The hardware

The first thing I noticed was the testpoints behind the batteries, easily accessible even when the device itself was fully assembled. I did manage to find out that a single line was spat out in serial on these testpoints, but that was it, so I proceeded opening up the device.

The hardware in there is fairly impressive: there's an ARM9 at 266MHz, some flash, 64MB of RAM (which is quite impressive for an embedded system) and quite some testpoints.

After a bit of fiddling around, I found out that my first guess actually was correct: the serial port was indeed on the testpoints that were behind the batteries. It just didn't work because another pin had to be pulled low for it all to work:

When the pin marked 'tin' is pulled low, a complete Linux bootlog can be seen, ending in a login prompt. I didn't had the password, but the bootloader was accessible too and by changing a few kernel commandline options I could bypass the login prompt and change the root password. The phone was mine!

« Prev 2 Next »

© 2006-2016 Sprite_tm - Contact