• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root ZTE Zmax Pro Official Root Discussion

Status
Not open for further replies.

Attachments

  • Untitled.jpg
    Untitled.jpg
    840.8 KB · Views: 163
NeoZiggy said:
B14 was the last before the Beta Program updates, I believe. B20 was the update after the beta program. B21 just came out about a month ago.

I wish I had dumped some of those... Tho I really wouldn't think they'd have been helpful other then to see what they tweaked with battery and kernel settings.

Wish we could go old school "Hackers" and find a lonely guy at a desk somewhere to give us the info. (Great movie, 9600broad modem on a desk with the IP taped under it... lol)
Click to expand...
Im willing to rip the b21 update for metro pcs. If someone one can tell me how? Im still on the b20 update and i blocked the update notification!
 
NeoZiggy said:
B14 was the last before the Beta Program updates, I believe. B20 was the update after the beta program. B21 just came out about a month ago.

I wish I had dumped some of those... Tho I really wouldn't think they'd have been helpful other then to see what they tweaked with battery and kernel settings.

Wish we could go old school "Hackers" and find a lonely guy at a desk somewhere to give us the info. (Great movie, 9600broad modem on a desk with the IP taped under it... lol)
Click to expand...
I been checking every update since b08 never got any useful information.
 
please guy dont stop trying. is it possible the to re-edit the scrips if its scrip change verification or possibly emode and adb commands and something else no one has discovery is the problem to our unsuccessful root of the zte z981. ive tried everything went thro 6 zmax pro's with no success.
 
SirMicBic said:
please guy dont stop trying. is it possible the to re-edit the scrips if its scrip change verification or possibly emode and adb commands and something else no one has discovery is the problem to our unsuccessful root of the zte z981. ive tried everything went thro 6 zmax pro's with no success.
Click to expand...
Join our discord. A lot of the discussion is ongoing there.
 
Y314K said:
I thought MetroPCS Z981's had gone from B08 to B14. That is what mine has been bugging me to update too.
Click to expand...
When I purchased my phone I think it was on BO8 I'm on B20 it kept trying to force me to update I disabled the app and cleared the storage , I have no experience with newer versions of Android since I stopped messing around with it after ICS , I feel our approach is wrong there have to be some apps that can access system level by default they just have to be reversed engineered it would be nice to mount the phone as R/W on Linux but I don't know how as far as the proper terminal commands go
 
The same methods used on older IOS jailbreaks might work , browser based vulnerabilities may not be the best move but if we were able to modify an app that can be installed to system with certain permissions with an embedded program similar to a DLL windows file exploit it might work , or instead of flashing a custom bootloader why not add some more options to the inbuilt if thats possible with the dumps that have been curated these past months , another idea if we can find someone over at XDA to write a virus that takes over the phone but instead of stealing user information it dumps the phone or , compile a fake virus scanner that can retrieve information or dump to system , but I feel an embedded app approach could work - I'm just a tinkerer not a developer
 
So where are we actually at here. If someone has the got backup. Which is the first 17408 bytes of the Emmc I can accomplish some stuff with it.

I also heard someone say keys.
Is this both the public half and private half of the key. For example. Pk8 and. X509. If you have the private half of the key I have a bash script for signing zip files. After signing the zip you can flash anything using the stock recovery and updater script.

GPT and Keys please.

I'll send you back a big mack and you'll be singing that I'm loving it song.

Please just don't dress like ronald
 
Bigcountry907 said:
So where are we actually at here. If someone has the got backup. Which is the first 17408 bytes of the Emmc I can accomplish some stuff with it.

<br>

<br> I also heard someone say keys.

<br> Is this both the public half and private half of the key. For example. Pk8 and. X509. If you have the private half of the key I have a bash script for signing zip files. After signing the zip you can flash anything using the stock recovery and updater script.

<br>

<br> GPT and Keys please.

<br>

<br> I'll send you back a big mack and you'll be singing that I'm loving it song.

<br>

<br> Please just don't dress like ronald
Click to expand...
Check it PM BC.
 
timgreene93 said:
The same methods used on older IOS jailbreaks might work , browser based vulnerabilities may not be the best move but if we were able to modify an app that can be installed to system with certain permissions with an embedded program similar to a DLL windows file exploit it might work , or instead of flashing a custom bootloader why not add some more options to the inbuilt if thats possible with the dumps that have been curated these past months , another idea if we can find someone over at XDA to write a virus that takes over the phone but instead of stealing user information it dumps the phone or , compile a fake virus scanner that can retrieve information or dump to system , but I feel an embedded app approach could work - I'm just a tinkerer not a developer
Click to expand...
So you're saying use privilege escalation?
Why have we never thought of that before /s

Freal tho that's the basis for every root exploit ever, use what's already there to escalate from user privs to system privs.
 
Kristiann Guthrie said:
Pretty much doing anything on any device requires you to elevate privileges. It's when those privileges are locked pretty much the Only way is getting a system app with low level privileges to call a script and run it with those fore-mentioned low level privs.

<br>

<br> For example the flashlight app in the old Evo 3Ds for some freaking reason had system privileges and that was their way in.
Click to expand...
Apparently a lot of our media decoders also have kernel level RWX
 
Kristiann Guthrie said:
Pretty much doing anything on any device requires you to elevate privileges. It's when those privileges are locked pretty much the Only way is getting a system app with low level privileges to call a script and run it with those fore-mentioned low level privs.

For example the flashlight app in the old Evo 3Ds for some freaking reason had system privileges and that was their way in.
Click to expand...
SapphireEx said:
Apparently a lot of our media decoders also have kernel level RWX
Click to expand...
Yush.
 
Btw guys I might be late with replies. I had to move to GA due to the hurricane. Now everything is flooded so we cannot return... At least not right now
 
Jumping in here .....


I'm not quite an expert in mobile devices or Android programming, but I'm pretty good with English, and I think it's possible we've all missed something on this topic.

In "Settings > Developer Options" (once you've activated Developer Options by tapping), there's an option to unlock the bootloader for OEM processes:


allow2.jpg



When you activate the slider, you first get a warning:


warnng.jpg



Okay, this option is likely merely part of the OS, and it's functionality is likely stymied by whatever ZTE blockages have given rise to all the angry and lengthy threads on this topic, but ....

BUT: Android does say "Device protection features won't work on this device . . ." If that's not true, and device protections DO still work on this device, isn't that something Google/Android would want to know?
 

Attachments

  • allow.jpg
    allow.jpg
    26.9 KB · Views: 232
  • warning.jpg
    warning.jpg
    31 KB · Views: 264
@CaseyRockStar, those Settings -> Developer menu options work in conjunction with the dm-verity and other device integrity checks and I'm pretty sure aren't in play unless the bootloader is actually unlocked (which you guys cannot (yet) do for this device).

For the Nexus/Pixel line of devices (for example, that have those same Settings), you do indeed have to enable/allow bootloader unlocking before you (or try to) unlock the bootloader from fastboot.

If/when you have unlocked the bootloader (like I have on my Nexus 6P) you'll get warnings when you reboot that the device integrity cannot be checked--i.e., because the bootloader has been unlocked and is therefore "open" to modification (i.e., untrusted).

BTW, I keep my bootloader unlocked (on my devices) for recovery purposes...not necessarily to have root installed anymore.
 
Status
Not open for further replies.
Back
Top Bottom