• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root ZTE ZMAX Pro (Z981) root discussion

Status
Not open for further replies.
It isn't letting me choose /system/bin/ just the root directory then it makes its own folder in it. I'm trying to find the config files to see if I can modify it manually, but I'm not sure where they are saved.
 
I can choose it but it says file already exists. If I just put in / it makes a folder /ztorrent right in the root directory. I can't find the config file.

I think I'm going to do a reset, and reinstall it so I have less to look through.
 
I've got two of them that I'm not afraid to brick. If anyone has any ideas to try, I'm willing to go for it.

I like the phone, but the screen glitches out all the time. I'm ready to go buy something different anyway. I bought them because I needed a phone that day after losing an HTC one m9.

I've never had a phone that was this picky about having a perfectly clean screen. It seems like I have to wipe it down everytime I pick it up.
When I got this phone the first 3 months of use the screen glitches a lot, and suddenly it got fixed by itself. I think is a hardware issue.
 
When I got this phone the first 3 months of use the screen glitches a lot, and suddenly it got fixed by itself. I think is a hardware issue.

Mine seem like they're just really sensitive to finger prints, and dust on the screen. Wiping them down seems to fix it for a little while. It's impossible to not get fingerprints on them. It could probably be tamed by a software update, but they don't seem to be rushing any out.

I fell asleep taking a crack at it last night. I had been up all night watching the election. I'll take another run at it tonight.

I'll dissamble it, and dump it through the hardware if I have to. I don't care if I break it. I'd rather be the one that breaks it than mailing it to someone else though. We do this to learn right.?
 
For those of you who are thinking the quadrooter exploit might be the answer to rooting this phone, as far as I know the last time someone found an exploit like this and turned it into a root apk was when geohot made towelroot. Stagefright was found by a security firm and that is probably the case with quadrooter as well. In my opinion it's doubtful that how to implement the quadrooter exploit will ever become public knowledge.

Do you know if anyone has made any
progress on this? A combination of this, and DirtyCow would make this a piece of cake. The exploits was found in the wild. There has to be a code sample somewhere. I really doubt these phones have received the patch.
 
Mine seem like they're just really sensitive to finger prints, and dust on the screen. Wiping them down seems to fix it for a little while. It's impossible to not get fingerprints on them. It could probably be tamed by a software update, but they don't seem to be rushing any out.

I fell asleep taking a crack at it last night. I had been up all night watching the election. I'll take another run at it tonight.

I'll dissamble it, and dump it through the hardware if I have to. I don't care if I break it. I'd rather be the one that breaks it than mailing it to someone else though. We do this to learn right.?
You are right, I forgot to tell I disabled the fingerprint button. My hands usually get dirty and I don't have time for cleaning every time I need to use de phone lol.
 
Do you know if anyone has made any
progress on this? A combination of this, and DirtyCow would make this a piece of cake. The exploits was found in the wild. There has to be a code sample somewhere. I really doubt these phones have received the patch.
You are right, this device has not received any update and is not patched.

It has been demonstrated that the bug can be utilized to root any Android device up to Android version 7
https://en.m.wikipedia.org/wiki/Dirty_COW
 
It has been demonstrated that the bug can be utilized to root any Android device up to Android version 7
https://en.m.wikipedia.org/wiki/Dirty_COW

Well, I'm not sure that's 100% true at this point (from what I've read and been following). The "dirty cow" CVE-2016-5195 basically just cracks the door a little but--getting all the way through it to full root is a whole 'nother story.

You very likely can get a rooted shell running, but if you cannot disable SELinux's enforcing mode, then you don't have a direct path (SE Linux context / permissions) to installing Chainfire's root (UPDATE-SuperSU-vx.xx.zip) package to fully install root so that apps can have root privileges (i.e., via an su call, etc.).

Some devices (LG V20), with a unlocked bootloader, can take a (very clever) circuitous route of modding and flashing a patched boot.img to the recovery partition and then booting from that "recovery" to install a custom recovery.

Here's a good thread (pretty sure it's already been mentioned/referenced here) I've been following for progress re. all of this:

 
Hello, all! I've been following this thread pretty much since its inception and thought maybe it was time I joined the board.

I was playing around with a new VR visor (NeuTab) in which the Zmax Pro just BARELY fits...so I tried putting it in the wrong way and, quite inadvertently, triggered the phone's recovery menu. I don't recall anyone talking about it (though after 42 pages, I may have forgotten). This menu includes the items "Apply update from ADB" and "Apply update from SD card"

Has anyone tried flashing the TWRP file (or others) through this mode? Or tried executing other ADB commands while connected through that?
 
Hello, all! I've been following this thread pretty much since its inception and thought maybe it was time I joined the board.

I was playing around with a new VR visor (NeuTab) in which the Zmax Pro just BARELY fits...so I tried putting it in the wrong way and, quite inadvertently, triggered the phone's recovery menu. I don't recall anyone talking about it (though after 42 pages, I may have forgotten). This menu includes the items "Apply update from ADB" and "Apply update from SD card"

Has anyone tried flashing the TWRP file (or others) through this mode? Or tried executing other ADB commands while connected through that?

Can't flash unsigned zips in the stock recovery. That'd be way too easy.
 
Duuuuudes, so i put a lumia on craigs list to sell and got a txt to trade, long story short i have a 2nd zmax ahaha. We have got to find root! At any rate i have a backup to test on :)
 
Hey Messi.. :cool:
I was in shock when I seen this over at XDA.. http://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594

Looks like the Dirty Kow exploit did it for the V20.. and that damn thing just kame out!

Kan that help our kause at all? Guess the bootloader is easier to get to on LG.. :(
Yes man that's what i was trying in the last days but unfortunately the zmax pro have many init.**** files and we don't know the correct target one yet that's why you need to edit the source and compile for a new ini target every time u try , wtf everyone come and say i will send you a device this week and they never appear again.... with a 500 downloads for the recovery this is really ridiculous :mad:
 
I just got a zmax pro for my wife and myself. Gave the old z970's to the kids. I was scooting around in the vendor folder and noticed a piece of windows software.RIDLClient.exe. Anybody know what it could be used for?
 
You are inciting a riot which is not considered to be a very bright idea. Burning out in such a way is what got the broken os community killed for the zmax. It also killed the original rooting community for the zmax until kingroot came out with a viable method.
Truth [emoji41]
 
I have this thread bookmarked coz I have the phone. The new 'tight' security in new phones makes me not mess with phones anymore. So even if you guys root this phone. I don't think I would try it. I learned my lesson when I root my alcatel fierce then I really did nothing with it. Just harm it when I updated and brick my phone.

Is there still new things you can do with new phones they don't already have and that's why you root it or you guys are just rooting for the heck of it?

My popcorn is always ready when reading this thread though. Nice read.
 
Chill guys , the thread title is [ZTE ZMAX Pro (Z981) root discussion]
So let's stop talking about donations..money..etc and concentrate on the real target of this thread , i did the most that i can do without owing the device by compiling twrp (don't expect more from me), if we didn't reach enough contributions for a development device then it's still not the end of the world , the device real owners can still try every available method to obtain root on this tough device and share their ideas in this thread , also notice that getting a development device does not guarantee that the zmax pro was 100% going to have root too.. i was just going to try all the possible ways/ideas i can think in and wait for the result... so let's stay on topic and share ideas from the real owners of this device.
 
The Scary Alien needs to hunt down and "silence" all the negative people. (even if that includes me and my rant a few posts back!) Maybe transfer them all to the tethering thread! ^_^

Incidentally, I've had my Zmax Pro for nearly 3 months, so if some workable experiments are found, I'd be perfectly willing to be a guinea pig! :D
 
I'm starting this thread so that we can possibly work together to try to find a way to get root on this phone and compare notes on what we have tried. To be honest, I doubt that we are going to get root without a custom recovery and a way to flash it. I think that the key is either ftm mode which is accessed by holding power and volume up, or by holding power volume up and volume down which boots the phone into a mode where only the home key lights up. I believe that this is download mode and might possibly give us access to the bootloader. The big question is what program/drivers we are going to need on the PC end. All ideas are welcome here. If you think you might be able to help don't hesitate.
Theres a way to unlock bootloader, if you enable developers options its in there.
 
Status
Not open for further replies.
Back
Top Bottom