Root ZTE Zmax Pro Official Root Discussion

[Charles367]

That's not root though or is it ? Please clarify. I'm saying that the gm2 and zmp are practically identical right? Now we know that the original zmax won't help hear but would it help to work together with the grand max and grand max 2 . Example combine threads.Just a question sorry.

 

[cyanidekid]

That's not root though or is it ? Please clarify. I'm saying that the gm2 and zmp are practically identical right? Now we know that the original zmax won't help hear but would it help to work together with the grand max and grand max 2 . Example combine threads.Just a question sorry.

Does most info match? Board , CPU, partitions etc

 

[cyanidekid]

I have a flashable selinuxpolicy.zip type file but is for a rooted Samsung Galaxy On5. It was made to get viper4android to work and install in enforcing mode. You flash it then reboot. Then you install the viper4android driver. This notification toast pops up asking you to install driver on most viper4android builds. Would this be feasible to maybe study, break down, decompile etc*****edit*****

I'm saying see how exactly the supolicy zip is made for one. How it "attacks" the system. B14 has some partition change. Just random stuff. Maybe scripting with non root BusyBox. Build a supolicy zip rooting apk or Linux or whatever

 

[messi2050]

anyone tried this tool https://forum.xda-developers.com/axon-7/development/axon7tool-flash-backup-boot-recovery-t3514254
already tried here but i'm getting an error while trying to pull the recovery partition.

 

[arringtonp03]

I've tryed with tmobile b4 get same result and progam crashes

 

[messi2050]

I've tryed with tmobile b4 get same result and progam crashes

I'm sure this can work on our zmax but the programmer script needs to be modified. Unfortunately it's developer is not very active on xda but i left him a reply in his thread anyway. ..

 

[Nthall]

I have a flashable selinuxpolicy.zip type file but is for a rooted Samsung Galaxy On5. It was made to get viper4android to work and install in enforcing mode. You flash it then reboot. Then you install the viper4android driver. This notification toast pops up asking you to install driver on most viper4android builds. Would this be feasible to maybe study, break down, decompile etc*****edit*****

Probably not. If we had a way to flash the kernel we would have root already. The On5 can be flashed with Odin, and has fastboot and adb as well. We don't have software to use on ours yet.

I'm really curious if anyone has flashed one from the SD card with no sim installed. From looking through the logs it looks like it gets a handshake from a MetroPCS server before the flash goes through.

When you do a factory reset SELinux starts in permissive mode. If there was a way to trick the stock recovery into pulling the backup off of the SD card I think we could get somewhere. The updates don't work properly when adaptive storage is activated, which makes me think it might be possible to spoof the root directory. I just don't know how to do it. We don't have a stock backup as far as I know either, so there is nothing to flash if we could do it. I could be totally wrong too.

 

[Nthall]

anyone tried this tool https://forum.xda-developers.com/axon-7/development/axon7tool-flash-backup-boot-recovery-t3514254
already tried here but i'm getting an error while trying to pull the recovery partition.

I'll give it a shot.

 

[Nthall]

I tried it on Windows 10 and Ubuntu, and it doesn't recognize my phone on either.

 

[messi2050]

I tried it on Windows 10 and Ubuntu, and it doesn't recognize my phone on either.

It only detect my phone when i use adb reboot edl , buttons combo didn't work.

 

[Nthall]

It only detect my phone when i use adb reboot edl , buttons combo didn't work.

Adb recognizes it. Rebooting to EDL just shut my phone off. I couldn't get it to go into DFU mode either.

 

[messi2050]

Adb recognizes it. Rebooting to EDL just shut my phone off. I couldn't get it to go into DFU mode either.

It's not off , it's only a black screen, you can check the ports in device manager you will find qcom port.

 

[Nthall]

It's not off , it's only a black screen, you can check the ports in device manager you will find qcom port.

The port is showing, but my phone had the battery charging image on it.

 

[cyanidekid]

It's iOS but runs on linúx? Also I think can set up different environments******edit**** also ROP Gadget Tool?

 

[Nthall]

It's iOS but runs on linúx? Also I think can set up different environments

You'll probably have to tweak the code a little to make it compile.

 

[Nthall]

I deleted the drivers for all of the other phones I have and PDAnet because I thought they might conflict. It did the same thing.

 

[Nthall]

I tried it with different drivers instead of zadig, and got a little bit further. I didn't think my phone was going to come back on afterwards. Anyone know which version of Linux it was built on?

 

[cyanidekid]

I tried it with different drivers instead of zadig, and got a little bit further. I didn't think my phone was going to come back on afterwards. Anyone know which version of Linux it was built on?

View attachment 115595

Aarch64 Linux ring a bell?

 

[Nthall]

Aarch64 Linux ring a bell?

I don't have a machine running Arch, but I can set one up tomorrow. That one can take a while to install. I think I could log what the script was actually trying to do in Linux. Ubuntu won't even recognize the phone. That acts like a exploit, it might not even work on this phone.

You can unlock the bootloader with fastboot on the Axon. I don't understand why you would use that instead of installing TWRP.

 

[cyanidekid]

Also are there apps like tmobile.pr.adapt and the Google check-in successful app or type apps that we can freeze/disable that might lax security?

 

[Nthall]

Also are there apps like tmobile.pr.adapt and the Google check-in successful app or type apps that we can freeze/disable that might lax security?

Possibly.

 

[GrifterGrifts]

Also are there apps like tmobile.pr.adapt and the Google check-in successful app or type apps that we can freeze/disable that might lax security?

All T-Mobile.PR.adapt is is a root checker that asks for root every two seconds and the second you grant it got warranty is void cause the carrier knows your rooted I know cause it's on an old LG of mine so I rooted and uninstalled it

 

[jesellopez]

Our only way to get root, Is in EDL mode. The axon7tool looks promising. We need to contact the creator of the axontool and ask to help. I will do tomm. Morning

 

[cyanidekid]

anyone tried this tool https://forum.xda-developers.com/axon-7/development/axon7tool-flash-backup-boot-recovery-t3514254
already tried here but i'm getting an error while trying to pull the recovery partition.

Updater script or footer issue?

 

[Nthall]

Our only way to get root, Is in EDL mode. The axon7tool looks promising. We need to contact the creator of the axontool and ask to help. I will do tomm. Morning

Messi already did.