wowzers looking at this looks like i just stepped in to kick the proverbial hornets nest, LOL. Question, Has anyone tried anythings using qualcomm's proprietary tools such as Qfil and QXDM? and does anyone have a quick link to grab the firmware for the device? those would be my starting point. MSM = Qualcom a lot of times I've been able to "Modify" certain manufacture's recovery tools to flash individual partitions and such, is there a tool for recovering zte devices? Oh and EVERY single thing I ever read at GSM forums was full of Krap, Every program they claim over there costs WAY too much and I don't believe the Hype about stupid chineese "dongle" softwares... It's all designed to take advantage of a desperate situation. That being said. I will require the firmware for the device. I will start by de-compileing that to see the guts of it. as for software fuses, mostly thats a bootloader thing, if you try to change the boot structure it'll trip the E or Q fuses. but, the problem with marshmallow up is DM varity, which is only easily bypassed by unlocked bootloader...I I read something about dirtycow? it looked like @SapphireEX said something about His/Her dcow and recowvery script... which would be actually created by or from the work of James Christopher Adduono link to that at github is here https://github.com/jcadduono/android_external_dirtycow precompiled works from that are hosted over at OffensiveSEC "Kali/Nethunter" link to that is here https://build.nethunter.com/android-tools/dirtycow/ I have used some of that on other devices with various amounts of success. but yeah, from here I want a look at the firmware, and i want to extract the /boot from it and get a look at fstab see what our flags mounts and varity flags are set to. then the next step will be to find something / anything to exploit, to run unsigned code in context of system server... if we get that far, we golden.