FORUMS
Remove All Ads from XDA

[PoC][Work in progress] Trim Area Proof Of Concept

7,385 posts
Thanks Meter: 19,563
 
By munjeni, Recognized Contributor / Recognized Developer on 8th February 2017, 12:16 PM
Post Reply Email Thread
Trim Area Proof Of Concept
Hello!

First of all this tool fully replaces DRM fix! So do not use our tool with DRM fix!!! I'm going to explain what is this, how it working. Everybody know what drm fix doing and everybody know whats happening when bootloader is unlocked. Ok. This PoC is designed for unlocked devices and makes things identic to having bootloader never unlocked! Which mean this is for peoples who have backup of the trim area BEFORE unlocking bootloader! This PoC mounts your trim area backup (TA.img) to the kernel loop5 device which makes your trim area like real trim area partition (in our case it mounts your backup TA.img and uses it instead of unlocked trim area partition) so everything after android boot up is like having locked bootloader which mean all drm keys, widevine keys and etc is fully functional! And most better thing, we can use PoC with AOSP, CM or whatever for having trim area fully functional!!!

Do in mind this is for stock roms only! Only nougat and marchmallow by now, some of before marchmalow too.

Supported kernel images:

- SIN (kernel.sin)
- ELF (kernel.elf)
- IMG (boot.img)

So you no need to extract elf from kernel since our tool extract any sony format, sin,img,elf autodetection.

Credits:

- I must give big creadits to @steom since he tested things very deeply on his xperia x compact, he tested things more than 7 days, he tested it very frequently and I must say... big respect to him! Thanks man!

- Also respect to @tobias.waldvogel ! His mkinitfs source code (idea about @perm appended to file names) helped me a lot making our tool for windows. His scripts helped me a lot figuring out all things! Thanks man! Original forum thread for tobias.waldvogel great work

- Uhh sorry, forgot to give credit to @osm0sis for great extended version of the boot image tools https://github.com/osm0sis/mkbootimg

- @serajr mate sorry, forgot your great scripts!

- @the_laser for figuring out that poc is working by directly using TA.img, no need to mount to loop, thanks man!
Attached Files
File Type: rar ta_poc.rar - [Click for QR Code] (3.57 MB, 92 views)
The Following 145 Users Say Thank You to munjeni For This Useful Post: [ View ]
 
 
8th February 2017, 12:16 PM |#2  
munjeni's Avatar
OP Recognized Contributor / Recognized Developer
Thanks Meter: 19,563
 
Donate to Me
More
How to extend our tool:

I have reserved some spaces for everybody who need to extend our tool (tool looks for user script.sh or script.bat), so if tool found user script tool will execute that scipt which mean everybody can make own scipt to extend ramdisk patching mechanism (e.g. to add su... etc). If tool didn't find user script, tool pause so you have enough time to modify everything you need manualy and continue tool by pressing any key on your keyboard. Tool didn't delete output folder so you can use for example something from unmodified boot.img-ramdisk.gz if you need. Also sepolicy binary file have a backup (backupsepolicy) so you can use it too if you need.

How to fix byself denials from dmesg:

This explains how: https://forum.xda-developers.com/sho...9&postcount=47
And finaly this is a tool: https://forum.xda-developers.com/sho...&postcount=120
The Following 34 Users Say Thank You to munjeni For This Useful Post: [ View ]
8th February 2017, 12:44 PM |#3  
munjeni's Avatar
OP Recognized Contributor / Recognized Developer
Thanks Meter: 19,563
 
Donate to Me
More
Everybody and every device is involved! You need at least good knownledge in getting logcat and dmesg if you want to help here! You can suggest, speak whatewer you want in this thread since this thread is for everybody! Need your words about tool and suggestions! Please if you want to post logcat or dmesg please use http://www.pastebin.com for it! If you need tool working for your device please get involved here!
The Following 25 Users Say Thank You to munjeni For This Useful Post: [ View ]
8th February 2017, 01:53 PM |#4  
munjeni's Avatar
OP Recognized Contributor / Recognized Developer
Thanks Meter: 19,563
 
Donate to Me
More
. .
The Following 9 Users Say Thank You to munjeni For This Useful Post: [ View ]
8th February 2017, 04:34 PM |#5  
Senior Member
Thanks Meter: 862
 
More
Quote:
Originally Posted by munjeni

That mean we can use stock camera blobs finaly with AOSP, CM or whatewer!!!

This will change everything regarding (not stock based) custom ROMs... If this is proved to work...
Outstanding job! Even if this post has no logcat/dmesg attached I felt like that I have to say some respectful words!
The Following User Says Thank You to fluffi444 For This Useful Post: [ View ] Gift fluffi444 Ad-Free
8th February 2017, 05:02 PM |#6  
munjeni's Avatar
OP Recognized Contributor / Recognized Developer
Thanks Meter: 19,563
 
Donate to Me
More
Bootloop on nougat is solved now! New version is out! Soo close to get it working on nougat
The Following 13 Users Say Thank You to munjeni For This Useful Post: [ View ]
8th February 2017, 05:19 PM |#7  
Member
Thanks Meter: 10
 
More
I officially declare that the @munjeni PoC work! also with Nougat!
A new era is begun!
Attached Thumbnails
Click image for larger version

Name:	configuration.png
Views:	4948
Size:	95.0 KB
ID:	4034148   Click image for larger version

Name:	security.png
Views:	4898
Size:	51.8 KB
ID:	4034149   Click image for larger version

Name:	nougat x compact.png
Views:	4874
Size:	73.3 KB
ID:	4034150  
The Following 5 Users Say Thank You to steom For This Useful Post: [ View ] Gift steom Ad-Free
8th February 2017, 05:32 PM |#8  
Member
Flag Katowice
Thanks Meter: 5
 
More
Does it mean, that camera will now work well on Xperias with Nougat AOSP?

Anyway it's big success.
8th February 2017, 05:53 PM |#9  
nailyk's Avatar
Senior Member
Thanks Meter: 1,594
 
More
haha was thinking of the same thing some weeks ago
tad_static can be cheated easily but what about suntrold and rmt_storage?
Where are your sources please?
8th February 2017, 06:10 PM |#10  
Hamidreza2010's Avatar
Senior Member
Thanks Meter: 466
 
More
Quote:
Originally Posted by steom

I officially declare that the @munjeni PoC work! also with Nougat!
A new era is begun!

Bro i want to test on my z5 dual but dont know what should i do it
can you explain clearly?
thanks
8th February 2017, 06:15 PM |#11  
maksim_kw's Avatar
Junior Member
Flag Kaliningrad
Thanks Meter: 14
 
More
having problems
Code:
hash:0x54288A7A calc_hash:0x54288A7A
hash:0x4CBAA939 calc_hash:0x4CBAA939
hash:0x9B8793E3 calc_hash:0x9B8793E3
hash:0x482AF9EB calc_hash:0x482AF9EB
device: F8331
serial number: CB512BEE32
drm key: 0001046B 0010 44 98 8A 61 A3 B2 10 48 02 19 38 59 73 7F 7E 52
Trim area dump is a valid.
Locked bootloader.
Deleting old folder ramdisk if exist...
if exist ramdisk (rd ramdisk /s/q)
returned: 0.
New directory ramdisk created.
Created ouput folder "out"
opening kernelX.sin
unable to open kernelX.sin
Kernel dump tool returned an error!
Mmm.... rename kernel.sin to kerlelX.sin helped
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes