1. Download our Official Android App: Forums for Android!

Root ZTE Zmax Pro Official Root Discussion

Discussion in 'Android Devices' started by anubis2048, Jan 14, 2017.

  1. SapphireEx

    SapphireEx Android Enthusiast
    Rank:
     #220
    Points:
    98
    Posts:
    393
    Joined:
    Feb 28, 2017

    Feb 28, 2017
    393
    357
    98
    Male
    Jack of all trades
    Hillsborough, FL
    I've cleaned up all the data in that code dump for easy reading (Bear in mind, these files are NO LONGER USABLE for flashing or otherwise. A lot of their data has been removed.) https://discord.gg/6s2JkDv
     

    Advertisement

    5318008 likes this.
  2. SapphireEx

    SapphireEx Android Enthusiast
    Rank:
     #220
    Points:
    98
    Posts:
    393
    Joined:
    Feb 28, 2017

    Feb 28, 2017
    393
    357
    98
    Male
    Jack of all trades
    Hillsborough, FL
    I have some massive news for all of you. CODEBIN is our MBN. QFIL has extracted my GPT.
    *Edit My current issue is COM read failure. Seems related to cables. Common issue. @ExtoliS is working on it in the mean time.
     
    #3177 SapphireEx, Sep 10, 2017
    Last edited: Sep 10, 2017
  3. GarnetSunset

    GarnetSunset Well-Known Member
    Rank:
     #621
    Points:
    43
    Posts:
    94
    Joined:
    May 10, 2017

    May 10, 2017
    94
    69
    43
    @SapphireEx Fix your cables nerd.

    I'm working on getting those Auth keys.
     
    RootBeerGuy and Y314K like this.
  4. timgreene93

    timgreene93 Lurker
    Rank:
    None
    Points:
    6
    Posts:
    4
    Joined:
    Sep 3, 2017

    Sep 3, 2017
    4
    3
    6
  5. Y314K

    Y314K Well-Known Member
    Rank:
     #1,189
    Points:
    23
    Posts:
    91
    Joined:
    Dec 6, 2009

    Dec 6, 2009
    91
    34
    23
  6. NeoZiggy

    NeoZiggy Android Enthusiast
    Rank:
     #207
    Points:
    108
    Posts:
    393
    Joined:
    Dec 26, 2011

    Dec 26, 2011
    393
    151
    108
    Male
    Overnight Slacker
    San Antonio, TX
    B14 was the last before the Beta Program updates, I believe. B20 was the update after the beta program. B21 just came out about a month ago.

    I wish I had dumped some of those... Tho I really wouldn't think they'd have been helpful other then to see what they tweaked with battery and kernel settings.

    Wish we could go old school "Hackers" and find a lonely guy at a desk somewhere to give us the info. (Great movie, 9600broad modem on a desk with the IP taped under it... lol)
     
  7. brandonlee199966

    Rank:
     #971
    Points:
    28
    Posts:
    36
    Joined:
    May 7, 2017

    May 7, 2017
    36
    15
    28
    Im willing to rip the b21 update for metro pcs. If someone one can tell me how? Im still on the b20 update and i blocked the update notification!
     
  8. messi2050

    messi2050 Android Enthusiast
    Rank:
     #162
    Points:
    148
    Posts:
    453
    Joined:
    Oct 22, 2016

    Oct 22, 2016
    453
    827
    148
    Male
    I been checking every update since b08 never got any useful information.
     
    NeoZiggy, ExtoliS and Y314K like this.
  9. SirMicBic

    SirMicBic Lurker
    Rank:
    None
    Points:
    15
    Posts:
    3
    Joined:
    Sep 11, 2017

    Sep 11, 2017
    3
    0
    15
    Male
    Technology Repairs
    please guy dont stop trying. is it possible the to re-edit the scrips if its scrip change verification or possibly emode and adb commands and something else no one has discovery is the problem to our unsuccessful root of the zte z981. ive tried everything went thro 6 zmax pro's with no success.
     
  10. SapphireEx

    SapphireEx Android Enthusiast
    Rank:
     #220
    Points:
    98
    Posts:
    393
    Joined:
    Feb 28, 2017

    Feb 28, 2017
    393
    357
    98
    Male
    Jack of all trades
    Hillsborough, FL
    Join our discord. A lot of the discussion is ongoing there.
     
    Y314K and ExtoliS like this.
  11. timgreene93

    timgreene93 Lurker
    Rank:
    None
    Points:
    6
    Posts:
    4
    Joined:
    Sep 3, 2017

    Sep 3, 2017
    4
    3
    6
    When I purchased my phone I think it was on BO8 I'm on B20 it kept trying to force me to update I disabled the app and cleared the storage , I have no experience with newer versions of Android since I stopped messing around with it after ICS , I feel our approach is wrong there have to be some apps that can access system level by default they just have to be reversed engineered it would be nice to mount the phone as R/W on Linux but I don't know how as far as the proper terminal commands go
     
    RootBeerGuy likes this.
  12. timgreene93

    timgreene93 Lurker
    Rank:
    None
    Points:
    6
    Posts:
    4
    Joined:
    Sep 3, 2017

    Sep 3, 2017
    4
    3
    6
    The same methods used on older IOS jailbreaks might work , browser based vulnerabilities may not be the best move but if we were able to modify an app that can be installed to system with certain permissions with an embedded program similar to a DLL windows file exploit it might work , or instead of flashing a custom bootloader why not add some more options to the inbuilt if thats possible with the dumps that have been curated these past months , another idea if we can find someone over at XDA to write a virus that takes over the phone but instead of stealing user information it dumps the phone or , compile a fake virus scanner that can retrieve information or dump to system , but I feel an embedded app approach could work - I'm just a tinkerer not a developer
     
  13. Bigcountry907

    Bigcountry907 Well-Known Member
    Rank:
     #267
    Points:
    88
    Posts:
    212
    Joined:
    Oct 15, 2015

    Oct 15, 2015
    212
    203
    88
    Male
    CNC Programmer
    Erie PA
    So where are we actually at here. If someone has the got backup. Which is the first 17408 bytes of the Emmc I can accomplish some stuff with it.

    I also heard someone say keys.
    Is this both the public half and private half of the key. For example. Pk8 and. X509. If you have the private half of the key I have a bash script for signing zip files. After signing the zip you can flash anything using the stock recovery and updater script.

    GPT and Keys please.

    I'll send you back a big mack and you'll be singing that I'm loving it song.

    Please just don't dress like ronald
     
  14. Y314K

    Y314K Well-Known Member
    Rank:
     #1,189
    Points:
    23
    Posts:
    91
    Joined:
    Dec 6, 2009

    Dec 6, 2009
    91
    34
    23
    Check it PM BC.
     
  15. SirMicBic

    SirMicBic Lurker
    Rank:
    None
    Points:
    15
    Posts:
    3
    Joined:
    Sep 11, 2017

    Sep 11, 2017
    3
    0
    15
    Male
    Technology Repairs
    send me an invite.username is the same as here.
     
  16. Y314K

    Y314K Well-Known Member
    Rank:
     #1,189
    Points:
    23
    Posts:
    91
    Joined:
    Dec 6, 2009

    Dec 6, 2009
    91
    34
    23
    Anybody can join in. It is just the invite got moved to the Irma thread.

    "*Edit I've set up a Discord here: https://discord.gg/6s2JkDv, which should allow faster communication between people. I'll still be using this forum for posting general exploits and similar."

    This is where the sausage is being made.
     
  17. GarnetSunset

    GarnetSunset Well-Known Member
    Rank:
     #621
    Points:
    43
    Posts:
    94
    Joined:
    May 10, 2017

    May 10, 2017
    94
    69
    43
    So you're saying use privilege escalation?
    Why have we never thought of that before /s

    Freal tho that's the basis for every root exploit ever, use what's already there to escalate from user privs to system privs.
     
  18. Kristiann Guthrie

    Rank:
     #930
    Points:
    33
    Posts:
    61
    Joined:
    May 6, 2016

    May 6, 2016
    61
    46
    33
    Female
    Freelance Programming, CompTIA Tutor
    Hernando, FL
    Pretty much doing anything on any device requires you to elevate privileges. It's when those privileges are locked pretty much the Only way is getting a system app with low level privileges to call a script and run it with those fore-mentioned low level privs.

    For example the flashlight app in the old Evo 3Ds for some freaking reason had system privileges and that was their way in.
     
  19. SapphireEx

    SapphireEx Android Enthusiast
    Rank:
     #220
    Points:
    98
    Posts:
    393
    Joined:
    Feb 28, 2017

    Feb 28, 2017
    393
    357
    98
    Male
    Jack of all trades
    Hillsborough, FL
    Apparently a lot of our media decoders also have kernel level RWX
     
  20. Kristiann Guthrie

    Rank:
     #930
    Points:
    33
    Posts:
    61
    Joined:
    May 6, 2016

    May 6, 2016
    61
    46
    33
    Female
    Freelance Programming, CompTIA Tutor
    Hernando, FL
    Sapphire, yes I was in the discord service is spotty right now. It won't let me send any me send anything.
     
  21. GarnetSunset

    GarnetSunset Well-Known Member
    Rank:
     #621
    Points:
    43
    Posts:
    94
    Joined:
    May 10, 2017

    May 10, 2017
    94
    69
    43
    Yush.
     
  22. Chloe936

    Chloe936 Lurker
    Rank:
    None
    Points:
    6
    Posts:
    7
    Joined:
    Sep 5, 2017

    Sep 5, 2017
    7
    7
    6
    Here people keep asking for this.

    Btw the quadcore do you mean the app that lets you scan? @SapphireEx
     

    Attached Files:

    pyro357 and Y314K like this.
  23. Chloe936

    Chloe936 Lurker
    Rank:
    None
    Points:
    6
    Posts:
    7
    Joined:
    Sep 5, 2017

    Sep 5, 2017
    7
    7
    6
    Btw guys I might be late with replies. I had to move to GA due to the hurricane. Now everything is flooded so we cannot return... At least not right now
     
  24. CaseyRockStar

    CaseyRockStar Member
    Rank:
     #811
    Points:
    36
    Posts:
    57
    Joined:
    Jan 27, 2013

    Jan 27, 2013
    57
    4
    36
    Seattle, WA
    Jumping in here .....


    I'm not quite an expert in mobile devices or Android programming, but I'm pretty good with English, and I think it's possible we've all missed something on this topic.

    In "Settings > Developer Options" (once you've activated Developer Options by tapping), there's an option to unlock the bootloader for OEM processes:


    allow2.jpg



    When you activate the slider, you first get a warning:


    warnng.jpg


    Okay, this option is likely merely part of the OS, and it's functionality is likely stymied by whatever ZTE blockages have given rise to all the angry and lengthy threads on this topic, but ....

    BUT: Android does say "Device protection features won't work on this device . . ." If that's not true, and device protections DO still work on this device, isn't that something Google/Android would want to know?
     

    Attached Files:

  25. scary alien

    scary alien not really so scary
    Moderator
    Rank:
     #9
    Points:
    2,138
    Posts:
    22,141
    Joined:
    Mar 5, 2010

    Mar 5, 2010
    22,141
    23,264
    2,138
    Male
    space alien ;)
    Indy
    @CaseyRockStar, those Settings -> Developer menu options work in conjunction with the dm-verity and other device integrity checks and I'm pretty sure aren't in play unless the bootloader is actually unlocked (which you guys cannot (yet) do for this device).

    For the Nexus/Pixel line of devices (for example, that have those same Settings), you do indeed have to enable/allow bootloader unlocking before you (or try to) unlock the bootloader from fastboot.

    If/when you have unlocked the bootloader (like I have on my Nexus 6P) you'll get warnings when you reboot that the device integrity cannot be checked--i.e., because the bootloader has been unlocked and is therefore "open" to modification (i.e., untrusted).

    BTW, I keep my bootloader unlocked (on my devices) for recovery purposes...not necessarily to have root installed anymore.
     
    RootBeerGuy and bcrichster like this.

ZTE Zmax Pro

ZTE Zmax Pro

Share This Page

Loading...