I haven't actually flashed the update because it's not available yet for my variant (E5643) and at the moment I want to avoid cross flashing because it's my main phone (and I had issues with cross flashing it on the past).
What I did was downloading the update for E5603 and then taking a look on the RAM Disk of the kernel image; the verity keystore is present and it's also present in the fstab, so, dm-verity is definitely enabled. Also, from the dm-verity issues in recent Xperia flagships regarding root (Z3+/Z4, Z5, Z5c, Z5p) I really don't believe Sony just set dm-verity in "warning" mode rather than enforcing it, making the phone refuse to boot if the system partition was tampered...
In other words, permanently locked bootloader owners are currently screwed if they want root in Marshmallow update for Xperia M5 series
Click to expand...
Click to collapse
Do you have UB your M5?
Rootability news for marshmallow?
Silly idea : just disable the dm-verity?
Else have to unlock bootloader... Is that even work?
knight84 said:
Silly idea : just disable the dm-verity?
Click to expand...
Click to collapse
You need an unlocked bootloader to do that.
Just curiosity, i know that it will not work but i don't know why...
What prevent unzip ftf and to change boot.img with one dm_verity off ?
Nothing. But locked bootloader devices only accepts kernels signed by Sony, modify a single byte on the boot image and the signature is not valid anymore. In other words, a bootloader locked phone would refuse to boot with a modified boot image.
mbc07 said:
Nothing. But locked bootloader devices only accepts kernels signed by Sony, modify a single byte on the boot image and the signature is not valid anymore. In other words, a bootloader locked phone would refuse to boot with a modified boot image.
Click to expand...
Click to collapse
Clear! I read something now in Wikipedia.
I have an idea. But I am not an expert, so I am not sure about this.
I think, we can downgrade the firmware with Flash Tools. Then, we can gain root access with kingroot. We can get a backup of TA partition and drm keys and then we will unlock the bootloader, change the dm-verity thing and use this dd flasher to keep root access with mm update. So If we have root again, we can lock the bootloader and restore the drm keys.
Am I correct about this idea. Can it be successful?
As soon as you restore your TA backup (thus relocking the bootloader) the phone would refuse to boot the modified image. Like I said before, only signed boot images can be loaded with a locked bootloader (modify the image to disable dm-verity => its signature is not valid anymore). Also, even if it worked, it would be of no use for users with permanently locked bootloader (e.g. devices bought through carriers)...
Before starting, your phone must have an unlockable bootloader. If your Xperia M5 have a permanently locked bootloader, unfortunately you can't use this kernel.
As you may already know, Sony enabled verified boot on Xperia M5 starting with the Marshmallow firmwares just like on their recent flagships (Z3+/Z5/X Performance/etc) and thus, dd Flasher Minimal won't work anymore because it writes into system partition, and so, dm-verity would fail and the phone would refuse to boot.
How it works?
The main issue is dm-verity, which prevents any kind of modification on system partition, so we must disable it. Unfortunately, you need to modify the RAM Disk of the kernel to disable dm-verity, and to flash a modified kernel, you'll need to unlock the bootloader, wiping your device unique DRM keys in the process. Fortunately, @tobias.waldvogel developed a tool which includes a DRM fix, aimed mostly at the Xperia flagships, but it also works very well with Xperia M5, and thanks to iovyroot/iovySU and the previous exploitable firmwares, we can make a TA Backup without much trouble!
So, in other words, this modified kernel comes in 3 different variants and is exactly the same as the stock Marshmallow kernels despite the following changes:
• Verified boot (dm-verity) disabled on the SuperSU variant (and it'll get automatically disabled after you install a root solution on top of the DRM Fix variant).
• SuperSU v2.78 SR2 in system-less mode (and a small modification to make it survive factory resets) on the SuperSU variant.
• DRM fix library (more about that later) on the SuperSU and DRM Fix variants.
Supported Firmwares
For single SIM variants (E5603, E5606 and E5653):
• 30.2.A.0.100
• 30.2.A.0.110
• 30.2.A.1.21
For dual SIM variants (E5633, E5643 and E5663):
• 30.2.B.0.100
• 30.2.B.0.110
• 30.2.B.1.21
Requirements
• Your device must have an unlockable bootloader. (you can check that in the Service Menu, on your phone, open the dialer and enter *#*#7378423#*#*, then go to Service Info => Configuration => Rooting Status).
• You must be running one of the supported firmwares and should flash a variant that matches the firmware version you're running.
• ADB drivers and fastboot should be installed on the computer.
• (Optional, but highly recommended) A TA backup of your device, taken before unlocking its bootloader, to restore DRM-related functions, if using the SuperSU or the DRM Fix variant.
Kernel Variants
Before continuing, you should pick and download one of the three variants (you can get them on the "Downloads" tab from the top of this thread Edit: use the alternate download link at the end of this post). Remember to pick the version that matches the firmware you're running, otherwise you might experience bugs or incompatibilities! The available kernel variants are:
• DRM Fix: this variant is the stock kernel with the DRM Fix library included. You must install a root solution (like Magisk or SuperSU) after flashing this variant, otherwise you won't have root access and dm-verity will still be enabled (it'll get automatically disabled after you flash Magisk or SuperSU). That's the variant I recommend for all end-users, and I strongly advise flashing Magisk instead of SuperSU, especially if you want to pass on SafetyNET checks.
• SuperSU: this variant is the stock kernel with the DRM Fix library included, dm-verity disabled and SuperSU v2.78 SR2 pre-installed in systemless mode. Keep in mind if you plan to use Android Pay or other SafetyNET enabled apps that this variant won't pass any SafetyNET check. I only recommend this variant for end-users who don't care about SafetyNET and just want root access quick and dirty, but even then I strongly suggest considering DRM Fix variant + Magisk route instead.
• Stock: as the name implies, this variant is identical to the stock kernel without any kind of modification, repacked in a standard Android Boot Image format file, thus, bypassing all incompatibilities with kernel patching and editing tools caused by the ELF format + Mediatek header that's used on the stock firmware. This version won't disable dm-verity, won't provide root access and doesn't include the DRM Fix, it's aimed at modders and developers only.
Instructions
The instructions are split into three smaller sections. If you already have unlocked the device's bootloader, jump straight to the 2nd section.
Backing up the TA partition and unlocking the bootloader
Before unlocking the bootloader, I highly recommend making a backup of the TA partition of your device as it'll allow relocking your bootloader and restoring your device unique DRM keys in the future and it'll also allow restoring full DRM related functionality on your phone through the DRM fix library included in the DRM Fix and SuperSU variants of this kernel.
To make a TA backup, your phone should be already rooted (you can do that on Xperia M5 by downgrading to one of supported firmwares and then using iovySU, click here for more details), after that, use Backup TA to make the backup. Also, keep in mind that the TA partition is unique to every device and you should NOT EVER restore or use a TA backup of another phone, even if it's from exactly the SAME model and variant! Doing that will hard brick your device, most of times beyond repair.
After making a TA Backup you can safely unlock your bootloader, start by going to Sony Developer World and follow the instructions to request your bootloader unlock key. Note: Xperia M5 isn't in the list of unlockable devices but you can pick any other device on the list (I picked up Xperia Z5, for example), it'll also work without issues.
After you got your bootloader unlock key, simply turn off your phone, hold the Volume Up key and plug the USB cable. Keep holding Vol Up until notification LED becomes blue. Now, run the following commands to unlock your bootloader (this will wipe all data on internal storage, make sure to backup important data first!):
Code:
fastboot oem unlock 0x<your device key>
fastboot reboot
(since internal storage will be wiped, the first boot after unlocking the bootloader will take a while to complete)
Flashing your device key
You need a TA Backup from when your bootloader was still locked to perform this step, if you didn't make a TA Backup before unlocking the bootloader, your device keys are gone forever thus you can't flash your device key, so, skip directly to the next section.
On Xperia devices, when you unlock the bootloader, the unique device key get deleted forever and so some proprietary Sony features (X-Reality/Mobile BRAVIA Engine, proprietary camera denoise algorithms, etc) and DRM-related features cease to work. The DRM fix library included in the DRM Fix and SuperSU variants of this kernel fully reactivates all DRM-related functionality by loading your device key from an alternate TA Unit (which we'll flash now).
First we need to extract your unique device key from the TA backup, you can do that with Root Kernel. Extract it somewhere and put your TA backup on the same folder (if you did your backup through iovyroot, it's a file named TA-xxxxxx.img, if you did your backup through Backup TA it's a file named TA.img which will be inside the .ZIP file) then run the following command through Command Prompt (or Terminal if you're on Linux/Mac):
Code:
flash_dk <ta backup image> DK.ftf
If everything went well, you'll now have a FTF file of around 500 bytes named DK.ftf on the same folder. Using Androxyde's FlashTool, flash this file in your phone through flash mode. An alternative method is opening DK.ftf with WinRAR or 7-Zip to extract the file DK.ta and then using FlashTool Pro Mode (File => Switch Pro then Advanced => Trim Area => S1 => Flash TA File). You only need to do this step once, no need to reflash the key even after flashing other FTF files or doing a Factory Reset.
After that, you're ready to flash the kernel, follow to the next section.
Flashing the modified kernel
If you have downgraded your device to make a TA backup on the previous sections, it's time to go back to one of the supported Marshmallow firmwares before continuing!
Now, unzip the kernel variant you've downloaded earlier, then turn off your device, hold Volume Up and plug the USB cable. Keep holding Vol Up until the notification LED turns blue, then run the following commands to flash the kernel (replace the file name with the appropriate version of the variant you've selected):
For example, if you have an E5603, E5606 or E5653 on 30.2.A.1.21 and have chosen the DRM Fix variant the command would be:
Code:
fastboot flash boot boot_m5_ss_30.2.A.1.21_drmfix.img
fastboot reboot
Or if you have an E5633, E5643 or E5663 and have chosen the SuperSU variant the command would be:
Code:
fastboot flash boot boot_m5_ds_30.2.B.1.21_supersu.img
fastboot reboot
If you've flashed the SuperSU variant, that's it. Upon rebooting you should see SuperSU in the app drawer. If you've flashed the DRM Fix variant you should now boot into TWRP recovery and install either Magisk or SuperSU to finish the setup. And thanks to the DRM fix library by @tobias.waldvogel, if you have flashed either the DRM Fix variant + Magisk/SuperSU or the SuperSU variant alongside your device key, you can also redo the Security Test on the Service Menu (open the dialer and enter *#*#7378423#*#* to open) to see it still passes, even with the bootloader unlocked!
Known Issues
• DRM Fix library in the DRM Fix variant will only work if you install Magisk or SuperSU through TWRP recovery.
• Offline charging won't work anymore after flashing the SuperSU variant or the DRM Fix variant + Magisk/SuperSU. Your phone will boot up normally instead.
• If you're running firmware 30.2.x.1.21, you won't be able to reboot directly into recovery by running adb reboot recovery. That's a restriction implemented by Sony, but you can still boot into recovery manually by holding Vol Down + Power while the phone is turned off without the USB cable attached.
Frequently Asked Questions
Q: Help! Fastboot is stuck at "< waiting for any device >" message!
A: This means fastboot isn't "seeing" your phone, probably because you didn't install ADB drivers (you can use this stand-alone driver). If fastboot still can't see your phone, make sure you don't have emulators like BlueStacks or Genymotion running.
Q: I didn't make any TA backup before unlocking the bootloader, can I still benefit from DRM fix library?
A: Yes, but in a limited manner. Without your device key, the library will work in an "emulation" mode which is sufficient to restore some of Sony proprietary features (like Mobile BRAVIA Engine and noise reduction algorithms in the camera). However, Miracast might not work and any app dependent of Widevine DRM won't work too.
Q: I didn't make any TA backup before unlocking the bootloader, can I flash the device key of another phone?
A: No, those keys are unique for each device, even if they are from exactly the same model and variant. Doing that may also hard brick your phone.
Q: Service Menu indicates that my bootloader can be unlocked even through it's already unlocked. What's happening?
A: The DRM Fix library from the DRM Fix and SuperSU variants loads your device key from an alternative TA Unit, and thus, since the key is present, Service Menu thinks that the bootloader is still locked, even through it isn't. Just ignore it...
Q: Help! I formatted my /data partition / I reseted my phone to factory defaults and it's randomly rebooting at Sony logo. What's happening?
A: Don't worry, you flashed the SuperSU variant and that's just system-less SuperSU reinstalling itself back. During that process is normal that the phone reboots once or twice at Sony logo or shortly after, then everything will be normal.
Q: Does this kernel passes SafetyNET checks? Can I use Android Pay?
A: It passes SafetyNET checks only if you flash the DRM Fix variant and then install Magisk afterwards (you might need to enable Magisk Hide manually through Magisk Manager app). All other variants won't pass SafetyNET, not even the stock one due the unlocked bootloader.
Credits
The most important piece of the SuperSU and DRM Fix variants of this kernel (the DRM Fix library) was made by @tobias.waldvogel. He's also the developer of Root Kernel, which can patch kernels with this library on the fly. Unfortunately, Mediatek kernels have some oddities (like a 512-bytes header at the beginning of the zImage and RAM Disk) that prevents most tools from working without modifications, so I had to edit and patch those kernel variants manually. The system-less integration of SuperSU on the SuperSU variant was done using the official SuperSU installer from @Chainfire despite a minor tweak I did to make root access survive Factory Resets, so, credits (and thanks) to them.
XDA:DevDB Information
Stock Marshmallow Kernel with Root + DRM Fix, Kernel for the Sony Xperia M5
Contributors
mbc07
Kernel Special Features: stock kernel, pre-rooted
Version Information
Status: No Longer Updated
Stable Release Date: 2016-09-01
Created 2016-11-03
Last Updated 2017-08-11
Alternate download link here (XDA DevDB archive)
Thanks @mbc07, it flashed and booted no problem, and now I have a rooted Marshmallow M5 (E5653).
Also Xposed can be installed the easier way now
I had a question, I unlocked my BL already on 6.0, and didn't backup my TA... am I able to go back to Lollipop, relock BL, backup, and then upgrade again? Or is my TA lost for good?
グリッチ said:
I had a question, I unlocked my BL already on 6.0, and didn't backup my TA... am I able to go back to Lollipop, relock BL, backup, and then upgrade again? Or is my TA lost for good?
Click to expand...
Click to collapse
If you didn't take a backup before unlocking the bootloader the first time, your device keys are gone, forever (doing a backup now is useless too as the device keys were already deleted). And you won't be able to relock the bootloader either, only restoring a TA backup of when the device was locked can relock the bootloader on Xperia devices AFAIK...
wrong thread ... need o move a section under Xperia M5 Android Development
Ok thanks for that., i'll do this when i have some confirmation...
I need to summarize a point, tell me if i'm right :
on the first step we must be with firmware lollipop like 30.1.B.1.33 or 55 ?
on the second step we must be with firmware ????
on the third step we must be with firmware 30.2.B.0.100 ?
Thanks again.
Would it be possible to restore DRM from a different phone?
Le_sage said:
Ok thanks for that., i'll do this when i have some confirmation...
I need to summarize a point, tell me if i'm right :
on the first step we must be with firmware lollipop like 30.1.B.1.33 or 55 ?
on the second step we must be with firmware ????
on the third step we must be with firmware 30.2.B.0.100 ?
Thanks again.
Click to expand...
Click to collapse
When you got your TA backup you should update your firmware to Marshmallow which is 30.2.B.0.100 in your case
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
it's not good
when you type the command is the information that you can find the file
otsukaranz said:
Would it be possible to restore DRM from a different phone?
Click to expand...
Click to collapse
Did you read the FAQ?
Q: I didn't make any TA backup before unlocking the bootloader, can I flash the device key of another phone?
A: No, those keys are unique for each device, even if they are from exactly the same model and variant. Doing that may also hard brick your phone.
Click to expand...
Click to collapse
You made my day! Thanks a lot!
Help. I'm stuck at the waiting for device message. ADB sees my device only if it's on... After I go into fastboot mode it can't see it. My phone has bootloader unlocked and I have ADB drivers on my computer.
Le_sage said:
Ok thanks for that., i'll do this when i have some confirmation...
I need to summarize a point, tell me if i'm right :
on the first step we must be with firmware lollipop like 30.1.B.1.33 or 55 ?
on the second step we must be with firmware ????
on the third step we must be with firmware 30.2.B.0.100 ?
Thanks again.
Click to expand...
Click to collapse
This kernel only works on Marshmallow firmware (30.2.A.0.100 / 30.2.B.0.100), you need to downgrade only if you didn't take a TA backup yet (and I suggest doing that with iovySU + Backup TA in this case -- iovySU works only on 30.0.A.1.23/30.0.B.1.23 or 30.1.A.1.33/30.1.B.1.33, so you should downgrade to one of these). After making the TA backup you should go back to Marshmallow firmware, though. I'll make this more clear in the OP...
otsukaranz said:
Would it be possible to restore DRM from a different phone?
Click to expand...
Click to collapse
If you mean using the DRM Fix library in the kernel of another Xperia device, I don't know, but probably. The trick is including libdrmfix.so libraries either in the RAM Disk or directly into the system partition then referencing it in LD_PRELOAD environment variable that is initialized in one of the init*.rc scripts from the RAM Disk (@tobias.waldvogel probably can explain better as the library was made by him). If you mean using only the keys of another device into yours, as I said in the FAQ, probably not and I wouldn't risk trying since messing with the TA partition may hard brick your device.
leszek732 said:
it's not good
when you type the command is the information that you can find the file
Click to expand...
Click to collapse
I can't see your screenshot. And I can assure the kernel for dual SIM at least is working. I didn't test the kernel for single SIM variant but seeing the feedback of single SIM users it's apparently working very well too...
MarkusPolska said:
Help. I'm stuck at the waiting for device message. ADB sees my device only if it's on... After I go into fastboot mode it can't see it. My phone has bootloader unlocked and I have ADB drivers on my computer.
Click to expand...
Click to collapse
As I said in the FAQ, fastboot drivers (which generally comes with ADB) aren't installed on your computer. While your device is connected in fastboot mode (blue LED on), check the Device Manager on your computer, it'll probably show your phone with a yellow exclamation mark (meaning the drivers aren't installed/weren't detected).
As I said in the FAQ, fastboot drivers (which generally comes with ADB) aren't installed on your computer. While your device is connected in fastboot mode (blue LED on), check the Device Manager on your computer, it'll probably show your phone with a yellow exclamation mark (meaning the drivers aren't installed/weren't detected).
Click to expand...
Click to collapse
Yeah I found it out a few minutes after I posted my reply... Although I still can't install the drivers (I'm on windows 10) even after I disabled driver checks in the booting options. How do I install the fastboot drivers?
EDIT: Never mind I got it. Damn you windows 10 updates. S**t keeps messing up my computer -_-
Thanks man! You're the best:good:
Le_sage said:
Did you read the FAQ?
Click to expand...
Click to collapse
Sorry, tldr. Anyways, Thank you for your response.
I should flash TA.ftf when i'm on stock MM and than flash kernel?
SimonZ said:
I should flash TA.ftf when i'm on stock MM and than flash kernel?
Click to expand...
Click to collapse
Despite being a FTF, it's just a .TA file inside, so, it doesn't really matter what firmware you are, the device key will be flashed directly into your TA partition (but in another unit), thus, you need to do this only one time...
mbc07 said:
This kernel only works on Marshmallow firmware (30.2.A.0.100 / 30.2.B.0.100), you need to downgrade only if you didn't take a TA backup yet (and I suggest doing that with iovySU + Backup TA in this case -- iovySU works only on 30.0.A.1.23/30.0.B.1.23 or 30.1.A.1.33/30.1.B.1.33, so you should downgrade to one of these). After making the TA backup you should go back to Marshmallow firmware, though. I'll make this more clear in the OP...
Click to expand...
Click to collapse
Yeah I've done it!
I was on Firmware 30.1.B.1.55/30.1.A.1.55 rooted with kingroot, i've made the first step to save my TA partition and then unlock the bootloader. Then I flash the phone to Firmware MM 30.2.B.0.100/30.2.A.0.100, then I flash the device key with my previous TA Backup and to finish I flash the modified kernel.
Thanks a lot, Marshmallow work and is rooted!
(I just have a lite problem with ES explorer pro which say your phone is not rooted but the other apps are ok)
Anybody and upload boot.ftf for 30.1.A.1.55?
Current device : E5603 - YT911AWYRQ - 1301-1679_R6A - 1295-9162_30.1.A.1.55 - GENERIC_30.1.A.1.55
Loader : S1_Root_ac45 - Version : MT6795_16 / Boot version : S1_Boot_MT6795_L1.MP2.TC9SP_21 / Bootloader status : ROOTED
I can´t boot the phone... (I can´t flash me boot.img copy)
Enviado desde mi DROID4 mediante Tapatalk
I've started the steps to obtain rooted MM and with backup of my drm.
For first thing downgrade to compatible iovySU firmware so Flashtool has flashed the E5603_30.1.A.1.33_Customized_CE1_1300-5608_R4A.ftf but don't ask to me for FSC script, i was scared about it...
When finished i turn on my phone and...
M5 boot!!! Why?? Should not to be bricked?
Anyway i can't make the TA Backup, iovyroot give me alway some error
Code:
iovyroot by zxz0O0
poc by idler1984
[+] Changing fd limit from 1024 to 4096
[+] Changing process priority to highest
[+] Getting pipes
[+] Allocating memory
[+] Installing JOP
[+] Patching address 0xffffffc0011a72b0
[+] Start map/unmap thread
[+] Start write thread
[+] Spraying kernel heap
[+] Start read thread
[+] Done
[+] Patching addr_limit
[+] Patching address 0xffffffc055554008
[+] Start map/unmap thread
[+] Start write thread
[+] Spraying kernel heap
[+] Start read thread
[+] Done
[+] Removing JOP
got root lmao
Unable to chmod /data/local/tmp/tabackup/TA-04092016.img: No such file or directory
chown: /data/local/tmp/tabackup/TA-04092016.img: No such file or directory
could not open /dev/block/platform/mtk-msdc.0/by-name/TA, No such file or directory
could not open /data/local/tmp/tabackup/TA-04092016.img, No such file or directory
Error copying TA.img
rm: /data/local/tmp/tabackup/TA-*.img: No such file or directory
Premere un tasto per continuare . . .
finally I fix my phone, 6.0 + root + recovery + drmkeys + xposed, thanks for this
Hello hello,
this will be my "live" thread of bringing AICP 13.1 to my xperia z1c, I found some Guide's that I will follow and I will share with you all the links and knowledge I gained as a newbie that I used to understand and fix my problems on the way.
Maybe this will help you, too.
Main Tutorial: LINK
Target of all this: LINK
My Device:
Sony XPERIA Z1C, 14.6.A.1.236 , Lollipop 5.1.1
My best hint: read carefully, take your time to understand what you're trying to do and do your own research!
Hopefully you will get a aicp custom rom out of it.
_____________________________________________
_____________________________________________
General information: Android 5.1.1 cannot be rooted due to its high security standards, therefore we will downgrade to a lower security stock rom and create root access there. Root access will be needed as well as an unlocked bootloader to install real recovery (TWRP) which is the tool to flash custom roms like aicp. But the aicp custom rom will not have a good working camera, don't ask me why, but the camera seems to be a really difficult thing from the point of developer's view, let's accept this. Aside of that disadvantage, this custom rom is a very nice software and it makes my z1c kind of new. I don't use my camera anyway often at all.
During all this flashing thing I had a very big ??? while implementing real recovery. I was able to flash the .236.ftf but not the openbootloader.ftf as described in section 5 in the main tutorial. The result was twrp boot failed.
Error description:
flash .236.ftf works
flash openbootloader fails
flash twrp works
boot twrp fails
boot stock rom works
My solution:
I restarted from scratch and finally with the kind of messed up secquenceI got it:
flash .236.ftf works
flash openbootloader fails
flash twrp works
boot twrp fails
flash openbootloader works
flash twrp works
boot twrp works
UPDATE 06.12.2018 as a solution for REAL RECOVERY with working camera <<< RECOMMENDED
0. boot into rom works
1. flash openbootloader works
2. boot into rom works
3. flash .236.ftf works
4. boot into rom & check camera works
3. flash twrp ( business as usal ) works
4. boot twrp ( First boot is damn important, don't miss it! Press Vol- & Power, wait for vibration, release Power & keep Vol- until twrp boots up ) works
5. full wipe, flash aicp-rom, flash gapps, flash magisk-root, boot system works
6. enjoy Oreo 8.1 & camera check !!! works !!!
This routine worked straight forward for me where I started from scratch with my second device.
Flashing aicp was pretty easy, good to know for flashing the rom was full wipe = advanced wipe and select everything except of micro sd
To complete my aicp 13.1 Oreo 8.1 device the camera problem has to be fixed ( Saving the taken picture fails, display goes into freeze, no chance to solve this with camera mods, camera apps )
But @lm089 gave me the right hint, and finally this was my solution! Thanks again @lm089!!
Have fun with your new >> SONY XPERIA Z1 COMPACT <<
How to update TWRP
1. Turn Off your device
2. Start device in fastboot mode by connecting via usb cable to your pc and press Vol- until blue led tuns on
3. use fastboot flash recovery twrp.img to flash it
4. boot twrp ( This first boot is damn important, don't miss it! Press Vol- & Power, wait for vibration, release Power & keep Vol- until twrp boots up ) works
How to update to aicp 14.0 pie 9.0
starting with the running and latest aicp 13.1 oreo 8.1 rom above I just followed the Instructions here. As a specialty I had to install the Magisk Manager App manually into the rom to get root. Downloading supersu.apk from www.supersuroot.org works fine as well.
Your fastboot connection doesnt work for some reason though u had this workin fine in the past? maybe u had a windows update. install your drivers again.
>> LETS KEEP THIS DEVICE ALIVE <<
_____________________________________________
_____________________________________________
More helpful links that I used:
Debug apps by creating logs
what is adb? an xda tutorial
ADB working Download Link and ADB Article on xda
xda flashtool error during setup: click
[NOOBIE] Basic adb commands and device partition overview
Latest TWRP 3.2.3-0 for z1c
root solution using flash tool
Restore DRM functionality after UB
If TA Backup dry restoration restoration fails: Solution and Download *.dll
Boot into recovery or fastboot mode
How to install TWRP
Magisk beats superSU
How to Install Custom ROM using TWRP for Android!
change boot animations
[TUTORIAL] Design Your Own Bootanimation
Backup & Restore Your ROM With TWRP
Terminology: odex and deodex
If the camera goes into freeze or saving the picture fails: This was my solution! /// But you better go straight with the steps of my update 06.12.2018, field tested!
THANKS A LOT TO @colaigor for his [BEGINNERS GUIDE]
Ok. So i dont have much time now but i can give some short directions.
1. Get unlock codes from sony for bootloader unlock
2. Instal adb and fastboot at your system(PC)
3. Instal z1c drivers
4. Instal flashtool
5. Unlock bootloader,root,flash recovery(search forum for "real recovery" ),flash root solution
6. Flash wanted rom,gaps
P.P. On second thought u dont need flashtool. All can be done with adb and fastboot commands from terminal
There is one thing I don't understand:
what is the difference between FLASHING REAL RECOVERY and FLASHING FAKE RECOVERY?
What I read is, that in both cases I get TWRP but on different partitions (real = Recovery Partition, fake = Boot partition) but do I need both or do I choose just on of them?
derjango said:
There is one thing I don't understand:
what is the difference between FLASHING REAL RECOVERY and FLASHING FAKE RECOVERY?
What I read is, that in both cases I get TWRP but on different partitions (real = Recovery Partition, fake = Boot partition) but do I need both or do I choose just on of them?
Click to expand...
Click to collapse
Real recovery have its own partition(after that update to bootloader). Custom recovery dont have that and its stored somewhere else(FOTA,onetime boot image , etc). Choose real recovery. New stuff works good with it.
Ok thank you :good:
flashtool log of openbootloader.ftf failed:
01/015/2018 13:15:58 - INFO - Device connected in flash mode
01/017/2018 13:17:19 - INFO - Selected Bundle for Sony Xperia Z1 Compact(D5503). FW release : 1. Customization : openbootloader
01/017/2018 13:17:19 - INFO - Preparing files for flashing
01/017/2018 13:17:19 - INFO - Please connect your device into flashmode.
01/017/2018 13:17:19 - INFO - Using Gordon gate drivers version 3.1.0.0
01/017/2018 13:17:20 - INFO - Opening device for R/W
01/017/2018 13:17:20 - INFO - Device ready for R/W.
01/017/2018 13:17:20 - INFO - Reading device information
Click to expand...
Click to collapse
solved, I skipped step 5.2, flashing the .236.ftf in advance
but how can I start TWRP?
doesnt work with POWER + Vol-, vibrate & release power
I tried to flash the following recovery solution using this command:
smartphone in fastboot mode (blue LED enabled)
fastboot flash recovery recovery.img
TWRP from step 5.1 of the GUIDE
TWRP 3.0.2
My formerly flashed .236.ftf rom works fine, but I cant start TWRP the device goes directly to my rom
zlata said:
Real recovery have its own partition(after that update to bootloader). Custom recovery dont have that and its stored somewhere else(FOTA,onetime boot image , etc). Choose real recovery. New stuff works good with it.
Click to expand...
Click to collapse
Thats where I'm stuck right now, any ideas how to fix?
okay got it, basically i do not know what the problem is but:
after BLU
flash .236 :good:
flash openbootloader
flash twrp :good:
--> failed to install openbootloader and probably thus twrp failed
solution: I skipped to flash .236 as recommended by the author of the GUIDE (step 5.2)
flash open bootloader :good:
flash twrp :good:
--> failed to start twrp, though it was installed successfully
flash .236 :good:
flash openbootloader (failed again, but it's already on the device and I guess I could have skipped this here)
flash twrp :good:
first boot of twrp is successful :good:
And basically the author explained it in his text, FIRST INSTALL OPEN BOOTLOADER BEFORE WRITING STH TO RECOVERY PARTITION
I think you should use Aicp 14 pie instead of 13.1 Oreo
I feel Aicp 14 PIE is very stable and flash port camera stock this link https://forum.xda-developers.com/crossdevice-dev/sony-themes-apps/port-stock-camera-nougat-roms- t3628791
Nice thread, thank you! Wish I had that when I started rooting and flashing
@lm089 Haha it's quite some work to get into it, right? I just saw that we are running on the same device & custom rom, how did you solve the issue with the not working camera? I'm still reading stuff about some mod, but I'm curious and open for tested solutions on z1c
best, dj
derjango said:
how did you solve the issue with the not working camera? I'm still reading stuff about some mod, but I'm curious and open for tested solutions on z1c
best, dj
Click to expand...
Click to collapse
Had this situation twice with 2 different oreo ROMs. Both times I solved it following a rather strange sounding suggestion I found on the AICP 13.1 discussion thread. The basic idea is to go back to a stock Sony ROM. Boot into it and make sure the camera is working which for me was the case both times. Then - if necessary - re-root your phone (on first occasion I flashed a pre-rooted .236 version but that caused some extra trouble so next time I decided to flash an unrooted version). And from then on it's the standard way as you described it in your OP.
Good luck!
Okay, thanks a lot for your hint! Unfortunately the camera mod didn't fix the problem, my android-task for this evening is defined:
AICP 13.1 Oreo 8.1 on z1c, root, ulb, magisk 17.1
1. backup my system (done)
2.0 flash stock rom lollipop 5.1.1 (14.6.A.1.236.ftf) with flashtool via usb (done),booting the os for the first time takes quite long (~10m), check camera in the os (done)
interesting fact: recovery is deleted by flashing the rom via flashtool - I thought I can go the lazy way and skip the step of installing twrp again into recovery
2.1 okay, let's do it: install twrp (done) and boot into twrp, NOT into ROM!! (done) (Vol- & Power, wait for vibration & release Power but keep Vol- until TWRP starts up)
3. flash aicp 13.1 following this (full wipe as an advanced wipe: select all EXCLUDING THE SD STORAGE)
Again here, I recognized the first boot of the rom takes quite longer.
4. check camera (done)
!!!! IT WORKS !!!!
(I did it two times)
alright, lets start flashing my second device - now I know how to do it
Thanks guys!!
derjango said:
!!!! IT WORKS !!!![/SIZE]
Click to expand...
Click to collapse
Weird, isn't it?
lm089 said:
Weird, isn't it?
Click to expand...
Click to collapse
Totally But hey, it's a solution
btw @lm089, boots your ota-updater directly into twrp and start the flashing procedure? In my case I had to boot twrp manually and flash the zip manually, too
derjango said:
btw @lm089, boots your ota-updater directly into twrp and start the flashing procedure? In my case I had to boot twrp manually and flash the zip manually, too
Click to expand...
Click to collapse
No, updater is booting into recovery, doing a nandroid backup and wiping caches (because I told it to), then flashing and finally rebooting into system. All by itself :good:
I remember having trouble with that in the past though. Do you by any chance have an SD card formatted as adoptable storage?
lm089 said:
No, updater is booting into recovery, doing a nandroid backup and wiping caches (because I told it to), then flashing and finally rebooting into system. All by itself :good:
I remember having trouble with that in the past though. Do you by any chance have an SD card formatted as adoptable storage?
Click to expand...
Click to collapse
Yes, its used as an external storage
derjango said:
Yes, its used as an external storage
Click to expand...
Click to collapse
ok, that's something different; adoptable storage means that your SD or part of it is setup to extend internal storage. If you can access all of your SD from TWRP then it is indeed formatted a external storage.
1) How to unlock bootloader:
https://developer.sony.com/develop/...ed/unlock-bootloader/how-to-unlock-bootloader
2) Download Platform-tools (adb & fastboot) r.26.0.2 as latests version does not work (or just for me):
https://xiaomifirmware.com/downloads/download-platform-tools-adb-fastboot-r-26-0-0/
3) Download TWRP 3.2.3-0 https://androidfilehost.com/?fid=11410963190603854057 and place file in Platform Tools folder on PC
4) Restart in fastboot mode and flash revovery:
fastboot flash recovery Z1C_twrp_3.2.3-0.img
fastboot reboot
5.1) Download AICP Oreo 8.1 http://dwnld.aicp-rom.com/device/amami/WEEKLY/aicp_amami_o-13.1-WEEKLY-20181204.zip and place file in Platform Tools folder on PC
5.2) Download Gapps Pico https://opengapps.org/?download=false&arch=arm&api=8.1&variant=pico and place file in Platform Tools folder on PC
5.3) Download stable Magisk 17.1 https://github.com/topjohnwu/Magisk/releases/download/v17.1/Magisk-v17.1.zip place file in Platform Tools folder on PC
6.1) Load TWRP. Advance>ADB Sideload (for Oreo)
adb sideload aicp_amami_o-13.1-WEEKLY-20181204.zip
(do not restart)
6.2) Repeat Advance>ADB Sideload (for Gapps)
adb sideload open_gapps-arm-8.1-pico-2018XXXX.zip
(do not restart)
6.3) Repeat Advance>ADB Sideload (for Magisk)
adb sideload Magisk-v17.1.zip
(restart)
Need help. I used AFT to flash April - good, I rebooted and flashed magisk patched image made with stable 25.2 - good, flashed Kirisakura Raviantha Kernel v1.0.2 - good. Magisk said update to 26.1 so I did. I did direct install to update to 26.1. My P6P rebooted ok. power off and now stuck in fastboot mode showing device state= unlocked, boot slot: a, Enter reason: boot failure. I've tried to flash stock boot.img to both slots and the new april bootloader.img to both slots....the phone won't boot past fastboot screen. It won't go into recovery mode either. Please help!!!!!!!!
PS platform tools v33.0.3
jcp2 said:
Need help. I used AFT to flash April - good, I rebooted and flashed magisk patched image made with stable 25.2 - good, flashed Kirisakura Raviantha Kernel v1.0.2 - good. Magisk said update to 26.1 so I did. I did direct install to update to 26.1. My P6P rebooted ok. power off and now stuck in fastboot mode showing device state= unlocked, boot slot: a, Enter reason: boot failure. I've tried to flash stock boot.img to both slots and the new april bootloader.img to both slots....the phone won't boot past fastboot screen. It won't go into recovery mode either. Please help!!!!!!!!
PS platform tools v33.0.3
Click to expand...
Click to collapse
Try using Android Flash Tool to get back to stock.
I tried. it failed.
Flash FailedDevice failed to boot into userspace fastboot. This usually indicates that the build you are flashing does not boot. Device serial logs can be helpful to determine the root cause of the failure
jcp2 said:
I tried. it failed.
Flash FailedDevice failed to boot into userspace fastboot. This usually indicates that the build you are flashing does not boot. Device serial logs can be helpful to determine the root cause of the failure
Click to expand...
Click to collapse
Then just manually flash ROM files in fastboot
jamescable said:
Then just manually flash ROM files in fastboot
Click to expand...
Click to collapse
is there a write up somewhere with adb commands?
Use PixelFlasher and the latest full update.
AlDollaz said:
Use PixelFlasher and the latest full update.
Click to expand...
Click to collapse
tried that as well
fastboot: error: Failed to boot into userspace fastboot; one or more components might be unbootable.
I'm not sure of the commands. Fastboot flash recovery "recovery.img" , same with the other files inside the zip inside the stock rom zip file
If i ran into this issue I'd try fastboot -w and fastboot update a custom rom.
jcp2 said:
is there a write up somewhere with adb commands?
Click to expand...
Click to collapse
Most need to be flashed in fastbootd I think. So to get there, fastboot reboot fastboot. You can flash recovery( boot, dtbo and vendor boot) in regular fastboot. That should fix everything because it will fully get rid of magisk
I used AFT and forced flashed partitions / wiped (kept bootloader unlock) and it's alive again!
Simply out of curiosity - what made you update magisk? Are there "must have" features in the new release?
StanWiz said:
Simply out of curiosity - what made you update magisk? Are there "must have" features in the new release?
Click to expand...
Click to collapse
Release Magisk v26.1 · topjohnwu/Magisk
Changes from v26.0 [App] Fix crashing when revoking root permissions [MagiskInit] Always prefer ext4 partitions over f2fs when selecting the pre-init partition [General] Restore module files' cont...
github.com
See for yourself, but the sepolicy and Zygisk updates I would consider "must haves". Of course, if you're still running an Android 5 device you won't be happy: Magisk 26.1 dropped Android 5 support.
Strephon Alkhalikoi said:
Release Magisk v26.1 · topjohnwu/Magisk
Changes from v26.0 [App] Fix crashing when revoking root permissions [MagiskInit] Always prefer ext4 partitions over f2fs when selecting the pre-init partition [General] Restore module files' cont...
github.com
See for yourself, but the sepolicy and Zygisk updates I would consider "must haves". Of course, if you're still running an Android 5 device you won't be happy: Magisk 26.1 dropped Android 5 support.
Click to expand...
Click to collapse
I'm all for change but I don't enjoy being a guinea pig .lol
If I have an application ( magisk 25.2) that works flawlessly I will hold off a few days prior to jumping on the band wagon ( unless the new version has something I really need) - more often than not there are issues. I prefer to read about them rather than experiencing on my own skin. Hence my question.
StanWiz said:
I'm all for change but I don't enjoy being a guinea pig .lol
If I have an application ( magisk 25.2) that works flawlessly I will hold off a few days prior to jumping on the band wagon ( unless the new version has something I really need) - more often than not there are issues. I prefer to read about them rather than experiencing on my own skin. Hence my question.
Click to expand...
Click to collapse
Not everyone thinks as you do. I update as soon as a new version is released, but I also know what I'm doing.
Strephon Alkhalikoi said:
Not everyone thinks as you do. I update as soon as a new version is released, but I also know what I'm doing.
Click to expand...
Click to collapse
It's not a question of knowledge but rather the things that are beyond ones control - possibility of bugs in the code. For example look what happened recently with platform tools.
@jcp2 With all the things you flash, you should also know what that is. Then it would be much easier for you to figure it out why your device is in an unbootable state.
Magisk, Kernel, fastbootd... have one thing in common: your boot.img!
It doesn't make sense to let Magisk patch your boot.img and installing a custom kernel without Magisk installed afterwards. In that case Magisk gets overwritten.
Your fastbootd is only a binary and located in the recovery's /sbin folder. Due to the fact that your P6P is an A/B slot device, your recovery is part of the boot.img.
Flash your stock boot.img from the image-raven-BUILD_NO.zip that you'll find inside your firmware download.
I had already tried flashing stock boot image to both slots. I had to use AFT and force flash all partions. I'm up and running/ rooted. I just have to reinstall apps .
Android flash tool is by far the easiest way to go for sure. Happy you got it fixed
{Mod edit: Quoted post has been deleted. Oswald Boelcke}
6. fast boot flash
That ADB Command does nothing.
The correct command is:
fastboot flash boot boot.img if you want to flash the boot.img
{Mod edit: Quoted post has been deleted. Oswald Boelcke}
You should give us the correct command. The syntax is (see fastboot -h):
Code:
flash PARTITION [FILENAME] Flash given partition, using the image from
$ANDROID_PRODUCT_OUT if no filename is given.
you can't use "fast boot" for a binary that's called "fastboot(.exe)".