qu1ckr00t icon indicating copy to clipboard operation
qu1ckr00t copied to clipboard

Published 20 hours ago verified publisher icon grant-h

Please port qu1ckr00t to armv7l

Open Skorpion96 opened this issue 2 years ago • 3 comments

As title I'm asking you if you can port qu1ckr00t to armv7l. I have a zte phone (ZTE blade a5 2019) which is vulnerable since the exploit runs but since the exploit is for arm64 I can't run it. I tried a 32 bit version on xda and it runs but with errors. Probably addresses are wrong, I'll leave here my kernel sources if you want to port it:https://www.mediafire.com/download/bhzmyeqepf4ve6j

Skorpion96 avatar Aug 06 '22 17:08 Skorpion96

您好,我最近正在休假中,无法亲自回复您的邮件。我将在假期结束后,尽快给您回复。

i don't understand chinese, i'll use google translate

Edit: thank you so much

Skorpion96 avatar Aug 06 '22 17:08 Skorpion96

Well I hope you will help me since I don't have other options, unisoc is not answering and zte I guess sent an email to unisoc asking the unlock code but they don't answer at all. Now summer is finished so I hope you can help me get this exploit to armv7l for my kernel

Skorpion96 avatar Sep 19 '22 11:09 Skorpion96

您好,我最近正在休假中,无法亲自回复您的邮件。我将在假期结束后,尽快给您回复。

Thank you, I hope you enjoy your holidays

Skorpion96 avatar Sep 19 '22 11:09 Skorpion96

i found on xda a 32 bit version of the exploit, so we could work with this, changing kernel addresses and kernel magic with the ones of my kernel, i'll leave a link to the post:https://forum.xda-developers.com/t/root-with-cve-2019-2215.3979341/post-80830899 anyway another potential exploit could be CVE-2020-0041, someone already used it to root some devices:https://forum.xda-developers.com/t/xperia-1-5-temp-root-exploit-via-cve-2020-0041-including-magisk-setup.4146103/

Skorpion96 avatar Nov 23 '22 21:11 Skorpion96

Yes I know, I only made the post to update you on what I found, hope you will enjoy your holiday

Skorpion96 avatar Nov 23 '22 21:11 Skorpion96

Yes I know, I only made the post to update you on what I found, hope you will enjoy your holiday

Sorry for that, I never have a holiday. Maybe it just the bug from my email provider. I already dropped this old account.

Yu-324 avatar Nov 24 '22 10:11 Yu-324

I have extracted kallsyms:https://www.mediafire.com/download/pbm0nvptr3w8eab (invalid link, look on next comment) About porting idk, I know that we have to take from the kallsyms file values and replace into the exploit but I don't know if I will be able to do it alone

Skorpion96 avatar Dec 23 '22 10:12 Skorpion96

other kallsyms i extracted and other stuff:https://www.mediafire.com/folder/uvde49kcna40o/ZTE_A5_2019_Stuff

Skorpion96 avatar Jan 23 '23 16:01 Skorpion96

Any news? I'm really sad, Google ruined rooting and zte is taking advantage of protections like bootloader to stop everyone from rooting, also exploits are kernel specific making them really difficult to work with. I wonder if I will ever be able to root this crap phone

Skorpion96 avatar Mar 03 '23 14:03 Skorpion96

So how's going? Are you still working on this @saga0324? If you are I want you to know that I'm really grateful for that. I hope for you the best.

Skorpion96 avatar May 05 '23 08:05 Skorpion96

So how's going? Are you still working on this @saga0324? If you are I want you to know that I'm really grateful for that. I hope for you the best.

In my opinion, if you want to root your ZTE. You can try to find the boot image or buy from some property firmware site. Seems like this way is much easier than modify the exploit.

saga0324 avatar May 05 '23 08:05 saga0324

@saga0324 As I was saying I talked to someone and he told me that exploit would need to be rewritten to my kernel version. This guy wanted to help as well, maybe you would get in contact with him? I'll leave a link to the group where we are:https://discord.gg/pRwc4RhY He is bluefenix btw

Skorpion96 avatar May 05 '23 10:05 Skorpion96

About the boot image i have it, let me upload it when I get home

Skorpion96 avatar May 05 '23 11:05 Skorpion96

here is boot https://www.mediafire.com/file/vumckkh8l79j1zy/boot_zte_blade_a5_2019_claro_1.0_fw.img/file @saga0324

Skorpion96 avatar May 05 '23 14:05 Skorpion96

@saga0324 found an eng firmware, here is the link:https://androidhost.ru/Y56?pt=UXpoUE5HZG1lWEZ6ZWtwbk5HRXhaM2hZVkdwMFp6MDlPaU82M2RiM2JvdTc0UmdXUXhyUExXcz0%3D i have a root shell now, i was able to get developer options to show but them are disabled. Anyway i can still flash from the shell, because there is no fastboot and i have a root shell so it's time to root this thing. Bootloader is still locked but I was able to edit the stock system and boot it, I'll try to add root to it, I'll leave a link to the stock img here as well if you want to try:https://terabox.com/s/1f8NKRTyul1wD01SMd4-owQ Edit2: root achieved by booting a gsi prerooted:https://youtu.be/GON2GXowoRQ

Skorpion96 avatar Jun 08 '23 13:06 Skorpion96

@saga0324 I would like to unlock bootloader if possible, if it isn't possible then I would like to use the qu1ckr00t app to install magisk on system, could you please help me on doing it? Btw about bootloader unlock there is a new exploit to try:https://github.com/TomKing062/CVE-2022-38694_unlock_bootloader/wiki/AddSupportToModel#part-2-modify-fdl1 although I don't know if will work on my unisoc SC9863A. There is also a verified boot bypass exploit:cve-2020-10648 we can try if you still like to help me

Skorpion96 avatar Jul 03 '23 14:07 Skorpion96

Just to let you know I and TomKing062 are trying unlock bootloader:https://github.com/TomKing062/CVE-2022-38694_unlock_bootloader/issues/4#issuecomment-1795214974 Unlocked, i'll put the issue as completed also, we did more:https://xdaforums.com/t/zte-blade-a5-2019-2020-etc-root-guide-locked-bootloader-valid-for-all-unisoc-zte-models-with-an-engineering-firmware.4612391/

Skorpion96 avatar Nov 06 '23 22:11 Skorpion96