• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root ZTE Zmax Pro Official Root Discussion

Status
Not open for further replies.
jesellopez said:
Omg. I allready test my zte zmax pro on donwload mode and it work like a charm.
Just put on CMD on windows

adb reboot edl

And it turn off and power one and the screen stay black.. but the pc recognized as fastboot mode but i dont want to flash anything until someone test it.. xD
Click to expand...
Nice find! Thanks
 
Last edited:
I will check this out.. let u know in a minutes...
But anyway thats as zte download mode..secret mode.. why u guys dont give it a try and see by ur own eyes... So we can start work over there...
 
jesellopez said:
I will check this out.. let u know in a minutes...
But anyway thats as zte download mode..secret mode.. why u guys dont give it a try and see by ur own eyes... So we can start work over there...
Click to expand...

No fastboot - but you brought us one step closer to recovering the partitions.
taBF6Q9.png
 
jesellopez said:
I can flash messi recovery.img, but if the img is not good can soft brick my device :(.. who want to test for all of us ? Someone who got damage zte....
Click to expand...
the worst that can happen if you use fastboot properly is you will not have recovery, unless metro enabled system tamper protection, which is that case your device is bricked, Although its more common on T-Mobile variants.
 
Please stop with the misinformation guys, you can't get to fast boot. EDL mode lets you directly modify the system partitions. You need special software to do this. @messi2050 would you know how to deal with this? And where can you get proper drivers for this? Windows says that the drivers aren't signed properly. Anyone got a download?

*UPDATE*
I got it "working" but now it just says that my device malfunctioned. Why are there no drivers? Why is there no software? How did the developers even debug this phone?!?!

*UPDATE..again*
I got it all working now. I'm guessing EDL does not check for signatures? So we could just flash the TWRP image.. Does ADB support EDL mode or do we need to find YET another tool to do this?
 
Last edited:
anubis2048 said:
Please stop with the misinformation guys, you can't get to fast boot. EDL mode lets you directly modify the system partitions. You need special software to do this. @messi2050 would you know how to deal with this? And where can you get proper drivers for this? Windows says that the drivers aren't signed properly. Anyone got a download?

*UPDATE*
I got it "working" but now it just says that my device malfunctioned. Why are there no drivers? Why is there no software? How did the developers even debug this phone?!?!

*UPDATE..again*
I got it all working now. I'm guessing EDL does not check for signatures? So we could just flash the TWRP image.. Does ADB support EDL mode or do we need to find YET another tool to do this?
Click to expand...
Maybe try a variety of Qualcomm flashtool? No access to PC now or I'd be trying. What about trying all this in other modes ftm DFU etc. On another note I wish there was a way to remove patches. There's alot of edl info on the axon 7
 
Last edited:
TLDR - looked Loki patch doesn't seem to be working at this point

I was wondering if Loki Patch (installing custom kernel) can be applied to this phone. I remember LG Motion / LG Spirit were as difficult as this one with locked bootloader and various security features.

djrbliss (Dan Rosenberg) created a exploit called Loki which bypasses / alters boot sequence, enables you insert insecure kernel. Checking Dan Rosenberg's site and he says Loki exploit has been patched now...

https://github.com/djrbliss/loki


Will research more...
 
anubis2048 said:
Oh and I can't access ADB while in EDL mode, even though we are supposed to be able to... Anyone else working on this?
aQxXLZW.png

I have the proper drivers, as far as I can tell.
Click to expand...
Are you on b12 or b08? Thought we tried ADB reboot edl on b08 in the last thread and it just took us to download mode.. thought we covered the driver issue to..
 
Bard said:
TLDR - looked Loki patch doesn't seem to be working at this point

I was wondering if Loki Patch (installing custom kernel) can be applied to this phone. I remember LG Motion / LG Spirit were as difficult as this one with locked bootloader and various security features.

djrbliss (Dan Rosenberg) created a exploit called Loki which bypasses / alters boot sequence, enables you insert insecure kernel. Checking Dan Rosenberg's site and he says Loki exploit has been patched now...

https://github.com/djrbliss/loki


Will research more...
Click to expand...
Does anyone know Dan? Maybe he could assist us.
 
cyanidekid said:
There's an app called N'Gyens CVE parser or something that (forgive me if I spelled wrong)checks files for CVE. I think we should should Google about this issue instead of clogging up this forum. That def is to me. I'm sorry for the random at time excessive posts.
Click to expand...

I have no clue what that means but I couldn't find anything related to N'Gyens CVE Parser on the Play Store or Google.
 
MatreyuC said:
I have no clue what that means but I couldn't find anything related to N'Gyens CVE Parser on the Play Store or Google.
Click to expand...
The ZTE Zmax Pro is vulnerable to :
CVE-2016-2059
CVE-2016-2504 - Could possible be used to attain root? Similar to 5340, Except this is the GPU driver.
CVE-2016-2503
CVE-2016-5340 - Could possibly be used to attain root? Seems like it could. Is also Qualcomm specific.
 
Bard said:
TLDR - looked Loki patch doesn't seem to be working at this point

I was wondering if Loki Patch (installing custom kernel) can be applied to this phone. I remember LG Motion / LG Spirit were as difficult as this one with locked bootloader and various security features.

djrbliss (Dan Rosenberg) created a exploit called Loki which bypasses / alters boot sequence, enables you insert insecure kernel. Checking Dan Rosenberg's site and he says Loki exploit has been patched now...

https://github.com/djrbliss/loki


Will research more...
Click to expand...

The patch wouldn't work on our phone even if we had a tool to flash it... It's also signed using private keys that work on the Axon 7. Even if you managed to flash it, there is a decent chance that it would brick our phones. The bootloaders aren't exactly the same.
 
cyanidekid said:
Any way we could switch recoveries in the firmware? Rename TWRP as stock? Also lucky patcher can rebuild apps you can mod apps.... How does lucky patcher get away with modifying an app but saving file signature etc
Click to expand...
Yes... It could be a bit to complicated to explain .... I dont want anybody to damage their devices.. so im working on mine you can look how to edit update.zip or edit framework .... Thats what exactly lucky patcher does through scripts... Instead og you copy n pasting cutting Chopin data files.... Ahh n remember lucky only worksbon the data of the apps not the actual /system of the device.
 
Krlypumaa said:
Yes... It could be a bit to complicated to explain .... I dont want anybody to damage their devices.. so im working on mine you can look how to edit update.zip or edit framework .... Thats what exactly lucky patcher does through scripts... Instead og you copy n pasting cutting Chopin data files.... Ahh n remember lucky only worksbon the data of the apps not the actual /system of the device.
Click to expand...
Ah I see now. Please
anubis2048 said:
Please stop with the misinformation guys, you can't get to fast boot. EDL mode lets you directly modify the system partitions. You need special software to do this. @messi2050 would you know how to deal with this? And where can you get proper drivers for this? Windows says that the drivers aren't signed properly. Anyone got a download?

*UPDATE*
I got it "working" but now it just says that my device malfunctioned. Why are there no drivers? Why is there no software? How did the developers even debug this phone?!?!

*UPDATE..again*
I got it all working now. I'm guessing EDL does not check for signatures? So we could just flash the TWRP image.. Does ADB support EDL mode or do we need to find YET another tool to do this?
Click to expand...
Any chance some dialer codes may help us? *ZTE*openem# also someone on zteusa bootloader unlock thread posted this... I screenshot what he posted
 

Attachments

  • Screenshot_20170121-050606.png
    Screenshot_20170121-050606.png
    117.8 KB · Views: 420
  • Screenshot_20170121-051059.png
    Screenshot_20170121-051059.png
    232.3 KB · Views: 417
Last edited:
Screenshot_20170121-054642.png
Screenshot_20170121-060805.png
got 100℅ root so says KingRoot. Now to check for sure brb
EDIT******FALSE POSITIVE******* I tried KingRoot of XDA version 5.0 when that version first popped there were quite a few false positive..... Just like SRS root does to alot of phones smh
Could someone do logcat while this false positive happens? Is it even worth it? Maybe is a remount issue idk so here's a screen shot of me on XDA KingRoot team asking about these issues
 
Last edited:
Did the root checker, same as XDA attachment you posted , wonder why the video I posted didn't play in settings it's says root authority, I'll screenshot it ...
Rebooted it doesn't ask to root but shows security index ?


NewKingrootV5.0.1_C165_B377_xda_release_protected_2016_12_22_20161222120332(1).apk
 
Status
Not open for further replies.
Back
Top Bottom