Take our customer survey to evaluate your visit.
It should only take a few minutes to answer five quick questions. Just click the Launch survey button at the end of your visit to begin.
2013-05-31 10:46 PM
Before you start, please take some time to consider this for your own benefit. As the reader, I feel you should have the right to know all this. I urge you to read this through section at least once, even if you have rooted before and think you already know all that there is about rooting.
Root access grants great power, but also brings with it great risks and responsibilities. Responsibilities that directly impact yourself, and potentially others as well. Why?
Obviously, the first thing that comes to mind is premature hardware failure due to overly aggressive tweaks (i.e. bricking due to aggressive overclocking). Yes, that's certainly possible if one is reckless, but that's just but one amongst the myriad of other ways that you can potentially get into trouble. Contrary to what one might think, the risks aren't over even after you complete the rooting process successfully - if anything, you've just made it possible to royally screw yourself over in a single step. But I'm talking about much more severe consequences. You're likely wondering, what could possibly be more severe than a catastrophic failure that turns one's phone into an elegantly designed brick that warranty won't even cover?
Unlike your computer, your phone is essentially an important communications device that contains a wealth of important information, information that malicious individuals want for (their own) financial gains. Said individuals will stop at nothing to achieve their goals, and granting yourself root access to your phone makes you much more vulnerable.
Ever noticed how Android always prompts you with a list of permissions required by the app you're installing when seeking your approval? There's a reason for it - the principle of least privilege. If every single app out there had access to your contacts list, your IMEI number, your phone number, along with all the other details that can be used against / to uniquely identify you, then Android would be the most insecure platform ever. But it's not. By granting yourself (and apps) root access, that's exactly what you're getting into.
With root access, any app can do virtually anything. Root access allows an app to break out of the protective (and figurative) cage it is placed into by Android for security (the sandbox) and wreak havoc if it wants to - and you can't stop it once unleashed. They can spy on you without your knowledge, they can steal all the info in your phone, they can even lock you out of your own phone. Yes, root access regulation apps (e.g. Superuser) exist to mitigate that by seeking your approval whenever any app requests for elevated / root privileges. The flaw here is that these apps cannot control what an app actually does using root privileges. Instead, all they (the root access regulation apps) do is merely to grant / deny its request for them, depending on what you choose. That's all. No further safeguards, nothing whatsoever. And to further compound the issue, these apps have absolutely no idea why the app is requesting root access and what it's even needed for, so they look to you for advice on what to do. But if you're none the wiser, then there is clearly a major issue at hand. As a rule of thumb, never grant any app root access until you are certain you know why it's needed, and what it's doing with those privileges. With root access, you only have one chance, just one life. If you're compromised by even a single app, then it's game over. Granting a maliciously crafted app root access is surely the end of your safety and security, and nothing less. Given root access and the right conditions, an attacker can take over your device and track your each and every move without you even knowing it. More details on this are available in this article, I strongly recommend it.
So how does this affect others around you? Stop for a moment to recall those who are stored on your list of contacts. If your phone is maliciously compromised, then their details - names, phone numbers, email addresses, etc. - are likely stolen and transmitted before you can do anything about it. Stolen right under your nose, through your grasp. And thanks to you, they now have to deal with unsolicited international calls, harassment calls and SMSes from telemarketers, and spam messages in their inboxes. Aren't you such an awesome friend? That's not exactly fair to them, is it?
"Shut up about all that already - I have no need to know! Stop trying to scare me, and quit lecturing me already, sheesh!";
"I know what I'm getting into.";
"Now just tell me how I can do it!"
I sure hope so too. Please note that you're doing this at your own risk. By performing the following steps, your warranty may be void. Proceed on to learn how to obtain root access for your phone.
I recommend reading through everything at least once before doing anything to get at least a rough idea of how things work. If you can spare the time, use it to understand the procedure and how everything fits together - doing so makes it much quicker and easier for you to deal with unexpected problems if any appear, yours truly can attest to that fact. If you're in a hurry or have a lack of time, take my advice and postpone this until you are able to get a continuous block of spare time. If you're rushing, the chances of you missing steps and screwing everything up is very high, so don't take that risk. However, if you have a lack of patience... I'm sorry, I can't help you there. It's terminal.
Annotations have been embedded within the following sections in order to avoid disrupting the flow of the instructions, and to improve readability. Annotations are of the form ∗n, where n represents an index corresponding to an entry in the Explanation and rationale section further below. Annotations marked in red are of importance, please pay special attention to them.
Although this guide is primarily targeted at the Xperia go, it can also be used with the Xperia P.
Please do not proceed to perform the procedure until all of the following requirements are met.
Please do not perform this procedure until all of the above requirements have been met.
1. Open up the .ftf file of the JB firmware using 7-Zip, WinRAR, or any equivalent file archival tool
2. Extract system.sin and use Flashtool to extract its contents:
3. Extract ext4_unpacker_exe.zip and run ext4_unpacker.exe, then open system.ext4
4. Select all the items listed, then right-click → Extract and extract them into a new folder. You can delete system.sin, system.ext4 and system.partinfo if you are running low on hard disk space at this point, but first ensure that the extraction has completed
5. If you're using either variant of my jb_system.zip I provided above, then all you have to do will be simply to copy all the folders inside the system folder of jb_system.zip (guide image) - my updater-script takes care of everything else for you, inclusive of the rooting process. The compression level doesn't matter - I used Ultra with no issues. Just make sure the compression method is set to Deflate (and nothing else!). Check the size of your jb_system.zip, it should be about 586 MB or more. Otherwise you're not doing something right, retry it again
6. That's it - you're all set. Proceed on to the next phase below
If you have not performed the steps listed in the Preparation phase above, please do so first. At this point, if you're one of those who are (still) expecting to flash the unmodified jb_system.zip, you're missing out some vital steps - stop here right now and go back to do those steps first!
0. You will lose everything on your phone, so back it up before proceeding. Also disconnect your phone from your computer, turn it off, remove both the SIM and microSD cards and ensure that the USB cable is plugged into the phone's port (but with the larger rectangular end disconnected at this point in time) before proceeding to the next step
1. Flash the phone back to ICS with either firmware build 6.1.1.B.1.10 or 6.1.1.B.1.54, depending on which you have with you (6.1.1.B.1.10 preferred if the full firmware is available):*⁵
2. If firmware build 6.1.1.B.1.54 is flashed, then the kernel needs to be flashed back to 6.1.1.B.1.10 in order for the rooting process later on to function correctly. Otherwise, skip this step (and all substeps)
3. Power up the phone and allow it to boot into ICS, then go to Settings → Developer Options and tick USB debugging. Connect the phone to the computer
4. Extract Bin4ry's rooting toolkit into a new folder, then execute RunMe.bat and enter 1 when prompted to make a selection
5. Follow the provided instructions to root the phone, then verify that it has been rooted by opening the apps tray and searching for an app called Superuser*⁹
6. Extract cwm-1.0-lotus.zip into a new folder and execute install.bat to install ClockworkMod recovery*⁶
7. Copy the resultant jb_system.zip from the earlier procedure into the root directory of the phone's internal memory. An external microSD card is not required
8. Power off the phone and turn it back on again, pressing the volume down button repeatedly on the Sony logo until CWM appears. Merely holding the button down does not trigger it
9. Using the volume buttons to navigate and the power button to select, mount system, data and cache:
10. Select the option to wipe data/factory reset
11. Select jb_system.zip and flash it in. The process will take approximately 2-5 minutes:
12. Upon completion, hold down both the power and volume up buttons simultaneously until three vibrations are felt to force the phone to shut down*¹⁰
13. Flash the Jelly Bean kernel into the phone:
14. Upon completion, start the phone and allow it to boot up. You may see a pop up with two large buttons labeled POWER OFF and Use phone, simply click on Use phone and proceed on your merry way. It is normal for apps to force close on the initial boot, a restart will resolve the issue*¹¹
15. Check for the presence of the Superuser app, the phone has successfully been rooted if it is present
Explanation and rationale:
Reading this section in the form it is presented here is likely to be confusing, please read the above procedure first and follow the embedded annotations to their corresponding explanations here.
∗1: This is required because the phone does not accept any charge through the USB port during the flashing and initial bootup phases. A power failure at any point within these phases could potentially be catastrophic.
∗2: What's all this fuss about unlocking the bootloader, anyway? What's the deal, why are you placing so much emphasis on it? Unlocking the bootloader makes irreversible changes to your phone, voids your warranty, and irreversibly disables certain software based features such as Mobile BRAVIA Engine and TrackID. It also prevents Sony PC Companion and Sony Update Service from recognizing your phone, so you can no longer use them. Relocking the bootloader is possible, but it does not restore use of the software features (i.e. Mobile BRAVIA Engine will still remain disabled). More details are available here (the lower half of the linked post) and here.
∗3: It is strongly recommended that you first make a backup of your own carrier customized firmware that is provided by Sony PC Companion / Sony Update Service for three reasons:
Even if the Jelly Bean update is not yet available in your locale, you should still make a backup of the latest firmware downloaded by Sony PC Companion / Sony Update Service (presumably ICS) so you can flash that back should you need to send your phone in for servicing.
∗4: If the full firmware cannot be obtained, then at least an FTF containing the 6.1.1.B.1.10 kernel AND the FULL 6.1.1.B.1.54 firmware must be acquired before proceeding (those listed are for the Xperia go, Xperia P users should use at least the 6.1.B.0.599 kernel AND a full version of the ICS firmware for their device). This is an integral requirement; do not proceed until this is satisfied. You can obtain the firmware from these threads: 6.1.1.B.1.10 full by Nabeel (Xperia go) • 6.1.1.B.1.54 full by xfahim (Xperia go) • 6.1.1.B.1.10 kernel by xfahim (Xperia go; search for .10 Kernel)
The same applies to the Xperia P, but you should use the 6.1.B.0.599 kernel instead (available here), and a full version of the ICS firmware for your device (it should be obvious, but do not flash an Xperia go image if you are an Xperia P user). 6.1.1.B.1.54 and 6.1.B.0.544 by Nabeel (Xperia P)
∗5: But what in the world does this have to do with ICS? Why is it necessary to flash an older firmware to gain root access on Jelly Bean? This doesn't make any sense! Here's why: Since there is currently no known way of obtaining root access through one-click methods on the Jelly Bean firmware, an alternate technique must be taken. This technique involves modifying the Jelly Bean firmware to embed the Superuser app and its accompanying su binary, then flashing that modified firmware into the phone. This is known as pre-rooting. By flashing back to ICS, we return to the phone a version of the firmware which has a known weakness. With the help of a rooting toolkit (in this case, provided by Bin4ry), we exploit that weakness to obtain root access, which in turn allows us to install ClockworkMod recovery (more on this later).
∗6: This is a special version of the ClockworkMod recovery that piggybacks off the charging subsystem, so it is not necessary to unlock the bootloader. For pre-rooting, the flashing procedure has two parts - first for the system, and another for the kernel (and baseband, but don't worry about that for now). In essence, what we're trying to achieve is to flash the modified system image into the phone. Yes, I know what you're wondering - why all these steps? Why does it have to be so complicated? Can't we just modify the system image and use Flashtool to flash it back in? I sure wish it was that easy, then I wouldn't have to spend so many hours writing this guide (hat tip here to all others involved; see credits below). As far as I know, modifying the system image in its raw form (.sin file) prevents it from being flashed into the phone, or prevents the phone from booting. Hence, we jump through a series of flaming hoops have to go back to ICS, root it, install CWM, use CWM to flash our modified system image, power off, use Flashtool to flash the remaining parts (kernel and baseband). Sounds like fun, eh?
∗7: It is of critical importance that you ensure that Exclude TA is always ticked. Failure to do so could prevent your phone from recognizing your SIM card!
∗8: If Flashtool aborts without flashing the phone, claiming that:
19/050/2013 01:50:24 - INFO - Device disconnected
then you should reinstall the drivers inside Flashtool's drivers folder, ticking the options that correspond to Xperia P, Xperia U, and Xperia sola drivers and Flashmode Drivers. If that does not resolve the issue, your downloaded firmware may be corrupted.
∗9: This is a critical requirement. If the Superuser app is not present, rooting has failed. Please ensure that you have flashed at least the 6.1.1.B.1.10 kernel - it's mandatory to obtain root access. Flash it and try running the rooting toolkit again.
∗10: At this point, CWM is lost as soon as the phone shuts down or restarts. This is because CWM resides inside the /system partition, and that has been completely overwritten in step 11 above. But if that's the case, how is it still working fine? It's still functional because the CWM you interact with is a copy that is currently stored in RAM. As soon as you shut down or restart the phone, that copy is lost. If you want CWM back, you can simply reinstall it again after booting into JB since you already have root access.
∗11: The random crashing is likely due to the dalvik cache being cleared. Restarting the phone will allow Android to rebuild it, after which all apps will function normally again.
"OMGWTFBBQ!!!!!!! WTAF HAPPENED, YOU MURDERED MY PHONE???????????!!!!! OMFG YOU ARE A #@$%ING MONSTER!!!!!"
(Seriously, some of you out there should give your punctuation keys a break because honestly, spamming them isn't going to get you taken seriously. ↑↑↑ is what you look like when you do that. Ugly and childish, don't you think?)
Calm down and keep your cool - panicking and acting like a child isn't going to solve your situation. What you should be doing instead should be to read through the steps again and try to figure out what went wrong. Perhaps it's a step you missed by accident, or a step you didn't comply with.
If your phone is bootlooping (i.e. restarting continuously), save its battery power - force it to shut off by pressing and holding the volume up and power buttons simultaneously until three vibrations are felt. It's probably pointless to start the phone up at this point anyway, so either flash ICS again and retry, or - if you're running out of time and you need your phone in a functional state - flash in your stock firmware backup (see how handy it is now?).
Unless you do something exceedingly dumb that I don't even dare to imagine, it's unlikely that you will permanently damage your phone. At worst, you can simply flash in the stock firmware and try again some other time.
Well, that's all there is. How this post ended up this long, I have no idea either. Anyway, that's several continuous hours - I lost count halfway - I've spent typing and reading through all this already, so hopefully it's of some use to you, the reader.
LOL wow, this post is 10 pages long in PDF view, what have I done!
2013-06-01 02:46 AM
Holy cow! you are one crazy guy! There you go!
I will try this soon..
2013-06-01 05:48 AM
I can't download flashtool using the link you gave from http://androxyde.github.io/. is it OK to use the one at dev host? same version..
Thanks in advance
UPDATE: I just downloaded the flashtool official from from github. Almost done and finished with all the required downloads..
This should be fun. :smileygrin: :smileygrin:
2013-06-01 06:31 AM
You can try that, but you should check its hash to be sure it's the correct file. You can use this utility to generate it from your downloaded file. The SHA-256 and SHA-512 hashes were generated using QuickHash. It should match any of the following hashes exactly (of course, you should be checking against the hash in same hashing standard, i.e. SHA-1 with SHA-1, not SHA-1 with MD5 - the latter obviously wouldn't match):
Size: 112,690,704 bytes
File Version: 0.9.10.1
2013-06-01 10:46 AM
Hooooooooly mother of... Wooooooow! Dude! You should write a book "Xperia for Dummies"EXCELENT GUIDE BRO!
2013-06-01 11:06 AM
Let's just say I got a little bit carried away. Just a little bit. Y'know.
2013-06-09 03:38 AM
Hi, I would like to know if there's any known bug affecting the Rom after pre-rooting, also if there's any ICS trash left behind.
An ota update on Sony as we all know, is a long shot. But if there's any coming soon, I'll still be able to get it? (the notification). Thanks.
2013-06-09 08:16 AM
Any bugs that were already in JB will remain, pre-rooted or otherwise. No additional bugs should be encountered since only three files get added (Superuser.apk, su and busybox binaries). The entire /system folder gets wiped by the CWM flash (see updater-script) so nothing from ICS should be left behind.
I'm unsure about OTA notifications since I've never received any even back in GB, without root access.
2013-06-09 08:48 AM
Great tutorial! Now i need to know if i can update SU app to the elite one, (i have it from market)
2013-06-09 09:23 AM
I remember encountering that when my build.prop somehow became corrupted, the only way to resolve that is with a flash. Did you copy the JB system files into the CWM package, and did you flash the kernel and baseband in with Flashtool? The CWM package does not contain any JB files by default - you have to populate it with your own version of the firmware. Flashing the CWM package alone is not enough, you have to follow up with a kernel and baseband flash using Flashtool.