Sony credentials restore after unlocking the bootloader

Search This thread

tobias.waldvogel

Senior Member
Nov 2, 2006
430
1,126
This is outdated and not maintained anymore. Please this new tool instead

Most of us have decided to unlock the bootloader as there is no root or xposed without it.

But as you may have noticed this wipes the masterkey in TA unit 66667 and will make all Sony credentials inaccesible. As a consequence a lot of functionality is lost, e.g x-reality, Sony application updates etc.
Here is a solution to simulate the credentials again. There is no way to recover your lost key, but we can simulate them. Just flash the attached zip via TWRP, that's all.

This is solution is for all Z5 models (Z5 compact, Z5 , Z5 Premium, and the dual models of course)
Have fun :D
 

Attachments

  • drmrestore.zip
    20 KB · Views: 25,681
Last edited:

xirt0n

Senior Member
Jan 9, 2016
152
25
Most of us have decided to unlock the bootloader as there is no root or xposed without it.

But as you may have noticed this wipes the masterkey in TA unit 66667 and will make all Sony credentials inaccesible. As a consequence a lot of functionality is lost, e.g x-reality, Sony application updates etc.
Here is a solution to simulate the credentials again. There is no way to recover your lost key, but we can simulate them. Just flash the attached zip via TWRP, that's all.

This is solution is for all Z5 models (Z5 compact, Z5 , Z5 Premium, and the dual models of course)
Have fun :D

I can say that I have tested this on Xperia Z5 Premium, and when I view the sample photos that came with the phone I can now clearly see the image quality scale up just like before I unlocked bootloader!

Thanks ALOT Tobias, you're the man!


EDIT: Below I have included my experiences from the original thread where this was posted, and I will continue to update it if I feel necessary!

Testing right now on Z5P, will report back!


EDIT: First test: I went into album and viewed the sample photos that came with the phone. I can now se a clear change in the image quality, just like before unlocking bootloader! Going to do some camera tests now!

EDIT2: My camera app will not start, stating it is already in use or the flashlight is. Will try to install camera 2.0 then see what happens.
Camera keeps crashing, and will not start :S

EDIT3: Now suddenly there were several updates available on the "Whats new" app! Will post a screenshot soon!


EDIT4: I installed a 3rd party camera app (CyanogenOS Camera) and the pictures are noticeably better than before this fix! I think I can say its back to the quality it was before unlocking bootloader!
In the meantime I discovered that my 32gb sd card is now almost full, with only 2gb left. Are there any large files that twrp creates other than the backup files everytime I flash a rom or something?
Is there anything I can safely delete here?


EDIT5: After some more camera testing and comparing pictures with my lumia 1020 and my galaxy s6 I can say that in my eyes the picture quality is back to its original state.


 
Last edited:

gamer649

Senior Member
Feb 8, 2013
1,326
594
So just flash this in recovery on an unlocked bootloader and we are done? Or am I missing something?
I haven't unlocked my bootloader as of yet but I'm tempted to now.
 

CLShortFuse

Retired Recognized Developer
Feb 28, 2007
684
942
Most of us have decided to unlock the bootloader as there is no root or xposed without it.

But as you may have noticed this wipes the masterkey in TA unit 66667 and will make all Sony credentials inaccesible. As a consequence a lot of functionality is lost, e.g x-reality, Sony application updates etc.
Here is a solution to simulate the credentials again. There is no way to recover your lost key, but we can simulate them. Just flash the attached zip via TWRP, that's all.

This is solution is for all Z5 models (Z5 compact, Z5 , Z5 Premium, and the dual models of course)
Have fun :D
I've read reports of Sony's Camera app not working after using this. Can you confirm if the TA partition only had DRM keys and not also some camera algorithms? If they did, can we use get those as well?
 

xirt0n

Senior Member
Jan 9, 2016
152
25
I've read reports of Sony's Camera app not working after using this. Can you confirm if the TA partition only had DRM keys and not also some camera algorithms? If they did, can we use get those as well?

I assume you are refering to my experiences with this fix.
Although the sony camera app for some reason stopped working after this, I can still use all my other apps that include the use of the camera without problems, like snapchat or the Cyanogen Camera which when I take pictures with and compare them to the pictures taken before the DRM restore, I can clearly see that the picture quality is now back!
 

CLShortFuse

Retired Recognized Developer
Feb 28, 2007
684
942
I assume you are refering to my experiences with this fix.
Although the sony camera app for some reason stopped working after this, I can still use all my other apps that include the use of the camera without problems, like snapchat or the Cyanogen Camera which when I take pictures with and compare them to the pictures taken before the DRM restore, I can clearly see that the picture quality is now back!

Actually, CyanogenOS Camera has it's own postprocesssing, so you aren't using Sony's. It's just an alternative. I still want to know if it's possible to get the Sony algorithms back and/or use Sony's Camera app.
 

xirt0n

Senior Member
Jan 9, 2016
152
25
Actually, CyanogenOS Camera has it's own postprocesssing, so you aren't using Sony's. It's just an alternative. I still want to know if it's possible to get the Sony algorithms back and/or use Sony's Camera app.

Oh, I didnt know that, I thought it was just the app that looked different if you know what I mean?
 

TheEndHK

Senior Member
Apr 25, 2011
2,667
808
Tobias, awesome work.

I wonder, how likely do you think it is that Sony will be able to patch this exploit in the Marshmallow update?

Sent from my E6653 using Tapatalk

My first idea is also think that he should keep it secret until 6.0 out..... (maybe he should delete all files now until 6.0)

---------- Post added at 11:03 AM ---------- Previous post was at 10:57 AM ----------

I assume you are refering to my experiences with this fix.
Although the sony camera app for some reason stopped working after this, I can still use all my other apps that include the use of the camera without problems, like snapchat or the Cyanogen Camera which when I take pictures with and compare them to the pictures taken before the DRM restore, I can clearly see that the picture quality is now back!

I've just flashed the patch and my sony camera 2.0 is working. I guess you installed xposed which conflicted with camera 1.0, you'll need to deodex it or upgrade to camera 2.0 via What's New.

EDIT: I just tested Sony camera 2.0 to shoot with real high 3200iso indoor and no color noise there, confirmed this patch restored Sony low-light denoise algorithms.
 
Last edited:

TheEndHK

Senior Member
Apr 25, 2011
2,667
808
Actually, CyanogenOS Camera has it's own postprocesssing, so you aren't using Sony's. It's just an alternative. I still want to know if it's possible to get the Sony algorithms back and/or use Sony's Camera app.

I just tested CyanogenOS Camera. I think it actually make use of Sony engine, not to mention it works with 23MP/20MP mode and it also access all scenes mode in Sony camera just acting like a stock camera. Tried to shoot at indoor low-light, no color noise been found, I think the DRM patch is working good with CyanogenOS camera.
 

tobias.waldvogel

Senior Member
Nov 2, 2006
430
1,126
Tobias, awesome work.

I wonder, how likely do you think it is that Sony will be able to patch this exploit in the Marshmallow update?

Sent from my E6653 using Tapatalk

I did over 2 weeks research in order to understand the whole mechanism and I have to admit that thre Sony security team did a pretty good job.
Anyway as I have a Z5 dual myself you can count on that I will make it work with Marshmallow. ;)
 

xirt0n

Senior Member
Jan 9, 2016
152
25
My first idea is also think that he should keep it secret until 6.0 out..... (maybe he should delete all files now until 6.0)

---------- Post added at 11:03 AM ---------- Previous post was at 10:57 AM ----------



I've just flashed the patch and my sony camera 2.0 is working. I guess you installed xposed which conflicted with camera 1.0, you'll need to deodex it or upgrade to camera 2.0 via What's New.

EDIT: I just tested Sony camera 2.0 to shoot with real high 3200iso indoor and no color noise there, confirmed this patch restored Sony low-light denoise algorithms.


But I already had xposed installed before this, and the camera was working fine. Also I am on a deodexed rom (RomAur).
Updated camera throught What's New, still nothing.


Need help please :p
 

Barthlon

Senior Member
Oct 30, 2008
636
225
ehhh, i can't test because i'm not rooted (yet), but if this really works you are officially THE man! and i think you can start a campaign to claim the bounty that is out there. i know i would pay up my part!

that is, if it works (and keeps working on marshmallow) ;)
 

Top Liked Posts

  • There are no posts matching your filters.
  • 152
    This is outdated and not maintained anymore. Please this new tool instead

    Most of us have decided to unlock the bootloader as there is no root or xposed without it.

    But as you may have noticed this wipes the masterkey in TA unit 66667 and will make all Sony credentials inaccesible. As a consequence a lot of functionality is lost, e.g x-reality, Sony application updates etc.
    Here is a solution to simulate the credentials again. There is no way to recover your lost key, but we can simulate them. Just flash the attached zip via TWRP, that's all.

    This is solution is for all Z5 models (Z5 compact, Z5 , Z5 Premium, and the dual models of course)
    Have fun :D
    19
    however likely that is in helping (if sony wants to understand how your patch works they will probably manage to do that without the sourcecode), there probably are enough people (me included) that are not comfortable with running untrusted programs on their phone (which has access to basically everything) and not even theoretically being able to review the sourcecode.
    for less advanced users, this atleast assures that other people that are more knowledgeable have looked through the code.

    Well, I am afraid you have to trust me on this or decide not to use it. Anyway if I would publish the source theoretically I could still deliver a different binay.
    I did this hack just for me in the first place because I wanted to get back what I paid for. As other people are probably interested in this as well I decided to publish it, that's all.
    17
    Tobias, awesome work.

    I wonder, how likely do you think it is that Sony will be able to patch this exploit in the Marshmallow update?

    Sent from my E6653 using Tapatalk

    I did over 2 weeks research in order to understand the whole mechanism and I have to admit that thre Sony security team did a pretty good job.
    Anyway as I have a Z5 dual myself you can count on that I will make it work with Marshmallow. ;)
    13
    Can you publish the sources for your patch on github?
    I think it is better not to publish it in order to increase the chances that it will continue to work in future versions

    Gesendet von meinem E6683 mit Tapatalk
    6
    Most of us have decided to unlock the bootloader as there is no root or xposed without it.

    But as you may have noticed this wipes the masterkey in TA unit 66667 and will make all Sony credentials inaccesible. As a consequence a lot of functionality is lost, e.g x-reality, Sony application updates etc.
    Here is a solution to simulate the credentials again. There is no way to recover your lost key, but we can simulate them. Just flash the attached zip via TWRP, that's all.

    This is solution is for all Z5 models (Z5 compact, Z5 , Z5 Premium, and the dual models of course)
    Have fun :D

    I can say that I have tested this on Xperia Z5 Premium, and when I view the sample photos that came with the phone I can now clearly see the image quality scale up just like before I unlocked bootloader!

    Thanks ALOT Tobias, you're the man!


    EDIT: Below I have included my experiences from the original thread where this was posted, and I will continue to update it if I feel necessary!

    Testing right now on Z5P, will report back!


    EDIT: First test: I went into album and viewed the sample photos that came with the phone. I can now se a clear change in the image quality, just like before unlocking bootloader! Going to do some camera tests now!

    EDIT2: My camera app will not start, stating it is already in use or the flashlight is. Will try to install camera 2.0 then see what happens.
    Camera keeps crashing, and will not start :S

    EDIT3: Now suddenly there were several updates available on the "Whats new" app! Will post a screenshot soon!


    EDIT4: I installed a 3rd party camera app (CyanogenOS Camera) and the pictures are noticeably better than before this fix! I think I can say its back to the quality it was before unlocking bootloader!
    In the meantime I discovered that my 32gb sd card is now almost full, with only 2gb left. Are there any large files that twrp creates other than the backup files everytime I flash a rom or something?
    Is there anything I can safely delete here?


    EDIT5: After some more camera testing and comparing pictures with my lumia 1020 and my galaxy s6 I can say that in my eyes the picture quality is back to its original state.


Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone