Better Mobile App

[SOLVED] Upgrade Fujitsu Arrows F-01D to ICS

Firstly a big thank you macexplorer who again found the relevant links amongst much Japanese.
See the original thread on rooting the F-01D:
http://forum.xda-developers.com/showthread.php?t=1611484
Following are quick instructions on how to upgrade the device to ICS. All your data will remain intact, but the /system partition is completely wiped.
NB: YOU WILL LOSE ROOT IF YOU FOLLOW THESE INSTRUCTIONS. YOU WILL NOT GET ROOT BACK.
To be clear, at the present moment in time, you need to CHOOSE BETWEEN ICS OR ROOT, you can't have both. The official upgrade below completely reflashes the system partition, so tools like OTA RootKeeper will not help you. The new release is more secure than ever and at current we don't know a new way to get root. If anyone finds any new information, please speak up
DISCLAIMER: Following these instructions might brick your device, void your warranty, etc. This is unlikely since you're basically installing an official update, but to be clear, I disclaim any and all responsibility for any (permanent) damage that might be caused by these instructions. DO AT YOUR OWN RISK.
The original instructions are here (or see in Google Translate)
http://spf.fmworld.net/fujitsu/c/update/nttdocomo/f-01d/update1/top/index.html
My instructions are slightly different, aimed at more advanced users, and serves the file direct from my server (I found the original server quite picky in terms of refer and user agent, and also slow. I'm also serving the unzipped version, since compression was 0% anyways).
PRE-REQUISITES
At least 50% battery (ideally more in case things go wrong...).
Settings -> About, make sure Android version is 3.2, and Build number is either V28R43A (as recommended on the official page) or V19R36D (what I had; it worked for me but YMMV).
Settings -> Storage, at least 1.5 GB free in "Built in storage" (try installing first to external SD card and let me know if it works.. it's a lot safer).
ICS UPGRADE FOR F-01D
Download F01D_TO_SP_ICS1.enc and put it in /sdcard (md5sum: 2014d0254568a4ef955b21476012a9b5)
Boot into recovery (power off, hold down both volume keys and power up), select "update firmware" and press the power button agin.
Pay attention... the first time I tried this, it rebooted back in to recovery part way.... if this happens, just repeat step 2 above and make sure the progress bar completes all the way.
After this, it will reboot a few times, don't worry. Boot 1 will do the "optimizing android apps" screen, Boot 2 will be "upgrading calendar, contacts, etc..." and Boot 3 will say "finishing upgrade" and let you use the system.
If anyone has any leads on re-rooting the device, speak up. From my initial observations security is tighter than ever, so this might be a problem... but there are clever people out there

Regarding root
No leads for now. We can create /data/local.prop using the ICS/JB restore technique, but unfortunately the new firmware is completely ignoring either this file or the ro.kernel.qemu property.
If I understood the google translated Japanese correctly, this guy got to the same conclusion, and is now looking for other solutions. I wish him luck because after spending the day on this I have to get back to my real work
http://blog.huhka.com/2012/09/arrows-tab-lte-f-01d-icsshell-root.html

Temporary Root
This link in xda works to get a temporary root:
http://forum.xda-developers.com/showthread.php?t=1886310
i think to get permanent root, need the lsm_disabler.ko for ICS kernel.
Update:
ICS kernel has blocked loading kernel modules; so cannot insmod a custom kernel.
so cannot remount /system, and cannot get permanent root..
shame on the dandroids..

Post upgrade restart errors?
Hi, slightly off-topic but related - has anyone had issues after upgrading with google maps? Whenever I start google maps it will hang and then restart my tablet.
Essentially google maps is now unusable which is very annoying. Please let me know if anyone has experienced this too and if so if they have a solution to the problem.
Many thanks in advance!

I lost boot after upgrade the device to ICS :crying:
anyone help me repaid boot
Thanks:laugh:

longdau12 said:
I lost boot after upgrade the device to ICS :crying:
anyone help me repaid boot
Thanks:laugh:
Click to expand...
Click to collapse
Help me :crying:

macexplorer said:
This link in xda works to get a temporary root:
http://forum.xda-developers.com/showthread.php?t=1886310
i think to get permanent root, need the lsm_disabler.ko for ICS kernel.
Update:
ICS kernel has blocked loading kernel modules; so cannot insmod a custom kernel.
so cannot remount /system, and cannot get permanent root..
Click to expand...
Click to collapse
FINALLY..ROOT on F-01D for V08R31A
I hope someone is still using the F-01D. So here's to you diehards.
After many many failed attempts, i finally managed to get a more permanent root.
Probably others have got this to root, but I havent seen anything come up via searches.
Main stumbling block has been in getting the address of 'ptmx_fops'. Finally got it thro, rootkitXperia_20131207.zip (get_root..this prints but fails in ptrace; ptrace is blocked in f01d)
I have just managed to get a permanent root. The steps maybe little approx. Do verify and let me know. Its non-destructive, so no harm done.
but do at your own risk..and other standard disclaimers apply
Steps:
1. do the temp root as per : http://forum.xda-developers.com/showpost.php?p=33071441&postcount=3
2. get the exploit source from https://github.com/fi01/unlock_security_module
(recursive download)
3. compile the source. this will generate a libs/armeabi/unlock_security_module binary
4. add the following recs to the device_database/device.db
these are kallsyms kern func addresses; most are avail direct from kallsyms, except for ptms_fops.
Code:
sqlite3 device_database/device.db
insert into supported_devices values(187,'F-01D','V08R31A');
insert into device_address values(187,'commit_creds',3221986012);
insert into device_address values(187,'prepare_kernel_cred',3221985196);
insert into device_address values(187,'ptmx_fops',3229222484);
insert into device_address values(187,'remap_pfn_range',3222251308);
insert into device_address values(187,'vmalloc_exec',3222293708);
5. push device.db and unlock_security_module to /data/local/tmp/
6. simply run from /data/local/tmp: ./unlock_security_module as the root obtained temp earlier.
7. after sometime, this will say LSM disabled!!
8. now remount /system as rw. carefully copy su binary to /system/xbin/ (pref use the latest version from SuperSu).
Also copy Superuser.apk to /system/app
>>carefully copy means: chown/chgrp /system/xbin/su to "0"; set perms: chmod 06755 /system/xbin/su.
9. copy busybox from /data/local/tmp to /system/xbin; and install (./busybox --install -s /system/xbin/
10. At this stage, su doesnt seem to work for newer shell connections (must do _su and then su). probably due to the exploit messing up the kernel.
11. reboot. and enjoy your newly permanent rooted status.
12. after reboot, still cannot do system remount as lsm is back to original. rerun the unlock_security_module should disable this.
maybe even move this to /system/xbin/;
But this seems to destabilise the system.
Its not possible to use a lsm disabler ko insmod. the kernel sec mech validates the module with path and hash.
So it has to be: unlock security; do your thing with /system etc., reboot.
(not sure yet if any changes to /system/buid.prop will help)
Do let me know how this works out and point out errors in the steps.
And as luck would have it there is a new ICS release out on 5-Feb.
https://www.nttdocomo.co.jp/support/utilization/product_update/list/f01d/index.html
http://spf.fmworld.net/fujitsu/c/update/nttdocomo/f-01d/update1/top/data/download.html
(F01D_TO_SP_ICS2.zip)
This moves the version to V12R33B.
Do not hazard to update to this, if you want to keep this root. this release probably fixes many of the exploits.
the wifi model seems to have got 4.1..wonder is something will trickle down to f01d.

[Q] Bricked with adb access, no root

So I bricked my Kinde Fire HDX by changing the build.prop and not fixing permissions. I have adb access but no root (I don't know why :S). Would a factory reset work? If not, how can I get to fix the build.prop or replace it with the old one? thank very much, I've been a couple hours looking for solution but I couldn't find any.

No, a factory reset would only break it further. It would remove your adb access and not fix anything. What makes you think you lost root? Have you tried "adb shell" then "su"?
Sent from my Amazon Tate using Tapatalk

r3pwn said:
No, a factory reset would only break it further. It would remove your adb access and not fix anything. What makes you think you lost root? Have you tried "adb shell" then "su"?
Sent from my Amazon Tate using Tapatalk
Click to expand...
Click to collapse
I used the HDX ToolKit v0.92 to check the root access, and it said "Please grant root on your device"
I've also tried "adb shell", and then "su", but it just returns "su" again. I am new with adb commands so I don't really know what it should show.
Thank you very much for your help

May I ask what version you were on before you bricked?
Sent from my Amazon Tate using Tapatalk

14.3.2.3.2, last update I think.

?
peter_b93 said:
14.3.2.3.2, last update I think.
Click to expand...
Click to collapse
Fixed?

jimyv said:
Fixed?
Click to expand...
Click to collapse
Nope, I couldn't find any way to get root acces again. But nevermind, my new kindle fire will be here in two days. I am surprised how well amazon costumer service works. Even though I bought my kindle in the US and now I am in Spain (not going back), they called me from the US for free, and they are paying all the shipping costs and sending it by priority shipping.
I am still interested if anyone knows how to fix it, just for fun

well
peter_b93 said:
Nope, I couldn't find any way to get root acces again. But nevermind, my new kindle fire will be here in two days. I am surprised how well amazon costumer service works. Even though I bought my kindle in the US and now I am in Spain (not going back), they called me from the US for free, and they are paying all the shipping costs and sending it by priority shipping.
I am still interested if anyone knows how to fix it, just for fun
Click to expand...
Click to collapse
It sounds like to me that you still root access you just were not mounted RW in other words it would not boot up completely so you could hit allow to the adb Shell. So you will have to mount system rw manually Try last 3 pages of this thread http://forum.xda-developers.com/showthread.php?t=2588608. He can fix you most likely if you can comprehend and follow directions.. or if ur understanding adb is fair you'll be able to probably extract your repair from the thread as is.

jimyv said:
It sounds like to me that you still root access you just were not mounted RW in other words it would not boot up completely so you could hit allow to the adb Shell. So you will have to mount system rw manually Try last 3 pages of this thread http://forum.xda-developers.com/showthread.php?t=2588608. He can fix you most likely if you can comprehend and follow directions.. or if ur understanding adb is fair you'll be able to probably extract your repair from the thread as is.
Click to expand...
Click to collapse
I've tried what it is said in the other thread. However, the problem there is that the guy cannot get his device to be recognized.
I've tried this:
adb root
adb shell
su
mount -o rw,remount /system *****- if this fails, try: mount -o remount /system
chmod 644 /system/build.prop
chown root.root /system/build.prop
reboot
But adb root gives me this error:
adbd cannot run as root in production builds
On the other hand if I skip the "adb root" step I cannot go further than "su" since I don't get the "[email protected]:/ #" line.

well
peter_b93 said:
I've tried what it is said in the other thread. However, the problem there is that the guy cannot get his device to be recognized.
I've tried this:
adb root
adb shell
su
mount -o rw,remount /system *****- if this fails, try: mount -o remount /system
chmod 644 /system/build.prop
chown root.root /system/build.prop
reboot
But adb root gives me this error:
adbd cannot run as root in production builds
On the other hand if I skip the "adb root" step I cannot go further than "su" since I don't get the "[email protected]:/ #" line.
Click to expand...
Click to collapse
Well since you do have ADB connectivity why can't you hook a bruting utility and push root ? Romaster_3.4.3.7593_Setup use as describe back in the roll back thread and the rooting thread 4 the new yes I kno wat is in chinese but this is the 1 that you must use sent you cannot install the apk install software plugin your tablet look at the upper right corner you will see an gear icon tap that then second row down second icon over "root"

jimyv said:
Well since you do have ADB connectivity why can't you hook a bruting utility and push root ? Romaster_3.4.3.7593_Setup use as describe back in the roll back thread and the rooting thread 4 the new yes I kno wat is in chinese but this is the 1 that you must use sent you cannot install the apk install software plugin your tablet look at the upper right corner you will see an gear icon tap that then second row down second icon over "root"
Click to expand...
Click to collapse
FIXED!!!!!
The chinese software worked! Thank you very much! As I first rooted with towelroot I wasn't aware that it was possible to root without booting into android! I think I won't edit the build.prop again lol.

peter_b93 said:
FIXED!!!!!
The chinese software worked! Thank you very much! As I first rooted with towelroot I wasn't aware that it was possible to root without booting into android! I think I won't edit the build.prop again lol.
Click to expand...
Click to collapse
Ok now use this http://forum.xda-developers.com/showthread.php?t=2532818 and uninstall romanager from pc...and reboot... And BTW modifying your build prop is alot easier useing build prop editing app. It takes care of permissions anyway as long as you entrys are correct..

jimyv said:
Ok now use this http://forum.xda-developers.com/showthread.php?t=2532818 and uninstall romanager from pc...and reboot... And BTW modifying your build prop is alot easier useing build prop editing app. It takes care of permissions anyway as long as you entrys are correct..
Click to expand...
Click to collapse
Good call on RomMaster. I have no idea what it is doing since I haven't had any time to look at it, but I'd figured it was an app like TR. At any rate, nicely done. :good:

sweet
GSLEON3 said:
Good call on RomMaster. I have no idea what it is doing since I haven't had any time to look at it, but I'd figured it was an app like TR. At any rate, nicely done. :good:
Click to expand...
Click to collapse
I'm not sure either that's why when I used it I was on a blacklisted unit and I kept the PC and the tablet and airplane mode at all times. Until I was certain I got all the files off of both before I let them go to Wi-Fi Chinese files that is.. But one thing I was very curious about is if you open that tool up the Chinese tool that is an you go to the same page you would hit the anchor to root to your device just below that it says fastboot I'm wondering if they have a fastboot working for also too bad nobody here know Chinese..

[HOWTO] Unbrick your device

This unbricking method requires that you have adb working and have root access.
First, download the latest system update for your device.
For the 7" HDX, they are posted at
http://www.amazon.com/gp/help/customer/display.html?nodeId=201357190.
For the 8.9" HDX, they are posted at
http://www.amazon.com/gp/help/customer/display.html/ref=hp_left_v4_sib?ie=UTF8&nodeId=201357220.
Now, please note that I DO NOT have a Kindle Fire HDX, so if this doesn't work, let me know and I will remove it immediately.
Try these commands:
Code:
adb shell
su
mount -o rw,remount /cache
mkdir /cache/recovery
echo install /cache/kindleupdate.bin > /cache/recovery/openrecoveryscript
chmod 0777 /cache/recovery/openrecoveryscript
exit
exit
adb push your-downloaded-update.bin /cache/kindleupdate.bin
adb reboot recovery
The only thing that you have to do is replace "your-downloaded-update.bin" with the path to your downloaded update. (To make it easier and avoid typos, I always just drag and drop the file into the terminal/command prompt window.)
Please also note that IT IS OKAY if the command "mkdir /cache/recovery" fails, as long as the error message says file already exists or something along those lines.
If this helped you repair your beloved HDX, feel free to hit that "Thanks" button.
Sent from my Nexus 7 using Tapatalk

We really did need this excellent thank you very much!

jimyv said:
We really did need this excellent thank you very much!
Click to expand...
Click to collapse
I still don't know whether this works or not. There's no reason it shouldn't work, but you never actually know until you try.
Sent from my Nexus 7 using Tapatalk

Sorry for the dumb question, but when you say try those commands, where do you enter them?

Let's Note. Comback to 4rum.xda....
Big thank for your method, Senior r3pwn

dburns865 said:
Sorry for the dumb question, but when you say try those commands, where do you enter them?
Click to expand...
Click to collapse
I have the same question with you

wow
danhvt said:
I have the same question with you
Click to expand...
Click to collapse
I'm sorry guys but if you really need to ask this then you probably shouldn't have been modifying your devices in the first place http://forum.xda-developers.com/showthread.php?t=2786190

Fix Bricked
Sorry, Im slightly confused, how are we able to fix the device with ADB if it is bricked? Mine will not get past the white "Kindle Fire" page, any ideas?

i will test this tonight. Bricked my kindle hdx but my wife has a working one so hoping if this doesn't fix mine i can somehow use her system files to fix mine.
thanks and will update tonight!

It worked for me
r3pwn said:
This unbricking method requires that you have adb working and have root access.
First, download the latest system update for your device.
For the 7" HDX, they are posted at
For the 8.9" HDX, they are posted at
Now, please note that I DO NOT have a Kindle Fire HDX, so if this doesn't work, let me know and I will remove it immediately.
Try these commands:
Code:
adb shell
su
mount -o rw,remount /cache
mkdir /cache/recovery
echo install /cache/kindleupdate.bin > /cache/recovery/openrecoveryscript
chmod 0777 /cache/recovery/openrecoveryscript
exit
exit
adb push your-downloaded-update.bin /cache/kindleupdate.bin
adb reboot recovery
The only thing that you have to do is replace "your-downloaded-update.bin" with the path to your downloaded update. (To make it easier and avoid typos, I always just drag and drop the file into the terminal/command prompt window.)
Please also note that IT IS OKAY if the command "mkdir /cache/recovery" fails, as long as the error message says file already exists or something along those lines.
If this helped you repair your beloved HDX, feel free to hit that "Thanks" button.
Sent from my Nexus 7 using Tapatalk
Click to expand...
Click to collapse
Thanks dude, it worked for me. I mistakenly formated data after wiping system so I stuck in safestrap recovery. I transfered a stock Rom through ADB but It failed while flashing... because there was some kinda problem with Cache partition... so i tried your method and it worked... but i made a little change in last Commands... I gave it "EXIT" command only 1 time and did not give the command "ADB reboot Recovery"... I recommend you guys to manually boot to safestrap recovery after quitting CMD.... Ahhh my device is Kindle Fire HDX 7"

root not required?
Thanks, r3pwn, this works well. Nice, easy instructions that should be instructive to anybody messing with their device.
This helped me after a botched update to newer Amazon firmware. Quick question though: It seems like you don't really need to be root / use su to do these steps. I had lost su in that update but was able to execute the rest of the adb commands without root. I guess that should be the same for anyone who doesn't have root, right?

scaftogy said:
Thanks, r3pwn, this works well. Nice, easy instructions that should be instructive to anybody messing with their device.
This helped me after a botched update to newer Amazon firmware. Quick question though: It seems like you don't really need to be root / use su to do these steps. I had lost su in that update but was able to execute the rest of the adb commands without root. I guess that should be the same for anyone who doesn't have root, right?
Click to expand...
Click to collapse
Do you mean I can use this way to downgrade my firmware?

Thanks. but i have question now.
does it work on 4.5.2? as my friend remove the framework-res, and get it bricked T_T.

r3pwn said:
This unbricking method requires that you have adb working and have root access.
First, download the latest system update for your device.
For the 7" HDX, they are posted at
http://www.amazon.com/gp/help/customer/display.html?nodeId=201357190.
For the 8.9" HDX, they are posted at
http://www.amazon.com/gp/help/customer/display.html/ref=hp_left_v4_sib?ie=UTF8&nodeId=201357220.
Now, please note that I DO NOT have a Kindle Fire HDX, so if this doesn't work, let me know and I will remove it immediately.
Try these commands:
Code:
adb shell
su
mount -o rw,remount /cache
mkdir /cache/recovery
echo install /cache/kindleupdate.bin > /cache/recovery/openrecoveryscript
chmod 0777 /cache/recovery/openrecoveryscript
exit
exit
adb push your-downloaded-update.bin /cache/kindleupdate.bin
adb reboot recovery
The only thing that you have to do is replace "your-downloaded-update.bin" with the path to your downloaded update. (To make it easier and avoid typos, I always just drag and drop the file into the terminal/command prompt window.)
Please also note that IT IS OKAY if the command "mkdir /cache/recovery" fails, as long as the error message says file already exists or something along those lines.
If this helped you repair your beloved HDX, feel free to hit that "Thanks" button.
Sent from my Nexus 7 using Tapatalk
Click to expand...
Click to collapse
hi,
any glue what went wrong with a permission denied? everything in the adb shell session was ok, but adb push says (after several minutes!):
Code:
D:\adb_fastboot>adb push update-kindle-13.3.1.0_user_310079820.bin /cache/kindleupdate.bin
failed to copy 'update-kindle-13.3.1.0_user_310079820.bin' to '/cache/kindleupdate.bin': Permission denied

sn123py said:
hi,
any glue what went wrong with a permission denied? everything in the adb shell session was ok, but adb push says (after several minutes!):
Code:
D:\adb_fastboot>adb push update-kindle-13.3.1.0_user_310079820.bin /cache/kindleupdate.bin
failed to copy 'update-kindle-13.3.1.0_user_310079820.bin' to '/cache/kindleupdate.bin': Permission denied
Click to expand...
Click to collapse
No, sorry, I don't even have this device. There are newer, better ways to unbrick now.

I think trying to find eMMC pointer

i have tried this.. but when rebooting it takes me back to recovery menu with 2 options.
1. reboot
2.reset
whichever i chose, still takes me back to boot loop (animated logo)
any ideas?

does this method require TWRP? As i cant get this working..

Ali Ejea Mc said:
Thanks dude, it worked for me. I mistakenly formated data after wiping system so I stuck in safestrap recovery. I transfered a stock Rom through ADB but It failed while flashing... because there was some kinda problem with Cache partition... so i tried your method and it worked... but i made a little change in last Commands... I gave it "EXIT" command only 1 time and did not give the command "ADB reboot Recovery"... I recommend you guys to manually boot to safestrap recovery after quitting CMD.... Ahhh my device is Kindle Fire HDX 7"
Click to expand...
Click to collapse
I was trying to root my Kindle fire HDX 7 for android apps and google apps on it. it was successfully rooted and google play services working on it perfectly. Than suddenly google play stop working on it. but games installed on it working properly. Then i go to recovery option and press the Wipe button "Cache and Dalvik Cache". after that my Kindle fire HDX 7 boot and stuck on Kindle fire starting Grey logo. I tried to factory reset but still keep stuck on start logo. While connected to PC, only hear one connectivity beep with PC and in device manager only shows connectivity as MTP USB device. But no device show in my computer. Snapshot attached. Please assist any solution. I am not familiar with developer language. So please assist step by step.. Thanks

My Kindle fire HDX 7 i think bricked any solution?
I was trying to root my Kindle fire HDX 7 for android apps and google apps on it. it was successfully rooted and google play services working on it perfectly. Than suddenly google play stop working on it. but games installed on it working properly. Then i go to recovery option and press the Wipe button "Cache and Dalvik Cache". after that my Kindle fire HDX 7 boot and stuck on Kindle fire starting Grey logo. I tried to factory reset but still keep stuck on start logo. While connected to PC, only hear one connectivity beep with PC and in device manager only shows connectivity as MTP USB device. But no device show in my computer. Snapshot attached. Please assist any solution. I am not familiar with these developer language. So please assist step by step.. I tried below command but su Permission denied.

[ROOT] How to Root the ZTE ZMAX [KK][ALL VARIANTS]

Yep, you read that right and I'm not trolling. THE ZMAX IS ROOTED!!
Discaimer and N00Bproof warning:
We have root, yes, but that doesn't mean get hasty. At the moment, there are partition images (system, boot and recovery) in my and other users' possession (free of access to all), but we don't have a working recovery at the moment and this process involves deleting the stock recovery (it will make sense later). So, if you screw up and get root-happy, there's no way to recover until we get a recovery and a custom rom, and even then you might be screwed because we don't have access to the bootloader to use fastboot. Things may change, but root-use with caution.​
Also, once you root, DO NOT TAKE ETAs from T-Mo and ZTE!!!!!!! Now that we have root, we can capture the OTA and make it root-friendly. To make a long story short, the updater-script (thing that tells your recovery where and how to flash stuff) has a list of stuff it has to... well... flash. If you, for example, delete the stock ZTE Music app, and the ETA replaces the app with a new version, it's going to stop (because the script requires a REPLACEMENT and not a PLACEMENT, computers don't have the best common sense), then it will interrupt and you will likely be bricked. This shouldn't be a problem because you don't have a recovery to begin with, but I'm not taking chances here.
NOW! Let's Root. This is a long process, so don't expect to do anything for a good 10-20 minutes.
FIRST: KINGROOT​
This is one of those things where your mileage may very, there have been many different ways to get KingRoot (not King"O"Root, two different apps) to work, but this one was the one that worked for me. I'll also place alternate KingRoot methods in the second post if you wanna try those. Just for the sake of knowledge, this was run on a T-Mobile ZTE ZMAX, Android 4.4.2, build 22. I don't know if it makes a difference that I factor reset my phone before doing another round of root attempts (not this one specifically, maybe a couple hours worth of attempts).
Credits to @fire3element for this method.
1) Download KingRoot APK from here (the first one with the image of the phone if you are on the desktop site).
2) Install KingRoot and run it. It will restart the phone, and it will fail (or, if you have some Android God luck, it may succeed), this is supposed to happen.
3) Clear KingRoots cache and data (in that order) and power off the phone (not reboot). Then, power it back on again.
4) Now this is where things get... well complicated for this part. You are going to need to load your RAM with a bunch of processor heavy stuff. The person that made this method used CounterSpy and Final Fantasy Type-0 in the PPSSPP v1.0.1-411 emulator, but for those of you that don't have access to that, get creative and load up. Here is what I had running (all at the same time, mind you).
Note: Force Stop Task Manager in the app settings first or it will purge to free memory automatically and this won't work.
1. Next Launcher Lite
2. Apex Launcher
3. Nova Launcher
4. Cheetah Launcher
5. CM Launcher
6. Mi Launcher
7. 25 tabs on Google Chrome (No joke)
8. Both Temple Runs
9. Fruit Ninja
10. Google Play Store
11. Google Now
12. Google Play
13. Amazon
14. Google Play Music
Mine was definitely a bit extreme but I knew all of this stuff would guarantee a good memory hogging.
5) Run all of your apps at the same time. The TL;DR for this is that apparently it's some exploit that the app uses as a buffer overflow. Now, go to settings and Force Stop KingRoot. Then Run it again. If it works, you should go from 0 to 100 real quick (no pun intended). It shouldn't progess slowly or reboot the phone to do this, but your journey does not stop here.
Click to expand...
Click to collapse
If you did it correctly, the screen from a successful root will have a green checkmark. Run RootChecker to verify root status.
SECOND: PERMA-ROOT​
Now you need to permanently root the phone. This method was all @jcase, and simplified by another user. I encourage you to read JCase's original G+ post to learn something, as this guy is the master of exploits, and we are on XDA to learn.
Credits to @xtremeasure for the simplification of JCase's process.
1) Plug phone into computer...
2) Open cmd type "adb shell" (without quotes, moving forward, type all commands without quotes). This will open a terminal for the phone.
3) While in ADB Shell, type "su" to gain root shell privileges
4) Type "getprop ro.build.fingerprint"
Output for that command should be...
zte/P892T57/draconis:4.4.2/KVT49L/20140804.141306.18686:user/release-keys (the part with P892T57 may be different depending on what model ZMAX You have). If you haven't updated that number will be different, this ok, just replace the number in the next command with whatever your output is.
5) type "setprop persist.sys.k P892T57"
6) type "getprop persist.sys.k" and your output should be your build number
7) type "cd /dev/block/platform/msm_sdcc.1/by-name/" to change directories so that we can back up your recovery image (remember I said something about that?) and set the boot to our recovery partition.
8) type "dd if=recovery of=/sdcard/recovery.img" to backup the recovery image.
9) type "dd if=boot of=recovery" to set recovery as boot. Another TL;DR is that this disables the write protection set by the stock recovery, allowing you to write to the system. It will mount the /system partition upon boot.
DELETE KINGUSER NOW
10) type "reboot recovery" and restart your phone. YOU MUST RESTART WITH THIS COMMAND!!!!! It will boot straight into Android, this is good, that means you haven't screwed up anything.
11) Reopene the adb shell (using "adb shell") in your command prompt or terminal (for OSX and Linux) and type "Id". If your output is "uid=0(root) gid=0(root) context=u:r:shell:s0" then It worked...
12) Remount system as writable "mount -o rw,remount /system"
13) Manual install for supersu you can get that here: http://download.chainfire.eu/supersu
14) Type "exit" into the terminal/command and it should drop you back to your normal cmd...unzip the su zip anywhere you want in your cmd switch to that directory...
14B) I advise taking the "su" binary and "install-recovery.sh" file from the superSU folder you downloaded and putting them in the same place (on the desktop or wherever your adb.exe is if you didn't set $PATH on your computer). su can be found in the "arm" folder and install-recovery.sh can be found in the "common" folder. It is important to note that where ever your files are, you will have to type that path (if it isn't in the same directory as your adb). So, as an example, I put mine on the desktop, so I have to type "adb push ~/Desktop/su /data/local/tmp/su". If you do not know how to do that, then stop what you are doing and research it, as that's just too much to explain.
15) "adb push su /data/local/tmp/su"
16) "adb push install-recovery.sh /data/local/tmp"
17) Reenter adb shell with "adb shell"
18) Make sure system is mounted writable with "mount -o remount,rw /system"
19) Move the so files into place with these commands
"cat /data/local/tmp/su > /system/xbin/su"
"cat /data/local/tmp/su > /system/xbin/daemonsu"
"cat /data/local/tmp/install-recovery.sh > /system/etc/install-recovery.sh"
20) Give them all permissions
"chmod 755 /system/xbin/su"
"chmod 755 /system/xbin/daemonsu"
"chmod 755 /system/etc/install-recovery.sh"
21) Reboot your phone to complete install with "reboot"
22) After rebooting go into the play store and install the supersu app. It's going to tell you the su binary is out of date to fix that we need to open the adb shell on our pc again with "adb shell"
23) Reboot into recovery (you're really rebooting the system with r/w privileges) using "reboot recovery"
24) Once rebooted open the app and update your binaries one finished reboot add your done 100% perm rooted
Click to expand...
Click to collapse
Now, you are rooted! If you did everything right, you should be good. Now people are going to ask, "Is there a script for this?" The short answer is No, don't hold your breath for something immediate. There was a user that said he would be happy to make one for the second half, but the writing, testing and verification of success alone on that will take some time, as the wrong line of code can make you end up with a good old fashioned paperweight. I can verify Xposed works fine, Viper4Android works fine, and if you try to delete system apps, they will just reinstall themselves (I recommend using "System App Remover (ROOT)" on the play store, as it will actually tell you which apps are and aren't safe to install. If you have any questions, after searching of course, feel free to ask. If I can't answer, some freaking body can lol.
CREDITS:
@tech_yeet for showing us the KingRoot
@jcase for his amazing work
@xtremeasure for his method
@fire3element for his method
@the zMAX Community for staying dedicated when the going got tough, it's been a long road. Here's to custom roms and a TWRP recovery!
Please share this with others, as there is a big community of people begging for this info, let's share the love . If I forgot to credit you, let me know and I'll fix that!
ADDITIONAL INFORMATION
If you by some chance flash the TWRP Recovery Image (found in post 2), and would like to revert back to root ability (being able to write to system). Please follow the steps below:
1. cd /dev/block/platform/msm_sdcc.1/by-name
2. su
3. dd if=/sdcard/recovery.img of=recovery
4. reboot recovery
Please make sure you have the recovery in your sdcard root folder.

Alternate Root Methods and ZTE Custom ROMs/Kernels/etc
If the above first part doesn't work for you, you can find alternative root methods
Alternate Method 1 HERE
Alternate Method 2 HERE
As I see more added, I'll add them here.
CUSTOM STUFF​
TWRP Image for ZTE ZMAX

Q&A/Other [UDPATED MAY 13, 2015 @ 5:45PM]
If A question is asked and you feel like it needs to be here, please tag or DM me with the Q AND THE A so that I can do so.
OTHER:
Original Discussion Thread for the ZTE ZMAX
Please see fire3element's post on what each screen in the KingRoot app means
WHAT THE SCREENS MEAN IN THE APP

That's a whole lot to swallow but I'm glad to see y'all can finally get rooted. Definitely not a method for noobs or the faint of heart but its a HUUUGE step in the right direction. Thanks to everyone responsible for this.

Hroark13 has TWRP - http://androidforums.com/threads/zte-zmax-twrp.918537/

mingolianbeef said:
Yep, you read that right and I'm not trolling. THE ZMAX IS ROOTED!!
Discaimer and N00Bproof warning:
We have root, yes, but that doesn't mean get hasty. At the moment, there are partition images (system, boot and recovery) in my and other users' possession (free of access to all), but we don't have a working recovery at the moment and this process involves deleting the stock recovery (it will make sense later). So, if you screw up and get root-happy, there's no way to recover until we get a recovery and a custom rom, and even then you might be screwed because we don't have access to the bootloader to use fastboot. Things may change, but root-use with caution.​
Also, once you root, DO NOT TAKE ETAs from T-Mo and ZTE!!!!!!! Now that we have root, we can capture the OTA and make it root-friendly. To make a long story short, the updater-script (thing that tells your recovery where and how to flash stuff) has a list of stuff it has to... well... flash. If you, for example, delete the stock ZTE Music app, and the ETA replaces the app with a new version, it's going to stop (because the script requires a REPLACEMENT and not a PLACEMENT, computers don't have the best common sense), then it will interrupt and you will likely be bricked. This shouldn't be a problem because you don't have a recovery to begin with, but I'm not taking chances here.
NOW! Let's Root. This is a long process, so don't expect to do anything for a good 10-20 minutes.
FIRST: KINGROOT​
This is one of those things where your mileage may very, there have been many different ways to get KingRoot (not King"O"Root, two different apps) to work, but this one was the one that worked for me. I'll also place alternate KingRoot methods in the second post if you wanna try those. Just for the sake of knowledge, this was run on a T-Mobile ZTE ZMAX, Android 4.4.2, build 22. I don't know if it makes a difference that I factor reset my phone before doing another round of root attempts (not this one specifically, maybe a couple hours worth of attempts).
Credits to @fire3element for this method.
If you did it correctly, the screen from a successful root will have a blue envelope with a checkmark. Run RootChecker to verify root status.
SECOND: PERMA-ROOT​
Now you need to permanently root the phone. This method was all @jcase, and simplified by another user. I encourage you to read JCase's original G+ post to learn something, as this guy is the master of exploits, and we are on XDA to learn.
Credits to @xtremeasure for the simplification of JCase's process.
Now, you are rooted! If you did everything right, you should be good. Now people are going to ask, "Is there a script for this?" The short answer is No, don't hold your breath for something immediate. There was a user that said he would be happy to make one for the second half, but the writing, testing and verification of success alone on that will take some time, as the wrong line of code can make you end up with a good old fashioned paperweight. I can verify Xposed works fine, Viper4Android works fine, and if you try to delete system apps, they will just reinstall themselves (I recommend using "System App Remover (ROOT)" on the play store, as it will actually tell you which apps are and aren't safe to install. If you have any questions, after searching of course, feel free to ask. If I can't answer, some freaking body can lol.
CREDITS:
@tech_yeet for showing us the KingRoot
@jcase for his amazing work
@xtremeasure for his method
@fire3element for his method
@the zMAX Community for staying dedicated when the going got tough, it's been a long road. Here's to custom roms and a TWRP recovery!
Please share this with others, as there is a big community of people begging for this info, let's share the love . If I forgot to credit you, let me know and I'll fix that!
Click to expand...
Click to collapse
I have followed EVERYTHING step by step over and over again, and yet i still cant get this to work.
Basically, everything is fine up until reboot recovery.
it goes into android, but i dont start off as root, i start off as if i wasnt rooted, and i always have to do "su" to gain privledges.
afterwards, mount -o remount,rw /system/ does work but i cant write to it still for some reason.
has anyone else gotten this!? have any of you got a clue how to fix?

Here is some more info for those of you wondering what the KingRoot app is doing.
Screenshots will follow.
Text ABOVE the screenshot is for the image directly under it.
Let's begin -------------->
FIRST SCREEN WHEN YOU OPEN KINGROOT
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
SECOND SCREEN
- CLICK BUTTON TO BEGIN ROOT -
ROOTING IN PROGRESS...
ROOT FAILURE
[Blue Button]: SUBMIT (submits the error report to KingRoot devs)
ROOT FAILURE
ROOT FAILURE
NO DATA CONNECTION (WiFi or cellular singnal required)
[Blue Button]: ANDROID SETTINGS MENU
SUCCESSFUL ROOT
IF YOU SEE THIS MESSAGE POP UP DURING ROOTING, JUST LEAVE IT ALONE. LET THE ROOT FINISH
SUCCESSFUL ROOT
[trash can]: [...]: [...]:
SUCCESSFUL ROOT
[Blue Button]: PURIFICATION (I believe this is similar to fixing permissions)
- CLICK IT AND LET IT RUN -
^ from clicking blue button above ^
PURIFICATION PROCESS

xIP- said:
I have followed EVERYTHING step by step over and over again, and yet i still cant get this to work.
Basically, everything is fine up until reboot recovery.
it goes into android, but i dont start off as root, i start off as if i wasnt rooted, and i always have to do "su" to gain privledges.
afterwards, mount -o remount,rw /system/ does work but i cant write to it still for some reason.
has anyone else gotten this!? have any of you got a clue how to fix?
Click to expand...
Click to collapse
Should just be mount -o remount,rw /system
No extra slash
Sent from my Z970 using XDA Free mobile app
---------- Post added at 04:40 PM ---------- Previous post was at 04:36 PM ----------
I would the recovery image restore commands added.. If people feel the need to recover and try again they should run these
cd /dev/block/platform/msm_sdcc.1/by-name
su
dd if=/sdcard/recovery.img of=recovery
reboot recovery
*edited to remove a potentially harmful commands per jcase's advice*
Sent from my Z970 using XDA Free mobile app

xtremeasure said:
Should just be mount -o remount,rw /system
No extra slash
Sent from my Z970 using XDA Free mobile app
---------- Post added at 04:40 PM ---------- Previous post was at 04:36 PM ----------
I would the recovery image restore commands added.. If people feel the need to recover and try again they should run these
cd /dev/block/platform/msm_sdcc.1/by-name
su
dd if=boot of=boot
dd if=/sdcard/recovery.img of=recovery
reboot recovery
Sent from my Z970 using XDA Free mobile app
Click to expand...
Click to collapse
even with just one slash I still have a problem
Sent from my Z970 using XDA Free mobile app

Ok, so I am about to flash back the stock recovery from my backup and see if I can go through all these steps again to figure out what is going wrong.
I have a theory as to where and why KingUser is locking down SU in xbin. After I restore stock recovery, I will then Factory Reset and attempt to log my progress.
Stay tuned and I will try to report back later today. Hopefully with more insight on this problem.
@xIP-
Are you talking about pushing "su" , "daemonsu" , and "install-recovery.sh" files to /system ?
Keeps saying permission denied?
If that is the case, you can not. KingUser has a lock on system and is already in place as SU in /system/xbin
You will most likely need to factory reset and try again.
---------- Post added at 12:57 PM ---------- Previous post was at 12:37 PM ----------
UPDATE UPDATE!!!
Do not run the dd if=boot of=boot command
Could brick your device. As per Jcase warning. Wait for more info

fire3element said:
Ok, so I am about to flash back the stock recovery from my backup and see if I can go through all these steps again to figure out what is going wrong.
I have a theory as to where and why KingUser is locking down SU in xbin. After I restore stock recovery, I will then Factory Reset and attempt to log my progress.
Stay tuned and I will try to report back later today. Hopefully with more insight on this problem.
@xIP-
Are you talking about pushing "su" , "daemonsu" , and "install-recovery.sh" files to /system ?
Keeps saying permission denied?
If that is the case, you can not. KingUser has a lock on system and is already in place as SU in /system/xbin
You will most likely need to factory reset and try again.
---------- Post added at 12:57 PM ---------- Previous post was at 12:37 PM ----------
UPDATE UPDATE!!!
Do not run the dd if=boot of=boot command
Could brick your device. As per Jcase warning. Wait for more info
Click to expand...
Click to collapse
Remember remove kinguser after you run the dd commands but before you reboot recovery...
Sent from my Z970 using XDA Free mobile app

xtremeasure said:
Remember remove kinguser after you run the dd commands but before you reboot recovery...
Click to expand...
Click to collapse
Just so this is clear... full Root uninstall through the KingUser app, or just uninstall it through android app settings menu.
^ In case someone else has the same question ^

fire3element said:
Just so this is clear... full Root uninstall through the KingUser app, or just uninstall it through android app settings menu.
^ In case someone else has the same question ^
Click to expand...
Click to collapse
I would do a full root uninstall....
The backdoor keeps root for adb so installing the new su shouldn't be an issue
Sent from my Z970 using XDA Free mobile app

Got it. Will report back after this headache is done. *slams head on desk*

I just read the boot flash advice, I am not going to do it because I know that's a stupid idea, but if it does in fact let us flash boot.IMG, omg overclocking, custom kernels, full read write, awesome recovery, dual boot custom Roms with custom kernels here we come.
Unlocked boot.IMG
Can you Ya hoooouoo
And subscribed.
Sent from my Z970
[email protected]:/ # id
uid=0(root) gid=0(root) context=u:r:init:s0

fire3element said:
Ok, so I am about to flash back the stock recovery from my backup and see if I can go through all these steps again to figure out what is going wrong.
I have a theory as to where and why KingUser is locking down SU in xbin. After I restore stock recovery, I will then Factory Reset and attempt to log my progress.
Stay tuned and I will try to report back later today. Hopefully with more insight on this problem.
@xIP-
Are you talking about pushing "su" , "daemonsu" , and "install-recovery.sh" files to /system ?
Keeps saying permission denied?
If that is the case, you can not. KingUser has a lock on system and is already in place as SU in /system/xbin
You will most likely need to factory reset and try again.
---------- Post added at 12:57 PM ---------- Previous post was at 12:37 PM ----------
UPDATE UPDATE!!!
Do not run the dd if=boot of=boot command
Could brick your device. As per Jcase warning. Wait for more info
Click to expand...
Click to collapse
Is there anyway to do it without a factory reset? Could I just remove kinguser? or it must be factory reset? and will I have to reroot with factory reset?
Sent from my Z970 using XDA Free mobile app

Sorry guys, kinda been running around all day, have a lot of catching up to do I see. I'll fix the thread with updated information that people have so generously contributed!

DroidisLINUX said:
I just read the boot flash advice, I am not going to do it because I know that's a stupid idea, but if it does in fact let us flash boot.IMG, omg overclocking, custom kernels, full read write, awesome recovery, dual boot custom Roms with custom kernels here we come.
Unlocked boot.IMG
Can you Ya hoooouoo
And subscribed.
Sent from my Z970
[email protected]:/ # id
uid=0(root) gid=0(root) context=u:r:init:s0
Click to expand...
Click to collapse
I know right!!! First hurdle... done... second hurdle, bootloader with no fastboot lmao...

a bit unclear on this
are we actually rebooting into recovery or its supposed to go straight back into the phone
i was never able to get into recovery
10) type "reboot recovery" and restart your phone. YOU MUST RESTART WITH THIS COMMAND!!!!! It will boot straight into Android, this is good, that means you haven't screwed up anything.
"cat /data/local/tmp/su > /system/xbin/su"
"cat /data/local/tmp/install-recovery.sh > /system/etc/install-recovery.sh"
getting permission denied when running this.
"chmod 755 /system/xbin/su"
"chmod 755 /system/etc/install-recovery.sh"
as well as operation denied or something along those lines. any help would be nice. also and running id on adb. its showing.
uid=0(root) gid=0(root) context=u:r:init:s0
rather than
uid=0(root) gid=0(root) context=u:r:shell:s0

xIP- said:
I have followed EVERYTHING step by step over and over again, and yet i still cant get this to work.
Basically, everything is fine up until reboot recovery.
it goes into android, but i dont start off as root, i start off as if i wasnt rooted, and i always have to do "su" to gain privledges.
afterwards, mount -o remount,rw /system/ does work but i cant write to it still for some reason.
has anyone else gotten this!? have any of you got a clue how to fix?
Click to expand...
Click to collapse
You have to exit adb shell to push files to /data/local/tmp, which does not require root. That was a major exploit in earlier android versions, as people would push scripts to /data/local/tmp without root, run the exploit in the directory, and it would root. That was patched of course, but that directory can be accessed without root. Once you use "reboot recovery" to reboot, then just plug your phone back up and type "adb shell" to which the phone should respond with a "#" instead of a "$". If you have the $, you are not root and need to go back. If you do, just be patient with it and make sure you are not just copying and pasting (I know this can be the root of the issue at times with command, just type it out). It should work, the second half is the easy part lol.

Factory reset rooted Fire HD?

How should I go about factory resetting my rooted, HD 7" that's running a different launcher? So that it can go back to as clean as possible and be updatable and used normally without bricking/dying. I heard it's dangerous to just use the native factory reset as it can end up with bricks.
Its running on some older firmware that was rootable not long after it became possible and is running Vire Launcher instead of the typical amazon launcher. I'd like to go back to Stock somehow.

Sorry for the double post but seriously no-one knows how to go back to fully default?

Shadowshinra said:
Sorry for the double post but seriously no-one knows how to go back to fully default?
Click to expand...
Click to collapse
For stock with no root:
Run these commands to unblock OTA:
Code:
adb shell pm unblock com.amazon.dcp and
adb shell pm unblock com.amazon.otaverifier
Also, look for /system/priv-app/deviceSoftwareOTA.apk and make sure the extension is (plain) "apk"
Put OS 5.1.2 onto /sdcard (not inside a folder) and press Update now in Device settings.
For latest stock with root, follow this root guide: http://forum.xda-developers.com/fire-hd/general/how-to-upgrade-to-lollipop-root-gapps-t3163950 without installing Gapps/xposed/makespace. If you're running OS 4.5.3 now you can use 5.2.0_stock_recovery_uboot.zip at step 10.

DoLooper said:
For stock with no root:
Run these commands to unblock OTA:
Code:
adb shell pm unblock com.amazon.dcp and
adb shell pm unblock com.amazon.otaverifier
Also, look for /system/priv-app/deviceSoftwareOTA.apk and make sure the extension is (plain) "apk"
Put OS 5.1.2 onto /sdcard (not inside a folder) and press Update now in Device settings.
For latest stock with root, follow this root guide: http://forum.xda-developers.com/fire-hd/general/how-to-upgrade-to-lollipop-root-gapps-t3163950 without installing Gapps/xposed/makespace. If you're running OS 4.5.3 now you can use 5.2.0_stock_recovery_uboot.zip at step 10.
Click to expand...
Click to collapse
Seems simple enough, the adb commands seemingly worked but I can't seem to rename the APK_ back into APK using ES file explorer, it just says renaming progress and the bar doesn't fill up.. so I haven't done the last step yet.

Shadowshinra said:
Seems simple enough, the adb commands seemingly worked but I can't seem to rename the APK_ back into APK using ES file explorer, it just says renaming progress and the bar doesn't fill up.. so I haven't done the last step yet.
Click to expand...
Click to collapse
Try rebooting and see if it got renamed. Are you sure you're rooted and have root explorer on in es file explorer? Maybe you used JMZ's Fire Tool to block OTA? See if you have it and try that for unblocking. Or, if rooted this command might work:
Code:
adb -d shell "su -c 'mount -o remount,rw /system; cd /system/priv-app/; mv DeviceSoftwareOTA.apk_ DeviceSoftwareOTA.apk'"
If you can't get it renamed, try doing the update. Don't think it'll work, but worth a shot. If it doesn't work, you'll need to boot twrp and install 5.1.1 or 5.1.2 from there: http://forum.xda-developers.com/showpost.php?p=62011272&postcount=2

DoLooper said:
Try rebooting and see if it got renamed. Are you sure you're rooted and have root explorer on in es file explorer? Maybe you used JMZ's Fire Tool to block OTA? See if you have it and try that for unblocking. Or, if rooted this command might work:
Code:
adb -d shell "su -c 'mount -o remount,rw /system; cd /system/priv-app/; mv DeviceSoftwareOTA.apk_ DeviceSoftwareOTA.apk'"
If you can't get it renamed, try doing the update. Don't think it'll work, but worth a shot. If it doesn't work, you'll need to boot twrp and install 5.1.1 or 5.1.2 from there: http://forum.xda-developers.com/showpost.php?p=62011272&postcount=2
Click to expand...
Click to collapse
Definitely rooted, heck you yourself helped me do it a long time ago, even Root checker says i'm still rooted, I do have JMZ tool, the OTA section is gray though, reboot didn't help, will try the adb command
Edit, upon entering the command CMD appeared to hang/stall/do nothing. Not letting any other commands to be typed afterwards.

Shadowshinra said:
Edit, upon entering the command CMD appeared to hang/stall/do nothing. Not letting any other commands to be typed afterwards.
Click to expand...
Click to collapse
CTRL-C to get out. EDIT @Shadowshinra: Do you get # prompt with "adb shell" "su"?

DoLooper said:
CTRL-C to get out. EDIT @Shadowshinra: Do you get # prompt with "adb shell" "su"?
Click to expand...
Click to collapse
You mean the popup on the kindle? Now you mention it, It hasn't been popping up since I've been attempting this, so somehow I/it semi-unrooted itself despite the rootchecker saying it's fine? Or were the changed we did responsible?
Edit: Oh wait I know what you mean now, the # sign isn't there either, it's a $ so yeah It's unrooted itself somehow or I did something unknowingly, which is odd seeing as the Vire Launcher, root checker and all my apps are still working..
Edit2: Ran supersu, turned it off and on, appears to have fixed it? I was able to rename it aftar that.. it can't have been that simple lol..

Shadowshinra said:
Edit: Oh wait I know what you mean now, the # sign isn't there either, it's a $ so yeah It's unrooted itself somehow or I did something unknowingly, which is odd seeing as the Vire Launcher, root checker and all my apps are still working..
Edit2: Ran supersu, turned it off and on, appears to have fixed it? I was able to rename it aftar that.. it can't have been that simple lol..
Click to expand...
Click to collapse
Yes, there's a twilight-zone state in which root apps partially work but you can't get full superuser access until you update binaries by running superSU app. No idea how you lost su. Anyway, I trust you can update to unrooted stock 5.1.2 now.

DoLooper said:
Yes, there's a twilight-zone state in which root apps partially work but you can't get full superuser access until you update binaries by running superSU app. No idea how you lost su. Anyway, I trust you can update to unrooted stock 5.1.2 now.
Click to expand...
Click to collapse
When I tried to use that update it just says Validating update file, and seemingly loading forever, i'll edit if it ever completes, but if I turn on wifi it will try to download an update from there can that not be used instead or does that cause the bricks I've heard about?

Shadowshinra said:
When I tried to use that update it just says Validating update file, and seemingly loading forever, i'll edit if it ever completes, but if I turn on wifi it will try to download an update from there can that not be used instead or does that cause the bricks I've heard about?
Click to expand...
Click to collapse
The OTA update should be fine. I actually thought the manual method would be faster, but . . .

DoLooper said:
The OTA update should be fine. I actually thought the manual method would be faster, but . . .
Click to expand...
Click to collapse
Ah I see, however another issue has arisen, upon hitting update and it attempting to do so after a reboot, the team win recovery menu shows up instead, If I click reboot from there I'm just taken back to the dashboard on the original rooted firmware, I guess the TWRP is interfering in some manner? Also do I have to reenable the Fire Launcher and uninstall Virelauncher before all of this or will the updating process just do all of that.

Shadowshinra said:
Ah I see, however another issue has arisen, upon hitting update and it attempting to do so after a reboot, the team win recovery menu shows up instead, If I click reboot from there I'm just taken back to the dashboard on the original rooted firmware, I guess the TWRP is interfering in some manner? Also do I have to reenable the Fire Launcher and uninstall Virelauncher before all of this or will the updating process just do all of that.
Click to expand...
Click to collapse
@bibikalka, I totally forgot @Shadowshinra would have TWRP, coming from rooted OS4. Any problem with him following your steps here to restore stock? http://forum.xda-developers.com/fire-hd/general/how-to-restore-stock-fireos-t3164267 Thanks!