Time: 30 minutes - hours.
Warning: I am not responsible for any damage that may occur from rooting of your device.
- Download KingRoot apk - http://www.kingroot.net/down
- You will need to allow apps to be installed from unknown source.
- It will alert you, Install the app anyways.
- This will install Kingroot, once you have root it will install Kinguser and a ram manager. (We will remove these later and replace with superuser.)
Now Kingroot uses a ping UAF (use after free), This means its not guaranteed to work. This means you may have to reboot and retry this many times. If you have problems try rebooting and re-installing the Kingroot app.
Open up Kingroot and click the blue button. This will begin the root process. If you get past 21% you should be good. If your phone reboots you need to re-try. Make sure you clear all the apps data, delete kingroot and re install.
When you reach %100 you will have root and it will install KingUser (Which is like supersu) and a ram manager.
Now we have root, but one problem. This is not a permanent root. Plus we do not have write permissions. This means when your phone reboots you will lose root and be starting from scratch.
If you want to get a permanent we are going to have to do a little more tweaking. This requires the use of adb.
If you do not have ADB and the drivers do not worry. You can download and install from http://forum.xda-developers.com/showthread.php?p=48915118#post48915118 .
Open cmd type
adb shell
This will open a terminal for the phone
Su
This will elevate the shell to root
getprop ro.build.fingerprint
Output for that command should be...
zte/P892T57/draconis:4.4.2/KVT49L/20140804.141306.18686:user/release-keys
The only reason you do that is to get the number after zte if you haven't updated that number will be different this ok just replace the number in the next command with whatever your output is
setprop persist.sys.k P892T57
If your build number is different replace it in the command above worked if it did after the next command it will show your build number again
getprop persist.sys.k
Output should be your build number
cd /dev/block/platform/msm_sdcc.1/by-name/
Change directories because now we back up recovery and set boot to our recovery partition
dd if=recovery of=/sdcard/recovery.img
This command backs up your recovery image
dd if=boot of=recovery
That sets recovery as boot... When you want to modify anything in /system you need to reboot into recovery.... It starts the phone with /system mounted.
reboot recovery
This will restart your phone it is NOT going to be in the recovery menu don't worry it's supposed to be that way...reopen the adb shell and type
Id
If your output is
uid=0(root) gid=0(root) context=u:r:shell:s0
It worked...
Now remount system as writable
mount -o rw,remount /system
Now your going to need the manual install for supersu you can get that here
http://download.chainfire.eu/supersu
Type exit into the terminal and it should drop you back to your normal cmd...unzip the su zip anywhere you want in your cmd switch to that directory...
Once your in the directory your going to push the files to the tmp folder on the phone with these commands
adb push arm/su /data/local/tmp/su
adb push common/install-recovery.sh /data/local/tmp
Now reenter adb shell
Make sure system is mounted writable with
mount -o remount,rw /system
Move the so files into place with these commands
cat /data/local/tmp/su > /system/xbin/su
cat /data/local/tmp/su > /system/xbin/daemonsu
cat /data/local/tmp/install-recovery.sh > /system/etc/install-recovery.sh
Give them all permissions
chmod 755 /system/xbin/su
chmod 755 /system/xbin/daemonsu
chmod 755 /system/etc/install-recovery.sh
Then reboot your phone to complete install.....
Reboot.....
After rebooting go into the play store and install the supersu app. It's going to tell you the su binary is out of date to fix that we need to open the adb shell on our pc again
Adb shell
Reboot into recovery
Reboot recovery
You now have a permanent root.
Now lets install a custom recovery. We now have an app for this too.
Custom Recovery: http://androidforums.com/threads/zte-zmax-twrp.918537/
This guide was written using information from http://forum.xda-developers.com/general/general/zte-zmax-z970-guide-faq-discussion-t3053066 , There is currently over 270 pages of documentation.
Special thanks to JCase, hroark13 and everyone else who contributed!
Questions or Comments feel free to post.
Open cmd type
adb shell
This will open a terminal for the phone
Su
This will elevate the shell to root
getprop ro.build.fingerprint
Output for that command should be...
zte/P892T57/draconis:4.4.2/KVT49L/20140804.141306.18686:user/release-keys
The only reason you do that is to get the number after zte if you haven't updated that number will be different this ok just replace the number in the next command with whatever your output is
setprop persist.sys.k P892T57
If your build number is different replace it in the command above worked if it did after the next command it will show your build number again
getprop persist.sys.k
Output should be your build number
cd /dev/block/platform/msm_sdcc.1/by-name/
Change directories because now we back up recovery and set boot to our recovery partition
dd if=recovery of=/sdcard/recovery.img
This command backs up your recovery image
dd if=boot of=recovery
That sets recovery as boot... When you want to modify anything in /system you need to reboot into recovery.... It starts the phone with /system mounted.
reboot recovery
This will restart your phone it is NOT going to be in the recovery menu don't worry it's supposed to be that way...reopen the adb shell and type
Id
If your output is
uid=0(root) gid=0(root) context=u:r:shell:s0
It worked...
Now remount system as writable
mount -o rw,remount /system
Now your going to need the manual install for supersu you can get that here
http://download.chainfire.eu/supersu
Type exit into the terminal and it should drop you back to your normal cmd...unzip the su zip anywhere you want in your cmd switch to that directory...
Once your in the directory your going to push the files to the tmp folder on the phone with these commands
adb push arm/su /data/local/tmp/su
adb push common/install-recovery.sh /data/local/tmp
Now reenter adb shell
Make sure system is mounted writable with
mount -o remount,rw /system
Move the so files into place with these commands
cat /data/local/tmp/su > /system/xbin/su
cat /data/local/tmp/su > /system/xbin/daemonsu
cat /data/local/tmp/install-recovery.sh > /system/etc/install-recovery.sh
Give them all permissions
chmod 755 /system/xbin/su
chmod 755 /system/xbin/daemonsu
chmod 755 /system/etc/install-recovery.sh
Then reboot your phone to complete install.....
Reboot.....
After rebooting go into the play store and install the supersu app. It's going to tell you the su binary is out of date to fix that we need to open the adb shell on our pc again
Adb shell
Reboot into recovery
Reboot recovery
You now have a permanent root.
Now lets install a custom recovery. We now have an app for this too.
Custom Recovery: http://androidforums.com/threads/zte-zmax-twrp.918537/
This guide was written using information from http://forum.xda-developers.com/general/general/zte-zmax-z970-guide-faq-discussion-t3053066 , There is currently over 270 pages of documentation.
Special thanks to JCase, hroark13 and everyone else who contributed!
Questions or Comments feel free to post.
i have a issue where it says file text busy
ReplyDeleteKingroot is not working nor is the link provided please help every time I look for ways to root my zte zmax its sends me to kingroot
ReplyDeleteWould this method also work for lg ms323. i have done this one for my lg f60 which was easy and worked perfectly nice. I just need to add recovery to lg ms323 it is already rooted
ReplyDeleteIm gonna give it a try now ill let ya know if it works
ReplyDelete