I have no responsibility whatsoever if this guideline causes any harm to your device. The intention of these posts are solely as personal notes for myself. Follow them at your own risk.
Through these steps I will unlock the phone’s bootloader, erasing all data. This includes the DRM keys stored in the Trim Area (TA) partition. I’ll attempt backing them up but, as of today, there is no way of restoring them to the previous state nor knowing if the actual backup is usable at all.
Without these DRM keys, several audio and video proprietary functionality provided by Sony won’t be available including some camera post-processing features, color gamut profiles, white balance, noise reduction, X-Reality Video Enhancement, DSEE HX, ClearAudio+, and Widevine L1 support for HD Netflix.
Upgrading to latest stock firmware
Since the guideline to install LineageOS mandates that we have the latest stock firmware from Sony running in the phone, I upgraded now from the downgraded exploitable version.
Using the built-in updater doesn’t seem to work any more (?!) so I had to flash the latest stock firmware in a similar fashion as I did for downgrading.
I already downloaded the firmware and it is already properly extracted so, in this case, I won’t need to use flashtool, only newflasher.
These would be steps to follow once I connected the phone to the USB cable in flashable mode:
root$ rm "H8324_Customized NOBA_1313-6167_52.1.A.3.49_R4C"/*ta root$ rm "H8324_Customized NOBA_1313-6167_52.1.A.3.49_R4C"/boot/*ta root$ cp -a newflasher.x64 "H8324_Customized NOBA_1313-6167_52.1.A.3.49_R4C" root$ cd "H8324_Customized NOBA_1313-6167_52.1.A.3.49_R4C" root$ chmod +x newflasher.x64 root$ ./newflasher.x64 [...] Reboot mode at the end of flashing: typa 'a' for reboot to android, type 'f' for reboot to fastboot, type 's' for reboot to same mode, type 'p' for poweroff, and press ENTER. a [...] Optional step! Type 'y' and press ENTER if you want dump trim area, or type 'n' and press ENTER to skip. Do in mind this doesn't dump drm key since sake authentifiction is need for that! But it is recommend to have dump in case hard brick! n [...] Recommended step to skip this! Type 'y' and press ENTER if you want flash persist partition, or type 'n' and press ENTER to skip. More info https://forum.xda-developers.com/xperia-xz1-compact/help/android-attest-key-lost-bootloader-t3829945 n [...] Device is put now out of flash mode. Sent command: Sync Waiting sync to finish… ……………… done Sent command: continue. Done. Closing device.
Notice the questions and the answers. After a while, the phone will complete its reboot and we will be able to verify that the running firmware is the one flashed.
As explained in the previous posts, enable once again developer mode and USB debugging in the phone. For the next steps, enable also OEM unlocking in the developer options.
We’ll follow the official guide.
First, we’ll unlock the bootloader. This will finally wipe out the TA partition losing the DRM keys. This is a point of no return.
I checked that my phone’s bootloader can be unlocked. I opened the phone application and dialed
*#*#7378423#*#*. The service menu is now open. Go to Service info -> Configuration and checked that the Rooting status: states Bootloader unlock allowed: Yes. Also, noted down the IMEI.
Now, I connected the device to my PC with the USB cable and continued to set it in flashable mode:
root$ adb reboot bootloader root$ fastboot devices [...] fastboot root$ fastboot oem unlock 0x<insert your unlock code> … OKAY [ 16.947s] finished. total time: 16.947s
Unplug and start the phone. As explained in the previous posts, enable once again developer mode and USB debugging in the phone.
At this point, I decided not to keep following the LineageOS guideline since it explains how to use the Lineage Recovery. Instead, I used the TWRP recovery tool just because I have experience with it and like it better. However, I don’t recommend it as I’ve explained in the Appendixes.
Therefore, I explain here the same steps than the official guide. Download the latest Lineage Recovery and LineageOS installation package and connect the device to your PC with the USB cable and continued to set it in flashable mode:
root$ adb reboot bootloader root$ fastboot devices [...] fastboot root$ fastboot flash boot <lineage_recovery>.img
Power off the device and now turn it on into Recovery mode by pressing Volume Down + Power.
Now, being booted into the Recovery mode, I downloaded a pre-install copy-partitions-20200903_1329.zip tool and selected Apply Update -> Apply from ADB.
root$ adb sideload copy-partitions-20200903_1329.zip
Once finished, reboot again into Recovery mode: Go back -> Advanced -> Reboot to recovery. Once back, Factory reset -> Format data/factory reset. Once finished, let’s install LineageOS: Go back -> Apply Update -> Apply from ADB.
root$ adb sideload lineage-17.1-<date>-xz2c-signed.zip
Magisk is a suite for customizing Android. Most importantly, it provides root access to the device, which I wanted to have in order to create backups of the installed applications and restore them, among other things.
Open GApps will provided us the core functionality provided by Google for Android. Most importantly, it will provide us Google Play. It is critical to install this before booting for the first time into the system. Otherwise, we would have to repeat the Factory reset step and wipe out all our personal data before attempting to install it.
Open GApps provides different size packages. The recommended for LineageOS are the pico or nano, but nothing bigger. Since I’m a troublemaker, I also wanted to customize the package to include the Android System Webview and remove even further packages from the pico and nano packages.
Hence, I downloaded the stock package for the ARM64 platform and the 10.0 Android version.
For reasons that I explain in the Appendixes, I finally didn’t install the Android System Webview but did remove some packages any way. The way of customizing a package is through a gapps-config file. However, to use this method the installation cannot be done through
adb sideload and, unfortunately, the Lineage Recovery only offers this way of installing packages into the system.
Luckily enough, the Open GApps package is no more than a zip file so I could embed my options directly into the installer. So, after installing the LineageOS system, I rebooted again into Recovery mode: Go back -> Advanced -> Reboot to recovery and, back in Recovery, let’s install Open GApps: Apply Update -> Apply from ADB.
root$ mkdir my_gapps root$ cd my_gapps root$ unzip ../open_gapps-arm64-10.0-stock-<date>.zip root$ cat installer.sh # Added the following lines in bold [...] echo "Include" > "$TMP/my_config.txt" echo "" >> "$TMP/my_config.txt" echo "CalSync" >> "$TMP/my_config.txt" echo "DialerFramework" >> "$TMP/my_config.txt" echo "GoogleTTS" >> "$TMP/my_config.txt" echo "PackageInstallerGoogle" >> "$TMP/my_config.txt" echo "BatteryUsage" >> "$TMP/my_config.txt" echo "Speech" >> "$TMP/my_config.txt" echo "#GooglePay" >> "$TMP/my_config.txt" echo "Translate" >> "$TMP/my_config.txt" # Locate gapps-config (if used) for i in "$TMP/aroma/.gapps-config"\ "$TMP/my_config.txt"\ "$zip_folder/.gapps-config"\ [...] root$ zip -0 -r ../my_gapps * root$ cd .. root$ adb sideload my_gapps.zip
And, now, let’s install Magisk: Apply from ADB.
root$ adb sideload Magisk-v20.4.zip
Once finished we can finally Go back -> Reboot system now.
Congratulations, your Sony Xperia XZ2 Compact Dual is now running LineageOS 17.1!!!
I have to say that, so far, I’m quite happy with the phone. It is a huge improvement for me, coming from a Xiaomi Redmi 2.
However, the camera has lost some enhanced functionality so let’s continue to bring back Sony’s stock camera app.