[ROOT] Mate 7 Root Without BL Unlock

Search This thread

Surrogard

New member
Mar 27, 2009
2
0
Berlin
Worked on MT7-L09 international, but I had to downgrade to B120 (from B137SP03), root it and upgrade via OTA back to B137.
Keep in mind: for root to survive the upgrade you might have to use the "Survival Mode" of SuperSU (which is only availlable in the Pro version, but I think the software is worth it)
 

prebuds

Member
Dec 24, 2011
37
2
Hi there, I've bought a MT7-L09 european model. I want to root it, what's the best method? I've read many posts, and I see, there was many problems, bugs... What do you suggest me??
 

Anubis1965

Member
Feb 6, 2007
44
2
Hi there, I've bought a MT7-L09 european model. I want to root it, what's the best method? I've read many posts, and I see, there was many problems, bugs... What do you suggest me??

With all the problems I had with KingUser/KingRoot I suggest the direct way:

(1) unlock the bootloader (you need to send an email to Huawei with all the details)
(2) flash a custom recovery
(3) use the custom recovery to install SuperSU
(4) Enjoy

If you need to install updates you have to remove SuperSU and flash a stock recovery for your firmware, then repeat the process above (minus the unlocking, which stays).

Anubis
 

mulle1978

Member
Mar 1, 2015
16
0
Hi, I have also an Mate 7 - MT7-L09V100R001C00B145. The exploit CVE-2014-7911 is fixed with latest firmware.

So you mean I can root with custom recovery? Can you please provide me with a link with a working solution?
 

Anubis1965

Member
Feb 6, 2007
44
2
Hi, I have also an Mate 7 - MT7-L09V100R001C00B145. The exploit CVE-2014-7911 is fixed with latest firmware.

So you mean I can root with custom recovery? Can you please provide me with a link with a working solution?

It is the first post of this thread:
http://xdaforums.com/mate-7/general/guide-how-to-unlock-bootloader-root-t2904604

To unlock the bootloader you need a code from Huawei. To get the code, send an email, here's what I sent to mobile@huawei.com:
---
Dear Sirs,
I would like to unlock the bootloader of my Huawei Mate 7.

The information of my phone:
Model Number: Huawei ...
Serial Number: ...
IMEI: ....
Product ID: ... (via *#*#1357946#*#*)
Could you please provide it?
---

Once you have the code, follow the first post, you need to d/l the package and install the content.

Anubis
 

mulle1978

Member
Mar 1, 2015
16
0
Thanks Anubis1965,

I've done this successfully today. Had to look for latest recovery Image and su binaries and could go head with this instructions... some links are obsolete, but with Google I was able to compensate the missing Downloads.
used:

UPDATE-SuperSU-v2.46.zip and cwm_mate7_20150410.img
 

firehell

Member
Oct 21, 2012
39
4
Your device seems not vulnerable! - any solutions available?

idler Q: What means "Your device seems not vulnerable!" [/QUOTE said:
although Superuser seems installed I got "Your device seems not vulnerable!" (CL00)

are there any solutions for this now available???
 

Top Liked Posts

  • There are no posts matching your filters.
  • 29
    Code:
    88      a8P   88888888888  88888888888  888b      88  
    88    ,88'    88           88           8888b     88  
    88  ,88"      88           88           88 `8b    88  
    88,d88'       88aaaaa      88aaaaa      88  `8b   88  
    8888"88,      88"""""      88"""""      88   `8b  88  
    88P   Y8b     88           88           88    `8b 88  
    88     "88,   88           88           88     `8888  
    88       Y8b  88888888888  88888888888  88      `888

    Huawei Ascend Mate 7 root utility

    Present by Keen Team:
    Liang Chen, flanker017 - CVE-2014-7911 exploit
    idl3r - Kernel vulnerability and exploit

    Special thanks to:
    Yaron Lavi and Nadav Markus from Palo Alto Networks for "Mock Location" trick
    Chainfire for SuperSU
    KingRoot team for testing devices

    Tested on MT7-TL10 and MT7-CL00 China Domestic edition with B122 SP06 (2014/12/30)
    May or may not work on international editions


    How to Root
    ===========
    0. AS ALWAYS, BACK UP YOUR DATA BEFORE ROOT
    1. Enable Developer options by hitting "Build Number" multiple times in "About phone".
    2. In Developer options, turn on USB debugging AND "Allow mock locations".
    3. Flight mode is also recommended in case of incoming calls ;)
    4. Connect your phone to your computer.
    5. Type in "adb devices" and confirm it is connected.
    6. Run do_exploit.bat and follow on-screen instructions.
    7. We strongly recommend turning off "Allow mock locations" and USB debugging after root is done.


    Q&A
    ===
    Q: Is bootloader unlock required?
    A: No. You DO NOT need to unlock the bootloader to get root. This is a "live" root solution which does not use custom
    recovery.

    Q: Why PC connection is needed?
    A: In theory there is no need of PC connections. As this is a complex root solution involving two stages of exploit,
    script running on PC will help you go through the root process while doing all the work in the background for you.
    In addition, /data/local/tmp is used to keep the exploit clean and reliable. Feel free to check the bat file for
    details.

    Q: You mentioned "exploit". Is my phone vulnerable?
    A: Yes. However, it is not likely that these vulnerabilities will be exploited by malware.
    To be detailed:
    1) It requires magnificent skill set to exploit CVE-2014-7911 in a reliable way. Without "Allow mock locations"
    enabled, this exploit will NOT work. So we strongly recommend turning it off after root is done.
    2) The kernel vulnerability helps raising credential from system to root. It can NOT be exploited by app userid.
    In addition, a kernel module is installed to block further exploit (hot patch) after root is done.
    In short, it is not likely that a malicious application can chain these two exploits together. And as always, only
    install application from trusted app markets.

    Q: What files you've installed on the device?
    A: Besides SuperSU, some additional files are required to disable system partition lock and patch kernel vulnerability.
    After root is done, following files are installed:
    SuperSU.apk and su files: SuperSU Free 2.40
    /system/xbin/mt7fix.ko: Kernel vulnerability hot patch
    /system/xbin/uint32_zero: An all-0 file to support script in /system/su.d
    /system/su.d/killrwprotect.sh: Kill system partition lock and install kernel hot patch for the vulnerability
    Besides SuperSU files, all remaining files can be modified after root in case you want to add/remove features.

    Q: What means "Your device seems not vulnerable!"
    A: If this message prompts on your device, it means your device is not vulnerable to CVE-2014-7911, so that this root
    won't work on it. Please disconnect your device and then close the window which has do_exploit.bat running. You may
    also wait for further root solutions.

    Q: Where to report bugs?
    A: Please reply in this thread with your device model, ROM version and a brief description of symptoms.

    mt7_root.7z sha1: 553803983adf61aea244856c5332d383bb2f6c6a
    3
    @idler1984 I'm tryin to learn more, can you explain what files 'A' and 'main' are used for??? Thanks.

    For this root it has two stages:
    1. Exploit CVE-2014-7911 to get system privilege. This is done by the APK installed temporary on your device to get "system" uid.
    2. Kernel exploit, which is done by 'a' and 'main', brought up by the APK after getting "system" uid. This exploit a vulnerability in kernel to get actual "root" and install SuperSU as well as kernel patches on your device.

    So to answer your question, 'a' and 'main' are used for kernel exploit.
    2
    So far I haven't seen any other device sharing the same kernel vulnerability. But meanwhile there are TONs of devices sharing CVE-2014-7911. So if you have any handy kernel vuln requiring system privilege just feel free to try ;)

    I am trying to use the CVE-2014-7911 exploit to gain system so I can use CVE-2014-4322 to gain root access on my Z3 Tablet Compact. But I am getting stuck doing the heap spray and have no idea how to go on. The root exploit should work, but without system privileges I cannot test. Would you mind sharing some code or insight on how you did exploit CVE-2014-7911. Thanks!
    2
    For MT7-L09 users, sorry that we don't have access to these devices here so we couldn't tell before release. Thank you for testing this out.
    If you see "Your device seems not vulnerable" on screen, it means that Huawei uses different framework code repository in domestic and international markets. The vulnerability was fixed by Google in AOSP late in 2014. So depending on when the vendor checkout the code and start working on their customization, existence of this vulnerability can be different.

    We are working on new root solutions and hopefully it can apply to international versions too :)
    2
    Unfortunately I can confirm that the root doesn't work on MT7-L09!

    I get a message on my Mate 7 saying " Your device does NOT seems to be vulnerable" :(