Backup TA Partition?

jimmygumble

Senior Member
Nov 26, 2016
59
17
8
Hello,
is it possible to backup the TA Partition on XA2? Didn't find any tools or guides for it.

Thanks in advance
I think it's possible to back up most partitions on Android phones. The problem is that you would need get full access to your phone by unlocking the bootloader. A process that wipes the TA partition and your DRM keys which makes the backup pointless.

A classic chicken and egg scenario.
Older xperias used an exploit to get elevated access to the phones internals which allowed for a ta partition backup I think.

To answer your question, no it's not possible until an exploit is found sadly. I'd say there's about zero percent interest in that for this phone judging by the level of developer participation in the forums with respect to other phones here.
 
  • Like
Reactions: Schritti

DrYak

Member
Aug 4, 2017
9
3
0
Older xperias used an exploit to get elevated access to the phones internals which allowed for a ta partition backup I think.

To answer your question, no it's not possible until an exploit is found sadly.
Yong Wang, a.k.a. ThomasKing, the researcher behind the KSMA (Kernel Space Mirroring Attack) used in some of the step of j4nn's excellent renosploit tool, will be presenting a new exploit at an upcoming conference:

From zero to root: Building universal Android rooting with a type confusion vulnerability
Given the name, it probably relies on CVE-2018-9490 which is more recent than the older firmware of Xperia XA2 / -Ultra / -Plus.
So an exploit usable for TA back up on XA2 (and other smartphones too recent for the renoploit to work) is getting quite realistic.
 

Lockerecca

Member
May 21, 2011
13
3
0
ok i buy a phone listed on lineageos. but can`t make ta backup = no install full lineageos
snif snif

waiting new info backup ta and get posible a normal phone...
usb-c hdmi No work
music... headphones volumeup+2sec = No Work... no track skip..
security updates..... = old....
powerbutton+3 sec = no flash Ligth
from sony music app.... = removed on new sony line dnla support (AK Trow)
not sure.. 32Gb = 9gb for user...

happy waiting exploit for get TA Backup to drive + Install Lineageos + restore TA = 90% fix and posilbe play
super mario..... miracast stream all audio to dnla (root Air Audio)

is not bad phone but details inside android.... not like and surprise me.
 

cojocar.andrei

Senior Member
May 29, 2008
462
119
63
Has anybody tried latest kingroot, maybe this app can crack the kernel security and install root on a locked phone so we can backup the ta partition?
 

Son-Y

Member
Mar 14, 2016
25
1
3
Hi there.

I am looking for a way to backup TA from my XA2 (H3113).
Have tried this: temp root exploit for sony xperia XZ1c/XZ1/XZp with oreo firmware after downgrade to 8.0.0 Oreo (50.1.A.4.76-R1A).

Unfortunately tells me that my device is not supported.

H3113:/data/local/tmp $ ./bindershell

bindershell - temp root shell for xperia XZ1c/XZ1/XZp using CVE-2019-2215 https://github.com/j4nn/renoshell/tree/CVE-2019-2215

MAIN: starting exploit for devices with waitqueue at 0x98
PARENT: Reading leaked data
PARENT: leaking successful
MAIN: thread_info should be in stack
MAIN: parsing kernel stack to find thread_info
PARENT: **fail** clobber value doesn't match: is 0 but should be abcddeadbeef1234
CHILD: **fail** iovec clobbering didn't work
PARENT: Reading leaked data
PARENT: Reading extra leaked data
MAIN: **fail** retrying
PARENT: Reading leaked data
PARENT: Reading extra leaked data
CHILD: **fail** problematic address pointer, e.g., 0
MAIN: **fail** retrying
PARENT: Reading leaked data
PARENT: Reading extra leaked data
PARENT: leaking successful
MAIN: it took 2 tries, but succeeded
MAIN: task_struct_ptr = ffffffcd1304ec00
MAIN: thread_info_ptr = ffffffccf1124000
MAIN: Clobbering addr_limit
MAIN: should have stable kernel R/W now
target 'H3113_50.1.A.4.76' not supported

Maybe R/W still works?
So I tried to extract TA by dd.
But it DID NOT work.

It's a shame there seems to be no way to extract TA. Even though XA2 is a device officially supported by LineageOS. :confused:

cd /data/local/tmp
dd if=/dev/block/bootdevice/by-name/TA of=TA-locked.img
dd: /dev/block/bootdevice/by-name/TA: Permission denied

Has someone been successful?
 
Last edited:

Seppppx

Senior Member
Jul 27, 2019
272
41
28
Hi there.

I am looking for a way to backup TA from my XA2 (H3113).
Have tried this: temp root exploit for sony xperia XZ1c/XZ1/XZp with oreo firmware after downgrade to 8.0.0 Oreo (50.1.A.4.76-R1A).

Unfortunately tells me that my device is not supported.

H3113:/data/local/tmp $ ./bindershell

bindershell - temp root shell for xperia XZ1c/XZ1/XZp using CVE-2019-2215 https://github.com/j4nn/renoshell/tree/CVE-2019-2215

MAIN: starting exploit for devices with waitqueue at 0x98
PARENT: Reading leaked data
PARENT: leaking successful
MAIN: thread_info should be in stack
MAIN: parsing kernel stack to find thread_info
PARENT: **fail** clobber value doesn't match: is 0 but should be abcddeadbeef1234
CHILD: **fail** iovec clobbering didn't work
PARENT: Reading leaked data
PARENT: Reading extra leaked data
MAIN: **fail** retrying
PARENT: Reading leaked data
PARENT: Reading extra leaked data
CHILD: **fail** problematic address pointer, e.g., 0
MAIN: **fail** retrying
PARENT: Reading leaked data
PARENT: Reading extra leaked data
PARENT: leaking successful
MAIN: it took 2 tries, but succeeded
MAIN: task_struct_ptr = ffffffcd1304ec00
MAIN: thread_info_ptr = ffffffccf1124000
MAIN: Clobbering addr_limit
MAIN: should have stable kernel R/W now
target 'H3113_50.1.A.4.76' not supported

Maybe R/W still works?
So I tried to extract TA by dd.
But it DID NOT work.

It's a shame there seems to be no way to extract TA. Even though XA2 is a device officially supported by LineageOS. :confused:

cd /data/local/tmp
dd if=/dev/block/bootdevice/by-name/TA of=TA-locked.img
dd: /dev/block/bootdevice/by-name/TA: Permission denied

Has someone been successful?
you need to add the kernel offsets, I'm not willing to do much research, but I found this
 

Son-Y

Member
Mar 14, 2016
25
1
3
you need to add the kernel offsets, I'm not willing to do much research, but I found this
Hi Sepppx.
Sounds interesting. But to be honest this is too complicated for me. Don't want to mess up/brick my device.
Thanks anyway!

It seems I'll have skip my TA-Backup and DRM-Keys and just go for the unlock…