Is it possible to get temp root, by one of the security issues that got patched by the Mai or June Patch levels?
This would allow us to backup the TA Partition.
This would make it possible to flash it back, to "relock" the phone with a working camera, if we want back on stock, without any additional modifications.
There's already a thread for (discussing) that..
Just check there
mirhl said:
There's already a thread for (discussing) that..
Just check there
Click to expand...
Click to collapse
Thank you.
I know this thread, but the XZ2 does not have any 2017 firmware with 2017 cve's.
MartinX3 said:
Is it possible to get temp root, by one of the security issues that got patched by the Mai or June Patch levels?
This would allow us to backup the TA Partition.
This would make it possible to flash it back, to "relock" the phone with a working camera, if we want back on stock, without any additional modifications.
Click to expand...
Click to collapse
Siriously @MartinX3 ? big mouth about this by me: https://forum.xda-developers.com/xperia-xz2/help/oreo-curious-drm-fix-t3805944
now you post kind of the same -___#
Pandemic said:
Siriously @MartinX3 ? big mouth about this by me: https://forum.xda-developers.com/xperia-xz2/help/oreo-curious-drm-fix-t3805944
now you post kind of the same -___#
Click to expand...
Click to collapse
Again, please stop being childish, angry and impolite.
You mentioned a DRM fix, which needs a modified kernel and will work with custom ROMs.
There was already a conversation in the "what will happen when unlocking bootloader".
I want temporally root, with a hack and without unlocking the xz2, to backup the DRM partition, which allows me to relock the phone again.
Btw. You can't use the ta partition from another xz2, you need to make a backup of your own or it will brick the phone.
The unloking will erase the ta partition.
MartinX3 said:
Again, please stop being childish, angry and impolite.
You mentioned a DRM fix, which needs a modified kernel and will work with custom ROMs.
There was already a conversation in the "what will happen when unlocking bootloader".
I want temporally root, with a hack and without unlocking the xz2, to backup the DRM partition, which allows me to relock the phone again.
Btw. You can't use the ta partition from another xz2, you need to make a backup of your own or it will brick the phone.
The unloking will erase the ta partition.
Click to expand...
Click to collapse
I'm not being childish, angry or impolite and yes i know, i am not a noob or something like that how you react to me it looks i am being that
Thats not possible for a temporally root solution, i thought you inew that already and no ofcourse you can't another partition from another xz2 because it bricked indeed, i was also a flash junky so i know all that stuff.
Btw
I send you pm
https://atcommands.org/
Maybe we could achieve root and backup our DRM keys?
https://www.zdnet.com/article/security-flaw-lets-attackers-recover-private-keys-from-qualcomm-chips/
Security flaw lets attackers recover private keys from Qualcomm chips
Firmware patches have been released earlier this month, 46 Qualcomm chipsets impacted.
DRM keys might be included in that?
[XZ2/XZ2c/XZ2p/XZ3] temp root exploit via CVE-2020-0041 [android 10]
However it seems that restoring the TA partition after unlocking didn't work...
Does anyone know if there is progress in restoring the TA partition and get the phone in its original state?
Related
Sent from my C6903 using xda app-developers app
Nuwan75n said:
Sent from my C6903 using xda app-developers app
Click to expand...
Click to collapse
it is possible to lock it without a backup, is your camera not working anymore ?
You can try flashtool, BLU option tries to relock it if it's unlocked, theres a good chance you will brick your device!
Have fun
Sent from my C6903 using Tapatalk
AntiDroid said:
it is possible to lock it without a backup, is your camera not working anymore ?
Click to expand...
Click to collapse
Are you sure this is good and/or informative advice? I thought a locked bootloader not finding valid keys in the TA will refuse to ever function usefully again - no boot, no fastboot, no flashmode, nothing, totally bricked, and no way to convert it back to unlocked and get your phone back.
I would like to know if I am wrong about any of that. And... it seems that I was:
** Correction - it is Ok to relock the bootloader without having the pre-unlock data in the TA partition
** Flashing in data from any other TA partition (some other phone) seems certain to brick the phone though.
n0bleINtP said:
Are you sure this is good and/or informative advice? I thought a locked bootloader not finding valid keys in the TA will refuse to ever function usefully again - no boot, no fastboot, no flashmode, nothing, totally bricked, and no way to convert it back to unlocked and get your phone back.
I would like to know if I am wrong about any of that.
Click to expand...
Click to collapse
I've never read about those damages but I read things like the known camera bug.
I unlocked my Z1 on .290 - the Sony release which fixed the problem (4.3). I flashed a Recovery and rooted it with it and my device is working like it was with a "untouched" ROM.
That's all I know.
We could wait for a dev to answer deeper questions.
AntiDroid said:
I unlocked my Z1 on .290 - the Sony release which fixed the problem (4.3).
Click to expand...
Click to collapse
Yes this absolutely fine and is what I did with my Z1, ie do not unlock until after the 290 update is applied - you will see that advice on the Sony unlock website. However if you want a TA backup you need to do that before unlocking as the unlock process will wipe the keys, and you also need root in order to make that copy. (let me know if I am wrong about that)
My process was to root on earlier firmware, copy the TA, update to .290, then unlock. After unlocking full root on .290 is easy with a custom kernel and everything is good: unlocked, rooted *and* working camera.
But you *will* need a copy of the pre-unlock TA partition to regain any of the functions that use the DRM keys if you decide to relock the bootloader later.
It is impossible to get the DRM keys back, and there is no gain from relocking without them, all you're doing is locking down the bootloader without enabling BIONZ, etc, but you can certainly run a stock system if you want.
n0bleINtP said:
Yes this absolutely fine and is what I did with my Z1, ie do not unlock until after the 290 update is applied - you will see that advice on the Sony unlock website. However if you want a TA backup you need to do that before unlocking as the unlock process will wipe the keys, and you also need root in order to make that copy. (let me know if I am wrong about that)
My process was to root on earlier firmware, copy the TA, update to .290, then unlock. After unlocking full root on .290 is easy with a custom kernel and everything is good: unlocked, rooted *and* working camera.
But you *will* need a copy of the pre-unlock TA partition to regain any of the functions that use the DRM keys if you decide to relock the bootloader later.
Click to expand...
Click to collapse
Hello, yesterday I downgraded to rooteable 4.2.2 rom in order to backup TA partition. Once I had backup, I updated to 4.3 (290) and unlocked bootloader, then flashed recovery. With recovery was easy to flash superSu. Now I have "stock" rom with root and unlocked bootloader, but I realized that x-reality wasn't warking anymore (because of the DRM keys loss).
I tried to recover TA partition, but I caused a soft-brick, wich I only could solve flashing a 290 ftf through flashtool, but I lost root. My question is: It is possible to have root and DRM keys (TA partition restored)??
Thank you very much.
yanbee said:
Hello, yesterday I downgraded to rooteable 4.2.2 rom in order to backup TA partition. Once I had backup, I updated to 4.3 (290) and unlocked bootloader, then flashed recovery. With recovery was easy to flash superSu. Now I have "stock" rom with root and unlocked bootloader, but I realized that x-reality wasn't warking anymore (because of the DRM keys loss).
I tried to recover TA partition, but I caused a soft-brick, wich I only could solve flashing a 290 ftf through flashtool, but I lost root. My question is: It is possible to have root and DRM keys (TA partition restored)??
Thank you very much.
Click to expand...
Click to collapse
No, never.
Just2Cause said:
No, never.
Click to expand...
Click to collapse
So, apart from losing x-reality and some Sony apps functionalities (which I dont care). Do you lose something else? I heard about losing bionz processor, but camera still works, then I dont know how far this is true.
The incompatibility problem of root and restored TA partition, is because flashing recovery (which modifies kernel) or supersu.apk it self?
Thank you VERY much!
You loose bionz, but not x-reality. I unlocked my bootloader and I have x-relity enabled.
Some ROMs won't have working camera, for example: android 4.4 KitKat ported from xperia z ultra GPe, and some other ROMs.
Just2Cause said:
You loose bionz, but not x-reality. I unlocked my bootloader and I have x-relity enabled.
Some ROMs won't have working camera, for example: android 4.4 KitKat ported from xperia z ultra GPe, and some other ROMs.
Click to expand...
Click to collapse
I can see that the x-reality option is still on menu, and you can enable/disable it, but it doesn't work. Before, I could see in the first second of picture showing how x-reality improves the image (its an effect that can be seen with the naked eye), this is not happening now. By the way, its for sure that bionz stop working? How could I take pictures without it?
Thank you
yanbee said:
I can see that the x-reality option is still on menu, and you can enable/disable it, but it doesn't work. Before, I could see in the first second of picture showing how x-reality improves the image (its an effect that can be seen with the naked eye), this is not happening now. By the way, its for sure that bionz stop working? How could I take pictures without it?
Thank you
Click to expand...
Click to collapse
Not sure about bionz, but I guessed it as I had the x-relity option enabled. I can't tell if it works or not as I don't have camera (I'm using ported 4.4)
It would be nice of someone confirmed it.
Correct me if i am wrong.
Bionz is a service which improves the pictures after a shot, isn't it ?
Bionz and X-Reality are things u can't detect that easy like "oh that effect is from X-Reality" or something else.
I thought the main reason for not working cameras on other roms was that the dev's didn't apply those 4.3 changes :S
AntiDroid said:
Correct me if i am wrong.
Bionz is a service which improves the pictures after a shot, isn't it ?
Bionz and X-Reality are things u can't detect that easy like "oh that effect is from X-Reality" or something else.
I thought the main reason for not working cameras on other roms was that the dev's didn't apply those 4.3 changes :S
Click to expand...
Click to collapse
Bionz it's a image processor that includes xperia Z1, it process the pictures taken instead the cpu. I dont know if it's easy to detect if it's working or not. But in the case of x-reallity it's very simple, when you open a picture in Sony gallery app, you can see how the picture "improves" quality in the first second. It is no so evident in all pictures, but can be detected by a naked eye, as I do.
My only doubt is about bionz processor, I already know that I loss x-reality. But I want to be SURE if bionz processing is also lost. I want to have full root (with unlocked bootloader), and have bionz enabled. I dont care x-reality or Sony apps.
Thank you very much
Just2Cause said:
No, never.
Click to expand...
Click to collapse
Not true. If you have a TA backup, install .290, unlock bootloader, install a recovery, root, reflash stock boot partition, restore TA partition, you will end up with a booting, rooted, .290 installation.
Rekoil said:
Not true. If you have a TA backup, install .290, unlock bootloader, install a recovery, root, reflash stock boot partition, restore TA partition, you will end up with a booting, rooted, .290 installation.
Click to expand...
Click to collapse
Are you sure about that? :fingers-crossed:
Just2Cause said:
Are you sure about that? :fingers-crossed:
Click to expand...
Click to collapse
I did that and it worked
Sent from my iPad Air using Tapatalk
Rekoil said:
Not true. If you have a TA backup, install .290, unlock bootloader, install a recovery, root, reflash stock boot partition, restore TA partition, you will end up with a booting, rooted, .290 installation.
Click to expand...
Click to collapse
jjpro45 said:
I did that and it worked
Tapatalk
Click to expand...
Click to collapse
Thank you VERY much!!! Could someone tell me how to reflash boot partition only?? The TA partition which I must restore, could be restored in 290 if backups comes from 534?
Hi,
i want to unlock my bootloader, so i made a backup with Devshafts TA Backup v9.10. The backup is a 112kb big zip file and 2mb big, when i uncompress it, i made a dry run to test it, everything seems ok.
To unlock my bootloader i must send my IMEI nr. to Sony.
My Question is, do they notice that i unlocked my XSP, even after relocking it with the TA Backup, by my IMEI nr that they have?
That would mean my warranty is voided even if i relock it?
Or am i wrong at some point?
Thank you for your help!
Well you lost your warranty if you Unlock your bootloader but I've never heard or read somewere that Sony (or the repair places) are using some kind of Database to check which IMEI has been used to get an Unlock Code.
If you relock the bootloader and restore the TA partition there is no evidence of any unlock.
mrjraider said:
Well you lost your warranty if you Unlock your bootloader but I've never heard or read somewere that Sony (or the repair places) are using some kind of Database to check which IMEI has been used to get an Unlock Code.
If you relock the bootloader and restore the TA partition there is no evidence of any unlock.
Click to expand...
Click to collapse
That concerns me a bit.I have locked and unlocked my bootloader several times but i dont remember backung up my TA partition...... is there any way to restore it to factory status again ?
jackaros said:
That concerns me a bit.I have locked and unlocked my bootloader several times but i dont remember backung up my TA partition...... is there any way to restore it to factory status again ?
Click to expand...
Click to collapse
No Backup of the TA partition?
Well thats not smart. Why is no one reading the tutorials?
First lines of the tutorial from Doomlord:
this is the official way to unlock bootloader
if you want to keep ur DRM keys, first root device and then check this out
Warning!
This procedure will wipe the /data partition of your phone, so you will loose all ur stored data, settings. INTERNAL SDCARD will BE WIPED!!!
For Xperia™ devices released 2013 or later (for example Xperia™ Z and Xperia™ ZL), the SD card of your device will be formatted and you will lose all content (for example photos, music, videos) when you unlock the boot loader.
DRM keys WILL be lost forever
Originally Posted by schaggo View Post
I'd add what losing DRM keys means, e.g. no more Music ID/Gracenote within the Walkman app plus probably most importantly, as asked all the time and all over the place in the T/mint forums: loss of Bravia Engine.
older Xperia devices sometimes got issues after unlock of bootloader (BRICK after FOTA update) - you have been warned
Click to expand...
Click to collapse
mrjraider said:
No Backup of the TA partition?
Well thats not smart. Why is no one reading the tutorials?
First lines of the tutorial from Doomlord:
Click to expand...
Click to collapse
I know that was stupid of me .About a week after unlocking my BL i saw this post and felt stupid so there is no way to get my original TA partition?
jackaros said:
I know that was stupid of me .About a week after unlocking my BL i saw this post and felt stupid so there is no way to get my original TA partition?
Click to expand...
Click to collapse
Absolutely ... NO. Your device will be hard-bricked if you try to restore TA backup took from another one.
silveraero said:
Absolutely ... NO. Your device will be hard-bricked if you try to restore TA backup took from another one.
Click to expand...
Click to collapse
That would be a moronic thing to do ... if its not your of for your device you shall not flash it
jackaros said:
That would be a moronic thing to do ... if its not your of for your device you shall not flash it
Click to expand...
Click to collapse
Ya, so you know that if you lost the TA partition, you can't get that back.
silveraero said:
Ya, so you know that if you lost the TA partition, you can't get that back.
Click to expand...
Click to collapse
Well ok if its gone its gone ill watch from now on thank you
I'm trying to figure out exactly what you lose when you unlock Z3(C).
So far I've discovered that:
- Sony has a webpage that allows you to unlock your device
- Unlocking your device will void your warranty
- Unlocking is the only known way to get root (at least right now)
- Unlocking your device will kill the "TA partition" that contains DRM keys
- Loss of the aforementioned DRM keys will cause some stuff to stop working
I found a huge thread on backing up TA partition for older xperia devices, but no good information RE: what exactly you lose if you wipe out the DRM keys by unlocking.
Do any of you know definitively: what the DRM keys are for and what you lose?
As an aside - it looks like backing up TA partition is only possible before you unlock bootloader and if you've rooted your phone (so probably not possible on Z3C until someone finds a working exploit to get root with a locked bootloader).
Thanks in advance for any insights.
I don't think there is a definitive place which says exactly what you lose by unlocking the boot loader but judging by what people having been saying after unlocking the Z3C and other Xperia phones on 4.4 it seems like the answer is nothing. Nothing is lost on the software side at all.
On the z1c I neglected to back up the TA partition. And apparently lost native mirror cast and some camera features when I rolled the device back to stock.
Back up your TA partition before unlocking BL... If not for the I'm tact features turn for your warranty!
http://forum.xda-developers.com/showthread.php?t=2292598
Those that have rushed into unlocking the BL without backing up the TA partition risk voiding warranty I'm afraid.
dillalade said:
On the z1c I neglected to back up the TA partition. And apparently lost native mirror cast and some camera features when I rolled the device back to stock.
Back up your TA partition before unlocking BL... If not for the I'm tact features turn for your warranty!
http://forum.xda-developers.com/showthread.php?t=2292598
Those that have rushed into unlocking the BL without backing up the TA partition risk voiding warranty I'm afraid.
Click to expand...
Click to collapse
Problem is, you need root to use those backup tools... So we would need a temp root exploit to backup before unlocking. But from what I've read so far, it doesn't seem like you lose that much, if anything.
I am also curious about this as I need root access but would like to preserve the warranty. Somebody else has also started a thread with what breaks with unlocking: http://forum.xda-developers.com/showthread.php?t=2890936
TiMiN8R said:
Problem is, you need root to use those backup tools... So we would need a temp root exploit to backup before unlocking. But from what I've read so far, it doesn't seem like you lose that much, if anything.
Click to expand...
Click to collapse
Most important consideration is your warranty such if your happy to lost it then unlock your BL.
dillalade said:
Most important consideration is your warranty such if your happy to lost it then unlock your BL.
Click to expand...
Click to collapse
It's not that definitive that you will lose warranty. Sony says it may void your warranty. Known issues with the specific model or batch, or other hardware problems that could not be caused by flashing custom ROMs/kernels will most likely still be covered.
http://www.phonearena.com/news/Sony...oader-unlock-tool-voids-your-warranty_id32972
I myself have sent in my Xperia T twice since unlocking the bootloader and on both occassions it was covered by the warranty.
Mind you, I did relock the bootloader and flash a stock FTF before doing that.
Flashtool has a function to relock the bootloader
http://www.digitalinternals.com/mobile/keeping-warranty-intact-sony-xperia-unlocked-phones/264/
I don't know if this works on our phone already, maybe someone who has already unlocked would like to try?
So the root process is a matter of unlocking the bootloader and flashing a new boot.img that includes CWM.
You're supposed to backup your TA partition to preserve your DRM keys.
There's some talk about a bunch of things that can be lost with the DRM keys -- camera quality, Triluminos, Bravia, etc.
Are these lost when the bootloader is unlocked, or only if TA is not restored?
If I backup TA, then unlock the bootloader, then dd TA image back into the partition (after rooting, I presume?), will that restore the camera quality, Triluminos, etc.? Is it possible to root without losing those things, or is it a choice? Because I don't think I want to root quite that badly...
This is my first sony phone so I don't know too much about backing up and flashing things on this particular phone yet, but it is my understanding that there is no way to root without unlocking the bootloader at this time. Unlocking the bootloader wipes the TA partition so that's where the loss of the DRM keys comes in. Unfortunately, in order to back up the TA partition, you need root. So, right now, it's a catch 22 until someone can figure out how to root the device without unlocking the bootloader. I'm personally going to wait it out. There's too much about this phone that I like about the stock sony experience with this device to lose a lot of functionality and have degraded camera quality. The only reason I would root is to be able to backup certain things and run xposed. Not worth unlocking the bootloader just to have those things IMO.
In order to get root access, right now you have to unlock the bootloader. In doing so, you erase the TA partition. So, once you have root access, you don't have a TA partition to backup anymore.
If you care about your TA partition, then wait for an exploit to be found that enables root access without the need of unlocking the bootloader. When (not if, problem is just when) this happens, you can have root access, unlocked bootloader and TA partition altogether. (that is, unless you've already unlocked the bootloader... in that case, you don't have a way to restore your TA)
Ah. So we cannot even read the partition without root?
So yes, then I will just have to wait until someone finds an exploit.
This rises another question for me.
Assumed there is a way to root the phone without unlocking the bootloader. If one does
* backup the TA partition
* unlock the bootloader
* install a custom recovery
* restore the TA partition (bootloader locked again)
Is the phone still rooted? And, even more important, is the custom recovery still there?
I guess this can be answered by someone having experience with earlier Xperia devices like the Z, Z1 or Z2. I've already been searching for the answer, but couldn't find it so far.
Cypher_01 said:
This rises another question for me.
Assumed there is a way to root the phone without unlocking the bootloader. If one does
* backup the TA partition
* unlock the bootloader
* install a custom recovery
* restore the TA partition (bootloader locked again)
Is the phone still rooted? And, even more important, is the custom recovery still there?
I guess this can be answered by someone having experience with earlier Xperia devices like the Z, Z1 or Z2. I've already been searching for the answer, but couldn't find it so far.
Click to expand...
Click to collapse
You might be better served visiting other sections of XDA, such as the Z1 Compact and Z2 forums here on XDa. They will be able to give you a little better glimpse into the future for how things are done.
Cypher_01 said:
This rises another question for me.
Assumed there is a way to root the phone without unlocking the bootloader. If one does
* backup the TA partition
* unlock the bootloader
* install a custom recovery
* restore the TA partition (bootloader locked again)
Is the phone still rooted? And, even more important, is the custom recovery still there?
I guess this can be answered by someone having experience with earlier Xperia devices like the Z, Z1 or Z2. I've already been searching for the answer, but couldn't find it so far.
Click to expand...
Click to collapse
Relocking the bootloader when a modified stock firmware and a stock kernel with recovery is installed results in a device that doesn't boot, so I guess no, although I don't know which part exactly breaks in the process.
My understanding is that with a custom/unlocked recovery, you'll lose the TA partition with DRM keys. So you'll lose out on anything that needs the DRM keys. If a root exploit is found, then you could use the standard ROM with root and not touch the bootloader/recovery/TA partition. But as soon as an update rolls out, you'll lose root again (and likely the exploit with it).
Backing up the TA partition means that you can restore it to stock (i.e. to sell or for warranty repair).
Again, as per my understanding - any AOSP/CM based ROM will lose any of the Sony proprietary software and features anyway, no different to Samsung or HTC in that respect. I remember having a HTC One (M7) last year where the camera was worse on CM because HTC used their own post processing software within their camera app.
In theory, it may be possible for someone to come up with a stock based ROM with root baked in that keeps some the Sony proprietary software etc, but this is unlikely I would say.
I'm thinking about buying a Z3c, but it sounds as though there with be no AOSP rom with all the display and camera enhancements. The most concerning thing is that there is no way to go back completely to stock as you can with a Nexus for example. Maybe I should just hope for a Z3c Google Play Edition? I'm going to have to check the other Z phone forums to see how big of a factor this is.
Can it be done?
math_green20 said:
Can it be done?
Click to expand...
Click to collapse
Nope.
Neither on Oreo nor on Pie.
now that the zero day exploit is known. would it be possible to downgrade to oreo and do the root method?
there is already a pixel 2 video going around being rooted with locked bootloader. the dev said he will release the method/app soon. watch below.
https://mobile.twitter.com/Digital_Cold/status/1182045384505466885?s=19
or does our kernel on oreo not have the vulnerability?
@j4nn already nailed it, but it seems that unfortunately backing up TA prior to unlock device bl is not the trick anymore.
That's right, it seems yoshino phones (xzp/xz1/xz1c) have been the last where we could restore drm keys via TA backup from a temp-rooted locked state, to get all drm functions working again (if kernel hiding bootloader unlock has been used with it).
Unfortunately with XZ2, restore of locked TA backup and even with running kernel hiding BL unlock does not restore drm functionality.
I am afraid the same behaviour would be with any newer sony phone.
i see, wel crap.. ?.
thanks anyway for answering guys. i might consider unlocking bootloader soon then, i need that dose of AOSP + Root on my sony
BADA 187 said:
i see, wel crap.. .
thanks anyway for answering guys. i might consider unlocking bootloader soon then, i need that dose of AOSP + Root on my sony
Click to expand...
Click to collapse
If you can wait I would recommend unlocking on Q.
P did vanish less drm stuff from TA than O.
Maybe Q does the same.
It doesn't matter for the SODP based custom roms here, just for the stock rom usage.
MartinX3 said:
If you can wait I would recommend unlocking on Q.
P did vanish less drm stuff from TA than O.
Maybe Q does the same.
It doesn't matter for the SODP based custom roms here, just for the stock rom usage.
Click to expand...
Click to collapse
thanks, i will wait then indeed. got other devices to play with for now