Hello to everybody!
::::: A FEW WORDS BEFORE YOU ASK 100 TIMES THE SAME ;-P :::::
It has been told widely in these forums that permanent root on LB is impossible due to Verified Boot process implemented by Sony (and now by other vendors. Future for LB devices seems to be "Live root" approach). What we would like to achieve is temporary root privileges using some exploit in order to backup the TA partion, for warranty purposes and for complete stock DRM restore.
THIS ARTICLE IS A WONDERFUL ENTRY POINT IF YOU WANT MORE INFORMATION[/B]
Guys, i am very proud that we could win user zxz0O0 for trying out abilities to use the CVE-2015-1805 security vulnerability to get temporary privileges for i. e. backup of TA Partition of our Xperia Z5/Z5C/Z5P.....
For those who want to know a little bit more of what about we are discussing/ testing here:
Android Security Advisory — 2016-03-18: https://source.android.com/security/advisory/2016-03-18.html
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805
German article from t3n.de: http://t3n.de/news/google-android-sicherheitsluecke-691418/
CURRENT STATUS:
- ZXZ0O0 HAS FINISHED HIS WORK +++ Release for Z5/ Z5C/ Z5P coming soon!
You will need to flash build 32.0.A.6.200 kernel or lower!
LET US THANK:
- ZXZ0O0 FOR HIS AMAZING EFFORTS AND HIS PASSION INTO THIS
- IDLER1984 FOR HIS TESTCODE
- FOR TESTING ZXZ0O0's BUILDS: NINESTARKOKO, RIMMEDA, NILEZON AND ALL OTHERS IF I FORGOT SOMEONE
Greets and Cheers, Your Flummi.FFM
Well, we got Linux Kernel 3.10, which is affected by this exploit. This could make root possible, but we have to know how the root app is called ?
i will look as soon as i have time here
Lurking
old news mate.
http://forum.xda-developers.com/xperia-z5/general/root-using-vulnerabilities-snapdragon-t3338173
another forummer already pinted this out.
unless you know how to roll back old linux kernel and over come SElinux
Flummi.FFM said:
Good morning to everyone!
Just a few minutes ago on the way to my workplace i just found an article about the CVE-2015-1805 security issue.
Sources:
Android Security Advisory — 2016-03-18: https://source.android.com/security/advisory/2016-03-18.html
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805
German article from t3n.de: http://t3n.de/news/google-android-sicherheitsluecke-691418/
Is THIS what we all waited for to get root on Locked Bootloader? Is here maybe someone who is able to say something about these articles?
Or maybe it is even worth to be evaluated in other device's threads to get people in knowledge of this "security issue"?
Full of hope that someone here is able to workout something on this base, Greets and cheers....
Click to expand...
Click to collapse
Sony released MM firmware with this CVE already being fixed.
frostmore said:
old news mate.
http://forum.xda-developers.com/xperia-z5/general/root-using-vulnerabilities-snapdragon-t3338173
another forummer already pinted this out.
unless you know how to roll back old linux kernel and over come SElinux
Click to expand...
Click to collapse
In the other thread they Talk about CVE-2016-0819 and CVE-2016-0805 which affects specially snapdragon soc's......
The articles which i found are talking about CVE-2015-1805......
I dont think that we are talking about the same. CVE-2015-1805 affects possibly every Kernel Version 3.4, 3.10 and 3.14.....
If Sony already has fixed the 2015-1805 even while Google itself "forgot", could you tell me where i can find Information about a fix By Sony?
Tommy-Geenexus said:
Sony released MM firmware with this CVE already being fixed.
Click to expand...
Click to collapse
Flummi.FFM said:
If Sony already has fixed the 2015-1805 even while Google itself "forgot", could you tell me where i can find Information about a fix By Sony?
Click to expand...
Click to collapse
Simple: I just tried to patch the kernel, and found it has already included the fix.
The patch exists since mid-2015, it's just that devices were recently exploitet using this regression, and Google reacted.
Thx then for your reply......
Tommy-Geenexus said:
Simple: I just tried to patch the kernel, and found it has already included the fix.
The patch exists since mid-2015, it's just that devices were recently exploitet using this regression, and Google reacted.
Click to expand...
Click to collapse
I found out that in the source of Release 32.0.a.4.11 the issue IS NOT fixed.......
Maybe a Base for a root solution after downgrade?
Flummi.FFM said:
I found out that in the source of Release 32.0.a.4.11 the issue IS NOT fixed.......
Maybe a Base for a root solution after downgrade?
Click to expand...
Click to collapse
Hi man!!
How did you see it?
I asked about it. Maybe zxz0o0 a dev of z3 will help us. I hope he see it
Crossfingers
Enviado desde mi E6653 mediante Tapatalk
uripiruli said:
Hi man!!
How did you see it?
I asked about it. Maybe zxz0o0 a dev of z3 will help us. I hope he see it
Crossfingers
Enviado desde mi E6653 mediante Tapatalk
Click to expand...
Click to collapse
I downloaded the source Code of the 32.0.a.4.11 build and compared the pipe.c File with the fix commit and the fixed version in the 32.1.a.1.163 build.
The result was that the older Version is Not fixed.
I also thought one hour ago of asking zxz000 Team.....
If we can win them it would be great!!!
I asked few minutes ago in two z3 threads for help.....
I hope so much that someone will be able to make something finally.....
How about dm-verity? How can you pass this?
You can probably get "root" using this exploit but it will only be temporarily and you can't write /system because of dm-verity. So the only usecase I see is to backup TA partition.
anno2070 said:
How about dm-verity? How can you pass this?
Click to expand...
Click to collapse
zxz0O0 said:
You can probably get "root" using this exploit but it will only be temporarily and you can't write /system because of dm-verity. So the only usecase I see is to backup TA partition.
Click to expand...
Click to collapse
Unfortunally i dont have the knowledge to make something by myself.....
In my opinion ta Backup is more than nothing for the Moment.....
Maybe if all of you professionals like Tobias.waldvogel and monx and you of the z3 community are working and thinking together about it then it will happen one Day?
You see i spend all my free time on searching for abilities and holes to use......
But due to my very basically knowledge of programming i am not able to implement something on my own.
Edit: my idea was to achieve root By this hole, then get a prerooted and DM verity disabled kernel before Reboot..... Isnt that possible?
Flummi.FFM said:
Unfortunally i dont have the knowledge to make something by myself.....
In my opinion ta Backup is more than nothing for the Moment.....
Maybe if all of you professionals like Tobias.waldvogel and monx and you of the z3 community are working and thinking together about it then it will happen one Day?
You see i spend all my free time on searching for abilities and holes to use......
But due to my very basically knowledge of programming i am not able to implement something on my own.
Edit: my idea was to achieve root By this hole, then get a prerooted and DM verity disabled kernel before Reboot..... Isnt that possible?
Click to expand...
Click to collapse
You cant flash any other Kernel beside Sony Original Kernel on Locked Bootloader and with dm-verity enabled its nothing you can do to root LB Z5. The only possible way is to unlock your Bootloader but with locked Bootloader you have no Chance as you cant flash any modified Kernel. We only archieved Root on Z3 because it has dm-verity disabled in Original Sony Kernel.
zxz0O0 said:
You can probably get "root" using this exploit but it will only be temporarily and you can't write /system because of dm-verity. So the only usecase I see is to backup TA partition.
Click to expand...
Click to collapse
Thanks for your answer.
If we rooted our Phone with a temporaly root with this xploit, then we do ta backup. Finally unlock de bootloader, root with the actually tools that we have... And then restore our ta backup with our Sony features. Is this possible??? Or i am dreamming????[emoji16]
Enviado desde mi E6653 mediante Tapatalk
uripiruli said:
Thanks for your answer.
If we rooted our Phone with a temporaly root with this xploit, then we do ta backup. Finally unlock de bootloader, root with the actually tools that we have... And then restore our ta backup with our Sony features. Is this possible??? Or i am dreamming????[emoji16]
Enviado desde mi E6653 mediante Tapatalk
Click to expand...
Click to collapse
you cant restore your ta backup on unlocked bootloader. So you are in the start point. Unless you get something to disable dm-verity you can not get root on lock bootloader
You can "restore" drm keys on unlocked bootloader now. I dont get it why do you want to backup them so much? You can have all drm features working on UB.
Related
Hello everybody,
As i don't have enough messages to answer on the development thread, i post a few information here.
On my Z bought on a xperia store (lock bootloader but unlockable, french version (I think it is a worldwide one...) ) i runned the exploit, and it do work!
But as some comment said, the NFC stopped to work (only bug so far...).
The error is simple: you can't 'check' the box in configuration.
The logcat is simple and say only a few information:
I/NfcService( 1102): Enabling NFC
E/NFCJNI ( 1102): phLibNfc_Mgt_ConfigureDriver() returned 0x0106[NFCSTATUS_INVALID_DEVICE]
W/NfcService( 1102): Error enabling NFC
I don't know if i can help. But here are the few informations i have =)
Hello, You can fix this problem by removing a directory named /data/usf.
Thanks !
goroh_kun said:
Hello, You can fix this problem by removing a directory named /data/usf.
Thanks !
Click to expand...
Click to collapse
Thanks for creating this root method.
Sent from my C6602 using xda premium
goroh_kun said:
Hello, You can fix this problem by removing a directory named /data/usf.
Thanks !
Click to expand...
Click to collapse
Hey goroh_kun, I messed around with some other scripts and lost root, and can't re-root using your method. Can you give me any pointers on what I can do?
robogo1982 said:
Hey goroh_kun, I messed around with some other scripts and lost root, and can't re-root using your method. Can you give me any pointers on what I can do?
Click to expand...
Click to collapse
Do you still have supersu??if no download it from playsrore.
You can always flash stock firmware and re-root again.
Sent from my C6602 using xda premium
goroh_kun said:
Hello, You can fix this problem by removing a directory named /data/usf.
Thanks !
Click to expand...
Click to collapse
please check p.m.!
gm007 said:
Do you still have supersu??if no download it from playsrore.
You can always flash stock firmware and re-root again.
Click to expand...
Click to collapse
SuperUser is there, just no apps have root access. None.
In process of flashing back to stock and going all over again.
EDIT: restored with SUS and rooted again with this method. All seems good so far.
Thanks for the tip, it works like before now.
And root is correctly working
Sent from my C6603 using xda app-developers app
Worked like a charm, and thanks for the tip to fix NFC! This is very valuable to me, my bootloader isn't unlockable (I'm hoping a carrier unlock will help there, but Vodafone Ireland claim they don't have the NUCs yet).
AW: About goroh_kun & huhka_com exploit on C6603 / 10.1.A.1.350
No, wont help. An unlock blocked bootloader is locked for good. No way around it and I judge from your post, you dont read other threads so you have no idea whats going on: Sony - as other manufacturers did and do - didnt compromise Qcoms security installments in place by poorly engineering the phone. Bootloader security barrier most likely wont ever be broken through.
How exactly do you remove a directory like that?
Use root explorer.. Worked like a charm
I didn't remove it I just renamed it to usf1 it worked! But there are a lot of files in that folder. Is it not important?
Sent from my Nexus 7 using Tapatalk HD
schaggo said:
No, wont help. An unlock blocked bootloader is locked for good. No way around it and I judge from your post, you dont read other threads so you have no idea whats going on: Sony - as other manufacturers did and do - didnt compromise Qcoms security installments in place by poorly engineering the phone. Bootloader security barrier most likely wont ever be broken through.
Click to expand...
Click to collapse
I take it your talking about official bootloader unlocking? Coz obviously a dev might work out how to unlock a bootloader using other ways which would mean a blocked bootloader can be unlocked.
Sent from my C6603 using xda premium
Hi everyone
I'm new at this root things so I would like to make a couple of questions if you don't mind...
I have a SIM Free UK Xperia Z, so I think my bootloader is unlockable. The thing is I don't want to do it (at least for now) because I will loose DRM keys, BE2, and my warranty...
1- Can I root using this method without unlocking the booloader?
2- If I root my phone with this method I mantain my DRM keys, BE2 and can restore it like when it came from factory?
Thanks in advance
1. Yes
2.Yes
nazrin313 said:
1. Yes
2.Yes
Click to expand...
Click to collapse
Thanks
One last question.
If Sony releases an update...Can I update it? I will loose root right?
AW: About goroh_kun & huhka_com exploit on C6603 / 10.1.A.1.350
jayman1986 said:
Coz obviously a dev might work out how to unlock a bootloader using other ways which would mean a blocked bootloader can be unlocked.
Click to expand...
Click to collapse
I covered this in my initial post: recognized elite Android god Entropy512 himself, stated repeadetly, that bootloader security on Qualcomm devices is very strong. If it gets broken (this is what you ask/hope for) then it's usually because the manufacturer ****ed up Qcomms security. Sony, so it seems, does not have done that so an "unofficial" unlock or "bootloader crack" is very unlikely on the current devices, such as the Xperia T and Xperia Z.
---------- Post added at 05:28 PM ---------- Previous post was at 05:25 PM ----------
JPWOA said:
If Sony releases an update...Can I update it? I will loose root right?
Click to expand...
Click to collapse
Most likely, yes. Or better: usually, yes, exemptions exempt. You will be able to update and keep root using the help and procedures which will be published in this forum.
hi all, i having the problem with nfc after root, and unable to find the data/usf.
my data folder is empty......
i533.photobucket.com/albums/ee333/ri1030/Other/rojak/Screenshot_2013-03-19-15-44-50_zps9dc2bef7.png
Sorry ubanle to post link
Make sure your file explorer is configured to access system directories (such as /data) in root mode. You may need to change a setting to enable root access.
/data is definitely not empty, it's filled with plenty of other stuff.
HI @all,
now that we have a FW for the device - is root possible?
All known root methods are not working.
BR
UserX10
Edit:
Solved -> Thanks you DooMLoRD
http://forum.xda-developers.com/z3-...58xx-cwm-based-recovery-6-0-4-7-root-t2890231
Delete.
Jeez.
People haven't even got their hands on the phone yet...
Be patient
Anyone wanna try Framaroot?
http://framaroot.net/index.html
framaroot does not work ...
Ok because I saw it posted on this blog and thought it would work. Strange!
plisk3n said:
Ok because I saw it posted on this blog and thought it would work. Strange!
Click to expand...
Click to collapse
Well, it says "tested on device" and is from 9/4, before the device was even unavailable. I'd be careful that apk isn't something more.
CollinsJ said:
Well, it says "tested on device" and is from 9/4, before the device was even unavailable. I'd be careful that apk isn't something more.
Click to expand...
Click to collapse
Yeah that's also the reason why I decided not to download it, I'll just wait till someone @ XDA finds a way to root the device. It's not like we'll die because our device isn't rooted for x weeks/months.
Weeks/months?! I would die! It's been a day and the amount of things I can't do is driving me nuts!
If you have an unlocked boot loader see what I say at http://forum.xda-developers.com/showthread.php?p=55709585. If you don't I think you'll be waiting for a while - someone needs to find an exploit and write the app/code needed to exploit it. This has become increasingly hard as Android has become more secure - before Towelroot AFAIK the Z1/Z2 was not rootable for a long time. You'd probably be waiting a similar length of time for the next big root exploit.
tilal6991 said:
If you have an unlocked boot loader see what I say at http://forum.xda-developers.com/showthread.php?p=55709585. If you don't I think you'll be waiting for a while - someone needs to find an exploit and write the app/code needed to exploit it. This has become increasingly hard as Android has become more secure - before Towelroot AFAIK the Z1/Z2 was not rootable for a long time. You'd probably be waiting a similar length of time for the next big root exploit.
Click to expand...
Click to collapse
Would it not be helpful to contact Sony themselves? They're increasingly developer friendly, these days. Maybe they'd be willing to offer pointers to root app developers?
mudnightoil said:
Would it not be helpful to contact Sony themselves? They're increasingly developer friendly, these days. Maybe they'd be willing to offer pointers to root app developers?
Click to expand...
Click to collapse
Well I know people at Sony and long story short: if you want root unlock the boot loader. Its as simple as that. You have to understand that while a root exploit looks nice to tinkerers its also a serious security issue which must be fixed - that is why many root solutions also patch the exploit they use after using it.
Does unlocking the bootloader require wiping the phone? I know this is required on the nexus phones. If it requires wipe then its the very first thing I'm doing once I get the phone out of the box.
Sent from my Nexus 5 using Tapatalk
tilal6991 said:
Well I know people at Sony and long story short: if you want root unlock the boot loader. Its as simple as that. You have to understand that while a root exploit looks nice to tinkerers its also a serious security issue which must be fixed - that is why many root solutions also patch the exploit they use after using it.
Click to expand...
Click to collapse
I'm aware of this ... but on the one hand being one of the few if only manufacturers to provide official unlocking for the bootloaders (with the obvious intention of spurring development etc), but on the other actively closing non-simple (i.e. ones requiring a dedicated program) root 'exploits' would seem a little at odds. Is it really that black and white? You'd think it might be in their interests to provide an official complex / secure rooting method.
sublimnl said:
Does unlocking the bootloader require wiping the phone? I know this is required on the nexus phones. If it requires wipe then its the very first thing I'm doing once I get the phone out of the box.
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
Yes. It will wipe everything AFAIK - double check with the website.
mudnightoil said:
I'm aware of this ... but on the one hand being one of the few if only manufacturers to provide official unlocking for the bootloaders (with the obvious intention of spurring development etc), but on the other actively closing non-simple (i.e. ones requiring a dedicated program) root 'exploits' would seem a little at odds. Is it really that black and white? You'd think it might be in their interests to provide an official complex / secure rooting method.
Click to expand...
Click to collapse
Your statements contradict themselves. Rooting without unlocking the bootloader needs a security flaw. How can any method which leaves a security hole be secure?
Bootloader unlocking gets around this by letting you control the boot partition of the device so you can disable the "security barrier" that android provides. This is a choice you are explicitly making which is why it is the only "secure" way to root.
Does towelroot work?
MrOeyta said:
Does towelroot work?
Click to expand...
Click to collapse
Unfortunately Towelroot does not work.
I've read some people saying that unlocking the bootloader causes you to lose your DRM keys which apparently would affect software/ camera issues?
Can anyone verify this?
tacocats said:
I've read some people saying that unlocking the bootloader causes you to lose your DRM keys which apparently would affect software/ camera issues?
Can anyone verify this?
Click to expand...
Click to collapse
This is very true. On the z1c I neglected to back up the TA partition. And apparently lost native mirror cast and some camera features when I rolled the device back to stock.
Back up your TA partition before unlocking BL.
dillalade said:
This is very true. On the z1c I neglected to back up the TA partition. And apparently lost native mirror cast and some camera features when I rolled the device back to stock.
Back up your TA partition before unlocking BL.
Click to expand...
Click to collapse
Any idea how this could be done?
Is this Android 4.4.4 to SGP521?
Link
Exciting!
Yes, it is 4.4.4, and it will bring us the new Z3 UI, and some Z3 features.
Bird40 said:
Is this Android 4.4.4 to SGP521?
Link
Click to expand...
Click to collapse
Sure you are not being a bit previous? My Z2 is SGP512, not SGP521! Hope you are right though
UPDATE: Doh! Just realized that both are valid
Very good news
Finally!
Sent from my SGP521 using Tapatalk
The rumour-mill has gone scarily quiet.. I don't understand why, having subscribed to a "premium" product, we don't get "premium" service. Anyone prepared to stir the pot and get the rumours going again?
pdes said:
The rumour-mill has gone scarily quiet.. I don't understand why, having subscribed to a "premium" product, we don't get "premium" service. Anyone prepared to stir the pot and get the rumours going again?
Click to expand...
Click to collapse
Ok, try this one. They're not going to push the 4.4.4 and will go straight to 5L next year
New version
New version
Link
Has anyone been able to update? Mine just failes
Sent fra min D6503 via Tapatalk
Installed and working properly, we only need to root :good:
Bird40 said:
Is this Android 4.4.4 to SGP521?
Link
Click to expand...
Click to collapse
yes, i already got it, any one has recovery?
I managed to install it with dual recovery but I am having issues on mounting the system. Does anyone know how to?
chesterr said:
I managed to install it with dual recovery but I am having issues on mounting the system. Does anyone know how to?
Click to expand...
Click to collapse
But it is compatible? Now try but could
So, what do you guys think about this update? Is it really worth it? Curious to know.
The biggest reason for me to change was to get Remote Play to link with my PS4. Also, the applications button is now shifted to the middle of the bottom edge. Other than that, I haven't noticed any huge changes that blew me away.
Remote Play is pretty cool though, tried it out for a little bit last night and it was good enough to play Call of Duty campaign mode.
chesterr said:
I managed to install it with dual recovery but I am having issues on mounting the system. Does anyone know how to?
Click to expand...
Click to collapse
Need to modify the kernel ramdisk to make it insecure.
Moscow Desire said:
Need to modify the kernel ramdisk to make it insecure.
Click to expand...
Click to collapse
Yea it did ask me about ramdisk btw, guess I'm just gonna wait till PRF Creator tool to be updated,
chesterr said:
Yea it did ask me about ramdisk btw, guess I'm just gonna wait till PRF Creator tool to be updated,
Click to expand...
Click to collapse
Well, technically, it's not such a big deal, to swap kernels/ramdisk with an unlocked bootloader. It's a simple edit. But, at this point, it would mean unlocking bootloader, and losing DRM keys (still not sure what functions besides some lost advanced camera functions, not that anybody uses the camera anyhow except for skype).
Under the old rooting, it used an exploit to modify ramdisk, (and install the necessary apps), without unlocking bootloader via an exploit.
As for me, I will wait a couple weeks and see if there's a new exploit. If not, well, I will do the above method.
Moscow Desire said:
Well, technically, it's not such a big deal, to swap kernels/ramdisk with an unlocked bootloader. It's a simple edit. But, at this point, it would mean unlocking bootloader, and losing DRM keys (still not sure what functions besides some lost advanced camera functions, not that anybody uses the camera anyhow except for skype).
Under the old rooting, it used an exploit to modify ramdisk, (and install the necessary apps), without unlocking bootloader via an exploit.
As for me, I will wait a couple weeks and see if there's a new exploit. If not, well, I will do the above method.
Click to expand...
Click to collapse
Basically DRM keys are used to see if you have unlocked the device (in the past). So mainly for Sony to check if your warranty is still valid.
There is a tool that will backup your DRM keys though, and can restore it too. You just need root for that (just downgrade, root, backup keys and upgrade again) Just Google Xperia DRM backup and you're bound to find out
Sony released binaries and build instructions for aosp 6.0 android for our xperia z4 tablet.
What else is necessary for developers to build AOSP android 6.0 for our sgp771 devices?
Here are the links:
http://developer.sonymobile.com/downloads/tool/software-binaries-for-aosp-m-android-6-0/
https://github.com/sonyxperiadev/device-sony-karin
Please developers build AOSP android 6.0 for our devices
Enviado de meu SM-N920G usando Tapatalk
Really, we beg you to build some more customs roms for our device, because now it even useless to root our device as there is no roms and we lose drm keys((((((((
I don't understand why Sony posts AOSP source code, build instructions, but no AOSP binaries.
I'm keeping an eye out on the FXP Marshmallow page, but so far it's been empty.
alex009988 said:
Really, we beg you to build some more customs roms for our device, because now it even useless to root our device as there is no roms and we lose drm keys((((((((
Click to expand...
Click to collapse
Whether you root or not does not depend on a custom rom. It depends on what apps you want to use. If you want to use apps like Titanium Backup, Adaway and so on you need root. And root can be achieved quite easy.
akxak said:
Whether you root or not does not depend on a custom rom. It depends on what apps you want to use. If you want to use apps like Titanium Backup, Adaway and so on you need root. And root can be achieved quite easy.
Click to expand...
Click to collapse
But currently that means losing the TA partition doesn't it, from what I have been reading?
scoobydu said:
But currently that means losing the TA partition doesn't it, from what I have been reading?
Click to expand...
Click to collapse
If that's where the drm keys are, yes... but not due to rooting, but due to unlocked bootloader.
akxak said:
If that's where the drm keys are, yes... but not due to rooting, but due to unlocked bootloader.
Click to expand...
Click to collapse
Sure but in order to root you need to unlock the bootloader which in itself is fine, but you'll lose the TA and yes the DRM keys in the TA.
scoobydu said:
Sure but in order to root you need to unlock the bootloader which in itself is fine, but you'll lose the TA and yes the DRM keys in the TA.
Click to expand...
Click to collapse
Sorry can someone explain to me what is the TA and DRM keys? I had samsung tablet before xperia z4 tablet. I can not understand those terms. What will I lose if I install aosp android? Will I be able to reflash stock Sony firmware if I want to roll back? Where can I get the original firmware and flash tools for Windows so that I can revert back from aosp install to stock Sony firmware? And finally what will I lose after aosp android install?
Can you guys post a video of aosp android running in your xperia z4 tablet?
Enviado de meu SM-N920G usando Tapatalk
calj17 said:
Sorry can someone explain to me what is the TA and DRM keys? I had samsung tablet before xperia z4 tablet. I can not understand those terms. What will I lose if I install aosp android? Will I be able to reflash stock Sony firmware if I want to roll back? Where can I get the original firmware and flash tools for Windows so that I can revert back from aosp install to stock Sony firmware? And finally what will I lose after aosp android install?
Can you guys post a video of aosp android running in your xperia z4 tablet?
Enviado de meu SM-N920G usando Tapatalk
Click to expand...
Click to collapse
I have only just received my Z4 yesterday but very much assume its the same as my Z3, Z3Tab, Tab and Ultra.
Sony keep the DRM keys in a special TA partition to allow their proprietary technologies to work, eg their barvia engine for the screen and audio codecs for sound.
If you unlock the bootloader it will remove this partition and your device specific keys will be lost.
Those keys are yours alone and you cannot recover from someone elses.
There have been some apps to try and reinstate those keys, but I have never used them, so cannot comment if they are good.
I usually try and root without unlocking the bootloader, so you can then save your TA partition off device and then unlock.
That way if you want to relock you can reinstate the TA partition and the tech that goes with it.
As there is no root with a locked bootloader currently, that is your only option for the moment if you want root.
I plan on waiting for MM and hoping a common vunerability is present for multple devices, as that was the way I rooted my Z3 Tab, by loader the Z3 phone firmware, rooting and then reloading the Z3 Tab firmware back.
scoobydu said:
I have only just received my Z4 yesterday but very much assume its the same as my Z3, Z3Tab, Tab and Ultra.
Sony keep the DRM keys in a special TA partition to allow their proprietary technologies to work, eg their barvia engine for the screen and audio codecs for sound.
If you unlock the bootloader it will remove this partition and your device specific keys will be lost.
Those keys are yours alone and you cannot recover from someone elses.
There have been some apps to try and reinstate those keys, but I have never used them, so cannot comment if they are good.
I usually try and root without unlocking the bootloader, so you can then save your TA partition off device and then unlock.
That way if you want to relock you can reinstate the TA partition and the tech that goes with it.
As there is no root with a locked bootloader currently, that is your only option for the moment if you want root.
I plan on waiting for MM and hoping a common vunerability is present for multple devices, as that was the way I rooted my Z3 Tab, by loader the Z3 phone firmware, rooting and then reloading the Z3 Tab firmware back.
Click to expand...
Click to collapse
So in your opinion we should not unlock bootloader to install aosp. In resume what changes of I unlock bootloader install aosp and loose this DRM keys ? Won't I be able to reflash stock Sony firmware back and get tablet working as it was before installing aosp?
Enviado de meu SM-N920G usando Tapatalk
calj17 said:
So in your opinion we should not unlock bootloader to install aosp. In resume what changes of I unlock bootloader install aosp and loose this DRM keys ? Won't I be able to reflash stock Sony firmware back and get tablet working as it was before installing aosp?
Enviado de meu SM-N920G usando Tapatalk
Click to expand...
Click to collapse
You will irreversibly lose Sony-proprietary functionality. I cannot provide a full list of what that is because I don't have the complete knowledge, but you will lose camera denoising, PS4 remote play and, as scoobydu mentions, image 'enhancement' functions (X-Reality). There's more, I read it somewhere here on XDA.
what you can find in the SONY fora
jelbo said:
There's more, I read it somewhere here on XDA.
Click to expand...
Click to collapse
[Knowledge Base] Introduction to the Sony (-Ericsson) Xperia Galaxy
Why an exploit seems inmpossible
read the whole thread (altough some outdated infos and offtopic posts)
or the intro to
Custom kernel Z3+ E6553 - Nuke Verity / Sony RIC and allow SELinux permissive
Loss of DRM Keys
ive builded android 6.0 yesterday for the xperia z4 tablets.
when im back home, ill upload the images for android 6.0 for the lte and wifi version
Hundsbuah said:
ive builded android 6.0 yesterday for the xperia z4 tablets.
when im back home, ill upload the images for android 6.0 for the lte and wifi version
Click to expand...
Click to collapse
And how well does it work, camera and so on?))) IS it worse then cyanogenmod, I mean stability?
Hundsbuah said:
ive builded android 6.0 yesterday for the xperia z4 tablets.
when im back home, ill upload the images for android 6.0 for the lte and wifi version
Click to expand...
Click to collapse
Thank you friend. Could you upload a video tutorial on how to install the rom and show it running in your tablet?[emoji1]
Enviado de meu SM-N920G usando Tapatalk
Haven't tested much. I'm back to v5 because I'm not at home and have no mobile data left. So I restored my backup. Wifi was working because I searched for wifi networks
Hundsbuah said:
Haven't tested much. I'm back to v5 because I'm not at home and have no mobile data left. So I restored my backup. Wifi was working because I searched for wifi networks
Click to expand...
Click to collapse
Tell me. After install a aosp rom like yours how can I roll back and install Sony stock firmware back? What will change after this rollback to stock? People at forum told that because is necessary to unlock bootloader to install aosp rom we would lose DRM partition information that has xreality data and tablet profiles so after rolling back to oem flashing the stock firmware is the tablet the same as before? Working fine?
Enviado de meu SM-N920G usando Tapatalk
I restored my system partition with the Linux dd command in twrp via adb shell. Yes u need an unlocked bootloader and the ta partition etc is gone
Hundsbuah said:
I restored my system partition with the Linux dd command in twrp via adb shell. Yes u need an unlocked bootloader and the ta partition etc is gone
Click to expand...
Click to collapse
Great to hear you were running Android 6.0 on your Z4. Mine just arrived today
You seem to have found a way to restore TWRP backups using the dd command. Could you please share the used commands? Because AndroPlus' TWRP build has broken restore functionality, a functional workaround would be more than welcome for us flash-happy xda'ers
calj17 said:
Tell me. After install a aosp rom like yours how can I roll back and install Sony stock firmware back? What will change after this rollback to stock? People at forum told that because is necessary to unlock bootloader to install aosp rom we would lose DRM partition information that has xreality data and tablet profiles so after rolling back to oem flashing the stock firmware is the tablet the same as before? Working fine?
Enviado de meu SM-N920G usando Tapatalk
Click to expand...
Click to collapse
If you are not convinced by others input to your questions, perhaps you should go back over Xperia Z, Z1, Z2, Z3 and Z4 forums to double check.
We would all love to unlock and not lose TA, but its been a 'feature' of Xperia for some time, but I am sure we are all happy to be corrected if Sony have changed things.
If you continually need a video to implement, then perhaps you should not be trying? Just a thought.
Merry Christmas.
[discussion][root] with [locked bl], vulnerabilities Snapdragon on <March2016 Android
There's an interesting article that got me thinking:
http://buysoft.greatsoftline.com/vu...m-snapdragon-chip-allow-for-easy-root-access/
CVE-2016-0819 vulnerability
Click to expand...
Click to collapse
We discovered this particular vulnerability, which is described as a logic bug when an object within the kernel is freed. A node is deleted twice before it is freed. This causes an information leakage and a Use After Free issue in Android. (UAF issues are well-known for being at the heart of exploits, particularly in Internet Explorer.)
CVE-2016-0805 vulnerability
This particular vulnerability lies in the function get_krait_evtinfo. (Krait refers to the processor core used by several Snapdragon processors). The function returns an index for an array; however, the validation of the inputs of this function are not sufficient. As a result, when the array krait_functions is accessed by the functions krait_clearpmu and krait_evt_setup, an out-of-bounds access results. This can be useful as part of a multiple exploit attack.
Gaining root access
Using these two exploits, one can gain root access on a Snapdragon-powered Android device. This can be done via a malicious app on the device. To prevent further attacks that may target either the patched vulnerabilities or similar ones that have yet to be discovered, security experts are not disclosing the full details of this attack.
Trend Micro researchers will disclose the full details of exactly how to leverage the bugs at the upcoming Hack In The Box security conference in the Netherlands to be held in late May 2016.
Click to expand...
Click to collapse
Once updates got applied,
flashing back via XperiFirm, exploit that vulnerability and gain root
What do you think ?
langeveld024 said:
It was already found.
.11 fw is vulnerable at several points, however, rooting is not possible due to dm-verity and Sony ric which prevents modify system.
If u search this thread you'll find more about it.
Click to expand...
Click to collapse
bummer
Pandemic said:
We are genius in Z3 forum !!!!
http://forum.xda-developers.com/showthread.php?p=65856403
“Sent From MWE V9.5.0 On My Z3”
Click to expand...
Click to collapse
There's progress on the Z3 front
Poor Sony's fan waiting root for locked BL so long, many 6.0 phone have got root already,
Gaining root with locked BL is actually great security risk, not something one should be proud of.
Saw this?
http://forum.xda-developers.com/showthread.php?p=65861217
Post 1677 by Pandemic
It looks promising, the Z3 just got Root on LB
Thx. Wolfbreak the developer since the X10i
Sent from my E6653 @ XDA Portal
Duvel999 said:
Saw this?
http://forum.xda-developers.com/showthread.php?p=65861217
Post 1677 by Pandemic
It looks promising, the Z3 just got Root on LB
Thx. Wolfbreak the developer since the X10i
Sent from my E6653 @ XDA Portal
Click to expand...
Click to collapse
Is it possible to port this root method on M with LB for z3 ????? They have the same problem with DRM keys like us.... But they win.
http://forum.xda-developers.com/z3/...oid-6-0-mm-t3337357/post65856403#post65856403
thanx.
I don't think there will be a way to root z5 with LB unfortunatelly.
The method there needs a custom recovery installed which is possible on Z3 due to an exploit used on an early firmware. Since there's no such achievement yet on the Z5 you will already fail with the first task and any other following.
Since they've made their success public before the final firmware is out Sony has enough time to fix everything else.
some people say the z5 and z3 use the same hardware and could technically use the z3 rom to root the z5.
however, the heading of this post should change. i thought we finally have root on the z5 family only to find out that it's just a post talking about root on the z3.....
zacharias.maladroit said:
There's an interesting article that got me thinking:
http://buysoft.greatsoftline.com/vu...m-snapdragon-chip-allow-for-easy-root-access/
Click to expand...
Click to collapse
I didn't know those information were to be disclosed in May, instead of being kept secret. Good news from our point of view...
I think that, if the vulnerabilities could be exploited also on the Z5 line (every exploit needs to be verified practically), then we could gain temporary shell root/system priviledge to backup the TA partition. If i remember well, we cannot achieve permanent root on locked bootloader, as the /system protection SONYric is embedded in the stock kernel image.
We would need some mobile flashing tool like this: http://forum.xda-developers.com/showthread.php?t=2334554
I think i misunderstood. The problem is the Verified Boot ("dm-verity") check introduced in Z3+/Z4 and Z5 line.
We cannot get permanent root because this would involve modified kernel (to write on /system partition), which would not boot using a Locked bootloader because of Verified boot process that uses an OEM key.
The whole process is described here: https://source.android.com/security/verifiedboot/verified-boot.html
Google intention is (or was) to allow the boot process, after a red warning, if the verification of the kernel image didn't succeed on a locked bootloader... But Sony devices bootloop without showing any warning and so the user is not allowed to continue (source: https://androplus.org/Entry/843/ thanks to the developer).
So, on locked bootloaders, it's impossible to have permanent root apps, xposed ,.... unless someone finds a hole in the bootloader (someone found a hole in Motorola's bootloader) or the OEM key gets copied and is used to sign modified firmwares...just exciting dreams.
Anyone, correct me if i'm wrong.
ninestarkoko said:
I think i misunderstood. The problem is the Verified Boot ("dm-verity") check introduced in Z3+/Z4 and Z5 line.
We cannot get permanent root because this would involve modified kernel (to write on /system partition), which would not boot using a Locked bootloader because of Verified boot process that uses an OEM key.
The whole process is described here: https://source.android.com/security/verifiedboot/verified-boot.html
Google intention is (or was) to allow the boot process, after a red warning, if the verification of the kernel image didn't succeed on a locked bootloader... But Sony devices bootloop without showing any warning and so the user is not allowed to continue (source: https://androplus.org/Entry/843/ thanks to the developer).
So, on locked bootloaders, it's impossible to have permanent root apps, xposed ,.... unless someone finds a hole in the bootloader (someone found a hole in Motorola's bootloader) or the OEM key gets copied and is used to sign modified firmwares...just exciting dreams.
Anyone, correct me if i'm wrong.
Click to expand...
Click to collapse
Personally, not having permanent root on a locked bootloader is fine with me. I just need temp root to back up TA partition.
I am pretty sure the rest of the Z5 owners who are not yet unlock are waiting to backup TA partition before doing anything else.
there already is a way to restore credentials to use the bravia engine and the sony goodies. but ultimately, people would like to keep their TA keys (something which they paid for) instead of losing them once they unlock bootloader.
frostmore said:
Personally, not having permanent root on a locked bootloader is fine with me. I just need temp root to back up TA partition.
Click to expand...
Click to collapse
Me too
ninestarkoko said:
I think i misunderstood. The problem is the Verified Boot ("dm-verity") check introduced in Z3+/Z4 and Z5 line.
We cannot get permanent root because this would involve modified kernel (to write on /system partition), which would not boot using a Locked bootloader because of Verified boot process that uses an OEM key.
The whole process is described here: https://source.android.com/security/verifiedboot/verified-boot.html
Google intention is (or was) to allow the boot process, after a red warning, if the verification of the kernel image didn't succeed on a locked bootloader... But Sony devices bootloop without showing any warning and so the user is not allowed to continue (source: https://androplus.org/Entry/843/ thanks to the developer).
So, on locked bootloaders, it's impossible to have permanent root apps, xposed ,.... unless someone finds a hole in the bootloader (someone found a hole in Motorola's bootloader) or the OEM key gets copied and is used to sign modified firmwares...just exciting dreams.
Anyone, correct me if i'm wrong.
Click to expand...
Click to collapse
I remember few month ago... Chainfire was working with a new form of root, it doesn't modifies system partition. This solution doesn't help us???? We don't want lose our sony's features. :silly:
uripiruli said:
I remember few month ago... Chainfire was working with a new form of root, it doesn't modifies system partition. This solution doesn't help us???? We don't want lose our sony's features. :silly:
Click to expand...
Click to collapse
That's the systemless root, where root is achieve without changing the system file.
but this kind of root requires modified boot image, which cannot be done without unlocked bootloader....
root is becoming harder to achieve as the years pass. with samdung introducing their crap knox and sony with dm-verify etc etc.. android is fast becoming another apple where everything is being locked up and end users are forced to adhere to the way their phones are "supposed" to be used.
F U C K U P Sony. Why we couldn't own our phone features we paid for. Give our freedom to use our own phone
devilmaycry2020 said:
F U C K U P Sony. Why we couldn't own our phone features we paid for. Give our freedom to use our own phone
Click to expand...
Click to collapse
here's an article on the subject http://www.xda-developers.com/a-look-at-marshmallow-root-verity-complications/
explaining your and my feelings (i really understand you).
If you want, you can comment there but please stay in topic here.
ninestarkoko said:
here's an article on the subject http://www.xda-developers.com/a-look-at-marshmallow-root-verity-complications/
explaining your and my feelings (i really understand you).
If you want, you can comment there but please stay in topic here.
Click to expand...
Click to collapse
ok,thanks for told me about that. i'll be more attention about my words next times
Maybe developer Wolfbreak from the Z3 forum can help us?
Sent from my E6653 @ XDA Portal
Samsung Galaxy s7 and the edge exynos version just got root, wtf Sony --'.
I think the main thing about Samsung phones is they have a recovery partition where as sony do not.
Sent from my Xperia™ Z5 using Tapatalk