Root ZTE Zmax Pro Official Root Discussion

[Ethorbit]

iancc86Dammit!!! Well... You're on b08, and I'm on b14. It seems the earlier builds are vulnerable to the cves. That means b08 can be exploited.

Now how do we go about that

We leave it to the experts who will read this soon. For now all I can do is research the listed exploits and share. It's a start at least.

 

[iancc86]

Just don't update to b14 if you want root. It's all been patched.

 

[Ethorbit]

Just don't update to b14 if you want root. It's all been patched.

Doesn't Android force updates? Anyway to completely block updates?

 

[iancc86]

Doesn't Android force updates? Anyway to completely block updates?

You have the option, otherwise the b08 guy would be on b14 with me.

 

[PattyBear9210]

Just don't update to b14 if you want root. It's all been patched.

Wasn't planning on it

 

[iancc86]

Wasn't planning on it

You have a real way to get root. Provided you can exploit with the cves

 

[Ethorbit]

EthorbitDoesn't Android force updates? Anyway to completely block updates?

You have the option, otherwise the b08 guy would be on b14 with me.

Yeah but at a point when restarting or something it will say Android is updating as if I have no choice.

 

[PattyBear9210]

You have a real way to get root. Provided you can exploit with the cves

Hopefully it is possible

 

[Ethorbit]

Why do I feel like we've made more progress in one night than most of this thread combined?

 

[Jimmy Dixx]

Actually, the Quadroot exploits have been around for quite some time. I just don't have the know-how to make any use of them. edit: Apparently my autocorrect thinks I want to type a racial slur when I type Quadroot.

 

[PattyBear9210]

How do I go about disabling my

 

[PattyBear9210]

SELinux

 

[loonycgb2]

Selinux disabling requires root, but as far as the cves there are some exploits that can be used that were created of quadrooter exploits.

Only issue is now the pro cannot be systemless rooted because of its bootloader.

So we will have to send a older su file to temp then copy to xbin, at that point we will have root and upload a recovery.

Since I don't have the device I can't try anything so I'll leave that info available for now

 

[PattyBear9210]

Selinux disabling requires root, but as far as the cves there are some exploits that can be used that were created of quadrooter exploits.

Only issue is now the pro cannot be systemless rooted because of its bootloader.

So we will have to send a older su file to temp then copy to xbin, at that point we will have root and upload a recovery.

Since I don't have the device I can't try anything so I'll leave that info available for now

Do we have links to the exploits?

 

[Ethorbit]

loonycgb2Selinux disabling requires root, but as far as the cves there are some exploits that can be used that were created of quadrooter exploits.Only issue is now the pro cannot be systemless rooted because of its bootloader.So we will have to send a older su file to temp then copy to xbin, at that point we will have root and upload a recovery.Since I don't have the device I can't try anything so I'll leave that info available for now

Do we have links to the exploits?

If you're on a zte z981 phone get the zonealarm quadroot scanner and it will give you the links.

 

[Billyckansbar]

Kernel source for zmax pro, maybe?

 

[1nf1n1t33]

CVE-2017-0475 Elevation of privilege vulnerability in recovery verifier
An elevation of privilege vulnerability in the recovery verifier could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device.
Release Date: 2017-03-07
Affected Systems:
Google Android 7.1.1
Google Android 7.0
Google Android 6.0.1
Google Android 6.0
Google Android 5.1.1
Google Android 5.0.2
Google Android 4.4.4

 

[SapphireEx]

As getting root on B08 will give us a pathway to rooting B14, my spare 981 can be used. If anyone has any tools, scripts, etc, I'll try any CVE out on it. I don't care about bricks either.

 

[SapphireEx]

http://android.stackexchange.com/qu...er-are-900-million-android-devices-vulnerable

That guy explained how each vulnerability is executed.

 

[Billyckansbar]

Some info about those cve exploits

 

[PattyBear9210]

As getting root on B08 will give us a pathway to rooting B14, my spare 981 can be used. If anyone has any tools, scripts, etc, I'll try any CVE out on it. I don't care about bricks either.

Mine is vulnerable to
cve-2016-2504
Cve-2016-2059
Looking at the dirty cow an ened up with a root.sh but don't have a PC running Linux

 

[iancc86]

Mine is vulnerable to
cve-2016-2504
Cve-2016-2059
Looking at the dirty cow an ened up with a root.sh but don't have a PC running Linux

You don't need Linux. Windows with adb works just fine.

 

[PattyBear9210]

You don't need Linux. Windows with adb works just fine.

OK thank you I will try that when I can get time to use the pc

 

[SapphireEx]

You don't need Linux. Windows with adb works just fine.

/data/local/tmp seems to be the only area you can chmod if you're going the adb route. Let us know how it goes.

 

[Ethorbit]

The links to the exploits available to the B08 build from Checkpoint Quadroot Scanner.
Sorry I didn't include these earlier.

They're informational.

https://www.codeaurora.org/use-afte...tions-kgsl-module-cve-2016-2504-cve-2016-2503

https://www.codeaurora.org/projects...r-binding-any-port-control-port-cve-2016-2059

cve-2016-2059 seems easier, correct me if I'm wrong I hardly know what it would take to do one of these exploits.