[MM / N] [LB] Dirtycow Temp Root Shell and Debloat Script (Freeze Unwanted Apps)

p0kemon

p0kemon

Member
Nov 28, 2016
49
90
0
in oob of the nand memory
Dec 6, 2016 at 6:11 PM
serajr said:
Bro... How did you manage to extract them? X Compact with locked BL, right? :confused:
Click to expand...
trimarea.img is from Z3! I didn't found unit 1046b in trimarea.img, @DannyWilde did you restored locked trim area befere you unlocked bootloader using flash tool?

Edit:
On seccond file TA.img which is locked trim area dump I not found unit 1046b in backup partition, its not twice present like on z1 line so have no sense using flash tool unlocking method, so that confirm that we still need system user at least for dumping trim area unit 1046b trought libta.so which is realy worst case since if we get that system user at least we are so close to root user, I think wasting time with trim area hack have no sense, right? :(

Edit:
On @shoey63 the same thing, no backup of the unit 1046b :(

One more thing on z3 and on x compact found unit headers with:
1. C1 E9 F8 3B 32 32 32 34
2. C1 E9 F8 3B FF FF FF 34

and unused blocks is filled with 0x10 and some with 0x32, why that differs I realy have no idea :( I realy thinked it differs since some dumps is from 64 bit device, but no, it differs on z3 too which is 32 bit device. On trim area which I started working its diferent:
booth 1. & 2. is C1 E9 F8 3B FF FF FF FF and all unused blocks is filled with 0xFF. What can be happen if we reconstruct things on x comact and z3 like format which I'm working on I have no idea. I will wait somebody with broken z3 to test reconstructed trim area, until that happen I realy no want to risk somebody brick phone by this tool :(

Edit (sorry!):
Hey but I forgot @istux z3, on his phone we got success by reconstructing his trim area! It was in format like one which I am using and no brick happened!
 
Last edited:
  • Like
Reactions: DannyWilde and serajr
D

DannyWilde

Senior Member
Nov 1, 2016
105
15
0
Dec 6, 2016 at 7:38 PM
Sorry @serajr,
I didn't want to confuse you, TA image and backup are from z3 compact.

---------- Post added at 08:38 PM ---------- Previous post was at 08:30 PM ----------

@p0kemon,
Bootloader of z3c was never opened before. I did backup with back tool before I unlocked bootloader. I can restore and try once more. But it wouldn't change anything, right?
 
  • Like
Reactions: p0kemon
p0kemon

p0kemon

Member
Nov 28, 2016
49
90
0
in oob of the nand memory
Dec 6, 2016 at 8:12 PM
It wouldn't change anything since somehow seems its only double in my trim area, your and shoey63 's ta confirms that there is no backup of that units in locked trim area so expected is no backup in unlocked too. Thanks guys anyway! If somebody want to risk device and flash reconstructed trim area pm me please!
 
Last edited:
yacloo

yacloo

Senior Member
Dec 13, 2010
261
140
73
İstanbul
Dec 6, 2016 at 8:31 PM
i can confirm my former z3 compact's backup have double 1046b but i am not sure both keys were located separately on primary and secondary partitions
i don't have much time to confirm location of keys :(
it's was never unlocked and it's dead anyway :D
 
  • Like
Reactions: p0kemon
p0kemon

p0kemon

Member
Nov 28, 2016
49
90
0
in oob of the nand memory
Dec 8, 2016 at 8:33 PM
I have done trimarea_tool (command line tool), and that tool nothing change in trim area dump other than unit headers (I have not implemented the rest of my tools since undocumented trim area is still undocumented and very risky is touching trim area, so I not included the rest, it will be public somedays when things gone fully tested), partition hashes and unused blocks, it cleans that 32323234 bytes and writes ffffffff instead and regenerates hashes, thats all by now. Unit data is the same. I have included ton of checks, for example if you try to modify your original ta dump, tool will not generate reconstructed trim area, if size is different, if trim area is not 0x200000 bytes long... and many more. Since we are at initial stage about trim area in general we can't know how safe is playing with trim area, @itsux is only one who flashed reconstructed trim area and reported no hard brick. I must notify you now with red words DO NOT FLASH IF YOU NO WANT TO RISK!!! THIS IS VERY DANGEROUS AND MAY HARD BRICK YOUR PHONE - MEANS KILL FOREVER!!! Use only if you have broken phone for example working phone with not working or broken screen and you no need that phone, don't flash on daily phone! Itsux is only one who tested on his Z3 phone which is with broken screen, I have modified his trim area the same way, he flashed back that trim area and reported here that his phone is not hard bricked. Again I don't know how safe things is so I am not responsible if tool kills your phone, use at your own risk!! But if you realy want to risk and probably kill your own phone please report what happened at least, it would help further development on this tool!

Download -> http://forum.xda-developers.com/crossdevice-dev/sony/dangerous-tool-trim-tool-t3516007/post70009868
 
Last edited:
  • Like
Reactions: serajr, istux, shoey63 and 4 others
istux

istux

Senior Member
Jun 26, 2012
1,448
1,473
0
Milano
Dec 9, 2016 at 10:37 AM
p0kemon said:
I have done trimarea_tool (command line tool), and that tool nothing change in trim area dump other than unit headers (I have not implemented the rest of my tools since undocumented trim area is still undocumented and very risky is touching trim area, so I not included the rest, it will be public somedays when things gone fully tested), partition hashes and unused blocks, it cleans that 32323234 bytes and writes ffffffff instead and regenerates hashes, thats all by now. Unit data is the same. I have included ton of checks, for example if you try to modify your original ta dump, tool will not generate reconstructed trim area, if size is different, if trim area is not 0x200000 bytes long... and many more. Since we are at initial stage about trim area in general we can't know how safe is playing with trim area, @itsux is only one who flashed reconstructed trim area and reported no hard brick. I must notify you now with red words DO NOT FLASH IF YOU NO WANT TO RISK!!! THIS IS VERY DANGEROUS AND MAY HARD BRICK YOUR PHONE - MEANS KILL FOREVER!!! Use only if you have broken phone for example working phone with not working or broken screen and you no need that phone, don't flash on daily phone! Itsux is only one who tested on his Z3 phone which is with broken screen, I have modified his trim area the same way, he flashed back that trim area and reported here that his phone is not hard bricked. Again I don't know how safe things is so I am not responsible if tool kills your phone, use at your own risk!! But if you realy want to risk and probably kill your own phone please report what happened at least, it would help further development on this tool!
Click to expand...
Actually I have a faulty motherboard, that's why I took the risk ;)
And I confirm it worked.
Dude, I think it's time you start your own thread in Sony Cross-Device General forum.
The project is good.
So, if you open a specific thread in a more general section, you have more chance to find some testers (with a Sony in the closet ready to be tortured :D) and maybe more developers who can help you.
Just a suggestion...
 
  • Like
Reactions: serajr and p0kemon
serajr

serajr

Recognized Developer / Recognized Themer
Apr 21, 2011
5,010
18,602
263
São Paulo - SP
Dec 9, 2016 at 5:37 PM
  • Like
Reactions: shoey63, p0kemon and [email protected]
serajr

serajr

Recognized Developer / Recognized Themer
Apr 21, 2011
5,010
18,602
263
São Paulo - SP
Dec 11, 2016 at 3:27 PM
Now that we have proper tool to perform backup of TA partition, "safe" root came true (unlocking device's bootloader), and original OP's dirtycow Debloat script became deprecated (IMO)!
I'm about to release a new Debloat script (as a new thread) which will remove unwanted system apps (will backup them firstly), which can free up by at least 2.4gb internal storage!
It will require recovery, or at least root! Stay tuned!!
 
Last edited:
  • Like
Reactions: baha76_s and [email protected]
K

KWOKSFUNG

Senior Member
May 15, 2013
1,049
137
0
Hong Kong
Dec 11, 2016 at 5:14 PM
serajr said:
Now that we have proper tool to perform backup of TA partition, "safe" root came true (unlocking device's bootloader), and original OP's dirtycow Debloat script became deprecated (IMO)!
I'm about to release a new Debloat script (as a new thread) which will remove unwanted system apps (will backup them firstly), which can free up by at least 2.4gb internal storage!
It will require recovery, or at least root! Stay tuned!!
Click to expand...
Can't wait for nougat Xperia Xposed from u!!
 
D

DannyWilde

Senior Member
Nov 1, 2016
105
15
0
Dec 12, 2016 at 11:42 AM
@p0kemon
I unlocked bootloader of my X compact via flashtool as you described in this tread.
I wanted to backup TA as I did with the z3 compact.
But i am not able to boot my x compact after unlocking. I am asked to enter password to start android. So i'm also not able to boot in to bootloader to flash recovery.
You got any idea what to do?
 
You must log in or register to reply here.

New posts

Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone