ZTE Zmax Pro, State Of the Development On This Device .

[Astr4y4L]

Hi AF, I received a message from one of the users of this device, and so that I don't end up having to repeat my answer Multiple times,
I've Answered that Message Here.

Feel free to comment on the thread but be aware, I will not be maintaining this thread or answering questions or giving any more support or time to this device.

Thanks,
Astr4y4L

Hey I was just wondering if there's anything that I could help out with. I'm not sure how many people have rooted this baby yet, but I'm guessing that it's not many. Is there anything that a person in my position can do to help?

Hi Bud, Thanks for the offer, but I've already got access to part. dumps, and a few testers over in the Discord.

But honestly, I decided yesterday that I am dropping all work on this platform. Really the Phone's 2 years old and all the people involved like to act like TuRdS to each other, and so I'm done. I dont own the device and was Only going to work on it as a bet from a friend.

Honestly, that phone kinda SuX from what every one of the users have reported to me.

even combined with the advancements that you/fido/messi were able to accomplish, It's still just a shiTTy device. the root choices available Suck.

Magisk or what ever. It sucks.

I like SuperSU coupled with Xposed, and my intentions were to help the guys get past the restrictions that limit it to the krap-root. so that we can use superSU and make any changes we wanted...
and also to develop a work-around to enable a free method to get the root of the device.

But after all that I've seen in the Snake-pit that the development community and the ZTE threads here have become. I just don't want to be a part of it anymore.

There's way better projects on the horizon for my team, and we're working on expanding our support of other devices ATM.

but , Not This One.

Thanks for your offer to help. You might be better placed to try to get in with Saphire and Armond and those guys if you want to help.

They have a tool for it already and it's BAD-AZZ you should see the Interface , it's like Wow!

but you can only get it if your in the Private circle.
I got it but Won't Share. It's not mine to distribute.

I'm creating a thread to announce this so that it's public
hopefully this sums everything up and it'll get the right people together in 1 place.

other than that... I'm done.

Thanks for trying to Help ,

Astr4y4L
Team_Astr4y4L

 

[lonelyisland369]

Um, after flashing magisk the device has a limited root, you're right. But once you have that you can disable the remaining restrictions using the "adb reboot disemmcwp" command. After that there are no restrictions that I've encountered.

 

[Y314K]

Um, after flashing magisk the device has a limited root, you're right. But once you have that you can disable the remaining restrictions using the 'adb reboot disemmcwp' command. After that there are no restrictions that I've encountered.

Is your bootloader unlock & is your SELinux set to permissive? Can you switch to SuperSU without loosing root? Would you be able to flash a ROM if one existed? If the answer is No to any of these. Then you still have limited root.
Not trying to crap on what is now possible on the Z981 now. Just want to clarify what works & what does not at this time.

 

[Astr4y4L]

Is your bootloader unlock & is your SELinux set to permissive? Can you switch to SuperSU without loosing root? Would you be able to flash a ROM if one existed? If the answer is No to any of these. Then you still have limited root.
Not trying to crap on what is now possible on the Z981 now. Just want to clarify what works & what does not at this time.

Hi ya Buddy how are ya today?

 

[Astr4y4L]

@Y314K

Hey Bro , I'm going to show off Saphires tool.
Not sharing it, ya know... asked not to .
but just to show whats going on, I'm posting a screenshot.

 

[Astr4y4L]

screenshot.

edit image not showing trying again

 

[Astr4y4L]

 

[Astr4y4L]

there it is, Kool Huh ?

 

[lonelyisland369]

Is your bootloader unlock & is your SELinux set to permissive? Can you switch to SuperSU without loosing root? Would you be able to flash a ROM if one existed? If the answer is No to any of these. Then you still have limited root.

Could you provide a little more detail on how to do some of those things.

 

[Astr4y4L]

Could you provide a little more detail on how to do some of those things.

set selinux permissive

su
setenforce 0

switch to SuperSU

Download and install from play store, use options in app to clean up and replace SU bianary helps to do,

su
mount -o remount,rw /
mount -o remount,rw /proc
mount -o remount,rw /data
mount -o remount,rw /dev
mount -o remount,rw /sys
mount -o remount,rw /system

unlock bootloader, well not happening, but to try,
Nuke your Recovery partition ,

su
dd if=dev/zero of="path to your recovery "

boot to recovery and it'll force into fastboot mode
then

fastboot OEM unlock

there ya go Bud,
Goodluck

 

[Greysworld007]

Does anyone know if it works for blade zmax z982?
Also can I get an invite to the discord group. I had one but somehow when I switched phones it's gone

 

[Y314K]

Could you provide a little more detail on how to do some of those things.

The rest u got answered already. But for SuperSU I would install it thru the TWRP zip.

https://forum.xda-developers.com/apps/supersu/stable-2016-09-01supersu-v2-78-release-t3452703/page1

But latest version v2.82

https://s3-us-west-2.amazonaws.com/supersu/download/zip/SuperSU-v2.82-201705271822.zip

 

[lonelyisland369]

Sorry about taking long. Selinux can be set to permissive. Everything is mountable and can be modified (partitions) from device. SuperSU app said that the SU Binary was occupied. When tried to flash from TWRP, SuperSU began but froze shortly after and rebooted As for the bootloader I'm bit too scared to wipe my recovery (its the only thing that's being saving my ass for the past week) because I don't have direct access to the UAT by myself. I will try and mess around a bit more, but if y'all have any more ideas I'm open to them.

 

[Y314K]

Sorry about taking long. Selinux can be set to permissive. Everything is mountable and can be modified (partitions) from device. SuperSU app said that the SU Binary was occupied. When tried to flash from TWRP, SuperSU began but froze shortly after and rebooted

As for the bootloader I'm bit too scared to wipe my recovery (its the only thing that's being saving my ass for the past week) because I don't have direct access to the UAT by myself. I will try and mess around a bit more, but if y'all have any more ideas I'm open to them.

Did those changes that did take aka SELinux survived reboot ? Wonder if ZTE has their own SuperSU in there. Maybe you can wipe theirs & try again. Or if I am not mistaken you need to get rid of Magisk a specific way to go from Magisk to SuperSU.
PM ur access to UAT & see if he would be willing to let you experiment & then he would reflash TWRP for you if needed for free.

 

[Astr4y4L]

Sorry about taking long. Selinux can be set to permissive. Everything is mountable and can be modified (partitions) from device. SuperSU app said that the SU Binary was occupied. When tried to flash from TWRP, SuperSU began but froze shortly after and rebooted As for the bootloader I'm bit too scared to wipe my recovery (its the only thing that's being saving my ass for the past week) because I don't have direct access to the UAT by myself. I will try and mess around a bit more, but if y'all have any more ideas I'm open to them.

well the part about the su bianary I have a shell script for replacing the Kingroot with supersu, it might work to replace this binary too with a bit of an edit...

I do it on the device from the adb terminal, it's not a recovery flashable thing and it's not my original work but I changed parts of it to fit My needs. IE : working directly out of the /data/local/tmp directory....

you can try to edit it to be Magisk specific. but I'd bet if you run it it'll replace the binary for you...

download this
https://yadi.sk/d/5kDoLKxh3REr9a

It's a package called MRW
once you download it unzip it on the desktop or your working directory, open a terminal on your PC and use adb to push the complete folder to tmp like so

cd Desktop
adb push mrw /data/local/tmp

then open the folder on the desktop and open the script

root.sh

with wordpad if on windows or any text editor in linux and copy - paste the entire contents into the ADB root shell terminal.

see if it fixes the Bianary occupido problem...

content of script is as follows.

#!/system/bin/sh

echo ---------------------------------------
echo ---------- Made By : Mr.W0lf ----------
echo - Edited and reworked by Astr4y4L@xda - AF
echo ---- Thanks @Chainfire for SuperSU ----
echo ---------------------------------------

mount -o remount,rw /
mount -o remount,rw /proc
mount -o remount,rw /system
mount -o remount,rw /dev

am kill com.kingroot.RushRoot
pm uninstall com.kingroot.RushRoot
am kill com.kingroot.kinguser
pm uninstall com.kingroot.kinguser
rm /system/app/Kinguser.apk >/dev/null
rm -r /system/app/Kinguser >/dev/null
am kill com.kingroot.master
pm uninstall com.kingroot.master >/dev/null
cat /data/local/tmp/mrw/busybox > /system/bin/busybox
chown 0.1000 /system/bin/busybox
chmod 0755 /system/bin/busybox
busybox chattr -ia /system/xbin/ku.sud
rm /system/xbin/ku.sud
busybox chattr -ia /system/xbin/kugote >/dev/null 2>&1
rm /system/xbin/kugote >/dev/null 2>&1
busybox chattr -ia /system/xbin/su
rm /system/xbin/su
busybox chattr -ia /system/xbin/supolicy
rm /system/xbin/supolicy
busybox chattr -ia /system/xbin/pidof >/dev/null 2>&1
rm /system/xbin/pidof >/dev/null 2>&1
cat /data/local/tmp/mrw/su > /system/xbin/su
cat /data/local/tmp/mrw/su > /system/xbin/daemonsu
cat /data/local/tmp/mrw/su > /system/xbin/sugote
cat /system/bin/sh > /system/xbin/sugote-mksh
chown 0.0 /system/xbin/su
chmod 6755 /system/xbin/su
chown 0.0 /system/xbin/sugote
chmod 0755 /system/xbin/sugote
chown 0.0 /system/xbin/sugote-mksh
chmod 0755 /system/xbin/sugote-mksh
chown 0.0 /system/xbin/daemonsu
chmod 0755 /system/xbin/daemonsu
daemonsu -d
rm -r /data/app/com.kingroot.RushRoot-1 >/dev/null 2>&1
rm -r /data/data/com.kingroot.RushRoot
rm -r /data/data-lib/com.kingroot.RushRoot
rm -r /data/app/com.kingroot.kinguser-1 >/dev/null 2>&1
rm -r /data/data/com.kingroot.kinguser
rm -r /data/data-lib/com.kingroot.kinguser
rm -r /data/app/com.kingroot.master-1 >/dev/null 2>&1
rm -r /data/data/com.kingroot.master
rm -r /data/data-lib/king >/dev/null 2>&1
busybox chattr -ia /system/bin/.usr/.ku
rm /system/bin/.usr/.ku
busybox chattr -ia /system/bin/rt.sh
rm /system/bin/rt.sh
busybox chattr -ia /system/bin/su
rm /system/bin/su
busybox chattr -ia /system/bin/ddexe-ku.bak >/dev/null 2>&1
rm /system/bin/ddexe-ku.bak >/dev/null 2>&1
busybox chattr -ia /system/bin/ddexe
rm /system/bin/ddexe
busybox chattr -ia /system/bin/ddexe_real >/dev/null 2>&1
rm /system/bin/ddexe_real >/dev/null 2>&1
busybox chattr -ia /system/bin/install-recovery.sh
rm /system/bin/install-recovery.sh
busybox chattr -ia /system/bin/install-recovery.sh-ku.bak
rm /system/bin/install-recovery.sh-ku.bak
pm uninstall eu.chainfire.supersu >/dev/null 2>&1
pm install /data/local/tmp/mrw/Superuser.apk
busybox chattr -ia /system/usr/iku/isu
rm -r /system/usr/iku
rm -r /dev/reportroot
busybox chattr -ia /system/etc/install-recovery.sh
rm /system/etc/install-recovery.sh
busybox chattr -ia /system/etc/install_recovery.sh
rm -r /system/app/Kinguser
rm -r /data/data-lib/king
rm -r /sdcard/Kingroot
rm /sdcard/kr-stock-conf >/dev/null 2>&1
am start -a android.intent.action.MAIN -n eu.chainfire.supersu/.MainActivity >/dev/null
sleep 2

package also contains
busybox " binary"
su "binary"
Superuser.apk "SuperSU by chainfire"

let us know how that sits....
Astr4y4L

 

[lonelyisland369]

well the part about the su bianary I have a shell script for replacing the Kingroot with supersu, it might work to replace this binary too with a bit of an edit...

I do it on the device from the adb terminal, it's not a recovery flashable thing and it's not my original work but I changed parts of it to fit My needs. IE : working directly out of the /data/local/tmp directory....

you can try to edit it to be Magisk specific. but I'd bet if you run it it'll replace the binary for you...

download this
https://yadi.sk/d/5kDoLKxh3REr9a

It's a package called MRW
once you download it unzip it on the desktop or your working directory, open a terminal on your PC and use adb to push the complete folder to tmp like so

cd Desktop
adb push mrw /data/local/tmp

then open the folder on the desktop and open the script

with wordpad if on windows or any text editor in linux and copy - paste the entire contents into the terminal.

see if it fixes the Bianary occupido problem...

content of script is as follows.

#!/system/bin/sh

echo ---------------------------------------
echo ---------- Made By : Mr.W0lf ----------
echo - Edited and reworked by Astr4y4L@xda - AF
echo ---- Thanks @Chainfire for SuperSU ----
echo ---------------------------------------

mount -o remount,rw /
mount -o remount,rw /proc
mount -o remount,rw /system
mount -o remount,rw /dev

am kill com.kingroot.RushRoot
pm uninstall com.kingroot.RushRoot
am kill com.kingroot.kinguser
pm uninstall com.kingroot.kinguser
rm /system/app/Kinguser.apk >/dev/null
rm -r /system/app/Kinguser >/dev/null
am kill com.kingroot.master
pm uninstall com.kingroot.master >/dev/null
cat /data/local/tmp/mrw/busybox > /system/bin/busybox
chown 0.1000 /system/bin/busybox
chmod 0755 /system/bin/busybox
busybox chattr -ia /system/xbin/ku.sud
rm /system/xbin/ku.sud
busybox chattr -ia /system/xbin/kugote >/dev/null 2>&1
rm /system/xbin/kugote >/dev/null 2>&1
busybox chattr -ia /system/xbin/su
rm /system/xbin/su
busybox chattr -ia /system/xbin/supolicy
rm /system/xbin/supolicy
busybox chattr -ia /system/xbin/pidof >/dev/null 2>&1
rm /system/xbin/pidof >/dev/null 2>&1
cat /data/local/tmp/mrw/su > /system/xbin/su
cat /data/local/tmp/mrw/su > /system/xbin/daemonsu
cat /data/local/tmp/mrw/su > /system/xbin/sugote
cat /system/bin/sh > /system/xbin/sugote-mksh
chown 0.0 /system/xbin/su
chmod 6755 /system/xbin/su
chown 0.0 /system/xbin/sugote
chmod 0755 /system/xbin/sugote
chown 0.0 /system/xbin/sugote-mksh
chmod 0755 /system/xbin/sugote-mksh
chown 0.0 /system/xbin/daemonsu
chmod 0755 /system/xbin/daemonsu
daemonsu -d
rm -r /data/app/com.kingroot.RushRoot-1 >/dev/null 2>&1
rm -r /data/data/com.kingroot.RushRoot
rm -r /data/data-lib/com.kingroot.RushRoot
rm -r /data/app/com.kingroot.kinguser-1 >/dev/null 2>&1
rm -r /data/data/com.kingroot.kinguser
rm -r /data/data-lib/com.kingroot.kinguser
rm -r /data/app/com.kingroot.master-1 >/dev/null 2>&1
rm -r /data/data/com.kingroot.master
rm -r /data/data-lib/king >/dev/null 2>&1
busybox chattr -ia /system/bin/.usr/.ku
rm /system/bin/.usr/.ku
busybox chattr -ia /system/bin/rt.sh
rm /system/bin/rt.sh
busybox chattr -ia /system/bin/su
rm /system/bin/su
busybox chattr -ia /system/bin/ddexe-ku.bak >/dev/null 2>&1
rm /system/bin/ddexe-ku.bak >/dev/null 2>&1
busybox chattr -ia /system/bin/ddexe
rm /system/bin/ddexe
busybox chattr -ia /system/bin/ddexe_real >/dev/null 2>&1
rm /system/bin/ddexe_real >/dev/null 2>&1
busybox chattr -ia /system/bin/install-recovery.sh
rm /system/bin/install-recovery.sh
busybox chattr -ia /system/bin/install-recovery.sh-ku.bak
rm /system/bin/install-recovery.sh-ku.bak
pm uninstall eu.chainfire.supersu >/dev/null 2>&1
pm install /data/local/tmp/mrw/Superuser.apk
busybox chattr -ia /system/usr/iku/isu
rm -r /system/usr/iku
rm -r /dev/reportroot
busybox chattr -ia /system/etc/install-recovery.sh
rm /system/etc/install-recovery.sh
busybox chattr -ia /system/etc/install_recovery.sh
rm -r /system/app/Kinguser
rm -r /data/data-lib/king
rm -r /sdcard/Kingroot
rm /sdcard/kr-stock-conf >/dev/null 2>&1
am start -a android.intent.action.MAIN -n eu.chainfire.supersu/.MainActivity >/dev/null
sleep 2

let us know how that sits....
Astr4y4L

I'm on it

 

[Y314K]

I'm on it

Updated my prior post with more thoughts.

 

[Y314K]

Updated my prior post with more thoughts.

So basicly you have to go back to stock to get rid of Magisk.
https://forum.xda-developers.com/oneplus-3/help/switch-magisk-to-supersu-t3649445
Not sure if that means u won't be rooted since SuperSU doesn't come with its own root method like Magisk does.

 

[Astr4y4L]

So basicly you have to go back to stock to get rid of Magisk.
https://forum.xda-developers.com/oneplus-3/help/switch-magisk-to-supersu-t3649445
Not sure if that means u won't be rooted since SuperSU doesn't come with its own root method like Magisk does.

well in practice I've found that when changeing root or SU binaries, it's very helpful if you open a side window and open a shell and su to root # first, and leave that shell open the entire time...
of course this is magisk and I dont fuk wid that much so not sure... but i'd bet it applies

 

[Astr4y4L]

deleted

 

[Y314K]

ooooo looky my thingy changed!!!
I'm officially an Enthusiast Now LoL

Congrats, lol.

well in practice I've found that when changeing root or SU binaries, it's very helpful if you open a side window and open a shell and su to root # first, and leave that shell open the entire time...
of course this is magisk and I dont fuk wid that much so not sure... but i'd bet it applies

Well you have more experience on multiple devices. So will differ to you.

Btw, there is also an official Magisk Uninstaller. It's best both of you read what Magisk is & isn't aka what it does & doesn't do.

https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445

Read the OP for all info. .....

 

[Astr4y4L]

Congrats, lol.


Well you have more experience on multiple devices. So will differ to you.

Btw, there is also an official Magisk Uninstaller. It's best both of you read what Magisk is & isn't aka what it does & doesn't do.

https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445

Read the OP for all info. .....

going to browse that now, thanks for the tip !

 

[Astr4y4L]

Ok so I'm downloading the UN -installer now and I'm going to crack that open to get a good look at it's gutz

 

[Astr4y4L]

interesting info already.....

#!/system/bin/sh
##########################################################################################
#
# Magisk Uninstaller
# by topjohnwu
#
# This script can be placed in /cache/magisk_uninstaller.sh
# The Magisk main binary will pick up the script, and uninstall itself, following a reboot
# This script can also be used in flashable zip with the uninstaller_loader.sh
#
# This script will try to do restoration with the following:
# 1-1. Find and restore the original stock boot image dump (OTA proof)
# 1-2. If 1-1 fails, restore ramdisk from the internal backup
# (ramdisk fully restored, not OTA friendly)
# 1-3. If 1-2 fails, it will remove added files in ramdisk, however modified files
# are remained modified, because we have no backups. By doing so, Magisk will
# not be started at boot, but this isn't actually 100% cleaned up
# 2. Remove all Magisk related files
# (The list is LARGE, most likely due to bad decision in early versions
# the latest versions has much less bloat to cleanup)
#
##########################################################################################

 

[Y314K]

Ok so I'm downloading the UN -installer now and I'm going to crack that open to get a good look at it's gutz

The reason that Magisk worked from the get go was that Systemless is cooked in. And because it supplied it's own systemless root. But know that more parts are modded on the phone maybe there is a combination available to switch to SuperSU. Not sure. Even though I am very partial to Magisk.