Jump to content


Photo

ZTE V9 Tablet

* * * * * 2 votes

  • Please log in to reply
490 replies to this topic

#421
Stephen J. Knill

Stephen J. Knill

    Regular

  • Members
  • PipPip
  • 105 posts
  • Gender:Male
  • Location:Adelaide, Australia
  • Devices:LG GT540f Android 2.3.5

I tried Universal Androot, says Failed Fu goo or something like that


Oh, my bad... I just realized you have the new v9 running 2.2. From what I can tell there are some minor differences which prevent the UniversalAndroot application from working on the new v9's with 2.2, sadly I'm not entirely sure what they are yet. (prolly something simple like relocated files or some junk like that, but without access to one... it's a bit hard to test out)

I'll let you know if I find any solution to perm root the v9 with 2.2

Until then, you'r in uncharted waters my friend... and all I can do is wish you the best!

  • 0

Programs are like Cathedrals, first we build them... then we pray!


#422
Stephen J. Knill

Stephen J. Knill

    Regular

  • Members
  • PipPip
  • 105 posts
  • Gender:Male
  • Location:Adelaide, Australia
  • Devices:LG GT540f Android 2.3.5
Biti, not sure if this will help or not... but you should be able to figger out how to manually apply these "patches"

Preparing Exploit ... :true
Preparing busybox binary ... :true
User selected: Eclair
Preparing Su binary ... :true
Preparing Superuser apk ... :true, resid:2131034118
Preparing root toolkit script ... :true
Trying to get mount point:/data
/dev/block/mtdblock6 /data yaffs2 rw,nosuid,nodev 0 0
Trying to get mount point:/system
/dev/block/mtdblock5 /system yaffs2 rw 0 0
mount -o remount,rw -t yaffs2 /dev/block/mtdblock5 /system
mkdir /system/xbin
cat su > /system/xbin/su
chmod 04755 /system/xbin/su
ln -s /system/xbin/su /system/bin/su

mount -o remount,ro -t yaffs2 /dev/block/mtdblock5 /system
mount -o remount,rw,nosuid,nodev -t yaffs2 /dev/block/mtdblock6 /data

mount -o remount,rw -t yaffs2 /dev/block/mtdblock5 /system
rm /system/bin/su
rm /system/xbin/su

Preparing to execute exploit, do chmod
Executing exploit..
cmd: /data/data/com.corner23.android.universalandroot/files/getroot /dev/block/mtdblock6 yaffs2
[*] Android local root exploid (C) The Android Exploid Crew
[*] Modified by shakalaca for various devices
[+] Using basedir=/sqlite_stmt_journals, path=/data/data/com.corner23.android.universalandroot/files/getroot
[+] opening NETLINK_KOBJECT_UEVENT socket
[+] sending add message ...
[*] Try to invoke hotplug now, clicking at the wireless
[*] settings, plugin USB key etc.
[*] You succeeded if you find /system/bin/rootshell.
[*] GUI might hang/restart meanwhile so be patient.
Wifi enabled ...
mkdir failed for /system/xbin, File exists
link failed File exists
rm failed for /data/local/tmp/rootshell, No such file or directory
Exploit delete success
Install/Uninstall rootkit: true
ls -l /sqlite_stmt_journals
-rws--x--x root	 root		16224 2011-03-20 01:46 rootshell
ls -l /data/local/tmp
opendir failed, Permission denied
ls -l /app-cache
/app-cache: No such file or directory
run mount
rootfs / rootfs rw 0 0
tmpfs /dev tmpfs rw,mode=755 0 0
devpts /dev/pts devpts rw,mode=600 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
/dev/block/mtdblock5 /system yaffs2 ro 0 0
/dev/block/mtdblock6 /data yaffs2 rw,nosuid,nodev 0 0
/dev/block/mtdblock8 /persist yaffs2 rw,nosuid,nodev 0 0
tmpfs /sqlite_stmt_journals tmpfs rw,size=4096k 0 0
/dev/block/mtdblock4 /cache yaffs2 rw,nosuid,nodev 0 0
/dev/block//vold/179:2 /data/sdext2 ext2 rw,errors=continue 0 0
/dev/block//vold/179:1 /sdcard vfat rw,dirsync,nosuid,nodev,noexec,uid=1000,gid=1015,fmask=0702,dmask=0702,allow_uti
e=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8 0 0
run df
Error running exec(). Commands: [df] Working Directory: null Environment: null
java.lang.ProcessManager.exec(ProcessManager.java:196)
java.lang.Runtime.exec(Runtime.java:225)
java.lang.Runtime.exec(Runtime.java:313)
java.lang.Runtime.exec(Runtime.java:246)
com.corner23.android.universalandroot.utils.Utils.genSysDebugInfoReport(Utils.java:181)
com.corner23.android.universalandroot.asynctask.RootTask.onPostExecute(RootTask.java:398)
com.corner23.android.universalandroot.asynctask.RootTask.onPostExecute(RootTask.java:1)
android.os.AsyncTask.finish(AsyncTask.java:443)
android.os.AsyncTask.access$300(AsyncTask.java:134)
android.os.AsyncTask$InternalHandler.handleMessage(AsyncTask.java:455)
android.os.Handler.dispatchMessage(Handler.java:99)
android.os.Looper.loop(Looper.java:214)
android.app.ActivityThread.main(ActivityThread.java:4415)
java.lang.reflect.Method.invokeNative(Native Method)
java.lang.reflect.Method.invoke(Method.java:521)
com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:868)
com.android.internal.os.ZygoteInit.main(ZygoteInit.java:626)
dalvik.system.NativeStart.main(Native Method)

The su file being used with root is the one from busybox, might try installing that and re-installing Superuser app... just a thought. (But this should head you in the right direction atleast)

  • 0

Programs are like Cathedrals, first we build them... then we pray!


#423
Biti

Biti

    Regular

  • Members
  • PipPip
  • 57 posts
  • Gender:Male
  • Devices:Huawei U8230

Biti, not sure if this will help or not... but you should be able to figger out how to manually apply these "patches"

The su file being used with root is the one from busybox, might try installing that and re-installing Superuser app... just a thought. (But this should head you in the right direction atleast)


I ROOTed the ROM now manually pushed superuser.apk and last su binary with adb, all works, after reboot /system/bin/su permissions goes back to the old s***, only this part is not clear for me, wh revert permissions and how can I solve this.

My first idea for solution is add this "chmod 4755 /system/bin/su" to init.rc ?!

hehe on inir.rc this s*** revert the permissions, I found it xD

Edited by Biti, 19 March 2011 - 03:40 PM.

  • 0

#424
Stephen J. Knill

Stephen J. Knill

    Regular

  • Members
  • PipPip
  • 105 posts
  • Gender:Male
  • Location:Adelaide, Australia
  • Devices:LG GT540f Android 2.3.5

... I found it xD


That's what I like to hear :D -- I didn't even think of the init.rc for some damn reason, which is embarrassing cause I should of. But all is well that ends well. :( (UniversalAndroot will correct those settings, that is when it runs... it also sets /data and /system to be mounted rw instead of ro which is also set in the init.rc file... so why the hell did I not think of this lol)

Edited by Stephen J. Knill, 19 March 2011 - 03:50 PM.

  • 0

Programs are like Cathedrals, first we build them... then we pray!


#425
Biti

Biti

    Regular

  • Members
  • PipPip
  • 57 posts
  • Gender:Male
  • Devices:Huawei U8230

That's what I like to hear :D -- I didn't even think of the init.rc for some damn reason, which is embarrassing cause I should of. But all is well that ends well. :( (UniversalAndroot will correct those settings, that is when it runs... it also sets /data and /system to be mounted rw instead of ro which is also set in the init.rc file... so why the hell did I not think of this lol)



I changed the permissions in init.rc, pushed the file to the phone, sync than reboot and got the same file than before, any idea? :S Really anoying, now I tryed to add this line to other rc files, got the same, any idea to execute a line on boot without this files?

Edited by Biti, 19 March 2011 - 04:03 PM.

  • 0

#426
Stephen J. Knill

Stephen J. Knill

    Regular

  • Members
  • PipPip
  • 105 posts
  • Gender:Male
  • Location:Adelaide, Australia
  • Devices:LG GT540f Android 2.3.5

I changed the permissions in init.rc, pushed the file to the phone, sync than reboot and got the same file than before, any idea? :S Really anoying,


The init.rc file is part of the ramdisk image, so you'll need to crack it open again... edit the file and repack, push onto phone and flash it to make changes stick. (sync only really works on the /system and /data)

  • 0

Programs are like Cathedrals, first we build them... then we pray!


#427
Stephen J. Knill

Stephen J. Knill

    Regular

  • Members
  • PipPip
  • 105 posts
  • Gender:Male
  • Location:Adelaide, Australia
  • Devices:LG GT540f Android 2.3.5

...any idea to execute a line on boot without this files?


Yep, put a script in /system/etc/init.d and chmod 755 they will be run after the init.rc

  • 0

Programs are like Cathedrals, first we build them... then we pray!


#428
Biti

Biti

    Regular

  • Members
  • PipPip
  • 57 posts
  • Gender:Male
  • Devices:Huawei U8230

The init.rc file is part of the ramdisk image, so you'll need to crack it open again... edit the file and repack, push onto phone and flash it to make changes stick. (sync only really works on the /system and /data)



Ok done, thanks checking :D

OMG, I flashed new boot with fastboot flash boot boot.img after phone blinking with ZTE screen, no recovery, no adb, no bootloader state, only this DFU s***, what can I do?

Only multiDL work, and I haven't got firmware :S

any idea how can I get mbd files for my device? totaly bricked

To flash this russian firmware after update recovery and flash my 2.2 will work or I can put to the trash? There is no firmware available to this device in public.

What is bootloader key config? vol down + power = download mode :S

Edited by Biti, 19 March 2011 - 04:58 PM.

  • 0

#429
Stephen J. Knill

Stephen J. Knill

    Regular

  • Members
  • PipPip
  • 105 posts
  • Gender:Male
  • Location:Adelaide, Australia
  • Devices:LG GT540f Android 2.3.5

Ok done, thanks checking :D

OMG, I flashed new boot with fastboot flash boot boot.img after phone blinking with ZTE screen, no recovery, no adb, no bootloader state, only this DFU s***, what can I do?

Only multiDL work, and I haven't got firmware :S

any idea how can I get mbd files for my device? totaly bricked

To flash this russian firmware after update recovery and flash my 2.2 will work or I can put to the trash? There is no firmware available to this device in public.


Doesn't holding down Volume - boot you into recovery? (After you rip the battery out for a few secs) -- It should do still, unless something really freaky has happened.

And without some kind of access to the device such as with adb, fastboot-windows or CM recovery mode... there isn't really any way of re-flashing the device (since there are no design schematics out, there are no hard cable methods)

-- Any firmware from an IDENTICAL device will work, but it must be from one of the new v9's (the older versions will just boot loop also)

Edited by Stephen J. Knill, 19 March 2011 - 05:03 PM.

  • 0

Programs are like Cathedrals, first we build them... then we pray!


#430
Biti

Biti

    Regular

  • Members
  • PipPip
  • 57 posts
  • Gender:Male
  • Devices:Huawei U8230

Doesn't holding down Volume - boot you into recovery? (After you rip the battery out for a few secs) -- It should do still, unless something really freaky has happened.

And without some kind of access to the device such as with adb, fastboot-windows or CM recovery mode... there isn't really any way of re-flashing the device (since there are no design schematics out, there are no hard cable methods)



unable to get in recovery mode in this V9, phone reboots after 3 sec, voldown+power get to the DFU mode and no others. what can I do reflash with M stuff, but I think this wil ltotal kill my device maybe.

Sebastian404 maybe have some infos about this.

But with old firmware maybe I can get into recovery and reflash my original ROM, or It's possible to change the img files in flashable BEELINE_V9V100B08and reflash that way?

Edited by Biti, 19 March 2011 - 05:08 PM.

  • 0

#431
Sebastian404

Sebastian404

    Hardcore

  • Developer Team
  • PipPipPipPipPipPip
  • 2,104 posts
  • Gender:Male
  • Location:Somwhere Near Mountain View, California
  • Devices:lots of them
  • Twitter:@sebastian404
There is a guy on the Blade Forum with an X880 who installed the TPT for the Blade onto his device, and he seems to of totaly screwed that up...

the Theory is that the content of the hidden partition controls the base address for the kernel, but from the evidence so far maybe not.

It would seem that ZTE have changed some things in the new devices tho that means its not as easy to get into FTM mode.

  • 0

#432
Biti

Biti

    Regular

  • Members
  • PipPip
  • 57 posts
  • Gender:Male
  • Devices:Huawei U8230

There is a guy on the Blade Forum with an X880 who installed the TPT for the Blade onto his device, and he seems to of totaly screwed that up...

the Theory is that the content of the hidden partition controls the base address for the kernel, but from the evidence so far maybe not.

It would seem that ZTE have changed some things in the new devices tho that means its not as easy to get into FTM mode.



I flashed back with my img files now I got a totaly big s***, no ZTE screen just a splash, and usb cannot recognized.

  • 0

#433
Sebastian404

Sebastian404

    Hardcore

  • Developer Team
  • PipPipPipPipPipPip
  • 2,104 posts
  • Gender:Male
  • Location:Somwhere Near Mountain View, California
  • Devices:lots of them
  • Twitter:@sebastian404

I flashed back with my img files now I got a totaly big s***, no ZTE screen just a splash, and usb cannot recognized.


have you tried holding down vol+ AND vol- while turning it on?

  • 0

#434
Stephen J. Knill

Stephen J. Knill

    Regular

  • Members
  • PipPip
  • 105 posts
  • Gender:Male
  • Location:Adelaide, Australia
  • Devices:LG GT540f Android 2.3.5

unable to get in recovery mode in this V9, phone reboots after 3 sec, voldown+power get to the DFU mode and no others. what can I do reflash with M stuff, but I think this wil ltotal kill my device maybe.

Sebastian404 maybe have some infos about this.

But with old firmware maybe I can get into recovery and reflash my original ROM, or It's possible to change the img files in flashable BEELINE_V9V100B08and reflash that way?


If you can't see the device listed when you run "adb devices" or the "fastboot-windows devices" commands, try unpluging the cable and pluging back in (I know it sounds weird, but I've had the device not show after a boot fail before... and replugging it in solved that part, it atleast allowed be to use the "adb reboot recovery" recovery or bootloader as both will enable flashing ... I just kept spaming the command till my device finally rebooted lol)

An older firmware version MAY work, but then it's just as likely to brick the device also... so I can not advise that.
And I thought you'r rom dump was the TELENOR_V9V1.0.0B01.ZIP?

I'm not really sure how the DFU mode works as I've only seen this on iPhones before (and damn do they suck or what!), but then I was able to recover the iPhone using the iTunes app still... so it was still "booting", just not actually loading all the OS crap that was damaged. -- If you can't get ANY kind of shell access to it, I really don't know... hopefully Sebastian404 might.

  • 0

Programs are like Cathedrals, first we build them... then we pray!


#435
Sebastian404

Sebastian404

    Hardcore

  • Developer Team
  • PipPipPipPipPipPip
  • 2,104 posts
  • Gender:Male
  • Location:Somwhere Near Mountain View, California
  • Devices:lots of them
  • Twitter:@sebastian404
I was going to mention the same thing, since I 'updated' to the latest drivers, when I reboot any ZTE device I have to disconnect and reconnect the USB before my PC will recognize it...

  • 0

#436
Sebastian404

Sebastian404

    Hardcore

  • Developer Team
  • PipPipPipPipPipPip
  • 2,104 posts
  • Gender:Male
  • Location:Somwhere Near Mountain View, California
  • Devices:lots of them
  • Twitter:@sebastian404

I flashed back with my img files now I got a totaly big s***, no ZTE screen just a splash, and usb cannot recognized.


I'm a bit lost, what did you do to get it into this state?

  • 0

#437
Biti

Biti

    Regular

  • Members
  • PipPip
  • 57 posts
  • Gender:Male
  • Devices:Huawei U8230

I'm a bit lost, what did you do to get it into this state?



downloaded m2.zip, replaced img files to my original ones and reflashed with phone flasher.

All of this after I flashed new boot.img with fastboot and phone not booted restarted every seconds and the only thing what could I get was this Dowload state.

Edited by Biti, 19 March 2011 - 05:53 PM.

  • 0

#438
Stephen J. Knill

Stephen J. Knill

    Regular

  • Members
  • PipPip
  • 105 posts
  • Gender:Male
  • Location:Adelaide, Australia
  • Devices:LG GT540f Android 2.3.5

I'm a bit lost, what did you do to get it into this state?



He uploaded and flashed a modified boot.img (to change the init.rc file), which somehow caused the device to boot loop. Upon trying to re-flash with his own dumped the M2 images... this is the result.

The exact proccess is a bit elusive to me, as I thought he didn't have shell access... so it must have been using the multiDL thingie he mentioned before (nope, ain't seen that one yet lol)

Edited by Stephen J. Knill, 19 March 2011 - 05:51 PM.

  • 0

Programs are like Cathedrals, first we build them... then we pray!


#439
Sebastian404

Sebastian404

    Hardcore

  • Developer Team
  • PipPipPipPipPipPip
  • 2,104 posts
  • Gender:Male
  • Location:Somwhere Near Mountain View, California
  • Devices:lots of them
  • Twitter:@sebastian404

downloaded m2.zip, replaced img files to my original ones and reflashed with phone flasher.

All of this after I flashed new boot.img with fastboot and phone not booted restarted every seconds and the only thing what could I get was this Dowload state.


oh, well what you can try repeat the whole process only this time keeping the original files from m2.zip

hopefully you will end up with a working 2.1 v9.....


then we can take it from there...

  • 0

#440
Stephen J. Knill

Stephen J. Knill

    Regular

  • Members
  • PipPip
  • 105 posts
  • Gender:Male
  • Location:Adelaide, Australia
  • Devices:LG GT540f Android 2.3.5
One other thing I'd like to know... has anyone been able to actually have the WiFi stay on when screen locks and it's not plugged into charger? (Optus myTab specificly, and don't go pointing me to the Advanced WiFi settings... that was the first thing I tried lol, it's been set to "Never" ever since I brought the device... but still it keeps turning off, and none of the WiFi Lock apps from market have been able to keep it on.

And it looks like Sebastian merged an Optus and Life rom, as several other aspects of the Optus rom have been removed from his version. Shame, I was hoping it would indicate where I can re-enable the full screen rotation again (Hate the lock screen, apps list and "desktop" being stuck in landscape)

Edited by Stephen J. Knill, 19 March 2011 - 09:14 PM.

  • 0

Programs are like Cathedrals, first we build them... then we pray!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users