A security researcher details their successful attack chain on a Qualcomm QCM2150-based POS terminal with disabled Secure Boot. By creatively repurposing the SBL1 as an EDL loader and patching critical boot stages, they achieved full BootROM-level code execution and persistent root access—all without physical modifications.