How do you know your bootloader is locked? The absence of a bootloader interaction? This would be the first MetroPCS device with a locked bootloader. From my knowledge of ZTE they don't typically ship a bootloader you can interact with. But the fact that it allows a root shell you all could flash the twrp and see. As far as I know you won't be bricked the bootloader only cares about the partition booting so if recovery signature didn't match it would reboot and the boot would still proceed to system and you could of course reflash the stock recovery.img again.
You also need to have an unlocked bootloader in order to be able to install twrp or even to just have root, so if you truly believe the bootloader is locked down then why are you here? As I've said many many times the people at ZTE don't know jack shit about whether the bootloader is locked or not. I know this first hand because they falsely told me that the bootloader was locked on the first zmax when I contacted them in the past.
These people are parroting misinformation spread by the customer service idiots at ZTE who don't even know what a locked bootloader is. I swear if I see one more person assume the bootloader is locked just because someone at ZTE says so I'm going to lose it.
here u go
Just like the Axon 7 init.qcom.ftm.rc is not used we can override this file with dirtcow and set the device permissive I'm testing this now I had to recompile the exploit to work for my device. I'll let you all know if it works. I'm unrooted as well for testing.
yea i can see that we need to edit this line https://github.com/jcadduono/android_external_dirtycow/blob/android-6.0/recowvery-applypatch.c#L46
lol which one is the used init
I ended up using init.fingerprint.goodix_fp.rc because the file is shorter. The thing about that is you all have to have the goodix fp sensor. Can you cat init.fingerprint.goodix_fp.rc and getprop ro.build.fingerprint_hw to ensure we have the same sensor.
i got permission denied for the first cmd and goodix_fp for the second cmd
Doesn't work on the Axon 7 I spent hours and it will not let the init set it permissive.
The same on the zmax pro , i tried with init.qcom.rc and it didn't work on reboot it's still enforcing...
You haven't encountered the issue where writing the fill puts the wrong data inside? I finally caught why my image didn't boot the beginning of the file is wrote incorrectly and so is the last bytes
There really isn't any way of knowing that for sure. It took several months for the first zmax to get root.
We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.
