• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root ZTE Zmax Pro Official Root Discussion

Status
Not open for further replies.
GrifterGrifts said:
I already know something that works on b14 as well as a couple other members I'm 99% sure messi is aware of what I'm talking about but it's temporary
Click to expand...
Can you elaborate please or p.m. me.
I saw where temp root would show and a small script of file had to be flashed right away so it would stick long enough to ........etc
 
GrifterGrifts said:
I already know something that works on b14 as well as a couple other members I'm 99% sure messi is aware of what I'm talking about but it's temporary
Click to expand...
Why bother posting if you're not going to tell anyone? It's not like ZTE can update instantly and force us all to update. Please elaborate on what it is you are talking about. We would all appreciate it.

And @Flare106 That vendor ID did not work either.
 
anubis2048 said:
Why bother posting if you're not going to tell anyone? It's not like ZTE can update instantly and force us all to update. Please elaborate on what it is you are talking about. We would all appreciate it.

And @Flare106 That vendor ID did not work either.
Click to expand...

Not mine to talk about unfortunately as well you are wrong zte can hotfix this phone and fix bugs without applying an ota it was proven when overnight they fixed well over 100 cves

Edit over 100 stagefreight cves which to my knowledge were never meant for root thus they never came up
 
Quadrooter was patched on this phone before the B12 update that had the official Google security patch went out. I tried that months ago.
 
How can we find out if any 2017 cve like in this screen shot will work
 

Attachments

  • Screenshot_20170124-233416.png
    Screenshot_20170124-233416.png
    200 KB · Views: 150
In android 5.0.x you could boot stock recovery and mount system(not all stock can) adb pull build.prop then edit it then push it back. Would that be valid here for us period??? Change selinux prop?
 
I've talked to Dev multiple on Google Plus and XDA. A few XDA experienced persons have the Pro. So........Just trying to be Hype Man lol. Please can we have an update? The behind the scenes guy like Messi etc that are actively aggressive knowledge are working on****edit**** also been requesting different web sites to add support etc ROM zip OTA tar all that good stuff. I've tested various ROM download to see if it looked official etc
 
Last edited:
I think Messi is back to doing his exams. However, I'm awaiting a response on a friend who was in my c++ coding classes, to see if maybe he can help me put together a script to get in the backdoor of CVE 2016-2053, just to humor myself and see what happens. But, I'm on b12, so I don't expect much.
 
Rashawn229 said:
I've been searching up Jcase's work he's done in the near past and I found this>> http://bbqand0days.com/Pork-Explosion-Unleashed/
it explains a vulnerability using FTM mode and we have FTM on our device. I don't know if it has ever been tried before but far as the B08 build users it maybe something useful. Idk about B12-14 users tho
Click to expand...

**EDIT**
It seems that the ASM is just a map of the Robin's Fastboot code. He doesn't list any source code on his page. But the rest of what I said is pretty accurate. I don't know ARM Assembly, and even if I did, I do not know how to exploit this vulnerability.

We need to find a way to re-enable the Fastboot commands, and then we would have a better chance to exploit this flaw. Having the source code would help too.

If we could find a point of entry in the bootloader, it would be possible to exploit this device.
 
cyanidekid said:
In android 5.0.x you could boot stock recovery and mount system(not all stock can) adb pull build.prop then edit it then push it back. Would that be valid here for us period??? Change selinux prop?
Click to expand...
WHY DONT YOU GIVE
anubis2048 said:
**EDIT**
It seems that the ASM is just a map of the Robin's Fastboot code. He doesn't list any source code on his page. But the rest of what I said is pretty accurate. I don't know ARM Assembly, and even if I did, I do not know how to exploit this vulnerability.

We need to find a way to re-enable the Fastboot commands, and then we would have a better chance to exploit this flaw. Having the source code would help too.

If we could find a point of entry in the bootloader, it would be possible to exploit this device.
Click to expand...

Unfortunately, without root first and or ZTE unlocking our bootloader ( not going to happen), I don't think it's possible. I've hard-bricked two devices this week pursuing fastboot. The only way to enable fastboot is by flashing fastboot.img to fbob plus aboot. I'm out of ideas getting fastboot working. Got any let me know,
 
After 3 months of owning the phone you call MetroPCS and they can unlock the phone, I think that unlocks the bootloader? . Just tell them you have no plans to change providers but if you go out of country you would like to be able to use the phone. I tried to ask them on the phone if unlocking the bootloader resets phone I believe they said no
 
ShmoleKing said:
After 3 months of owning the phone you call MetroPCS and they can unlock the phone, I think that unlocks the bootloader? . Just tell them you have no plans to change providers but if you go out of country you would like to be able to use the phone. I tried to ask them on the phone if unlocking the bootloader resets phone I believe they said no
Click to expand...
That just SIM unlocks the phone to be used with any carrier
 
Powduh said:
I think Messi is back to doing his exams. However, I'm awaiting a response on a friend who was in my c++ coding classes, to see if maybe he can help me put together a script to get in the backdoor of CVE 2016-2053, just to humor myself and see what happens. But, I'm on b12, so I don't expect much.
Click to expand...
It's not going to work. It didn't work before B12. Making the APK to do it isn't that hard though. I wouldn't release it publicly as it's essentially a virus, and may work on other phones.
 
A vulnerability in Marshmallow is probably the best bet. As far as I know there aren't any right now that would let you escalate privileges. Even if there were we would still have the issue of not being able to flash an unsigned ROM. You could potentially install SU manually giving you root privileges.
 
Nthall said:
It's not going to work. It didn't work before B12. Making the APK to do it isn't that hard though. I wouldn't release it publicly as it's essentially a virus, and may work on other phones.
Click to expand...
Since you seem so knowledgeable on this, I'm going to assume you've already tried? Otherwise, you wouldn't seem so hopeless...
 
Powduh said:
Since you seem so knowledgeable on this, I'm going to assume you've already tried? Otherwise, you wouldn't seem so hopeless...
Click to expand...
Yeah. I gave it a shot. The driver exploits were already patched on this phone before the official Google patch was installed.
 
Nthall said:
Yeah. I gave it a shot. The driver exploits were already patched on this phone before the official Google patch was installed.
Click to expand...
Fair enough. However, I disagree with your statement saying marshmallow has no vulnerabilities. Other marshmallow devices can be rooted, however it may be that those device use other exploits?
 
Status
Not open for further replies.
Back
Top Bottom