• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root ZTE Zmax Pro Official Root Discussion

Status
Not open for further replies.
After doing some digging tenfar wont be able to help unfortunately.

His app was based off emmcdl which is a app based on fixing phones using a firehose mbn file which is specific to each qualcomm board.

so the axon7 firehose wont be the same as the zmax pro firehose mbn.

Unfortunately somehow tenfar got a leak version so yall also would need a leak version to make the app work for you guys also.

These new methods are getting more complicated.
 
loonycgb2 said:
After doing some digging tenfar wont be able to help unfortunately.

His app was based off emmcdl which is a app based on fixing phones using a firehose mbn file which is specific to each qualcomm board.

so the axon7 firehose wont be the same as the zmax pro firehose mbn.

Unfortunately somehow tenfar got a leak version so yall also would need a leak version to make the app work for you guys also.

These new methods are getting more complicated.
Click to expand...
I don't know where to look next... My spare phone booted normally after I let it die. No change.
 
iancc86 said:
I don't know where to look next... My spare phone booted normally after I let it die. No change.
Click to expand...
being that the bootloader is locked not allowing usermode to even use dd on the partitions then the only other thing would be to cause the kernel to crash and making the system writable, but that would mean finding an exploit to use.

Unless zte would be nice enough to provide the firehose for us.

I noticed there is two unchecked partitions that could easily be used to flash to, but im not entirely sure what they are used for or how they would be accessible.
 
loonycgb2 said:
being that the bootloader is locked not allowing usermode to even use dd on the partitions then the only other thing would be to cause the kernel to crash and making the system writable, but that would mean finding an exploit to use.

Unless zte would be nice enough to provide the firehose for us.

I noticed there is two unchecked partitions that could easily be used to flash to, but im not entirely sure what they are used for or how they would be accessible.
Click to expand...
I'm going to contact zte, again...
 
SapphireEx said:
I can't write what I can't see. I'm in the shell right now, but FTM is throwing "permission denied" whenever I try to cd into /dev/block/by-name/ to try and find where the recovery partition is stored
Click to expand...

I was reading one of my logs accessed via the video i posted earlier and in the log there was a reference to the location of recovery. Maybe try going into the factory reset mode and reading your logs it gave a good amount of information on the device as well as referenced location to recovery i can try to find it again in my log if that helps as I would really love this device if it were rooted I still like it a bit but I know it has a lot of untapped potential...
 
So our option is going though the factory reset or going though zte. I don't understand there has got to have been enough pleeding with zte by now. If they only knew they made the best 100 dollar phone ever. But hey sometimes the winner is a f#$king ******. It's the world we live in
 
loonycgb2 said:
being that the bootloader is locked not allowing usermode to even use dd on the partitions then the only other thing would be to cause the kernel to crash and making the system writable, but that would mean finding an exploit to use.

Unless zte would be nice enough to provide the firehose for us.

I noticed there is two unchecked partitions that could easily be used to flash to, but im not entirely sure what they are used for or how they would be accessible.
Click to expand...
We have the kernel source, so finding a way to crash the kernel should be pretty easy. The difficult part is going to be writing 35000kb during a kernel panic.
 
Just had a strange idea. Firehose MBNs store device platform/CPU/EMMC data it seems. What's stopping us from disassembling one for our CPU, our board, and our EMMC, then stitching it together?
 
I submitted an email to ZTE. I doubt anything will come of it, but you never know. Someone may generous. I know more people would buy and use the phone if it was unlocked.
 
I made a GDrive shared folder. Since I don't want random people coming and destroying our progress, message me privately and Ill give you access.
 
I hope this helps it's where partitions are located
 

Attachments

  • 20170126_142916_Burst01.jpg
    20170126_142916_Burst01.jpg
    441.4 KB · Views: 187
ZTE: We do not support rooting or unlocking the bootloader.

ZTE support is a dead end. Let's keep working guys.
 
loonycgb2 said:
being that the bootloader is locked not allowing usermode to even use dd on the partitions then the only other thing would be to cause the kernel to crash and making the system writable, but that would mean finding an exploit to use.

Unless zte would be nice enough to provide the firehose for us.

I noticed there is two unchecked partitions that could easily be used to flash to, but im not entirely sure what they are used for or how they would be accessible.
Click to expand...
Wait, we can systemless root with that! If the partitions aren't used, and aren't watched, we can drop twrp into it.
 
I'mmmm backkkkk. Sorry ladies and gents, had a girl run into my life for two months and then run out just as quickly. -_-
So yeah, XBM's are still unbelievable for this device.

Not much more here, give me a few will update.
 
Charles367 said:
So our option is going though the factory reset or going though zte. I don't understand there has got to have been enough pleeding with zte by now. If they only knew they made the best 100 dollar phone ever. But hey sometimes the winner is a f#$king ******. It's the world we live in
Click to expand...
The factory recovery seems like the best target to me, but there's no way to roll it back if it bricks.
 
Status
Not open for further replies.
Back
Top Bottom