Firmware Extraction and Rooting Simplified for Sony Xperia 10 IV.

Contents:

I have mentioned shortcuts to all the section so you can easily skip to the section which you are interested in without wasting your time in scrolling or any other useless information.

Background
Unlocking the Bootloader
Getting the firmware (official)
Extracting the boot.img file
Rooting Process
Conclusion

Background:

Recently I got my hands on a Sony Xperia 10 IV and was using it for some testing purposes and I had to enable the diagnostic port for some kind of firmware extraction from the WiFi module used in this device. But to enable diagnostic port I had to get in to the service mode of the device which is not directly possible (by dialing codes from the phone dialer that we usually see on Samsung phones). To get to the diag port on the device I needed to root the device first. Now, from here the loops start and stick with me its going to a fun one 😂. To root the device you have to unlock the bootloader, for bootloader unlock you have to generate codes and after all these steps you have to get your hands on the official firmware, extract the boot image and patch it with Magisk.

Unlocking the bootloader on Sony Xperia is a headache. Let me explain why?

• Windows 11 can’t install the fastboot drivers for the Sony Xperia 10 IV even though I downloaded the official drivers. Had to switch between Linux and Windows. You will get an idea in the later part why I had to switch back to windows.
• Getting into the bootloader is different than we normally see on other Android Devices.
• Bootloader menu doesn’t have a UI, you have to look at the LED on the front and recognize if you are in the fastboot mode or not.

Unlocking the Bootloader:

To unlock the bootloader on Sony Xperia 10 IV, Follow these steps:

1. If you have come to this article I assume you already know how to enable the developer options. So I am skipping that part.
2. Enable OEM Unlocking from the Developer options menu.
3. Note down you device IMEI or Serial Number.
4. Shutdown you device completely.
5. Once your device is completely shutdown, Press and hold the Volume Up button and connect your device with your computer and keep holding the Volume Up button and then press the power button until the LED on the top turns blue.
6. Generate unlock code from here.
7. Once your device is detected by fastboot, type the following command:

$fastboot oem unlock 0x<Your_Key>
or
$fastboot oem unlock <Your_Key>

8. Once this is done, Unplug you device and it should restart.

9. Once the device is booted set it up for the next step.

Getting the Firmware (Official)

1. You can either use a firmware from a 3rdParty website or from Sony’s Original tool called Emma.
2. I will recommend using Emma (Its fun and trusted too).
3. Download and Install Emma from here. The reason I had to switch from windows to Linux and vice versa because Emma is only supported by Windows. (Yes I know you can run executables on Linux but I was short on time)
4. Now Shutdown you device again and this time put it in Flash Mode.
5. Keep pressing the Volume Down Key and connect you device with your computer and then press the Power Button too until the LED turns green.
6. Check Emma and your device should be visible there.
7. Download and Flash the latest available firmware for your device.
8. Once the flashing is done, go through the device setup process and enable USB Debugging again.
9. Open the path mentioned below in your PC:

C:\\ProgramData\\Sony\\Xperia Flash Tool\\<Date_Time_Named_Folder>\\localstorage\\Default

10. If you don’t see Program Data folder, you are screwed 😮, Just kidding Enable Hidden Items from the View Menu of windows File Explorer and you are good to go.

11. Copy your files to a safe directory and move to the next section.

Extracting the Boot.img File:

1. Once you copy the directory, look for the files and you will see that there are files which name starts from something FILE_<some_number>.
2. Open the file with the largest file size using 7zip File Manager. It is important to note that these files can not be opened directly as they have no file extension.
3. Next look for the boot_X-FLASH-ALL-5904.sin file and open it.
4. You should see boot.000 file.
5. Extract this file and change the .000 extension with .img.
6. Copy this file to your device.

Rooting Process:

1. Install Magisk or Magisk Delta on your device.
2. Patch the boot.img with magisk and copy the patched file back to your PC (TWRP method doesn’t work as there is no TWRP image available for the Sony Xperia 10 IV)
3. Now boot your device back into Fastboot mode.
4. Use the following command to flash the patched boot.img file. You can not test the patched boot image file as Sony doesn’t support fastboot boot command.

$fastboot flash boot magisk_patched_file.img

5. Reboot your device and you can now access root shell on you device.

Conclusion:

Many Android devices uses the same easy method for device rooting process but some vendors are very strict about rooting and unlocking their devices. Sony Xperia 10 IV is one of them. This write-up was just a basic idea and further details will be added to this story with time.

There are certain additions I will be making to this story such as:

1. Diag port access.
2. Sim Lock and Unlock methods (just for educaitonal and experimentational purposes)
3. Exploring the NV items of the phone.
4. Finding and fixing the device identifiers e.g IMEI, MAC, Serial Number etc.
5. Looking at the supported cellular bands.
6. Adding screenshots to the process.

So keep visiting this story if you want to learn and experiment something new.