I wrote Flashtool on day of Xperia X10, afterwards Androxyde took over and developed it very much further!
The idea is to use the very same protocol and modes Sony uses in their own Firmware flash tools (PCC/SUS/EMMA).
It can handle 2 modes:
Flashmode -> GREEN led -> also called s1boot mode
Fastboot -> BLUE led -> sony's fastboot implementation, which is handled here too by s1boot, so its not a fully function fastboot, but i has most all standard features
The interesting part is Flashmode, you can restore a sony phone no matter what happend with this mode (a few excludes, like if you manually edited your TA, then we cannot help you anymore).
This mode is implemented in the s1boot (Sony's bootloader), it is there ANYTIME you cannot brick this mode (see above for a exception)!
Because of this reason Sony phones are so safe, what we do is we can restore a Sony Firmware to the device, the firmware has to be signed by Sony (*.sin file) with their signature for commercial devices.
Flashtool sends over a so called "loader.sin", this loader gets started on device when it's signature is verfied, after that is done there is opened a faster transfer channel to the pc from the phone(from the loader which runs now), and it will accept the other "partitions", like system.sin, kernel.sin fotakernel.sin etc. etc.
This SIN files ofc will be checked for their signature and if good they will be written onto the phones memory. (Don't worry about this signature, we tried to exploit it many many times and for some years now, dont be stupid, its time waste
)
This is what happens there, and this is the way you restore a sony device, The benefits of flashtool is that it totally ignores what kind of customization (like branding, country blabla) is your phone and lets you flash what you like. So you can easy debrand, easy switch to older firmwares and even flash only seperate partitions.
Now comes the tricky part
TrimArea!
This TrimArea holds like you may know the DRM-Keys, but it holds even more, the phone saves their signatures, customization info, current firmware info and some more interesting stuff into this Area, it is a partition like all others but it uses a "special" format AND it gets checked against its signature by s1boot. (BTW this is the problem from above, if you alter the partition (or better said some areas here) manually then s1boot checks it, it will detect that you altered it, AND THEN it will NOT START ANYMORE!!!!!!!!!!!)
Flashtool now can handle 2 types of TA backup:
RAW and S1-Mode.
RAW, this is nothing more or less than the BackupTA Script, Flashtool will use adb and dumop the TA partition with dd on a unix shell, you need to be root to get this done
S1Mode: Well this mode works anytime, but it has it's "problems".
In S1Mode we can read every "sector" of TA. But only to specific point, and thats the "problem" with backup of TA, the relevant secotor is not readable in S1Mode. (Remember: S1Mode is basically the feature we get from the phone by sending over the loader.sin, which is specially signed again to be used on this phone or a phone family).
But we can do the same things here sony does´(ofc only the things which dont need signature), like removing the "rootkey", this will lock your bootloader again
And such stuff
We CANNOT remove simlocks, even if theoretically we know how, we cannot do it since we cannot sign our changes with the signature key (you get the idea now right?)
Hope i could explain stuff a little now
Just ask if you need some more infos
Regards
