Z5 DRM Functions Back on an Unrooted Stock Firmware - Xperia Z5 Q&A, Help & Troubleshooting

Hi. I had rooted my E6603 some time ago using this method: http://twigstechtips.blogspot.ch/2016/04/sony-z5-compact-root-without-losing-ta.html?m1 so I didn't loose the DRM functions. It did work, but then I noticed the "fingerprint hardware not available" bug, which was fixed by renaming some system files.
Now my problem is that I don't want root anymore, so I made a clean installation of the newest .305 firmware. It was working fine, but I realized the DRM functions were lost, which I think is what's supposed to happen since the bootloader is unlocked in the rooting status info. I tried to restore the TA partition by simply flashing the backup through Flashtool, but it didn't work. Now, in rooting status, it says "unknown", not even "bootloader unlocked" or "bootloader unlock allowed: Yes".
What should I do? I want the DRM functions back without having my phone rooted. Can I root, restore them, change the name of the files necessary for the "fingerprint hardware" fix and then unroot my phone?

you need to downgrade to the LP version you made the DRM backup from, and then use the same tool you backed up with to restore the ta partition...
a detailed simple instruction is available at iovyroot main thread.

is there a way to have a stock kernel without root but with DRM fix? as I plan to go systemless but I can't properly work it out as supersu can't be remove

Related

[Q] Do I have my facts straight?

Could someone just confirm that I got this right:
-if I want reaver on my phone, I have to root it
-if I root it, I lose low light camera quality
So I have to choose between rooting the phone (for installing reaver, airmon and apps like that, I don't need anything else) and having great low-light camera?
Yep.
It was true 2 weeks ago.
Now that the root method for locked bootloader becomes avaiable so you won't lose the drm keys if you root..
freddy1991 said:
It was true 2 weeks ago.
Now that the root method for locked bootloader becomes avaiable so you won't lose the drm keys if you root..
Click to expand...
Click to collapse
What do you mean?
Is it already available or?....
http://forum.xda-developers.com/showthread.php?t=3011598
To clarify:
Unlocking the bootloader wipes your DRM keys and losing those is what reduces the camera quality (among other things)
Previously, the only way to get root was to unlock the bootloader.
It is now possible (via giefroot exploit) to get root WITHOUT unlocking the bootloader. This means your DRM keys are unaffected.
Once you have root you can actually backup your DRM keys so you are then free to unlock the bootloader if you want (for customer kernels and stuff) and restore your DRM keys afterwards
3Shirts said:
To clarify:
Unlocking the bootloader wipes your DRM keys and losing those is what reduces the camera quality (among other things)
Previously, the only way to get root was to unlock the bootloader.
It is now possible (via giefroot exploit) to get root WITHOUT unlocking the bootloader. This means your DRM keys are unaffected.
Once you have root you can actually backup your DRM keys so you are then free to unlock the bootloader if you want (for customer kernels and stuff) and restore your DRM keys afterwards
Click to expand...
Click to collapse
Yes, but people should also know that restoring your DRM keys relocks the bootloader.
So, you can either have an unlocked bootloader without DRM keys (You can boot a custom kernel so can run CM etc)
or
a locked bootloader with DRM keys. (You cannot boot a custom kernel so are stuck to stock firmware)
You cannot have an unlocked bootloader with DRM keys.
Ah, thanks for the clarification, I didn't realise that. I've not unlocked my BL as I'm happy with root on stock.
Do you need to unlock for a custom rom and, if so, can you unlock, install the rom, and then relock?
3Shirts said:
Ah, thanks for the clarification, I didn't realise that. I've not unlocked my BL as I'm happy with root on stock.
Do you need to unlock for a custom rom and, if so, can you unlock, install the rom, and then relock?
Click to expand...
Click to collapse
If the custom rom relies on a custom kernel then yes you have to unlock. Custom kernels can only boot on an unlocked bootloader.
However, once you relock (Or restore the TA partition containing the DRM keys, this also relocks the boot) then you cannot boot a custom kernel so you get a bootloop until you either unlock again or restore a stock rom.
Locked bootloader = stock kernel only (Custom kernels will cause a bootloop)
Unlocked bootloader = any modified kernel and stock kernel (No DRM keys)
Here's one last question before following this guide http://forum.xda-developers.com/crossdevice-dev/sony/giefroot-rooting-tool-cve-2014-4322-t3011598
If something happens to my phone and I need to get it serviced, is it possible to remove root? Will there be any traces of root, or nobody'll ever know it'd been rooted?
David47 said:
Here's one last question before following this guide http://forum.xda-developers.com/crossdevice-dev/sony/giefroot-rooting-tool-cve-2014-4322-t3011598
If something happens to my phone and I need to get it serviced, is it possible to remove root? Will there be any traces of root, or nobody'll ever know it'd been rooted?
Click to expand...
Click to collapse
Flash a FTF or force repair with pccompanion.
That's removes root and no one can tell.

Unlock Bootloader Question

Hey guys. Im aware if you unlock the bootloader, you will lose the warranty and the DRM keys of sony which is responsible for stuff like x-reality enfine, camera algorithm, screen mirroring etc.
MY question is, if you successfully follow tobias guide of backing up and restoring the DRM keys, will you gain everything back? Will ALL the features that are supposed to be gone after unlocking the bootloader be back once you follow his guide?
prince10t said:
Hey guys. Im aware if you unlock the bootloader, you will lose the warranty and the DRM keys of sony which is responsible for stuff like x-reality enfine, camera algorithm, screen mirroring etc.
MY question is, if you successfully follow tobias guide of backing up and restoring the DRM keys, will you gain everything back? Will ALL the features that are supposed to be gone after unlocking the bootloader be back once you follow his guide?
Click to expand...
Click to collapse
Yes. Tried it on my Z5 Compact.
TA Backup, UBL, Root
Downgraded to LP .200
Backup TA Partition image using iovyroot
Flashed MM .185
Unlocked Bootloader
Flashed Custom ROM and Custom Kernel
Cleared Credential Manager's DB to enable DRM Function Restoration mod
Done
Reverting
Pre-req: ROOT (Done this while I was using AndroPlus Kernel v26 on MM .185)
Restored the TA Partition image using Backup TA v9.11 for Windows (I've converted the TA.img first using convert v4 backup inside BackupTA 9.11)
Powered Off after Restoring TA Partition
Flashed MM .185
Done
It should be also noted that some Custom Kernels have integrated the ability to bypass DRM checking by the credential manager. Effectively restoring DRM-Locked functions such as X-Reality Engine and BIONZ without the presence of DRM-Keys in the TA Partition
TechKiel said:
Yes. Tried it on my Z5 Compact.
TA Backup, UBL, Root
Downgraded to LP .200
Backup TA Partition image using iovyroot
Flashed MM .185
Unlocked Bootloader
Flashed Custom ROM and Custom Kernel
Cleared Credential Manager's DB to enable DRM Function Restoration mod
Done
Reverting
Pre-req: ROOT (Done this while I was using AndroPlus Kernel v26 on MM .185)
Restored the TA Partition image using Backup TA v9.11 for Windows (I've converted the TA.img first using convert v4 backup inside BackupTA 9.11)
Powered Off after Restoring TA Partition
Flashed MM .185
Done
It should be also noted that some Custom Kernels have integrated the ability to bypass DRM checking by the credential manager. Effectively restoring DRM-Locked functions such as X-Reality Engine and BIONZ without the presence of DRM-Keys in the TA Partition
Click to expand...
Click to collapse
Thanks man. Is there also a way to restore DRM keys and RELOCK the bootloader? Like undo everything?
prince10t said:
Thanks man. Is there also a way to restore DRM keys and RELOCK the bootloader? Like undo everything?
Click to expand...
Click to collapse
Yes but you have to on a stock kernel and rooted before you restore your backed up TA Partition img
Sent from my E6653 using XDA-Developers mobile app

How do I "properly" root my Z5...?

So I just got my E6653 and updated it to 32.0.A.6.152 for iovyroot compatibility, but I have a couple of questions before I proceed that I'm hoping someone can answer...
I have the following battleplan:
- Backup TA with iovyroot.
- Unlock Bootloader.
- Flash Marshmallow.
- Root.
- Restore DRM features.
1. So from what I understand, once I unlocked my bootloader I can flash any (compatible) OS to my phone?
2. Once I have flashed and rooted a Marshmallow build, if I relock the bootloader and restore the TA partition, will the root be gone? Or will I be stuck in bootloop due to DM-verity?
3. Can I just use this: http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605 with my DRM key instead of restoring the TA partition for full DRM-features and retain the rooted system?
Thanks.
Be sure to backup your Ta multiple times and to copy it in various devices (hdd, USB, cloud...).
Using the Sony ric off method allows you to restore your Ta if they are placed in the same folder as the tool.
This tool should also flash supersu if in the same folder. Your kernel is modified (and couldn't be booted without patching it), and allows keeping root.
I did the steps you mentioned. I now have root with Ta

Firmware

Folks, I unlock the bootloader xperia d6633, now I can no longer update the device the following screen
Settings> About Phone> Software Update
I wanted to know how do I relock the bootloader, and able to upgrade to version 23.5.A.0.575
I'm a beginner, possibility ,possibility of video?
thanks
:confuso:
Edit: you can relock the bootloader without TA, there's an option in flash tool. DRM keys are still gone though
It is made clear that once you unlock the bootloader warranty is lost and many Sony software features such as those affecting camera quality are lost.
You will need to update manually with flashtool which will work fine with unlocked bootloader and is not very difficult.
http://www.flashtool.net/index.php
All this means is you need to get the firmware as an FTF file for your phone probably from here on XDA (make sure its for D6633) and then use this tool to update the phone. Google is your friend for a guide.
Edit: I probably need to tell you DO NOT try to flash a TA partition from anyone else or in flashtool (when there are tick boxes for "exclude" make sure you exclude .ta files) or you will hard brick the phone (dead as dead can be).
Ideally if you're going to unlock the bootloader you should root kitkat firmware and then take a TA partition backup to be able to restore DRM at a later time if you feel the need to.
Root here (other methods available, but I like this way):
http://forum.xda-developers.com/z3/general/guide-rootrecovery-how-to-root-install-t3017056
TA backup here:
http://forum.xda-developers.com/showthread.php?t=2292598
Dobsgw said:
Did you backup the TA partition? If you did then go ahead and restore it to your phone.
If that means nothing to you then you didn't and you cannot re-lock the boot loader.
It is made clear that once you unlock the bootloader warranty is lost and many Sony software features such as those affecting camera quality are lost.
You will need to update manually with flashtool which will work fine with unlocked bootloader and is not very difficult.
http://www.flashtool.net/index.php
All this means is you need to get the firmware as an FTF file for your phone probably from here on XDA (make sure its for D6633) and then use this tool to update the phone. Google is your friend for a guide.
Edit: I probably need to tell you DO NOT try to flash a TA partition from anyone else or in flashtool (when there are tick boxes for "exclude" make sure you exclude .ta files) or you will hard brick the phone (dead as dead can be).
Ideally if you're going to unlock the bootloader you should root kitkat firmware and then take a TA partition backup to be able to unofficially re-lock it at a later time if you feel the need to. Hopefully others will learn from this. Sorry :/
Root here (other methods available, but I like this way):
http://forum.xda-developers.com/z3/general/guide-rootrecovery-how-to-root-install-t3017056
TA backup here:
http://forum.xda-developers.com/showthread.php?t=2292598
Click to expand...
Click to collapse
Even if he has no TA backup he can still relock the bootloader.
Beetle84 said:
Even if he has no TA backup he can still relock the bootloader.
Click to expand...
Click to collapse
Really? I missed that bit I thought there was no way without TA
Okay I learnt something new
Don't just say it though explain how so he can do it!
(And so I can learn instead of passing wrong information again like an idiot )
Edit: found a tutorial. They explain relocking just after how to unlock
https://blog.unlockbase.com/sony-xperia-z3-unlocking-relocking-tutorial/
Unfortunately though this does not restore DRM keys (I wish though) so as said some software on stock rom won't work, but there is a flash able zip to enable most of it though

Current status of Locked Bootloader root for E6653

Hi guys,
Just wondering if anyone has an update on the availability or possibility of root for LB Xperia Z5s on Marshmallow?
Also, can I assume that because root is not available on Marshmallow, then it will be equally unavailable on Nougat?
Just a quick thought for the more technically minded - Would it not be possible to deconstruct a valid stock .ftf file and insert a modified kernel, allowing root, before recompiling it and flashing it? I know the locked bootloader stops us from flashing a custom kernel, but is there no way to spoof an .ftf file into using a modified kernel?
Sorry for the n00bish questions, just wondering aloud.
Cheers!
As far as I know you need to disable some security settings in the kernel to have permanent root access. But a locked bootloader won't let the system boot with this modified kernel.
I don't think there will come a method to have root without unlocking the bootloader in the near future.
Nope. No root without unlocked the BL as far as I am informed.
ianrobbie said:
Hi guys,
Just wondering if anyone has an update on the availability or possibility of root for LB Xperia Z5s on Marshmallow?
Also, can I assume that because root is not available on Marshmallow, then it will be equally unavailable on Nougat?
Just a quick thought for the more technically minded - Would it not be possible to deconstruct a valid stock .ftf file and insert a modified kernel, allowing root, before recompiling it and flashing it? I know the locked bootloader stops us from flashing a custom kernel, but is there no way to spoof an .ftf file into using a modified kernel?
Sorry for the n00bish questions, just wondering aloud.
Cheers!
Click to expand...
Click to collapse
Short answer: not possible without unlocking the bootloader.
Long answer:
There are two possible methods for acquiring permanent root on Marshmallow on the Z5:
Conventional root - you provide root by modifying certain /system files on the phone. The problem with this is that you are modifying the system partition on the phone. The stock kernels on the Z5 (and most other phones) have something called dm-verity which basically checks everything on the system partition against what it expects to be there. If the kernel notices that something in the system partition has changed, the phone will fail to boot. You can install a modified kernel that has dm-verity disabled, but then you run into the issue described with systemless root.
Systemless root - you modify the kernel to allow for root either with Systemless SuperSU or through Magisk. This allows for you to have an unmodified system partition and pass any potential system checks, however you have to modify and flash a new kernel. Herein lies the problem with a locked bootloader. A locked bootloader checks the file signature for the file you're trying to flash. These files are typically signed by the phone manufacturer or carrier, so when the bootloader checks the file signature and it matches what it expects, then it allows the flash, if the signature doesn't match, then it aborts the flash. If you modify a stock kernel to disable dm-verity or try to flash a custom kernel, you will be prevented doing so because your signature won't match what the bootloader expects. By unlocking the bootloader you are essentially disabling that signature check process.
So basically permanent root on Marshmallow isn't possible unless somebody can exploit a vulnerability in the boot chain.
As for modifying a stock ftf package. You again run into issues with the bootloader signature checks. The ftf files is basically a special zip container that contains a bunch of files. Most of these files if not all of them are signed by either the manufacturer or carrier so you are able to flash it because all of these files pass the bootloader signature checks. Once you modify one of those files within the ftf, you destroy the signature and flashing of the ftf file will abort.
In summary, you need to unlock the bootloader so that you can flash a modified kernel that has dm-verity disabled.
Thanks very much for all the replies. Looks like I'm stuck with stock for the time being.
Ever since TA backup and bypassing the TA checks was possible since MM or whatever, unlocking the bootloader is not a big deal. Very easy to backup, unlock, root, re-lock, restore.
xasbo said:
Ever since TA backup and bypassing the TA checks was possible since MM or whatever, unlocking the bootloader is not a big deal. Very easy to backup, unlock, root, re-lock, restore.
Click to expand...
Click to collapse
Yeah, but unfortunately I'm not allowed to unlock my bootloader.
ianrobbie said:
Yeah, but unfortunately I'm not allowed to unlock my bootloader.
Click to expand...
Click to collapse
Ahhh, sure, forgot that some carriers lock these phones. I had that same problem on my Z1, but fortunately they found a LB root exploit.
How long have you had your phone? If the upcoming Nokia offering looks good, I'll sell you my mint condition UB Z5

Categories

Resources