FORUMS
Remove All Ads from XDA

ZTE Grand X 4 - Rooting Progress

5 posts
Thanks Meter: 8
 
By scitrice, Junior Member on 28th January 2017, 06:46 AM
Post Reply Email Thread
13th June 2017, 07:05 PM |#21  
Junior Member
Thanks Meter: 2
 
More
Quote:
Originally Posted by scitrice

Previously I had tried a series of one click solutions but I haven't found any that support this device yet. Typically they use the same exploits we've tried to use the hard way

After slacking for awhile I was finally able to poke around some of the internals of the phone in FTM mode using qualcomm developer tools. Lots of nifty things in the embedded file system and plenty of opportunities to flash new boot loaders and roms to the device for those of you who have a locked bootloader, but unfortunately I haven't been able to extract a copy of the stock rom or bootloaders. I'm still lacking the information I need to compile a new one for the phone.

Where I stand:
Can create a root shell, cannot remount system as read/write for permanent root in stock rom.
Can install new boot loader, no twrp or other found for this hardware.
Can compile new twrp, no boardconfig files (handy to avoid bricking your phone)
Can explore EFS and access chip via FTM, not sure how or if possible to download current rom / bootloader from here.

Happy for any tips on what to try next!

Message madvane he could help
The Following User Says Thank You to paindaddi For This Useful Post: [ View ] Gift paindaddi Ad-Free
28th June 2017, 04:36 AM |#22  
Member
Flag Atlanta, GA
Thanks Meter: 4
 
Donate to Me
More
Root
I cannot root this phone for the life of me. I've tried everything, including the Dirty Cow Exploit.
Attached Thumbnails
Click image for larger version

Name:	Screenshot_20170627-202152.png
Views:	296
Size:	76.2 KB
ID:	4195349  
14th July 2017, 11:00 PM |#23  
Junior Member
Thanks Meter: 0
 
More
How To Unlock Bootloader
Quote:
Originally Posted by kbtech

Don't know if this will help but​, I found that they lock the bootloader under the developer settings!

Anyone figure out how to unlock the bootloader via the developer setting? Just wondering
19th July 2017, 09:27 AM |#24  
Junior Member
Thanks Meter: 0
 
More
Possibly make this work
Hey so I just bought this phone and I am curious if any movement has been made on this? I'm looking to work on it on a development level so I just wanna know if this is where we stand. Not sure if I can get it any further but it's worth a try
25th July 2017, 06:50 PM |#25  
Junior Member
Thanks Meter: 0
 
More
Would magisk be able to root it? Heard it roots Sewell.
26th July 2017, 05:35 PM |#26  
Junior Member
Flag evant
Thanks Meter: 0
 
Donate to Me
More
looking into it
Quote:
Originally Posted by paindaddi

Message madvane he could help

it looks they have the system folders locked down if that is the case i wonder if there is a key code or pin procedure to unlock it i notice when i tried some of the root solutions that claim to work it gets stuck when trying to install the su binaries , im looking into how it is locked down and will post a solution if i can bypass the block , ill also go hunting in alternative sources to see if i can get my hands on anything that will help me with this
28th July 2017, 02:45 AM |#27  
Senior Member
Flag Ward
Thanks Meter: 98
 
More
Quote:
Originally Posted by scitrice

Thought I would post an update: Still no success on my end.

"Rooting" is easy, but breaking out of the selinux context to do anything is hard. ie. I expanded on timwr/CVE-2016-5195 by trying to use vikiroot to break out of the u:r:shell:s0 context. To do this adb push the vikiroot exploit to /data/local/tmp and then use the timwr method to run that exploit as root:
[email protected]:/ # /data/local/tmp/exploit
Unfortunately I could only get the reverse shell to work as a glorified echo. If anyone knows where I could find some c++ code for running a shell in android for me to work off of I'm willing to see how much further I can get in that direction.

As disemmcwp doesn't work I'm wondering if ZTE found a different way to lock down the system partition? Interestingly there is an OEM-specific settings button that is greyed out (find it at *#*#4636#*#*).

I'm running firmware from Wind/Freedom Mobile so I can access the bootloader and unlock it, but I can't install SU or anything from stock. Additionally, there is no TWRP released for this phone yet. I have no idea where to find the board config files for this phone. Without a custom bootloader I'm not sure how to make permanent changes to the rom at this point.

In the past I have been able to get around grayed out buttons and locked menus using am start commands which maybe can be ran while in a temp root status...to find them pull the apk related to this menu and decompile it from there one can find the proper strings to use with the am start command, however I doubt the oem specific settings will have much to do with the bootloader...as far as the temp root using dirty cow or viki anything past 5.1 with dm verity is going to require a systemless root so I think we gotta focus on the mechanics systemless root uses to actually get anywhere....on my moto g4 it is a systemless root and pretty much any devices that are new...gotta be several files that have to be edited etc to get it to work.

Sent from my Moto G4 using Tapatalk
20th August 2017, 12:19 AM |#28  
Member
Thanks Meter: 7
 
More
To anyone who has experience with the Android community overall and seeing which phones get rooted and which are forgotten, what are the chances of seeing a working root method for this phone in the near future?

I'm just learning how to mod and such right now, so I will try to help out in anyway I can. I really hope someone comes up with something and makes this phone 1000x better.
25th August 2017, 09:46 AM |#29  
Junior Member
Thanks Meter: 0
 
More
This may sound dumb
So this may sound dumb, but since the boot loader is unlocked; could you flash a new firmware patched with twrp? Like the Xperia, you can just flash a new firmware or a close variant and it will boot.

Or am I totally wrong?
4th September 2017, 06:29 AM |#30  
Member
Thanks Meter: 7
 
More
Would you guys be willing to all pitch in something like $25 and pay a android developer to develop a root method for our handset? I've seen this work in another thread for a different phone, they paid the guy it was something like $150 total from the people who pitched in and he was able to get them a working root method after some time.
The Following User Says Thank You to TaZeR369 For This Useful Post: [ View ] Gift TaZeR369 Ad-Free
15th September 2017, 11:56 AM |#31  
Junior Member
Thanks Meter: 0
 
More
Any luck with the root?
Post Reply Subscribe to Thread

Tags
zte-grand-x4

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes