Discussion in 'Android Devices' started by HDguy181, Oct 16, 2015.
By unpacking the stock image and editing the ram disk.
But how are you going to flash it back? I've tried this, without success.
not a Dev ...but just a thought....has anyone tried to change the bootloader to R/W with the linux chmod command?...I used to dabble and setup a server once...chmod 777( in terminal) was R/W everyone...I am probably in left field but just had a thought...
Progress report anyone?
Anyone looked into the dirty cow exploit?
Edit: link to article: http://arstechnica.com/security/201...ed-by-most-serious-linux-escalation-bug-ever/
file found here
I've pulled boot,recovery, and system images and used archikitchen to unpack add superuser ,debloat and zipaligned, then repacked. I just need a way to flash it. I know of at least one guy that is using dirtycow to flash images on phones with unlocked bootloaders, but......
Use kingo to get temp root, then flash with dd commands. I have done it before, but the recovery I flashed didn't boot. Also, have still not heard anything more about the patched recovery idea... I think he gave up.
Yeah, I'm temped and have tried dd'ing recovery and boot with no luck. I even tried: adb reboot fastboot edl which shut down phone but just got a black screen. Windows detected the device but failed to load the driver software. I downloaded qualcoms driver and installed it with no problems, even found the com port it the device was connected to, but as soon as I: adb reboot fastboot edl I just get a "driver installation failed window". Idk. I would compile twrp for us if I had the source and try dd'ing that, but...
Edit: Going to look at this here
Which OS are you running on PC? Win10 won't allow installation of any drivers until you unchecked a box in advanced settings or UEFI, then it resets the check box on reboot
Win 7, Now that you mentioned it I do think I seen a window pop up about an unsigned driver, but I accidentally closed it before I read it. I just reinstalled it and didn't get the message so I assumed it was OK.
Set your PC connection to "install drivers" on device when popup appears on device
I didn't give up. The complexity of stripping the Bootloader code for ZTE Bootloader is frustrating and annoyingly long. Plus, my coding skills are somewhat limited. The hexidecmial coding combined with an ASCII code lock overlay. My decompiler will only do one or the other as well as my syntax checker. So, I am having to strip each code down individually then zero out any root locking code on both versions of code. Giant pain in the butt. As soon as I complete it I will let you all know. Cheers!
EDIT: Check out this article to better understand how this device should be properly rooted in step by step explanation.
I'll try that when I get home. I was waiting for omni's repo to sync and fell asleep.
Would it be easier to build the kernel from source with the correct bootloader configs in fastboot.c?
Ahh, It's: adb reboot edl
I need to look through aboot to see if it's supported. Probably not, but why not right.
I would need to design a clean kernel copy with su permissions. The exploration of Fastboot options might be an easier way to rip a copy of the stock kernel for modification then reflash to the phone with custom recovery.
I've got the stock kernel, recovery, and system images if you need them. I also have a modified system image ready to be be zipped if we could get a custom recovery, or flash with fastboot if we could get that.
I was going to try and build a recovery for us, but I am a noob and didn't use a manifest.xml for just the branch of omni that I wanted and now have no more hotspot data....
Also I don't think I have enough space and would have to make some room.
Got it working. Just had to reboot F8 and allow windowsto use unsigned drivers, then reinstall drivers. Only problem now is after I do qcmtusvc start net service then qdcfg -n <The_Device_Name_In_Device_Manager>(forgot what it was) I just get device not found so I'm not sure I have the port configured right or if qdcfg is not configured right or if our device is just not supported. I'm not so sure about the latter since windows DOES detect it as Qualcomm USBHS diagnostics 9008 (COM3) (or somthing like that) in device manager. I need to do some more research.....
I used this OTA verifier against my modified update.zip. this is the results,
I'm thinking about trying it out, if you don't hear from me in a couple of days, well...........
So you have a temp root method and can flash custom recoveries but you need someone to compile a working twrp for your device ?
We have temp, but we're still not sure if we flash can anything. I was working towards twrp, but I am quickly running out of space on my Linux drive, plus I've never compiled a recovery.
Zte has made the source available, but I am not sure it has all the firmware for the warp6 included in it. I have emailed them and waiting for a response.
I'd be willing to donate for a compiled twrp. With Adb Insecure and temp root we can get adb as root. I was thinking of blasting boot partition and then dd'ing a custom recovery so it doesn't get overwritten upon reboot.
If it doesn't work then I will just moving on to a new device. Anyways thanks for stopping by. We could really use the help.
Apparently it does.