Does anyone have any information on how to root this phone?
It is a tracfone running Android 4.1 with 1ghz qualcomm cpu.
Thanks.
It is a tracfone running Android 4.1 with 1ghz qualcomm cpu.
Thanks.
[Q] Root ZTE Valet Z665c
- Thread starter poemathesonking
- Start date
>>>Sent from my homebuilt TARDIS running Android 4.3... or maybe it's a rooted Kindle Fire HD running CM10.2<<<
karmmisht,
I've got PuTTY up and running, and I've got Auto-login set to root. Upon opening the terminal window, I'm granted with the sight of "~#". However, running "/data/local/tmp/busybox whoami" gives me a symlink error, but cding to "/data/local/temp" and then running "busybox whoami" gives me an unknown user ID. So I can get in, I just don't have root.
Also, stayboogy over at Android Forums (maybe you saw this already
) saw your temporary root post. He responded to it, and provided a different su binary known to work. The thread is herehttp://androidforums.com/zte-valet/799676-ill-help-find-root-method-if-2.html .News
NOTE: I have not tested this, but it worked for the google glass.
In other news I may have found a new method: (ALL CREDIT GOES TO SAURIK FOR HIS GREAT WORK. CANT POST LINK BECAUSE I AM NEW TO FORUMS):
In his article about the master key exploits he tells about another way to root using impactor that just might work for this device.
Procedure:
*Start telnet as system via cydia impactor by following that guide at a post a few posts back
*Download su and put it in your working directory
*connect to device issue the following command:
echo ro.kernel.qemu=1 >/data/local.prop
*reboot device, you should now be in emulator mode and adb will now be running as root(dont panic)
*connect to phone via adb and issue the following:
adb shell mount -o remount,rw /system
adb push su /system/xbin
adb shell chmod 6755 /system/xbin/su
adb shell rm /data/local.prop
adb reboot
*su binary should be pushed and phone should now be rooted, install superuser or SuperSU
NOTE: I AM NOT RESPONSIBLE FOR ANYTHING HAPPENING WITH THIS INFORMATION
NOTE: I have not tested this, but it worked for the google glass.
In other news I may have found a new method: (ALL CREDIT GOES TO SAURIK FOR HIS GREAT WORK. CANT POST LINK BECAUSE I AM NEW TO FORUMS):
In his article about the master key exploits he tells about another way to root using impactor that just might work for this device.
Procedure:
*Start telnet as system via cydia impactor by following that guide at a post a few posts back
*Download su and put it in your working directory
*connect to device issue the following command:
echo ro.kernel.qemu=1 >/data/local.prop
*reboot device, you should now be in emulator mode and adb will now be running as root(dont panic)
*connect to phone via adb and issue the following:
adb shell mount -o remount,rw /system
adb push su /system/xbin
adb shell chmod 6755 /system/xbin/su
adb shell rm /data/local.prop
adb reboot
*su binary should be pushed and phone should now be rooted, install superuser or SuperSU
NOTE: I AM NOT RESPONSIBLE FOR ANYTHING HAPPENING WITH THIS INFORMATION
Last edited:
using putty with temporary root
I tried putty again on Windows and it still seems to work for me. For example, I can do "ls /sbin" or "cd /root" which are not possible under a standard adb shell. I didn't realize it would work, but I just typed "whoami" without using busybox and it said I was root. Also, I have been able to create a file under one of the normally protected directories and view files that I couldn't do with the adb shell. You can "chown 0.0 <filename>" and then do an "ls -ln" to check the uid (should be zero for root and it is). So it is root. Maybe you can try one or more of the above to see if it does or doesn't work for you.
Unfortunately, the interesting directories, e.g., /system, are read-only and I cannot remount it to change permissions. I have not messed with it much but other directories, such as /data, are mounted rw but with the nosuid option. One could try to remount other directories to see what kinds of changes can be made.
I had heard people debate about different su packages but it seems premature at this point. The work they did of creating the image was done under telnet. From my perspective, it looks like they made a valiant attempt but they had not gotten to the point of properly installing su. Then again, this is outside of my area of knowledge. It certainly is better than cliff climbing - at least people don't get hurt when they try to root a phone.
Usual caution - please be careful with any thing I suggest!
---------- Post added at 03:37 PM ---------- Previous post was at 03:12 PM ----------
Have you tried it on the valet? I did this before but ro.kernel.qemu doesn't seem to "stick" during the reboot. What happens when you type "/system/bin/getprop ro.kernel.qemu" following reboot?
Thanks.
>>>Sent from my homebuilt TARDIS running Android 4.3... or maybe it's a rooted Kindle Fire HD running CM10.2<<<
karmmisht,
I've got PuTTY up and running, and I've got Auto-login set to root. Upon opening the terminal window, I'm granted with the sight of "~#". However, running "/data/local/tmp/busybox whoami" gives me a symlink error, but cding to "/data/local/temp" and then running "busybox whoami" gives me an unknown user ID. So I can get in, I just don't have root.
Also, stayboogy over at Android Forums (maybe you saw this already
I tried putty again on Windows and it still seems to work for me. For example, I can do "ls /sbin" or "cd /root" which are not possible under a standard adb shell. I didn't realize it would work, but I just typed "whoami" without using busybox and it said I was root. Also, I have been able to create a file under one of the normally protected directories and view files that I couldn't do with the adb shell. You can "chown 0.0 <filename>" and then do an "ls -ln" to check the uid (should be zero for root and it is). So it is root. Maybe you can try one or more of the above to see if it does or doesn't work for you.
Unfortunately, the interesting directories, e.g., /system, are read-only and I cannot remount it to change permissions. I have not messed with it much but other directories, such as /data, are mounted rw but with the nosuid option. One could try to remount other directories to see what kinds of changes can be made.
I had heard people debate about different su packages but it seems premature at this point. The work they did of creating the image was done under telnet. From my perspective, it looks like they made a valiant attempt but they had not gotten to the point of properly installing su. Then again, this is outside of my area of knowledge. It certainly is better than cliff climbing - at least people don't get hurt when they try to root a phone.
Usual caution - please be careful with any thing I suggest!
---------- Post added at 03:37 PM ---------- Previous post was at 03:12 PM ----------
Have you tried it on the valet? I did this before but ro.kernel.qemu doesn't seem to "stick" during the reboot. What happens when you type "/system/bin/getprop ro.kernel.qemu" following reboot?
Thanks.
Progress on Valet?
Not too much here recently except for a some enquiries like yours. I'd like to see a dedicated forum on this site for the phone. Currently, there are some people over at the androidforums who are quite actively working to root the phone - see link below. It seems to be a tough nut to crack. Any additional help is very welcome.
http://androidforums.com/zte-valet/799676-ill-help-find-root-method-if.html
Not too much here recently except for a some enquiries like yours. I'd like to see a dedicated forum on this site for the phone. Currently, there are some people over at the androidforums who are quite actively working to root the phone - see link below. It seems to be a tough nut to crack. Any additional help is very welcome.
http://androidforums.com/zte-valet/799676-ill-help-find-root-method-if.html
Rooted ZTE Valet
I was able to root my ZTE Valet but, it was tricky. First I used an program called "SafeRoot" but, that root is only temporary. So, I shut SafeRoot down before the last reboot and I used the "RootMyValet.apk" to push the su binary and keep root.
I was able to root my ZTE Valet but, it was tricky. First I used an program called "SafeRoot" but, that root is only temporary. So, I shut SafeRoot down before the last reboot and I used the "RootMyValet.apk" to push the su binary and keep root.
Attachments
SRS ROOT
just check srs root website and they list ZTE Z665C listed 3 times under Supported Devices List. I haven't tried it. They list the following...
1. ZTE Z665C TF_US_Z665CV1.0.0B11R 4.1.1 msm7627a
2. ZTE Z665C TF_US_Z665CV1.0.0B12 4.1.1 msm7627a
3. ZTE Z665C error: device not found 4.1.1
The ZTE Z665C is the model number for the Valet, right?
Anybody want to give it a try?
srsroot.com/supported
srsroot.com]
just check srs root website and they list ZTE Z665C listed 3 times under Supported Devices List. I haven't tried it. They list the following...
1. ZTE Z665C TF_US_Z665CV1.0.0B11R 4.1.1 msm7627a
2. ZTE Z665C TF_US_Z665CV1.0.0B12 4.1.1 msm7627a
3. ZTE Z665C error: device not found 4.1.1
The ZTE Z665C is the model number for the Valet, right?
Anybody want to give it a try?
srsroot.com/supported
srsroot.com]
erdapa,
I know this is an old post, but do you have steps for how you rooted the ZTE Valet?
That is our model, correct.
I'd like to know this as well.
Sent from my SGH-M819N using XDA Free mobile app
Looks like Android forums Valet root is getting somewhere
Time to revive this topic. It looks to me like the current Android forums Valet root topic is moving towards a solution. This is the last page, butchered so I can post it here.
androidforums.com/valet-all-things-root/799676-ill-help-find-root-method-if-11.html
Time to revive this topic. It looks to me like the current Android forums Valet root topic is moving towards a solution. This is the last page, butchered so I can post it here.
androidforums.com/valet-all-things-root/799676-ill-help-find-root-method-if-11.html
... I am not responsible for any damage you do to your device by following this guide. Always always make a backup. A big thanks to @jcase, mastercheif87, xtreammeasure, and hroark13 for all their help in rooting the zmax where i got this method from. ......OK so I got one of these phones from a friend a couple days ago and have gotten it perm rooted. First off this is my first root guide so sorry if its hard to understand or if I make mistakes in wording. I did it with the same trick @jcase showed us for the ZTE Zmax. First I used the keyroot master app then the z4root app to get a minimal temp root. (Not sure if this is nesesery just the steps I took) then I used king root 4.0 app and let it do its thing to get a full temp root. After that connect you phone to a computer and get phone finger print with
adb shell
su
Your should be ask to approve root on your device.
getprop ro.build.fingerprint
Now write down the number after ZTE/,
mine is P765V20 for z665c
Now set the property with that number.
setprop persist.sys.k P765V20
Then check it with....
getprop persist.sys.k
And it should print back your fingerprint number. Now you should have permanent root through reboots. Now if you want to remount the system to r/w it get more complicated and dangerous as you will be temporarily left without recovery. To make the system writable you will have to trick the device into believing it is booting into recovery by switching the partitions.
First make a backup of the recovery.
cd /dev/block/
dd if=mmcblk0p17 of=/sdcard/ recovery.img
Now write the boot to recovery.
dd if=mmcblk0p16 of=mmcblk0p17
Reboot recovery
Now the device should boot back into the system and not the recovery. After remounting the system you should have full r/w to the system but again YOU HAVE NO RECOVERY so be very careful with what you do because if you brick it you'll be at the mercy of zte. To remount the system
mount -o rw,remount /system
Should repeat the command back with no errors. You now have full root with
r/w to the system. To switch the partitions back and restore the recovery partition.
cd /dev/block
dd if=/sdcard/recovery.img of=mmcblk0p17
That should be it. Now you can push su to /system/xbin and delete all the kingroot apps as well as bloatware. As I said in the beginning this is my first root guide so anyone with any tips I'm always open to constructive criticism. Hope everyone enjoys and doesn't leave a pile of bricks.
Sent from my ZTE on AICP 5.1.1 draconis using XDA Free mobile app
adb shell
su
Your should be ask to approve root on your device.
getprop ro.build.fingerprint
Now write down the number after ZTE/,
mine is P765V20 for z665c
Now set the property with that number.
setprop persist.sys.k P765V20
Then check it with....
getprop persist.sys.k
And it should print back your fingerprint number. Now you should have permanent root through reboots. Now if you want to remount the system to r/w it get more complicated and dangerous as you will be temporarily left without recovery. To make the system writable you will have to trick the device into believing it is booting into recovery by switching the partitions.
First make a backup of the recovery.
cd /dev/block/
dd if=mmcblk0p17 of=/sdcard/ recovery.img
Now write the boot to recovery.
dd if=mmcblk0p16 of=mmcblk0p17
Reboot recovery
Now the device should boot back into the system and not the recovery. After remounting the system you should have full r/w to the system but again YOU HAVE NO RECOVERY so be very careful with what you do because if you brick it you'll be at the mercy of zte. To remount the system
mount -o rw,remount /system
Should repeat the command back with no errors. You now have full root with
r/w to the system. To switch the partitions back and restore the recovery partition.
cd /dev/block
dd if=/sdcard/recovery.img of=mmcblk0p17
That should be it. Now you can push su to /system/xbin and delete all the kingroot apps as well as bloatware. As I said in the beginning this is my first root guide so anyone with any tips I'm always open to constructive criticism. Hope everyone enjoys and doesn't leave a pile of bricks.
Sent from my ZTE on AICP 5.1.1 draconis using XDA Free mobile app
Last edited:
im actually pretty happy this thread isnt dead yet. ill try the method above right now and report back. I have a rooted zenfone 2e so my valet is just sitting. I havent even been able to get a temp root yet so im happy to try whatever. Ill let you know here once i get going
I seem to be having issues getting temp root. I try kingroot and it fails. Then i try to root with adb and it fails. it says it cant find su. Any suggestions?
Well, if you're on Tracfone, you could always just switch to the LG Sunrise. It only costs like $10 at Walmart and has a working root method using Kingroot - I'm no longer on Tracfone and use an LG Volt on Virgin Mobile, but I did buy an LG Sunrise to play with after reading an article somewhere commenting about how this phone that only costs $10 is more powerful than the original iPhone.
I already have a rooted ASUS zenfone 2e. The only problem with it is that no one can get a boot loader unlock so we can't get a custom recovery going. Which means we also can't get a custom Rom. Which sucks.
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
2ZTE Valet Z665c - obtaining temporary root
After trying numerous root methods (Bin4ry, Framaroot, ...), I stumbled on a method of getting temporary root using Cydia Impactor. Cydia Impactor appears to be partially successful. First of all, please note that all credit goes to those involved with Cydia Impactor and the discovery of the original exploits (do a search if you want).
This method might seem a little convoluted, but it works reliably for me. Note that I use a Linux machine so you might have to adapt the steps to work on another platform.
Prerequisites:
1. Menu -> System settings -> Developer options -> USB debugging ->Enabled.
2. Menu -> System settings -> Developer options -> Stay awake ->Enabled (to keep the telnet session from going to sleep).
3. telnet (I am running on Ubuntu, but some sort of telnet program is needed).
4. Cydia Impactor
5. phone is connected to your wifi.
Steps:
1. Run the "Cydia Impactor" to "# drop SuperSU to /system/xbin/su". See what happens.
2. It failed for me giving an error related to not being able to remount /system or not being able to create /system/xbin/su.
3. In Cydia Impactor, run "# start telnetd as system on port 2222". You don't need to bother to telnet in. Just let it finish and then proceed to the next step.
4. In Cydia Impactor, run "# start telnetd as root on port 22". Let it finish.
5. Telnet into your phone from a terminal on your computer: "telnet 192.168.1.117 -l root 22". Note that the ip address is likely different on your network, e.g., 192.168.1.xxx.
6. If everything worked OK, you should be presented with a root prompt ("~ #"). I have busybox (obtained from the Bin4ry exploit download) that I adb pushed to /data/local/tmp. The command "/data/local/tmp/busybox whoami" tells me I am indeed root.
OK - now the bad news for me. I proceed to try to install su but remount fails. If I issue the command:
~ # mount -o rw,remount /system
~ #
A root prompt is returned with no error message suggesting that it successfully remounted /system. Woohoo! But a "mount" command (or cat /proc/mounts) says it is still "ro" or read only. Darn. Does it appear that ZTE has crippled the mount command in some way? Now the question is how to permanently install root? I have poked around and at least was able to make a backup to my sdcard using bzip2
This should at least help as a first step. Others including myself have posted elsewhere on this phone. At this point, I'm not willing to risk flashing anything. I'm a noob so I'm hoping someone who is more familiar with the permissions and that sort of thing can complete the root and post a solution.
Thanks.1Awesome!
Alright so that didn't work. This guy over here has a suggestion (he has scene your thread): - I can't publish links so I'll pm the link to you.
Also if busybox is symbolically linked you'd have to tell it specifically to call to the busybox pushed over via adb to: /data/local/tmp/busybox and not the stock.
In this case: /data/loocal/tmp/busybox/mount
Also the disclaimer is a must. There will always be that person that tries to blame it on someone else.
Note: I am not responsible for whatever happens using the information provided in this post.1try putty
Ph0enix_216,
I tried to connect from a Windows 7 machine and it works using putty for telnet (www.putty.org, a great program). Be sure to set the Connection->Data->Auto-login name to root.1well the guy in the other thread bricked his it sounds like...
http://androidforums.com/zte-valet/799676-ill-help-find-root-method-if-3.html
They tried to modify the mmcblk0p16 boot image and re-copy it back. It seemed to re-copy but then didn't boot with a verify error.. (I am paraphrasing - and don't really understand what they where doing )
sam
