Root ZTE ZMAX Pro (Z981) root discussion

[scary alien]

Could this be accomplished using magisk??

Pretty sure Magisk requires that your device is already rooted...

 

[lambo352]

It looks like you can use it to root.. I read the XDA post..

 

[5318008]

How would we flash Magisk without a custom recovery?

 

[scary alien]

It looks like you can use it to root.. I read the XDA post..

Pretty sure you're misinterpreting what that page is saying...

"If you're not rooted, or using Magisk version older than v7, or something went wrong and you need a clean start"​

That does not imply that Magisk will root your device (Magisk is not a root exploit).

 

[Charles367]

So much back and fourth on here. Metro this and zte that. We need signing key.. Then flash update. Can't anyone get that?

 

[Charles367]

Problem is that very few and6 are rooted. So once we get root if we do, we could be facing a lot of support issues anyway. Shit we might only gain read write for a year or so. I'm regretting buying this phone smh

 

[scary alien]

Yet more, off-topic, posts moved to the "off-topic" thread:

http://androidforums.com/threads/zte-zmax-pro-z981-off-topic-root-discussion.1094781/​

Guys, this thread is specifically for "how to root the ZTE ZMAX Pro (Z981)"...

 

[cyanidekid]

Please if you haven't done so already please download KingRoot. Run it. Click submit request for research. The more the better the chance and quicker support

 

[Deleted User]

I've started a telegram group for those interested in conversing over root development, if this is innapropriate for the thread mods remove it Telegram.me/ZMaxPro

 

[Deleted User]

also, an associate of mine was able to write to 2 system files using dirty cow

 

[JIMMYHENDRIX]

also, an associate of mine was able to write to 2 system files using dirty cow

How did it go

 

[bossman618]

Every 3 part rar rom I've ever seen was fake

 

[scary alien]

Every 3 part rar rom I've ever seen was fake

Hmm, @styrolls, please cite the exact XDA thread...

Everyone else...please hang loose...

 

[5318008]

Smells like more fake root site click bait

 

[jhoak1]

Every 3 part rar rom I've ever seen was fake

If a Rom is split into 3 different files it's fake always. Its click bait is what it's call

 

[cyanidekid]

Looks like dirty cow would have to be tweaked for our individual device

 

[cyanidekid]

The donate version of framaroot gives the option of using custom script if I'm correct? Could we fashion dirty cow script?

 

[bcrichster]

Where's the donate version of Framaroot located? Never seen it.. Plus, I think the custom script is enabled in v1.91+

 

[cyanidekid]

UPDATE: Dirty Cow Didn't work

I'll try the drammer exploit

Are you sure dirty cow can't be scripted to individual models like the LG was

 

[scary alien]

Interesting post over at XDA:

Dirtycow has been updated to spawn a root shell by default! Push the new binaries and run

https://github.com/timwr/CVE-2016-5195

Doesn't get you past the SELinux hurdle, but interesting nonetheless...

edit: gah! there's a subsequent post in the XDA thread that the spawned root shell might not be "all that", so take it for what you will...

 

[cyanidekid]

Interesting post over at XDA:

​

Doesn't get you past the SELinux hurdle, but interesting nonetheless...

I'm on Windows 7. Any chance that dirty cow variant that can run on Windows?

 

[scary alien]

I'm on Windows 7. Any chance that dirty cow variant that can run on Windows?

The dirtycow binaries run on the Android device...

You run the utility against two files: a "from" (source) file whose contents you would like to use to replace the "to" (destination) file's in-memory contents.

The from (source) file must not be larger than the to (destination) file as it's replacing the in-memory copy.

 

[cyanidekid]

The dirtycow binaries run on the Android device...

You run the utility against two files: a "from" (source) file whose contents you would like to use to replace the "to" (destination) file's in-memory contents.

The from (source) file must not be larger than the to (destination) file as it's replacing the in-memory copy.

I'm not understanding everything. I'm saying use Windows to run dirty cow and have zmax pro hooked USB adb etc

 

[cyanidekid]

I'm on Windows 7. Any chance that dirty cow variant that can run on Windows?

What about system write protect bypass commands? Reboot delemmcwp etc was done on original ZTE ZMAX

 

[scary alien]

I'm not understanding everything. I'm saying use Windows to run dirty cow and have zmax pro hooked USB adb etc

Ah, sorry--I misunderstood...

Yes, of course, you can use any PC (Windows, Linux, Mac) that will run an adb client to your Android device (with suitable USB debugging enabled and authorized) should be able to run the dirtycow utility.

What about system write protect bypass commands? Reboot delemmcwp etc was done on original ZTE ZMAX

Well, that's the trick here--assuming that you guys want to actually install root by modifying /system (which is more likely / possible) that running systemless root (which requires being able to update the boot.img)--it takes special privileges to be able mount the system partition in read-write mode and that includes having the proper SELinux context (again, the linchpin for being to install the supersu root package) for doing so.

There are differences between devices that may allow special back doors like there was/is for the LG V20, so someone will just have to poke-around in your device for it's cracks.

Getting a root shell via the method I posted above will go a long way towards allowing you to find (and hopefully exploit) these cracks--there are ton of things hidden from the non-root user.

edit: gah! there's a subsequent post in the XDA thread that the spawned root shell might not be "all that", so take it for what you will...I'll update the other post, too, re. this.