Root ZTE ZMAX Pro (Z981) root discussion

[jaykoerner]

Here are some screenies

On another note, I'm not sure if we have the kernel for our device yet, but I sent masterchief a copy of the zte grand x max 2 kernel, basically the same device with a second camera instead of a finger print scanner. Hoping that will help get the root train rolling

 

[Masterchief87]

On another note, I'm not sure if we have the kernel for our device yet, but I sent masterchief a copy of the zte grand x max 2 kernel, basically the same device with a second camera instead of a finger print scanner. Hoping that will help get the root train rolling

I got your message. Yes, you can download the kernel source for pretty much every zte device that runs Android, including the zmax pro, from their open source site. I can't do anything with it though. I suppose someone who knows a hell of a lot more than me could look through it to try to find a vulnerability that could be used to gain root but that takes a lot more skill than I possess.

 

[jaykoerner]

I got your message. Yes, you can download the kernel source for pretty much every zte device that runs Android, including the zmax pro, from their open source site. I can't do anything with it though. I suppose someone who knows a hell of a lot more than me could look through it to try to find a vulnerability that could be used to gain root but that takes a lot more skill than I possess.

Bummer

 

[scary alien]

Okay guys, a bunch (hopefully most) of (off-this-topic's) posts related to tethering/hotspot have been moved to their own thread:

http://androidforums.com/threads/zte-zmax-pro-z981-tethering-discussion.1066959/​

Please remember the main purpose of this thread:

I'm starting this thread so that we can possibly work together to try to find a way to get root on this phone and compare notes on what we have tried.

Thanks and best of luck!

 

[jaykoerner]

I got your message. Yes, you can download the kernel source for pretty much every zte device that runs Android, including the zmax pro, from their open source site. I can't do anything with it though. I suppose someone who knows a hell of a lot more than me could look through it to try to find a vulnerability that could be used to gain root but that takes a lot more skill than I possess.

EDIT- I'm a idiot, the kernal has nothing to do with any of this, it's just a preloader for drivers and such, i didn't even think about the fact the bootloader exists. so this question is useless.

I've been looking at the kernel source, trying to find out what the button combos do(power on button combos are controlled by the kernel right?), But I have no clue what file does what, and haven't had any luck randomly looking around the files, any clue where I could get the info nessasary to know what does what? I don't need to find a exploit, I just want to see if we can get hints at what the modes do, hopefully they will have commented their code, but that's just a hope

 

[jaykoerner]

I'm starting this thread so that we can possibly work together to try to find a way to get root on this phone and compare notes on what we have tried. To be honest, I doubt that we are going to get root without a custom recovery and a way to flash it. I think that the key is either ftm mode which is accessed by holding power and volume up, or by holding power volume up and volume down which boots the phone into a mode where only the home key lights up. I believe that this is download mode and might possibly give us access to the bootloader. The big question is what program/drivers we are going to need on the PC end. All ideas are welcome here. If you think you might be able to help don't hesitate.

i know you are looking for a way to flash this device, so i started looking at Chinese root threads(zte is more common over there). they were somehow able to put twrp on the zte blade s6(a zte phone also based on the snapdragon 615, running lollipop) over there, but i can't understand the google translate enough to see how they did it. there might be a flash tool but don't ask me, it would be best if we have someone that reads chinese.

http://www.myzte.cn/thread-263317-1-1.html

here is the whole thread for the device

http://www.myzte.cn/forum-933-1.html

 

[jaykoerner]

i'm grasping at straws here, the only thing i could think of is to check other countries where zte is more common.
also note, im not saying anything on that site will work for our phone, the devices over there could use completely different software-so try anything you find at your own risk.

 

[xyourxhighnessx]

We have the snapdragon 617. Not 615

 

[jaykoerner]

We have the snapdragon 617. Not 615

no its a 615

 

[jaykoerner]

We have the snapdragon 617. Not 615

Definitely a 615, some of the stupid news site messed up, along with this device having a metal frame(it's plastic, scratch it if you don't believe me, but it's good plastic), not having a gyro, not having a ambient light sensor(it exists, but does little), it having 5GHz wifi, ect... , I have never in the life of me seen a phone so misreported, maybe just one spec but not all this junk,

CPU-z pic below

 

[Elix9000]

Definitely a 615, some of the stupid news site messed up, along with this device having a metal frame(it's plastic, scratch it if you don't believe me, but it's good plastic), not having a gyro, not having a ambient light sensor(it exists, but does little), it having 5GHz wifi, ect... , I have never in the life of me seen a phone so misreported, maybe just one spec but not all this junk,

CPU-z pic below

Its a 617. And those click speeds our wrong. We do have 4 1.5 ghz cores but we don't have 4 1.2 ghz cored we have 4 1ghz cores

 

[jaykoerner]

Its a 617. And those click speeds our wrong. We do have 4 1.5 ghz cores but we don't have 4 1.2 ghz cored we have 4 1ghz cores

Maybe your right, but the news sites have ****ed up on alot of things on this phone, even zte themselves has reported the specs wrong(5ghz wifi?)EDIT looked up the CPU Id manually and yeah it's a 617, my bad, regardless there have still been a bunch of misinformation about this phone going around.

 

[jaykoerner]

We have the snapdragon 617. Not 615

The fact we have a different CPU shouldn't matter if the flash tool is the same, I'm not asking to port ROMs, but a 615 and 617 are similar enough that they likely use the same recovery software, ect... If you want to find a closer phone to ours that has root and recovery, I don't know of any, if you do please tell

 

[Elix9000]

Maybe your right, but the news sites have ****ed up on alot of things on this phone, even zte themselves has reported the specs wrong(5ghz wifi?)EDIT looked up the CPU Id manually and yeah it's a 617, my bad, regardless there have still been a bunch of misinformation about this phone going around.

They planned to have 5 ghz wifi. It was a last minute cut.

 

[Krlypumaa]

They planned to have 5 ghz wifi. It was a last minute cut.

Its a functionality that had been disabled in kernel... Wifi.hardware does have the dualband... All this issue's has been because they (MPCS'TMO) wanted to have MM6.0.1 out and not 6.0 OS the security patch. Implemented disabled a lot of things within Rom.
This Rom n Kernel has a lot of berried stuff.

 

[Elix9000]

Its a functionality that had been disabled in kernel... Wifi.hardware does have the dualband... All this issue's has been because they (MPCS'TMO) wanted to have MM6.0.1 out and not 6.0 OS the security patch. Implemented disabled a lot of things within Rom.
This Rom n Kernel has a lot of berried stuff.

So if someone made a stable kernel that could do dual band would it work?

 

[Masterchief87]

Come on guys we have a thread just for talk about tethering and just had over 50 off topic posts removed from this one. Let's not clutter it all over again.

 

[jaykoerner]

Come on guys we have a thread just for talk about tethering and just had over 50 off topic posts removed from this one. Let's not clutter it all over again.

Started off talking about the kernel, ended up back at hotspot, sorry

 

[PizzaG]

I have the Z988. Its vulnerable to the quadroot exploit which im sure can be ported to something useful. The specifics are above my paygrade but im sure a knowledgeable person could make somwthing happen. The exploit affects 900 million phones, im pretty sure that is our easiest way in. Incorporate the exploit into supersu installer maybe and whalla. Wat do you guys think?

 

[Elix9000]

I have the Z988. Its vulnerable to the quadroot exploit which im sure can be ported to something useful. The specifics are above my paygrade but im sure a knowledgeable person could make somwthing happen. The exploit affects 900 million phones, im pretty sure that is our easiest way in. Incorporate the exploit into supersu installer maybe and whalla. Wat do you guys think?

How do you test if its vulnerable. Our device may not be vulnerable

 

[Krlypumaa]

I have the Z988. Its vulnerable to the quadroot exploit which im sure can be ported to something useful. The specifics are above my paygrade but im sure a knowledgeable person could make somwthing happen. The exploit affects 900 million phones, im pretty sure that is our easiest way in. Incorporate the exploit into supersu installer maybe and whalla. Wat do you guys think?

Could be... Im doing comparation with z981(ours), z988 and z63u were z63u and ours are the most similar. Z988 its buid on 1.0.3 sdk and z63u and z981 are built on 2.1.3 that means that keys are different. Now i heard that our n the new zte axon 7 have same digital signature n its an xploit already for the axon now im trying to get some my friends run scripts with in OS's kernel its already on this side of the court. We just need to bypass digital.key. that's what stopping me. I have ran some edits and that devices has successfully reboot with out bricks or softbricks... Either on stock recovery, FTM, FDU and pushed adb.
Just not sticking [emoji716]

 

[Elix9000]

Could be... Im doing comparation with z981(ours), z988 and z63u were z63u and ours are the most similar. Z988 its buid on 1.0.3 sdk and z63u and z981 are built on 2.1.3 that means that keys are different. Now i heard that our n the new zte axon 7 have same digital signature n its an xploit already for the axon now im trying to get some my friends run scripts with in OS's kernel its already on this side of the court. We just need to bypass digital.key. that's what stopping me. I have ran some edits and that devices has successfully reboot with out bricks or softbricks... Either on stock recovery, FTM, FDU and pushed adb.
Just not sticking [emoji716]

Hmm that's excellent

 

[PizzaG]

Quadrooter scanner on the play store is what i used to check for the quadroot vulnerability. The Z988 has 2 vulnerabilities for it

 

[Elix9000]

Quadrooter scanner on the play store is what i used to check for the quadroot vulnerability. The Z988 has 2 vulnerabilities for it

So does our device.

 

[Jimmy Dixx]

So does our device.

Just checked myself and yep, same. Two vulnerabilities.