• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root ZTE Zmax Pro Official Root Discussion

Status
Not open for further replies.
Nthall said:
Yeah it does. I liked that movie. It may have just been phones. They are full of components that are designed here and manufactured in China..
Click to expand...
My wife made a good point.. if Samsung devices are blowing up.. including washing machines, shouldn't Trump investigate them? I like that some of what we tried is being overlooked.. I personally think the key to root is qfil but without the right .mbn files it's a no go. I would have paid a bounty on that before I got my g4, but unless we can find a z981 tech that can deliver for a fee, I'll stay in the shadows with some of you and beta test anything y'all want..
 
From what I read that investigation had been going on for a year. They just decided to pay the fine yesterday to stop it. I guess they were suspended from US operations last year, but it kept being postponed. They last postponement ended at the end of March.
 
SapphireEx said:
Axon7 was locked and unrootable too, until someone figured out EDL mode and flashed TWRP, without even unlocking. So no, we don't need root to get things done.
Click to expand...
I think they flashed the unofficial fastboot 1st.. don't know who or what spawned it.. but ZTE was then forced to make an official one. Maybe if we can come up with an unofficial fastboot. I like the bootstrap idea and one of the 1st g4 root tools. It worked via ADB with a command.exe..
 
I have been watching this forum since it was made for the zmax pro.

I owned the pro for about a day before it took it back since i fried the nvdata trying to sim unlock it to work on t-mobile.

I was able to get a modem connection using the original zmax drivers.

This phone does not differ from the first zmax.
Things that will not work:
1. Unlocking bootloader
2. Sending files thru FTM/EDL

FTM Mode can be used to format the system, Recovery partition is read and writable. Bootloader is also readable and writable.

FTM Mode gives shell access which can be used to mount "certain Partitions"

FTM Mode can be used to write to >>recovery<<

That is all i got when i had the phone and it is very similar in design to the first zmax.

When me, jcase, hroark were working on the device it became simple as we learned all of this.

If you want to root the device then research our first attempts to understand what i mean. If i had this device id help with rooting.
 
loonycgb2 said:
I have been watching this forum since it was made for the zmax pro.

I owned the pro for about a day before it took it back since i fried the nvdata trying to sim unlock it to work on t-mobile.

I was able to get a modem connection using the original zmax drivers.

This phone does not differ from the first zmax.
Things that will not work:
1. Unlocking bootloader
2. Sending files thru FTM/EDL

FTM Mode can be used to format the system, Recovery partition is read and writable. Bootloader is also readable and writable.

FTM Mode gives shell access which can be used to mount "certain Partitions"

FTM Mode can be used to write to >>recovery<<

That is all i got when i had the phone and it is very similar in design to the first zmax.

When me, jcase, hroark were working on the device it became simple as we learned all of this.

If you want to root the device then research our first attempts to understand what i mean. If i had this device id help with rooting.
Click to expand...
You say we can't send via FTM, but you say it can be used to write to recovery. Care to elaborate? The software you used, the commands you used for FTM, and basic information would help
 
SapphireEx said:
You say we can't send via FTM, but you say it can be used to write to recovery. Care to elaborate? The software you used, the commands you used for FTM, and basic information would help
Click to expand...
Sorry i worded that wrong..

There is software available for FTM mode from zte that which was leaked years ago, but is in chinese and is of no use since we do not have official formatted files to upload via the app.

So we can not officially write in FTM mode, but FTM gives adb shell access to which you can send and write and pull recovery via adb shell.

If you can write a new recovery you will be able to get system access to root. What we did before was pull both the bootloader and recovery images and write the bootloader to the recovery and recovery to the bootloader.

This way we would have system read/write, but i would not advise trying that till you have a twrp/recovery to use to fix the phone.

The bootloader is based off lkbootloader so it has two actual bootloaders in one.
 
loonycgb2 said:
Sorry i worded that wrong..

There is software available for FTM mode from zte that which was leaked years ago, but is in chinese and is of no use since we do not have official formatted files to upload via the app.

So we can not officially write in FTM mode, but FTM gives adb shell access to which you can send and write and pull recovery via adb shell.

If you can write a new recovery you will be able to get system access to root. What we did before was pull both the bootloader and recovery images and write the bootloader to the recovery and recovery to the bootloader.

This way we would have system read/write, but i would not advise trying that till you have a twrp/recovery to use to fix the phone.

The bootloader is based off lkbootloader so it has two actual bootloaders in one.
Click to expand...
We have twrp. Messi made it.
 
I also have 2 981s. I couldn't care less about my spare bricking, so I'm down for any testing you think we should do regarding the bootloader/ recovery
 
SapphireEx said:
I also have 2 981s. I couldn't care less about my spare bricking, so I'm down for any testing you think we should do regarding the bootloader/ recovery
Click to expand...
have you actually written twrp to recovery?

anybody can make a twrp build with just the kernel file and a few device details.

First try writing twrp via FTM mode. Start the adb shell and see if it allows you to write it. Once you have twrp it should be smooth to root it.
 
loonycgb2 said:
have you actually written twrp to recovery?

anybody can make a twrp build with just the kernel file and a few device details.

First try writing twrp via FTM mode. Start the adb shell and see if it allows you to write it. Once you have twrp it should be smooth to root it.
Click to expand...
I can't write what I can't see. I'm in the shell right now, but FTM is throwing "permission denied" whenever I try to cd into /dev/block/by-name/ to try and find where the recovery partition is stored
 
1489035582112.jpeg


If you know where the partition is, I'll try writing directly
 
This is starting to look like something someone can root correct me if I'm wrong but a lot of people will not be able to do all this
 
Charles367 said:
This is starting to look like something someone can root correct me if I'm wrong but a lot of people will not be able to do all this
Click to expand...
Someone will eventually make a one click utility once we get the phone rooted
 
Charles367 said:
I don't understand why we can't get the files we need then being android is open sorce
Click to expand...
It may be open source, but private keya are not. All OEM files are signed, and almost all stock recoveries have signature verification. If it doesn't match the OEM sig, it doesn't get flashed.
 
Alright, so I think mmcblk0 stores the recovery image, but, everything /dev/block/ is read denied. Not sure about write.
 
SapphireEx said:
Alright, so I think mmcblk0 stores the recovery image, but, everything /dev/block/ is read denied. Not sure about write.
Click to expand...
Has no one pulled a OTA zip to read the updater-script to see where the recovery partition is??

You won't be able to read it directly. You will have to DD copy the partition to pull it.
 
loonycgb2 said:
Has no one pulled a OTA zip to read the updater-script to see where the recovery partition is??

You won't be able to read it directly. You will have to DD copy the partition to pull it.
Click to expand...
Actually, that never occured to me. But yeah, let me load up Kali and I'll dd it
 
Also the largest block partitions will usually be system/data/storage/bootloader..

Recovery will be in the 8-15mb size so anywhere from 8k to 19k blocks
 
loonycgb2 said:
Also the largest block partitions will usually be system/data/storage/bootloader..

Recovery will be in the 8-15mb size so anywhere from 8k to 19k blocks
Click to expand...
1489037338337.jpeg


Looks like I have to tear apart one of the updates to find out where recovery is stored.
 
Status
Not open for further replies.
Back
Top Bottom