• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root ZTE ZMAX Pro (Z981) root discussion

Status
Not open for further replies.
I am able to get a TON of information by using an app from google play called "Checky" It give the sha1 hashes of files and a ton of info that I hadn't been able to find without it maybe this will help. Also Sha can be cracked by using a password cracker like john the ripper. Just my 2 cents. Although im sure there is more to this. I still think our best option is to do a man in the middle attack while updating a device that is getting the update from the server perhaps
 
This program "checkey" gives hash info on captive portal login, certificate installer and many many more system files. It gives sha1, sha256, and md5. would this be able to be used to unencrypt these important areas or cert files we need? I can run john the ripper or many other tools to try and crack this if it helps.
 
there is a service or cert here that it gives sha and md5 hashes on called "com.zte.zdm" and com.zte.zdmdaemon" that look very interesting or even the system update file "com.update.zde" or "com.android.shell", "sample.authenticator.service", "secprotect" etc.etc...


This program gives:

Key type
created
subject
issuer
sha1
sha256

signing certificate options, generate pin, and the best part it gives you the option to upload these files to virustotal to get very very detailed info on these files. The virustotal info gives a ton of info like the "strings" in the files and everything
 
EliiphasLevi7414 said:
I am able to get a TON of information by using an app from google play called "Checky" It give the sha1 hashes of files and a ton of info that I hadn't been able to find without it maybe this will help. Also Sha can be cracked by using a password cracker like john the ripper. Just my 2 cents. Although im sure there is more to this. I still think our best option is to do a man in the middle attack while updating a device that is getting the update from the server perhaps
Click to expand...
I think our best bet is to create our own signature and make our own version of update.up
I like the work your working toward but Cracking hashes isn't something that can be done overnight. It can be don in as little a a second or as long as forever. It all depends on the complexity of the password ZTE devs used. I think its will be something along the lines of ZTEDEV or something similar maybe with leet.

But don't let this discourage you. By all means keep up the hard work.
 
LeGiT_dIaMoNd said:
I think our best bet is to create our own signature and make our own version of update.up
I like the work your working toward but Cracking hashes isn't something that can be done overnight. It can be don in as little a a second or as long as forever. It all depends on the complexity of the password ZTE devs used. I think its will be something along the lines of ZTEDEV or something similar maybe with leet.

But don't let this discourage you. By all means keep up the hard work.
Click to expand...

yeah unless someone has a server farm I can borrow its going to take years to crack the encryption.
 
Somebody please find a way to root this phone. And idk what the issue is with the bootloader cuz mine has an unlock option in the settings??
 
Who can we trust to test,handle,possess for periods of time etc. And if some of us pitch in for a "donor" device or even if someone offers an extra/spare.
 
I found something interesting in the play store. There is an app called apk analyzer that lets you extract apks from system. It saves them to internal storage. Also, all the device info apps I've downloaded have the bootloader listed as unknown. Anybody know what that might mean?
Screenshot_20161208-182520.png
Screenshot_20161208-182212.png
 
What about CVE vulnerability scan?
Quad root scanner app from play store. Maybe we can fashion a root app of our own
 
LeGiT_dIaMoNd said:
I think our best bet is to create our own signature and make our own version of update.up
I like the work your working toward but Cracking hashes isn't something that can be done overnight. It can be don in as little a a second or as long as forever. It all depends on the complexity of the password ZTE devs used. I think its will be something along the lines of ZTEDEV or something similar maybe with leet.

But don't let this discourage you. By all means keep up the hard work.
Click to expand...

Correct me if I'm wrong, but decryption isn't exactly the problem here. If you are trying to modify the file for an OTA update you need to be able to sign. You would need access to the ZTE signing key. They sign it, then the phones have the public side of the key that will verify that the package was signed by the company and move on to sha each file maybe? All ZTE phones will know how to verify the signing key. To do what you want with modifying the OTA to allow root you would have to break that chain of authentication where the phone will install anything. Kinda like how you can install whatever you want from a custom recovery because it doesn't check such things.
 
enesha said:
Correct me if I'm wrong, but decryption isn't exactly the problem here. If you are trying to modify the file for an OTA update you need to be able to sign. You would need access to the ZTE signing key. They sign it, then the phones have the public side of the key that will verify that the package was signed by the company and move on to sha each file maybe? All ZTE phones will know how to verify the signing key. To do what you want with modifying the OTA to allow root you would have to break that chain of authentication where the phone will install anything. Kinda like how you can install whatever you want from a custom recovery because it doesn't check such things.
Click to expand...
Very true. I think we need to get in touch with metro devs how would I do that?
 
LeGiT_dIaMoNd said:
Very true. I think we need to get in touch with metro devs how would I do that?
Click to expand...
I was thinking that. ZTE signs ota before metro does their thing, correct? In the beginning when we question the missing fastboot, ZTE said metro is the last person to handle updates. So I'm thinking maybe we need tmo/ metro signing keys or there are ways around it.
 
Christogq said:
Well guys I have to gracefully bow out on my offer. I'm switching over to the Samsung J7. I never realized just how much I needed root until I didn't have it. Good luck to you all.
Click to expand...
What did you need? AdAway? Or hotspot? Cuz if it's hotspot we already developed a few non root bypasses, and if it's AdAway/AdBlocker you can run them in internal proxy mode. Outside of a few things like YouTube background play, audio cast through bubble and the like I can't find a need exactly for root. But I just use this phone as mobile internet and do everything on my rooted tablet.
 
lambo352 said:
I was thinking that. ZTE signs ota before metro does their thing, correct? In the beginning when we question the missing fastboot, ZTE said metro is the last person to handle updates. So I'm thinking maybe we need tmo/ metro signing keys or there are ways around it.
Click to expand...
It's probably a back and forth thing, that or metro request changes and ZTE implements them, I've worked in software development in a limited fashion and that how it goes generally, ZTE wouldn't let them go Willy nilly on their os and metro needs there apps on it,so ZTE almost certainly does final checks and the signing
 
lambo352 said:
I was thinking that. ZTE signs ota before metro does their thing, correct? In the beginning when we question the missing fastboot, ZTE said metro is the last person to handle updates. So I'm thinking maybe we need tmo/ metro signing keys or there are ways around it.
Click to expand...
@scary alien posted a few pages back on a guy named @Bigcountry907 that found a way to sign ota in stock recovery maybe he could help
 
Status
Not open for further replies.
Back
Top Bottom