I do not intend to create tutorials here. This has been done elsewhere already, also beginner friendly.
Look in the links section yourself. Also see the se-nse archive for beginner friendly tutorials.

There is a collection of tutorials here: https://www.akshayy.com/sonyericsson/index/

How to use Setool2-lite for A1 phones: https://sony.yt/topic/3199-setool2-lite-v111-user-guide-identify-gdfs-backup-flashing-patching-unlocking/

How to use A2 Uploader: https://sony.yt/topic/942-a2-uploader-a2-tool-tutorial/
Howto patch A2 phones with FAR: https://sony.yt/topic/944-far-how-to-patch-permanently-a2-based-phones/

See which platform and CID your phone can be, e.g. on topsony.
For doing anything fun, phone needs to be on BROWN certificate. Changing from RED is possible for CID⇐53. Use Omnius (now for free ) or setool2 for CID53.
CID81 was introduced in early 2010 - some phones like W995 have been shipped initially with CID53 and were changed to CID81 later.
CID81/CID80/RED only has runtime patching via jjpatcher jar with bpatch and runtime_vkp - it is possible to load elfpack now! Autoboot too
jppatcher → load Elfloader → Elf (runtime_vkp) → apply patches

DCU-60 USB cable is used for fastport phones.
Modified DSS-20/25 can be used for phones with T28 Connector as serial adapter.

Use the service cable to read (boot) logs from the phone!

Firmware file structure of A2:
After flashing A2 firmware (.fbn), flash custpack and 'finalize' the phone.
Resetting the phone from menu will not remove patches but files and (even some preinstalled) content.
Firmware is split into three parts:
1) MBN: main firmware that contais all code for running. MBN contains CXC files which can be extracted. Vkp patches on cxc.
2) FBN: image of internal filesystem (FS), contains all files that are used by the main firmware, (GUI, drivers, lang, sounds, pre-installed Java apps, etc
3) Custpack or Customization files: files stored in FS, which are modified by phone carriers to customize the operating system. Unpack to modify yourself - clean custpack from ad-links or do afterwards in FS.

backup - if you ask yourself what it is, learn how to backup GDFS / REST file NOW!

📘 Glossary

CID (Content Identifier)

A security level marking for firmware and loader signing (e.g., CID49, CID52, CID53); higher CIDs have stricter checks and restrictions.
SUPERCID / AnyCID refers to an EROM with disabled security check, allowing patching without converting certificate colour to BROWN.
(AFAIK) CID110 phones were never released it is mainly to allow flashing firmware to phones with any CID / CID110 is a dummy /pseudo CID applied to patched A2 Sony Ericsson phones to bypass CID restrictions.

A1 / A2 Platforms

A1 = early SE platform (e.g., DB2010, DB2020); A2 = newer architecture (e.g., DB3150, DB3210, DB3310) with stricter security and different file structure. A2 is interchangeably called A200.

DB (=Digital Baseband - AFAIK)

Internal hardware code name for SE baseband platforms (e.g., DB2010, DB2020, DB3150), tied to CPU, RAM, and bootloader layout. It was Locosto before DB-plattform.

CDA = Customer Delivery Assembly

The customization package that defines branding, language, and region

Certificate Colour / Domain

Phones have a certificate “color” (also called domain): Red (retail), Brown (developer), Blue (factory)test. Brown allows reading file contents and write access to FS.
“Browning”: refers to changing certificate colour to “brown”. It is currently not possible for CID80+
SCRC (Security Certificate) is in OTP and therefore cannot be changed (hence called OTP Cert colour). Instead the cert colour used for patching is emulated in Loader (to skip certificate enforcement) or it is a patch-based certificate conversion, like QA-patch with DB2020.

GDFS (Global Data File System) / TA (Trim Area)

A region of phone memory storing unique configuration. It contains IMEI, SIM/network lock info, RF calibration data, Bluetooth/WiFi addresses, call timers and also used to store flags enabling patch access.
BACKUP GDFS! This is unique device specific! If lost/damaged, the phone is screwed.
Note: If you repair GDFS the 'total call timer' is reset.

REST file

'restore file' preserves FS-based customization on A1 phones and is required on flashing. A2 phones have critical data in TA.

VKP Patch

A plaintext format (.vkp) for firmware patches; used to modify ROM functions or bypass checks by patching mainly the MAIN flash (MBN).
VKP means V_Klay Patch which is taken from a patcher tool for Siemens known as V_Klay Patcher.
There are simple and advanced vkp patches: either they just replace/modify code (simple) or advanced patch uses free blocks to add functions (mostly converted by elf2vkp).

ELF / ELFpack / ELFloader / ELFlib

ELF (Executable and Linkable Format): small native apps written in c. ELFloader is the launcher; ELFpack combines it with ELFlib.

DynLib (Dynamic Library)

Shared binary used by ELF files (like a DLL); loaded at runtime by ELFloader to provide reusable functions (e.g., file I/O).

QA (QuickAccess) Patch (DB2020)

Firmware patch to disable signature checks on DB2020 phones, allowing FS/GDFS access and .vkp patching without a service box.

Heap Shift

Patch offset of Heap area to win space for advanced vkp patches

T28 11‑pin Connector

The legacy serial connector from the Ericsson T28 era; used for flashing, service mode, and accessories before the FastPort standard.

FastPort

A proprietary all-in-one connector used in most SE phones (A1 and A2) after T610; supported charging, data, audio, and accessory control.

Firmware structure

phone_acc.cxc is modem fw, AFAIU. ACC stands for the ACCess processor

/tpa/ stands for “Third Party Applications” and contains themes, menus, fonts, branding. It is writable by default
/ifs/ – stands for “Internal File System”
/system/ – Core Operating System Files (A2 only)

Following is some crap that reminds me to rewrite this section. It may be untrue too.

#########################
#TODO

SEMCBOOT is the bootloader in OTP. It waits for either a normal boot from flash or a service connection via USB. SEMCBOOT enforces CID/SCRC checks.

Methods to make SEMCBOOT see different cert colour:

• CSCA Method (obsolete)
• Patch-Based Unlock (Quick Access Patch)
• Bypass loaders

CSCA = Certificate Signed Certificate Authority (formerly sometimes just called “Central Sony Certificate Authority”) = Sony Ericsson's official signing server used to validate and authorize service operations, the phone's SEMCBOOT verified this signature

How does Loader bypass work?

[Phone powered on]
      ↓
[SEMCBOOT in OTP]
      ↓  (USB)
[Tool uploads signed SE loader into RAM]
      ↓
[Loader runs in RAM → certificate checks bypassed]
      ↓
[Tool can patch FS / MAIN / GDFS]
      ↓  (reboot)
[Phone back to RED, RAM cleared]

SEMCBOOT sees RED in OTP, but a signed SE loader loaded in service mode. The loader hooks its certificate-check routines in RAM. While the loader is active, you can patch FS, MAIN (CXC), GDFS, etc. After reboot, the loader disappears, and the phone reports RED again. A patched phone

################################

https://web.archive.org/web/20101002014412/http://www.esato.com/board/viewtopic.php?topic=112828
https://web.archive.org/web/20090313052216/http://forums.se-nse.net/index.php?showtopic=3423
https://web.archive.org/web/20080331211211/http://forums.se-nse.net/index.php?showtopic=6571

Also read https://web.archive.org/web/20080404205659/http://forums.se-nse.net/index.php?showforum=76
play around with dates of wayback-machine https://web.archive.org/web/20120114145554/http://forums.se-nse.net/forum/76-research-development/ or https://web.archive.org/web/20130829125929/http://forums.se-nse.net/forum/76-research-development/