DRM backup - Xperia Z5 Q&A, Help & Troubleshooting

First things first is it worth backing up the drm keys before unlocking the bootloader or the patched kernels are good enough to get the job done?
I red enough threads about the cons of losing drm keys so i dont get the idea behind backing up the keys...
I need your opinions since im planning to unlock the bootloader and i dont have time to do the downgrading and backing up the keys etc...

No DRM Keys = no warrenty
You also lose the features of having such but a patched kernel literally brings them all back
However what if this device grows unpopular with age, at that point you'd have to learn how to patch kernels yourself or update the tools that allowed such.
Sent from my D6503 using XDA-Developers Legacy app

Envious_Data said:
No DRM Keys = no warrenty
You also lose the features of having such but a patched kernel literally brings them all back
However what if this device grows unpopular with age, at that point you'd have to learn how to patch kernels yourself or update the tools that allowed such.
Sent from my D6503 using XDA-Developers Legacy app
Click to expand...
Click to collapse
Got your point.. Thanks :good:

Related

[Q] Custom kernels can be installed ... what about custom bootloaders?

While most people are ecstatic that custom kernels can be flashed I prefer to have absolutely no digital signature requirements whatsoever at the hardware level. Does the Xoom allow for custom bootloaders?
Master Melab said:
While most people are ecstatic that custom kernels can be flashed I prefer to have absolutely no digital signature requirements whatsoever at the hardware level. Does the Xoom allow for custom bootloaders?
Click to expand...
Click to collapse
You've never been able to fastboot flash the bootloader partition anyway, if you could, it could be a convenient way to hose the entire device.
If you want to replace a bootloader, you have to look at what the device firmware offers you, like nvflash mode on Tegra devices. I don't know how one would get into that mode. Pre 3.1, some Wi-Fi Xooms had this option, I don't know if anyone ever got it working or not.
I'm pretty sure you can.
I'm not sure what the benefit of this would be...other than a good way for noobs to brick
Sent from my SPH-D700 using XDA Premium App
Master Melab said:
I'm pretty sure you can.
Click to expand...
Click to collapse
Not through fastboot.
http://android.git.kernel.org/?p=pl...0174a98c71e302c030856e3de1d8c1b48;hb=HEAD#l81
This obviously doesn't exclude other means, though.
And anyway, where are you going to get the source to build a proper bootloader? Are you going to write one from scratch?
What would be the point of new bootloaders? This seems to me to entail an enormous amount of risk for little if any gain.
Sent from my GT-I9000 using XDA Premium App
Well, I assume that the bootloader will only be able to initialize kernels with a specific structure, that structure being of Linux or Linux-like kernels. In order to boot Linux on the iPhone they had to write a new bootloader instead of modifying the Apple one.
Sent from my DROID2 GLOBAL using XDA App
Master Melab said:
Well, I assume that the bootloader will only be able to initialize kernels with a specific structure, that structure being of Linux or Linux-like kernels. In order to boot Linux on the iPhone they had to write a new bootloader instead of modifying the Apple one.
Sent from my DROID2 GLOBAL using XDA App
Click to expand...
Click to collapse
Why?
The Android kernel images have a specific structure, that's true (see http://android.git.kernel.org/?p=platform/system/core.git;a=blob;f=mkbootimg/bootimg.h), but it should not be necessarily Linux-specific. All a bootloader does is have enough initialization logic in order to find a kernel image, load it into memory, and then jump execution from itself to that kernel image's location in memory. The bootloader doesn't _care_ what operating system is running. However, without bootloader source, you can't know _for sure_ -- someone has to try another operating system kernel to find out.
As for Apple -- if you're referring to OpeniBoot (http://www.idroidproject.org/wiki/OpeniBoot), "It allows booting of unsigned code such as linux kernels on the device." -- so this is not a concern for Android-platform devices with unlocked bootloaders.
Is there any place I can download the Xoom firmware so I can examine the bootloader and see if it is digitally sign?

Relock bootloader?

Hello, I hope this isn't a stupid question
I haven't unlocked my TF700 yet, but I would like to in the near future (I really want to run something other than Asus's ROM). I have looked into several forms discussing the possibility of backing up all the partitions prior to unlocking, and then restoring them and relocking the device, but these methods all mention NVFlash which I know doesn't work. The reason I would want to do this is to get full DRM back if I need it, I have several movies and TV shows I have purchased the HD versions of through Google play, and I have heard that after unlocking you can only view them in SD. I know Asus keeps track of who unlocks, and I would loose my warranty, but I am not worried about that (Bought my tablet on craigslist and its been about a year anyway, so no warranty).
So my question is, has anybody come up with a way to backup and then later restore the locked bootloader? If yes, can somebody point me in the right direction? If this isn't possible, is there still a way to watch Play videos in HD after unlocking?
Thanks!
Sent from my ASUS Transformer Pad TF700T using xda app-developers app
It's possible to back up the DRM key partition (mmcblk0p6) and restore it after unlocking, but AFAIK nobody has confirmed yet whether this has any effect.
_that said:
It's possible to back up the DRM key partition (mmcblk0p6) and restore it after unlocking, but AFAIK nobody has confirmed yet whether this has any effect.
Click to expand...
Click to collapse
Really? i guessing the DRM key is specific to each device? I did see this tool for my phone: http://forum.xda-developers.com/showthread.php?t=2263627 being a tegra 3 device i wondered if i devices had a similar vulnerability
michaelhaseth said:
Hello, I hope this isn't a stupid question
I haven't unlocked my TF700 yet, but I would like to in the near future (I really want to run something other than Asus's ROM). I have looked into several forms discussing the possibility of backing up all the partitions prior to unlocking, and then restoring them and relocking the device, but these methods all mention NVFlash which I know doesn't work. The reason I would want to do this is to get full DRM back if I need it, I have several movies and TV shows I have purchased the HD versions of through Google play, and I have heard that after unlocking you can only view them in SD. I know Asus keeps track of who unlocks, and I would loose my warranty, but I am not worried about that (Bought my tablet on craigslist and its been about a year anyway, so no warranty).
So my question is, has anybody come up with a way to backup and then later restore the locked bootloader? If yes, can somebody point me in the right direction? If this isn't possible, is there still a way to watch Play videos in HD after unlocking?
Thanks!
Sent from my ASUS Transformer Pad TF700T using xda app-developers app
Click to expand...
Click to collapse
I tried cm10.1.2 (stable) and to my suprise i didnt get drm engine errors when using hulu or netflix
Sent from my ASUS Transformer Pad TF700T using Tapatalk 4
JoinTheRealms said:
Really? i guessing the DRM key is specific to each device? I did see this tool for my phone: http://forum.xda-developers.com/showthread.php?t=2263627 being a tegra 3 device i wondered if i devices had a similar vulnerability
Click to expand...
Click to collapse
The bootloader "locking" on the TF700 is done with cryptographic signature checks, so I don't think that ODM/fuse method would work.
Search the forums for "mmcblk0p6 drm" if you want to know more about the DRM key partition.

***[TOOL][ROOT]Relock you bootloader and restore your DRM keys and FULL warranty!***

*This is not my method. I am only linking the thread in order to support Miro, Tipo (Dual), J, E (Dual)* Made by:DevShaft
Here is method to backup and restore your TA partition. That means you can restore everything like it was before you unlocked bootloader. You even get DRM keys. Yeah baby, full warranty!
This will relock your bootloader!
How this works:
1. You root.
2. You backup.
3. You unlock bootloader (For first time only!!)
4. You flash whatever you want!
5. You Flash Stock rom.
6. You restore!
7. You are Stock again.
WARNING!
-THIS ONLY WORKS IF YOU HAVE NEVER UNLOCKED BOOTLOADER BEFORE. THAT'S BECAUSE YOU NEED TO BACKUP FIRST.
-DON'T FLASH OTHERS BACKUP. YOU MUST MAKE IT YOURSELF!!!
http://forum.xda-developers.com/showthread.php?t=2292598
I don't get one thing. Does this help keeping warranty? How? I mean we need to get the unlock code from sony, then how is the warranty not void?
Sent from my ST23i
Unless they look at it, it's not voided. But I doubt they will.
But even if its still voided you get apps like Track ID again.
I swear, still dont get it. I'm on XJ JB unlocked but still stock rom and kernel. I never done any backup, except CWM backup. Still I can take back my warranty? *fingerscrossed
nevadasaga said:
I swear, still dont get it. I'm on XJ JB unlocked but still stock rom and kernel. I never done any backup, except CWM backup. Still I can take back my warranty? *fingerscrossed
Click to expand...
Click to collapse
Sorry no. You must do backup before unlocking the bootloader for the first time.
Still, I don't know about warranty. You can relock bootloader again in normal way, and they may accept it. This is only the safer way
so did anyone try this on Miro/Tipo?
c4cyro said:
so did anyone try this on Miro/Tipo?
Click to expand...
Click to collapse
I successfully made a backup using this on my Miro.
But didn't try to restore as I am on CM now.
did you try the dry run backup? it work?
What are these DRM keys, and what are they for?
Sent from my Xperia J using xda app-developers app
Too late, i've already unlocked it :crying:
And i just need 2 weeks after bought my phone then unlock it, too bad
But thanks, my friend will need this
daniel.sanx10 said:
What are these DRM keys, and what are they for?
Sent from my Xperia J using xda app-developers app
Click to expand...
Click to collapse
DRM stands for Digital Rights Management.
These keys are required to be there in our devices if we want to use any of the propritory apps like
stock camera, superior auto, Bravia engine, track id etc.
They are unique for every device & cannot be recovered once lost
@Option58
Hi!
I was never much of a phone person but anyway, you say I have to ROOT first, then backup. But I want to actually unlock the bootloader just to root. :S
Do you think this method will work on my phone? http://forum.xda-developers.com/showthread.php?t=2181640
I have an Xperia J with 11.A.0.33 and kernel 3.4.0 and Android 4.1.2.
I haven't messed with anything yet but if I can, I would like to keep my 2 year warranty if it's possible.
MegamanEXE said:
@Option58
Hi!
I was never much of a phone person but anyway, you say I have to ROOT first, then backup. But I want to actually unlock the bootloader just to root. :S
Do you think this method will work on my phone? http://forum.xda-developers.com/showthread.php?t=2181640
I have an Xperia J with 11.A.0.33 and kernel 3.4.0 and Android 4.1.2.
I haven't messed with anything yet but if I can, I would like to keep my 2 year warranty if it's possible.
Click to expand...
Click to collapse
You must root, backup and then unlock. In exact same order.
Maybe that will work, just find a way to root the phone without unlocking the bootloader.
Ps: I have just restored backup, this method works on my phone.

[Q] Just throwing this idea out there

I should start by saying I am by no means experienced with unlocking bootloaders or hacking firmware, so if this is a completely noob idea then forgive me but I thought I might as well see if I could help. Anyways, on to my idea; as we all know, the 4.3 bootloader is locked for good. So what if one was to corrupt the bootloader, like brick it on purpose to a point where the bootloader doesn't recognize any update being pushed, and then unbrick the phone with an older unlockable bootloader. Am I losing my mind due to having the locked 4.3 or is this plausible?
And while I have a thread open, could someone explain a few questions I have about knox? If knox is what is causing the bootloader to be locked and there's ways to disable knox, then wouldn't disabling knox make the bootloader unlockable?
ericcue said:
I should start by saying I am by no means experienced with unlocking bootloaders or hacking firmware, so if this is a completely noob idea then forgive me but I thought I might as well see if I could help. Anyways, on to my idea; as we all know, the 4.3 bootloader is locked for good. So what if one was to corrupt the bootloader, like brick it on purpose to a point where the bootloader doesn't recognize any update being pushed, and then unbrick the phone with an older unlockable bootloader. Am I losing my mind due to having the locked 4.3 or is this plausible?
And while I have a thread open, could someone explain a few questions I have about knox? If knox is what is causing the bootloader to be locked and there's ways to disable knox, then wouldn't disabling knox make the bootloader unlockable?
Click to expand...
Click to collapse
This won't work.
The new update changes the keys on the entire bootloader, it's impossible to corrupt the bootloader to a point of failure because the entire thing is hard coded into the board itself. The processor is specifically able recognize the vrucml1 bootchain, and it won't boot without it, unless someone finds a way to bypass that entire mechanism (which I would consider nearly impossible.
Knox is not causing the bootloader to be locked. Verizon patched our work around for unlocking the bootloader and pushed it. Knox is simply a non reversible flash counter for rooting your device. It's coded in the bootloader and system apps to detect this.
Sent from my SCH-I535 using Tapatalk 2
Ah I see. I guess I had trouble understanding that an OTA could completely and irreversibly lock a bootloader. There's got to be some kind of exploit for this at some point right? I'm not sure I can handle this 4.3 nonsense anymore!
And thanks for the knox explanation, I used to hate sprint for the things they did (like booting me for roaming) and now verizon is starting to tick me off.
ericcue said:
Ah I see. I guess I had trouble understanding that an OTA could completely and irreversibly lock a bootloader. There's got to be some kind of exploit for this at some point right? I'm not sure I can handle this 4.3 nonsense anymore!
And thanks for the knox explanation, I used to hate sprint for the things they did (like booting me for roaming) and now verizon is starting to tick me off.
Click to expand...
Click to collapse
There is probably no chance for an exploit to completely unlock a bootloader.
Hardware hacking is almost impossible because of the type of encryption it takes to make the processor and bootchain recognize each other. It's sensitive, and you need to match the numbers specifically to perform a boot. Everyone is familiar with an md5 code, this is a fairly simple algorithm, and we all know that the slightest change in a bad download will generate a completely different md5 sum. In this case, the algorithm is much more complex, and pretty much impossible to match and trick the phone into booting an incorrect bootloader. This is why straight up hacking a bootloader an impossible feat, so we mostly make work arounds.
All our unlocked bootloader was is a very early aboot block. The bootchain trusts the aboot file, and the aboot file trusts anything you put in the recovery and system partitions. Since the new bootchain requires a signed aboot file for ML1, it makes this exploit insignificant and the aboot file doesn't trust anything else you stick in the recovery or system partition.
Loki was another exploit that was patched. Kexec is an example of a work around, and so is safestrap, but these types of workarounds won't unlock the bootloader and allow aosp Rom flashing.
Sent from my SCH-I535 using Tapatalk 2
BadUsername said:
There is probably no chance for an exploit to completely unlock a bootloader.
Hardware hacking is almost impossible because of the type of encryption it takes to make the processor and bootchain recognize each other. It's sensitive, and you need to match the numbers specifically to perform a boot. Everyone is familiar with an md5 code, this is a fairly simple algorithm, and we all know that the slightest change in a bad download will generate a completely different md5 sum. In this case, the algorithm is much more complex, and pretty much impossible to match and trick the phone into booting an incorrect bootloader. This is why straight up hacking a bootloader an impossible feat, so we mostly make work arounds.
All our unlocked bootloader was is a very early aboot block. The bootchain trusts the aboot file, and the aboot file trusts anything you put in the recovery and system partitions. Since the new bootchain requires a signed aboot file for ML1, it makes this exploit insignificant and the aboot file doesn't trust anything else you stick in the recovery or system partition.
Loki was another exploit that was patched. Kexec is an example of a work around, and so is safestrap, but these types of workarounds won't unlock the bootloader and allow aosp Rom flashing.
Sent from my SCH-I535 using Tapatalk 2
Click to expand...
Click to collapse
You are a bundle of endless info. Thank you for breaking it down like this!
Edit: I have been curious for awhile about the technical aspect of everything you detailed.
That was amazing lol thanks for clearing all that up. Now I guess the race is on to find safestrap compatible roms. I'm running wicked sensations right now through safestrap and it seems pretty good but I was looking for a rom that could force 4g
SlimSnoopOS said:
You are a bundle of endless info. Thank you for breaking it down like this!
Edit: I have been curious for awhile about the technical aspect of everything you detailed.
Click to expand...
Click to collapse
I wish I knew more coding details, like what this stuff specifically looks like, but it's interesting researching all this material.
These are the kinds of questions I like, they really make you think about what's happening. I wish more users posted questions like these. One day someone might post something that might actually work. It's good creative thinking.
Sent from my SCH-I535 using Tapatalk 2
Kexec will allow flashing of aosp roms in addition to safe strap.
Sent from my SCH-I535 using Tapatalk
Dadud said:
Kexec will allow flashing of aosp roms in addition to safe strap.
Sent from my SCH-I535 using Tapatalk
Click to expand...
Click to collapse
Kexec might be able to, but it depends of that exploit has been patched or not, that kernel mechanism can also be shut down to disallow booting of a 2nd kernel. If the modules are written a certain way you're stuck with that initial boot.
Safestrap can't, it relies on a stock kernel to run, so unless someone makes an aosp rom to run with a 4.3 touchwiz kernel it won't work.
Sent from my SCH-I535 using Tapatalk 2
How did hashcode get cm 10.2 on the droid 3 using kexec and safe strap?
Sent from my SCH-I535 using Tapatalk
I love this thread so much. Thanks BadUsername and everyone else! So why exactly can't we use Kexec?
YevOmega said:
I love this thread so much. Thanks BadUsername and everyone else! So why exactly can't we use Kexec?
Click to expand...
Click to collapse
Getting kexec functionality isn't the easiest process. The holes that allowed kexec on 4.0.4 may have been patched due to the new Linux 3.0 kernel updated in newer versions.
Some developer would have to work on finding that loophole and enabling a second kernel to run.
Hashcode was able to do this on Motorola devices by rewriting the kernel modules to run differently. The way he did it wouldn't work for us anyway because they used OMAP devices. We have a qualcom processor, the loophole he used to enable kexec is completely different then what we would need to enable.
Additionally, it may not even be possible to enable kexec. The whole idea of a locked bootloader is to prevent this from happening. Loopholes constantly get patched, making enabling these types of workarounds increasingly more difficult.
Eventually the loophole that allows safestrap to even run will likely get patched. It's just the nature of making phones increasingly more difficult to root and unlock.
I hope someone has the time and passion to work on kexec, but I wouldn't necessarily count on it. There's likely a reason why it was never implemented on the s4.
Sent from my SCH-I535 using Tapatalk 2
BadUsername said:
Getting kexec functionality isn't the easiest process. The holes that allowed kexec on 4.0.4 may have been patched due to the new Linux 3.0 kernel updated in newer versions.
Some developer would have to work on finding that loophole and enabling a second kernel to run.
Hashcode was able to do this on Motorola devices by rewriting the kernel modules to run differently. The way he did it wouldn't work for us anyway because they used OMAP devices. We have a qualcom processor, the loophole he used to enable kexec is completely different then what we would need to enable.
Additionally, it may not even be possible to enable kexec. The whole idea of a locked bootloader is to prevent this from happening. Loopholes constantly get patched, making enabling these types of workarounds increasingly more difficult.
Eventually the loophole that allows safestrap to even run will likely get patched. It's just the nature of making phones increasingly more difficult to root and unlock.
I hope someone has the time and passion to work on kexec, but I wouldn't necessarily count on it. There's likely a reason why it was never implemented on the s4.
Sent from my SCH-I535 using Tapatalk 2
Click to expand...
Click to collapse
*Sigh*
YevOmega said:
*Sigh*
Click to expand...
Click to collapse
It's not the worst thing. In my opinion this phone runs really well on touchwiz roms anyway. Give some time for more roms to come out. Tkrom, cleanrom and jellybeans will all be spectacular when they come out.
Sent from my SCH-I535 using Tapatalk 2
BadUsername said:
It's not the worst thing. In my opinion this phone runs really well on touchwiz roms anyway. Give some time for more roms to come out. Tkrom, cleanrom and jellybeans will all be spectacular when they come out.
Sent from my SCH-I535 using Tapatalk 2
Click to expand...
Click to collapse
I totally agree with you. With root and a different launcher, I'm doing fine right now. Really wanted that new quick settings on Paranoid though.
Sent from my SCH-I535 using Tapatalk
Anyone else think that the information that BadUsername posted should be made a sticky?
Should have just rooted when you first got the phone haha
Sent from my SCH-I535 using xda app-developers app
XdrummerXboy said:
Should have just rooted when you first got the phone haha
Click to expand...
Click to collapse
You can gain root access on 4.3, but still can't unlock the bootloader.
The 4.3 OTA has truly downgraded the performance of my phone, so I'm not holding out much hope that 4.3 safestrapped ROMs will do much else - Samsung has rather let me down with this update (even outside of working with Verizon to lock the darn thing down much more tightly).
I used to say that custom ROMs were not needed, because the stock OS ran so well. Since the 4.3 OTA, it feels slower than when it first came with 4.0.4 (?) and has some of the old WiFi and Bluetooth issues back, again. On both of our Galaxy S III phones, btw. Not quite so fun, anymore.
- ooofest
ooofest said:
You can gain root access on 4.3, but still can't unlock the bootloader.
The 4.3 OTA has truly downgraded the performance of my phone, so I'm not holding out much hope that 4.3 safestrapped ROMs will do much else - Samsung has rather let me down with this update (even outside of working with Verizon to lock the darn thing down much more tightly).
I used to say that custom ROMs were not needed, because the stock OS ran so well. Since the 4.3 OTA, it feels slower than when it first came with 4.0.4 (?) and has some of the old WiFi and Bluetooth issues back, again. On both of our Galaxy S III phones, btw. Not quite so fun, anymore.
- ooofest
Click to expand...
Click to collapse
Oh, I didn't catch that. Thanks for the info. And ooofest, were you over at overclockers.uk? I thought I recognized that name from there, maybe it was only here though.
I've honestly lost track of the rooting requirements for this phone after I rooted. Best decision I've made with this phone! But I was nervous to do so...
I agree, it wasn't too terrible when it had 4.0.4, but compared to Cyanogenmod there's no comparison on which is smoother!
Sent from my SCH-I535 using xda app-developers app
XdrummerXboy said:
Oh, I didn't catch that. Thanks for the info. And ooofest, were you over at overclockers.uk?
Click to expand...
Click to collapse
Not that I recall, sorry. I used to be more active here and about, but then decided to go back into stock for 2013 and ramp up the rooting, unlocking, optimization, etc. in 2014.
It would always be ready to re-root and unlock, yes?
Well, never say "always."
XdrummerXboy said:
I agree, it wasn't too terrible when it had 4.0.4, but compared to Cyanogenmod there's no comparison on which is smoother!
Click to expand...
Click to collapse
Indeed.
- ooofest

Stock recovery

I have been rooted and using custom ROMs since the Evo 4G days. Always an early step is to install a custom recovery. Well I have a GS5 and have it rooted (towel root) so my KNOX is still virgin. For the time being, I am trying to keep it that way. I just realized that there is a stock recovery and it has options to flash upgrades from memory. Can I flash updates without tripping my KNOX? Obviously I can't do kernels or ROMs or a recovery, but can I do theme type and hotspot mods?
Bob
ParrSt said:
I have been rooted and using custom ROMs since the Evo 4G days. Always an early step is to install a custom recovery. Well I have a GS5 and have it rooted (towel root) so my KNOX is still virgin. For the time being, I am trying to keep it that way. I just realized that there is a stock recovery and it has options to flash upgrades from memory. Can I flash updates without tripping my KNOX? Obviously I can't do kernels or ROMs or a recovery, but can I do theme type and hotspot mods?
Bob
Click to expand...
Click to collapse
Most mods I've seen for this phone and post s2 phones(when recovery and kernel became separated), mods, tweaks, themes, etc, are in .zip format and have to be flashed through custom recovery to take. And as you know, flashing recovery well trip Knox.
Sent from my SM-G900P using XDA Free mobile app
Thanks, If they don't find a way to get around KNOX soon, I will break down and flash a recovery, but for now, I have learned (and am still learning) how to take zips apart and manually install. So far mostly changing icons and such, but that is slow and somewhat tedious. And I am still having problems getting smali changes to work.
ParrSt said:
Thanks, If they don't find a way to get around KNOX soon, I will break down and flash a recovery, but for now, I have learned (and am still learning) how to take zips apart and manually install. So far mostly changing icons and such, but that is slow and somewhat tedious. And I am still having problems getting smali changes to work.
Click to expand...
Click to collapse
Some of the best devs I know can't crack it, so unfortunately I think Knox is here to stay my friend. Good luck! But I say, embrace the change, lol.
Sent from my SM-G900P using XDA Free mobile app
jdsingle76 said:
Some of the best devs I know can't crack it, so unfortunately I think Knox is here to stay my friend. Good luck! But I say, embrace the change, lol.
Sent from my SM-G900P using XDA Free mobile app
Click to expand...
Click to collapse
There is no such thing as a lock that can't be picked, or a code that can't be broken. I hold out hope. So far I have had good luck making my mods manually. I like doing it my way anyway. Then I get EXACTLY what I want. lol
Thanks again for the info.

Categories

Resources