temp root for drm keys backup - anybody still interested?

[greatpatel007]

Worked on My xz premium single sim. What info would you like to have? @j4nn

Can I have your locked TA.img to test that whether it is cross-compatible or not so I can help all the dear fellow users who already unlocked bootloader and haven't backed up their TA. Don't worry I will not share your TA to anyone.

Help will be appreciated.

Thanks

 

[SilverGamer_YT]

Can I have your locked TA.img to test that whether it is cross-compatible or not so I can help all the dear fellow users who already unlocked bootloader and haven't backed up their TA. Don't worry I will not share your TA to anyone.

Help will be appreciated.

Thanks

I would like to test it too

 

[greatpatel007]

Please provide more details - there is no 235 fw, which device do you have - xzp or xzp dual?

As far as I know, 235 is a July 2018 Security Patch Update. It is strange that this exploit worked on July patch as it is more likely to only work on a device with Nov 2017 or lower security patch level.

235 Update is available for both XZP and XZP Dual.

Update
Restoring TA on latest Available firmware works and restores all the functionality.
Works on XZP and XZP Dual. Confirmed and Tasted.

September Patch
47.1.A.16.20

 

[j4nn]

Worked on My xz premium singel sim. What info would you like to have? @j4nn

Did you just backup TA or tried also unlock and restore?
What do you get in service menu, sevice test, security screen?

 

[steso90]

Did you just backup TA or tried also unlock and restore?
What do you get in service menu, sevice test, security screen?

I did backup,unlock,restore and then flashed newest firmware
And camera works.

 

[Dematen]

Do it is possible to revert to locked device?
Do this hack keeps automatic firmware update?

 

[j4nn]

@Dematen, revert back to locked state - probably not possible. No known way. Automatic firmware updates? They might be possible, needs more investigations. We got it once working with @tramtrist but seems rather not to work in general yet.

 

[Dematen]

It is not clear to me if everyone has tried to unlock,restore and then flashed newest firmware, have now a fully device rooted and working.

 

[greatpatel007]

Yes.
Steps
1) Use temp root and backup TA image
2) Unlock bootloader
3) Flash Newest firmware (or choice of yours)
4) Setup phone temporary and copy magisk files to
phone
5) flash twrp and temporary boot with twrp
(fastboot boot twrp.img)
6) flash magisk and reboot
7) Check Root privilege
8) Restore TA image and check DRM
8.1) (optional) factory reset if any fc issue

Now You have unlocked and rooted phone with full DRM Support including OTA Support.


Everything is tested and working for XZP and XZP Dual

 

[Dematen]

@j4nn say "Automatic firmware updates might be possible, needs more investigations". @Anand Say "phone with full DRM Support including OTA Support".
OTA Support work or not?

 

[madshark2009]

Yes.
Steps
1) Use temp root and backup TA image
2) Unlock bootloader
3) Flash Newest firmware (or choice of yours)
4) Setup phone temporary and copy magisk files to
phone
5) flash twrp and temporary boot with twrp
(fastboot boot twrp.img)
6) flash magisk and reboot
7) Check Root privilege
8) Restore TA image and check DRM
8.1) (optional) factory reset if any fc issue

Now You have unlocked and rooted phone with full DRM Support including OTA Support.


Everything is tested and working for XZP and XZP Dual

is relocking the bootloader an option?

 

[the_brad]

@j4nn I have a XZP but did the unlock long long time ago, so this doesn't help me out. But this is, nevertheless, by far one of the biggest achievments in xperia development history!
I just ordered a XZ2 Premium. Do you think, it might be worth to wait with unlocking it as I read the reports of some, that got the magic working on the september firmware?

 

[greatpatel007]

@madshark2009 No relocking the bootloader is not an option for sony. @Dematen OTA worked for me (XZP AND XZP DUAL) you can try for your self. Restore DRM while staying on same (exploitable) firmware, and check for the update.

There is no 100% guarantee that it will work or not because the same model can have different revisions.

 

[greencartim]

@j4nn
I just got the phone, it's the G8141. It is brand new sealed in the box. So it has never been updated or downgraded. It is running Oreo 8.0.0, I get you the firmware version after I'm done with work. Only had a little bit of time to mess with it. Anyways it seems to be running a Mexico firmware because the set up was in Spanish and the region was Mexico. Plus the fingerprint worked out of the box which was strange. So is there anything special you want me to do before doing the steps? That is if the firmware can be exploited. Thank you for your hard work and sharing this with the public.

 

[j4nn]

@greencartim, just check the fw version - xz premium - is that still sold?
we may try to test full backup if it arrives with exploitable fw version. I will need to check, if a particular version of xzp is exploitable or not.

 

[j4nn]

@j4nn I have a XZP but did the unlock long long time ago, so this doesn't help me out. But this is, nevertheless, by far one of the biggest achievments in xperia development history!
I just ordered a XZ2 Premium. Do you think, it might be worth to wait with unlocking it as I read the reports of some, that got the magic working on the september firmware?

What reports / what magic do you mean?
Please be specific - I do not understand, what do you mean or ask me about actually.

 

[greencartim]

@greencartim, just check the fw version - xz premium - is that still sold?
we may try to test full backup if it arrives with exploitable fw version. I will need to check, if a particular version of xzp is exploitable or not.

Yes it is still sold, the new stock is low but still there. And it came with 47.1.A.12.145 with April security patch.

 

[j4nn]

If you mean April 2018, then there is nothing special to test, you need to downgrade. Maybe just check if it has Android Attestation Key in service security menu (original xzp most likely did not come with it).

 

[greencartim]

If you mean April 2018, then there is nothing special to test, you need to downgrade. Maybe just check if it has Android Attestation Key in service security menu (original xzp most likely did not come with it).

My bad, I meant April 2018. And I will check if it has it.

EDIT: No there is not an Android Attestation Key. I will do the downgrade, back up, unlock, restore and go from there.

EDIT 2: Everything works, I can send screenshots if need be. Only keys that didn't work was the SOMC.

 

[the_brad]

As far as I know, 235 is a July 2018 Security Patch Update. It is strange that this exploit worked on July patch as it is more likely to only work on a device with Nov 2017 or lower security patch level.

235 Update is available for both XZP and XZP Dual.

Update
Restoring TA on latest Available firmware works and restores all the functionality.
Works on XZP and XZP Dual. Confirmed and Tasted.

September Patch
47.1.A.16.20

@j4nn I talked about this one. Doesn't this mean that even the September patch level might be exploitable in some kinda way? And by magic, I was mentioning your exploit and all the effort you put into this! So, long story short: Any chances of making this exploit usable for XZ2 premium?