1. Are you ready for the Galaxy S20? Here is everything we know so far!
Thread Status:
Not open for further replies.

ZTE Zmax Pro Official Root Discussion

Discussion in 'Android Devices' started by anubis2048, Jan 14, 2017.

  1. SapphireEx

    SapphireEx Guest

    Here's a short rundown on what I personally know about the Z981 so far:

    Is protected by DM-Verity.
    Is protected by Android Secure Boot.
    Has Busybox installed and properly symlinked.
    Toybox is properly installed and symlinked.
    Has a SUID hidden somewhere.
    /Dev/block/* is ---
    /System is R--, with some subdirectories with ---
    /Data/local/tmp is RWX
    Recovery is standard Android Recovery. Does not support unsigned images.
    Fastboot has been replaced/ hidden by EDL mode. There is currently no way to interface with it officially. It CAN be interfaced with ADB, but it's a basic userland shell.
    Temp root is working, but very unstable and will almost always cause a panic.
    B08-B20 (MPCS) are vulnerable to Cloak and Dagger overlay exploit.
    B08 is vulnerable to DirtyC0w
    B08-B20 is vulnerable to a modified version of DirtyC0w.
    Images can be flashed via EDL mode, but require a valid, signed MBN, also called a Firehose. It also requires specialized software which was previously qFil.

    That's about all I got so far. If something is wrong, feel free to correct me

    I'm going to try and see if I can sign TWRP with the release keys someone found (sorry, forgot your name), and see what happens. I doubt anything will come of it, or even if I get the key, but it's worth a shot
     

    Advertisement

    #2426 SapphireEx, Jun 5, 2017
    Last edited by a moderator: Jun 5, 2017
    rellik232, Blaxx, Kage Korosu and 2 others like this.
  2.  
  3. Could you or somebody link me the 'package Disabler' and status apk you speak of here? I dunno if these are play store items or not, but I can't seem to find them
     
  4. SapphireEx

    SapphireEx Guest

    I think you messed your quote up a bit. I haven't been able to find the keys yet. Been at work all day.
     
  5. Nyrixa

    Nyrixa Newbie

    Blaxx likes this.
  6. Selvius

    Selvius Lurker

    Let me preface this with a disclaimer that I'm a complete novice with respect to android, and I'm not sure if this exploit would be relevant. That said, would this exploit be useful in terms of defeating SELinux protections?

    http://www.openwall.com/lists/oss-security/2017/05/30/16
     
  7. SapphireEx

    If that really is the release key, there's tons of things we can do with it. We need a way to flash images though.



    If we can get someone to modify the root script where it won't freeze up and panic. So we can get temp root and install flashfire or flashify then install @messi2050 TWRP recovery then we will all set. Even though no one knows if the custom recovery works or not

    .

    I know the original zmax had to get temp root by kingroot i believe . Then download an app to install TWRP
    .
     
  8. Nyrixa

    Nyrixa Newbie

    Technically if what I'm reading is correct, it doesn't necessarily have to be the signing keys, you can create your own as long as it's signed. Haven't had time to deep look again, but disabling trusted certs gains a bit more access to files and sub-dirs in the root dir. Also it seems that "keychain/keystore" don't directly handle the keys, but they have the information about them and can access them. So it may be possible that with a "keychain/keystore dump" the information we need about the keys can be gotten.
     
  9. SapphireEx

    SapphireEx Guest

    That's if it accepts any signature. I'd much rather have the OEM keys that are nearly impossible to get. I'll give it a go with self signing though.
     
    Nyrixa and Blaxx like this.
  10. SapphireEx

    I think you messed your quote up a bit. I haven't been able to find the keys yet. Been at work all day.

    Found this key idk if im right or not is worth the share
    location or file

    /etc/security/

    Mac_permissions.xml
    signature='308204ae30820396a003020102020900abf652fde78f3bc3300d06092a864886f70d0101050500308196310b300906035504061302434e3111300f060355040813085368616e676861693111300f060355040713085368616e67686169310c300a060355040a13035a544531223020060355040b1319536d61727470686f6e6520536f66747761726520446570742e310c300a060355040313035a54453121301f06092a864886f70d0109011612737570706f7274407a74652e636f6d2e636e301e170d3131303330383037313234345a170d3338303732343037313234345a308196310b300906035504061302434e3111300f060355040813085368616e676861693111300f060355040713085368616e67686169310c300a060355040a13035a544531223020060355040b1319536d61727470686f6e6520536f66747761726520446570742e310c300a060355040313035a54453121301f06092a864886f70d0109011612737570706f7274407a74652e636f6d2e636e30820120300d06092a864886f70d01010105000382010d00308201080282010100bf9aadaf6257265ebc6cc4127ab591046fff7df5cb9e5bf2dc6d86d6932f70d2218fc1070cfb66c22d5189d3156e29917233473570379748c2e1c49cd700e8851ec339f4008befaef5cf85f536f22807755c0eab9695d76fcbf8ab2c65d80975a37d859d6784a03e72bf761348c596f042a8e0d323cd57ce97001e47121493bd4c2a34bf62d1d0d09166d965e808348be551a27c1c6e9244762d3afebb3c7bba4ee9b3985c3d426c694cf7338d045c76244a6de4f686c7f84f210b9d25a6b3c8907b097c35c138abcca4cef0d7e29f1155e0c42566b7e4b5bb37fea17dcc39de2b2f9d0d4d3b17f732676c1c21002c84edce336c87b95cfdcadc6745c83f4e4b020103a381fe3081fb301d0603551d0e04160414aba2a127783c12ea32794e657dcbd8342d70680e3081cb0603551d230481c33081c08014aba2a127783c12ea32794e657dcbd8342d70680ea1819ca48199308196310b300906035504061302434e3111300f060355040813085368616e676861693111300f060355040713085368616e67686169310c300a060355040a13035a544531223020060355040b1319536d61727470686f6e6520536f66747761726520446570742e310c300a060355040313035a54453121301f06092a864886f70d0109011612737570706f7274407a74652e636f6d2e636e820900abf652fde78f3bc3300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100 7e35025f08ef1b0a0fb023dafb5d878aa460fa2fef626a9de6f5b59f3183cd0783c8426216f47d03e3b9af873880725198a85bb559eab4e277488d8220709fee7a5d281c9701b89eb30f0c9c6ea6d97abc9e8b76f6ce6e53483980868f8b3c7f2dff1fd73574830c2bb29882223d62683fa84f5108fe7f7435cbb2f32d8e0d28f94367708d02287232982f63c981871f7dcfb24e1faeb586fc255de4ad302fc4b53d7d6b43c84d53d3172024a0b8b0964f0deeca0e3a2fcb9199898c0cbf0d03cb6cace6c92817e1fccd53604f99dec8f2c130388d34cf96d300286726c6dcbea83b38dd12769ac94df9fa6b298aedf617fccc8ff9f503338015f94a8ae0ac88
     
    #2435 brandonlee199966, Jun 8, 2017
    Last edited: Jun 8, 2017
    5318008 likes this.
  11. Nyrixa

    Nyrixa Newbie

    In the root folder there is a file titled "Verity_Key" however it seems that according to http://en.miui.com/thread-310923-1-1.html there's a way to disable the DM_Verity. If not then with temp root the vet will have to be found.
     
  12. SapphireEx

    SapphireEx Guest

    This could be interesting, but I can't do a lot with it. Knowing linux, which generally has keys for PAM modules in etc/security, it's currently meaningless until we can find why these keys are here.
     
  13. SapphireEx

    SapphireEx Guest

    Requires TWRP. If we had TWRP, we wouldn't be in this position to start with.
     
  14. Nyrixa

    Nyrixa Newbie

    If you're trying to flash the "lazy scripter" then yes you need TWRP, but to delete the "Verify" file so signing isn't needed nothing was said about TWRP..
     
  15. Nyrixa

    Nyrixa Newbie

    Now, I leave you all with one giant chunk of information to do with what you will.......

    Build Details

    Manufacturer: ZTE
    Model: Z981

    Brand: ZTE
    Board: urd
    Device: urd
    Hardware: qcom
    Product: P895T20_MPCS

    Serial Number:

    Bootloader: unknown
    Radio: -8952_GEN_PACK-1.89347.1.93758.3

    Build Fingerprint: ZTE/P895T20_MPCS/urd:6.0.1/MMB29M/20170418.111425:user/release-keys

    Release: 6.0.1
    Codename: REL
    Build Version: MMB29M
    Build Type: user
    Build Tags: release-keys
    Build Date: 2017-04-17
    Built By: xuzhenxuan@newsuper3
    Build Number: 20170418.111425

    API level: 23

    CPU ABIs: arm64-v8a

    Kernel Version: Linux version 3.10.84-perf-gcdba782-00692-gf675825 (xuzhenxuan@newsuper3) (gcc version 4.9.x-google 20140827 (prerelease) (GCC) ) #1 SMP PREEMPT Tue Apr 18 11:53:28 CST 2017


    Found in /Etc title is Xtra_Root_Cert.pem


    Certificate:
    Data:
    Version: 3 (0x2)
    Serial Number: 12233244687336499494 (0xa9c5373a87206926)
    Signature Algorithm: sha1WithRSAEncryption
    Issuer: O=QUALCOMM, Inc., OU=Cryptographic Operations Group, CN=XTRA Admninistrative Root v1
    Validity
    Not Before: Mar 24 20:03:47 2011 GMT
    Not After : Mar 20 20:03:47 2026 GMT
    Subject: O=QUALCOMM, Inc., OU=Cryptographic Operations Group, CN=XTRA Admninistrative Root v1
    Subject Public Key Info:
    Public Key Algorithm: rsaEncryption
    Public-Key: (2048 bit)
    Modulus:
    00:a7:de:dd:6d:49:f9:0b:3b:e2:91:94:a9:1c:e5:
    64:7a:fc:7b:35:10:04:e4:e3:e5:c9:4d:eb:6c:ed:
    71:08:77:b1:b4:aa:60:a5:10:a6:18:45:e6:a6:27:
    cd:df:74:38:6a:d4:ac:7f:44:08:a0:f8:aa:f5:6b:
    5b:61:9b:0c:53:c0:d9:62:b2:ee:48:51:fa:3f:d3:
    bd:7d:5c:aa:33:4b:19:66:99:fd:ed:fa:cb:0f:b4:
    fe:fe:7e:eb:f8:fa:92:76:84:49:9e:b4:c3:d6:46:
    8f:d6:25:49:b9:94:9a:5b:eb:1c:c7:c4:c8:cc:22:
    43:31:fe:aa:58:fd:33:86:2c:ea:21:d1:61:6f:81:
    2d:80:19:11:90:4c:54:c6:c4:34:c4:49:81:11:3a:
    db:c9:d4:84:a3:dd:1b:7b:ac:0b:91:18:29:02:d5:
    36:d3:c6:4a:08:6a:c6:70:d2:82:35:2a:7d:4c:39:
    30:2e:7d:15:e3:4f:07:91:0f:a2:37:0e:31:5a:93:
    54:45:61:84:a0:dd:e1:f2:13:b3:f8:ed:cc:e8:bd:
    92:47:11:f6:d4:fe:02:9c:b8:f4:02:0e:c5:a8:0d:
    f9:25:d5:2d:a1:e4:ad:f1:45:09:9e:ff:64:80:18:
    77:5f:4a:fd:a1:cd:b4:fa:ec:25:65:33:ae:65:6e:
    92:91
    Exponent: 3 (0x3)
    X509v3 extensions:
    X509v3 Basic Constraints: critical
    CA:TRUE, pathlen:1
    X509v3 Key Usage: critical
    Digital Signature, Certificate Sign, CRL Sign
    Signature Algorithm: sha1WithRSAEncryption
    39:1d:9a:c0:81:a5:91:b8:e1:c2:5a:7c:1c:dc:a7:bc:c8:33:
    9e:ff:7e:67:bc:2e:ec:5b:17:47:f9:d0:21:c7:d8:51:d1:3f:
    e1:ce:2d:90:11:a8:70:45:20:3f:83:f3:e8:48:0e:ed:c5:42:
    bb:59:83:f4:91:b1:c3:be:76:f1:a3:74:82:dc:a7:be:d2:d1:
    09:de:d4:af:53:2e:ed:7a:68:c0:60:c2:05:a6:af:89:88:44:
    6f:ee:a6:a1:7d:de:a5:41:cc:ee:9f:7c:64:7a:b8:70:04:ed:
    7b:4f:fe:c4:5c:2c:6d:f8:4e:62:20:4e:d5:c4:5a:10:d2:24:
    7b:dc:8e:57:1f:90:5e:fe:90:c2:c7:52:b4:5c:8f:6d:0c:4e:
    08:0a:91:69:03:90:20:74:8f:21:bd:ad:90:7d:b3:5d:bb:98:
    46:63:10:c9:04:7a:85:e2:df:73:6f:57:ca:8e:d8:28:44:c8:
    a3:cf:96:92:90:4f:bb:57:82:14:b4:59:f2:bb:dd:f4:8d:4a:
    65:9a:4e:65:25:2f:c3:7d:45:be:74:b8:0d:2b:65:d6:ab:34:
    36:08:ee:3a:89:4a:51:85:80:4d:be:ba:c1:e8:78:80:c5:40:
    ad:82:e9:98:5a:dd:d8:96:95:bb:3c:17:77:e8:31:72:88:7c:
    55:61:bf:1a



    Release letter.x509.pem


    -----BEGIN CERTIFICATE-----
    MIIErjCCA5agAwIBAgIJAOuCYND5gmZOMA0GCSqGSIb3DQEBBQUAMIGWMQswCQYD
    VQQGEwJDTjERMA8GA1UECBMIU2hhbmdoYWkxETAPBgNVBAcTCFNoYW5naGFpMQww
    CgYDVQQKEwNaVEUxIjAgBgNVBAsTGVNtYXJ0cGhvbmUgU29mdHdhcmUgRGVwdC4x
    DDAKBgNVBAMTA1pURTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEB6dGUuY29tLmNu
    MB4XDTExMDMwODA3MTM0M1oXDTM4MDcyNDA3MTM0M1owgZYxCzAJBgNVBAYTAkNO
    MREwDwYDVQQIEwhTaGFuZ2hhaTERMA8GA1UEBxMIU2hhbmdoYWkxDDAKBgNVBAoT
    A1pURTEiMCAGA1UECxMZU21hcnRwaG9uZSBTb2Z0d2FyZSBEZXB0LjEMMAoGA1UE
    AxMDWlRFMSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QHp0ZS5jb20uY24wggEgMA0G
    CSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC6XMcxr5zlAnZfYCeKPgt+w4y/fmB7
    SzZSJvCx4hFKKq6m9CHg60vhlVQ4gLkuKb1l+pFbJdrP8yL1YKQqSrWWDAhPcuIl
    Lj3UcmzfbMRQhM4mrXf49ees2xyVZO38KjtSSBw/ygvH5PSrX6KFUqQdxVeciLga
    tYYoOEpRGKZdeL+HAI0EMFssOow00jPP44IB9Vi9UiEHOqvTHVmDIdQWOmAgWXlA
    36sdWsSebLzWXjm2vB6OJaPV93zxy+tym33mkduc2DHQiH6TFUr4YmtDOZJ7y3jZ
    2VzJU3VViYNunm/Da0NAPYwtbyeOgr+5npV7CfzY436lqLYaAlHJjx37AgEDo4H+
    MIH7MB0GA1UdDgQWBBS6NVREsJ5wGdTi/26mEwf8h2KDfzCBywYDVR0jBIHDMIHA
    gBS6NVREsJ5wGdTi/26mEwf8h2KDf6GBnKSBmTCBljELMAkGA1UEBhMCQ04xETAP
    BgNVBAgTCFNoYW5naGFpMREwDwYDVQQHEwhTaGFuZ2hhaTEMMAoGA1UEChMDWlRF
    MSIwIAYDVQQLExlTbWFydHBob25lIFNvZnR3YXJlIERlcHQuMQwwCgYDVQQDEwNa
    VEUxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAenRlLmNvbS5jboIJAOuCYND5gmZO
    MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKSJA12gqyhorPk0EkHN
    gUTLJoytol5SHPksdhbMjTOTEsaPiOVQZ0sHk9JDPoXRJlZvLXIvZCtzG+YCjpF8
    Gv/uK47jHJsBG5L9LyI/LNctPOTefj3aBQklLxUgeblaaK2AFGb+ygmX8plGSwOz
    9p4mgr8UQtPsdXP6gxEejI3oZ8Bz4HmttL+GwabCZAxuF9O2Z4vX1oCYbAVLAKz+
    SUoMVXY9hzSa/Ttx+HeH0oHPXdZ0A2VyxpLiFIXdbdC9zWjB8AGQgmYINDHlQRG4
    hPH9+NppDljxd19T1cEzkFERFEI8dWkTCaE8mRNQfShSt7N3vW+kfELq8rlkvDMW
    9JM=
    -----END CERTIFICATE-----



    Found with search of .pem


    Certificate:
    Data:
    Version: 3 (0x2)
    Serial Number:
    31:1a:00:88:05:9a:3a:be:4a:fb:65:20:a6:f7:49:d8
    Signature Algorithm: sha1WithRSAEncryption
    Issuer: CN=T-Mobile USA Root CA
    Validity
    Not Before: Jan 4 20:54:35 2007 GMT
    Not After : Jan 4 21:00:47 2027 GMT
    Subject: CN=T-Mobile USA Root CA
    Subject Public Key Info:
    Public Key Algorithm: rsaEncryption
    Public-Key: (2048 bit)
    Modulus:
    00:9d:67:c5:35:f8:f0:1e:e9:68:45:6e:b3:89:2f:
    40:b5:81:18:f2:00:93:36:46:6b:6a:6e:21:b5:27:
    3a:7d:14:dd:94:85:9e:13:10:7c:ff:27:76:a6:bd:
    cd:e6:9f:22:5d:16:08:cb:54:64:53:0d:a2:4f:d0:
    fb:3a:65:f2:3a:1d:0c:2c:6e:b4:a1:8c:2d:3a:77:
    75:90:cb:53:c0:14:b5:84:66:86:f7:88:7d:31:bf:
    88:57:c0:31:5c:ad:72:66:ca:11:84:52:7f:d9:fb:
    1e:9d:59:32:3d:f7:10:eb:9b:83:dd:fa:48:56:41:
    85:7c:25:d9:e1:c5:da:31:a3:71:3f:11:b8:04:2b:
    a7:c0:ac:1c:ac:5c:cf:97:0b:e7:2a:bf:50:b9:fb:
    8e:15:62:28:61:27:70:9c:df:ac:04:df:25:18:94:
    8b:a9:e5:ae:ef:13:ca:6c:57:2f:5c:cd:7a:d3:ee:
    21:56:5e:44:1f:db:c9:68:75:2b:ce:3c:2d:78:43:
    2d:87:a0:96:4d:8a:0d:ab:4b:bc:76:19:5a:38:a8:
    df:c0:dc:83:1e:11:dd:bf:7a:a1:e0:e0:33:88:b8:
    d8:93:91:43:4f:e3:7d:76:15:aa:e1:19:f6:7a:47:
    39:5c:36:b2:fe:5b:40:38:d0:8f:b9:7c:85:90:09:
    3d:fd
    Exponent: 65537 (0x10001)
    X509v3 extensions:
    X509v3 Key Usage:
    Digital Signature, Certificate Sign, CRL Sign
    X509v3 Basic Constraints: critical
    CA:TRUE
    X509v3 Subject Key Identifier:
    E5:C1:B4:20:15:E8:A7:78:20:E6:C1:F9:E5:EF:E9:5A:76:7A:F7:A6
    1.3.6.1.4.1.311.21.1:
    ...
    Signature Algorithm: sha1WithRSAEncryption
    02:05:72:db:c9:2d:75:d3:06:ff:74:74:80:15:57:7a:9b:fb:
    f9:cc:6e:56:88:d6:5f:0f:29:39:85:2e:30:09:f9:e7:78:8d:
    31:f0:c3:bc:73:8c:df:1f:4d:72:b8:18:ab:63:c9:10:a5:be:
    bd:c7:dc:af:1d:ab:4e:f9:05:75:41:68:bb:8f:75:bd:39:b8:
    57:6e:7a:52:ff:47:12:7d:b0:dd:20:95:5e:8f:f2:50:36:d6:
    58:11:8b:c7:ad:bc:cc:7e:20:44:43:46:c2:5b:8a:b8:6b:d0:
    70:af:81:20:5b:a5:45:98:fd:89:0c:a1:d7:05:b4:9e:28:20:
    49:d8:0a:af:a9:a7:fa:f4:bf:fe:3a:7e:90:68:6a:65:e2:43:
    83:e0:0d:1d:48:75:84:4a:13:60:e2:90:5d:99:02:01:6d:f7:
    be:5c:b9:1d:f1:31:5b:90:4b:3e:83:05:7d:f0:30:f5:46:f8:
    3a:cc:69:15:e6:fd:9b:56:89:32:e2:dd:3f:33:e0:91:64:7a:
    4e:ea:66:bb:6d:45:0b:3c:77:5a:27:eb:17:d0:5c:da:41:c6:
    51:cf:67:f2:d4:66:d8:9a:55:dd:9b:7e:fd:50:29:fc:b4:54:
    d0:28:b4:f8:14:e1:5e:c7:09:1b:c4:f5:02:a9:88:99:3e:a3:
    94:70:63:0c



    Android.{46b117b….pk}


    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCiiByw0W40uhK+khvIEneisE1pPtvId6ewOeFm4ohO0UVmcnB6RCJz7/J+xk4jlEfqJyfXm5BcRyxdERcbK4uzmDOwSgd4XaV2X+A4iN2EgJ5PdY6kZuWzJ0L2/gyFgbIs+0FWUOc449VoLojPcH/CNmwZultVSU2oBx0+GS7e8QIDAQAB


    Android.{46b116b….pn}


    BKh5htx/uctqIeTPXYKQeg==,JSELJGrruhYoMjWmTyDIbg==,+e4FeP4cyU3nSCvUGsyzKQ==,ln36NlEPaSPGJRMDPpDgsg==,p+1qMoPzUP9sd6GlVK5W0g==,wTYFRgMH9MlrHBOiTABP/g==,wDzbMeqqHEsC1iEhdW/aew==,umU4HDKB9C/OjhfFIPocqA==,ITosw/OKLkTWhpNAW2bZrA==,aA0DZ5YA968LTHAMaycP5w==,za8EKI70sWksGRK3s7IaJA==,1hVOcCffvhMichY3YySWjA==,siK/E+fc+mk/hHfTrsGb2Q==,JQBIS+G7oxyfMpdLZjTdGQ==,obG75fY9W5bBoPh8GX6/rg==,KNlS2eSRpPXnB9XFa6sHww==,0CHMY/66mmNtk8AN84ecHw==,Qqw38N8Bm2YVKL6QiLxG0A==,jfocHUwv0lkqoShKwB4A6g==,K8P7MC2jaODIbD0O9zTq/Q==,KEEpQUwRFhhv8e6u0zxnhw==,3jIW2Yt2znChbdm91aNAGQ==,FpwhGpoYmhFT08T4RDA2yg==,1PGtepnXDVhz7oy53WXwkw==,OCKsDinP7IlwBZuyHQHwXg==,5rSm9GPfWkOTiVW5+zu6Gw==,xfzxecmHpzjOeyqzxGJkbg==,mBX1OCyo8dJAZ3q1o66hpw==,nIbk1npIr1m3lyvs4MUPnQ==,sIG8g9qQg7Clv8/h6Kq2mw==,UkUOGDLvu1dJj6YtgCJKjw==,YYIg3vyhqa5yeCt1WufeiA==,fy1YChQDQztQDA9odvH87Q==,q/ysxExW6152gZ8kF17Xag==,F2FhvpAODimTSvyoPrET+A==,IU9IeUlWXJ2KfmYMsv0tTg==,hTq2DwbW+QVHncb33ppoJA==,9hrglJF6mqFcUAWpTjseyA==,QnViDp0YacNXzwXQQbH6UA==,jUhUhNKQ7BdVXnrMg9Aagw==,U2xwK0dCnQAVxRN14plVLQ==,qu1w+CG/96NXuFqBOYl/bg==,C1JBgxB0XHJcqwrU5n5TQQ==,Vce2gAAEPXUc8+R44MBUtw==,Vm/M+zQoiD7xGJ7Qpliwsw==,Wq3stoFwXhyn5EOrlklh5Q==,AcCFqpKbFZn93U6m1oEsLQ==,hrp/F7uYeV4i0rEayS1vow==,wwJeXOUP/cKHa0h6VGhhjQ==,Asru2kIUengRjRouyUTNEg==,h9q6EW4AvSTC7cKJO0tpSA==,S/lQ7K3Ky3UbbjCqsr6uhA==,2C6qVGkWM75HFc6kKPA/hQ==,m6ez1V7gDP8/Y6+TX/pSNA==,seiVA0K96uUrV8A4TVXCvQ==,ytEqLh/ISJ0dakKjhal3eQ==,wZ763BhqjdubWh3TTQOeJA==,NIz2Y0yPJcqzqGL1gbcWcA==,+6fgxA5rAtBtXW6BRdOdsQ==,NyOday/JK0FPBLz08IwV5g==,taXFywLKCceExdiBYOLsJA==,LzGEIgB66sNqcxNkyEX09A==,AjYZOfgwij3ALQIyImyZbg==,Z6Bt537Y4NYSBdgfO2LnNA==,f/xjiU85gto9Yy6IZEmMzQ==,NRS+L5mCDH6s+G0FdB/28Q==,QJ+AM89/HOmQY0tCus06Ug==,GE452E0vS51XBdPy3EmrDQ==,eMiIhvlok9TCjv9D+40tMA==,TrgLMsp8o0TjwUxDjOU7yA==,rZyJHLhdtKxTKHxjtLjtOQ==,3oV7MOjI2Uk9O5T4uRt8GQ==,TVo8Spoxg/w7hCtOQCG2VA==,Xis6RJnn3M+tQ8oYPscxgQ==,wxsyNkzhnKj80VCkF+zOWA==,a6WJs1zKX/jyNNtp9Eh+jw==,GAsF+v5yaRsr1XglP7hQLA==,zzz3K9jlOw233bCm8iCK+Q==,+IN8bBRGYpSWDcVI3vEa5g==,iIMre0vIhmr5WXCHPF6Mfw==,wRN+CcV6hv4EmOYuLlJpIA==,mhQ7LC7ygV4/aUnTyA9Dsg==,VlFAY5BJmAmacpD9uGH6lQ==,HDN2RvKYdWcrWmEZK5AQ+Q==,rx4MbkgQBzRPlDZ5CMkIxg==,MD0naGQy2SWbu77WMtKpUA==,wB3GsPUoavtVPZAMQFOojg==,4wej+d+fOA668Qbh3JgLtg==,oiOvlgnrNBf7S//gUcITRw==,il9HJvdFPHe42TYVzttVbQ==,gdURLDtbrdsinutUzFIOOw==,hFmfwh09SLFkJsW+43Kx1g==,1MlgoUdJA4BcPhMMgnEODA==,NjGg7HILnXJstNXGN4oUeg==,VuOm6+q1TYnaL/PE/Fbphg==,ReaGxZR2gGatmRHVTZb3Kw==,2hJ46SiLcSbSHCXQ+ay1aA==,kwOtC/4BIMvDpds/4mBZdw==,KsHt8lbl5WfdDQbX6nWCHA==,FZ6/6cGKIMxraxG64938dQ==,u39Hw3vPzEprNmxqvDjH5Q==,FMRv72IndB+iXdBrazyHMQ==,iiqImXGNrZq0/uY+oiLfBQ==,+GIG+f9auY9Z51ZGp39bxA==,jeYAXJaa82VD7WLLPpSGWA==,39OLCNDeDXo+gRadQDHV0g==,7YMsg/q9KO2+KCO2OY7b7w==,7ARRB3BwjGqP29jeCwunJw==,A1uFBZL/FGvkRT/CzUZAQg==,9giSEvrqAnR/QejkT2C+EQ==,gyBVluW8UPRh0fse34L4tA==,eR7eINp46n0zFlToAOZN+Q==,pzUV0vtl0k24bbT8GWkfew==,wX3xLbR0BbREsRxVAAymgA==,k26iSwA8GPr8G8eDUBkLnA==,hGtEZD7GCfUHgoh4dB4fmg==,PUBWFxPoo7yei8UqXXRAGg==,l4PPia0mQqYmVqVUnfgKYg==,Us503GyebQ9WmujLnP81Fw==,Gzm5O0jWwybpD8ZDkdu9fA==,AIWBm8JY2UBa7PN+m0QRUw==,mBEK8Xi95FDnj/4NTaOO2Q==,CrEaKEaSkT83Kmeyl+qaTw==,UhIIQr51OtYfoMt7r7PEuQ==,TXuN77gJYvn41g2VgK34GA==,4tWz8yt53h1FrNH62W+7Dw==,PZER4tMXG/SII2n0kMCHtA==,sFBMPhAV/Frf+cFC7XwziQ==,ZqOxwsGB/5K4v5RedItvtw==,K5I+q77GR1l2PT+vvRHyJw==,jSrOtxTtFRGEEB0mDawP8w==,dcLteR1RoHzXtfAFANKWsg==,/bdVzcovKduA2b9fcf/SNw==,GgJK3HidPFAH4L8ratXU8w==,CzKOnRQce+a5NqOFR5ZAVg==,Z7+ow5RXOBDm7y8rlrrbDA==,iiWBo/SjE77zUSm/n8jQzQ==,VwB2gKnYx3TnPD0McSzLLg==,Ig/KdJrNn/Q5zpLl6cNvkg==,VLKhXXpq/XyPhlBP8O5fvw==,QN60Abn/6OHfLxzFukgLEg==,6w1C6uAFgqzXCebCfjR+7Q==,mm8qJdQ/9zK43zhCoNNaSQ==,A7KNYS990E8dDk4dvp+a8Q==,fC/0pNuvEz7HaiiBa5eP2Q==,AXDll7wYh42TsK8Kz6+iJw==,G2jmF+yFSgBRBI6wk3rNrA==,PXPpixrTvSV196VlE9iaDA==,Txbz73RJtbTijBVqvMBuFQ==,96o0ghX11Wb55MqGD0dCCQ==,EjUTGe08GEox24cwh6Jvew==,pu89O+NuO/805aWsLlvnnQ==,9W1EjfeOhRImHUv7yzl4xw==,2BS99RqUbWpgNgdHdzLapA==,jPb4AntRcgjgF0VIcmgZ5g==,fLdxjx9ZF2u+LmW5nr2IRg==,fqJMjvkRp5ytckvlMOuA6g==,0oLPiuVRf8Zf03mMRoYyDQ==,KuvGlNXydf8f212iqe50Fw==,XIMAtlUBKxkw8uCnuBv2qQ==,nTC9AD9TM5cxZqrXjGRaTQ==,AouOd01tnZ1GK7dIj8oSAA==,PGKUrC5znJzr2Aap4V4X9A==,FIftrPCcMpa58OaexsHVyA==,Su0yV/J4/Pe/o6vWROIzMw==,I5Xuv8vxMn8H4gXWZp/7qw==,ZrK5Oygxypq2O/cQZprqSw==,ZY9cxflBMymo9SyL/X0VTQ==,7y4IbBXfk4hou/u1gjsKsA==,llu/TRjSBfeCxrhAnFdzpA==,CyprsNskO8MDLlEcaY1Htg==,lGBrfRcSp1PNS+rITtJRFQ==,Qqh21ElAzd2XtTuuiDHtNQ==,BDjrklmY3yCzSC7CVJnSJg==,WDpNN4Lpv4lXZ1YkgJXbrw==,W3JGM9z1Hau9FS7gQfLdrA==,Nt+u3hVv/Zvgy05FoLQwjQ==,yw/0spENkrpZSlRBTIGFwg==,ojsgP9Oq/G3LhOQ43aZ4tg==,A26HQ+VWjsaTcv0zQUouxg==,JkHkYPT/Sdd9fpT6vhWKLA==,Rql5CfVkFt6g8Txh6acuxg==,KgsNYE0NyZ4Evf481Dg7jA==,mBY5YXf4Z5N2p/32SKojwg==,RLHBqDRNqQHXjiHOhAFJuA==,+f5eU3QfhtzDfiWxGTdjbA==,URnWmvppM0M79LoaX58VTA==,lH8rRkqTHJgFIDcjoilrmw==,4OZ8Gq8XGbb7UOx+kgPd4Q==,eodyUOlZnCRX5i6zs4IG9g==,yEDhv5MlsgRrzOXh4TnSZg==,lWfJWoRPbxdlZ9caAGl1xQ==,voCuwduaK1PJ05nbDGAhgQ==,gsipF/MRM4/7rwRgTcx07A==,NU2KL2i8l3XtPJNj2sfjYg==,FeKFrukRrVp7MUDnzDbklw==,kUswT5LTJ0ybVL53ecWgPA==,zS5ofymDqXnxPz6yiVXtyQ==,4gVgBiLKlRHgzBLGyOQ0HQ==,/ADe6cof9uFsaBuxz9bTaw==,DLETHwO2tvlLaje7xJsbRA==,w12MkGugkiadsJReTS2R0Q==,/HBOaxPE+ya/XkEfddqE8g==,7HhaYFlkWxODqEvkkN8Oag==,apVRViK7ZkvWEPrWsJSqsQ==,Hg1dequz3l74BpojbTQjyg==,t/fGyvXfWUkC9gQQqRGBlw==,7TNBbFMMguXT+qerdoK3eg==,3CzUxDMdE1jZIUlZDgYYuA==,/vxjl5p6K2pmqzcVDY/G7w==,qJ/AdhbThMR9bDRac3khdw==,bZm3/Xit1CJbV5G873xhaw==,6Awy7LkJvleWjgBtgh3z9A==,KeG7XqGK8bNqPwAC3ucypw==,GRbVSsrRybL5+1bS+xXZ3g==,PmAZ0FFC66rBNU32OoI22g==,uRnl7JRE3xfe077dG6vhKw==,YaI96HWtMvur2bVhGpvmzQ==,nXwJmct4zrTtT37khh3a7w==,FvENAbnXFA3ncxFPr4Cmbg==,77lbXl9jEqVeop2n6DyWEA==,LGxgjbmzbJxZFmgPELAVsA==,BjL2v2cTuY9JiVZScDISKQ==,b496amnyqil2QSQW7LhPeg==,+dLt61CT96eChNRGx5V8vw==,bPZU+RAhtrwILZ8qdqYleA==,QmpViMURDNAdWvF+R62yIw==,CEqzvDT3qnzP+DZT9Sq6/A==,yaRlYB4XUk3acQpwoXCTng==,1av/6UEq8HzF/WNDWiWmLw==,4K0xMNjLwU5gSsg6BHJn8Q==,gm9KLa6Ff416qQXA9czs9A==,+odyCQNsoZQFkWpgv+pPbQ==,SbPX7ej4KcBMoNvAjayxrA==,dBt/urhooy9gw2RM4NsABg==,4xDje9kjwUZId9RtmuxBOw==,g9sUvkZS7Cs27WB4lkh9Zg==,E8tfQNN6Iqor8KVI7KM43A==,JVZJ0h0SY188tbI25sw7UQ==,mJ58flRzau9J0HIcnIoHYg==,snbds7nidDV+mOL26IJx+Q==,hYhK5cCq9s8nUO/TCoBcXQ==,QbPhQmi8jQ70UradN9UidA==,JypI6xAgYWLFVdxdKUgAGQ==,zB6+82agQOYIrKf6GWhqqA==,x8pH5WEE7qjjpxVq1PEe+w==,7jWp9DK59vN7kxlig2NY3Q==,qIauOpG1XTrHEzFpY0g2Uw==,vFgnQ81z0bG7PmfRot/Zcg==,PE2vn6FTws8OB2wjwJlsTw==,X+D8V/mjqW4EjbpiODWd+w==,0L7bSvGBp/Q5vFGe5PQtaA==,cp9f0bzpTahhfyGNpAKzyA==,Rft0Z5Vnih3tM/rvPFjpxw==,1OkeVoxh7WDc16UjOa+lIw==,hTHYqeRwPPjXPhuVyI2YaQ==,fYkxyHUs66FDUNSvjZqq4Q==,GIPH+FHwG6FuMvDzV9L1aw==,RlEcndORETS3JQBNZuBb4A==,ahhNhJ5Qkseye1G2IGVnnQ==,2aZlIH3BFLNa5QxURVjV5w==


    Android.{46b117b….60}


    Mhz1Qpy5jqK1rwGQJPWzqQ==


    Android.{46b117b….wr}


    com.estrongs.android.pop
     
    5318008 likes this.
  16. loonycgb2

    loonycgb2 Android Enthusiast

    Both methods recently posted.. disable dm-verity and signing boot image with certain keys..

    First zte ALWAYS requires oem keys so do not sign a boot with your own keys or upload an unsigned boot.

    Second to disable dm-verity is not possible at this current moment as you cannot pull or push a new boot image.

    IF someone could manage to pull the boot img so we may get to the ramdisk then YES we could disable dm-verity using dirtyc0w.

    But in the end both require flashing a new boot.
     
    Ethorbit and 5318008 like this.
  17. SapphireEx

    SapphireEx Guest

    I thought you pulled the boot a bit ago?
     
  18. loonycgb2

    loonycgb2 Android Enthusiast

    Never got it to work
     
    Blaxx likes this.
  19. biledigger

    biledigger Well-Known Member

    Sorry guys. I am new at this part. Where is the boot.img located on our devices? I have been very lucky with extracting and modifying pre-existing system files on all my devices in the past. I will try whatever comes to mind to try and extract it.
     
  20. Jon Greenwood

    Jon Greenwood Newbie

    I'm sorry guys, you guys are really close to where I was when I stumbled on the blood diamond. Re-read some of what has been posted, the SUID is there, think outside the box. DMVERITY is where you need to look.
     
  21. Jon Greenwood

    Jon Greenwood Newbie

    Much appreciated for the skepticism, nothing to prove here, I got what I came for and in the process lost the faith in humanity to continue with this device. Re-read what I said carefully, and perhaps you'll figure it out.
     
  22. Jon Greenwood

    Jon Greenwood Newbie

    For the millionth time, carriers have NOTHING to do with loading software. MPCS phones ship directly from ZTE. Notice the box color (purple) of different handsets is different? Yeah well it's because they ship direct. THE OEM LOADS MPCS SOFTWARE!
     
  23. Phoenix7331

    Phoenix7331 Lurker

    I haven't read everything and I'm no expert but why isn't simply flashing recovery in fastboot with TWRP and using TWRP to root not working?

    My phone has the OEM unlock option in developer options so the bootloader is unlocked, right?
     
  24. <font color ='#9e9e9e'>Phoenix7331 </font>
    <font color ='#9e9e9e'>I haven't read everything and I'm no expert but why isn't simply flashing recovery in fastboot with TWRP and using TWRP to root not working? </font>

    <font color ='#9e9e9e'>My phone has the OEM unlock option in developer options so the bootloader is unlocked, right? </font>



    No! read all 97 pages then ask questions
     
    #2449 brandonlee199966, Jun 9, 2017
    Last edited: Jun 9, 2017
    Blaxx, drudrumauro, Ethorbit and 3 others like this.
  25. Ownster

    Ownster Lurker

    Like you had faith in humanity to begin with lol
     
    Phoenix7331 likes this.

ZTE Zmax Pro

ZTE Zmax Pro
Loading...

Share This Page

Loading...