-
After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.
Root ZTE Zmax Pro Official Root Discussion
- Thread starter anubis2048
- Start date
-
- Tags
- root zte zmax pro
- Status
Greysworld007
Well-Known Member
Holy shit!
Dont expect a full blown root just yet, i have only had 2 days to play with this and still need to unpack bootloader to find where the actual permission is for main boot... Recovery position is at default.
Jimmy Dixx
Well-Known Member
Ha as soon as I came here and saw that picture, ZTE attempted to push me an update. Not happening. B08 until I have root.
Jimmy Dixx
Well-Known Member
D
And how exactly did you modify it to make the exploit work?
Modified what memory and kernel bits it attacks.
Have to modify it a bit for the main boot img as they have put more protection on aboot.
Jimmy Dixx
Well-Known Member
Ah ok. Seems like you are in the zone right now You have gotten further in the past couple days than anybody else has in about 9 months.
Jimmy Dixx
Well-Known Member
So with what you have now, you have root access until you reboot the phone, or how exactly does it work?
Currently its able to set selinux to permissive on the kernel in the recovery allowing full root shell via recovery, but since stock recovery doesnt allow adb access its useless at the moment. But does show he exploit bypassed zte's boot protection without bootloop.
But now i need to find the exact same for the main kernel to be able to get root suid to set selinux.
With current runs dirtyc0w has been able to modify a random bit on the main kernel meaning its possible to execute the exploit and get results via the main kernel.
Once i play with it a bit i will be able to get permissive on the main kernel allowing me to run dedicate run-as executable with root privilege, which will allow me to use DD command to flash twrp which in turn we can remove storage encryption and gain root.
MadDeveloper
Member
Oh snap, so we're so close to getting full root huh?
MadDeveloper
Member
D
Deleted User
Guest
There's an app that is called system ui tuner and dpi changer, by Zachary Wander on the play store system ui tuner partially works without root but does anyone know if dpi changer does without the bootloop?
MadDeveloper
Member
I wouldn't try it
D
Deleted User
Guest
I've used systemui tuner and it's cleaned my status bar but I'm too scared to try dpi changer
Jimmy Dixx
Well-Known Member
Search the disemmcwp command and dpi. I was able to do something using that command when this phone first came out to change my dpi and make it stick. I remember having a lot of trouble witb getting it to stick at first. Dont remember if it was here or another forum.
GarnetSunset
Member
Godspeed. DD is terrifying to me, so you have quite the co-hones to do this.
Jimmy Dixx
Well-Known Member
DD isnt that terrifying, so long as you know exacltly what and where to do it. I think my first encounter with it was when I updated my old Palm Pre to webOS 2.0 (it was never officially released for the original Pre).
GarnetSunset
Member
Oh yeah I understand that, it's just picking knowing that if one digit is out of place you overwrite whatever sector with garbage is terrifying to me personally haha, I had to do it for the 3DS tho. Fun stuff.
GarnetSunset
Member
I just realized you ran dirtycow on windows. You beautiful bastard, did you run it via ADB shell?
Jimmy Dixx
Well-Known Member
Very true.
dont be silly you can only root this phone using linux lmao
Attachments
- Status