Discussion in 'Android Devices' started by anubis2048, Jan 14, 2017.
I already have them and pm'd him
Cool, I'll take down the posts.
hey Guys making my rounds tonight, looks like I'll get those partition dumps, thanks guys.
been so busy , fixing electrical stuff at 1 rent house and plumbing at another.
haven't made it by the MPCS yet but I'll probably just buy one of these on ebay or craigslist or something, since I'll never activate it on a network, and MPCS will want to sell the network with the phone.
I have a ZTE zmax pro laying around that could be a guinea pig.
He helped me out, but it failed several times.
Any chance of the ZMAX PRO root method helping lead to a BLADE ZMAX root?
How is the blade zmax camera compared to the pro?
is there any recovery twrp for Zmax Blade?
Please stay on topic. This thread is about rooting the ZTE Zmax Pro
I need some guy with enough experience to extract the loader of z981 from uni uat tool
I believe it's encrypted file
Then upload it to me
I will make it 1 click root
Pls extract zte loader
Sapphire probably could. He's working on something better though. Free uni uat tool (latest version).
i think no one can crack it
exract the loaders will be enough
Why not? He's a great hacker
One of the biggest problems is where would he post a link if he did? Mods will take it down for posting a free paid app.
Could always talk to whoever develops that app to see if the pro-max users could have a free version just with they're phone drivers activated keeping the rest behind a pay wall if using the loaders won't work
I don't think so
Just a thought
Unfortunately as of right now, us non-hacker regular Zmax users can't do anything else but to wait on somebody who god know if they will charge us or not
Charging for root is a sin in my book
Been sitting or I guess "lurking", waiting very impatiently for the moment I will finally get to root this bastard. Rooted two phones and read some incredibly entertaining and at times a bit creepy conversation during this long year and a half. I ,of course managed to buy the only two unrootable Android's. Luckily, the S8+ wasn't hard, now my ZMax Pro is just a vendetta. Thank you for all the hard work and stress you guys and gals put into this sometimes thankless job. I for one greatly appreciate it and am sooooooo looking forward to the final post on this thread.
Tell that to 4str4y4L
Hello. Im not by any means a newbie to Android. I have been in it since the beginning, got the G1 on release day, I was there when Cyanogen released his first Donut builds, and was the founder/admin of the Cyanogenmod IRC channel for the first couple years. However, I am not a developer. Im a tester and an admin and all around gadget enthusiast.
Ive been watching this forum since it started and waiting for the magical moment when we get to realize the potential of this device. I have kept in the back as I am not a dev and don't have a whole lot to contribute to the project. Today however I happened to come across something that may actually be of some help, and the dev behind the project might actually be interested in helping us as it could also benefit his work as well.
For the technical folks, have a look at this github. The guy is working out an open source tool set for qcom msm devices to replace the proprietary kits like qfil and the like.
When you look at the tools like Uni and z3x and MiracleBox and blah blah blah the hundered other box based phone flasher kits (yes I know Uni is boxless), all they are is a GUI frontend that pulls together a bunch of tools that are readily available in individual form somewhere on the web. For Uni they have the ADB section, theres the Qualcomm section, the MTK section and so on, which all just call to the various tools inside the program directory,.. its all there, SP Flashtool, x10Flasher, etc, EXCEPT.. no QPST stuff anywhere.. Weird. Im pretty sure these opportunistic fellows aren't so smart that they wrote their own loaders and whatnot for the qcom platform. If they were, they would have much more value to say a company like qcom themselves, than selling another in a long line of phone unlocking kits that capitalize on other people's tools and work. I think these groups spend more time and money in r&d on how to make their "software" uncrackable than they do on the actual product itself...
Anyway, somehow they have managed to wrap the qcom loader bits and the signature bits we need inside that blasted exe file, and Im thinking the guy at that github may have some ideas on how they did that...
I have not contacted him and prefer a more technically inclined person do so, as I may just be waaaayyyy of base here, but it might be worth the 5-10 minutes it would take one of you dev types to start up a conversation with the fellow. And by "one of you dev types" i obviously mean @Astr4y4L
One little observation that I want to make regarding this Uni tool method... You guys realize that It's not actually Uni that is doing the rooting of the device. Its Magisk that places the necessary binaries and patches the system. All we need uni for is to get TWRP onto the device. That's it. Its still not rooted until you flash Magisk. SO, my point is, no one is charging ANYTHING for rooting here. The cost is for a software product that among it's 1000 other features, will allow flashing firmware, and thus recovery images to the z981. The Uni folks make no claims whatsoever that they can ROOT the device and for that matter, that is not even their goal. They are focused on SIM unlocking and FRP bypassing on as many different devices as they can.
Please stay on topic, contribute useful information and not get into needless and puerile criticisms.
A reminder of the thread rules:
SRY been busy but just seen this post.
Looked at the git hub, it's like you said an opensourced work based on QPST, which is basicly the same as Qfil or QXDM.
The file we need to make flashing firmware possible is the FIrehose.mbn for this particular chipset.
that's closed source software, I've contacted my people at Qcom, they wont release it to me unless I buy OEM license to produce an android device similar to this using the same chipset.. Which is yet another reason I can't stand corporations and such, but to stay on topic.
what the UNI-tool does is use that firehose file to allow side-loading and booting A TWRP recovery, from there, TWRP gives you the option to flash UN-signed zip files (update.zip) and that's how they are rooting it, using the twrp to flash Magisk...
It's just too damn bad i can't find an official ZTE tool to flash signed updates to the device...
then it's just a matter of changing the program to allow flashing of individual partitions and such As I've managed to do with some other Qcom devices...
anybody know where I can look at a copy of this UNI tool?
anybody got that, and IDA pro?
Set break-points and run the program, watch for the program to create it's own configuration files in it's installed directory IE: (C: \Programfiles\UNI) or where ever it's installed.
and then copy past any config files it creates while the IDA has the UNI program paused....
I may be far off base, but I'm willing to bet that this program works very similar to all of the others....
I'm going to try to get a copy of this to dissect but I'm not paying for it PERIOD.
if we can get the firehose extracted , I know Sapphire already has a free program ready. it's just missing the one dependency .
and , No it's NOT Cracked UNI,
Sapphire has written his own tool from scratch,
So NO the Mods would be making a big mistake to Krap on his link when he posts the final product of his research.
And one more thing,
Everybody needs to get off of @LV426
He's doing his Job here, If everybody can't quit pissing and complaining, I have a feeling that , I and My team and probably the other Dev's working on this, will leave ALL of you OUT IN THE COLD when this all comes together.
So Party on dudes, Be good to each other, be happy some of us are still working on this thing. and QUIT Squabbling !