• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root ZTE Zmax Pro Official Root Discussion

Status
Not open for further replies.
Has anyone tried using smanager and try to run some system files as scripts I've been tinkering with it for a while and I think it might be of some use. So see what I mean download the smanager app and navigate to /system/bin and run the file "apply patch" as a script and see what it says.
 

Or how about this. Would this help for us???
http://www.theandroidsoul.com/dirty-cow-root-android/

Both require access to an available copy of boot.

Has anyone tried using smanager and try to run some system files as scripts I've been tinkering with it for a while and I think it might be of some use. So see what I mean download the smanager app and navigate to /system/bin and run the file "apply patch" as a script and see what it says.

Smanager acts as a easy gui for terminal commands already available. Ive attempted running the scripts, but all require a secondary root suid.

So what is making this particular device so hard compared to other devices?

DM-VERITY and zte consistency of removing past exploitable system files and storage encryption.

Even went as far as to deny simple commands from userland.
 
Even though I'll be switching to an iPhone soon enough, I want to try to help root the ZTE ZMax Pro. Is it possible for me to try to dump the boot partition of my phone to help out?
 
Even though I'll be switching to an iPhone soon enough, I want to try to help root the ZTE ZMax Pro. Is it possible for me to try to dump the boot partition of my phone to help out?
Only possibility to get the boot partition would be to jtag the device and download a raw copy of the partition as the system to locked down to even read anything other then user level.
 
Anyone with the right jtag connector and pinout diagram or testing.

And the willing to possibly kill the zmax at any moment.

I personally do not own one as i have sold my last one when disassembling the bootloader was a thing at the time.

ZTE hasn't yet released their Z981 schematic diagram to the public. And you'll be waiting a long time for that :)
 
Considering how Qualcomm's SoCs work, I highly doubt we will find a populated jtag port, and even if we do there is no guarantee that it speaks in a language we can understand without some ZTE ****ery. Hard mods are generally a last ditch solution, and are not for everyone either.
 
Considering how Qualcomm's SoCs work, I highly doubt we will find a populated jtag port, and even if we do there is no guarantee that it speaks in a language we can understand without some ZTE ****ery. Hard mods are generally a last ditch solution, and are not for everyone either.
Jtag doesnt speak anyother language then direct read from storage.
 
JTAG is just an interface to TAPs, and has almost nothing to do with storage. You're thinking of eMMC.
To be specific yes eMMC, but it can also access memory and the nand which in our situation is not needed.

Microcode does not change by brand specific phones.

All android phones provide the same system to revive or create a new firmware.
 
To be specific yes eMMC, but it can also access memory and the nand which in our situation is not needed.

Microcode does not change by brand specific phones.

All android phones provide the same system to revive or create a new firmware.

Hm. I know I had a phone where the JTAG port just connected to a few test modules, and never actually gave register access. I eventually had to pull the NAND directly. Figured ZTE would do the same.
 
Hm. I know I had a phone where the JTAG port just connected to a few test modules, and never actually gave register access. I eventually had to pull the NAND directly. Figured ZTE would do the same.
Looking at the MB its self, you can see marked test points but some are fused so it would not be a surprise if you had to burn a fuse link to get access.
 
Looking at the MB its self, you can see marked test points but some are fused so it would not be a surprise if you had to burn a fuse link to get access.

I can give it a go on my burner 981, see what happens. I don't have my JTAG clip, so I need to order one. I heard you can use a printer port on a computer as a JTAG interface, so I may use that method and just solder the cables to certain pins, and find some software to use it without my clip.

I take it ZTE didn't release a diagram on the board?
 
I bought a Nexus 6P, so I now have a Zmax Pro just collecting dust. It has a cracked screen and is on the latest update. I can possibly send it to someone if they need one for testing within a couple weeks.
 
Found some interesting things here.
http://forum.gsmhosting.com/vbb/f97...sm8952-check-inside-team-4-more-info-2237562/
This guy somehow has his z981 connecting properly to qfil.
While another user posted these https://www.4shared.com/rar/UQDM1kH1ba/8952_lite_prog_emmc_firehose_8.html?
And they seem to contain various firehoses. While they don't seem to be ZTE specific, it could be a place to start if the phone doesn't care about signatures.

That's about all I have until my jtag clip arrives in 2-6 weeks -_-
 
OnePlus 5 got rooted in like 2 days

Not all phones are equal. Besides the fact that the one plus line a ton morr popular, therefore attracting higher skilled hackers, it also has an unlocked bootloader, and proper tools to interface with it. The Z981 has a locked bootloader (as far as I can tell), requires ZTE signatures, EDL mode was changed, doesn't interface with any tools, and is heavily locked down in userland.
 
Found some interesting things here.
http://forum.gsmhosting.com/vbb/f97...sm8952-check-inside-team-4-more-info-2237562/
This guy somehow has his z981 connecting properly to qfil.
While another user posted these https://www.4shared.com/rar/UQDM1kH1ba/8952_lite_prog_emmc_firehose_8.html?
And they seem to contain various firehoses. While they don't seem to be ZTE specific, it could be a place to start if the phone doesn't care about signatures.

That's about all I have until my jtag clip arrives in 2-6 weeks -_-
Thats support for those sim unlocking devices specific forums.

They all interface with edl mode aka qualcomm port.

If they do happen to get a working qfil then we can use it to rewrite the qfil for twrp.
 
Status
Not open for further replies.
Back
Top Bottom