TA Backup for G814x only

[Macs1209]

If someone interested, just try this small tool:
Run from cmdline (according to sample image), connect device in flash mode, and wait a bit.
*binary* comes from device directly, *config* is in infile format if you want to know what is inside.

No virus / other foreign legionary inside :
https://www.virustotal.com/#/file/8...f13e2099bc9b5a1ddb487ad41cb3948144d/detection

Works on G814x, may work on other devices, but not before (and including) Z5 Premium.

 

[shadimar69]

How to fix DRM on XZP:

Step one: Collect Underpants.
Step two: Backup TA.
Step three: Profit.

But seriously, good luck to all testing this. Please report back!

 

[LukeyWolf]

No matter how unstable or chancy this may be (haven't tested, don't wanna risk it haha) it''s progress in this right direction and to the idiots that gave up in the bounty thread, having patience can pay off

 

[Macs1209]

Its working. If you don't want to try, don't do that. This is not violence, this only an option To make a drm fix, this could be a step forward.
It's NOT write anything to the device, so safe to try. I have only one G8142, tested, read working fine. On weekend, I'll work on full/partial restore.

Anyway, its not for personal profit, I just want to speed up a complete lossless root solution

 

[ponytojas]

Just tested, files have been created, and phone is working without any problem.
Hope someone could get DRM fix soon or at least a point to start with this tool.
Thanks a lot for the effort

 

[chesterr]

Mine just hangs on Checking S1 devices


Edit: Sorry Didn't read the part that need to connect FLASH MODE It backed up stuff.

 

[karrouma]

does it work with sony xz1 or should wait for next update

 

[Macs1209]

does it work with sony xz1 or should wait for next update

You can test is. It cannot write anything, at most cannot read anything.

BTW, this is NOT A RAW TA BACKUP, it backup what the phone give us. But I hope it contains any DRM related stuff
I hope someone will try it out who can understand what it read out, and can give us some feedback.

Anyway, unlocked my one, I love new green shots, but now I can attack from another way too. Looks like dd raw backup
a bit bigger, even its not fully filled

 

[gengi]

Very good work. It's because people like you that things get done.

 

[xrenoix]

HELLO !!! @Macs1209 PERFECT WORK BRO !!!
MY PHONE IS G8141 with windows 7 x64

E:\SONY\XPERIA XZ PREMIUM>dmsSonyTABackup.exe
Checking S1 devices
S1 interface found: \\?\USB#VID_0FCE&PID_B00B#5&1dd2df13&0&2#{a5dcbf10-6530-11d2
-901f-00c04fb951ed}
TA1 binary read ok, size: 139096, saved to E:\SONY\XPERIA XZ PREMIUM\MY IMEI_TA_1.binary.tab
- TA binary parsed, saved to E:\SONY\XPERIA XZ PREMIUM\MY IMEI_TA_1.confi
g.tab
TA2 binary read ok, size: 179230, saved to E:\SONY\XPERIA XZ PREMIUM\MY IMEI_TA_2.binary.tab
- TA binary parsed, saved to E:\SONY\XPERIA XZ PREMIUM\MY IMEI_TA_2.confi
g.tab

THANK YOU VERY VERY SO MUCH GOOD WORK

ps it 's possible change in TA.img or add restore ?

please help bro @munjeni

 

[Saadkhalid786]

No matter how unstable or chancy this may be (haven't tested, don't wanna risk it haha) it''s progress in this right direction and to the idiots that gave up in the bounty thread, having patience can pay off

There's a quote in Urdu "sabar ka phal meetha hota he" means that the fruit of patience is always sweet.

kudos to this guy. since S8 Snapdragon 835 version is now rooted. i hope we can get Root and Drm keys together sooner on our XZP

 

[LukeyWolf]

There's a quote in Urdu "sabar ka phal meetha hota he" means that the fruit of patience is always sweet.

kudos to this guy. since S8 Snapdragon 835 version is now rooted. i hope we can get Root and Drm keys together sooner on our XZP

Yep, a grest step in the correct direction, also I have to wait anyway haha as I only got my XZP 1 month ago with EE locked haha

 

[munjeni]

I can help reconstruct real TA.img!

Edit:
This tool doesn't backup drm key, I didn't see unit 66667. Without shake authentification I'm believing you can't backup secured units including that drm key unit. I'm still believing that drm key or unlock key is outside trim area, I even didn't see unit 0x8b2 from unlocked device trim area. https://github.com/munjeni/newflasher , can you show your's?
@the_laser , how that is possible that his tool reads some units like:

[67320]
size=2
data=9A 02
text=

[67321]
size=2
data=FA 01
text=

[67322]
size=2
data=3A 01
text=:

[67323]
size=2
data=1A 01
text=

 

[pbarrette]

This works on XZ1 Compact.

It produced 4 files:
[IMEI]_TA_1.binary.tab (146036 bytes)
[IMEI]_TA_1.config.tab (Text display of above)
[IMEI]_TA_2.binary.tab (183728 bytes)
[IMEI]_TA_2.config.tab (Text display of above)

EDIT: For reference, the XZ1c's TA partition is 2MB, so this tool is pulling < 1/4th of that partition.
I don't see 66667 or 8B2 either.

 

[Macs1209]

Thanks for responses. So now I need to focus on 66667 abnd 0x8B2.

BTW, "text=" lines for info only, to see is there any text inside, like imei, any sw part version, or log data.

Another question: is there any way to create a modem interface for this device? In the modem firmware part, there's
lot of AT commands, but without interface, I can't communicate with the baseband. On Samsung qualcomm devices,
I could reach lot of things via modem, same logs what are in the partial TA backup binaries. (also I killed one exynos
g925f by wrote something wrong to RF calibration.... )

 

[4rz0]

This works on XZ1 Compact.

It produced 4 files:
[IMEI]_TA_1.binary.tab (146036 bytes)
[IMEI]_TA_1.config.tab (Text display of above)
[IMEI]_TA_2.binary.tab (183728 bytes)
[IMEI]_TA_2.config.tab (Text display of above)

EDIT: For reference, the XZ1c's TA partition is 2MB, so this tool is pulling < 1/4th of that partition.
I don't see 66667 or 8B2 either.

The tool didn't find my XZ1c, tough I probably need some special drivers that I missed.

 

[yacloo]

Those files are s1 dump for Sony repair services
That provide device info, last Boot logs, installed firmware versions, baseband info, etc

Small parts of TA nothing important

 

[karrouma]

This works on XZ1 Compact.

It produced 4 files:
[IMEI]_TA_1.binary.tab (146036 bytes)
[IMEI]_TA_1.config.tab (Text display of above)
[IMEI]_TA_2.binary.tab (183728 bytes)
[IMEI]_TA_2.config.tab (Text display of above)

EDIT: For reference, the XZ1c's TA partition is 2MB, so this tool is pulling < 1/4th of that partition.
I don't see 66667 or 8B2 either.

@Macs1209
it is wirking in xz1 also

i got same 4 files
xzp xzc xz1 same drm and same oreo firmware family like xz and xzs

 

[munjeni]

EDIT: For reference, the XZ1c's TA partition is 2MB, so this tool is pulling < 1/4th of that partition.

Yes partition is 2mb but that not mean that it have 2mb of the data inside! So thats expected.

---------- Post added at 09:39 AM ---------- Previous post was at 09:38 AM ----------

https://github.com/munjeni/newflasher , can you show your's?

Another question: is there any way to create a modem interface for this device?

Yes, but waiting your reaply to my question first.

 

[Macs1209]

Yes partition is 2mb but that not mean that it have 2mb of the data inside! So thats expected.
---------- Post added at 09:39 AM ---------- Previous post was at 09:38 AM ----------

Yes, but waiting your reaply to my question first.

Checking S1 devices
S1 interface found: \\?\USB#VID_0FCE&PID_B00B#6&f44bfc6&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
 Response(BIN): SUCCESS: 104857600
 Response(HEX): SUCCESS: 31 30 34 38 35 37 36 30 30
Reading TA 1 / 2226
 Response(BIN): FAILED: Unable to read TA unit 2226, error=-22
 Response(HEX): FAILED: 55 6E 61 62 6C 65 20 74 6F 20 72 65 61 64 20 54 41 20 75 6E 69 74 20 32 32 32 36 2C 20 65 72 72 6F 72 3D 2D 32 32
Reading TA 2 / 2226
 Response(BIN): FAILED: Unable to read TA unit 2226, error=-22
 Response(HEX): FAILED: 55 6E 61 62 6C 65 20 74 6F 20 72 65 61 64 20 54 41 20 75 6E 69 74 20 32 32 32 36 2C 20 65 72 72 6F 72 3D 2D 32 32
Reading TA 1 / 66667
 Response(BIN): FAILED: Unable to read TA unit 66667, error=-22
 Response(HEX): FAILED: 55 6E 61 62 6C 65 20 74 6F 20 72 65 61 64 20 54 41 20 75 6E 69 74 20 36 36 36 36 37 2C 20 65 72 72 6F 72 3D 2D 32 32
Reading TA 2 / 66667
 Response(BIN): FAILED: Command not authenticated
 Response(HEX): FAILED: 43 6F 6D 6D 61 6E 64 20 6E 6F 74 20 61 75 74 68 65 6E 74 69 63 61 74 65 64
Done

Sadly not. 2/66667 looks like needs some authentication, but after it possible to read
(I already unlocked this device, so error-22 can mean TA ID not exists (anymore) too)