Even the cheapest burner smartphones nowadays are expected to have a multi-core processor, at least a gigabyte of RAM, and a Linux-based operating system. However, such specifications are definitely superfluous for an old-school POTS desktop phone. That’s exactly what we thought. Then [Josh Max] wrote to Hackaday.com to tell about his CaptionCall hacking experiences, and we’re excited to see what the community can achieve with root access on such a powerful Linux phone.
The CaptionCall is a desk phone with an LCD above the keypad that displays real-time captions, as the name implies. Anyone with a hearing loss in the United States can acquire one of these phones for free from the government, therefore they sell for dirt cheap on the secondhand market. At the very least, they did. Then [Josh] had to crack the root password for the ARMv7 i.MX6-powered phone, poke around within its 4 GB of onboard NAND, and get it running DOOM.
If you’re interested in the technical intricacies, [Josh] has done an excellent job of walking us through his approach step by step. It’s a scenario that will be familiar to everyone who has worked with embedded Linux devices, and it begins, predictably, with finding a serial port header on the PCB.
He took the long road and dumped the phone’s firmware 80 characters at a time using U-“memory Boot’s display” command, finding the environment variables to be rather tightly locked down. The root credentials were quickly obtained by running the recovered firmware image through binwalk and a password cracker, and the serial port became much more usable as a result.
[Josh] uninstalled the phone’s original UI, created an ARM Debian Jessie chroot, and began building a fully functional Linux environment. He was ready to fire up everyone’s favourite 1993 shooter, with audio, video, and even keypad support secured. He’s generously shared his work on GitHub, and while it’s not a turn-key solution, it’s got everything you need to totally bend the hardware to your will.
Running DOOM on a new piece of hardware has often been a sign of larger and better things to come. We believe that, with unrestricted access to its Linux operating system, the CaptionCall will become a popular hacking target in the future, and we can’t wait to see it.