Root ZTE Zmax Pro Official Root Discussion

[Enoch1333]

I haven't been an active developer since gingerbread in the SDX-DEV days so don't kill the messenger if this is stupid. But would the kernel source help find an exploit? It's available at the ZTE open Source page now....

Why is it different though its a 3.18.X kernel don't we have a 3.10.X or does it not matter?

 

[Enoch1333]

I think it's been available for a long time now. I could be mistaken though

Yes it has.

 

[Piplup702]

Why is it different though its a 3.18.X kernel don't we have a 3.10.X or does it not matter?

Not sure what that is then, I'm on b20 with a 3.10 kernel version

 

[Enoch1333]

Not sure what that is then, I'm on b20 with a 3.10 kernel version

I wonder why they didn't put the original 3.10 kernel source?

 

[Greysworld007]

IIRC after rooting you're forced to restart.

Ok let me understand this,you can temp root but after the root your forced to restart and when you restart dm-verity reverts system back to normal right? If you factory reset,then apply temp root before the reset can you run a script to disable dm-verity?

 

[loonycgb2]

Ok let me understand this,you can temp root but after the root your forced to restart and when you restart dm-verity reverts system back to normal right? If you factory reset,then apply temp root before the reset can you run a script to disable dm-verity?

Dm verity is hardcoded into the boot.

It would need a bypass to fake verity checks. Also removing encryption helps to break dm verity

 

[Jon Greenwood]

UPDATE: After much pursuing/perusing.... I think the best way to go about this is to contact a lawyer.
I know this change in direction is strange, and I will probably get much backlash.... but in a nutshell: This phone is a dataminer's dream. After creating a working temproot, a root user called 'sodu' (no really, not 'sudo') is created on the device. The device can be monitored remotely with an SMS hook, and can also be put into a "false sleep" mode that reminds me of another tech giant's TV backdoor. Something screams afoul here, rooting cannot work, at this point im writing this phone off as something that SHOULD NEVER get root. Rooting will not remove the MODEM and KERNEL level backdoors that are in place. Go take a look at sodu.ja ..... some weird java file that has a hook to a chinese server. it's not the update server either. Thank you to all my testers, @messi2050 / @SapphireEx for pushing me along and helping. As for the GIT, all current data is being removed for reasons you can probably guess. I'm calling the feds... seriously. There's something much bigger here. If a few InfoSec people want to pour through this weird java file (.ja extension but a kernel header points to it as a .jar) and see what exactly is being sent.


I knew it was bad, just not this bad!

TLDR; get a new phone, if this one DOES get rooted, it won't solve the massive data security issues and BAKED IN logging. Rooting for fun/performance/customization is something i believe strongly in, but a root on this phone is a potentially HUGE issue that will most likely make the current security problems worse.

 

[asianrocker]

Someone made a petition but for zmax. I don't think it made a 'change'.

https://www.change.org/p/zte-usa-and-zte-china-bootloader-unlock-for-zte-zmax-phone

 

[Enoch1333]

Ain't that some shenanigans, makes me wanna play by ZTE rules and clogged the hell out of their secret servers lol...

 

[MatreyuC]

UPDATE: After much pursuing/perusing.... I think the best way to go about this is to contact a lawyer.
I know this change in direction is strange, and I will probably get much backlash.... but in a nutshell: This phone is a dataminer's dream. After creating a working temproot, a root user called 'sodu' (no really, not 'sudo') is created on the device. The device can be monitored remotely with an SMS hook, and can also be put into a "false sleep" mode that reminds me of another tech giant's TV backdoor. Something screams afoul here, rooting cannot work, at this point im writing this phone off as something that SHOULD NEVER get root. Rooting will not remove the MODEM and KERNEL level backdoors that are in place. Go take a look at sodu.ja ..... some weird java file that has a hook to a chinese server. it's not the update server either. Thank you to all my testers, @messi2050 / @SapphireEx for pushing me along and helping. As for the GIT, all current data is being removed for reasons you can probably guess. I'm calling the feds... seriously. There's something much bigger here. If a few InfoSec people want to pour through this weird java file (.ja extension but a kernel header points to it as a .jar) and see what exactly is being sent.


I knew it was bad, just not this bad!

TLDR; get a new phone, if this one DOES get rooted, it won't solve the massive data security issues and BAKED IN logging. Rooting for fun/performance/customization is something i believe strongly in, but a root on this phone is a potentially HUGE issue that will most likely make the current security problems worse.

If we had root could we not just install a custom ROM and kernel, eliminating these issues? Honestly I have nothing sensitive on my phone and they already have access to our info anyways as you said.

P.S. this security stuff should not be a surprise, it has been well documented for a while now: https://mobile.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html

Even looking up "ZTE datamining" brings up a work website profile of one of their employees, with one of his listed skills DATAMINING lol! https://www.researchgate.net/profile/Dai_Bin2

 

[Spec2nirvash]

UPDATE: After much pursuing/perusing.... I think the best way to go about this is to contact a lawyer.

I know this change in direction is strange, and I will probably get much backlash.... but in a nutshell: This phone is a dataminer's dream. After creating a working temproot, a root user called 'sodu' (no really, not 'sudo') is created on the device. The device can be monitored remotely with an SMS hook, and can also be put into a 'false sleep' mode that reminds me of another tech giant's TV backdoor. Something screams afoul here, rooting cannot work, at this point im writing this phone off as something that SHOULD NEVER get root. Rooting will not remove the MODEM and KERNEL level backdoors that are in place. Go take a look at sodu.ja ..... some weird java file that has a hook to a chinese server. it's not the update server either. Thank you to all my testers, @messi2050 / @SapphireEx for pushing me along and helping. As for the GIT, all current data is being removed for reasons you can probably guess. I'm calling the feds... seriously. There's something much bigger here. If a few InfoSec people want to pour through this weird java file (.ja extension but a kernel header points to it as a .jar) and see what exactly is being sent.

I knew it was bad, just not this bad!
TLDR; get a new phone, if this one DOES get rooted, it won't solve the massive data security issues and BAKED IN logging. Rooting for fun/performance/customization is something i believe strongly in, but a root on this phone is a potentially HUGE issue that will most likely make the current security problems worse.

And this is what I had mentioned previously lol.... Huawei and ZTE are likely still up to their potentially criminal level of spyware/data theft. Scary, but no surprise if it's still going on. Now I'm very interested in keeping my Zmax.
On another note, my Duraforce Pro's filing system, OS and root-ability factor are very similar to the Zmax Pro. I've known for a while that Kyocera's servers hijack the browser/data on older handsets I have, and very likely that my DFPro is sending all kinds of info back to the mother ship, but now it just feels unsettling...

 

[loonycgb2]

UPDATE: After much pursuing/perusing.... I think the best way to go about this is to contact a lawyer.
I know this change in direction is strange, and I will probably get much backlash.... but in a nutshell: This phone is a dataminer's dream. After creating a working temproot, a root user called 'sodu' (no really, not 'sudo') is created on the device. The device can be monitored remotely with an SMS hook, and can also be put into a "false sleep" mode that reminds me of another tech giant's TV backdoor. Something screams afoul here, rooting cannot work, at this point im writing this phone off as something that SHOULD NEVER get root. Rooting will not remove the MODEM and KERNEL level backdoors that are in place. Go take a look at sodu.ja ..... some weird java file that has a hook to a chinese server. it's not the update server either. Thank you to all my testers, @messi2050 / @SapphireEx for pushing me along and helping. As for the GIT, all current data is being removed for reasons you can probably guess. I'm calling the feds... seriously. There's something much bigger here. If a few InfoSec people want to pour through this weird java file (.ja extension but a kernel header points to it as a .jar) and see what exactly is being sent.


I knew it was bad, just not this bad!

TLDR; get a new phone, if this one DOES get rooted, it won't solve the massive data security issues and BAKED IN logging. Rooting for fun/performance/customization is something i believe strongly in, but a root on this phone is a potentially HUGE issue that will most likely make the current security problems worse.

I have seen everything about the china backdoors and such, but wheres the actual proof of what you "found".

I cant find any sodu.ja or even find a single blip of network connections to unknown sources..

How would you be able to know of a modem backdoor without direct access to a decompiled modem partition or even a kernel backdoor?

On top of it all you have a semi temp root and instead of passing the info you delete it all because you feel your done?

I seriously doubt you honestly found any real traces of anything.

Traces of a secondary root can be found in the emode decompiled source. It is the only way that is currently linked to unlocking system read and write. It was also placed in place along with ftm mode.

 

[Ethorbit]

Can we all just stop talking about privacy concerns and data mining proof?

Get a firewall.
https://play.google.com/store/apps/details?id=app.greyshirts.firewall&hl=en
Boom, block internet access from official android apps.

 

[Y314K]

UPDATE: After much pursuing/perusing.... I think the best way to go about this is to contact a lawyer.
I know this change in direction is strange, and I will probably get much backlash.... but in a nutshell: This phone is a dataminer's dream. After creating a working temproot, a root user called 'sodu' (no really, not 'sudo') is created on the device. The device can be monitored remotely with an SMS hook, and can also be put into a "false sleep" mode that reminds me of another tech giant's TV backdoor. Something screams afoul here, rooting cannot work, at this point im writing this phone off as something that SHOULD NEVER get root. Rooting will not remove the MODEM and KERNEL level backdoors that are in place. Go take a look at sodu.ja ..... some weird java file that has a hook to a chinese server. it's not the update server either. Thank you to all my testers, @messi2050 / @SapphireEx for pushing me along and helping. As for the GIT, all current data is being removed for reasons you can probably guess. I'm calling the feds... seriously. There's something much bigger here. If a few InfoSec people want to pour through this weird java file (.ja extension but a kernel header points to it as a .jar) and see what exactly is being sent.


I knew it was bad, just not this bad!

TLDR; get a new phone, if this one DOES get rooted, it won't solve the massive data security issues and BAKED IN logging. Rooting for fun/performance/customization is something i believe strongly in, but a root on this phone is a potentially HUGE issue that will most likely make the current security problems worse.

This has been obvious to me since the first inklings that the phone was lock down like it is not to keep us out. But to keep what it is doing behind the curtain secret. They only way we will be able to confirm anything will be thru discovery. And the real targets should be MetroPCS, TMobile & to a lesser extent the other carriers if they also did not include fastboot or a method to peak at what ZTE & the repubic of fine china is up to. Since ALL businesses from China are nothing but an extension of said completely corrupt state. The only people that can put any pressure on ZTE is MetroPCS & TMobile.

If I am not mistaken, ZTE is still under probation from getting caught for illegal sales of tech to NK & Iran.

The only award that should be accepted, other then lawyer fees. Should be the unlocking of every bootloader on any ZTE device past, present & future.

 

[Y314K]

People this is nothing new, you've been being monitored since android 2.2 with STAGEFREIGHT. It's never going to end, it's been almost 10 years since android came out. The NSA has all of you data anyway, your private pictures you've sent to your s/o, SSN, etc etc. It's nothing new, privacy agreements and permission monitoring is just to make you feel safe. rooted or not you still have shady apps and backdoors built into essential system apps, lineage, cyanmod, etc. I don't see what the big deal is anyway, if you're not doing something inherently wrong you have nothing to be worried about. With that said, I don't see how any of this is going to help us root.

If a US company want's to get into bed with the NSA or what ever. We can deal with that internally. We have elections here where we can try to change things. But this is a Chinese company doing the same here. Screw that.

So if I was a cop pulling you over block after block. I could say to you. Don't worry about it. Is not like your drunk driving. You shouldn't worry about being pulled over every second of everyday since you are not doing anything illegal. And you would be perfectly fine with the non-stop harassment & non-stop illegal search & seizures. And you wouldn't mind if the US used or allowed a third party (other country's state company) to do their illegal work as an excuse that their hands are clean.

No matter what an idiot Judge might of written. The constitution doesn't say the government can collect my data in order to proof my innocence/guilt before I am even suspected of anything. And if you think it does. Then I bet for you paradise would be East Berlin during the cold war.

 

[Ethorbit]

If a US company want's to get into bed with the NSA or what ever. We can deal with that internally. We have elections here where we can try to change things. But this is a Chinese company doing the same here. Screw that.

So if I was a cop pulling you over block after block. I could say to you. Don't worry about it. Is not like your drunk driving. You shouldn't worry about being pulled over every second of everyday since you are not doing anything illegal. And you would be perfectly fine with the non-stop harassment & non-stop illegal search & seizures. And you wouldn't mind if the US used or allowed a third party (other country's state company) to do their illegal work as an excuse that their hands are clean.

No matter what an idiot Judge might of written. The constitution doesn't say the government can collect my data in order to proof my innocence/guilt before I am even suspected of anything.

If you're worried, just use a firewall.

 

[Y314K]

If you're worried, just use a firewall.

That firewall you posted has not been updated since 2014. And will that firewall block kernel base backdoor ? Isn't it basically a blocker for the apps we can already see. Not for all the back of curtain crap this phone is doing.

 

[Ethorbit]

That firewall you posted has not been updated since 2014. And will that firewall block kernel base backdoor ? Isn't it basically a blocker for the apps we can already see. Not for all the back of curtain crap this phone is doing.

There's literally the entire system that you can block from internet access, and then you can only allow internet access to the apps you use.

A firewall doesn't need to be updated in order to show every connection incoming and outgoing.

 

[Greysworld007]

UPDATE: After much pursuing/perusing.... I think the best way to go about this is to contact a lawyer.
I know this change in direction is strange, and I will probably get much backlash.... but in a nutshell: This phone is a dataminer's dream. After creating a working temproot, a root user called 'sodu' (no really, not 'sudo') is created on the device. The device can be monitored remotely with an SMS hook, and can also be put into a "false sleep" mode that reminds me of another tech giant's TV backdoor. Something screams afoul here, rooting cannot work, at this point im writing this phone off as something that SHOULD NEVER get root. Rooting will not remove the MODEM and KERNEL level backdoors that are in place. Go take a look at sodu.ja ..... some weird java file that has a hook to a chinese server. it's not the update server either. Thank you to all my testers, @messi2050 / @SapphireEx for pushing me along and helping. As for the GIT, all current data is being removed for reasons you can probably guess. I'm calling the feds... seriously. There's something much bigger here. If a few InfoSec people want to pour through this weird java file (.ja extension but a kernel header points to it as a .jar) and see what exactly is being sent.


I knew it was bad, just not this bad!

TLDR; get a new phone, if this one DOES get rooted, it won't solve the massive data security issues and BAKED IN logging. Rooting for fun/performance/customization is something i believe strongly in, but a root on this phone is a potentially HUGE issue that will most likely make the current security problems worse.

Dude just tell us how you got the working temp root. Let us decide for OURSELVES if we want to take the risk. don't play God this is a rooting forum its not a data mining/security forum. This is the wrong place to be selfish with your discoveries.

 

[Nyrixa]

No one person holds the authority to deny his/her peers anything for any reason, especially ones own guilt/insecurity of something that may or may not have been done. Leave it to the rest of us to decide for our selves if there is actually any risk involved, because I personally don't care about any of that. I deal with cyber issues all day long, so I have a good idea of what may or not be laying in wait. I ask you to share your sources and information so we can all FINALLY get the root we've been looking forward to, and working toward this entire time.

 

[GarnetSunset]

People this is nothing new, you've been being monitored since android 2.2 with STAGEFREIGHT. It's never going to end, it's been almost 10 years since android came out. The NSA has all of you data anyway, your private pictures you've sent to your s/o, SSN, etc etc. It's nothing new, privacy agreements and permission monitoring is just to make you feel safe. rooted or not you still have shady apps and backdoors built into essential system apps, lineage, cyanmod, etc. I don't see what the big deal is anyway, if you're not doing something inherently wrong you have nothing to be worried about. With that said, I don't see how any of this is going to help us root.

>NSA has your SSN
>NSA is government
>Government issues SSN

Me smells something fishy

Also Lineage/Cyanogenmod is fully OpenSource if you don't install any google apps n stuff, so, there's no fear of telemetry as long as you inspect and build your own ROMs.

 

[GarnetSunset]

This isn't an argument or data mining thread THIS IS A ROOT DISCUSSION

Hey, you brought it up. Mods, feel free to remove whatever you feel necessary.

But it's really crap if true, but if my boy with the temp root releases it, and I know he's hesitant he'd probably be recognized in the future, and I know the community would appreciate it.

But once again, not my call.

 

[Ethorbit]

Good root discussion going on here.

 

[Nyrixa]

It may be a stupid question, but has anyone tried to use, or know if psneuter would help any little bit or would it just be another failed experiment?

 

[Nyrixa]

I haven't heard it mentioned yet, you can try it, or I may give it a go in the morning.

I don't have any experience with trying to create a root, I work on PCs normally. I think I'll leave it to the more experienced until I know what I'm doing.