Is it safe to flash an Android 6 kernel to a phone with an Android 7 OS to downgrade so I can use the dirty cow exploit or will this brick my device?
I want to backup my DRM keys before rooting or unlocking bootloader. My phone is running firmware 34.3.A.0.194 (Android 7.1.1). I want to downgrade it to 34.1.A.1.198 (Android 6.0.1) so I can use this method https://forum.xda-developers.com/crossdevice-dev/sony/universal-dirtycow-based-ta-backup-t3514236 to backup my DRM keys first. I've created a 34.1.A.1.198 kernel but am not sure if I can just flash it to a firmware that is not Marshmallow.
Nope.
obviously not!
Thanks for your answers. I suspected as much.
Is there any other method of backing up the DRM keys? Or is it even necessary? Are DRM keys included in firmwares downloaded with Xperifirm?
If so I could just flash a Marshmallow firmware, backup the DRM keys and root, right?
If not, is there a way of rooting Nougat?
razzledazzle83 said:
Thanks for your answers. I suspected as much.
Is there any other method of backing up the DRM keys? Or is it even necessary? Are DRM keys included in firmwares downloaded with Xperifirm?
If so I could just flash a Marshmallow firmware, backup the DRM keys and root, right?
If not, is there a way of rooting Nougat?
Click to expand...
Click to collapse
If you don't care about DRM rights then it isn't essential, simply unlock your bootloader, mod and flash your own kernel using one of the two available tools, flash a Superuser zip and that's you rooted regardless of FW.
You only get one set of DRM keys and if you don't back them up there is no way at all to recover them so consider the warnings about loss of camera quality etc before going ahead with the unlock process.
And again I suspected as much. So the DRM keys are not included in the firmwares delivered.
Is there any method as of now to backup Nougat DRM keys?
I've only found methods for Marshmallow but not for Nougat.
If I flash a Marshmallow stock ROM will I keep the DRM keys or will they be gone?
razzledazzle83 said:
Is there any method as of now to backup Nougat DRM keys?
I've only found methods for Marshmallow but not for Nougat.
If I flash a Marshmallow stock ROM will I keep the DRM keys or will they be gone?
Click to expand...
Click to collapse
There isn't no. If you don't unlock you can flash as many stock ROMs as you like without affecting them, but you will have to mod your kernel every time you flash a new FW if you have unlocked to restore DRM features.
So if I want to have a rooted phone I have to run Marshmallow?
But I could flash a Marshmallow firmware and backup the DRM keys, right?
razzledazzle83 said:
So if I want to have a rooted phone I have to run Marshmallow?
But I could flash a Marshmallow firmware and backup the DRM keys, right?
Click to expand...
Click to collapse
sure
Ok, thanks.
Flashed MM fw and backed up DRM keys. Worked like a charm.
Thanks for all the help guys.
Related
Thanks to @zxz0O0, backup of TA partition is now possible on the Z5 series: iovyroot - (temp) root tool. In other words, permanent root still need unlocked bootloader, but you can now backup your device DRM keys before unlocking the bootloader! Thus, if for one reason or another, you want to relock your bootloader, you will be able to restore your DRM keys. It's a huge step forward !
Due to DM-Verity, it is highly unlikely that permanent root will be achieved for locked bootloader.
Once the bootloarder is unlocked, the DRM keys are gone, but you can recover ALL the lost functionalities with the patch of @tobias.waldvogel
I've a Z5 for several months and I'm very very happy with it
Note: don't buy "on contract" phones, their bootloaders are often unlockable...
In other words, permanent root still need unlocked bootloader
How you take TA Backup without ROOT?
(Before Unlock Bootloader)
And That Patch, i dont think it give back our Official DRM Keys.
RaKesh said:
In other words, permanent root still need unlocked bootloader
How you take TA Backup without ROOT?
(Before Unlock Bootloader)
And That Patch, i dont think it give back our Official DRM Keys.
Click to expand...
Click to collapse
Pls read this thread and you will understand...
[WIP] [LB] [TEMP ROOT] Z5/Z5C Backup of TA Partition / DRM Keys
Hi all,
I have two questions:
1 What data is being stored in the drm-protected partition on the xc? I know that it was (among othets) camera related stuff on the z5c. Do I need to worry about just unlocking the bootloader without doing a tedious backup process (for which there's only good documentation for the z5c anyway)?
Do I need a custom kernel if I want to flash twrp after unlocking my bootloader? Or is update to latest software > unlock bootloader > fastboot flash recovery.img ?
Thanks a lot!
ApplepieFTW said:
1 What data is being stored in the drm-protected partition on the xc? I know that it was (among othets) camera related stuff on the z5c. Do I need to worry about just unlocking the bootloader without doing a tedious backup process (for which there's only good documentation for the z5c anyway)?
Click to expand...
Click to collapse
Only the keys to unlock the functions are stored there. So yeah, without the DRM-patch or DRM-fix there's no denoising on the camera etc. You don't have to backup the keys get full camera functionality back, check the thread from next answer.
ApplepieFTW said:
Do I need a custom kernel if I want to flash twrp after unlocking my bootloader? Or is update to latest software > unlock bootloader > fastboot flash recovery.img ?
Click to expand...
Click to collapse
If you want to go to Nougat (Android 7), check the steps here:
https://forum.xda-developers.com/showpost.php?p=70657390&postcount=60
You can just skip the TA keys flashing part as it's a bit complicated, but I would recommend doing the backup so that you can restore the phone to factory settings in case you need to use the warranty services.
Me personally I'm sticking with Android 6 as I can't imagine using any new phone without XPrivacy.
1. you will loose the same functions x-reality, denoise, all that 'special' sony stuff.
2. you can flash twrp with stock kernel.
you need to be on MM to backup the TA partition (device key) but if you are on MM a backup will take less than 2 mins and all you need is click a icon, you can also use the latest version of flashtool to back it up. but yeah if you upgraded to nougat the downgrade is a bit tedious. :/
realtuxen said:
1. you will loose the same functions x-reality, denoise, all that 'special' sony stuff.
2. you can flash twrp with stock kernel.
you need to be on MM to backup the TA partition (device key) but if you are on MM a backup will take less than 2 mins and all you need is click a icon, you can also use the latest version of flashtool to back it up. but yeah if you upgraded to nougat the downgrade is a bit tedious. :/
Click to expand...
Click to collapse
Alright thanks! It's nice that I don't have to flash the kernel since iirc that's the only way you can actually break things.
I also discovered the easy dirtycow backup, I definitely didn't want to go through the z5c backup process. Let's hope the xc I'm going to buy isn't on 7.x yet
Hi,
I'll received my XC this week, and I'd like to root it.
I don't want a custom ROM, but just a stock one with xposed and remove some bloatwares.
Here are my needs:
keep DRM
latest stock rom
twrp
untouched system partition
easy OTA
XC Genesis kernel
xposed + module
Do you think it possible to achieve such a configuration?
How-to?
Thanks
EDIT: I'll update this post to make it an HOW-To for futures users with same questions.
Assuming you're unable to unlock your BL the steps are as follows...
Flash back to 198.
Backup your TA.
Unlock your BL
Update to 311
Extract kernel - ftf/sin/elf
Run elf through Rootkernel_v5.23 - (In cmd prompt window - rootkernel kernel.elf boot.img)
Create DK ftf with Rootkernel_v5.23 (In cmd prompt window - flash_dk TA-19022017.img DK.ftf)
Flash new boot.img
Flash TWRP.img
Flash Super User zip
Flash DK.ftf with Flashtool 9.22
...and that should be it.
Latest stock Rom + xposed will not be possible...
mika91 said:
Hi,
I'll received my XC this week, and I'd like to root it.
I don't want a custom ROM, but just a stock one with xposed and remove some bloatwares.
Here are my needs:
keep DRM
latest stock rom
twrp
untouched system partition
easy OTA
XC Genesis kernel
xposed + module
Do you think it possible to achieve such a configuration?
How-to?
Thanks
EDIT: I'll update this post to make it an HOW-To for futures users with same questions.
Click to expand...
Click to collapse
Forget about OTA when rooted...
I though that using xposed leave the system partition untouched, so OTA updates are possible...
mika91 said:
I though that using xposed leave the system partition untouched, so OTA updates are possible...
Click to expand...
Click to collapse
OTA is not possible once bootloader is unlocked. System partition touched or not played no role.
ok.
So if I want root the XC, I have to unlock the bootloader, loose DRM and ota?
How is the camera quality without the drm keys?
Thanks
mika91 said:
ok.
So if I want root the XC, I have to unlock the bootloader, loose DRM and ota?
Click to expand...
Click to collapse
See my post to get a rooted stock with DRM.
mika91 said:
ok.
So if I want root the XC, I have to unlock the bootloader, loose DRM and ota?
How is the camera quality without the drm keys?
Thanks
Click to expand...
Click to collapse
You HAVE to unlock. There is NO root on LOCKED bootloader.
Unlocking bootloader deletes TA partition, containing DRM keys. You should BACKUP your TA partition BEFORE unlocking using DirtyCow Backup tool from Sony Cross Devices forum.
After unlocking, you can either flash kernel that supports DRM patching either by using fake DRM libraries, or your real DRM keys, either flashed in alternative location (see RootKernel tool in Z5 forums, works on almost all modern Xperias) or PoC TA tool from Sony Cross devices, that mounts your TA backup as TA partition, therefore your phone looks as having DRM keys and locked.
XperienceD said:
Assuming you're unable to unlock your BL the steps are as follows...
Flash back to 198.
Backup your TA.
[*]Unlock your BL
[*]Update to 311
[*]Extract kernel - ftf/sin/elf
[*]Run elf through Rootkernel_v5.23 - (In cmd prompt window - rootkernel kernel.elf boot.img)
[*]Create DK ftf with Rootkernel_v5.23 (In cmd prompt window - flash_dk TA-19022017.img DK.ftf)
[*]Flash new boot.img
[*]Flash TWRP.img
[*]Flash Super User zip
[*]Flash DK.ftf with Flashtool 9.22
...and that should be it.
Click to expand...
Click to collapse
Would you mind detailing a bit more those steps, especially the first 2? Im coming from a really old phone so im still a bit lost. (where can i learn about ftf/sin/elf?)
How can we flash back to 198? Flashing doesnt require an unlocked BL, wich to be achieved deletes your TA?
im on a brand new X Compact, 7.0 (34.2.A.0.292), secure patch 01/01/17
managed to get flashtool, adb/fastboot and Universal TA Backup v2 on my pc but no dice on TA backup yet
fredsky2 said:
Would you mind detailing a bit more those steps, especially the first 2? Im coming from a really old phone so im still a bit lost. (where can i learn about ftf/sin/elf?)
Click to expand...
Click to collapse
Sure. You don't really need to learn about those stuff but is handy to know, you'll pick stuff up along the way. They are basically firmware files.
fredsky2 said:
How can we flash back to 198? Flashing doesnt require an unlocked BL, wich to be achieved deletes your TA?
Click to expand...
Click to collapse
Open the flashtool and run Xperifirm (icon with XI) on it, then browse to the XC, then click on F5321 and it will load up the different regions and available firmware. If you click on "check all" it will then show which FW is available to download, Central Europe 5 still shows as 198, so you need to select it on the right of the screen under the picture of the phone, it will then download and it's simply a matter of following the instructions to flash it.
fredsky2 said:
im on a brand new X Compact, 7.0 (34.2.A.0.292), secure patch 01/01/17
managed to get flashtool, adb/fastboot and Universal TA Backup v2 on my pc but no dice on TA backup yet
Click to expand...
Click to collapse
When you get 198 on your phone then you'll be able to back your TA. If you get stuck give us a shout.
XperienceD said:
Sure. You don't really need to learn about those stuff but is handy to know, you'll pick stuff up along the way. They are basically firmware files.
Open the flashtool and run Xperifirm (icon with XI) on it, then browse to the XC, then click on F5321 and it will load up the different regions and available firmware. If you click on "check all" it will then show which FW is available to download, Central Europe 5 still shows as 198, so you need to select it on the right of the screen under the picture of the phone, it will then download and it's simply a matter of following the instructions to flash it.
When you get 198 on your phone then you'll be able to back your TA. If you get stuck give us a shout.
Click to expand...
Click to collapse
Thank you, i was able to successfully backup my TA earlier yesterday. But now im struggling with how to restore it in MM 6.0.1 (34.1.A.1.198).
I've read that i'll need a custom kernel for that (and to get TWRP+supersu+magisk+xposed) but im unsure if i should use Genesis (probably unsuported but the only one that says it'll restore MY TA) or Advanced Stock Kernel from Androplus. Ive read that messing with TA can hardbrick my phone so im trying to be extra careful.
atm im following ondrejvaroscak's quickrecap to make sure everything goes smooth with my TA keys and then i plan to downgrade to 6.0, install Advanced Stock Kernel, supersu 2.79 and magisk and then pray for the best (without reflashing my own DK.ftf?)
fredsky2 said:
Thank you, i was able to successfully backup my TA earlier yesterday. But now im struggling with how to restore it in MM 6.0.1 (34.1.A.1.198).
Click to expand...
Click to collapse
Download Flashtool 9.22.3 and flash your DK.ftf, flashing with a newer version doesn't work, you should then be able to verify it's worked in the service menu.
fredsky2 said:
I've read that i'll need a custom kernel for that (and to get TWRP+supersu+magisk+xposed) but im unsure if i should use Genesis (probably unsuported but the only one that says it'll restore MY TA) or Advanced Stock Kernel from Androplus. Ive read that messing with TA can hardbrick my phone so im trying to be extra careful.
Click to expand...
Click to collapse
You can use the RootKernel tool to modify your own kernel, extract the kernel.sin from the ftf with a zip program, then use the flashtool to extract the kernel.elf, Tools-Sin Editor-Extract Data then run it through the RootKernel tool and flash the boot.img it creates, then flash TWRP separately to the recovery partition which will allow you then to flash SuperSU.
SuperSU and BusyBox are the only options I didn't include when creating my kernel. Others will have to help with the other two things you want as I refuse to use them.
XperienceD said:
Download Flashtool 9.22.3 and flash your DK.ftf, flashing with a newer version doesn't work, you should then be able to verify it's worked in the service menu.
You can use the RootKernel tool to modify your own kernel, extract the kernel.sin from the ftf with a zip program, then use the flashtool to extract the kernel.elf, Tools-Sin Editor-Extract Data then run it through the RootKernel tool and flash the boot.img it creates, then flash TWRP separately to the recovery partition which will allow you then to flash SuperSU.
SuperSU and BusyBox are the only options I didn't include when creating my kernel. Others will have to help with the other two things you want as I refuse to use them.
Click to expand...
Click to collapse
Thanks again. I was worried that the drm-fix from the kernel editing tool could corrupt my TA partition but thankfully i was wrong on that .
Im now at MM 6.0, original DRM keys, TWRP, xposed, rooted with magisk and im almost sure that with busybox. Why do you refuse to use them? Just curious!
Thanks a lot for your help, cheers
fredsky2 said:
Thanks again. I was worried that the drm-fix from the kernel editing tool could corrupt my TA partition but thankfully i was wrong on that .
Click to expand...
Click to collapse
I flashed a kernel I made with the Rootkernel tool without the drm fix but it showed some mumbo jumbo where it should say ok and provisioned, included the drm fix in the next one and it worked fine then.
fredsky2 said:
Im now at MM 6.0, original DRM keys, TWRP, xposed, rooted with magisk and im almost sure that with busybox. Why do you refuse to use them? Just curious!
Thanks a lot for your help, cheers
Click to expand...
Click to collapse
You're welcome. I refuse because I prefer to know how to mod apks directly and I found Xposed to be quite buggy. I can see the benefits, it's just not for me.
Hello, I have a brazilian G5 Plus that originally didn't have the retail Nougat image Installed (bought form a carrier), but I was able to update to the leaked brazilian 8.1 update. The phone was never bootloader unlocked or rooted, however I'm willing to return to stock nougat in order to try Pie roms and not lose the fingerprint function. What I want to know is A) can i flash retail nougat images on my phone (as it wasnt retail at first)? and B) at what time should I make backups of EFS and Persist partitions?
Should I unlock bootloader while on oreo. install twrp, make backups of efs and persist and then flash stock nougat?
Or should I be able to downgrade to Nougat without any issues, and take backups of EFS and Persist before flashing Pie Roms?
Any clarification on the subject would be deeply appreciated.
Thanks in advance.
Mrkblo said:
Hello, I have a brazilian G5 Plus that originally didn't have the retail Nougat image Installed (bought form a carrier), but I was able to update to the leaked brazilian 8.1 update. The phone was never bootloader unlocked or rooted, however I'm willing to return to stock nougat in order to try Pie roms and not lose the fingerprint function. What I want to know is A) can i flash retail nougat images on my phone (as it wasnt retail at first)? and B) at what time should I make backups of EFS and Persist partitions?
Should I unlock bootloader while on oreo. install twrp, make backups of efs and persist and then flash stock nougat?
Or should I be able to downgrade to Nougat without any issues, and take backups of EFS and Persist before flashing Pie Roms?
Any clarification on the subject would be deeply appreciated.
Thanks in advance.
Click to expand...
Click to collapse
Don't try to downgrade your bootloader as it going to brick your device. If you want to make back up made the back up of Oreo(now in which your using) and nougat also, as we can't say where it goes wrong. And you can flash retail nougat image but don't flash gpt and bootloade so it don't brick your device.
Read this: https://forum.xda-developers.com/g5...o-twrp-flashable-stock-builds-coming-t3830482
If you want to try some custom rom and not lose fingerprint, all you have to do is run the persist fix, flash a 7.0 TWRP-flashable stock build and THEN flash your custom rom. No need to fastboot flash the stock image. Of course also backup your persist and EFS as soon as you first boot into TWRP.
prokaryotic cell said:
Read this: https://forum.xda-developers.com/g5...o-twrp-flashable-stock-builds-coming-t3830482
If you want to try some custom rom and not lose fingerprint, all you have to do is run the persist fix, flash a 7.0 TWRP-flashable stock build from and THEN flash your custom rom. No need to fastboot flash the stock image. Of course also backup your persist and EFS as soon as you first boot into TWRP.
Click to expand...
Click to collapse
Thanks, will have a look at it.
HELP!!!!! I installed the latest Android 10 build (Developer V2). Then unlocked bootloader and installed TWRP and then Evolution X.
Now Widevine L1 is lost!!! Please help me with any damn method to get it back. Will do ANYTHING to get it back....
keshavjain235 said:
HELP!!!!! I installed the latest Android 10 build (Developer V2). Then unlocked bootloader and installed TWRP and then Evolution X.
Now Widevine L1 is lost!!! Please help me with any damn method to get it back. Will do ANYTHING to get it back....
Click to expand...
Click to collapse
Do you have the backup of persist partition when your phone was L1 ? If yes, then try restoring it.
Tianhe said:
Do you have the backup of persist partition when your phone was L1 ? If yes, then try restoring it.
Click to expand...
Click to collapse
No I don't have. I have searched in various telegram groups to take persist backup on someone else (same device) and change serial number in it? Should I try that? There were people complaining that they were not able to install/update stock rom after doing this process. Please GUIDE, I am a beginner in these things....
keshavjain235 said:
No I don't have. I have searched in various telegram groups to take persist backup on someone else (same device) and change serial number in it? Should I try that? There were people complaining that they were not able to install/update stock rom after doing this process. Please GUIDE, I am a beginner in these things....
Click to expand...
Click to collapse
You could try that but I am not sure if that would restore the wiped DRM keys. In some phones (Moto G5 Plus?), backup of persist from other phones would do no good.
Also you can try flashing stock ROM through AFT and see if it helps you.
An please REMEMBER TO TAKE BACKUP before attempting any of the above methods.
Tianhe said:
You could try that but I am not sure if that would restore the wiped DRM keys. In some phones (Moto G5 Plus?), backup of persist from other phones would do no good.
Also you can try flashing stock ROM through AFT and see if it helps you.
An please REMEMBER TO TAKE BACKUP before attempting any of the above methods.
Click to expand...
Click to collapse
Already tried flashing stock rom via AFT, but Widevine stays at L3. I am not risking to flash persist of other device as it may lead to further issues. Please let me know if there is some more efficient way out of this issue. Thanks.
I heard flashing q firmware permanently causes issues with widevine l1. The only way to bring it back is to restore a previous persist backup or flash a qfil rom (not sure about the latter). If you don't have a backup, too bad chief.
farhanshaikh671 said:
I heard flashing q firmware permanently causes issues with widevine l1. The only way to bring it back is to restore a previous persist backup or flash a qfil rom (not sure about the latter). If you don't have a backup, too bad chief.
Click to expand...
Click to collapse
Partially correct. QB1 update caused widevine downgrade to L3 but QB2 restored it to L1. Of course, you have to be bootloader locked all the time. Too many theories going around to restore L1 on UBL but none proven, even persist backup method isn't 100%
how to install qb2 bro please help need widevine
Tianhe said:
Partially correct. QB1 update caused widevine downgrade to L3 but QB2 restored it to L1. Of course, you have to be bootloader locked all the time. Too many theories going around to restore L1 on UBL but none proven, even persist backup method isn't 100%
Click to expand...
Click to collapse
how to install qb2 and iam trying qfil
parvez1119eee said:
how to install qb2 and iam trying qfil
Click to expand...
Click to collapse
mine too lost L1 certification after flashing Havoc os latest build 3.5, also charging issue, charges very slow, apprx. 5-6 hrs for fullcharge my asus.
parvez1119eee said:
how to install qb2 bro please help need widevine
how to install qb2 and iam trying qfil
Click to expand...
Click to collapse
After installing QFIL rom did L1 comes back.