wowzers looking at this looks like i just stepped in to kick the proverbial hornets nest, LOL.
Question,
Has anyone tried anythings using qualcomm's proprietary tools such as Qfil and QXDM?
and does anyone have a quick link to grab the firmware for the device?
those would be my starting point.
MSM = Qualcom
a lot of times I've been able to "Modify" certain manufacture's recovery tools to flash individual partitions and such,
is there a tool for recovering zte devices?
Oh and EVERY single thing I ever read at GSM forums was full of Krap,
Every program they claim over there costs WAY too much and I don't believe the Hype about stupid chineese "dongle" softwares...
It's all designed to take advantage of a desperate situation.
That being said.
I will require the firmware for the device.
I will start by de-compileing that to see the guts of it.
as for software fuses, mostly thats a bootloader thing,
if you try to change the boot structure it'll trip the E or Q fuses.
but, the problem with marshmallow up is DM varity,
which is only easily bypassed by unlocked bootloader...I
I read something about dirtycow?
it looked like @SapphireEX said something about His/Her dcow and recowvery script... which would be actually created by or from the work of
James Christopher Adduono
link to that at github is here
https://github.com/jcadduono/android_external_dirtycow
precompiled works from that are hosted over at OffensiveSEC "Kali/Nethunter"
link to that is here
https://build.nethunter.com/android-tools/dirtycow/
I have used some of that on other devices with various amounts of success.
but yeah,
from here I want a look at the firmware, and i want to extract the /boot from it and get a look at fstab
see what our flags mounts and varity flags are set to.
then the next step will be to find something / anything to exploit, to run unsigned code in context of system server...
if we get that far, we golden.
Question,
Has anyone tried anythings using qualcomm's proprietary tools such as Qfil and QXDM?
and does anyone have a quick link to grab the firmware for the device?
those would be my starting point.
MSM = Qualcom
a lot of times I've been able to "Modify" certain manufacture's recovery tools to flash individual partitions and such,
is there a tool for recovering zte devices?
Oh and EVERY single thing I ever read at GSM forums was full of Krap,
Every program they claim over there costs WAY too much and I don't believe the Hype about stupid chineese "dongle" softwares...
It's all designed to take advantage of a desperate situation.
That being said.
I will require the firmware for the device.
I will start by de-compileing that to see the guts of it.
as for software fuses, mostly thats a bootloader thing,
if you try to change the boot structure it'll trip the E or Q fuses.
but, the problem with marshmallow up is DM varity,
which is only easily bypassed by unlocked bootloader...I
I read something about dirtycow?
it looked like @SapphireEX said something about His/Her dcow and recowvery script... which would be actually created by or from the work of
James Christopher Adduono
link to that at github is here
https://github.com/jcadduono/android_external_dirtycow
precompiled works from that are hosted over at OffensiveSEC "Kali/Nethunter"
link to that is here
https://build.nethunter.com/android-tools/dirtycow/
I have used some of that on other devices with various amounts of success.
but yeah,
from here I want a look at the firmware, and i want to extract the /boot from it and get a look at fstab
see what our flags mounts and varity flags are set to.
then the next step will be to find something / anything to exploit, to run unsigned code in context of system server...
if we get that far, we golden.
Upvote
0
