temp root for drm keys backup - anybody still interested?

greatpatel007

Senior Member
Aug 31, 2010
81
56
0
Anand
Thanks.

Tools to backup TA partition before bootloader unlock have been released.
Just check the [XZ1c/XZ1/XZp] temp root exploit to backup drm keys implemented thread.
Downloading the firmware. Will Update you with confirmation asap.
Update1: You need to be patient as it takes a long time sometimes. I had 7 reboots before it achieved the temp root.
Update2: Temp Root done. TA backup done.
Update3: Camera still doesnt work neither the X-reality or Clearaudio/Xloud

secd-ignore-unlock.zip has error in it as I guess you forget to write 'vendor' in mount() command. screenshot is attached.

Service menu shows: Security status: Live
 

Attachments

Last edited:
  • Like
Reactions: j4nn

j4nn

Recognized Developer
Jan 4, 2012
1,204
2,326
0
Downloading the firmware. Will Update you with confirmation asap.
Update1: You need to be patient as it takes a long time sometimes. I had 7 reboots before it achieved the temp root.
Update2: Temp Root done. TA backup done.
Update3: Camera still doesnt work neither the X-reality or Clearaudio/Xloud

secd-ignore-unlock.zip has error in it as I guess you forget to write 'vendor' in mount() command. screenshot is attached.

Service menu shows: Security status: Live
Please do not flash the secd on XZ Premium. That is only for XZ1 Compact. It may possibly work with XZ1. But not with XZ Premium (there is also a note about that in the howto).
In any case - did you also restore TA from TA-locked.img backup, after unlocking the phone with sony procedure?
If not, it is obvious that camera would not work.
As mentioned in the howto, after unlocking, you need to temp root again and restore the TA from backup before unlock (TA-locked.img).
 

greatpatel007

Senior Member
Aug 31, 2010
81
56
0
Anand
Please do not flash the secd on XZ Premium. That is only for XZ1 Compact. It may possibly work with XZ1. But not with XZ Premium (there is also a note about that in the howto).
In any case - did you also restore TA from TA-locked.img backup, after unlocking the phone with sony procedure?
If not, it is obvious that camera would not work.
As mentioned in the howto, after unlocking, you need to temp root again and restore the TA from backup before unlock (TA-locked.img).

Yes I did restored the locked TA as well, but camera still takes green picture and other functions doesn't work. I can use the janjan's kernel and get it fixed (Tried and working) so not a big deal for now.
 

j4nn

Recognized Developer
Jan 4, 2012
1,204
2,326
0
Yes I did restored the locked TA as well, but camera still takes green picture and other functions doesn't work. I can use the janjan's kernel and get it fixed (Tried and working) so not a big deal for now.
Could you please flash back the firmware used for the exploit?
Then try to get temp root, restore the TA-locked.img backup, reboot, temp root again and make another TA backup (TA-after-restore.img).
Then please send me all the 3 TA images: locked, unlocked, after-restore.
I would like to check the presence of device master key in all the 3 states of the TA.
There is a possibility, that xzp repeatedly removes the device master key if it detects unlocked bootloader.
That is not a case like that with xz1c.
Thanks.
 

greatpatel007

Senior Member
Aug 31, 2010
81
56
0
Anand
Could you please flash back the firmware used for the exploit?
Then try to get temp root, restore the TA-locked.img backup, reboot, temp root again and make another TA backup (TA-after-restore.img).
Then please send me all the 3 TA images: locked, unlocked, after-restore.
I would like to check the presence of device master key in all the 3 states of the TA.
There is a possibility, that xzp repeatedly removes the device master key if it detects unlocked bootloader.
That is not a case like that with xz1c.
Thanks.
I will do it as soon as I reach home tomorrow. My DRM info viewer shows widevine L1 as active with 4k Support also the clearkey cdm and OMA forward lock is active as well.

Ps: I'm still using exploitable firmware. I haven't upgraded to newer.
 
Last edited:

j4nn

Recognized Developer
Jan 4, 2012
1,204
2,326
0
I will do it as soon as I reach home tomorrow. My DRM info viewer shows widevine L1 as active with 4k Support also the clearkey cdm and OMA forward lock is active as well.
Ps: I'm still using exploitable firmware. I haven't upgraded to newer.
btw, what is that app you use to view info about drm keys? looks interesting...
 

j4nn

Recognized Developer
Jan 4, 2012
1,204
2,326
0
Update1: You need to be patient as it takes a long time sometimes. I had 7 reboots before it achieved the temp root.
Update2: Temp Root done. TA backup done.
A good thing about this is that the temp root eventually worked, on a device which I could not test the exploit on.
Was it a XZ Premium device?
 

greatpatel007

Senior Member
Aug 31, 2010
81
56
0
Anand
Last edited:
  • Like
Reactions: j4nn

LinFan

Member
May 22, 2018
6
2
0
XZ premium TA partition

--- edit 2018-11-03 ---
Tools to backup TA partition before bootloader unlock have been released.
Just check the [XZ1c/XZ1/XZp] temp root exploit to backup drm keys implemented thread.
---

Just wondering if there is already drm keys backup procedure for XZ Premium and if not, if there is still some interest to get it done.
I am getting very close with this task with my XZ1 Compact, so just wondering, if I should try to make the exploit compatible also with xzp - i.e. if there is still some interest or not.
The effort to do such thing is not marginal and obviously I cannot test it not having xzp device.
You may check my xz1c thread here: [DEVONLY][XZ1c] exploits for temp root to backup drm keys development
Hello

I got it working on the 235 fw. I haven't unlocked my phone yet to test it but I definitely have the TA-locked.img stored on my computer.

Thank you very much :D

I got temp root access after a few reboots and the exploit itself took around 15min with over 10k events
 
  • Like
Reactions: j4nn

greatpatel007

Senior Member
Aug 31, 2010
81
56
0
Anand
Hello

I got it working on the 235 fw. I haven't unlocked my phone yet to test it but I definitely have the TA-locked.img stored on my computer.

Thank you very much :D

I got temp root access after a few reboots and the exploit itself took around 15min with over 10k events
Hi,
can you share me the locked TA file to check cross device DRM swap. ?
You can also DM the link.

Thanks
 

j4nn

Recognized Developer
Jan 4, 2012
1,204
2,326
0
Could you please flash back the firmware used for the exploit?
Then try to get temp root, restore the TA-locked.img backup, reboot, temp root again and make another TA backup (TA-after-restore.img).
Then please send me all the 3 TA images: locked, unlocked, after-restore.
I would like to check the presence of device master key in all the 3 states of the TA.
There is a possibility, that xzp repeatedly removes the device master key if it detects unlocked bootloader.
That is not a case like that with xz1c.
Thanks.
I will do it as soon as I reach home tomorrow. My DRM info viewer shows widevine L1 as active with 4k Support also the clearkey cdm and OMA forward lock is active as well.
Ps: I'm still using exploitable firmware. I haven't upgraded to newer.
@greatpatel007, could you please send me the 3 TA images as described above?
Thanks.
 

j4nn

Recognized Developer
Jan 4, 2012
1,204
2,326
0
I got it working on the 235 fw. I haven't unlocked my phone yet to test it but I definitely have the TA-locked.img stored on my computer.
I got temp root access after a few reboots and the exploit itself took around 15min with over 10k events
Please provide more details - there is no 235 fw, which device do you have - xzp or xzp dual?
 

j4nn

Recognized Developer
Jan 4, 2012
1,204
2,326
0
There is 235 firmware for xzp and xzp dual
Do you mean he tested it with other firmware than provided links with the exploit?
Well, it might have worked, if the kernels are binary the same in those different fw versions, still how could he know if it would work?
Trying blindly?
Anyway, please be more specific. If tried with different than supported fw, provide full version number and exact phone model number.
Thanks.
 

Beetle84

Recognized Contributor
Oct 24, 2013
2,270
1,261
183
Hervey Bay
Do you mean he tested it with other firmware than provided links with the exploit?
Well, it might have worked, if the kernels are binary the same in those different fw versions, still how could he know if it would work?
Trying blindly?
Anyway, please be more specific. If tried with different than supported fw, provide full version number and exact phone model number.
Thanks.
Q1: dont know
Q2/3: dont know/ its xda - no one reads instructions anymore :silly:

Good luck with it though, unlocked my boot loader the day storms fix released so i cant help you really but i wish you well.
 

greatpatel007

Senior Member
Aug 31, 2010
81
56
0
Anand
@greatpatel007, could you please send me the 3 TA images as described above?
Thanks.
Sorry for the delay as Its Diwali/New Year time in India so I was busy with all festival things.
Here are the files. The password is in your PM.

Huge Success. Everything is still on the stock exploitable firmware. nothing has been changed or tempered.

BTW I have restored the locked TA file for one more time and now everything is working including Camera + Xloud/Clear Audio + X-reality video enhancements + Bravia engine and other DRM functions as well.
 
Last edited:
  • Like
Reactions: j4nn
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone