temp root for drm keys backup - anybody still interested?

[greatpatel007]

Thanks.

Tools to backup TA partition before bootloader unlock have been released.
Just check the [XZ1c/XZ1/XZp] temp root exploit to backup drm keys implemented thread.

Downloading the firmware. Will Update you with confirmation asap.
Update1: You need to be patient as it takes a long time sometimes. I had 7 reboots before it achieved the temp root.
Update2: Temp Root done. TA backup done.
Update3: Camera still doesnt work neither the X-reality or Clearaudio/Xloud

secd-ignore-unlock.zip has error in it as I guess you forget to write 'vendor' in mount() command. screenshot is attached.

Service menu shows: Security status: Live

 

[Almar033]

You should post your results on the XZ1c forum as J4nn asked for, including other phones.

 

[greatpatel007]

--deleted--

 

[j4nn]

Downloading the firmware. Will Update you with confirmation asap.
Update1: You need to be patient as it takes a long time sometimes. I had 7 reboots before it achieved the temp root.
Update2: Temp Root done. TA backup done.
Update3: Camera still doesnt work neither the X-reality or Clearaudio/Xloud

secd-ignore-unlock.zip has error in it as I guess you forget to write 'vendor' in mount() command. screenshot is attached.

Service menu shows: Security status: Live

Please do not flash the secd on XZ Premium. That is only for XZ1 Compact. It may possibly work with XZ1. But not with XZ Premium (there is also a note about that in the howto).
In any case - did you also restore TA from TA-locked.img backup, after unlocking the phone with sony procedure?
If not, it is obvious that camera would not work.
As mentioned in the howto, after unlocking, you need to temp root again and restore the TA from backup before unlock (TA-locked.img).

 

[greatpatel007]

Please do not flash the secd on XZ Premium. That is only for XZ1 Compact. It may possibly work with XZ1. But not with XZ Premium (there is also a note about that in the howto).
In any case - did you also restore TA from TA-locked.img backup, after unlocking the phone with sony procedure?
If not, it is obvious that camera would not work.
As mentioned in the howto, after unlocking, you need to temp root again and restore the TA from backup before unlock (TA-locked.img).

Yes I did restored the locked TA as well, but camera still takes green picture and other functions doesn't work. I can use the janjan's kernel and get it fixed (Tried and working) so not a big deal for now.

 

[j4nn]

Yes I did restored the locked TA as well, but camera still takes green picture and other functions doesn't work. I can use the janjan's kernel and get it fixed (Tried and working) so not a big deal for now.

Could you please flash back the firmware used for the exploit?
Then try to get temp root, restore the TA-locked.img backup, reboot, temp root again and make another TA backup (TA-after-restore.img).
Then please send me all the 3 TA images: locked, unlocked, after-restore.
I would like to check the presence of device master key in all the 3 states of the TA.
There is a possibility, that xzp repeatedly removes the device master key if it detects unlocked bootloader.
That is not a case like that with xz1c.
Thanks.

 

[greatpatel007]

Could you please flash back the firmware used for the exploit?
Then try to get temp root, restore the TA-locked.img backup, reboot, temp root again and make another TA backup (TA-after-restore.img).
Then please send me all the 3 TA images: locked, unlocked, after-restore.
I would like to check the presence of device master key in all the 3 states of the TA.
There is a possibility, that xzp repeatedly removes the device master key if it detects unlocked bootloader.
That is not a case like that with xz1c.
Thanks.

I will do it as soon as I reach home tomorrow. My DRM info viewer shows widevine L1 as active with 4k Support also the clearkey cdm and OMA forward lock is active as well.

Ps: I'm still using exploitable firmware. I haven't upgraded to newer.

 

[j4nn]

I will do it as soon as I reach home tomorrow. My DRM info viewer shows widevine L1 as active with 4k Support also the clearkey cdm and OMA forward lock is active as well.
Ps: I'm still using exploitable firmware. I haven't upgraded to newer.

btw, what is that app you use to view info about drm keys? looks interesting...

 

[j4nn]

Update1: You need to be patient as it takes a long time sometimes. I had 7 reboots before it achieved the temp root.
Update2: Temp Root done. TA backup done.

A good thing about this is that the temp root eventually worked, on a device which I could not test the exploit on.
Was it a XZ Premium device?

 

[greencartim]

btw, what is that app you use to view info about drm keys? looks interesting...

I believe this is the app he is using: https://play.google.com/store/apps/details?id=cpx.trunks.phoneinfo

I'm getting this phone in a couple of days. It's going to be brand new never been updated. So I be able to test things as long as it doesn't brick the phone

 

[greatpatel007]

A good thing about this is that the temp root eventually worked, on a device which I could not test the exploit on.
Was it a XZ Premium device?

https://play.google.com/store/apps/details?id=com.androidfung.drminfo

Yes it is XZ Premium Dual (G8142)

Interestingly, if I use snapchat to take pictures than everything works fine other than that evry camera app gives me green picture

 

[LinFan]

XZ premium TA partition

--- edit 2018-11-03 ---
Tools to backup TA partition before bootloader unlock have been released.
Just check the [XZ1c/XZ1/XZp] temp root exploit to backup drm keys implemented thread.
---

Just wondering if there is already drm keys backup procedure for XZ Premium and if not, if there is still some interest to get it done.
I am getting very close with this task with my XZ1 Compact, so just wondering, if I should try to make the exploit compatible also with xzp - i.e. if there is still some interest or not.
The effort to do such thing is not marginal and obviously I cannot test it not having xzp device.
You may check my xz1c thread here: [DEVONLY][XZ1c] exploits for temp root to backup drm keys development

Hello

I got it working on the 235 fw. I haven't unlocked my phone yet to test it but I definitely have the TA-locked.img stored on my computer.

Thank you very much

I got temp root access after a few reboots and the exploit itself took around 15min with over 10k events

 

[greatpatel007]

Hello

I got it working on the 235 fw. I haven't unlocked my phone yet to test it but I definitely have the TA-locked.img stored on my computer.

Thank you very much

I got temp root access after a few reboots and the exploit itself took around 15min with over 10k events

Hi,
can you share me the locked TA file to check cross device DRM swap. ?
You can also DM the link.

Thanks

 

[j4nn]

Could you please flash back the firmware used for the exploit?
Then try to get temp root, restore the TA-locked.img backup, reboot, temp root again and make another TA backup (TA-after-restore.img).
Then please send me all the 3 TA images: locked, unlocked, after-restore.
I would like to check the presence of device master key in all the 3 states of the TA.
There is a possibility, that xzp repeatedly removes the device master key if it detects unlocked bootloader.
That is not a case like that with xz1c.
Thanks.

I will do it as soon as I reach home tomorrow. My DRM info viewer shows widevine L1 as active with 4k Support also the clearkey cdm and OMA forward lock is active as well.
Ps: I'm still using exploitable firmware. I haven't upgraded to newer.

@greatpatel007, could you please send me the 3 TA images as described above?
Thanks.

 

[j4nn]

I got it working on the 235 fw. I haven't unlocked my phone yet to test it but I definitely have the TA-locked.img stored on my computer.
I got temp root access after a few reboots and the exploit itself took around 15min with over 10k events

Please provide more details - there is no 235 fw, which device do you have - xzp or xzp dual?

 

[Beetle84]

Please provide more details - there is no 235 fw, which device do you have - xzp or xzp dual?

There is 235 firmware for xzp and xzp dual

 

[j4nn]

There is 235 firmware for xzp and xzp dual

Do you mean he tested it with other firmware than provided links with the exploit?
Well, it might have worked, if the kernels are binary the same in those different fw versions, still how could he know if it would work?
Trying blindly?
Anyway, please be more specific. If tried with different than supported fw, provide full version number and exact phone model number.
Thanks.

 

[Beetle84]

Do you mean he tested it with other firmware than provided links with the exploit?
Well, it might have worked, if the kernels are binary the same in those different fw versions, still how could he know if it would work?
Trying blindly?
Anyway, please be more specific. If tried with different than supported fw, provide full version number and exact phone model number.
Thanks.

Q1: dont know
Q2/3: dont know/ its xda - no one reads instructions anymore :silly:

Good luck with it though, unlocked my boot loader the day storms fix released so i cant help you really but i wish you well.

 

[greatpatel007]

@greatpatel007, could you please send me the 3 TA images as described above?
Thanks.

Sorry for the delay as Its Diwali/New Year time in India so I was busy with all festival things.
Here are the files. The password is in your PM.

Huge Success. Everything is still on the stock exploitable firmware. nothing has been changed or tempered.

BTW I have restored the locked TA file for one more time and now everything is working including Camera + Xloud/Clear Audio + X-reality video enhancements + Bravia engine and other DRM functions as well.

 

[steso90]

Worked on My xz premium singel sim. What info would you like to have? @j4nn