• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root ZTE Zmax Pro Official Root Discussion

Status
Not open for further replies.
SapphireEx said:
I didn't create the exploit. I just use it. I'm sure someone will figure out how to prevent the panics though.
Click to expand...

I open the adb shell for this phone. The i went to enter commands thats are the names of the files in system/bin and they all did something and gave me a bunch of info in adb shell. Idk if guys already knew that. But i thought i would share
 

Attachments

  • Screenshot_20170612-212155.png
    Screenshot_20170612-212155.png
    130 KB · Views: 247
brandonlee199966 said:
I know you guys said this command (reboot disemmcwp) don't work.....

But i threw that command in device shell then it rebooted my zmax pro?
Did it work or do something to my phone since it rebooted right when i entered the command?
Click to expand...
Those commands require an emode level activation so it can activate via ftm mode.

Those emode activations are hidden somewhere tho.
 
<font color ='#9e9e9e'>loonycgb2 </font>
<font color ='#9e9e9e'>Those commands require an emode level activation so it can activate via ftm mode. </font>

<font color ='#9e9e9e'>Those emode activations are hidden somewhere tho. </font>




Have you tried all the codes
. In /system/bin?
 
brandonlee199966 said:
<font color ='#9e9e9e'>loonycgb2 </font>
<font color ='#9e9e9e'>Those commands require an emode level activation so it can activate via ftm mode. </font>

<font color ='#9e9e9e'>Those emode activations are hidden somewhere tho. </font>




Have you tried all the codes
. In /system/bin?
Click to expand...
Anything in the bin folder are all busybox commands and system bin files.

Nothing in the bin or xbin will help until we have a working temp root since any higher elevated commands get a denied access.
 
loonycgb2 said:
Anything in the bin folder are all busybox commands and system bin files.
Nothing in the bin or xbin will help until we have a working temp root since any higher elevated commands get a denied access.
Click to expand...


Oh okay my bad just trying to help. Hope we can get another person to straighten the script out.
 
brandonlee199966 said:
Oh okay my bad just trying to help. Hope we can get another person to straighten the script out.
Click to expand...
No need to apologize, so long as you dont try to push that your idea is a breakthrough lol..

I have no issue giving you a better answer, if anybody has more ideas then bring em out and we can see if it can work.
 
drudrumauro said:
a few months back I was so desperate to try to root my zmax pro that I tried to root by using a method i had used a long long time ago with an alcatel one touch fierce 2 and the method was by keeping the phone busy in the background with antutu benchmark while trying to use King root to root at the same time and after trying about 8 to 10 times king root had said root was successful but I found out it really wasn't successful and on the root checker app it had said i had no root access but ever since then I can not update via ota and it has been stuck on build number b08 and it always stops around 45 percent and shows a message saying there has been a mismatch with the package and says there is an error in the cache partition and counts down and reboots and when it comes back on it says update failed and says either from problem with update package or it has detected my phone is rooted and I had bought a second zmax pro and it updated perfectly all updates including the recent b20 build, I wish there was something I could flash that could wipe out the cache partition and the root detection sort of like how some previous lg phones have had the option to flash a root detection reset and it allows the phone to update ota packages normally afterwards, I love the pro and it would be one heck of a phone with a rom like broken on it or a new custom one similar to it to free up the space from deleting the metro bloatware and over clock the shit out of it smh its too bad there are so many obstacles that stand in the way of mass zmax pro user euphoria
Click to expand...

Consider yourself lucky that you were not able to update your fierce 2. That's EXACTLY how I rooted it. And exactly how I brick it. When I ota update.

Actually I also did have that message that it can't update coz it detected it was rooted. Coz I feel like a tech genius. I honestly don't know what I did that I was able to update the fierce 2, I REALY hope I didn't coz it's a paper weight now.
 
Hey all! So hear me out... I recently dug my way out of a horrible battle with the Dark Matter, Der Starke 2.0 exploit on every single device own. The exploit replaced my firmware for every device, essentially rooting/jailbreaking all of them. I'll be posting screen shots of the new patched firmware and all the system info I can grab. Whoever is on the other end has been able to make changes to the entire system and even boot me into a virtual machine. My ZMAX PRO is now a permanent spy device used to surveil me, HOWEVER, it could be reverse engineered. ✌
 
cmizell928 said:
Hey all! So hear me out... I recently dug my way out of a horrible battle with the Dark Matter, Der Starke 2.0 exploit on every single device own. The exploit replaced my firmware for every device, essentially rooting/jailbreaking all of them. I'll be posting screen shots of the new patched firmware and all the system info I can grab. Whoever is on the other end has been able to make changes to the entire system and even boot me into a virtual machine. My ZMAX PRO is now a permanent spy device used to surveil me, HOWEVER, it could be reverse engineered. ✌
Click to expand...
Is there any documentation for this exploit? I can't find any online.
 
GarnetSunset said:
Is there any documentation for this exploit? I can't find any online.
Click to expand...


AMAZING update. I purposely infected an Android and captured logs long enough to get the server the hacker was hosting the virtual clone of my phone from. Took me directly to his github repository. I've downloaded everything. It appears he was able to use open source code for yoga tab 3 YT3 X50F on my ZMAX PRO. I'm a little uncomfortable with posting the names of all the other sources as I'm going to be reporting him to FBI cyber crimes. I can tell you everything is dockerized and he's using Linux lib coding commonly used for jailbreaks such as libimobiledevice. My knowledge of coding in Linux isn't the greatest but if there's anyone who is very gifted in code and programming I'd love to chat. GarnetSunset, you should be able to find a good amount of info on the exploit by searching DarkMatter, EFI exploit, DerStarke, Vault 7 CIA, DarkSeasSkies. Theyre all basically AMT/MDM/DEP exploits. It allows 100% control over any device, any platform within minutes. I also have some detailed documentation about the deep and thorough firmware patching. Also lookup CHIPSEC. A tool Intel released to help detect and mitigate the vulnerability to the exploit. Could be helpful. ✌
 
cmizell928 said:
AMAZING update. I purposely infected an Android and captured logs long enough to get the server the hacker was hosting the virtual clone of my phone from. Took me directly to his github repository. I've downloaded everything. It appears he was able to use open source code for yoga tab 3 YT3 X50F on my ZMAX PRO. I'm a little uncomfortable with posting the names of all the other sources as I'm going to be reporting him to FBI cyber crimes. I can tell you everything is dockerized and he's using Linux lib coding commonly used for jailbreaks such as libimobiledevice. My knowledge of coding in Linux isn't the greatest but if there's anyone who is very gifted in code and programming I'd love to chat. GarnetSunset, you should be able to find a good amount of info on the exploit by searching DarkMatter, EFI exploit, DerStarke, Vault 7 CIA, DarkSeasSkies. Theyre all basically AMT/MDM/DEP exploits. It allows 100% control over any device, any platform within minutes. I also have some detailed documentation about the deep and thorough firmware patching. Also lookup CHIPSEC. A tool Intel released to help detect and mitigate the vulnerability to the exploit. Could be helpful. ✌
Click to expand...
na
 
cmizell928 said:
AMAZING update. I purposely infected an Android and captured logs long enough to get the server the hacker was hosting the virtual clone of my phone from. Took me directly to his github repository. I've downloaded everything. It appears he was able to use open source code for yoga tab 3 YT3 X50F on my ZMAX PRO. I'm a little uncomfortable with posting the names of all the other sources as I'm going to be reporting him to FBI cyber crimes. I can tell you everything is dockerized and he's using Linux lib coding commonly used for jailbreaks such as libimobiledevice. My knowledge of coding in Linux isn't the greatest but if there's anyone who is very gifted in code and programming I'd love to chat. GarnetSunset, you should be able to find a good amount of info on the exploit by searching DarkMatter, EFI exploit, DerStarke, Vault 7 CIA, DarkSeasSkies. Theyre all basically AMT/MDM/DEP exploits. It allows 100% control over any device, any platform within minutes. I also have some detailed documentation about the deep and thorough firmware patching. Also lookup CHIPSEC. A tool Intel released to help detect and mitigate the vulnerability to the exploit. Could be helpful. &amp;#9996;
Click to expand...
I DO NOT BELIEVE YOU
 
cmizell928 said:
AMAZING update. I purposely infected an Android and captured logs long enough to get the server the hacker was hosting the virtual clone of my phone from. Took me directly to his github repository. I've downloaded everything. It appears he was able to use open source code for yoga tab 3 YT3 X50F on my ZMAX PRO. I'm a little uncomfortable with posting the names of all the other sources as I'm going to be reporting him to FBI cyber crimes. I can tell you everything is dockerized and he's using Linux lib coding commonly used for jailbreaks such as libimobiledevice. My knowledge of coding in Linux isn't the greatest but if there's anyone who is very gifted in code and programming I'd love to chat. GarnetSunset, you should be able to find a good amount of info on the exploit by searching DarkMatter, EFI exploit, DerStarke, Vault 7 CIA, DarkSeasSkies. Theyre all basically AMT/MDM/DEP exploits. It allows 100% control over any device, any platform within minutes. I also have some detailed documentation about the deep and thorough firmware patching. Also lookup CHIPSEC. A tool Intel released to help detect and mitigate the vulnerability to the exploit. Could be helpful. ✌
Click to expand...


proof... where is the proof...
 
excuse me but can we not go off topic there are people out here actually working trying to get this shit going and you guys bicker like children just because you dont know what the **** your doing so you find a place on the forum. Now back on topic, I got a failed bootloader update using fastboot oem unlock has anyone tried pulling the keys using oem get unlock data?


edit*HOPEFULLY ONE DAY people will stop lieing making huge stories up on the internet to get fame. when all it does is make people avoid you. Noody likes a liar.
 
cmizell928 said:
AMAZING update. I purposely infected an Android and captured logs long enough to get the server the hacker was hosting the virtual clone of my phone from. Took me directly to his github repository. I've downloaded everything. It appears he was able to use open source code for yoga tab 3 YT3 X50F on my ZMAX PRO. I'm a little uncomfortable with posting the names of all the other sources as I'm going to be reporting him to FBI cyber crimes. I can tell you everything is dockerized and he's using Linux lib coding commonly used for jailbreaks such as libimobiledevice. My knowledge of coding in Linux isn't the greatest but if there's anyone who is very gifted in code and programming I'd love to chat. GarnetSunset, you should be able to find a good amount of info on the exploit by searching DarkMatter, EFI exploit, DerStarke, Vault 7 CIA, DarkSeasSkies. Theyre all basically AMT/MDM/DEP exploits. It allows 100% control over any device, any platform within minutes. I also have some detailed documentation about the deep and thorough firmware patching. Also lookup CHIPSEC. A tool Intel released to help detect and mitigate the vulnerability to the exploit. Could be helpful. ✌
Click to expand...
Post evidence.
I appreciate you have these "exploits" but if you have no proof of any of these being in use then...

[MOD EDIT: Removed gif containing profanity]
 
Last edited by a moderator:
sudoTOOR said:
excuse me but can we not go off topic there are people out here actually working trying to get this shit going and you guys bicker like children just because you dont know what the **** your doing so you find a place on the forum. Now back on topic, I got a failed bootloader update using fastboot oem unlock has anyone tried pulling the keys using oem get unlock data?
Click to expand...
YOU MAD LMAO don't take your anger out on us. The profanity. And telling us we don't know anything. Is not needed here regardless. If were on topic or not and its definitely. Not the way to get someone. To help you
 
Greysworld007 said:
YOU MAD LMAO don't take your anger out on us. The profanity. And telling us we don't know anything. Is not needed here regardless. If were on topic or not and its definitely. Not the way to get someone. To help you
Click to expand...

WOW that was really on topic man , on that note anyone tried this i found this from Motorola Official site https://motorola-global-portal.custhelp.com/app/standalone/bootloader/unlock-your-device-b

https://motorola-global-portal.custhelp.com/app/standalone/bootloader/recovery-images
 
Last edited:
brandonlee199966 said:
i pretty sure this would brick our zmax if we tried this.
Click to expand...
oh sorry famski when i called metro pcs they said inquire the information from the developers of the ZTE i asked what that would be not assuming ZTE was a brand . and they told me Motorola. sorry for the cross communication , still researching for z981 though
 
If you're still looking for beta testers, I have a spare ZTE ZMAX PRO that wouldn't bother me if it got bricked ..
 
loonycgb2 said:
In just about every Android phone the OTA is downloaded to the cache partition. Which you can usually READ aka see the file.

But certain phones like zte download the OTA to cache, but cannot copy the file because the partition is restricted.

So you have to use logcat to find the URL being used to download the OTA and download the file on a computer.
Click to expand...
What would be cool if we could hijack the OTA update link, and make it ours (like jdownloader and IDM do) before the actual ZTE update is downloaded.

But regardless, we would still need to sign whatever we try to update so, that's not gonna come easy. And it would just make more sense to flash whatever it is, by recovery.

Just trying to put something new out.

EDIT:

GarnetSunset said:
[MOD EDIT: Removed gif containing profanity]
Click to expand...

lmao what, no gif with profanity? bruh
 
Last edited:
GarnetSunset said:
Post evidence.

I appreciate you have these 'exploits' but if you have no proof of any of these being in use then...
[MOD EDIT: Removed gif containing profanity]
Click to expand...

Ah yes... The 'exploits'. I can sense your sarcasm through the phone. Sure, anyone wanna take a screen shot of results from the My Device apk so I can see what the hell the specs are supposed to look like?
 
Status
Not open for further replies.
Back
Top Bottom