Lollipop bootloader upgrade concerns re: unlocking/relocking - Sony Xperia Z Ultra

I was hesitant to post this under Q&A because bootloaders can be a scary topic and I don't want people trying dangerous things in attempts to help me.
Mods, feel free to move this thread if necessary. Thanks!
So I got a GPE Z Ultra last month and I've been happy (well, mostly) using CM11 after taking extra precautions and backing up my TA partition in multiple places due to a recent data loss scare involving both my only laptop and my only phone - yes, the GPE Z Ultra I traded my Nexus 4 for last month.
I heard the Z Ultra's camera is supposed to be better on Lollipop, so I've been toying with the idea of reverting to stock KitKat and upgrading using the Lollipop OTA then eventually installing CM12. However, I'm concerned about my ability to safely relock the bootloader after upgrading using the OTA package and unlocking again since there's a new bootloader version. After finding out that flashing my locked-bootloader TA backup from CM11 semi-bricks my phone - and learning another valuable lesson in the process - I started to wonder if the TA partition gets modified during a bootloader upgrade. If the Z Ultra GPE bootloader has a downgrade prevention mechanism in place, I could be out of luck if I want to relock the bootloader.
In the unlikely event that any of you have attempted to downgrade from Lollipop to KitKat - which I'd avoid like the plague if you're afraid of ending up with a 6.4" brick - please share your experience. Annoyingly, without a stock root exploit for Lollipop, there is no way to find out if the bootloader upgrade modifies the TA partition - comparing the md5sum of a Lollipop locked-BL TA partition with an original KitKat locked-BL backup is impossible to my knowledge since the TA partition isn't world-readable.
TL;DR, is it possible to restore my locked KitKat TA backup after upgrading to Lollipop without bricking my phone? In other words, is it even possible to relock after upgrading? If so, how did you do it?
Again, I only ask this in hopes that some adventurous soul has tried and succeeded but hasn't gotten around to sharing their results yet.
Please don't try anything dangerous for me. I repeat, if you want to help me, please don't brick your own phone trying to do so.
Thanks all!

gTan64 said:
I was hesitant to post this under Q&A because bootloaders can be a scary topic and I don't want people trying dangerous things in attempts to help me.
Mods, feel free to move this thread if necessary. Thanks!
So I got a GPE Z Ultra last month and I've been happy (well, mostly) using CM11 after taking extra precautions and backing up my TA partition in multiple places due to a recent data loss scare involving both my only laptop and my only phone - yes, the GPE Z Ultra I traded my Nexus 4 for last month.
I heard the Z Ultra's camera is supposed to be better on Lollipop, so I've been toying with the idea of reverting to stock KitKat and upgrading using the Lollipop OTA then eventually installing CM12. However, I'm concerned about my ability to safely relock the bootloader after upgrading using the OTA package and unlocking again since there's a new bootloader version. After finding out that flashing my locked-bootloader TA backup from CM11 semi-bricks my phone - and learning another valuable lesson in the process - I started to wonder if the TA partition gets modified during a bootloader upgrade. If the Z Ultra GPE bootloader has a downgrade prevention mechanism in place, I could be out of luck if I want to relock the bootloader.
In the unlikely event that any of you have attempted to downgrade from Lollipop to KitKat - which I'd avoid like the plague if you're afraid of ending up with a 6.4" brick - please share your experience. Annoyingly, without a stock root exploit for Lollipop, there is no way to find out if the bootloader upgrade modifies the TA partition - comparing the md5sum of a Lollipop locked-BL TA partition with an original KitKat locked-BL backup is impossible to my knowledge since the TA partition isn't world-readable.
TL;DR, is it possible to restore my locked KitKat TA backup after upgrading to Lollipop without bricking my phone? In other words, is it even possible to relock after upgrading? If so, how did you do it?
Again, I only ask this in hopes that some adventurous soul has tried and succeeded but hasn't gotten around to sharing their results yet.
Please don't try anything dangerous for me. I repeat, if you want to help me, please don't brick your own phone trying to do so.
Thanks all!
Click to expand...
Click to collapse
Some thoughts in a semi random order:
Why not restore the TA while on 4.4.4 (where you backed it up) then do the OTA to 5.0
On the Sony version each time you update they system (OTA or FTF) the TA is updated. The TA contains much more than DRM keys. It contains root crets etc firmware version, and lot of other things.
I cant see any updates in the GPe OTA that write to TA with a quick glance.
I could restore a TA...

Hi, I think I need to do this procedure to get my phone to update past 4.4.4. I have backed up my TA partition, but don't know what to do to restore it. Can you point me to some instructions, or if they are not available, put together a quick guide? I really want to try out Lolipop...

Related

[Q] can someone please break down the current root situation?

i'm thinking about getting this phone instead of the note 3 (coming from note 2) and wondering what the deal is with root, unlocking the bootloader etc?
ta
congratz to 1000 post... the deal? What u wanna know?
Root, well to root on locked bootloader is to make an TA Backup where all your drm keys are stored. These are removed when unlocking the bootloader. The benefit of doing this backup is that you then can restore these keys if needed in the future. And also you can run apps and access features that requires the device to be rooted.
I noticed you are in some level of familiar with custom roms and root as I checked your previous post here at XDA running some sammy roms.
But the benefits of unlocking the bootloader? You can flash roms with ease along the features of being rooted as above.
ah sorry. i didnt meant it in that sense. i had to unlock the bootloader on my old htc desire (samsung since then and no lock). i wondered what the deal was in getting it done?
on the samsungs i've just flashed a custom recovery and that's it. easy as pie but way back when i had to use a goldcard to get the desire unlocked and more steps in getting s-off
is it easy or tricky with the sony? if i get this phone i'd be needing to root straigt away to put my TB backups back on so wouldnt have any drm keys to backup yet
tommo123 said:
ah sorry. i didnt meant it in that sense. i had to unlock the bootloader on my old htc desire (samsung since then and no lock). i wondered what the deal was in getting it done?
on the samsungs i've just flashed a custom recovery and that's it. easy as pie but way back when i had to use a goldcard to get the desire unlocked and more steps in getting s-off
is it easy or tricky with the sony? if i get this phone i'd be needing to root straigt away to put my TB backups back on so wouldnt have any drm keys to backup yet
Click to expand...
Click to collapse
The TA backup does make a backup of alla the DRM keys, as the Bravia engine...and bla bla bla what other features there are.
It is easy to unlock the bootloader IF you not running Windows 8. On W8 it is a bit tricky because you have to reboot the OS in test mode disabling the driver verification in order to be able to install fastboot driver and S1 driver. Other than that, it should be done in about 30 sec if there's no issue :good:
and typically i'm on win 8 (though wish i wasn't at times).
cheers for the info. wonder if it would work with win7 via VM
well, i ordered it, and put my old note 2 for sale on mazuma
As a fellow Galaxy Note user here, Rooting the ZU is easy...
Unlocking the bootloader is another.. It is pretty much straightforward from the tutorials on this forum but you have to watch out of your TA partition..
I have gone as far as backing up my TA but I haven't unlocked my Bootloader yet.. I don't feel the need for a custom ROM yet.
Stock, Rooted .532 ROM with Xposed Framework serves most of my needs.. Plus seamless connection of the Dualshock controller which is a definite plus for me!
cool. i've read the guide and i get that the TA partition holds DRM info but isn't thatonly for purchases etc? if it's lost what's the worst case scenario? brick or you lose access to paid for content?
tommo123 said:
and typically i'm on win 8 (though wish i wasn't at times).
cheers for the info. wonder if it would work with win7 via VM
Click to expand...
Click to collapse
I have no idea how stable it gonna be to make an operation like this? ..because you have to manually unmount and mount the choosen device in to VMware. Now I don't have VMWare Workstation installed as I recently moved to Windows 8 Enterprise. ..big mistake when doing this kind of operations. It took me about an hour to figure out how to properly disarm all this stupid verification of drivers and certificates and bla bla bla microsoft features. In these moments I love my linux mint.
The TA backup benefits from that first of all you do make a backup of your DRM keys if you would like to restore them in the future if going back to stock rom and for example sending it for service covered warranty. You don't necessarily lose your warranty but there might be times when the service center denies your request as they see that the device has been tempered with. I think I read that it does also relock your bootloader but I might need to confirm that..not entirely sure.
If you lost the DRM keys or the backup? Ehm.. yeah no more bravia engine, Track ID and the other apps provided by sony wont work. Other than that, It's not that big of a deal but It's good to have a backup just in case!
ah, good to know then. cheers.
i suppose i could throw a wubi ubuntu install on or something i guess.
Yes, the TA partition has your UNIQUE DRM info needed for Sony's proprietary software to work. (aka bravia engine and xreality) take note of the word UNIQUE.. you cannot use a TA backup from another phone.. So you really have to back it up.. A few minutes of effort to back it up is worth spending rather than losing your keys forever..
As I've read from one of the posts on other threads, restoring the TA partition would not relock your bootloader.. They are two separate steps.. You have to manually relock it after restoring.. Which as far as i understand is fairly easy although I haven't done it myself..
Sent from my C6833 using XDA Premium 4 mobile app

[Q] Just rooted, if I upgrade will I lose root though?

So today I managed to root my Z2
Following advice from o0 Matt 0o in another thread, I downgraded from 4.4.4 to 4.42 using flashtool, then using the rootkitXperia_20140719 install.bat the phone is now rooted (for some reason it would not find adb even though running adb from a cmd prompt worked!)
Anyway, now I am on 4.4.2 with root, if I upgrade back to stock 4.4.4 rom will I lose the root?
EDIT: I have installed dual recovery, is there a pre packaged rooted rom for:
Android 4.4.4
23.0.1.A.0.167
United Kingdom - 3 - 1281-2574
Click to expand...
Click to collapse
Dont really want to create a rooted package myself, the steps can be confusing
Thanks!
Since you have dual recovery on 4.4.2 you can use the pre-rooted package by niaboc79 (can be found in the Android Development section) or any pre-rooted stock based ROM based on 4.4.4. It is all down to your preference.
I doubt there will be a 3 branded pre-rooted package either.
Actually you're right I should just get one of those roms which is not branded which would look better anyway
One last thing what is the steps to backup ta partition? At some point I will unlock bootloader but don't want to lose the dry keys
Cheers
Ned_Flanders said:
Actually you're right I should just get one of those roms which is not branded which would look better anyway
One last thing what is the steps to backup ta partition? At some point I will unlock bootloader but don't want to lose the dry keys
Cheers
Click to expand...
Click to collapse
In the Sony cross device development section there is the backup TA tool, simply use that. Also, make sure to upload your backup to a cloud service or something like that, in case your hard drive goes kaput and you need it to relock your bootloader.
Please remember that unlocking the bootloader wipes the internal SD card (not the user one). Also, restoring the TA backup relocks the bootloader so make sure you are on a stock ROM and kernel when you restore the backup.
gamer649 said:
In the Sony cross device development section there is the backup TA tool, simply use that. Also, make sure to upload your backup to a cloud service or something like that, in case your hard drive goes kaput and you need it to relock your bootloader.
Please remember that unlocking the bootloader wipes the internal SD card (not the user one). Also, restoring the TA backup relocks the bootloader so make sure you are on a stock ROM and kernel when you restore the backup.
Click to expand...
Click to collapse
Cool thanks for the tips :good:

[Q] Getting back to stock for Lollipop update

I gave my XZU, which has an unlocked bootloader, is rooted, and is running 4.4.2 to my mother. I want to return the device to stock, as she has no need for root, and upgrade it to stock lollipop. The problem is, I rooted it a long time ago, I don't remember how I did it, and even then, I was stumbling through the process. There are many more guides about rooting than there are about unrooting, so I'm concerned that I may brick the phone or mess it up in some way. Here are the steps I found on XDA for returning to stock:
1. Make sure you have root
2. Backup any data/photos/etc on the phone
3. Restore your TA backup with the TA backup tool above
--------If you are on a custom kernel or ROM you ZU will not boot at this stage
4. Start flashtool and load a FTF
5. Start the flash and wait for the onscreen instructions to connect the ZU
6. Connect your ZU in flashmode
---------With the ZU powered off
---------Connect to PC while holding the volume down key
---------Flash will start
7. Wait for flash to complete
Is this the appropriate way to approach what I'm trying to do here? I am not running a custom kernel or ROM, I don't think. Certainly not a custom rom, though I'm not sure how kernels work anymore. But I'm pretty sure it's not custom. Just to be certain I am doing this properly, I want to write this out with the guide and see if it makes sense.
1. I do have root.
2. Done.
3. I have my TA partition saved as a .zip from when I originally rooted the phone. I'm not completely sure how I restore the partition. I am getting the Backup TA program from here: https://github.com/DevShaft/Backup-TA/releases. But I can't find actually how to restore it. After I do this, my bootloader is now relocked, and then I can just flash stock .ftf's? Is this correct?
4. I am downloading flashtool from here: http://www.flashtool.net/downloads.php and I am using this .ftf: [STOCK ROM] [FTF] Xperia Z Ultra (C6806) 14.3.A.0.681 "US Unbranded", which I am getting from here: http://forum.xda-developers.com/xpe...tf-depository-sony-firmware-releases-t2829387. I haven't used the flashtool since the original rooting I did, but I think I can figure it out.
5. Etc.
6. Etc.
7. Etc.
At this point, I should be back on stock, right? And then I could just update through Sony's PC Companion at this point, yes? I'm basically just looking for a "Yes, you're going in the right direction" or "Yes, this is how you would return the device to stock."
Thanks!
That is the most up to date instructions that I know of, sorry I can't answer about the TA restore. Just one suggestion would be to flash a lollipop ftf, rather than kitkat and trying to get it to upgrade. An even easier solution would be to leave it unlocked and flash this http://forum.xda-developers.com/xpe...llipop-5-0-2-c6806-14-5-0-242-rooted-t3082449 in recovery.
adfurgerson said:
That is the most up to date instructions that I know of, sorry I can't answer about the TA restore. Just one suggestion would be to flash a lollipop ftf, rather than kitkat and trying to get it to upgrade. An even easier solution would be to leave it unlocked and flash this http://forum.xda-developers.com/xpe...llipop-5-0-2-c6806-14-5-0-242-rooted-t3082449 in recovery.
Click to expand...
Click to collapse
I appreciate it. I think I'm going to try it now. I really want it on stock for any updates. It needs to stay as simple and as up-to-date as possible without as little effort as possible. Do you know where the stock lollipop .ftf's are?
Snarging said:
I appreciate it. I think I'm going to try it now. I really want it on stock for any updates. It needs to stay as simple and as up-to-date as possible without as little effort as possible. Do you know where the stock lollipop .ftf's are?
Click to expand...
Click to collapse
This tool might work.
http://forum.xda-developers.com/cro...xperifirm-xperia-firmware-downloader-t2834142

Best practices for out of box 4.4.4 tablet root/backup/bootloader etc

I just bought a Z3CT(SGP612) and am a bit confused.
The first big question is about DRM key thing. Why do I care about them if I don't have any other Sony devices (Playstation etc.) and probably won't ever. I read in one thread that these keys may be non-recoverable, but in another thread it was said they could be saved and restored. What are the best practices for doing this?
Second, and I'm stuck here until this thread works, or further research surfaces the answer. I just bought this unit, it's brand new out of box. I'm probably the last man on earth to buy one, but....The device is nagging me to update, but I think that may end in tears. I'm afraid Sony official updates may render the device unrootable, or permanently lock the bootloader forcing me to beg Sony to do whatever I want to my own device. I think on 4.4.4 there is a way to unlock the bootloader without begging Sony to do it. The device is presently 4.4.4, build 23.0.1.A.0.167. The nagging update will take me to 23.0.1.A.3.12. I'm assuming there may be further updates beyond that to get to 23.4.xxxx. Should I accept this, and do any other updates, or proceed directly to one of the pre-rooted stock ftf files (sorry, what is ftf and acronym for?). I'd like to get to the latest 5.11 and have the ability to run adaway, make backups, have proper working SD card and USB OTG, and maybe run a few Xposed apps all of which mean I need root. As it's a virgin device I don't care about if I have to wipe the device in the process.
http://forum.xda-developers.com/crossdevice-dev/sony/noob-guide-to-sony-ericsson-xperia-t3209012
http://xperiafirmware.com/8-firmware/77-sony-xperia-z3-tablet-compact
as i´m in the same situation as you i will share my experience / research so far:
1. Rooting works on different firmware with different methods, kingroot being one rather easy but with the drawback of sending personal phone data to uncertain chinese servers. Rooting 4.4 seems easier than 5.x.
2. Research showed that the DRM keys / TA partition is something to be backed up, just in case. But for backing up you need root but no unlocked bootloader (unlocking erases the keys).
3. Recoveries can be installed without unlocking the bootloader but need root(?).
This is where im right now with my progress - rooted, TA/DRM keys backed up and on a custom recovery but bootloader still locked and TA intact .. getting root demanded some patience and several tries though.
4. next step will be installing a prerooted 5.1 firmware i guess and everything has to be running fine

TA Backup with oreo (no downgrade)

Hello forum,
is it possible to gain temp root access and backup TA manually while using oreo? I mean there are several oreo privilige escalation exploits out there.
I found something similiar for a Sony XZ phone: https://forum.xda-developers.com/xp...devonly-exploits-temp-root-to-backup-t3795510
I guess we could use this exploit aswell.
shoey63 said:
If you are referring to TA backup, there are already tools to do that from z to xz series.
If you are referring to a blu-hide kernel, you won't be able to flash it as restoring the TA partition on the older devices physically rel-ocks the bootloader, making it impossible to flash anything other than an untouched stock sony kernel.
Click to expand...
Click to collapse
@Persori, why would you need to do TA backup from oreo (i.e. without downgrade) if there are tools available for older firmwares?
With unlock, your phone would be factory reset anyway, so all data erased, the same effect when you do a downgrade, so what's the point?
It is not trivial to port the exploit to other kernel - finding the offsets involve reverse engineering work. But porting the exploit to other CPU/platform - that is even more difficult - tuning the timing and concurrent processes right to get usable success rate is very very hard.
Put simply - the effort is not worth it, particularly if there are other ways already existing...

Categories

Resources