• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root ZTE Zmax Pro Official Root Discussion

Status
Not open for further replies.
Screenshot for root checker ?

No screenshot, i dont play around making up lies like previous users.
Im just giving a heads up after the discord fiasco of stupidity..

Does not work on newer builds, but there is another exploit which can be executed for newer builds.

Is it a special version you are talking about. Or how does a root tool based on CVE-2015-1805 & with a Requirement of an LP Kernel from Dec 2015 work on a ZTE device. And for how long ?

https://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597

Leg pulling ? Or did you meant on an LG phone ? Or where did you read it ?

Great, so the roadmap being followed over @ Discord by SapphireEx should be successful too.

The requirement goes by security updates, not necessarily kernel version and date.

The iovyroot has to be modified from the source to include zte zmax pro kernel addresses, it provides a temp root with limited functions, but partitions are readable via escalated terminal.

The "developers" should have no issue working "two" different exploits to gain full root. But they just need to know which versions to use and what they are looking for.

Once done dm-verity can be removed via format, but the twrp provided by messi works, but cant access partitions. misconfigured partition directorys

Yeah I said screw the phone minus ppl talking smack after I tried to help I just went to TMobile and got the Galaxy s8

;) im with you there, nobody talked nothing about me, but some people got very cocky with "developer" status lmao
 
Upvote 0
No screenshot, i dont play around making up lies like previous users.
Im just giving a heads up after the discord fiasco of stupidity..

Does not work on newer builds, but there is another exploit which can be executed for newer builds.



The requirement goes by security updates, not necessarily kernel version and date.

The iovyroot has to be modified from the source to include zte zmax pro kernel addresses, it provides a temp root with limited functions, but partitions are readable via escalated terminal.

The "developers" should have no issue working "two" different exploits to gain full root. But they just need to know which versions to use and what they are looking for.

Once done dm-verity can be removed via format, but the twrp provided by messi works, but cant access partitions. misconfigured partition directorys
Thanks for the very detailed heads up. More options always help. Was wondering if you still own a Z981 ?
 
Upvote 0
Hi guys im new to androidforums and this is my first post, I haven't read this long post but it is very interesting.
I want to contribute my findings even though I am aware the ZTE spies are watching us,
but anyways.
when i found that there was no root for zte z981, I have a later version Z982 stock android nougat 7.1.1 I was guessing it was similar so i went ahead looked at our cousins, Zmax AXON 7 which had fastboot but again, some options were turned off by ZTE, It occured to me this phone is very similar to AXON 7 even the DFU and FTM modes. I was able to access them both. in FTM mode I had Qualcomm HS-USB QDLoader 9008 show up in device manager. which also the same for AXON 7
there is a utility called MiFlash 2016, in the post below that shows up FTM device...
Essentially, Im at the last step which is to flash the recovery for AXON 7, which I am too scared because I do not want to brick the device.
So, to do this I need your help
If anyone can grab a copy of z982 7.1.1 recoveries or tell me how to make a dump, or even give me stock updates for zmax z982, then I would have 2 options
1) flash AxON 7 recoveries and test see if they load
2) grab checksum files from official zip's and try to load them with modified code.
thanks


https://forum.xda-developers.com/axon-7/development/edl-emergency-dl-mode-twrp-unlock-t3553514
 
  • Like
Reactions: RootBeerGuy
Upvote 0
Hi guys im new to androidforums and this is my first post, I haven't read this long post but it is very interesting.
I want to contribute my findings even though I am aware the ZTE spies are watching us,
but anyways.
when i found that there was no root for zte z981, I have a later version Z982 stock android nougat 7.1.1 I was guessing it was similar so i went ahead looked at our cousins, Zmax AXON 7 which had fastboot but again, some options were turned off by ZTE, It occured to me this phone is very similar to AXON 7 even the DFU and FTM modes. I was able to access them both. in FTM mode I had Qualcomm HS-USB QDLoader 9008 show up in device manager. which also the same for AXON 7
there is a utility called MiFlash 2016, in the post below that shows up FTM device...
Essentially, Im at the last step which is to flash the recovery for AXON 7, which I am too scared because I do not want to brick the device.
So, to do this I need your help
If anyone can grab a copy of z982 7.1.1 recoveries or tell me how to make a dump, or even give me stock updates for zmax z982, then I would have 2 options
1) flash AxON 7 recoveries and test see if they load
2) grab checksum files from official zip's and try to load them with modified code.
thanks


https://forum.xda-developers.com/axon-7/development/edl-emergency-dl-mode-twrp-unlock-t3553514
It won't start to flash anything.
 
  • Like
Reactions: pyro357
Upvote 0
Sorry I actually did not read the entire post, but I have a last line of defense left for this phone which is my last route, opening the darn phone up and reading the nand flash and putting the darn superuser binary...
Also @messi2050
were you able to try and flash the files using MiFlash using deep flash cable? because it could be those sahara errors be because of simple cable issues. if not signing issues
....
Also I don't remember but someone posted pics of the motherboard of this phone, I needed to the see the back side of this phone, to see if the nand flash is covered by the noise canceling cover ontop of the SoC's.

I could not find a picture of the board online yet,
and schematic looks like not available, which leaves me to desolder the nand chip and create a pcb to wire up jig to read the jtag through it.
I have the necessary tools to read flash electronically.
 
Upvote 0
I want to pull the flash band chip out of the phone but most likely I will be able to read it even though it is encrypted, but I will most likely brake my existing z982 -.- so anyone have broken bad ram boards? I just wanna extract recovery and bootloader of these phones to do a proper reverse engineering and if I can't figure it out il post them for everyone to use,
PS you guys should really stop complaining about noon root but instead help by trying other root methods from ZTE family
 
Upvote 0
I want to pull the flash band chip out of the phone but most likely I will be able to read it even though it is encrypted, but I will most likely brake my existing z982 -.- so anyone have broken bad ram boards? I just wanna extract recovery and bootloader of these phones to do a proper reverse engineering and if I can't figure it out il post them for everyone to use,
<br> PS you guys should really stop complaining about noon root but instead help by trying other root methods from ZTE family

Will try to find you a board. Check your PM.

Guys there are a handful of exploits still available for us. Specially for those that didn't update FW.

https://www.xda-developers.com/dirty-cow-exploit-linux-android-zniu/

Just wait a bit. Root will happen!!!
 
Last edited:
  • Like
Reactions: RootBeerGuy
Upvote 0
Hey this is my first reply in spite of me being a long time lurker of this site, and I must tell yall I have never seen so much diligence, focus, and effort to attempt root. I wish I could help but you guys have pulled out the big guns on this! The amount of knowledge being dropped in this thread is incredible. I wouldn't be surprised if you guys said "screw it" and created a whole new OS to run off Android Kernels. That's how much faith I have in y'all plz don't give up
 
Upvote 0
I was wondering if someone looked deep into the stock recovery?

I was stumbling in the recovery logs cause I wipe cache every now and then, and there is a lot of coding and options I guess you could access with adb cause it's numbered options. Saw some keys and all, just don't know if it's any help but could be if no one looked deep enough
 
Upvote 0
Upvote 0
Hey man! , I started a tree for the k20 , it builds but I can't boot. Idk if you got on Hangouts or telegram , but I wanted to chat with you. I know you posted the twrp for the k20. Hit me up.
I used a bq device for a base.
dfuse06@gmail.com for hangouts.
https://github.com/dfuse06?tab=repositories
My GitHub.
Hi
It's your fstab
https://github.com/dfuse06/android_device_lge_lv517/blob/cm-14.1/rootdir/fstab.lv517
How the device will know and mount the boot partition while you didn't identify it..
Use my 13 fstab
https://github.com/messi2050/android_device_lge_ph2n/blob/cm-13.0/rootdir/fstab.ph2n
Also revert your changes to the defconfig and keep lg changes.
 
Upvote 0
Upvote 0
Status
Not open for further replies.

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones