• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root ZTE Zmax Pro Official Root Discussion

Status
Not open for further replies.
Has anyone tried rooting via sdcard?
adb ahell mount -o rw,remount rw, /emulated
and my ext sdcard gets write protected although mines is used as portable storage. But again the read write adb command works.
Just wondering if a script can be ran inside the sdcard /data folder now that we know disemmwcp is a command that is executable.
 
jhgfrtu said:
Has anyone tried rooting via sdcard?
adb ahell mount -o rw,remount rw, /emulated
and my ext sdcard gets write protected although mines is used as portable storage. But again the read write adb command works.
Just wondering if a script can be ran inside the sdcard /data folder now that we know disemmwcp is a command that is executable.
Click to expand...

Yes it's executable but it will just reboot you. From what I understand in the github script. And i tried it myself and of course I know it will reboot me. The only command that does as it should is edl mode as it clearly says in github it will really get you in edl mode.
 
Has anyone successfully backup up this device via a zte flash tool? The one I downloaded there's no instructions. I googled ZTE flash tool . There were too many tools to try. Gotta find the right one. Ill keep trying

Now if there is a tool to flash the stock rom, then we can open up the rom and replace the recovery.img with twrp.img,. basically a modded stock rom. Once flashed via the tool,, boot into twrp and flash the su.zip.

I have a rom tool that can extract and repack images.
 
Last edited:
jhgfrtu said:
Has anyone successfully backup up this device via a zte flash tool? The one I downloaded there's no instructions. I googled ZTE flash tool . There were too many tools to try. Gotta find the right one. Ill keep trying

Now if there is a tool to flash the stock rom, then we can open up the rom and replace the recovery.img with twrp.img,. basically a modded stock rom. Once flashed via the tool,, boot into twrp and flash the su.zip.

I have a rom tool that can extract and repack images.
Click to expand...
Not going to work
 
jhgfrtu said:
Has anyone successfully backup up this device via a zte flash tool? The one I downloaded there's no instructions. I googled ZTE flash tool . There were too many tools to try. Gotta find the right one. Ill keep trying
Click to expand...

The flash tool is built in the phone. I have it on my laptop right now. It has cdrominstall.zip which when I click makes a drive. Automount I suppose it has zero.bin file and a readme that says:

This directory contains the raw data that OEMs want to expose
to end-users.

Due to the limitation of mass storage. The cdrom ISO file should
be larger than 600KBytes.
If you put less files into this directory. Then it will create
a dummy file to fill the gap.

It also has pcsuite.zip same, it automounts. And it has the firmware folder. ZTE flash tool is provided on the phone guys.

The firmware folder has a disc image file size of 47kb

Oh just looked at it again, when it automounts, it creates 2 drives one for cdrom, one for usbdriver that has an autorun which when I click says ZTE handset usb driver.
 
Last edited:
Why do people think the presence of busybox means this phone is rooted? This is an example of how rooting a couple of devices and installing a custom rom or two doesnt make you an expert.
 
Why does everyone keep updating if we're trying to root? If there is any chance at all KingRoot are still working on this phone, wouldn't it be most likely that they root old firmware? Isn't it most likely any root would be for old firmware? We know for certain every update includes security patches which are exactly the opposite of what I thought we're all trying to achieve.
 
Jimmy Dixx said:
It isnt the presence of busybox that concerns me. It is the fact that there is a suid set.
Click to expand...

Well, that error is actually coz of suid and busybox according to this:

https://forum.xda-developers.com/showthread.php?t=1609177

And it is as early as 2012. They found a fix for it in 2014. Chmod 4755 command but of course we all know they patch that fix already. I think I also googled chmod command not working and tried what I found but nothing works of course.

That's why I said if you know how to make a busybox applet, then you will be the king. Coz according to the thread - /bin/busybox provides su (and in fact almost all commands).

I read the other link. The suid error is as early as 2011 and was fix same year with chmod command but that command does not work. In fact all commands does not work, LOL.
 
Last edited:
busybox applet, then you will be the king
Click to expand...

Ehhh. From what I can discerne, busybox itself has r/w perms, but it's actual directory+ system directory is still r/o for everything. An applet won't change much unless it's in the system directory to start with. If we could put anything there, we would have already installed su.

jhgfrtu said:
Has anyone tried rooting via sdcard?
adb ahell mount -o rw,remount rw, /emulated
and my ext sdcard gets write protected although mines is used as portable storage. But again the read write adb command works.
Just wondering if a script can be ran inside the sdcard /data folder now that we know disemmwcp is a command that is executable.
Click to expand...

We don't even need sdcard. ../tmp has full r/w permissions with chroot. I've even copied busybox and a few custom scripts there and executed them. We can r/w all day in unprotected directories. But they mean nothing as ../system is still r/o, and even though we can give ../tmp busybox root permissions, it can't do anything to protected files as it's still technically userland.
 
Throwing it out there just cus. but i recall back in the good ol windows xp days (i know totally relevant right) you could delete the administrator account with a non admin account and it would default it to admin. Soo is it possible if we find a magical way to delete the supposed root user is there any remote possibility of it creating or defaulting to a new/different user? very likely any such methods been patched or just wouldn't work. but figured id throw it out there see if it sticks or at minimum helps jog someones mind.
 
It's really curious why ZTE is so protective of such a low end device (the QC617 is a great chip though) are they trying to make sure the community doesn't find something on there? Or just to make sure they can control the market? Or maybe Boost was super crazy about this device. Either way. Interesting.
 
Sieze said:
Throwing it out there just cus. but i recall back in the good ol windows xp days (i know totally relevant right) you could delete the administrator account with a non admin account and it would default it to admin. Soo is it possible if we find a magical way to delete the supposed root user is there any remote possibility of it creating or defaulting to a new/different user? very likely any such methods been patched or just wouldn't work. but figured id throw it out there see if it sticks or at minimum helps jog someones mind.
Click to expand...

Linux doesn't work like this. If you remove your sudoers, you completely lose access to anything that requires sudo permissions.
 
GarnetSunset said:
It's really curious why ZTE is so protective of such a low end device (the QC617 is a great chip though) are they trying to make sure the community doesn't find something on there? Or just to make sure they can control the market? Or maybe Boost was super crazy about this device. Either way. Interesting.
Click to expand...
likely is data mining, they don't make much profit off selling the phone it's your data that gives them profit
 
Also, B20 is live, got OTA notification, if I hate it I have a mobo with B08 that I'll swap
 
MatreyuC said:
Why does everyone keep updating if we're trying to root? If there is any chance at all KingRoot are still working on this phone, wouldn't it be most likely that they root old firmware? Isn't it most likely any root would be for old firmware? We know for certain every update includes security patches which are exactly the opposite of what I thought we're all trying to achieve.
Click to expand...
Some of us have nothing to contribute that could possibly get us closer to root and therefore we'd prefer the latest fixes.
 
GarnetSunset said:
It's really curious why ZTE is so protective of such a low end device (the QC617 is a great chip though) are they trying to make sure the community doesn't find something on there? Or just to make sure they can control the market? Or maybe Boost was super crazy about this device. Either way. Interesting.
Click to expand...
Right! I went and bought Z981 just because of that and it's not just the parent directory there bat sh*t crazy about. The whole device is over limited. Perhaps it's for user security but ...ijdk.
 
Edward Vance said:
Right! I went and bought Z981 just because of that and it's not just the parent directory there bat sh*t crazy about. The whole device is over limited. Perhaps it's for user security but ...ijdk.
Click to expand...
Again, China. You cant trust anything coming from a country where the chinese government owns everything. Everybody who bought this phone (including myself) might as well have purchased our phones from Xi Jinping himself. Maybe we need to start harrassing him about root.
 
Sieze said:
Throwing it out there just cus. but i recall back in the good ol windows xp days (i know totally relevant right) you could delete the administrator account with a non admin account and it would default it to admin. Soo is it possible if we find a magical way to delete the supposed root user is there any remote possibility of it creating or defaulting to a new/different user? very likely any such methods been patched or just wouldn't work. but figured id throw it out there see if it sticks or at minimum helps jog someones mind.
Click to expand...
Ha. Still doesnt beat the 95/98 method of deleting that user's .pwl file and logging in under their desktop. It would have you set a new password for them and everything on their account was still there. Documents everything.. Sorry, got off topic there. But on a *nix system, anything like that is highly unlikely to work.
 
Status
Not open for further replies.
Back
Top Bottom