elliwigy
Lurker
Hello All,
I am creating this thread in hopes of getting more eyes on rooting the v20 devices with locked BLs.
This includes ATT, VZW and Sprint devices.
We currently have aHangouts going and have been at it for weeks. However, our knowledge is limited and we've hit a wall.
We can use dirtycow and now we have a working root shell and access to /init and /sepolicy.
We also have a dump of a debug firmware from a US996 (NA Unlocked NOT USC) that we can utilize.
If you or any experienced devs that know how to work init or sepolicy and reload without a crash or know how to reverse engineer a bootchain and find vulnerabilities then please chime in here.
There is a bounty available on XDA as well if you can make it work for us certainly youd be entitled to some if not all of the bounty.
Thanks Again
I am creating this thread in hopes of getting more eyes on rooting the v20 devices with locked BLs.
This includes ATT, VZW and Sprint devices.
We currently have aHangouts going and have been at it for weeks. However, our knowledge is limited and we've hit a wall.
We can use dirtycow and now we have a working root shell and access to /init and /sepolicy.
We also have a dump of a debug firmware from a US996 (NA Unlocked NOT USC) that we can utilize.
If you or any experienced devs that know how to work init or sepolicy and reload without a crash or know how to reverse engineer a bootchain and find vulnerabilities then please chime in here.
There is a bounty available on XDA as well if you can make it work for us certainly youd be entitled to some if not all of the bounty.
Thanks Again