Related
Today I present you
iovyroot - (temp) root tool
based on CVE-2015-1805
Requirements
USB debugging enabled
Settings => About phone => Click 7 times on Android Build to unlock developer options
adb drivers installed
LP Kernel <= Dec 2015
Components
Binary to get root shell
root/iovyroot
Simple TA Backup / Restore script
The author takes no responsibility
tabackup.bat & tarestore.bat (read second post for restore)
Download v0.4
If you found this tool useful, please consider donating (click here)
Supported models:
Code:
- M5 (all variants) (30.0.A.1.23 & 30.1.A.1.33)
- M5 Dual (all variants) (30.0.B.1.23 & 30.1.B.1.33)
- E5803 (32.0.A.6.200)
- E5823 (32.0.A.6.200)
- E6533 (28.0.A.8.266)
- E6553 (28.0.A.8.266)
- E6603 (32.0.A.6.152)
- E6633 (32.0.A.6.152)
- E6653 (32.0.A.6.152 & 32.0.A.6.200)
- E6683 (32.0.A.6.152)
- E6833 (32.0.A.6.170)
- E6853 (32.0.A.6.170 & 32.0.A.6.200)
- E6883 (32.0.A.6.160 & 32.0.A.6.170 & 32.0.A.6.209)
- SGP771 (28.0.A.8.260)
- SGP712 (28.0.A.8.260)
- LG G Flex 2 (5.1.1 LMY47S)
- Possibly all other devices with LP kernel from Dec 2015 or older
Credits:
- @idler1984 for his poc and great help
- @ninestarkoko and @rimmeda for testing
- @ipromeh for fixing ta scripts
XDA:DevDB Information
iovyroot - (temp) root tool, Tool/Utility for the Sony Xperia Z5 Compact
Contributors
zxz0O0, idler1984
Source Code: https://github.com/dosomder/iovyroot
Version Information
Status: Beta
Created 2016-04-01
Last Updated 2016-04-01
Reserved
Questions
Is it possible to get full root without bootloader unlock?
No, dm-verity prevents write access to system
Can we disable dm-verity?
Temporarily yes, but it will be enabled again at next reboot. Any modification to /system would thus result in a bootloop. dm-verity resides in the kernel which we can't modify on locked bootloader.
Can we restore TA partition after unlocking bootloader?
Yes but this will also relock the bootloader. To keep bootloader unlocked and get DRM features back you can use this: http://forum.xda-developers.com/xperia-z5/development/sony-credentials-restore-unlocking-t3296383
A step by step guide by @koonkii can be found at: http://twigstechtips.blogspot.ch/2016/04/sony-z5-compact-root-without-losing-ta.html
How to restore TA partition?
Method 1:
Flash stock firmware from flashtool (supported by iovyroot) (you are now unrooted)
Use tarestore.bat from iovyroot
Method 2 (fully rooted & unlocked bootloader):
Use BackupTA and option "Convert v4 backup"
Restore backup with BackupTA
Flash stock firmware with flashtool
Couldn't download
nice job! reserved for something else..
Please download the latest version by zxz0O0
E5803 (32.0.A.6.200) Malaysia Firmware (FTF)
Google drive link: https://drive.google.com/file/d/0B_uYldsE-h2sRmNlUjZOQVgwQlU/view?usp=sharing
<-- Outdated fixes for v0.1 -->
Fixes:
This file will fix "TA.img" not found issue (backup script fix)
https://drive.google.com/file/d/0B_uYldsE-h2sb1FKM19HMi02TzQ/view?usp=sharing
This file will fix Z5C E5803 malaysia firmware "device not supported" issue and also included TA fix
https://drive.google.com/file/d/0B_uYldsE-h2sTnQ1cUVGX2xfSTg/view?usp=sharing
Older post:
Edit:
E5803 (32.0.A.6.200) Malaysia Firmware (FTF)
Google drive link: https://drive.google.com/file/d/0B_uYldsE-h2sRmNlUjZOQVgwQlU/view?usp=sharing
Edit 2:
@zxz0O0 , there's something wrong with the binary device verification with the E5803 (32.0.A.6.200) Malaysia Firmware. It says "Error: Device not supported"
This modified binary file will work with this firmware:
https://drive.google.com/file/d/0B_uYldsE-h2sMTZKUi1VcjFjM3c/view?usp=sharing
Edit 3:
The backup TA script is not working, looks like the /dev partition style is different with the previous Z series
here is the dir list of the /dev/block
Code:
[email protected]:/dev/block $ ls
ls
bootdevice
dm-0
loop0
loop1
loop2
loop3
loop4
loop5
loop6
loop7
mmcblk0
mmcblk0p1
mmcblk0p10
mmcblk0p11
mmcblk0p12
mmcblk0p13
mmcblk0p14
mmcblk0p15
mmcblk0p16
mmcblk0p17
mmcblk0p18
mmcblk0p19
mmcblk0p2
mmcblk0p20
mmcblk0p21
mmcblk0p22
mmcblk0p23
mmcblk0p24
mmcblk0p25
mmcblk0p26
mmcblk0p27
mmcblk0p28
mmcblk0p29
mmcblk0p3
mmcblk0p30
mmcblk0p31
mmcblk0p32
mmcblk0p33
mmcblk0p34
mmcblk0p35
mmcblk0p36
mmcblk0p37
mmcblk0p38
mmcblk0p39
mmcblk0p4
mmcblk0p40
mmcblk0p41
mmcblk0p42
mmcblk0p43
mmcblk0p5
mmcblk0p6
mmcblk0p7
mmcblk0p8
mmcblk0p9
mmcblk0rpmb
mmcblk1
mmcblk1p1
platform
ram0
ram1
ram10
ram11
ram12
ram13
ram14
ram15
ram2
ram3
ram4
ram5
ram6
ram7
ram8
ram9
vold
zram0
Code:
[email protected]:/dev/block/platform $ ls
f9824900.sdhci
f98a4900.sdhci
anyway, it's confirmed that i got temp root access with this. Great job!
Edit 4:
Okay guys, confirmed that the TA partition for Z5 Compact is located at /dev/block/platform/f9824900.sdhci/by-name/TA
output of the terminal with fix
Code:
iovyroot by zxz0O0
poc by idler1984
[+] Changing fd limit from 1024 to 4096
[+] Changing process priority to highest
[+] Getting pipes
[+] Allocating memory
[+] Installing JOP
[+] Patching address 0xffffffc00194f630
[+] Start map/unmap thread
[+] Start write thread
[+] Spraying kernel heap
[+] Start read thread
[+] Done
[+] Patching addr_limit
[+] Patching address 0xffffffc05b324008
[+] Start map/unmap thread
[+] Start write thread
[+] Spraying kernel heap
[+] Start read thread
[+] Done
[+] Removing JOP
got root lmao
TA.img copied successfully
Press any key to continue . . .
Have a nice day!
Since this is a temp root, presumably we cannot root then upgrade the firmware (to MM) as root will stop working? Correct?
Couldn't download
Here is a mirror in my Google Drive for people struggling to download: https://drive.google.com/open?id=0B3WEA4Yi_XRaeXV0MzdNOHMySE0
devilmaycry2020 said:
Couldn't download
Click to expand...
Click to collapse
anjelz2012 said:
Couldn't download
Click to expand...
Click to collapse
Refresh and try again
3Shirts said:
Since this is a temp root, presumably we cannot root then upgrade the firmware (to MM) as root will stop working? Correct?
Click to expand...
Click to collapse
The exploit here permits to gain temporary Root Command Shell # and backup/restore TA partition using it.
This has nothing to do with SuperSU: you cannot install it and phone apps cannot gain root access using this package. Installing SuperSU (nowadays) involves /system or /boot partition modification, that are prevented by dm-verity, as stated in the 2nd post.
I see, sorry for the dumb question.
So we back up TA partition with this, then unlock the bootloader and get root that way. This just means we can then restore the device later, thanks to backed up TA?
Presumably you cannot restore the TA partition with the bootloader unlocked? Again, sorry if this seems dumb.
Thanks!
Enviado desde mi E6653 usando Tapatalk 2
ipromeh said:
nice job! reserved for something else..
Edit 3:
The backup TA script is not working, looks like the /dev partition style is different with the previous Z series
here is the dir list of the /dev/block
Code:
[email protected]:/dev/block/platform $ ls
f9824900.sdhci
f98a4900.sdhci
anyway, it's confirmed that i got temp root access with this. Great job!
Edit 4:
Okay guys, confirmed that the TA partition for Z5 Compact is located at /dev/block/platform/f9824900.sdhci/by-name/TA
Have a nice day!
Click to expand...
Click to collapse
I do agree, Z5 compact E5823 here.
TA backup script not working NOW: please wait for an update from Zxz0O0 or if you want to correct the backup script yourself, just run the exploit iovyroot and use the command " ls -l /dev/block/platform "
EDIT: fix in the third post thanks to ipromeh
ninestarkoko said:
I do agree, Z5 compact E5823 here.
TA backup script not working NOW: please wait for an update from Zxz0O0 or if you want to correct the backup script yourself, just run the exploit iovyroot and use the command " ls -l /dev/block/platform "
Click to expand...
Click to collapse
You'll have to modify backup.sh to change the command (as root user)
Anyway, I've uploaded a fix at post #4 in case someone need it. I hope zxz0O0 can update his op too :victory:
@ipromeh So did you get backup image and try to restore it?
ipromeh said:
You'll have to modify backup.sh to change the command (as root user)
Anyway, I've uploaded a fix at post #4 in case someone need it. I hope zxz0O0 can update his op too :victory:
Click to expand...
Click to collapse
Thanks for the fix. I changed the script to use the first folder in "/dev/block/platform". This way there is also compatibility for those with msm_sdcc.1
thank you for the great work...
So,
1) backup TA partition with temp root,
2) unlock the bootloader and root the device permanently
3) then we can use DRM restore to have all that SONY stuff working while having root
So the question is in case of re-locking the bootloader and restoring factory condition...is it how it should work?
flash stock firmware, restore TA partition and then re-locking bootloader
3Shirts said:
I see, sorry for the dumb question.
So we back up TA partition with this, then unlock the bootloader and get root that way. This just means we can then restore the device later, thanks to backed up TA?
Presumably you cannot restore the TA partition with the bootloader unlocked? Again, sorry if this seems dumb.
Click to expand...
Click to collapse
Please, wait for the fix in the first post before unlocking or use the fix from ipromeh in the 4th post.
No problem, that's a good question.
After you successfully backup TA partion, if you want SuperSU and root for apps you must unlock the bootloader.
If you want to restore the TA partition in the future, you must/should flash a stock original .tft firmware because if it is like previous Xperia Z phones, restoring TA backup would RELOCK the bootloader and so custom kernel (needed for root) won't boot and the phone would go in bootloop (because locked bootloader refuses to boot not-SOny-signed kernel).
So, you cannot have permanent root (SuperSU) and TA partition restored at the same time.
If you want DRM key functions and root, you must stay unlocked and use the DRM patch provided by Tobias.waldvogel.
These are my thoughts based on my knoledge and experience taken from previous Xperia Z devices.
ninestarkoko said:
Please, wait for the fix in the first post before unlocking or use the fix from ipromeh in the 4th post.
No problem, that's a good question.
After you successfully backup TA partion, if you want SuperSU and root for apps you must unlock the bootloader.
If you want to restore the TA partition in the future, you must/should flash a stock original .tft firmware because if it is like previous Xperia Z phones, restoring TA backup would RELOCK the bootloader and so custom kernel (needed for root) won't boot and the phone would go in bootloop (because locked bootloader refuses to boot not-SOny-signed kernel).
So, you cannot have permanent root (SuperSU) and TA partition restored at the same time.
If you want DRM key functions and root, you must stay unlocked and use the DRM patch provided by Tobias.waldvogel.
These are my thoughts based on my knoledge and experience taken from previous Xperia Z devices.
Click to expand...
Click to collapse
So we can't restore TA backup while using custom kernel? We must flash stock rom then restore TA, Right?
zxz0O0 said:
Supported models:
Code:
- E5803 (32.0.A.6.200)
- E5823 (32.0.A.6.200)
- E6533 (28.0.A.8.266)
- E6603 (32.0.A.6.152)
- E6633 (32.0.A.6.152)
- E6653 (32.0.A.6.152 & 32.0.A.6.200)
- E6683 (32.0.A.6.152)
- E6833 (32.0.A.6.170)
- E6853 (32.0.A.6.170 & 32.0.A.6.200)
- E6883 (32.0.A.6.160 & 32.0.A.6.170 & 32.0.A.6.209)
- Possibly all other devices with LP kernel from Dec 2015 or older
Click to expand...
Click to collapse
Is it possible to add support for Xperia Tablet Z4? And if so, what can I provide to facilitate it? Thanks in advance.
najoor said:
Is it possible to add support for Xperia Tablet Z4? And if so, what can I provide to facilitate it? Thanks in advance.
Click to expand...
Click to collapse
You can try does it work for your device or not, if it doesn't, then you give kernel.elf from LP firmware to OP.
devilmaycry2020 said:
So we can't restore TA backup while using custom kernel? We must flash stock rom then restore TA, Right?
Click to expand...
Click to collapse
If it's like previous Xperia Z devices, yes, you must restore stock pure original firmware (particularly the kernel) because TA restore would automatically relock the bootloader, thus giving device bootloop. And you cannot have permanent root on pure stock kernel (kernel signed by Sony, i'm not talking about stock-based custom kernels), as stated before, so No permanent root and restored TA partition at the same time.
Though, until someone tests it, we cannot be 100% sure that restoring TA partition relocks the bootloader on Z5 devices like it happens on Xperia Z2, Z3,,..
Disclaimer:
PoC was made for testing and educational purposes, ME is not responsible for what you do on/with your device using PoC, you must agree that you using PoC on your own risk, I am not responsible if you brick your device, you lost your personal data or anything else!
Hello!
First of all this tool fully replaces DRM fix! So do not use our tool with DRM fix!!! I'm going to explain what is this, how it working. Everybody know what drm fix doing and everybody know whats happening when bootloader is unlocked. Ok. This PoC is designed for unlocked devices and makes things identic to having bootloader never unlocked! Which mean this is for peoples who have backup of the trim area BEFORE unlocking bootloader! This PoC mounts your trim area backup (TA.img) to the kernel loop5 device which makes your trim area like real trim area partition (in our case it mounts your backup TA.img and uses it instead of unlocked trim area partition) so everything after android boot up is like having locked bootloader which mean all drm keys, widevine keys and etc is fully functional! And most better thing, we can use PoC with AOSP, CM or whatever for having trim area fully functional!!!
Do in mind this is for stock roms only! Only nougat and marchmallow by now, some of before marchmalow too.
Supported kernel images:
- SIN (kernel.sin)
- ELF (kernel.elf)
- IMG (boot.img)
So you no need to extract elf from kernel since our tool extract any sony format, sin,img,elf autodetection.
Credits:
- I must give big creadits to @steom since he tested things very deeply on his xperia x compact, he tested things more than 7 days, he tested it very frequently and I must say... big respect to him! Thanks man!
- Also respect to @tobias.waldvogel ! His mkinitfs source code (idea about #perm appended to file names) helped me a lot making our tool for windows. His scripts helped me a lot figuring out all things! Thanks man! Original forum thread for tobias.waldvogel great work -> https://forum.xda-developers.com/xp...oot-automatic-repack-stock-kernel-dm-t3301605
- Uhh sorry, forgot to give credit to @osm0sis for great extended version of the boot image tools https://github.com/osm0sis/mkbootimg
- @serajr mate sorry, forgot your great scripts!
- @the_laser for figuring out that poc is working by directly using TA.img, no need to mount to loop, thanks man!
- @mbc07 for this post https://forum.xda-developers.com/showpost.php?p=73232574&postcount=1547
How to extend our tool:
I have reserved some spaces for everybody who need to extend our tool (tool looks for user script.sh or script.bat), so if tool found user script tool will execute that scipt which mean everybody can make own scipt to extend ramdisk patching mechanism (e.g. to add su... etc). If tool didn't find user script, tool pause so you have enough time to modify everything you need manualy and continue tool by pressing any key on your keyboard. Tool didn't delete output folder so you can use for example something from unmodified boot.img-ramdisk.gz if you need. Also sepolicy binary file have a backup (backupsepolicy) so you can use it too if you need.
How to fix byself denials from dmesg:
This explains how: https://forum.xda-developers.com/showpost.php?p=70955889&postcount=47
And finaly this is a tool: https://forum.xda-developers.com/showpost.php?p=70973513&postcount=120
Everybody and every device is involved! You need at least good knownledge in getting logcat and dmesg if you want to help here! You can suggest, speak whatewer you want in this thread since this thread is for everybody! Need your words about tool and suggestions! Please if you want to post logcat or dmesg please use http://www.pastebin.com for it! If you need tool working for your device please get involved here!
. .
munjeni said:
That mean we can use stock camera blobs finaly with AOSP, CM or whatewer!!!
Click to expand...
Click to collapse
This will change everything regarding (not stock based) custom ROMs... If this is proved to work...
Outstanding job! Even if this post has no logcat/dmesg attached I felt like that I have to say some respectful words! :good:
Bootloop on nougat is solved now! New version is out! Soo close to get it working on nougat
I officially declare that the @munjeni PoC work! also with Nougat!
A new era is begun!
Does it mean, that camera will now work well on Xperias with Nougat AOSP?
Anyway it's big success.
haha was thinking of the same thing some weeks ago
tad_static can be cheated easily but what about suntrold and rmt_storage?
Where are your sources please?
steom said:
I officially declare that the @munjeni PoC work! also with Nougat!
A new era is begun!
Click to expand...
Click to collapse
Bro i want to test on my z5 dual but dont know what should i do it
can you explain clearly?
thanks
having problems
Code:
hash:0x54288A7A calc_hash:0x54288A7A
hash:0x4CBAA939 calc_hash:0x4CBAA939
hash:0x9B8793E3 calc_hash:0x9B8793E3
hash:0x482AF9EB calc_hash:0x482AF9EB
device: F8331
serial number: CB512BEE32
drm key: 0001046B 0010 44 98 8A 61 A3 B2 10 48 02 19 38 59 73 7F 7E 52
Trim area dump is a valid.
Locked bootloader.
Deleting old folder ramdisk if exist...
if exist ramdisk (rd ramdisk /s/q)
returned: 0.
New directory ramdisk created.
Created ouput folder "out"
opening kernelX.sin
unable to open kernelX.sin
Kernel dump tool returned an error!
Mmm.... rename kernel.sin to kerlelX.sin helped
Using EliteKernelV3 (Z3C) did not work with following output:
Code:
------------------------------------------------------------------------
Nougat Trim Area PoC kernel image patcher by Munjeni @ 2017
------------------------------------------------------------------------
hash:0x037C9C1E calc_hash:0x037C9C1E
hash:0x90A0164B calc_hash:0x90A0164B
hash:0x04E5A139 calc_hash:0x04E5A139
device: D5803
serial number: YT911BPNF7
drm key: 0001046B 0010 ED EE 37 63 7B D8 AD 8B 03 C4 8C 1C 2A 3C 61 B0
Trim area dump is a valid.
Locked bootloader.
Deleting old folder ramdisk if exist...
if exist ramdisk (rd ramdisk /s/q)
returned: 0.
New directory ramdisk created.
Created ouput folder "out"
opening boot_Z3c.img
boot_Z3c.img is Android image format.
Dumping to out...
BOARD_KERNEL_CMDLINE androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x3b7 ehci-hcd.park=3 androidboot.bootdevice=msm_sdcc.1 vmalloc=400M dwc3.
maximum_speed=high dwc3_msm.prop_chg_detect=Y androidboot.selinux=permissive
BOARD_KERNEL_BASE 00000000
BOARD_NAME
BOARD_PAGE_SIZE 2048
BOARD_KERNEL_OFFSET 00008000
BOARD_RAMDISK_OFFSET 02000000
BOARD_TAGS_OFFSET 01e00000
BOARD_DT_SIZE 284672
Done.
Gunziping...
setting up infflate...
infflating...
infflate returned: -3
gzpipe: invalid or incomplete deflate data
Error gunziping boot_Z3c.img!
Drücken Sie eine beliebige Taste . . .
I compared the the files in folder "out" with the one of osmosis' Android Image Kitchen:
This is TA Tool: boot.img-ramdisk.gz
And this AIK: boot_Z3c.img-ramdisk.cpio.gz
But both with exact the same file size...
Ramdisk is not decompressed successfully.... Looks for me like an mismatch while decompressing cpio and gunzip.
My thought: Your tool is expecting gzip files - But EliteKernelV3 was compressed first with cpio and then with gzip.
kernel.sin and kernel.elf are working fine!
Is lollipop in progress or?
for z1 that would be great
maksim_kw said:
Mmm.... rename kernel.sin to kerlelX.sin helped
Click to expand...
Click to collapse
Come one! You have to adjust the starting batch file according to your kernel file name
fluffi444 said:
Using EliteKernelV3 (Z3C) did not work with following output:
I compared the the files in folder "out" with the one of osmosis' Android Image Kitchen:
This is TA Tool: boot.img-ramdisk.gz
And this AIK: boot_Z3c.img-ramdisk.cpio.gz
But both with exact the same file size...
Ramdisk is not decompressed successfully.... Looks for me like an mismatch while decompressing cpio and gunzip.
My thought: Your tool is expecting gzip files - But EliteKernelV3 was compressed first with cpio and then with gzip.
kernel.sin and kernel.elf are working fine!
Click to expand...
Click to collapse
It's for stock kernel. EliteKernel has own fix method.
nailyk said:
haha was thinking of the same thing some weeks ago
tad_static can be cheated easily but what about suntrold and rmt_storage?
Where are your sources please?
Click to expand...
Click to collapse
Hi! Till after ta is mounted whole things working like real trim area on locked bootloader! Things which might not work (untested curently) is fota and other things, but I realy not going to mess with it, you guys can make your own scripts for fine tune purpose! Source code as I promised after my ban not going to be public available because my ban.
vato4001 said:
Is lollipop in progress or?
for z1 that would be great
Click to expand...
Click to collapse
I didn't tried, probably it will work or error during compilation.
x_one said:
EliteKernel has own fix method.
Click to expand...
Click to collapse
You know that I know that - But I really prefer this TA solution than DRM fix which I removed from Kernel as soon as I got the manual TA mod working on EliteKernel.
You know that I have an working EliteKernel with TA mount... But it would also be nice to get this tool working for such custom kernel as well.
Anyway - I really appreciate @munjeni 's work. And if the answers is ONLY for stock kernel than it's fine for me as well (the manual way works - as I said)
fluffi444 said:
You know that I know that - But I really prefer this TA solution than DRM fix which I removed from Kernel as soon as I got the manual TA mod working on EliteKernel.
You know that I have an working EliteKernel with TA mount... But it would also be nice to get this tool working for such custom kernel as well.
Anyway - I really appreciate @munjeni 's work. And if the answers is ONLY for stock kernel than it's fine for me as well (the manual way works - as I said)
Click to expand...
Click to collapse
In general it will work on any kernel since I have made some free space for userscripts! It will come later till after poc starts working!
New version is out and finaly it is a first one working for nougat! Only one problem thought is tool have an bug which I need to figure our (you must copy TA.img to the /data/local/tmp) folder to get poc working! I will solve that soon!
https://forum.xda-developers.com/showpost.php?p=73718278&postcount=27
do what i said and please give thanks to those people,
Just Share Everything That i know:
https://youtu.be/2-YBDCEZ6eY
Disclaimer:
Our tool was made for testing and educational purposes, ME is not responsible for what you do on/with your device using our tool, you must agree that you using our tool on your own risk, I am not responsible if you brick your device or anything else!
What is this for:
This tool converts xperia sin file and directly create flashable.zip for use to flash your android device with recovery.
Changelog:
- version 1. (missing selinux label generator)
- version 2. (implemented selinux label generator tool. Missing static busybox)
- version 3.
- version 4. some small corections, added missing update-binary
- version 5. some improvements, new sin unpack tool
How to use:
Extract sin2zip.rar archive & simple run CONVERT.bat & chose system.sin image , tool will produce flashable.zip
What you need to check or probably modify in generated flashable.zip:
1. busybox I have used is 32bit, it will work on 64bit too (not busybox.exe !!), I not recommend to change busybox, but before you go for busybox replace make sure it is STATIC busybox and have working (chcon and chown) with -h parameter!
2. check updater-script e.g. first 3 lines and last 2 lines!
3. this -> https://forum.xda-developers.com/showpost.php?p=80593639&postcount=7
Source code:
modified ext4_read tool is in attachment. Original ext4_read is here, many thanks to author! I have notified Igor, hope we see selabels listing integration in 7z without need for hackish ext4_read
sony dump tool -> https://github.com/munjeni/anyxperia_dumper
munjeni said:
This tool converts xperia sin file and directly create flashable.zip for using with recovery. 75 percent is done. 25 percent of the things is missing, selinux related things. I need help for implement selinux to the 7z to list selinux labels from ext4! Here is work in proogress
Click to expand...
Click to collapse
Maybe @SuperR. of SuperR's Kitchen fame HERE could give you some pointers on this. :fingers-crossed:
Maybe you could work together to integrate some of your great Sony specific tools into the Kitchen
That kitchen do not have anything related to our tool. I have done some progress in extracting selabels from ext4 by searcing with inode number \0/
Right now tool is able to extract selabels by inode number pointing
So you are on the drawing board again! Cool... :highfive:
About what you wrote in the j4nn's thread (1. to make fota unpack tool), count on me if you need help, ok!
If I'm not mistaken, I sent you a ota update_package file from my x performance some time ago, but if I am, here it goes again.
Cheers.
serajr said:
So you are on the drawing board again! Cool... :highfive:
About what you wrote in the j4nn's thread (1. to make fota unpack tool), count on me if you need help, ok!
If I'm not mistaken, I sent you a ota update_package file from my x performance some time ago, but if I am, here it goes again.
Cheers.
Click to expand...
Click to collapse
Thanks! I will look into ota package till after I finish our tool
Almost done! New version v2 is out! Made small tool to read ext4 image and print selabels to updater-script, it look like this:
if regular file or folder:
Code:
run_program("/tmp/busybox", "chcon", "u:object_r:location_exec:s0", "/system/bin/xtwifi-inet-agent");
if symlink:
Code:
run_program("/tmp/busybox", "chcon", "-h", "u:object_r:vendor_file:s0", "/system/bin/xxd");
Tool is curently 95 percent done, not realy ready for flashig produced flashable.zip , need to implement 5 percent of the things. You can try but plese do not try to flash with recovery it will not work corectly!
Version 3 done! Before you flash flashable.zip please check updater-script first 3 lines and last 2 lines! Do in mind our tool didn't include the rest of firmware like kernel, vendor...etc, tool only convert one sin file to flashable.zip, if you need the rest of firmware run CONVERT.bat and chose another sin file, do merges in zip by hand and do merges-modification in updater-script by hand too. Not recommended for newbies! I can't tell you if produced flashable.zip is working I'm not tried to flash flashable.zip, but I think it going work. Important thing is initial tool is done and somebody need to test. Let me know Enjoy!
Version 4 done. Enjoy!
@serajr here is some info https://forum.xda-developers.com/showpost.php?p=80599561&postcount=1330 , your file is the same format as j4nn
Version 5 done.