Help with Bacup TA > UL > Root > Unroot > ReLock BL/Restore TA

dillalade

dillalade

Senior Member
Sep 28, 2009
1,543
365
113
Richmond
Dec 13, 2016 at 11:44 PM
Hi all,

So I read people are now able to backup TA partition (DRM Keys) before Unlocking the Bootloader.

Keep in mind my aim for instance here is to install BBS (Better Battery Stats app) onto the system partition for full battery stats.

Now my question is can the below tasks be achieved in this order.:

1. Downgrade to an exploitable Firmware (MM?)
2. Backup TA partition
3. UL BL (Unlock Bootloader)
4. Root device
5. Install BetterBatteryStats onto System partition.
6. Unroot device
8. L BL (Lock Bootloader)
9. Restore TA partition.

And where in this list would be best to upgrade to Nougat.

I believe I achieved something similar on my z5c, but it's been a while now since I've wanted to root. But given the recent TA exploits I'm thinking it's time to geek again.

I believe if we can define the above process explicitly, many people would be happy.

As much information, direction, insight, instructions on all of the points above would be greatly appreciated by and for my.fellow XZ'ers :fingers-crossed:
 
gregbradley

gregbradley

Retired Forum Moderator
Mar 23, 2011
12,042
6,493
0
Probably marking work or drinking beer...Maybe bot
Dec 14, 2016 at 6:25 AM
Sonic Dash said:
I'm also curious on how to unlock, root and restore
I know it was possible to be rooted with locked bootloader on Z3 but have not seen how to on the XZ yet
Click to expand...
Its not possible to have root on a locked bootloader on the XZ.

dillalade said:
Hi all,


Keep in mind my aim for instance here is to install BBS (Better Battery Stats app) onto the system partition for full battery stats.

And where in this list would be best to upgrade to Nougat.
Click to expand...
Try this
  • Downgrade to MM
  • Backup TA
  • Upgrade to Nougat
  • Unlock bootloader and root
  • Install BBS
  • Remove root and relock bootloader
I have no guarantee it will work though and the DM-verity would probably lead to a bootloop or a non booting device. Be sure you know how to get out of this before you proceed.
 
Last edited:
gregbradley

gregbradley

Retired Forum Moderator
Mar 23, 2011
12,042
6,493
0
Probably marking work or drinking beer...Maybe bot
Dec 14, 2016 at 7:00 AM
Sonic Dash said:
What's the reason for this?
Doesn't the Z3 have similar protection as the XZ?
Click to expand...
No, the XZ has verified boot security (DM-verity). The bootloader will not allow a non signed kernel to boot. Stock kernels will not allow a modified system to boot. Hence you need to unlock the boot for the phone to boot if you change the system partition by just one bit....
 
  • Like
Reactions: Sonic Dash
Sonic Dash

Sonic Dash

Member
Nov 6, 2016
23
4
0
Manchester
Dec 14, 2016 at 7:18 AM
gregbradley said:
No, the XZ has verified boot security (DM-verity). The bootloader will not allow a non signed kernel to boot. Stock kernels will not allow a modified system to boot. Hence you need to unlock the boot for the phone to boot if you change the system partition by just one bit....
Click to expand...
Okay that makes sense, so with it being unlocked is there any way to hide the device unlocked screen at boot?

Im sure I also have seen talks about DRM keys being flashed in and being possible to use with unlocked bootloaderers did anything ever come of that?
 
gregbradley

gregbradley

Retired Forum Moderator
Mar 23, 2011
12,042
6,493
0
Probably marking work or drinking beer...Maybe bot
Dec 14, 2016 at 7:28 AM
Sonic Dash said:
Okay that makes sense, so with it being unlocked is there any way to hide the device unlocked screen at boot?

Im sure I also have seen talks about DRM keys being flashed in and being possible to use with unlocked bootloaderers did anything ever come of that?
Click to expand...
I do not know any way of hiding the screen. Also, the DRM fix that is used with an unlocked bootlader is not a full restore of the keys. DRM functionality is restores and to my knowledge it is not 100% the same as restoring the TA partition fully.
 
Sonic Dash

Sonic Dash

Member
Nov 6, 2016
23
4
0
Manchester
Dec 14, 2016 at 7:53 AM
gregbradley said:
I do not know any way of hiding the screen. Also, the DRM fix that is used with an unlocked bootlader is not a full restore of the keys. DRM functionality is restores and to my knowledge it is not 100% the same as restoring the TA partition fully.
Click to expand...
After some research it seems like this warning is stored in the logo.

I found a post from a few months back with a guide on how to remove it for the Moto G4

Maybe its the same for our XZ?
 
dillalade

dillalade

Senior Member
Sep 28, 2009
1,543
365
113
Richmond
Dec 14, 2016 at 9:50 AM
gregbradley said:
Its not possible to have root on a locked bootloader on the XZ.



Try thisDowngrade to MM
Upgrade to Nougat
Install BBS
Remove root and relock bootloader

I have no guarantee it will work though and the DM-verity would probably lead to a bootloop or a non booting device. Be sure you know how to get out of this before you proceed.
Click to expand...

Not sure I follow your procedure, seems redundant, I assume you've missed out a few steps there by accident.

But thanks anyway.

However, if the DM verity you mention does what it should then I guess by editing the system partition as I proposed and then relocking would cause a bootloop.

I hope there is a way and perhaps others can share more insight.
 
gregbradley

gregbradley

Retired Forum Moderator
Mar 23, 2011
12,042
6,493
0
Probably marking work or drinking beer...Maybe bot
Dec 14, 2016 at 10:10 AM
dillalade said:
Not sure I follow your procedure, seems redundant, I assume you've missed out a few steps there by accident.

But thanks anyway.

However, if the DM verity you mention does what it should then I guess by editing the system partition as I proposed and then relocking would cause a bootloop.

I hope there is a way and perhaps others can share more insight.
Click to expand...
Your quote has missed some of the steps I mentioned...
•Downgrade to MM
•Backup TA
•Upgrade to Nougat
•Unlock bootloader and root
•Install BBS
•Remove root and relock bootloader

But yes, I presume a bootloop will result from it
 
  • Like
Reactions: dillalade
serajr

serajr

Recognized Developer / Recognized Themer
Apr 21, 2011
5,011
18,603
263
São Paulo - SP
Dec 14, 2016 at 12:38 PM
dillalade said:
Hi all,

So I read people are now able to backup TA partition (DRM Keys) before Unlocking the Bootloader.

Keep in mind my aim for instance here is to install BBS (Better Battery Stats app) onto the system partition for full battery stats.

Now my question is can the below tasks be achieved in this order.:

1. Downgrade to an exploitable Firmware (MM?)
2. Backup TA partition
3. UL BL (Unlock Bootloader)
4. Root device
5. Install BetterBatteryStats onto System partition.
6. Unroot device
8. L BL (Lock Bootloader)
9. Restore TA partition.

And where in this list would be best to upgrade to Nougat.

I believe I achieved something similar on my z5c, but it's been a while now since I've wanted to root. But given the recent TA exploits I'm thinking it's time to geek again.

I believe if we can define the above process explicitly, many people would be happy.

As much information, direction, insight, instructions on all of the points above would be greatly appreciated by and for my.fellow XZ'ers :fingers-crossed:
Click to expand...
It won't work! As @gregbradley said, dm-verity does not allow unsigned partitions (eg modified /system) to be loaded, and the procedure you wanna try will result in a bootloop for sure!

Now that we have a specific tool to perform backup of TA partition, "safe" root came true. So why not to do that?
You can always restore your original TA.img and flash full stock firmware, which will give you a locked device like the never-unlocked one!

Anyway... try it at your own risk!
 
Last edited:
  • Like
Reactions: dillalade and gregbradley
Y

YoLO13

Member
Apr 26, 2014
19
3
0
Dec 28, 2016 at 12:24 AM
s-6182 said:
How to convert ta.img to file ta.zip flash twrp
Click to expand...
Just realised, you won't need to convert anything!
In TWRP, select - Install Image (under Install button on the home menu) and locate the TA.img from there.
Apparently, you might not need to flash stock firmware afterwards, but I would do that if I were you just to make sure everything works cleanly!
 
Last edited:
F

FerhaDo

Member
Apr 2, 2015
29
1
0
Dec 28, 2016 at 5:24 PM
gregbradley said:
No, the XZ has verified boot security (DM-verity). The bootloader will not allow a non signed kernel to boot. Stock kernels will not allow a modified system to boot. Hence you need to unlock the boot for the phone to boot if you change the system partition by just one bit....
Click to expand...
Why did Sony do that?
I just dont want to see ads in games and apps.
For these, root was enough. At least my old Z3 phone.
I do not want to open the unlock bootloader, because the device may have serious performance degradation especially on the camera, right?!
Is it possible in the near future to make root without unlock bootloader ?

P.S.: If I knew that, I would not buy XZ. :(
 
DHGE

DHGE

Senior Member
Jun 20, 2015
600
282
93
coastal paradise
Dec 29, 2016 at 10:51 AM
please stop the discussion on SONY's security measures here

FerhaDo said:
I do not want to open the unlock bootloader, because the device may have serious performance degradation especially on the camera, right?!
Is it possible in the near future to make root without unlock bootloader ?
Click to expand...
This has been beaten to death in the post Z3 devices fora.

You can read A LOT about in e.g. the Z5 section.

Authorative Guide:
http://forum.xda-developers.com/crossdevice-dev/sony/noob-guide-to-sony-ericsson-xperia-t3209012
 
  • Like
Reactions: FerhaDo
You must log in or register to reply here.

New posts

Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone