FORUMS
Remove All Ads from XDA

[TOOL] Xflasher (xperia command line flasher for pre 2017 devices)

8,596 posts
Thanks Meter: 21,399
 
By munjeni, Senior Member on 28th December 2014, 02:40 PM
Post Reply Email Thread
Disclaimer:

Xflasher tool was made for testing and educational purposes, ME is not responsible for what you do on/with your device using xflasher, you must agree that you using xflasher on your own risk, I am not responsible if you brick your device or anything!

How to use:

(2017 phones like xz premium which have usb vid : pid = 0fce : b00b is not supported since use new flashing protocol! Use newflasher tool if your device usb pid is B00B!!)
1. (this step only for windows version!) install usb drivers the same like one which you using with flashtool
2. simple put xflasher.XXX in firmware dir which is created by great @IgorEisberg tool caled XperiFirm, double click xflasher.exe (or execute xflasher.XXXX in case non windows version) it will create xflasher.bat (or xflasher.sh in case non windows version)
3. modify xflasher.bat (or xflasher.sh in case non windows version) for your needs
4. put your phone into flashing mode (do in mind its not fastboot mode, must be in flash mode!)
5. make sure your battery is enought charged at least 30 percent charged!!!
6. double click xflasher.bat (or run xflasher.sh in case non windows version) and wait until xflasher flash your rom
7. done
8. enjoy

Supported platforms:

- there is 3 versions, one is for Linux, one is for Windows, and one for Android! You can now flash phone trought another phone, so no more needs for PC!!!

Credits:

- @shoey63 for helping me deeply testing xflasher, thanks a lot man!
Attached Files
File Type: rar xflasher_v23.rar - [Click for QR Code] (1.46 MB, 3146 views)
The Following 53 Users Say Thank You to munjeni For This Useful Post: [ View ] Gift munjeni Ad-Free
 
 
29th December 2014, 02:52 AM |#2  
inunxelex's Avatar
Senior Member
Thanks Meter: 138
 
More
is it support for zeus mode xperia m ?
MOD EDIT @gregbradley
Quote removed, not needed and had large images
29th December 2014, 03:03 PM |#3  
Senior Member
Thanks Meter: 16
 
More
sorry if im wrong, but this will eventually be able to unlock bootloader?
29th December 2014, 03:23 PM |#4  
munjeni's Avatar
OP Senior Member
Thanks Meter: 21,399
 
Donate to Me
More
Quote:
Originally Posted by inunxelex

is it support for zeus mode xperia m ?

No, this tool use s1 protocol so all phones which use s1 protocol can use this tool!
29th December 2014, 03:23 PM |#5  
munjeni's Avatar
OP Senior Member
Thanks Meter: 21,399
 
Donate to Me
More
Quote:
Originally Posted by ayuready1989

sorry if im wrong, but this will eventually be able to unlock bootloader?

Only on bootloader unlock allowed phones!
30th December 2014, 08:30 PM |#6  
munjeni's Avatar
OP Senior Member
Thanks Meter: 21,399
 
Donate to Me
More
New version is out!

Changelog (v2):
- support for safety unlocking device bootloader (sha256 key check + check rooting alowed yes or no before unlocking)
- support for flashing all sin files from bundle but NOT BOOT BOOTBUNDLE! I will implement boot boondle soon (boot bondle mean: boot delivery from boot folder aka sbl1, s1sbl, dbi, aboot... so please do not flash them since if you flash wrong file you will hard brick your device!)!
- you can change usb VID and PID parameter (but in usb driver do it manualy by self)

Log about success in flashing some sin files is in attachment
Attached Files
File Type: txt loader.txt - [Click for QR Code] (17.0 KB, 556 views)
The Following 3 Users Say Thank You to munjeni For This Useful Post: [ View ] Gift munjeni Ad-Free
1st January 2015, 02:40 PM |#7  
mirhl's Avatar
Senior Member
Thanks Meter: 1,068
 
More
After the experience you acquired writing this tool and with the previous research , do you think it would be possible to make backups of TA partition (or at least that area of TA partition that stores DRM keys) even from an unrooted phone?

I mean, personally I have an Xperia S, but I was especially thinking to our friends with a Z3 that aren't able to preserve them atm.
The Following User Says Thank You to mirhl For This Useful Post: [ View ] Gift mirhl Ad-Free
1st January 2015, 10:49 PM |#8  
munjeni's Avatar
OP Senior Member
Thanks Meter: 21,399
 
Donate to Me
More
Good question! I thinked the same like you, but there is some problems, for example I have analysed ta and found 4 partitions inside ta, first one is 0100 (aka 01) and seccond one is 0200 (aka 02), booth 1 and 2 can be dumped trought special command to bootloader (flash tool dumping only partition 2 and not all units). But there is other two partitions which is 0101 and another one 0201, I have no idea how to send command to bootloader in order to dump them, for example for dumping first two partitions I need to send command OPEN_TA with partition number as parameter before sending command READ_TA unit, have tried many combinations for opening parrition 0101 but getting error reaply from bootloader which mean parameter error It will be a great having possibility dumping ta in full form without a needs having root, but seems its not possible by now, maybe in future we can do it.

Allso found something interesting. Dump.ta maded by our tool dumping partition 1 and 2, but flashing ta file only partition 1 data is writen since fitst parameter in file is 01 which mean "open partition 1", but to open seccond partition and write seccond partition data we must separate one file into two files since each partition and partition data must be separated since flashtool or s1tool can't see seccond partition parameter, so one file must be cut into 2 files before flashing! In any way you can not brick your phone by not separated files, but only partition 1 will be flashed.

Edit:
Drm keys and all things lives in partition 2 (on rooting allowed devices), I will need to compare s1 dump with ta dump and see what was not dumped from ta. Drm keys for sure missing, probably can not be dumped with reason since it will be easy way tricking Sony bootloader unlocking policy He have designed unlocking procedure to delete drm and probably his bootloader is designed to skip drm dumping Some units magic bytes is masked with ffffffff00000000, have no defined size in header...etc, which probably is with reason hiden to unit dumper command
The Following User Says Thank You to munjeni For This Useful Post: [ View ] Gift munjeni Ad-Free
2nd January 2015, 12:31 AM |#9  
zxz0O0's Avatar
Senior Member
Thanks Meter: 5,129
 
Donate to Me
More
munjeni, nice work. As fas as I researched, DRM keys are located in Unit 0x1046B. At least this is the unit which the bootloader deletes when it recognizes the device as rooted. I was not able to dump this unit via flashtool. Trying to flash it resulted in:
Code:
ERROR - ERR_SEVERITY="MINOR";ERR_CODE="0026";ERR_DYNAMIC="Not authenticated";
So I guess it's somehow special protected.

I was able to dump the unit with miscta_read_unit (you need atleast system privilegues) but not write to via miscta_write_unit (resulted in error code 3).
We should be able to dump all TA units with system user (in regards to the recent exploit which theoretically allows privilegue escalation to system user).

Problem is we can not simply restore them unless we find a way to generate a TA.img (with correct unit layout) out of unit data.
The Following 2 Users Say Thank You to zxz0O0 For This Useful Post: [ View ] Gift zxz0O0 Ad-Free
2nd January 2015, 10:39 AM |#10  
munjeni's Avatar
OP Senior Member
Thanks Meter: 21,399
 
Donate to Me
More
. .
The Following 7 Users Say Thank You to munjeni For This Useful Post: [ View ] Gift munjeni Ad-Free
2nd January 2015, 11:31 AM |#11  
zxz0O0's Avatar
Senior Member
Thanks Meter: 5,129
 
Donate to Me
More
Check TA.img from locked phone Unit 0x1046B is there with size 0x10. You can also check appsboot loader, if the device is rooted it deletes this unit.

I have used your ta_gen and it had unit 0x1046B inside resulted custreset.ta. You can flash this unit in emergency mode, but not normal mode (see previous post).
The Following 2 Users Say Thank You to zxz0O0 For This Useful Post: [ View ] Gift zxz0O0 Ad-Free
Post Reply Subscribe to Thread

Tags
command line flasher, xflasher, xflasher for xperia, xperia flasher
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes