Better Mobile App

Can someone get....

I'm in need of the stock kernal image and the clockwork recovery.zip file thingy.
NOT the zip verson of the kernal installer.
My situation, I was stupid and installed the voodoo thing, then for someone reason I tried to flash Froyo over Bionix with the voodoo kernal thing. It didnt work so I decided to deleted everything in clockwork. Then I was like omg I cant use clock work or boot my device (stuck on vibrant screen but I can get to odin and the stock recovery).
Later I read that voodoo stopped odin on the cm forum so I couldnt use it. Thats what some dude named viralblack said and theyre a mod so I'm guessing its true.
So my last 4 ideas are:
1)Try and flash a new Kernal Image in adb and hope it gets odin to work
2)Push the cw recovery to the phone
3)Run to the library and hope my computer is the problem
4)Pretend vb is wrong and keep trying the download screen thing
Sorry if this is in the wrong section but I guessed it could go here because I need some files....

flash Eugene's froyo that does not brick via Odin. he has instructions in his thread.
...and it's kernel NOT kernal people
Sent from my SGH-T959 using XDA App

kernel, sorry I guess?
Anyhow what if my pc doesnt notice the phone when its in download mode

RPGbig said:
kernel, sorry I guess?
Anyhow what if my pc doesnt notice the phone when its in download mode
Click to expand...
Click to collapse
Download the Samsung drivers, download ODIN, and then just follow the directions in the ODIN thread

Wow
You guys have nothing better to do than flame a newb?
If you spent half the time helping instead of flaming there MIGHT just be some people with a bit more knowledge than they had yesterday.
If you cant say something constructive/helpful --Why bother!

fcbarca17 said:
Download the Samsung drivers, download ODIN, and then just follow the directions in the ODIN thread
Click to expand...
Click to collapse
Push doesnt seem to work. Permission denied or something rather.
As I said in my first odin wont work, yes I did those things like 10 or so times.
You cant expect a newborn to know how to wipe themselves.

RPGbig said:
Push doesnt seem to work. Permission denied or something rather.
As I said in my first odin wont work, yes I did those things like 10 or so times.
You cant expect a newborn to know how to wipe themselves.
Click to expand...
Click to collapse
What do you mean "push doesn't work". Are you trying to push a file via adb? If you are getting permission denied errors, that is because you either do not have root access/permissions to write to the location you are trying to push to, or because the location you are trying to push to is mounted as read-only.
If you indeed have the necessary permissions (i.e., root), then `adb remount` will re-mount the device's partitions as read-write. If adb does not allow you remount the partitions in this manner, it is because you do not have the permissions to perform the duty.
If anyone is going to give any further help, though, you need to give us a bit more information. Can you access the device via adb? Can you boot into either download or recovery? (If you have adb access, you can usually boot into either of those with `adb shell reboot download` or `adb shell reboot recovery`.) Have you attempted to flash anything via Odin? What is the exact wording of the error messages you are receiving?
If you don't provide information, you won't receive any help. Vague responses such as "Permission denied or something rather" are useless because something rather can be any number of things. Also, attempting things without reading all of the information available beforehand is another way to ensure that people will be hesitant to give you help; this forum already has threads about where to locate the stock kernel image.
Also, instead of positing what-ifs such as "Anyhow what if my pc doesnt notice the phone when its in download mode", why don't you try putting your device into download mode and attaching it to a Windows computer with the proper drivers installed and Odin running, and then ask what the next step might be after you have attempted to do something?
People get angry about members flaming newbies for posting mistakes and asking for help, but if newbies looked for answers and read all of the information available before doing something they didn't understand (or only partially understood), then this wouldn't be a problem in the first place.

rpcameron said:
What do you mean "push doesn't work". Are you trying to push a file via adb? If you are getting permission denied errors, that is because you either do not have root access/permissions to write to the location you are trying to push to, or because the location you are trying to push to is mounted as read-only.
If you indeed have the necessary permissions (i.e., root), then `adb remount` will re-mount the device's partitions as read-write. If adb does not allow you remount the partitions in this manner, it is because you do not have the permissions to perform the duty.
Click to expand...
Click to collapse
Goalush Clockwork Recovery so I can flash Bionix.
What Happens:
1. Go into recovery
2. Connect to the phone with adb
3. I type 'adb push c:\update.zip /sdcard'
4. It says 'failed to copy `c:\update.zip` to `/sdcard/update.zip` : Permission denied
I type 'adb remount' its says ' remount failed: No such file or directory
rpcameron said:
If anyone is going to give any further help, though, you need to give us a bit more information. Can you access the device via adb? Can you boot into either download or recovery? (If you have adb access, you can usually boot into either of those with `adb shell reboot download` or `adb shell reboot recovery`.) Have you attempted to flash anything via Odin? What is the exact wording of the error messages you are receiving?
Click to expand...
Click to collapse
Yes, I can get into both.
I've download Froyo that doesnt brick. Unziped and got had the drivers from sansumg set up.
I usually type 'adb reboot download' to get into download mode for odin. Then when the phone shows the android guy with the shovel. Then my computer says that an unrecognized usb device has been connect.
This time I type 'adb shell reboot recovery' and its said
'-exce `/system/bin/sh` failed: No such file or directory (2) -'
rpcameron said:
If you don't provide information, you won't receive any help. Vague responses such as "Permission denied or something rather" are useless because something rather can be any number of things. Also, attempting things without reading all of the information available beforehand is another way to ensure that people will be hesitant to give you help; this forum already has threads about where to locate the stock kernel image.
Also, instead of positing what-ifs such as "Anyhow what if my pc doesnt notice the phone when its in download mode", why don't you try putting your device into download mode and attaching it to a Windows computer with the proper drivers installed and Odin running, and then ask what the next step might be after you have attempted to do something?
People get angry about members flaming newbies for posting mistakes and asking for help, but if newbies looked for answers and read all of the information available before doing something they didn't understand (or only partially understood), then this wouldn't be a problem in the first place.
Click to expand...
Click to collapse

RPGbig said:
Goalush Clockwork Recovery so I can flash Bionix.
What Happens:
1. Go into recovery
2. Connect to the phone with adb
3. I type 'adb push c:\update.zip /sdcard'
4. It says 'failed to copy `c:\update.zip` to `/sdcard/update.zip` : Permission denied
Click to expand...
Click to collapse
You have to be rooted.. But why would you even take the hard way to use clockwork? Just download it from the market..?

I have odin with all the files that will get u to stock of ur phone. Also the froyo files does not brick. So now i exactly dont know what u need. go cows

I messed up my phone and its stuck in a bootloop. I want to put that recovery on my phone so I can flash a new rom.

RPGbig said:
I messed up my phone and its stuck in a bootloop. I want to put that recovery on my phone so I can flash a new rom.
Click to expand...
Click to collapse
If your phone is stuck in a bootloop you need to flash your phone with odin

RPGbig said:
Goalush Clockwork Recovery so I can flash Bionix.
What Happens:
1. Go into recovery
2. Connect to the phone with adb
3. I type 'adb push c:\update.zip /sdcard'
4. It says 'failed to copy `c:\update.zip` to `/sdcard/update.zip` : Permission denied
I type 'adb remount' its says ' remount failed: No such file or directory
Click to expand...
Click to collapse
OK, if `adb remount` isn't working properly, then you have to manually instruct the system to remount the system partition as read-write. This is a little different from other Android devices, because Samsung insists on using their screwy RFS. On my device, the system partition resides at /dev/block/st19. If you can get an adb shell session, opened, you can verify it by running `mount`, and seeing which /dev node is assigned to /system. Then, manually remount the system partition with `mount -o remount,rw -t rfs /dev/block/st19 /system`; this must be done as root.
It does seem a bit odd that you are getting a permission denied error on /sdcard. Are you sure that /sdcard is mounted? You can verify the same way you check what /dev node holds you system partition. On my Vibrant, /sdcard is the mount point for /dev/block//vold/179:1 (yes, that is two slashes after block). So, the command to mount the internal SD card is `mount -o remount,rw -t vfat /dev/block//vold/179:1 /sdcard`.
Now those commands should ensure that you have both your system partition and SD card mounted as read-write. Now you can copy over the update.zip that contains ClockworkMod recovery to the root of your SD card (/sdcard) with `adb push drive:\path\to\recovery.zip /sdcard/update.zip`. I recommend specifying a destination filename for update.zip. Also, sometimes an adb push command requires the trailing / of a directory.
RPGbig said:
Yes, I can get into both.
I've download Froyo that doesnt brick. Unziped and got had the drivers from sansumg set up.
I usually type 'adb reboot download' to get into download mode for odin. Then when the phone shows the android guy with the shovel. Then my computer says that an unrecognized usb device has been connect.
This time I type 'adb shell reboot recovery' and its said
'-exce `/system/bin/sh` failed: No such file or directory (2) -'
Click to expand...
Click to collapse
This last statement looks like either your system partition is not mounted, or that it does not have a shell installed. From an adb shell session, check the /system/bin directory and see if there is indeed a shell binary there (either sh itself, or sh linked to another shell such as bash). If there is no /system, then it means that your system partition is not mounted, and you can follow the steps I previously mentioned to mount the system partition.

RPGbig said:
I messed up my phone and its stuck in a bootloop. I want to put that recovery on my phone so I can flash a new rom.
Click to expand...
Click to collapse
Can you boot into recovery using the VOL_DN and POWER method, or does the adb daemon ever come online during the bootloop? If so, then either boot into recovery from a powered-off state, or use the adb shell to boot it into recovery.

http://forum.xda-developers.com/showthread.php?t=810130

rpcameron said:
OK, if `adb remount` isn't working properly, then you have to manually instruct the system to remount the system partition as read-write. This is a little different from other Android devices, because Samsung insists on using their screwy RFS. On my device, the system partition resides at /dev/block/st19. If you can get an adb shell session, opened, you can verify it by running `mount`, and seeing which /dev node is assigned to /system. Then, manually remount the system partition with `mount -o remount,rw -t rfs /dev/block/st19 /system`; this must be done as root.
It does seem a bit odd that you are getting a permission denied error on /sdcard. Are you sure that /sdcard is mounted? You can verify the same way you check what /dev node holds you system partition. On my Vibrant, /sdcard is the mount point for /dev/block//vold/179:1 (yes, that is two slashes after block). So, the command to mount the internal SD card is `mount -o remount,rw -t vfat /dev/block//vold/179:1 /sdcard`.
Now those commands should ensure that you have both your system partition and SD card mounted as read-write. Now you can copy over the update.zip that contains ClockworkMod recovery to the root of your SD card (/sdcard) with `adb push drive:\path\to\recovery.zip /sdcard/update.zip`. I recommend specifying a destination filename for update.zip. Also, sometimes an adb push command requires the trailing / of a directory.
This last statement looks like either your system partition is not mounted, or that it does not have a shell installed. From an adb shell session, check the /system/bin directory and see if there is indeed a shell binary there (either sh itself, or sh linked to another shell such as bash). If there is no /system, then it means that your system partition is not mounted, and you can follow the steps I previously mentioned to mount the system partition.
Click to expand...
Click to collapse
I tried 'adb root' and then it said 'adbd cannot run as root in production builds'
By shell session do you mean 'adb shell'? No, I dont believe that works because I get 'adbd cannot run as root in production builds'
When you mean 'shell installed' you do I have it installed on the phone? If it isnt is there anyway I could do it now?
`adb push drive:\path\to\recovery.zip /sdcard/update.zip` didnt work and gave me 'c:\update.zip' to '/sdcard/update.zip': Permission denied
Can I flash /system via my pc onto my phone? or Use the external sdcard instead of the internal?

Dude, if your phone is stuck in a bootloop, you HAVE TO FLASH IT VIA ODIN. There's no other work-around.

RPGbig said:
I tried 'adb root' and then it said 'adbd cannot run as root in production builds'
By shell session do you mean 'adb shell'? No, I dont believe that works because I get 'adbd cannot run as root in production builds'
When you mean 'shell installed' you do I have it installed on the phone? If it isnt is there anyway I could do it now?
`adb push drive:\path\to\recovery.zip /sdcard/update.zip` didnt work and gave me 'c:\update.zip' to '/sdcard/update.zip': Permission denied
Can I flash /system via my pc onto my phone? or Use the external sdcard instead of the internal?
Click to expand...
Click to collapse
Why did you try `adb root`? I don't quite understand that.
A shell session would be `adb shell`, yes. On your computer's command line, invoke `adb shell`. You are now in a shell session. What does the prompt look like? Is it "#" or "$". If it is a hash, then you have root access via adb. If it is a dollar sign, then you do not have root access; try running `su` from within the shell session. If the prompt does not change to a hash, then you are stuck for the moment, because you do not have root access via adb, and therefore nearly all of the adb commands will not work.
By "shell installed" I was referring to a shell interpreter installed on your handset. bash is the most commonly installed Linux shell, and sh is usually just a pointer to bash. If your handset does not have either /system/bin/sh or /system/bin/bash (or anything similar), then you have an incomplete system, and it got messed up along the way with something you did.
But, since it seems that you cannot gain root access through adb, and therefore cannot (re)mount your partitions, you are basically limited in your options. All you can really do is put your phone in download mode, and use Odin to reflash a complete system (including a kernel image). I would also recommend that you use the repartition option in Odin to make sure that your partitions are reformatted and you are essentially left with a wiped and clean handest to start with.
(Lack of root access via adb has severely limited your options. You are basically left with Odin as your only avenue of recourse, unless you are willing to disassemble your device to get to the internal SD card.)

Have you opened yours? Is it an actual (micro) sdcard that can be taken out like the external one?
I typed 'adb root because typing 'adb' showed this
adb root - restarts the adbd daemon with root permissions
so I guess that was what you ment by root.
When I type 'adb shell' all it gave was - exec '/system/bin/sh' failed: No such file or directory (2) -

You need to stop trying to do it the hard way and just use Odin. If your phone is not being recognized then you need the correct drivers. Once installed, you should be back up and running within 5 minutes. Stop lollygagging and fix your phone already.

when a cooked rom??

When will it arrive?for 101 i mean

It won't happen until we get permanant root. No telling when that will happen.

a better question is, when will root be available, doesn't seem we have people with the right skills interested on the 101

Does the rageagainstthemachine root patch not work? Are you able to get to the /data/local directory and place something there that will allow for a flash_image command to be run? Do we know if they have the same type of hardware-level protection like HTC does?
EDIT: Can someone do the following:
1. download the rage zip enclosed, and unzip to it's own directory
2. run the following from your command prompt, assuming you have the Android SDK installed and in the path
adb push root/rageagainstthecage /data/local/tmp
adb shell
chmod 0755 /data/local/tmp/rageagainstthecage
./data/local/tmp/rageagainstthecage
Click to expand...
Click to collapse
It should kick you out and display some messages on the screen...just not errors. Then type:
adb shell
Click to expand...
Click to collapse
You Should see a "#".
If so, then we have temp root and then we should be able to perform some other functions like flash a recovery, etc....
Sent with my fingertips and voice on my Evo

jerdog said:
Does the rageagainstthemachine root patch not work? Are you able to get to the /data/local directory and place something there that will allow for a flash_image command to be run? Do we know if they have the same type of hardware-level protection like HTC does?
EDIT: Can someone do the following:
1. download the rage zip enclosed, and unzip to it's own directory
2. run the following from your command prompt, assuming you have the Android SDK installed and in the path
It should kick you out and display some messages on the screen...just not errors. Then type:
You Should see a "#".
If so, then we have temp root and then we should be able to perform some other functions like flash a recovery, etc....
Sent with my fingertips and voice on my Evo
Click to expand...
Click to collapse
It does not work as of the latest Archos firmware. All the previous firmwares/z4root work fine for temp root. The ADB device part of the Archos just never comes back (doesn't show in device manager for instance). I do not know if this helps, but Archos also has a crippled busybox and it seems furthered crippled as of the last firmware upgrade.

Tsusai said:
It does not work as of the latest Archos firmware. All the previous firmwares/z4root work fine for temp root. The ADB device part of the Archos just never comes back (doesn't show in device manager for instance). I do not know if this helps, but Archos also has a crippled busybox and it seems furthered crippled as of the last firmware upgrade.
Click to expand...
Click to collapse
Maybe have something to do with newer ARM architecture?
Sent with my fingertips and voice on my Evo

Why do you need permanent root?
Archos kindly released SDE which provides a way to install your own builds in dual boot.
Some links for more info:
http://forum.xda-developers.com/showthread.php?t=871335
http://www.openaos.org/
IRC #openaos on freenode
Maurice

The SDE require booting in recovery mode, and people said that it's often not perfect.
A permanent root for main OS would still be very useful, and still allow us to dual boot when we need to..

I think so too. PermaRoot would be very usefull.

No 'su' binary on rooted tablet

Hello:
I'm a buyer of an Iview 760TPC (chinese 1.3Mpx camera version).
The reason I'm writing is because its some days reading and trying things to get everything unlocked, and seems that is really impossible to flash a new firmware or to get root. I'm getting really mad.
- I have managed to get adb recognize the tablet on linux and on windows. Despite of that, I get "adbd cannot run on production builds".
- If I do an 'adb shell', I get a prompt (with no superuser privileges). If I try to 'su', I get a "Passwd:" prompt , so I cannot get a superuser prompt to remount the filesystems, neither push any file to /system.
Browsing, I see there's no 'su' on /system/bin but there's on /system/xbin. Is a read-only filesystem and I cannot push anything.
- I installed root explorer but cannot mount R/W the filesystems.
- Installed Busybox installer. Says that the tablet is rooted, but when I try to install busybox, says that I have not permissions. Same if I try one of the upgrade menus of superuser. There are not privileges.
- I tried many times, to flash a firmware with the livesuit method, but the tablet is not being recognized. When I do the combination to enter the flashing mode, it boots a like a recovery with 4 options:
1) erase user data partition
2) enter adfu
3) upgrade firmware from sdcard
4) exit menu
I'm interested in the 3er option, but I can't find any information of the process itself (where to put the firmware, if its the same img as with the livesuit method, and what name needs to have the file)
There's also an ADFU mode, that I don't understand, but windows recognizes a new device when I enter there (but there's no driver or information I can found). The screen gets like a bit of white color, and the only way to exit from there is to press home+power buttons without the usb cable.
I've tried superoneclick but it doesn't work because there's not 'su' binary. Same happens with the installers of the CWM, not working because there's no 'su' (so I could flash a file with any kind of name)
Any help would be aprecciated. Sorry for my engrish and for asking so much, but I don't know how to proceed ;-)
Thanks

What version of Android is the device running? You could try manually pushing an exploit binary (e.g. zergrush) onto the device and executing to get temp root, at which point you should be able to mount /system as R/W and then push the su binary to /system/bin
The exploit binary to use would depend on the version of Android though. zergrush is for 2.3 I think (maybe 2.3.something). For early versions of ICS (4.0), there is mempodroid (might have spelt that wrong).
EDIT: Also, everything you can do over ADB, you could do by installing SSHDroid on the device and connecting via SSH from a computer.

Thanks a lot for your answer SifJar:
The tablet comes with ICS 4.0.3 and 3.0.8 kernel.
Superoneclick has the psneuter and zergRush exploits(neither of those seem to work for me).
Found this thread:
http://forum.xda-developers.com/showthread.php?t=1461736
Edit: It does not work for me:
./adb shell
[email protected]:/ $ chmod 777 /data/local/mempodroid
[email protected]:/ $ /data/local/mempodroid 0xd9ec 0xaf47 sh
/system/bin/sh: /data/local/mempodroid: not executable: magic 7F45
Thanks

Installed SSHDroid from the Play Store, but does not work either.
I get:
Can't generate RSA keys: sh <stdin>[1]: /data/data/berserker.android.apps.sshdroid/dropbear/dropbearkey: not executable: magic 7F45
Don't really know what else can I do.
Thanks

mempodroid requires a different offset for each device. "0xd9ec 0xaf47 sh" is for the Eee Pad Transformer Prime. You need to get the right offset for your device. You can try this to do that: http://forum.xda-developers.com/showthread.php?t=1612591
EDIT: But it looks like your device may not be able to run standard Android binaries, which would be quite an inconvenience for trying to root it.

SifJar said:
mempodroid requires a different offset for each device. "0xd9ec 0xaf47 sh" is for the Eee Pad Transformer Prime. You need to get the right offset for your device. You can try this to do that: http://forum.xda-developers.com/showthread.php?t=1612591
EDIT: But it looks like your device may not be able to run standard Android binaries, which would be quite an inconvenience for trying to root it.
Click to expand...
Click to collapse
I think I should reflash a new firmware from that recovery that has from factory, but there's no way I can do it. I mean, it is supposed to have an special mode that you enter with a button combination and to flash then with livesuit, but in this chinese clone, does not seem to work that combination of buttons.
From the recovery, ADFU seems to mean Actions Device Firmware Update. There's some information here http://wiki.s1mp3.org/USB_modes
- If I put the device in ADFU mode, windows ask for an USB driver (that I don't have or does not exist either)
- Another thing. There's a flashing from sdcard, that seems to support, but there's no information or manual of where is supposed to put the firmware, the name of the file or if it needs to be zipped (and what file/s inside and names),...
Thanks

It's possible the flashing from sd card supports standard update .ZIPs. You could try this one, it's a ZIP that should work for rooting most Android devices I believe. Superuser.zip
(This is from a topic on the HTC Explorer phone, but there is nothing specific to that phone in the ZIP as far as I know)
EDIT: This ZIP doesn't overwrite the firmware or anything, all it does is add su, busybox and Superuser to the existing /system partition.
EDIT: If selecting the "Update firmware from SD card" option doesn't give the option to browse for a ZIP, rename it to "update.zip" and place it in the root of the card and try again.

SifJar said:
It's possible the flashing from sd card supports standard update .ZIPs. You could try this one, it's a ZIP that should work for rooting most Android devices I believe. Superuser.zip
(This is from a topic on the HTC Explorer phone, but there is nothing specific to that phone in the ZIP as far as I know)
EDIT: This ZIP doesn't overwrite the firmware or anything, all it does is add su, busybox and Superuser to the existing /system partition.
EDIT: If selecting the "Update firmware from SD card" option doesn't give the option to browse for a ZIP, rename it to "update.zip" and place it in the root of the card and try again.
Click to expand...
Click to collapse
Thanks a lot. Does not have a browsing option so I need to know the needed name. Does not seem to work with the update.zip method

Does it try to install update.zip and give an error or does it say there is no update on the SD card?
Also, can you try and extract the su binary you said is in /system/xbin and post it here? There's something I would like to check.
EDIT: From adb shell, type the following, without quotes, "cat /proc/cpuinfo" and post the output here please
EDIT: Another silly suggestion - you could try guessing the password su asks you for. Maybe it's something obvious like "root" or "admin".

SifJar said:
Does it try to install update.zip and give an error or does it say there is no update on the SD card?
Also, can you try and extract the su binary you said is in /system/xbin and post it here? There's something I would like to check.
EDIT: From adb shell, type the following, without quotes, "cat /proc/cpuinfo" and post the output here please
Click to expand...
Click to collapse
Seems that it does not even try to update, no error message, nothing. I tried putting the update.zip in both /sdcard (internal sdcard) and /sd-ext (microsd)
Code:
[email protected]:/ $ cat /proc/cpuinfo
system type : actions-atv5201
processor : 0
cpu model : MIPS 74Kc V5.0 FPU V0.0
BogoMIPS : 719.25
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0000, 0x0000, 0x0460, 0x0868]
ASEs implemented : mips16 dsp
shadow register sets : 1
core : 0
VCED exceptions : not available
VCEI exceptions : not available
I have attached the 'su' binary from /system/xbin
Also:
Code:
$file su
su: ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked (uses shared libs), with unknown capability 0xf41 = 0x756e6700, with unknown capability 0x70100 = 0x1040000, stripped
But the table description of the manufacturer, says that has an Allwinner A10 (Cortex A8). Does not seem to be true, right?
Thanks

Looks like a MIPS processor then, not an ARM as most android devices have. That explains why exploit don't run and SSH didn't work, both use code compiled for ARM processors. It also means a standard su binary won't work on that device. You'll need one compiled for MIPS.
Does the update from sd card give any sort of error?

No. It does not say anything. I'll try to find the right update.zip for the MIPS architecture. Perhaps it could work.
Edit: Found this https://rapidshare.com/files/2288417520/Superuser-3.0.7-mips32r2-ics_signed.zip , but does not seem that I can flash it from the recovery with the update.zip method
Thanks a lot Sifjar

I'm afraid I'm now out of suggestions. The last piece of advice I can give is try and find an official update for the tablet from the manufacturer and investigate the format of that update, to try and identify how an update should be formatted/named for your device.

Thank you SifJar. You helped me a lot to find what happens with this tablet ;-)
I've read from more people, buying Allwiner A10 tablets on efox, and receiving different ones (lower specs and usually MIPS based). I'd not recommend to buy to this seller because it does not even answer your questions or does give you support.
I'm pretty sure, that could be one of the clones of the Ainol Novo7 Paladin/Basic. I'll try to find it

dreamer_ said:
Thank you SifJar. You helped me a lot to find what happens with this tablet ;-)
I've read from more people, buying Allwiner A10 tablets on efox, and receiving different ones (lower specs and usually MIPS based). I'd not recommend to buy to this seller because it does not even answer your questions or does give you support.
I'm pretty sure, that could be one of the clones of the Ainol Novo7 Paladin/Basic. I'll try to find it
Click to expand...
Click to collapse
Well I believe from a bit of reading about the Ainol tablet you should be able to type "adb remount" and then "adb root" to get root access from adb on that tablet. Then you can push a MIPS su binary to the device and be done with it. But it depends how close a clone it is whether the same will be true for your tablet I guess.
EDIT: Have you found any way to access a fastboot mode? (Possibly the command "adb reboot bootloader" would work) If the bootloader isn't locked, you may be able to extract the system.img, root the img and then flash it back with fastboot. Although that is something I have only heard about, I have no experience in how one would go about rooting the system.img. (Extracting it from the phone and flashing back isn't overly hard).

I have tried both things with no success. The remount, fails and I don't have root access then (and R/O Filesystems)
adb reboot bootloader, just reboots the device
I have found a post from a guy http://tabletrepublic.com/forum/other-tablets/actions-cpu-android-tablet-actions-atm7013-1-3ghz-cpu-2087.html#post20776, that seems to have my same tablet (or both tablets seem to be the same MIPS based).
I still think that could be a novo 7 basic/paladin clone and it does have the same recovery and the DFU mode. I'm downloading the tools and FW from the paladin, but seems to be impossible to find anything more about my tablet.
Thanks

dreamer_ said:
I have tried both things with no success. The remount, fails and I don't have root access then (and R/O Filesystems)
adb reboot bootloader, just reboots the device
I have found a post from a guy http://tabletrepublic.com/forum/oth...ctions-atm7013-1-3ghz-cpu-2087.html#post20776, that seems to have my same tablet (or both tablets seem to be the same MIPS based).
I still think that could be a novo 7 basic/paladin clone and it does have the same recovery and the DFU mode. I'm downloading the tools and FW from the paladin, but seems to be impossible to find anything more about my tablet.
Thanks
Click to expand...
Click to collapse
This is one of the big issues with China based devices. Not only is it have really limited development they tend to use none standard hardware so none of the current things work on it. Then toss in the fact that the hardware is not always what it is said to be.
Sent from my SGH-I897 using Tapatalk 2

The USB drivers for the novo paladin, didn't work for me....If I only could flash a CWM recovery for my tablet, perhaps I could then flash the superuser.zip with the 'su' binary that SifJar said.
zelendel said:
This is one of the big issues with China based devices. Not only is it have really limited development they tend to use none standard hardware so none of the current things work on it. Then toss in the fact that the hardware is not always what it is said to be.
Click to expand...
Click to collapse
Yes...my problem has been mainly that in the efox website, they are basically lying you in the product description, and selling a thing that is not true.
Casually, there's also an IVIEW tablet on the market, exactly like mine, made only for the chinese market (without the IVIEW letters and 1.3mpx camera)...and that was what I thought I bought, a chinese IVEW (and my mistake)
You really need to see the cpuinfo to see that, and not everybody will do it....
Thanks

If you download this: usbview.zip
You can use it to find the vendor ID (app shows it as IdVendor) for your device (put it in the DFU mode thing first), and then you could try using fastboot and specifying the vendor ID with -i argument, it might work without drivers then (not sure if this is right, but I think something similar was done with the Kindle Fire)
just try something like
Code:
fastboot -i 0xFFFF devices
replacing 0xFFFF with the vendor ID from that app, to see if it detects it at all

Thanks. Does not seem to return anything (a return). It works with '-i device' at the end of the line.
Code:
fastboot.exe devices -i 0x10D6
ADB does give me this:
Code:
c:\sonec>ADB\adb.exe devices
List of devices attached
Actions Semi. 23711DF4 device

Working Unbrick Solutions

** THIS WORKED FOR ME, BUT MAY NOT FOR YOU. I'M POSTING THIS FOR INFORMATION **
From reading through logs of my boot looping HDX 7", i have found this method is working to re-flash an update file onto a kindle. needs ADB and ROOT access.
Use your current version or higher update file. This was on STOCK recovery, going from 13.4.5.2 to 13.4.5.3
1. Download update file
2. ADB PUSH <yourupdate>.bin /data/local/tmp/
3. ADB SHELL
3. su
4. echo '--update_package=/data/local/tmp/<yourupdate>.bin' >> /cache/recovery/command
5. reboot recovery
Once recovery starts, it will look at /cache/recovery/command for any tasks, and see that it needs to install the update package.
Thanks

osmorgan said:
** THIS WORKED FOR ME, BUT MAY NOT FOR YOU. I'M POSTING THIS FOR INFORMATION **
From reading through logs of my boot looping HDX 7", i have found this method is working to re-flash an update file onto a kindle. needs working ADB, and possibly root access.
(not sure if latest update is required, this method ?could? be used for downgrade)
1. Download update file
2. ADB PUSH <yourupdate>.bin /data/local/tmp/
3. ADB SHELL
3. su
4. echo '--update_package=/data/local/tmp/<yourupdate>.bin' >> /cache/recovery/command
5. reboot recovery
Once recovery starts, it will look at /cache/recovery/command for any tasks, and see that it needs to install the update package.
Thanks
Click to expand...
Click to collapse
Thanks for the guide, but you should also add from which FW to which FW your recovery was successful (i.e. from 13.4.5.2 to 13.4.5.2). In general is not recommended downgrade from FW 1x.3.2.8 to lower FW because Amazon activated efuse, which is blowed in case of downgrade, and result is HW brick...

jeryll said:
Thanks for the guide, but you should also add from which FW to which FW your recovery was successful (i.e. from 13.4.5.2 to 13.4.5.2). In general is not recommended downgrade from FW 1x.3.2.8 to lower FW because Amazon activated efuse, which is blowed in case of downgrade, and result is HW brick...
Click to expand...
Click to collapse
have edited original post.

root access is necessary to write into /cache
you cannot downgrade (except 3.2.8) and flash same version
you can flash 4.5.3 or 3.2.8
and of course this works until you have adb
with adb access and root always could restore device

Thank you for this!
Unbricked my kindle successfully by rolling back to 3.2.8

Glad I could help

Bricked HDX 8.9 (3rd) [4.5.2], but ADB is available
I bricked my HDX 8.9 (3rd).
It has ROM version: 4.5.2.
Here's exactly that I have done.
I have rooted it with the cve20147911.apk,
Installed RootExplorer
disabled OTA and tried to install gapps with this tutorial
But the gapps package is too big, so I installed Titanium backup to convert some amazon apps (goodread, special offers, market, firefly, and some others) from system apps to user apps to free up some space on the system drive. I also freezed them, as I don't need them at all.
I managed to get about 80 MB free space on the system drive, then created a folder called "x" in the root, then copied the "system" folder to this "x" from the gapps package.
Selected the "system" folder in my "x" temporary folder, then selected Permission option, then set permissions to 644 RECURSIVELY to the "system" folder.
Then selected "system" folder in my "x" folder, then selected "cut" from the options, then pasted the clipboard content to "/" then the folder structure would match, so the system can copy all the files to the right place in a single step.
Root explorer asked about the existing folders, I selected "merge". There were no question about files, so all of them were new, which means I did not overwrite anything.
After finishing this copy, the screen started to blink very quickly in black and grey, then I turned off the tablet.
I tried to turn it on.
It stuck on the gray "Kindle Fire" screen, and couldn't get to the golden "Fire" loading screen.
After about a minute, it restarted itself to Recovery mode.
Tried to restart, but it stuck again the grey kindle fire screen, and restarted itself to recovery.
I made a (now I know) wrong decision at this point.
Restored to Factory defaults. Did not help.
In Windows 7 32bit, it appears as "Android Composite ADB Interface", but I can not see it in adb devices from now.
Rebooted to Linux mint 17.1 (Ubuntu 14.10).
It appears in lsusb for some seconds as:
Code:
Bus 001 Device 003: ID 1949:000d Lab126, Inc.
So I installed ADB and set the /etc/udev/rules.d/51-android.rules file with the following lines:
Code:
# Amazon Kindle Fire HDX 8.9
SUBSYSTEM=="usb", ATTR{idVendor}=="1949", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTR{idVendor}=="1949", ATTR{idProduct}=="0006", MODE="0600", OWNER="<username>"
SUBSYSTEM=="usb", ATTR{idVendor}=="1949", ATTR{idProduct}=="0005", MODE="0600", OWNER="<username>"
SUBSYSTEM=="usb", ATTR{idVendor}=="1949", ATTR{idProduct}=="000d", MODE="0600", OWNER="<username>"
SUBSYSTEM=="usb",ATTR{idVendor}=="1949",ATTR{idProduct}=="000d",SYMLINK+="android_adb"
SUBSYSTEM=="usb",ATTR{idVendor}=="1949",ATTR{idProduct}=="000d",SYMLINK+="android_fastboot"
SUBSYSTEM=="usb", SYSFS{idVendor}=="1949", MODE="0666"
I know not all of them necessary...
Then ran:
Code:
sudo service udev restart
Now I can see it properly in adb devices.
Code:
List of devices attached
B057070xxxxx device
At this point I thought everything's fine despite the factory reset I still has access ADB.
The truth is that I can pull files (and probably push too) from my device (tried/system/ build.prop) to my computer.
But when I try "adb shell", it throw this error:
Code:
WARNING: linker: could not load library "/vendor/lib/libNimsWrap.so" from LD_PRELOAD for "/system/bin/sh"; caused by could not load library "libc.so" needed by "libNimsWrap.so"; caused by library "libc.so" not found
CANNOT LINK EXECUTABLE: could not load library "libc.so" needed by "/system/bin/sh"; caused by library "libc.so" not found
(adb logcat give the same error)
At the moment I can not push anything to the "/system" because that is mounted Read Only, but I might be able to push to some RW folders, but have no idea how to move it without shell.
I managed to pull some files from the "/system" so it is readable (at least for some seconds).
Additional info:
There's a "No command." message in the middle of the screen in Recovery Mode
Please, if you have any ideas that we can do with my half-bricked HDX 8.9 (3rd), please share them. I would be very thankful.
Thank you.

The fact that you are in linux might help, but when you reset to factory defaults, you removed root access and your ability to fix the problem. Try to install cve and run it from adb. I do not think it will work, but you could try.
Sent from my KFTHWI using Tapatalk

Broken sh
The cve is only a su hack.
My shell is broken. I will be unable to run su from shell.

Thank you so much for this. After trying literally everything else, this is the only thing that worked, and worked the first time.

Command prompt stuck
I have a Kindle Fire HDX 7 inch soft bricked at the white and gold screen where the animation moves across. I can get to the very end of step 4. After entering that in the command prompt it shows > and will not let me enter any other command to reboot recovery. Anything that is typed just kicks the prompt back to > do you guys have any ideas on how to get to step 5. Anything would help. Thanks.

Just a thought, you could try adding the argument -v to step 4 and see why it is stalling. Also, do you know what you did to get to the softbrick, and what version os/recovery you have?

Command prompt stuck
lekofraggle said:
Just a thought, you could try adding the argument -v to step 4 and see why it is stalling. Also, do you know what you did to get to the softbrick, and what version os/recovery you have?
Click to expand...
Click to collapse
I believe I know what soft bricked it. I downgraded to 3.2.8 and added safe strap and made a backup in case of a mistake. When everything was fine I moved to 4.5.2. I installed google play and got the white screen error. I removed the google play apks. While doing that I deleted the twrp folder with the backup since I moved from 4.5.2 I figured it wouldn't matter, but it seems like I was wrong. I have adb access and root still I'm on 4.5.2 and I have the kindle recovery, or atleast that's what comes up when I use the adb reboot recovery. I think I can still save it if I can get to step 5.

I agree, but unfortunately, I think that no you need to wait for someone with more expertise than me to help I do not know why it won't copy the files. Sorry.

Command prompt stuck
Here is a screen shot
Thanks for the help.

Robo101007 said:
Here is a screen shot
Thanks for the help.
Click to expand...
Click to collapse
Disclaimer: I didn't try these commands, I only look on your posted pictures and compare them with OP...
Your commandline for part 4 is wrong, it should look like this (focus on parts in bold, in part two you are copying myupdate.bin to kindle, so in part 4 you already have file in kindle, no need to add path to myupdate.bin on your PC to the path described in part 4, also there is missing >> in your pictures)
example
2. ADB PUSH myupdate.bin /data/local/tmp/
3. ADB SHELL
3. su
4. echo '--update_package=/data/local/tmp/myupdate.bin' >> /cache/recovery/command
5. reboot recovery
Hopefully if you type it correctly, it will work and you save your kidle, good luck...

jeryll said:
Disclaimer: I didn't try these commands, I only look on your posted pictures and compare them with OP...
Your commandline for part 4 is wrong, it should look like this (focus on parts in bold, in part two you are copying myupdate.bin to kindle, so in part 4 you already have file in kindle, no need to add path to myupdate.bin on your PC to the path described in part 4, also there is missing >> in your pictures)
example
2. ADB PUSH myupdate.bin /data/local/tmp/
3. ADB SHELL
3. su
4. echo '--update_package=/data/local/tmp/myupdate.bin' >> /cache/recovery/command
5. reboot recovery
Hopefully if you type it correctly, it will work and you save your kidle, good luck...
Click to expand...
Click to collapse
Jeryll thank you so much. I really appreciate it. That did install the update and that makes sense as to why I was having issues. Thanks for the response.

osmorgan said:
** THIS WORKED FOR ME, BUT MAY NOT FOR YOU. I'M POSTING THIS FOR INFORMATION **
From reading through logs of my boot looping HDX 7", i have found this method is working to re-flash an update file onto a kindle. needs ADB and ROOT access.
Use your current version or higher update file. This was on STOCK recovery, going from 13.4.5.2 to 13.4.5.3
Click to expand...
Click to collapse
Help my kf hdx7, it's bootloop and only system recovery, I can enter stock recovery but phone don't connect with pc, how to connect it and run adb?

[ROOT] How to Root the ZTE ZMAX [KK][ALL VARIANTS]

Yep, you read that right and I'm not trolling. THE ZMAX IS ROOTED!!
Discaimer and N00Bproof warning:
We have root, yes, but that doesn't mean get hasty. At the moment, there are partition images (system, boot and recovery) in my and other users' possession (free of access to all), but we don't have a working recovery at the moment and this process involves deleting the stock recovery (it will make sense later). So, if you screw up and get root-happy, there's no way to recover until we get a recovery and a custom rom, and even then you might be screwed because we don't have access to the bootloader to use fastboot. Things may change, but root-use with caution.​
Also, once you root, DO NOT TAKE ETAs from T-Mo and ZTE!!!!!!! Now that we have root, we can capture the OTA and make it root-friendly. To make a long story short, the updater-script (thing that tells your recovery where and how to flash stuff) has a list of stuff it has to... well... flash. If you, for example, delete the stock ZTE Music app, and the ETA replaces the app with a new version, it's going to stop (because the script requires a REPLACEMENT and not a PLACEMENT, computers don't have the best common sense), then it will interrupt and you will likely be bricked. This shouldn't be a problem because you don't have a recovery to begin with, but I'm not taking chances here.
NOW! Let's Root. This is a long process, so don't expect to do anything for a good 10-20 minutes.
FIRST: KINGROOT​
This is one of those things where your mileage may very, there have been many different ways to get KingRoot (not King"O"Root, two different apps) to work, but this one was the one that worked for me. I'll also place alternate KingRoot methods in the second post if you wanna try those. Just for the sake of knowledge, this was run on a T-Mobile ZTE ZMAX, Android 4.4.2, build 22. I don't know if it makes a difference that I factor reset my phone before doing another round of root attempts (not this one specifically, maybe a couple hours worth of attempts).
Credits to @fire3element for this method.
1) Download KingRoot APK from here (the first one with the image of the phone if you are on the desktop site).
2) Install KingRoot and run it. It will restart the phone, and it will fail (or, if you have some Android God luck, it may succeed), this is supposed to happen.
3) Clear KingRoots cache and data (in that order) and power off the phone (not reboot). Then, power it back on again.
4) Now this is where things get... well complicated for this part. You are going to need to load your RAM with a bunch of processor heavy stuff. The person that made this method used CounterSpy and Final Fantasy Type-0 in the PPSSPP v1.0.1-411 emulator, but for those of you that don't have access to that, get creative and load up. Here is what I had running (all at the same time, mind you).
Note: Force Stop Task Manager in the app settings first or it will purge to free memory automatically and this won't work.
1. Next Launcher Lite
2. Apex Launcher
3. Nova Launcher
4. Cheetah Launcher
5. CM Launcher
6. Mi Launcher
7. 25 tabs on Google Chrome (No joke)
8. Both Temple Runs
9. Fruit Ninja
10. Google Play Store
11. Google Now
12. Google Play
13. Amazon
14. Google Play Music
Mine was definitely a bit extreme but I knew all of this stuff would guarantee a good memory hogging.
5) Run all of your apps at the same time. The TL;DR for this is that apparently it's some exploit that the app uses as a buffer overflow. Now, go to settings and Force Stop KingRoot. Then Run it again. If it works, you should go from 0 to 100 real quick (no pun intended). It shouldn't progess slowly or reboot the phone to do this, but your journey does not stop here.
Click to expand...
Click to collapse
If you did it correctly, the screen from a successful root will have a green checkmark. Run RootChecker to verify root status.
SECOND: PERMA-ROOT​
Now you need to permanently root the phone. This method was all @jcase, and simplified by another user. I encourage you to read JCase's original G+ post to learn something, as this guy is the master of exploits, and we are on XDA to learn.
Credits to @xtremeasure for the simplification of JCase's process.
1) Plug phone into computer...
2) Open cmd type "adb shell" (without quotes, moving forward, type all commands without quotes). This will open a terminal for the phone.
3) While in ADB Shell, type "su" to gain root shell privileges
4) Type "getprop ro.build.fingerprint"
Output for that command should be...
zte/P892T57/draconis:4.4.2/KVT49L/20140804.141306.18686:user/release-keys (the part with P892T57 may be different depending on what model ZMAX You have). If you haven't updated that number will be different, this ok, just replace the number in the next command with whatever your output is.
5) type "setprop persist.sys.k P892T57"
6) type "getprop persist.sys.k" and your output should be your build number
7) type "cd /dev/block/platform/msm_sdcc.1/by-name/" to change directories so that we can back up your recovery image (remember I said something about that?) and set the boot to our recovery partition.
8) type "dd if=recovery of=/sdcard/recovery.img" to backup the recovery image.
9) type "dd if=boot of=recovery" to set recovery as boot. Another TL;DR is that this disables the write protection set by the stock recovery, allowing you to write to the system. It will mount the /system partition upon boot.
DELETE KINGUSER NOW
10) type "reboot recovery" and restart your phone. YOU MUST RESTART WITH THIS COMMAND!!!!! It will boot straight into Android, this is good, that means you haven't screwed up anything.
11) Reopene the adb shell (using "adb shell") in your command prompt or terminal (for OSX and Linux) and type "Id". If your output is "uid=0(root) gid=0(root) context=u:r:shell:s0" then It worked...
12) Remount system as writable "mount -o rw,remount /system"
13) Manual install for supersu you can get that here: http://download.chainfire.eu/supersu
14) Type "exit" into the terminal/command and it should drop you back to your normal cmd...unzip the su zip anywhere you want in your cmd switch to that directory...
14B) I advise taking the "su" binary and "install-recovery.sh" file from the superSU folder you downloaded and putting them in the same place (on the desktop or wherever your adb.exe is if you didn't set $PATH on your computer). su can be found in the "arm" folder and install-recovery.sh can be found in the "common" folder. It is important to note that where ever your files are, you will have to type that path (if it isn't in the same directory as your adb). So, as an example, I put mine on the desktop, so I have to type "adb push ~/Desktop/su /data/local/tmp/su". If you do not know how to do that, then stop what you are doing and research it, as that's just too much to explain.
15) "adb push su /data/local/tmp/su"
16) "adb push install-recovery.sh /data/local/tmp"
17) Reenter adb shell with "adb shell"
18) Make sure system is mounted writable with "mount -o remount,rw /system"
19) Move the so files into place with these commands
"cat /data/local/tmp/su > /system/xbin/su"
"cat /data/local/tmp/su > /system/xbin/daemonsu"
"cat /data/local/tmp/install-recovery.sh > /system/etc/install-recovery.sh"
20) Give them all permissions
"chmod 755 /system/xbin/su"
"chmod 755 /system/xbin/daemonsu"
"chmod 755 /system/etc/install-recovery.sh"
21) Reboot your phone to complete install with "reboot"
22) After rebooting go into the play store and install the supersu app. It's going to tell you the su binary is out of date to fix that we need to open the adb shell on our pc again with "adb shell"
23) Reboot into recovery (you're really rebooting the system with r/w privileges) using "reboot recovery"
24) Once rebooted open the app and update your binaries one finished reboot add your done 100% perm rooted
Click to expand...
Click to collapse
Now, you are rooted! If you did everything right, you should be good. Now people are going to ask, "Is there a script for this?" The short answer is No, don't hold your breath for something immediate. There was a user that said he would be happy to make one for the second half, but the writing, testing and verification of success alone on that will take some time, as the wrong line of code can make you end up with a good old fashioned paperweight. I can verify Xposed works fine, Viper4Android works fine, and if you try to delete system apps, they will just reinstall themselves (I recommend using "System App Remover (ROOT)" on the play store, as it will actually tell you which apps are and aren't safe to install. If you have any questions, after searching of course, feel free to ask. If I can't answer, some freaking body can lol.
CREDITS:
@tech_yeet for showing us the KingRoot
@jcase for his amazing work
@xtremeasure for his method
@fire3element for his method
@the zMAX Community for staying dedicated when the going got tough, it's been a long road. Here's to custom roms and a TWRP recovery!
Please share this with others, as there is a big community of people begging for this info, let's share the love . If I forgot to credit you, let me know and I'll fix that!
ADDITIONAL INFORMATION
If you by some chance flash the TWRP Recovery Image (found in post 2), and would like to revert back to root ability (being able to write to system). Please follow the steps below:
1. cd /dev/block/platform/msm_sdcc.1/by-name
2. su
3. dd if=/sdcard/recovery.img of=recovery
4. reboot recovery
Please make sure you have the recovery in your sdcard root folder.

Alternate Root Methods and ZTE Custom ROMs/Kernels/etc
If the above first part doesn't work for you, you can find alternative root methods
Alternate Method 1 HERE
Alternate Method 2 HERE
As I see more added, I'll add them here.
CUSTOM STUFF​
TWRP Image for ZTE ZMAX

Q&A/Other [UDPATED MAY 13, 2015 @ 5:45PM]
If A question is asked and you feel like it needs to be here, please tag or DM me with the Q AND THE A so that I can do so.
OTHER:
Original Discussion Thread for the ZTE ZMAX
Please see fire3element's post on what each screen in the KingRoot app means
WHAT THE SCREENS MEAN IN THE APP

That's a whole lot to swallow but I'm glad to see y'all can finally get rooted. Definitely not a method for noobs or the faint of heart but its a HUUUGE step in the right direction. Thanks to everyone responsible for this.

Hroark13 has TWRP - http://androidforums.com/threads/zte-zmax-twrp.918537/

mingolianbeef said:
Yep, you read that right and I'm not trolling. THE ZMAX IS ROOTED!!
Discaimer and N00Bproof warning:
We have root, yes, but that doesn't mean get hasty. At the moment, there are partition images (system, boot and recovery) in my and other users' possession (free of access to all), but we don't have a working recovery at the moment and this process involves deleting the stock recovery (it will make sense later). So, if you screw up and get root-happy, there's no way to recover until we get a recovery and a custom rom, and even then you might be screwed because we don't have access to the bootloader to use fastboot. Things may change, but root-use with caution.​
Also, once you root, DO NOT TAKE ETAs from T-Mo and ZTE!!!!!!! Now that we have root, we can capture the OTA and make it root-friendly. To make a long story short, the updater-script (thing that tells your recovery where and how to flash stuff) has a list of stuff it has to... well... flash. If you, for example, delete the stock ZTE Music app, and the ETA replaces the app with a new version, it's going to stop (because the script requires a REPLACEMENT and not a PLACEMENT, computers don't have the best common sense), then it will interrupt and you will likely be bricked. This shouldn't be a problem because you don't have a recovery to begin with, but I'm not taking chances here.
NOW! Let's Root. This is a long process, so don't expect to do anything for a good 10-20 minutes.
FIRST: KINGROOT​
This is one of those things where your mileage may very, there have been many different ways to get KingRoot (not King"O"Root, two different apps) to work, but this one was the one that worked for me. I'll also place alternate KingRoot methods in the second post if you wanna try those. Just for the sake of knowledge, this was run on a T-Mobile ZTE ZMAX, Android 4.4.2, build 22. I don't know if it makes a difference that I factor reset my phone before doing another round of root attempts (not this one specifically, maybe a couple hours worth of attempts).
Credits to @fire3element for this method.
If you did it correctly, the screen from a successful root will have a blue envelope with a checkmark. Run RootChecker to verify root status.
SECOND: PERMA-ROOT​
Now you need to permanently root the phone. This method was all @jcase, and simplified by another user. I encourage you to read JCase's original G+ post to learn something, as this guy is the master of exploits, and we are on XDA to learn.
Credits to @xtremeasure for the simplification of JCase's process.
Now, you are rooted! If you did everything right, you should be good. Now people are going to ask, "Is there a script for this?" The short answer is No, don't hold your breath for something immediate. There was a user that said he would be happy to make one for the second half, but the writing, testing and verification of success alone on that will take some time, as the wrong line of code can make you end up with a good old fashioned paperweight. I can verify Xposed works fine, Viper4Android works fine, and if you try to delete system apps, they will just reinstall themselves (I recommend using "System App Remover (ROOT)" on the play store, as it will actually tell you which apps are and aren't safe to install. If you have any questions, after searching of course, feel free to ask. If I can't answer, some freaking body can lol.
CREDITS:
@tech_yeet for showing us the KingRoot
@jcase for his amazing work
@xtremeasure for his method
@fire3element for his method
@the zMAX Community for staying dedicated when the going got tough, it's been a long road. Here's to custom roms and a TWRP recovery!
Please share this with others, as there is a big community of people begging for this info, let's share the love . If I forgot to credit you, let me know and I'll fix that!
Click to expand...
Click to collapse
I have followed EVERYTHING step by step over and over again, and yet i still cant get this to work.
Basically, everything is fine up until reboot recovery.
it goes into android, but i dont start off as root, i start off as if i wasnt rooted, and i always have to do "su" to gain privledges.
afterwards, mount -o remount,rw /system/ does work but i cant write to it still for some reason.
has anyone else gotten this!? have any of you got a clue how to fix?

Here is some more info for those of you wondering what the KingRoot app is doing.
Screenshots will follow.
Text ABOVE the screenshot is for the image directly under it.
Let's begin -------------->
FIRST SCREEN WHEN YOU OPEN KINGROOT
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
SECOND SCREEN
- CLICK BUTTON TO BEGIN ROOT -
ROOTING IN PROGRESS...
ROOT FAILURE
[Blue Button]: SUBMIT (submits the error report to KingRoot devs)
ROOT FAILURE
ROOT FAILURE
NO DATA CONNECTION (WiFi or cellular singnal required)
[Blue Button]: ANDROID SETTINGS MENU
SUCCESSFUL ROOT
IF YOU SEE THIS MESSAGE POP UP DURING ROOTING, JUST LEAVE IT ALONE. LET THE ROOT FINISH
SUCCESSFUL ROOT
[trash can]: [...]: [...]:
SUCCESSFUL ROOT
[Blue Button]: PURIFICATION (I believe this is similar to fixing permissions)
- CLICK IT AND LET IT RUN -
^ from clicking blue button above ^
PURIFICATION PROCESS

xIP- said:
I have followed EVERYTHING step by step over and over again, and yet i still cant get this to work.
Basically, everything is fine up until reboot recovery.
it goes into android, but i dont start off as root, i start off as if i wasnt rooted, and i always have to do "su" to gain privledges.
afterwards, mount -o remount,rw /system/ does work but i cant write to it still for some reason.
has anyone else gotten this!? have any of you got a clue how to fix?
Click to expand...
Click to collapse
Should just be mount -o remount,rw /system
No extra slash
Sent from my Z970 using XDA Free mobile app
---------- Post added at 04:40 PM ---------- Previous post was at 04:36 PM ----------
I would the recovery image restore commands added.. If people feel the need to recover and try again they should run these
cd /dev/block/platform/msm_sdcc.1/by-name
su
dd if=/sdcard/recovery.img of=recovery
reboot recovery
*edited to remove a potentially harmful commands per jcase's advice*
Sent from my Z970 using XDA Free mobile app

xtremeasure said:
Should just be mount -o remount,rw /system
No extra slash
Sent from my Z970 using XDA Free mobile app
---------- Post added at 04:40 PM ---------- Previous post was at 04:36 PM ----------
I would the recovery image restore commands added.. If people feel the need to recover and try again they should run these
cd /dev/block/platform/msm_sdcc.1/by-name
su
dd if=boot of=boot
dd if=/sdcard/recovery.img of=recovery
reboot recovery
Sent from my Z970 using XDA Free mobile app
Click to expand...
Click to collapse
even with just one slash I still have a problem
Sent from my Z970 using XDA Free mobile app

Ok, so I am about to flash back the stock recovery from my backup and see if I can go through all these steps again to figure out what is going wrong.
I have a theory as to where and why KingUser is locking down SU in xbin. After I restore stock recovery, I will then Factory Reset and attempt to log my progress.
Stay tuned and I will try to report back later today. Hopefully with more insight on this problem.
@xIP-
Are you talking about pushing "su" , "daemonsu" , and "install-recovery.sh" files to /system ?
Keeps saying permission denied?
If that is the case, you can not. KingUser has a lock on system and is already in place as SU in /system/xbin
You will most likely need to factory reset and try again.
---------- Post added at 12:57 PM ---------- Previous post was at 12:37 PM ----------
UPDATE UPDATE!!!
Do not run the dd if=boot of=boot command
Could brick your device. As per Jcase warning. Wait for more info

fire3element said:
Ok, so I am about to flash back the stock recovery from my backup and see if I can go through all these steps again to figure out what is going wrong.
I have a theory as to where and why KingUser is locking down SU in xbin. After I restore stock recovery, I will then Factory Reset and attempt to log my progress.
Stay tuned and I will try to report back later today. Hopefully with more insight on this problem.
@xIP-
Are you talking about pushing "su" , "daemonsu" , and "install-recovery.sh" files to /system ?
Keeps saying permission denied?
If that is the case, you can not. KingUser has a lock on system and is already in place as SU in /system/xbin
You will most likely need to factory reset and try again.
---------- Post added at 12:57 PM ---------- Previous post was at 12:37 PM ----------
UPDATE UPDATE!!!
Do not run the dd if=boot of=boot command
Could brick your device. As per Jcase warning. Wait for more info
Click to expand...
Click to collapse
Remember remove kinguser after you run the dd commands but before you reboot recovery...
Sent from my Z970 using XDA Free mobile app

xtremeasure said:
Remember remove kinguser after you run the dd commands but before you reboot recovery...
Click to expand...
Click to collapse
Just so this is clear... full Root uninstall through the KingUser app, or just uninstall it through android app settings menu.
^ In case someone else has the same question ^

fire3element said:
Just so this is clear... full Root uninstall through the KingUser app, or just uninstall it through android app settings menu.
^ In case someone else has the same question ^
Click to expand...
Click to collapse
I would do a full root uninstall....
The backdoor keeps root for adb so installing the new su shouldn't be an issue
Sent from my Z970 using XDA Free mobile app

Got it. Will report back after this headache is done. *slams head on desk*

I just read the boot flash advice, I am not going to do it because I know that's a stupid idea, but if it does in fact let us flash boot.IMG, omg overclocking, custom kernels, full read write, awesome recovery, dual boot custom Roms with custom kernels here we come.
Unlocked boot.IMG
Can you Ya hoooouoo
And subscribed.
Sent from my Z970
[email protected]:/ # id
uid=0(root) gid=0(root) context=u:r:init:s0

fire3element said:
Ok, so I am about to flash back the stock recovery from my backup and see if I can go through all these steps again to figure out what is going wrong.
I have a theory as to where and why KingUser is locking down SU in xbin. After I restore stock recovery, I will then Factory Reset and attempt to log my progress.
Stay tuned and I will try to report back later today. Hopefully with more insight on this problem.
@xIP-
Are you talking about pushing "su" , "daemonsu" , and "install-recovery.sh" files to /system ?
Keeps saying permission denied?
If that is the case, you can not. KingUser has a lock on system and is already in place as SU in /system/xbin
You will most likely need to factory reset and try again.
---------- Post added at 12:57 PM ---------- Previous post was at 12:37 PM ----------
UPDATE UPDATE!!!
Do not run the dd if=boot of=boot command
Could brick your device. As per Jcase warning. Wait for more info
Click to expand...
Click to collapse
Is there anyway to do it without a factory reset? Could I just remove kinguser? or it must be factory reset? and will I have to reroot with factory reset?
Sent from my Z970 using XDA Free mobile app

Sorry guys, kinda been running around all day, have a lot of catching up to do I see. I'll fix the thread with updated information that people have so generously contributed!

DroidisLINUX said:
I just read the boot flash advice, I am not going to do it because I know that's a stupid idea, but if it does in fact let us flash boot.IMG, omg overclocking, custom kernels, full read write, awesome recovery, dual boot custom Roms with custom kernels here we come.
Unlocked boot.IMG
Can you Ya hoooouoo
And subscribed.
Sent from my Z970
[email protected]:/ # id
uid=0(root) gid=0(root) context=u:r:init:s0
Click to expand...
Click to collapse
I know right!!! First hurdle... done... second hurdle, bootloader with no fastboot lmao...

a bit unclear on this
are we actually rebooting into recovery or its supposed to go straight back into the phone
i was never able to get into recovery
10) type "reboot recovery" and restart your phone. YOU MUST RESTART WITH THIS COMMAND!!!!! It will boot straight into Android, this is good, that means you haven't screwed up anything.
"cat /data/local/tmp/su > /system/xbin/su"
"cat /data/local/tmp/install-recovery.sh > /system/etc/install-recovery.sh"
getting permission denied when running this.
"chmod 755 /system/xbin/su"
"chmod 755 /system/etc/install-recovery.sh"
as well as operation denied or something along those lines. any help would be nice. also and running id on adb. its showing.
uid=0(root) gid=0(root) context=u:r:init:s0
rather than
uid=0(root) gid=0(root) context=u:r:shell:s0

xIP- said:
I have followed EVERYTHING step by step over and over again, and yet i still cant get this to work.
Basically, everything is fine up until reboot recovery.
it goes into android, but i dont start off as root, i start off as if i wasnt rooted, and i always have to do "su" to gain privledges.
afterwards, mount -o remount,rw /system/ does work but i cant write to it still for some reason.
has anyone else gotten this!? have any of you got a clue how to fix?
Click to expand...
Click to collapse
You have to exit adb shell to push files to /data/local/tmp, which does not require root. That was a major exploit in earlier android versions, as people would push scripts to /data/local/tmp without root, run the exploit in the directory, and it would root. That was patched of course, but that directory can be accessed without root. Once you use "reboot recovery" to reboot, then just plug your phone back up and type "adb shell" to which the phone should respond with a "#" instead of a "$". If you have the $, you are not root and need to go back. If you do, just be patient with it and make sure you are not just copying and pasting (I know this can be the root of the issue at times with command, just type it out). It should work, the second half is the easy part lol.