And hence TA backup can be made only on rooted phone - there's no way to have this log empty.
I wonder how log looks like after unlocking BL.
[GUIDE] Back up DRM Keys & unlock/relock Bootloader (Noob proof)
- Thread starter zxz0O0
- Start date
I wonder how log looks like after unlocking BL.
Still the same the logs are still there. There's just some lines in the TA backup that got changed on the upper part. So that must be where the DRM keys are located(I know it's there because I got 20 different backups of both unlocked and lockesd TA partitions and compared then one by one). I also have a TA dump of an unlock bootloader in fact I made a flashable zip of my TA backup for locking(with DRM Keys) and unlocking my bootloader. That way I won't have to rely on a PC when I wanted to unlock or lock my bootloader.
I have a script where it dd's the TA partition to mmcblk0p1, checks the md5 of mmcblk0p1 and if it fails it dd again for up to 20 tries. And if it still fails shows a log on recovery that it fails and restores it back from previous state
Last edited:
How you did review of TA.img ?
I tried mount it under Linux directory with '-o loop' option but could not.
Don't know filesystem type.
Added later:
This vbindiff is good soft. Allows review binaries. Didn't know it until today.
Still I would like to see directory tree of this partition (if exists).
I tried mount it under Linux directory with '-o loop' option but could not.
Don't know filesystem type.
Added later:
This vbindiff is good soft. Allows review binaries. Didn't know it until today.
Still I would like to see directory tree of this partition (if exists).
Last edited:
Sounds cool, mind to share the script? By the way as far as I know flashing firmwares does not void warranty and even if it would, I'm pretty sure it's not hard to fake the log.Still the same the logs are still there. There's just some lines in the TA backup that got changed on the upper part. So that must be where the DRM keys are located(I know it's there because I got 20 different backups of both unlocked and lockesd TA partitions and compared then one by one). I also have a TA dump of an unlock bootloader in fact I made a flashable zip of my TA backup for locking(with DRM Keys) and unlocking my bootloader. That way I won't have to rely on a PC when I wanted to unlock or lock my bootloader.
I have a script where it dd's the TA partition to mmcblk0p1, checks the md5 of mmcblk0p1 and if it fails it dd again for up to 20 tries. And if it still fails shows a log on recovery that it fails and restores it back from previous state
I also recommend WinMerge (free) and Beyond Compare (paid) :good:
And check out this: http://xdaforums.com/showpost.php?p=40348633&postcount=119
You can't... The partition is encrypted. If it were possible to mount and browse it then I'm pretty sure the devs here already made a way to unlock our bootloader without deleting the DRM Keys. This is what happened on the Xperia 2011 devices... The TA partition can be mounted by shorting some connectors in the board hence we manage to unlock the devices without erasing DRM Keys.
I just made the script like 2 days ago though... I am very reluctant to share it to the public specially if it's not fully tested yet. I don't wanna get blames if someone bricked their device using my script. TA partition is a very sensitive partition. Messing it would render your device useless and unrecoverable unless you have those boxes to write specific data on boards without having to boot it.
Although I did try it 6 times already and so far so good
Haven't manage to try the fail safe codes though(Like I'm not sure if my script would work in case of a md5 mismatch).Also yeah flashing firmwares doesn't void warranty but flashing a firmware of a different device would!
Also it's hard to fake the logs specially if it's inside the TA partition. In fact there's no way we could alter it. Or maybe we can alter it using hex but I wouldn't risk my chances faking a log over permanently bricking my device.
Last edited:
I don't discuss facts but this thing is funny.
On encrypted partition you would never catch any sense in what you see.
Here you may do it.
------------------------ small part of hex view -----------------------------
A.R.E._. V.E.R._. M.I.N.O. R...F. E.A.T.U. R.E.S.. .T.E.M. P.L.A.T. E..0.. .T.E.M. P.L.A.T. E...C. L.O.C.K. .1../. C.L.O.C. K...... .S.E.C. U.R.E.C. L.O.C.K. ..U.R. L..h.t. t.p.:./. /.g.o... m.i.c.r.
------------------------------------------ end ------------------------------------
If I would want hide something - I would do it better.
Well there are 2 types of encryption...
The first one would be data encryption. That would surely encrypt all the data contents like the one you're talking about. This encryption is secure but also take too much resources to decrypt hence not very resource friendly.
second should be disk encryption. That is by locking a disk image for use without a passcode or something. Ubuntu and Windows both use disk encryption but a simple dd image of both can also show some minor data info like filenames etc. This encryption just encrypts the header of the image so it won't be readable and mountable without decrypting it first. Hence why the data is partially readable.
It is actually possible to decode this by understanding the algorithm used in this encryption however it would take too much time. A time that would be very easy for sony to patch up and waste an effort
The first one would be data encryption. That would surely encrypt all the data contents like the one you're talking about. This encryption is secure but also take too much resources to decrypt hence not very resource friendly.
second should be disk encryption. That is by locking a disk image for use without a passcode or something. Ubuntu and Windows both use disk encryption but a simple dd image of both can also show some minor data info like filenames etc. This encryption just encrypts the header of the image so it won't be readable and mountable without decrypting it first. Hence why the data is partially readable.
It is actually possible to decode this by understanding the algorithm used in this encryption however it would take too much time. A time that would be very easy for sony to patch up and waste an effort
Guide worked perfectly for me on my new Z1C. Only did first part though as just wanted root at the minute. Thanks
Sent from my D5503 using Tapatalk
Sent from my D5503 using Tapatalk
Can someone please tell me how to now boot into recovery. When I turn the phone on I don't get the led lighting up so when I press the volume up button it just boots normally. Also tried ndr tools and again it just boots normally?
Sent from my D5503 using Tapatalk
Sent from my D5503 using Tapatalk
Try also volume down key. If you can't get into the recovery anymore you probably did some steps wrong (maybe missed step 19.2). If you still have root, you can try with Z1C-lockeddualrecovery(...)installer.zip's install.bat (choose installation on rooted phone).
I figured out what I missed. I didn't select the clean to install new rom option. I completed all the steps again after trying the install.bat again and the only thing I did differently was select that option.
Everything is working like a champ now. Thanks
Sent from my D5503 using Tapatalk
Everything is working like a champ now. Thanks
Sent from my D5503 using Tapatalk
im stuck at step 19.. each time when i want to flash the zip file, the screen goes black and after a second im back at the recovery menu.. it happens with all of the 3 zip files.. please help
In which recovery menu are you? Philz touch, TWRP or CWM?
And which dualrecovery version did you use (installer)?
im in Philz and I installed 2.7.97
i'm trying it the whole time.. the screen goes black and i return to the recovery menu.. 30 min ago i just started my phone at this point but i got stuck at the sony logo... so if i start it now i think the same is going to happen
thanks
Last edited:
Try booting to TWRP recovery (hold Volume DOWN instead of UP). I think Philz recovery is broken in 2.7.97.
You did flash 4.3 as stated in the guide, not 4.4 right?
thanks i will try it tonight...
i have another question... when i run that bat. file.. at the end i don't get a message that my device is rooted.. it says: ''WATING FOR DEVICE TO REBOOT!!'' and then i get a violet light and my phone doesn't reboot... is that oke? I have to reboot it manually but nowhere i get a message that my device is rooted..
Might be a problem with 2.7.97. If it doesn't work, try with version 2.7.95 or 94
I've also a problem with the new 2.7.97 version. The LED never turns green so it always boots normally. I tried it 2 times.
Now I try it again with the old version.
Edit: Ok it wasn't the recovery. I don't know why it doesnt't work 2 times but now it workes with the new recovery.
Last edited:
As of November 2013 the Z1's camera doesn't work when bootloader is unlocked. Camera Still Broken After Custom Rom? - xda-developers
Okay; nevermind.
Xperia Z1 bootloader camera issue resolved in Android 4.3 update | Xperia Blog
Last edited:
poop... I followed the guide, but now when I try to reboot the phone only shows the Sony logo.. any ideas where I should restart? from the beginning? or the try to flash the last file in flashtool?
additional info:when the phone is off, and I plug in the USB the LED shows: RED then quickly GREEN. and I get the "connection" sound from windows
additional info:when the phone is off, and I plug in the USB the LED shows: RED then quickly GREEN. and I get the "connection" sound from windows
Last edited:
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
105This is a step by step tutorial on how to back up your DRM keys (TA Partition, to revert to factory state in case of warranty issue) and unlock the bootloader. After unlocking the bootloader you will lose your DRM keys so it's good to make a backup of it (it's optional though). Basically no DRM keys means no warranty and unlocked bootloader means no warranty. Read also here for additional info: http://xdaforums.com/showthread.php?t=2292598
Make sure to read the 'Questions' (bottom of the post) if you encounter any problems!
Rooting
First of all you need to have root access to backup your DRM keys.
Follow this thread to get root: http://xdaforums.com/showthread.php?t=2784900
Old method:
DRM keys Backup
Now since your phone is rooted you can proceed with backing up your DRM keys (TA partition). Follow these steps:
- Enable USB debugging on your phone (go to Settings => 'About phone' and press 7 times on 'Android Build'. This will unlock the Developer options in Settings. Enable USB debugging under Developer options and check 'Unknown sources' under Security.)
- Download Backup TA and start Backup-TA.bat ( http://xdaforums.com/showthread.php?t=2292598 )
- Select Option 1 (Backup) to backup your TA partition
- After the process succeded your backup will be in the folder backup/ (Make a backup of the backup!)
- Congratulations, you have now a backup of your DRM keys. You can also use Backup TA to restore your TA partition. It is recommend to have the same firmware when restoring as you had when you backed it up (see here: http://xdaforums.com/showpost.php?p=52745293&postcount=299 )
Unlocking bootloader
Now if you have a backup of your DRM keys you are ready to unlock the bootloader. You need to have an unlocked bootloader to install Custom Roms, test builds, etc.
Make a backup because your SD card will be formatted!
Follow this guide to unlock the bootloader: http://xdaforums.com/showthread.php?t=2440597
Yes, it also works for Z1 Compact, all the steps are the same. You can skip installing the drivers since you should already have them from the steps above.
Relock bootloader only
If you want to relock your bootloader (e.g. for downloading official sony updates in Sony Update Service) you can do so with flashtool. This only works if you already unlocked the bootloader with the official method.
Note: This does not restore the DRM keys. If you have a warranty issue you should restore your TA parition (which will relock your bootloader and restore DRM keys) with Backup TA.
- Open flashtool
- Click on the BLU icon
- Connect your phone in flashmode (hold volume down and plug in your USB cable)
- Flashtool will ask you about the device model, choose Sony XPERIA Z1 (if Z1 compact is not in the list)
- Flashtool will read your IMEI and your unlock code. Check if those are correct (compare unlock code with the one you received by email from Sony when you unlocked the bootloader)
- Flashtool will save the unlock code in its program folder under custom/mydevices.
- Click "Lock bootloader" (-> If you want to unlock it again, repeat the steps (it will automatically detect that your bootloader is locked))
Questions
- How do I power off my phone if the screen is blank or the phone is not responding? (Force power off)
- My Antivirus detects flashtool as malware?
- How can I verify if my bootloader is locked/unlocked?
- I am currently on firmware x, can I still follow this guide?
- How to remove recovery and root?
Questions from old guide:
Many thanks to:
- Darkimmortal
- RyokoN
- [NUT]
- DooMLoRD
- All the great devs that made these tools
- raph84
8Hi guys, thanks first up for ALL the help i've been getting in the Q&A section... like santaCruz guy above, I almost am ready to chuck this phone.
Last week I followed this root procedure and it worked. After playing with ROMs today and wanting to restart/reset, I followed the same procedures from Step 1 ... but noticed THEY HAVE BEEN UPDATED RECENTLY WITH NEW FILES REQUIRED.
I can confirm that (same as santaCruz above) that this procedure does NOT work using the D5503_14.3.A.0.757_Generic_UK-nosystem.ftf file.
I downloaded the old "681" file and flash ... it gets me to PhilZ boot recovery ... i.e. I now get to step 17 and continue my journey.
Can someone please look into this!5Hi guys! Maybe this little note would be a good caution to some...
Caution:
Restoring a TA Backup from JB on a KitKat ROM breaks X-Reality engine temporarily on your phone. A fix for this is to
1. Reflash the whole KitKat FTF(exclude system & check reset customizations)
2. Factory reset your phone.
Without doing the steps above you won't be able to play Music/Video Unlimited & X-Reality on your phone even if you already restored your DRM keys and have a locked bootloader.4Hi zxz0O0,
Thanks for writing this up, even though it's essentially a rewrite of Darkimmortals tutorial.
Please be aware that this is not quite "Noob proof" yet!
As someone who hasn't flashed an Android phone since 2011, I ran into a few issues / concerns:
a) "Install fastboot & flashmode drivers from Flashtool"
Depending on the operating System (for me: Windows 8.1 x64), Driver Signature check needs to be disabled in order to do that.
b) Zips to SD-Card: It's worth pointing out that "put it on your SD Card" literarilly means "Copy the ZIP to the root of your SD Card". I wasn't sure (should I unzip it? What to do with it?)
c) It would make sense to add the flashing instructions before the "flash..." statement.
I was smart enough to read the full instructions, yet I can imagine some people to read "flash C6903 (...)"... okay. Click flash, continue reading: "select Wipe [Uncheck ALL]" oh no!
d) "Run Z1C-lockeddualrecovery(...)installer.zip's install.bat"
In order to do that, you need adb-tools (the bat would just throw "File not found" errors), possibly also extract the content of the ZIP to the ADB-Tools directory (that's what I did).
e) "Now format /system"
Afraid to do the wrong thing, I read this six times and checked Darkimmortals instructions "Factory reset and clear for rom installation" [this appeared a bit more clear]
The actual steps are called
1: "Wipe Data/Factory Reset"
2: "Clean to Install a New ROM"
Note that I stopped after "Congratulations, your phone is now rooted (bootloader still locked)"
I just wanted Root for some tools and am quite happy with the factory Rom (want to keep my DRM Keys and Warranty).
Thanks!
raph3Go to Backup TA folder, open folder backup/ and extract your TA backup. Open TA.img in hex editor (or text editor probably also works) and search for "NEW_VERSION" (first occurence), shortly after that there should be "fs_version:" (e.g. mine is fs_version:EURO-LTE_14.2.A.1.114 => so I would use 14.2.A.1.114 to restore my TA backup)
