Official Sony Xperia XZ Premium Root+DRM Backup/Restore Bounty Thread

[leijonasisu]

OFFICIAL SONY XPERIA XZ PREMIUM ROOT & DRM BACKUP/RESTORE BOUNTY​

Thanks for visiting the thread. Root bounties have been incredibly successful in creating traction from community members towards finding root methods in many brands of phones in the past.

What is a 'root & DRM bounty?'

A root bounty is a sum of money that people pledge to donate to any person who can find a way to root a specific device and firmware. Currently our bounty differs a little because of the specific firmware format for Sony Xperia phones. When rooting the device the device's saved DRM keys are wiped. Amongst other issues this causes a loss of functionality to the device camera that renders it mostly useless. As such a lot of people are apprehensive in rooting the device until a DRM backup and restore method is achieved.

Can the XZP be rooted?

Currently yes it can, however this method does not allow the DRM keys to be saved and restored. People who have currently rooted their Xperia XZ Premium phones will probably never have a way to restore the original DRM keys. For those of us who have opted not to root our XZP phones yet, there is still the option of waiting until we can back up the keys before they are wiped, and then restore them after the rooting process.

What do I need to do in order to qualify for the bounty amount?

You need to release a root method that allows the TA partition which contains sensitive information including the DRM keys, to be backed up (before) and restored (after) the root process. Thus preserving the original Camera functionality. The first person who creates such a method will receive the bounty. Either this, or you come up with an entirely different way that still is confirmed to work.

How much is the bounty?

See below.

__________________________________________________

Bounty total: $695

misi444 - $100
charlatan01 - $50
unbaix - $50
ishemes - $50
SyLvEsTeR20007 - $40
AJHutchinson - $35
monsterjamp - $35
iKlutz - $35
dazza9075 - $35
Corgism - $25
the_brad - $25
GeramanX - $20
aquaboy11 - $20
chesterr - $20
arjun.arora - $20
预谋时间 - $20
karrouma - $20
ameel - $20
serajr - $20
gauthamsv - $20
bahkata - $20
will0n - $15
Charos87 - $10
ryanz999 - $10
​

Updated: 03/10 @ 2pm EST

 

[charlatan01]

I'll add 50.

 

[the_brad]

Count me in with €25

 

[karrouma]

me too i will donate

 

[sToRm//]

I am currently working on a DRM fix for XZP. With a little bit luck, I will get this done. But it's really hard to find a good way.

 

[aquaboy11]

I'll pledge 20 euros.

 

[chesterr]

$20 from me

 

[_LLJY]

Not sure if this is allowed any more but I'm going to try for it anyway.

We had a bounty thread for many other phones for root and other options etc.

I'll personally donate €100 to whoever can successfully provide a method to root the Sony Xperia XZ Premium, that also allows the backup/restore of the original DRM keys so the camera functionality is not lost.

If not against the rules. Other members can add their bounties here too and I'll keep the first post updated.

Whoever ends up doing this, feel free to send me a PM so I can make the donation after confirming

_____________________________________________________

Bounty total: €100

Leijonasisu - €100

Hi, I don't think you guys would ever see this, or at least anytime soon.

Why? Android is getting increasingly secure and it's progressively getting harder and harder to backup TA keys.

If a breach is found and people manage to backup their keys, it's a massive security risk and poses a threat to many users out there, by right even when root is attained, hackers shouldn't be able to do much(Sony-RIC + SElinux) even the dirty cow exploit was a pain in the ass to figure out(search up the thread, the developers have a good explanation on how it works)

TA key workarounds for camera and such may be possible however.

So, will you guys eventually get a backup solution? Maybe. But it will be a long time till then. I hope my input can shine some light on the situation and why you guys don't have a backup solution.
Enjoy your device's and have a good day.

 

[arjun.arora]

I'm in with 20 dollars.

 

[munjeni]

Hey, I have done some analyse month ago, have no device to try anything more but thing which I found related to drm and unlock key from an unlocked trim area dump of the xzp... I found that unlock key unit which is unit which always get's created to trim area when device gets unlocked. These thing exists only on pre xzp models but on xzp I found unlock key unit is no more in trim area! Don't own phone to make an direct emmc dump for analyse but unlock key unit definitelly is outside of trim area! Probably booth things (drm key + unlock key) is out of trim area!

Edit:
Anybody have idea where is loader stored on xzp, its not in emmc? Probably inside an storage for example in an 8 pin chip? Another thing which I found, anybody saw xfl_X_BOOT_MSM8998_LA1_1_N_59_A.mbn ??? Its signed boot image, found it inside bootloader_X_BOOT_MSM8998_LA1_1_N_59_A_X-FLASH-ALL-42E5.sin , maybe you can try boot it with fastboot?

 

[brockyneo]

Hey, I have done some analyse month ago, have no device to try anything more but thing which I found related to drm and unlock key from an unlocked trim area dump of the xzp... I found that unlock key unit which is unit which always get's created to trim area when device gets unlocked. These thing exists only on pre xzp models but on xzp I found unlock key unit is no more in trim area! Don't own phone to make an direct emmc dump for analyse but unlock key unit definitelly is outside of trim area! Probably booth things (drm key + unlock key) is out of trim area!

Edit:
Anybody have idea where is loader stored on xzp, its not in emmc? Probably inside an storage for example in an 8 pin chip? Another thing which I found, anybody saw xfl_X_BOOT_MSM8998_LA1_1_N_59_A.mbn ??? Its signed boot image, found it inside bootloader_X_BOOT_MSM8998_LA1_1_N_59_A_X-FLASH-ALL-42E5.sin , maybe you can try boot it with fastboot?

I'm on boot loader unlock allowed no so does this mean I'll never be able to get root and backup my TA?

Thanks

 

[FartyParty]

I'm on boot loader unlock allowed no so does this mean I'll never be able to get root and backup my TA?

Thanks

You won't be able to get root nope.

 

[munjeni]

I'm on boot loader unlock allowed no so does this mean I'll never be able to get root and backup my TA?

Thanks

These days getting root is not a easy job, but CVE's is still present since kernel is not a bug free, always new CVE is coming on, hope somebody find an CVE which will give you root chance. Definitelly you can get root, just wait! But thing which you definitely can't get is bootloader unlock, so don't try to unlock your bootloader since that's not possible.

 

[munjeni]

Making bootloader unlock allowed NO to YES is possible if you go to the sony oficial centre and reguest it, see explanation about whats going on http://sony.yt/topic/7680-bootloader-unlock-allowed-status-no-to-yes/

Edit:
Forgot something... You are the owner of the phone, you paid for the phone, and it is your right to ask to become the full owner of your phone, right?

 

[brockyneo]

Making bootloader unlock allowed NO to YES is possible if you go to the sony oficial centre and reguest it, see explanation about whats going on http://sony.yt/topic/7680-bootloader-unlock-allowed-status-no-to-yes/

Edit:
Forgot something... You are the owner of the phone, you paid for the phone, and it is your right to ask to become the full owner of your phone, right?

lol ww can only hope but i dont think ive read a single case where someone has been able to get it changed from unlock allowed NO to YES :victory:

thanks and hope one day we will be able too

 

[预谋时间]

20$

 

[ishemes]

I'll donate $50.

 

[serajr]

I don't own this device, but thinking about on newer xperias (XZ1 and and onwards), I'm in with 20U$

 

[gauthamsv]

I'll pledge $20

 

[leijonasisu]

Updated first post, added the additional bounties offered by generous members here to the total.

I hope we can get this to happen ASAP, this is a fantastic phone and I am sure that a method to backup the DRM keys would also be workable on other new models before a patch.