Installing LineageOS in the Sony Xperia XZ2 Compact Dual (in GNU/Linux) 2/5: Backing up the Trim Area (TA) partition

Posted on por

WARNING

I have no responsibility whatsoever if this guideline causes any harm to your device. The intention of these posts are solely as personal notes for myself. Follow them at your own risk.

WARNING

Through these steps I will unlock the phone’s bootloader, erasing all data. This includes the DRM keys stored in the Trim Area (TA) partition. I’ll attempt backing them up but, as of today, there is no way of restoring them to the previous state nor knowing if the actual backup is usable at all.

Without these DRM keys, several audio and video proprietary functionality provided by Sony won’t be available including some camera post-processing features, color gamut profiles, white balance, noise reduction, X-Reality Video Enhancement, DSEE HX, ClearAudio+, and Widevine L1 support for HD Netflix.

Backup the TA partition

As explained in the previous post, enable developer mode in the phone.

Following this guide, download the latest Magisk release. At the time of writing this it’s v20.4.

Download the tama-mroot.zip with the needed exploit.

Push both archives into the phone (you may need to give consent in a pop up dialog in the phone):

root$ adb push tama-mroot/tama-mroot.zip Magisk/Magisk-v20.4.zip /data/local/tmp
tama-mroot/tama-mroot.zip: 1 file pushed. 0.5 MB/s (21355 bytes in 0.039s)
Magisk/Magisk-v20.4.zip: 1 file pushed. 32.0 MB/s (5942417 bytes in 0.177s)
2 files pushed. 25.4 MB/s (5963772 bytes in 0.224s)

Get into the phone and follow the steps to get a root shell:

root$ adb shell
H8324:/ $ cd /data/local/tmp
H8324:/data/local/tmp $ unzip tama-mroot.zip
Archive: tama-mroot.zip
inflating: magisk-start.sh
inflating: magisk-setup.sh
inflating: tama-mroot
H8324:/data/local/tmp $ chmod 755 tama-mroot magisk-setup.sh magisk-start.sh
H8324:/data/local/tmp $ ./magisk-setup.sh

[...]

H8324:/data/local/tmp $ cd /data/local/tmp
H8324:/data/local/tmp $ ./tama-mroot

[...]

root_by_cve-2020-0041:/data/local/tmp # ./magisk-start.sh -1

[...]

root_by_cve-2020-0041:/data/local/tmp # ./magisk-start.sh -2

[...]

root_by_cve-2020-0041:/data/local/tmp # ./magisk-start.sh -3

[...]

We can verify now that we have really root privileges:

root_by_cve-2020-0041:/data/local/tmp # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc),3011(uhid) context=u:r:magisk:s0
root_by_cve-2020-0041:/data/local/tmp # uname -a
Linux localhost 4.9.186-perf+ #1 SMP PREEMPT Fri Jan 17 01:22:05 2020 aarch64

Hence, let’s go ahead and back up the TA partition:

root_by_cve-2020-0041:/data/local/tmp # dd if=/dev/block/bootdevice/by-name/TA of=TA-locked.img
4096+0 records in
4096+0 records out
2097152 bytes (2.0 M) copied, 0.039839 s, 50 M/s
root_by_cve-2020-0041:/data/local/tmp # chown shell:shell TA-locked.img
root_by_cve-2020-0041:/data/local/tmp # sync
root_by_cve-2020-0041:/data/local/tmp # sync

Now, from another terminal in the computer, pull the created backup:

root$ adb pull /data/local/tmp/TA-locked.img

That’s it, we have finished backing up the TA partition!

Now, we can continue to install the LineageOS system.

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *