iovyroot - (temp) root tool

Search This thread

dadreamer

Member
Dec 5, 2015
25
2
Hi!
I tried to check this tool to see how it goes on my device (which's not on the list but anyway). But I receive this error when launching tabackup.bat:
Code:
C:\adb>tabackup.bat
/system/bin/sh: /data/local/tmp/iovyroot: not executable: magic 7F45
rm failed for /data/local/tmp/tabackup/TA-*.img, No such file or directory
My dev's arch is ARMv7 (armv7l, armeabi-v7a). Is this iovyroot for arm64 or x86 only? Could anyone recompile, please?..

upd: I've got it compiled for armeabi from the sources.
 
Last edited:
  • Like
Reactions: KTK GRACER 1

dadreamer

Member
Dec 5, 2015
25
2
zxz0O0
Please, could you help me with the rooting of my device? It has PXN enabled even when it's on 32-bit arch. I want to defeat that with some JOP/ROP chain approach. Here you wrote that it's not so hard to do on 32-bits. Is that possible without pulling boot.img (cause no root and no public firmwares)?..
 

4RM4N1

Senior Member
Oct 25, 2014
202
33
Today I present you
iovyroot - (temp) root tool
based on CVE-2015-1805​

Requirements
  • USB debugging enabled
    Settings => About phone => Click 7 times on Android Build to unlock developer options
  • adb drivers installed
  • LP Kernel <= Dec 2015

Components
  1. Binary to get root shell
    • root/iovyroot
  2. Simple TA Backup / Restore script
    The author takes no responsibility
    • tabackup.bat & tarestore.bat (read second post for restore)

Download v0.4
If you found this tool useful, please consider donating (click here) :)


Supported models:
Code:
- M5 (all variants) (30.0.A.1.23 & 30.1.A.1.33)
- M5 Dual (all variants) (30.0.B.1.23 & 30.1.B.1.33)
- E5803 (32.0.A.6.200)
- E5823 (32.0.A.6.200)
- E6533 (28.0.A.8.266)
- E6553 (28.0.A.8.266)
- E6603 (32.0.A.6.152)
- E6633 (32.0.A.6.152)
- E6653 (32.0.A.6.152 & 32.0.A.6.200)
- E6683 (32.0.A.6.152)
- E6833 (32.0.A.6.170)
- E6853 (32.0.A.6.170 & 32.0.A.6.200)
- E6883 (32.0.A.6.160 & 32.0.A.6.170 & 32.0.A.6.209)
- SGP771 (28.0.A.8.260)
- SGP712 (28.0.A.8.260)
- LG G Flex 2 (5.1.1 LMY47S)
- Possibly all other devices with LP kernel from Dec 2015 or older

How to restore? When I doubleclick the .bat it says Error: Please specify a TA image to restore
when I drag the .img into the .bat the window appears and then close quickly...
 

eXI911

Member
Dec 28, 2013
18
1
My device is not supported.
Sony Xperia Z5 (32.4.A.1.54)

How can i backup my TA? Actual my bootloader is locked and the device is on stock and like a new one.
 

wihushae

Senior Member
Nov 17, 2013
182
23
hello! I've a Z5c (E5823) and downgraded it to 32.0.A.5.32 to use iovyroot but the console gives this error message:

iovyroot by zxz0O0
poc by idler1984

Error: Device not supported
rm: /data/local/tmp/tabackup/TA-*.img: No such file or directory

whats wrong here, how can i backup my keys?

Edit: with the version 32.0.A.6.200 on my device it worked flawlessly! Strange that the earlier version I tried didn't work...
 
Last edited:

flaxx187

Senior Member
Jun 23, 2013
135
4
hey my flashtool doesn't work he is freezing
and my imei number doesn't show in the flashtool



adb && oem is activ.

when i use the volume down taste i found nothing (under fastboot devices)
when i use the volume up taste i found my device (under fastboot devices) but it can't work because i get the error:
idk is my bootloader open ? in the config isn't the line "booatloader allowed" there stay only "root status: unknown"
target reported max download size
sending 'recovery' (15472 KB)...
OKAY [ 0.416s]
writing 'recovery'...
FAILED (remote: Command not allow
finished. total time: 0.439s

 
Last edited:

hylde

Member
Feb 13, 2010
13
1
Auckland
Downgraded to lollipop and used tarestore.bat. It says succesful but still have errors on service menu/security. I tried same ta backup with proof of concept and it works. Why cant I restore My ta backup for full locked state? Am using E6633 XZ5 Dual


EDIT: Tried with iovyroot v0.2 worked like a charm.:good: Idk why but v0.4 didn't work . In v0.4 it said succesful but my bootloader didnt get locked. in v0.2 it locked my bootloader and without any reset, I checked my security infos and keys were back to OK :). Try also with v0.2

v0.2 attached below :victory:

You are the legend! :good:
My phone keeps crashing and reboot with 0.4, now trying with 0.2 and it works! got the TA backup now.
Cheers!
 

ivanmemento

Senior Member
May 28, 2010
68
3
Hello, I have a special question, is possible to use my TA backup of Z5 6653 on my Z1 compact ?
And if i flash complete original firmware it have back all bionz features? (I mean if i don't restore ta)
 
Last edited:

Yaguznal

Member
Nov 30, 2013
7
5
Would anyone be so kind to reupload v0.4? The link in the OP is dead and v0.2 does not apear to work for my z3+.

Many thanks in advance!

Never mind! I found them somewhere else. I have attached them here for your leisure.
 

Attachments

  • iovyroot_v0.3.zip
    533.2 KB · Views: 642
  • iovyroot_v0.4.zip
    533.4 KB · Views: 2,203
  • iovyroot_v0.2.zip
    533 KB · Views: 528
Last edited:

Fricksinator

Member
Sep 11, 2012
7
5
In my PC it only generates a file with about 96 bytes is that normal? I'm using version 0.4, and have a E6833. Android version is lollipop. I just want to make sure before I unlock bootloader.
 
Last edited:

e-ghost

Member
Aug 24, 2012
41
1
How to add support to Xperia device with similar Xperia kernel?

Hi all, I see
SGP771 (28.0.A.8.260)
- SGP712 (28.0.A.8.260)
- LG G Flex 2 (5.1.1 LMY47S)
- Possibly all other devices with LP kernel from Dec 2015 or older

I have a JP Docomo version of Z4Tablet LTE, SO-05G (equal SGP771).
I downgraded to lowest ROM of Android 5.0.2 28.0.B.1.135 from https://androidfilehost.com/?fid=24549084345926132 :

SO-05G at 28.0.B.1.135 with kernel 3.10.49 built on Jun 12 19:38:37 2015
Then I comparing:
SGP771 28.0.A.8.260 is with kernel 3.10.49 built on Jun 5 18.:09:09 2015

As they look so alike and released at the same time to different region, I believe iovyroot should able to enable a temp root to SO-05G's 28.0.B.1.135 as well. However I tried both v0.2, v0.3 and latest v0.4 all said Device not supported. So I want to see if it is possible to modify any script so that I add support to it.

(NB. I have tried to flash the global 28.0.A.8.260 to SO-05G but always got an error at the following step:
"Processing of b2b.sin finished with errors"
then stop flashing and causing the Z4Tablet stop boot up. Seems it is impossible to use the
global 28.0.A.8.260 onto SO-05G. Please help me. Thanks!
:crying:
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 146
    Today I present you
    iovyroot - (temp) root tool
    based on CVE-2015-1805​

    Requirements
    • USB debugging enabled
      Settings => About phone => Click 7 times on Android Build to unlock developer options
    • adb drivers installed
    • LP Kernel <= Dec 2015

    Components
    1. Binary to get root shell
      • root/iovyroot
    2. Simple TA Backup / Restore script
      The author takes no responsibility
      • tabackup.bat & tarestore.bat (read second post for restore)

    Download v0.4
    If you found this tool useful, please consider donating (click here) :)


    Supported models:
    Code:
    - M5 (all variants) (30.0.A.1.23 & 30.1.A.1.33)
    - M5 Dual (all variants) (30.0.B.1.23 & 30.1.B.1.33)
    - E5803 (32.0.A.6.200)
    - E5823 (32.0.A.6.200)
    - E6533 (28.0.A.8.266)
    - E6553 (28.0.A.8.266)
    - E6603 (32.0.A.6.152)
    - E6633 (32.0.A.6.152)
    - E6653 (32.0.A.6.152 & 32.0.A.6.200)
    - E6683 (32.0.A.6.152)
    - E6833 (32.0.A.6.170)
    - E6853 (32.0.A.6.170 & 32.0.A.6.200)
    - E6883 (32.0.A.6.160 & 32.0.A.6.170 & 32.0.A.6.209)
    - SGP771 (28.0.A.8.260)
    - SGP712 (28.0.A.8.260)
    - LG G Flex 2 (5.1.1 LMY47S)
    - Possibly all other devices with LP kernel from Dec 2015 or older

    Credits:
    - @idler1984 for his poc and great help
    - @ninestarkoko and @rimmeda for testing
    - @ipromeh for fixing ta scripts

    XDA:DevDB Information
    iovyroot - (temp) root tool, Tool/Utility for the Sony Xperia Z5 Compact

    Contributors
    zxz0O0, idler1984
    Source Code: https://github.com/dosomder/iovyroot


    Version Information
    Status: Beta

    Created 2016-04-01
    Last Updated 2016-04-01
    47
    Reserved

    Questions

    Is it possible to get full root without bootloader unlock?
    • No, dm-verity prevents write access to system
    Can we disable dm-verity?
    • Temporarily yes, but it will be enabled again at next reboot. Any modification to /system would thus result in a bootloop. dm-verity resides in the kernel which we can't modify on locked bootloader.
    Can we restore TA partition after unlocking bootloader?
    How to restore TA partition?
    • Method 1:
      1. Flash stock firmware from flashtool (supported by iovyroot) (you are now unrooted)
      2. Use tarestore.bat from iovyroot
    • Method 2 (fully rooted & unlocked bootloader):
      1. Use BackupTA and option "Convert v4 backup"
      2. Restore backup with BackupTA
      3. Flash stock firmware with flashtool
    29
    For all of you who managed to backup for TA partition I created a new version of my kernel repack tool, which extracts the device key from your TA backup and reactivates it after unlocking your bootloader. This will make your DRM keys work the same ways as before.
    http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605/post64990566#post64990566

    Cheers Tobias
    20
    [*]Yes but this will also relock the bootloader. To keep bootloader unlocked and get DRM features back you can use this: http://forum.xda-developers.com/xperia-z5/development/sony-credentials-restore-unlocking-t3296383
    Congratulations, really an excellent job :D

    For the DRM fix I plan to release an alternative solution, which will use your original device key from the TA backup rather then injecting the credentials. This will make absolutely everything work.
    Future versions of my kernel repack tool will then accept an additional parameter with the TA backup and incorporate it into your kernel image.

    Unfortunately I unlocked my phone already long time ago, so would need a volunteer to PM me a TA backup of an unlocked phone for test purposes. I promise not to share it with anyone or publishing any parts of it.
    8
    Example :my phone was unlocked bootloader so do i have to flash original stock rom then restore TA by using tarestore.bat tool ? Or just use BackupTA instead and choose "Convert v4 Backup".

    You unlocked bootloader. Now you want to restore TA partition and relock bootloader again =>

    Method 1:
    1. Flash stock firmware from flashtool (supported by iovyroot) (you are now unrooted)
    2. Use tarestore.bat from iovyroot

    Method 2 (rooted & unlocked bootloader):
    1. Use BackupTA and option "Convert v4 backup"
    2. Restore backup with BackupTA
    3. Flash stock firmware with flashtool
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone