Root ZTE Zmax Pro Official Root Discussion

[asianrocker]

Just want to share. I had a dream about someone using an obsidian program to root the phone. It is an exe file and she named her program obsidian. So when I woke up I google obsidian and just so weird then google zte obsidian and found they root it using one click root app. So yeah my dream is obsolete. Coz I won't put 1 click root app on my phone.

You can delete this post just have to vent coz my dream was really vivid. At least in my dream our phone was rooted. LOOOOOL.

 

[lambo352]

We need someone on XDA who's not a prickly mod some .Exe or mod scripts. We keep dancing around the subject.. Messi just proved a point like the jcase bs.. if the pros on XDA would simply mod some files for us we would have root already.. I still think if not mod the axon tool we can still mod the g4 tool that roots via ADB & download mode.. we can pull the system image from any OTA using the YouTube vid I posted on the last thread.. our 3rd option would be to research .mbn files, sounds interesting.. fourth option which we know takes forever, will be making a tool from scratch.. I think engineer mode should be enabled before we flash anything.. I think that's one way to use it. Sounds like something a dev would enable before they mess with a failed customer device.. just some thoughts

 

[lambo352]

Just want to share. I had a dream about someone using an obsidian program to root the phone. It is an exe file and she named her program obsidian. So when I woke up I google obsidian and just so weird then google zte obsidian and found they root it using one click root app. So yeah my dream is obsolete. Coz I won't put 1 click root app on my phone.

You can delete this post just have to vent coz my dream was really vivid. At least in my dream our phone was rooted. LOOOOOL.

Dreams are usually someone trying to tell us something.. even if it has an ice cream truck and some Care bears.. take the dream apart to make sense of it and see if there's something worth research there. Maybe someone was suggesting modding the obsidian root apk..

 

[messi2050]

@lambo352 it's not because of the people working on it, look to the s6 active / samsung note 5 and other verizon / at&t locked bootloader devices they were released 2 years ago and still no root guess why [locked bootloader] in our case it's not only locked but fastboot was removed too , no available tools to deal with it or to recover the phone in case of break so in short it's near impossible to do it...

 

[jesellopez]

Am waiting for my taxes.. one time comes february 15.. i will order Mi Max 6.4 screen size octa-core unlockeable bootloader and masive of roms to choose... its only 160$ on aliexpress or Amazon...

 

[lambo352]

@lambo352 it's not because of the people working on it, look to the s6 active / samsung note 5 and other verizon / at&t locked bootloader devices they were released 2 years ago and still no root guess why [locked bootloader] in our case it's not only locked but fastboot was removed too , no available tools to deal with it or to recover the phone in case of break so in short it's near impossible to do it...

Let's go over what we do know. Something might be getting overlooked. I read that the axon 7 initially used an unofficial fastboot that an XDA member im assuming ported cause its unheard-of making a fastboot from scratch. Then ZTE released their own which now they suddenly don't support. Then LG jumped on the wagon. So the axon 7 has 2 fastboot files floating around. From what I can tell the unofficial fastboot might be promising. Someone already said the partitions we the same on b12 or b08.. then came the one day b14 beta which only our contenders got. Supposedly b14 came with partition changes.. hhmmm maybe they change the partitions to stop us from using the axon7 fastboot.. Maybe we can still use it on b08 and b12.. we just need to make sure it goes to the right partition..

 

[messi2050]

Let's go over what we do know. Something might be getting overlooked. I read that the axon 7 initially used an unofficial fastboot that an XDA member im assuming ported cause its unheard-of making a fastboot from scratch. Then ZTE released their own which now they suddenly don't support. Then LG jumped on the wagon. So the axon 7 has 2 fastboot files floating around. From what I can tell the unofficial fastboot might be promising. Someone already said the partitions we the same on b12 or b08.. then came the one day b14 beta which only our contenders got. Supposedly b14 came with partition changes.. hhmmm maybe they change the partitions to stop us from using the axon7 fastboot.. Maybe we can still use it on b08 and b12.. we just need to make sure it goes to the right partition..

i don't think that's true unless that one was having zte signing key to sign his ported fastboot and flash it using stock recovery.

 

[MatreyuC]

i don't think that's true unless that one was having zte signing key to sign his ported fastboot and flash it using stock recovery.

How would we be able to find out if he used a signing key, and what it is if he did? He obviously had some way to flash to the phone.

 

[asianrocker]

We need someone on XDA who's not a prickly mod some .Exe or mod scripts. We keep dancing around the subject.. Messi just proved a point like the jcase bs.. if the pros on XDA would simply mod some files for us we would have root already.. I still think if not mod the axon tool we can still mod the g4 tool that roots via ADB & download mode.. we can pull the system image from any OTA using the YouTube vid I posted on the last thread.. our 3rd option would be to research .mbn files, sounds interesting.. fourth option which we know takes forever, will be making a tool from scratch.. I think engineer mode should be enabled before we flash anything.. I think that's one way to use it. Sounds like something a dev would enable before they mess with a failed customer device.. just some thoughts

Funny you say this coz in my dream it was an XDA developer that made this obsidian program. And they made a thread like an all in one root program. And I remember in their thread they say don't port it yourself contact me to port your phone in the program and if successful will add zmaxpro in the all in one root thread.

IT was a vivid dream like I can see what that person was doing. Really weird.

 

[UnKyle]

i don't think that's true unless that one was having zte signing key to sign his ported fastboot and flash it using stock recovery.

Hey big guy. I saw somewhere in this thread someone saying something about dealing the next step in mbn management. Ive fkashed a few phones. Not an expert. But some ofnthe language in all this info this guy says alot about it. So I figured you might wanna take a gander. Heres the link.
https://forum.xda-developers.com/zte-zmax/development/zmax-pro-root-idea-t3513669

 

[asianrocker]

LOL. That was my thread. It was ignored as you can see.

 

[cyanidekid]

LOL. That was my thread. It was ignored as you can see.

I'm Timba123 on XDA and checked your page along time ago. I think it's valid

 

[Dibly]

I've been watching this thread for a while, and finally decided to google the CVE 2503. Im pretty fluent in c++ and i have used open gl while working on a project with friends. I can try gaining privilegs by making an application in open gl that'll give us privlages. If you guys are willing to back me on testing?

It seems like ill have to use java for this though considering it's Android. I know java also but i do need your help guys by telling me exactly what it is we should
do, maybe i can write it

 

[biledigger]

This is where we should really be looking. The ones patched on December 1st won't be an option for anyone running B14. The ones from December 5th aren't patched on any of our devices.

All of them won't work on our device, but some of them might. Reading the papers and figuring out if they apply to our hardware/software is the first step.

https://source.android.com/security/bulletin/2016-12-01.html

I mentioned that a couple hundred pages back for b08 with the june security patch. You guys really should read a little closer. Atleast you finally stumbled upon it at the least.

 

[Nthall]

I mentioned that a couple hundred pages back for b08 with the june security patch. You guys really should read a little closer. Atleast you finally stumbled upon it at the least.

I've been looking the whole time. I actually wrote an APK to attempt Quadrooter. I didn't get any help, and the firmware was patched before the official security patch anyway.

I also bricked a phone giving Dirty Cow a shot.

I just don't have time to read them all, and making a working exploit from a security report isn't easy alone. It's all stuff that can be picked up by doing some reading, but just shouting out a CVE number and expecting someone else to make it work doesn't help.

I've been fairly active on my own, as I haven't seen much here that doesn't take away time from my learning.

If you've got an idea toss it out, I'll help you. I'm not doing it all by myself. I don't think it's wise to post exploit code in an open forum for people to randomly try without even knowing what it's supposed to do either.

 

[Nthall]

I've been watching this thread for a while, and finally decided to google the CVE 2503. Im pretty fluent in c++ and i have used open gl while working on a project with friends. I can try gaining privilegs by making an application in open gl that'll give us privlages. If you guys are willing to back me on testing?

It seems like ill have to use java for this though considering it's Android. I know java also but i do need your help guys by telling me exactly what it is we should
do, maybe i can write it

That one has already been patched. You might be able to find a different way that I couldn't. I'm not the best at OpenGL. The security focus papers give you the basic idea.

I haven't seen any code using it anywhere else either, so I don't think it's that easy to pull off if it wasn't patched. KingRoot would have adopted it by now.

 

[Nthall]

Funny you say this coz in my dream it was an XDA developer that made this obsidian program. And they made a thread like an all in one root program. And I remember in their thread they say don't port it yourself contact me to port your phone in the program and if successful will add zmaxpro in the all in one root thread.

IT was a vivid dream like I can see what that person was doing. Really weird.

It would be nice if they actually shared what the flash or exe was doing. I don't even post on XDA. I realize exposing the source would cause it to get patched faster, but a lot more people could study it, and find other ways to pull the same trick.

Decompiling an .exe and trying to reverse engineer it is a bitch.

 

[Nthall]

i don't think that's true unless that one was having zte signing key to sign his ported fastboot and flash it using stock recovery.

I've been reading through they source for the mini pre and post fastboot. There's a lot of it, and I don't have time to figure out exactly what they did. It's all on GitHub. The source for CM, and Lineage are there too. The key to how they lock them is probably there somewhere.

 

[Nthall]

Let's go over what we do know. Something might be getting overlooked. I read that the axon 7 initially used an unofficial fastboot that an XDA member im assuming ported cause its unheard-of making a fastboot from scratch. Then ZTE released their own which now they suddenly don't support. Then LG jumped on the wagon. So the axon 7 has 2 fastboot files floating around. From what I can tell the unofficial fastboot might be promising. Someone already said the partitions we the same on b12 or b08.. then came the one day b14 beta which only our contenders got. Supposedly b14 came with partition changes.. hhmmm maybe they change the partitions to stop us from using the axon7 fastboot.. Maybe we can still use it on b08 and b12.. we just need to make sure it goes to the right partition..

I think it is just a weird fastboot command that unlocks the bootloader from what I read. I don't think it was ever non-existent, just hidden until you fired the right command at it. The Axon has download mode too.

fastboot -i 0x19d2 oem unlock

 

[Nthall]

I have a pro with cracked glass that im willing to brick for the community... just make it count.

Let me know guys.

Take it apart and send me some high res pictures of the boards.

What can we do with it? Like I've said, I'm open to trying stuff as long as the chance to brick is not huge, and as long as you give detailed instructions.

*edit* Oh, and I'm on b08 if that matters.

 

[Nthall]

What can we do with it? Like I've said, I'm open to trying stuff as long as the chance to brick is not huge, and as long as you give detailed instructions.

*edit* Oh, and I'm on b08 if that matters.

I don't even think we have edl mode.

 

[Nthall]

How do we exploit the potential CVE? Is it compile decompile script etc

If we can find someone that has already written code for it, we could potentially modify it. I think we're probably on our own from my searches.

 

[cyanidekid]

I don't even think we have edl mode.

Using QPST you add some driver and it kicks phone to edl mode

 

[Nthall]

Using QPST you add some driver and it kicks phone to edl mode

Has anyone done it?

 

[messi2050]

Just got the Alcatel fierce 4 bye bye zmax pro. I'll still try to root zmax pro though

this one is not rooted yet too xD