• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root ZTE Zmax Pro Official Root Discussion

Status
Not open for further replies.
SapphireEx said:
Found some interesting things here.
http://forum.gsmhosting.com/vbb/f97...sm8952-check-inside-team-4-more-info-2237562/
This guy somehow has his z981 connecting properly to qfil.
While another user posted these https://www.4shared.com/rar/UQDM1kH1ba/8952_lite_prog_emmc_firehose_8.html?
And they seem to contain various firehoses. While they don't seem to be ZTE specific, it could be a place to start if the phone doesn't care about signatures.

That's about all I have until my jtag clip arrives in 2-6 weeks -_-
Click to expand...
according to @tenfar the axon 7 same edl method developer, those programmers are signed, he never told me how he get the axon 7 signed programmer... , i tested this method myself and unfortunately there was always sahara failed which i think is due to the wrong signature.
 
Come on people. With respect, let's get it together. Take an outside opinion for what it's worth. You are all thinking to hard on methods that are to much. Who do you think is going to open and soder there phones just for root access? I want root as much as any of you. I was there when mastercheif87 was opening doors for the original zmax to have root. And didn't stop until we had full r/w capabilities!!
Here's a quote from him,

"I think it would be wise to advise noobs to play it safe and use the twrp method. Just a suggestion.
Giving someone without experience full root capabilities without a custom recovery is kind of like giving a 16yr old a new Lamborghini without seatbelts or airbags.
Like I said it's up to you just trying to look out for others."

The answer cannot be that complicated or people will just move on. So I'm asking you all to keep trying. I do believe there has to be a way. If it's locked then there most certainly is a key. So let's all take a step back. And look at this with fresh eyes. I believe in you guys, I really do.
GOOD LUCK!
 
Well, my roommate just cracked the screen on his Zmax Pro, so he is going to get a new phone. When he does, I will have a disposable one I can play with. I think he updated it though, not sure which firmware. Has an option for video calls.
 
wow. this thread died so hard. i came here to post if viewing the system logs of this phone would help at all. no root or pc required, i have discovered a exploit that targets all android versions... let me know if this will help with rooting the device in any way.

EDIT: I will only reply to the most active and trusted members of this thread. i don't want this exploit to go to waste. i have also attached a capture of the systems logs from my phone as proof of concept.
 

Attachments

Last edited:
kilozz385 said:
wow. this thread died so hard. i came here to post if viewing the system logs of this phone would help at all. no root or pc required, i have discovered a exploit that targets all android versions... let me know if this will help with rooting the device in any way.
EDIT: I will only reply to the most active and trusted members of this thread. i don't want this exploit to go to waste. i have also attached a capture of the systems logs from my phone as proof of concept.
Click to expand...
you sure your the one that 'discovered' it?
 
kilozz385 said:
i've been searching for ways to read logs on my device for a long time now. i discovered this completely out of my own curiosity. will it or will it not help with rooting this phone?
Click to expand...
that's the usual android logcat that u can get by running this command [adb logcat] while connecting the phone to pc with usb debugging enabled, unfortunately it's not very useful.
 
I don't know so help you guys out. But if you know when you update the phone where it's going what website and password and log on would that help you I have that.??? It is best open up in notepad+ .. I used Cydia impactor ./ Watch log
 

Attachments

kilozz385 said:
i've been searching for ways to read logs on my device for a long time now. i discovered this completely out of my own curiosity. will it or will it not help with rooting this phone?
Click to expand...
sorry but no. To log that is not hard. To get useful information is. Keep On Truckin you never know.
 
I know everyone wants to help and all, but consider doing some research before posting. Many of the things people are asking about have already been discussed directly in this thread, and many others can be found on stack exchange/ XDA etc.

I forgot to quote who said it, but yeah custom recovery is max priority. Unless someone can talk over EDL with the firmware controller, we are at a bit of a loss on that. Qfil refuses to interface with the com port (for me anyways), and we basically require that to accept our firmware images. Hopefully when my jtag clip gets here I can shed light on exactly what EDL wants from us, and what we need to do. Until then, I'm just going to keep trying to exploit the kernel until I can get a solid foothold that doesn't require a reboot or instantly crashes.

To me, userland seems like a waste of time. With dm-verity being itself, and the various system protection methods embedded in the firmware itself, userland could very well never be exploited on the current kernel.

Anyone know if we can get a big hacker to help with this? Geohot, chainfire, etc. Some professional input would go a long way (not discounting Messi in any way. Just more/different people).
 
You can definitely talk to the phone in Field Test Mode. I was able to push apks. Could not read my zip file but that was my bad. You can change directories. I had something worth while to send I would I can upload screenshots if you like.
 
nonono said:
You can definitely talk to the phone in Field Test Mode. I was able to push apks. Could not read my zip file but that was my bad. You can change directories. I had something worth while to send I would I can upload screenshots if you like.
Click to expand...

If you could upload those pics that would be great! Thanks
 
nonono said:
You can definitely talk to the phone in Field Test Mode. I was able to push apks. Could not read my zip file but that was my bad. You can change directories. I had something worth while to send I would I can upload screenshots if you like.
Click to expand...

That's not FTM you're talking over, it's a standard userland ADB, the same one we have in standard boot. Nothing really special about it.

EDL talks directly to the firmware, which is what we need
 
You know this is why I hate doing this s***. I know exactly what mode is in and how to talk to the phone. Firmware not you can still send commands threw that mode I suggest you look at the build prop. Look long and hard it'll tell you what mode is in.
 
nonono said:
You know this is why I hate doing this s***. I know exactly what mode is in and how to talk to the phone. Firmware not you can still send commands threw that mode I suggest you look at the build prop. Look long and hard it'll tell you what mode is in.
Click to expand...

Take a very close look at the first command you gave. "ADB". FTM has it's own set of protocols completely separate from ADB. All you did was open a userland shell from ADB. You can do the exact same command from terminal emulator in standard boot and it would give exact same output you see there. You are not interfacing over actual FTM, you are just in FTM mode, which supplies the very same userland shell that standard boot gives. Literally no difference whatsoever.https://m.imgur.com/a/UKQ39
 
I understand alright ..I just thought it was quite funny. Using a program that was not written for this particular phone.
 
SapphireEx said:
Take a very close look at the first command you gave. "ADB". FTM has it's own set of protocols completely separate from ADB. All you did was open a userland shell from ADB. You can do the exact same command from terminal emulator in standard boot and it would give exact same output you see there. You are not interfacing over actual FTM, you are just in FTM mode, which supplies the very same userland shell that standard boot gives. Literally no difference whatsoever.https://m.imgur.com/a/UKQ39
Click to expand...
idk but this may help i dont know how to use it but i got miflash too to recognize my zmax pro in edl mode.
http://imgur.com/clj6xGA
 
I don't think talking to it is the problem. You're as I was trying to say I'm using stuff for mtk. And it recognizes it talks to it and all that. It just isn't giving up any secrets. But all in all good phone no real reason to root it. I think somebody will find a way. I don't see why people say this is not a popular phone .
 
http://imgur.com/a/v7oLl
Error Saraha end error with status:20
From what I can gather, this means you require a deep flash cable, something I don't have, and don't feel like destroying my only good USB-C cable over. You can DIY it yourself. The image I was using was a generic firmware for a different phone to even see if it would try to flash it. It did actually try.
If someone wants to cough up the 10 or so dollars for a deep flash cable and try to flash something yourself, have a go at it. This is a very interesting lead.
 
Status
Not open for further replies.
Back
Top Bottom