Root ZTE Zmax Pro Official Root Discussion

[messi2050]

this looks promising although i give dc a try before
https://forum.xda-developers.com/android/software-hacking/root-tool-dirtycow-apk-adb-t3525120

 

[biledigger]

That one has already been patched. You might be able to find a different way that I couldn't. I'm not the best at OpenGL. The security focus papers give you the basic idea.

I haven't seen any code using it anywhere else either, so I don't think it's that easy to pull off if it wasn't patched. KingRoot would have adopted it by now.

I would love to help you compile multiple tools to test rooting attempts with. But i do not know anything at all about coding. I just look around through existing system files. Open them up and extract contents and attempt to read them. I also just modify my existing installations. Ill toss out anymore ideas if i come along them. Im also the one that pointed out the .mbn core but no one really noticed at the time.

 

[Nthall]

this looks promising although i give dc a try before
https://forum.xda-developers.com/android/software-hacking/root-tool-dirtycow-apk-adb-t3525120

I tried it too. I'm pretty sure it was able to push supersu, but the phone was wrecked afterwards. I had no way to tell. It did something.

I'll try his adb script when I get home. It shouldn't hurt anything unless you tell it to. It might kick back some information we don't have.

 

[lambo352]

Don't forget to flash in engineer mode guys.. might make the difference..

 

[lambo352]

this looks promising although i give dc a try before
https://forum.xda-developers.com/android/software-hacking/root-tool-dirtycow-apk-adb-t3525120

Awesome! They stated a mm version in the works after the current version.. you guys making great progress on all ideas..

 

[cyanidekid]

That one has already been patched. You might be able to find a different way that I couldn't. I'm not the best at OpenGL. The security focus papers give you the basic idea.

I haven't seen any code using it anywhere else either, so I don't think it's that easy to pull off if it wasn't patched. KingRoot would have adopted it by now.

Kingroot lists ZTE ZMAX PRO in que . Basically adopted

 

[anubis2048]

Look at it this way, if we use the CVE's in B8 we can pull the recovery and other partitions and find out if there is a special fastboot command to enable fastboot completely and we can finally fully root the device - you guys shouldn't have updated tbh unless you had to. I'm on b8 and it runs just fine.

The special fastboot command is in there somewhere, all we need is to root one device, just one and it would pretty much fully unlock the device for us.

 

[anubis2048]

btw I am back now. Since Cricket doesn't know how to block tethering on non-cricket devices my Zmax Pro works with it and that's all I NEED. I'm staying on B8 so if anybody has any scripts or rooting apps I should try that haven't already been tried then go ahead and tell me.

 

[Gunz]

https://github.com/hyln9/VIKIROOT/

Try this... This is for 64-bit Android 6.0.1 Marshmallow, as well as an universal & stable temporal root tool. It does not require a SUID executable or any filesystem changes. The exploit is a SELinux bypass. This means that the payload will run in init domain even if SELinux is in enforcing mode.
Worth a try...

 

[jdoggthemaster4089]

That still requires a patch boot image for the "selinux policy unconfirmed"

 

[anubis2048]

Our device isn't even listed as vulnerable to the CVE mentioned on the page. I doubt it would work.

 

[anubis2048]

I was nosing around the root directory when I found a file called "verity key". I copied it to my SDcard and looked up what it was and apparently since Android 6.0, there is a "feature" called verity which can detect any modifications to the system partitions when the phone boots or when the partitions are accessed. Some phones still boot and give you a warning and some refuse to boot all-together.

I really hope KingRoot finds a way to disable verity. I know little about it but I already know enough not to like it.

TL;DR
Any non-temporal root could easily brick the phone.

 

[messi2050]

I was nosing around the root directory when I found a file called "verity key". I copied it to my SDcard and looked up what it was and apparently since Android 6.0, there is a "feature" called verity which can detect any modifications to the system partitions when the phone boots or when the partitions are accessed. Some phones still boot and give you a warning and some refuse to boot all-together.

I really hope KingRoot finds a way to disable verity. I know little about it but I already know enough not to like it.

TL;DR
Any non-temporal root could easily brick the phone.

Dm verify is easy to disable either by flashing the dmverify disable zip or by flashing a disabled dmverify boot.img

 

[Charles367]

I'm still leaning on a factory USB, or a hotwire. There is always a back door. This is android not ios

 

[anubis2048]

I'm still leaning on a factory USB, or a hotwire. There is always a back door. This is android not ios

It would be better to try to force our way in through Android because we have knowledge about Android and the security it uses. We know nothing about the bootloader, and even if we did we wouldn't have any tools to fix it if we bomb it.

 

[lambo352]

Dm verify is easy to disable either by flashing the dmverify disable zip or by flashing a disabled dmverify boot.img

Do we need custom recovery to flash? Is that what checks the OTA for the keys?

 

[messi2050]

Do we need custom recovery to flash? Is that what checks the OTA for the keys?

there are apps like flashify..etc that can do the role of custom recoveries.

 

[anubis2048]

Do we need custom recovery to flash? Is that what checks the OTA for the keys?

With root access we can use Flashify to flash images without a recovery.

 

[anubis2048]

Sorry for saying the same thing as Messi, I didn't see his message... They need to fix the mobile version of this website.

 

[TheObsidanTNT]

I'm sure this can work on our zmax but the programmer script needs to be modified. Unfortunately it's developer is not very active on xda but i left him a reply in his thread anyway. ..

Have you been able to have any sort of communication in the past week with the developer? Thanks.

 

[messi2050]

Have you been able to have any sort of communication in the past week with the developer? Thanks.

Yes he refused to help

 

[Rashawn229]

I think I have a way to overload the heck out of this phone like they did the original ZMax. I was using Google photos and I was downloading over 30+ videos at once and this phone was suuuuperr laggy. I hope somehow we can do something similar to this device as the original ZMax like it's posted here>>> https://forum.xda-developers.com/zte-zmax/development/root-how-to-root-zte-zmax-t3107409

 

[anubis2048]

I think I have a way to overload the heck out of this phone like they did the original ZMax. I was using Google photos and I was downloading over 30+ videos at once and this phone was suuuuperr laggy. I hope somehow we can do something similar to this device as the original ZMax

That exploit wouldn't work on this phone, and even if it did it is patched anyway.

 

[czarsup3rstar]

I am trying to get root access also. So far I was only able to ADB pull system which gave me everything but trying commands to pull boot image isn't working at all. I will try to see if I can push SuperSU to the phone and I will let you know how that goes.

 

[cyanidekid]

Could there be special commands? Something we might be overlooking