@jayloofah, unfortunately the method I am using is very dangerous, with real risk of bricking the phone, particularly those that cannot be unlocked with sony site unlock code. Also you cannot flash any custom rom as is. [...]
Hey @j4nn,
"Long time listener, first time caller." I appreciate your clear talents, and thank you for all that you have done for the Xperia community by applying those talents!
I also appreciate your reasons for keeping this exploit close to your chest...it's very responsible of you. Even so, these old phone platforms aren't getting any younger or more valuable as time passes -- all of the SD835-based Yoshino devices are either nearing (XZ1*) or have passed (XZP) the 4+ year mark now -- and since both Sony is very unlikely to release any further Yoshino updates at this point to close this loop, and also since subsequent Xperia platforms based on newer Qualcomm SoC have proven to be resistant to the exploit (at least without dire consequences, thus providing a ready deterrent to most random Joes who might want to try it, assuming they even have the requisite skill to attempt it, which as you pointed out would require a carefully-prepped and tested-in-advance custom kernel build from source at the very least!)
So with these devices nearing the end of their usable lifespan, it begs the question at what point would it no longer be considered irresponsible to at least document & disclose to the public exactly how the exploit works, especially since (arguably) the utility of these phone models as "out of date" products (by most -- perhaps wrong -- standards) would only increase in value as a result *if* this exploit were to escape the confines of your lab. Nobody is asking for you to implement, maintain, and support a dozen different easy-to-install versions of it for various ROMs...at least I'm not! But I do think it would be a pity if the knowledge never got written down & disseminated, and instead just withered on the vine...
That said, if what you're primarily concerned about at this point is protecting it because you think Qualcomm SoC with TrustZone might be vulnerable to it up even to the present day, and so letting it leak out would allow Qualcomm to close it on current and future products, then that is a bit more understandable...