Has anyone an exploit for backing up TA (Trim Area) partition on Xperia 10 iii

I am about to flash Sailfish OS on my newly acquired Sony Xperia 10 iii.

As the phone is 1 year old by now:
has somebody by now found some temporary root exploit that can be used to back up the TA (Trim Area) partition (to back up the DRM, etc.) before it gets self destructed during the unlocking procedure?

Is there an exploit now like there was one for the Xperia X back then?
Or is it like the Xperia XA2 where (in the beginning) there was no way to keep the TA and DRM from destruction?

1 Like

Was under impression maybe mistakenly that whilst possible to backup TA upon XA2, DRM was a bridge too far:
http://jfcarter.net/~jimc/hardware/sony-xperia-xa2/setup.shtml

Think that unfortunately you would be waiting in vain for any such exploit upon 10III and will have to accept the inevitable.

there are no public exploits for 10mk2 or 10mk3 even on early firmwares

Oh, sorry. I wasn’t clear. I meant:
“Backing up the DRM keys and everything else on the TA, so I can eventually reset the smartphone to factory configuration in some distant future.” ¹
Not:
“extracting the DRM keys from the TA and using them to access DRM-protected content from within alien-dalvik”. ²


¹ - I’m considering eventually transitionning to some fully opensource & supported in upstream vanilla kernel smartphone like the PinePhone Pro sometime in the future. So this might be one of the first Xperia that I won’t be replacing only after having completely destroyed the hardware before. I might consider reselling it in the future and having factory-like restored DRM might help.
² - I’m not a big Adroid user, I only use aliendavlik for the few apps that I absolutely need and can’t get without (e.g. the closed source proprietary apps that my friends keep insisting on using, a couple of banking apps) none of which needs any DRM key.

Okay, so nuking the TA it is.

@DrYak a bit late for a reply, but I think there is a way to backup your TAs prior to unlocking…

I’ve been flashing my Xperia 10 III with all available options around, one of them beeing the latest version of newflasher, which allows flashing original fw while BL locked. One of the options asked before flashing is to backup the trim areas, where you choose yes or no.

I haven’t tested it, since I had already lost my TAs a couple of days back, but it should work!

3 Likes

Damn, too late! I’ve already switched to the Xperia 10 iii as my daily driver.

BTW: As far as I remember (back from my Xperia X era and the dirty cow exploit), flasher works by uploading and running scripts on the phone (and thus needs some root access or escalation).

@DrYak Coming back after receiving my new replacement Xperia 10 III, and using newflasher just to test the TA backup procedure, prior to unlocking.
Well, you 're right, elevated rights required for DRM backup after all…

Aren’t there any Abdroid 11 root exploits in the wild?

Im using TWRP to backup all Partitions before installing SailfishOS

There are some, but they mostly target very specific kernel versions (e.g.: Dirty Pipe exploit a kernel bug introduced with 5.8). Turns out the current 4.19 on Xperia 10iii isn’t affected by any of the one I’ve found so far – hence my initial question.

To run TWRP, you need to have the flashtool enabled (so that you can send and boot into TWRP) which requires the phone to be unlocked.
Unlocking, according to current documentation on Sony’s website, causes the DRM key to be wiped from the Trim Area (and a few other things, like some proprietary camera filters such as the low-light improvements).
So yes, you can do backup of all partitions, but your backup of TA won’t contain the DRM keys.

1 Like

To be honest, there are no really big losses in Picture-Quality on my XZ1, X Compact and XA2-Devices.