@Swede1952 @ety @x00001 I'm serious...

In fact such "#FWT" or "Fixed Wireless Terminal" adaptors are actually quite common, as they basically allow folks to keep their beloved phones - espechally those with hearing aid compatibility or additional functions like a wireless emergency button - and just transition from (sadly discontinued and) expensive "basic landline" to cheap pay-as-you postpaid or prepaid plans.

• In some cases they even allow people to port their landline number to some providers, so that i.e. seniors can retain their decades-old number and in return get like good reception because most FWTs come with an option to plug in an external antenna...

OFC those boxes exist in various forms, from something akin to a Router like the Fritz!Box LTE series to the more commonplace "Trashcan"-esque cylinders for #5G-#MIMO. Sadly most don't include like a batter backup but there are also "#GSM #DeskPhone|s" that are basically #StupidPhones (some absurdly expensive ones are just bulky #smartphones, #Phablets if not #Tablets) with dedicaded physical buttons and aside from being able to send/recieve #SMS and potentially offer a #WiFi hotspot as well as almost always have a prominently large antenna sticking out the back, they look like your average Desktop Phone from an office...

DOOM On a Desk Phone is Just the Tip of the Iceburg

These days we expect even the cheapest of burner smartphones to feature a multi-core processor, at least a gigabyte of RAM, and a Linux-based operating system. But obviously those sort of specs are unnecessary for an old school POTS desktop phone. Well, that's what we thought. Then [Josh Max] wrote in to tell us about his adventures in hacking the CaptionCall, and now we're eager to see what the community can do with root access on a surprisingly powerful Linux phone.

As the names implies, the CaptionCall is a desk phone with an LCD above the keypad that shows real-time captions. Anyone in the United States with hearing loss can get one of these phones for free from the government, so naturally they sell for peanuts on the second hand market. Well, at least they did. Then [Josh] had to go ahead and crack the root password for the ARMv7 i.MX6 powered phone, started poking around inside of its 4 GB of onboard NAND, and got the thing running DOOM.

Tapping into the serial port.

If you're interested in the technical details, [Josh] has done a great job taking us step by step through his process. It's a story that will be at least somewhat familiar to anyone who's played around with embedded Linux devices, and unsurprisingly, starts with locating a serial port header on the PCB.

Finding the environment variables to pretty tightly locked down, he took the slow-route and dumped the phone's firmware 80 characters at a time with U-Boot's "memory display" command. Passing the recovered firmware image through binwalk and a password cracker got him the root credentials in short order, and from there, that serial port got a whole lot more useful.

[Josh] kicked the phone's original UI to the curb, set up an ARM Debian Jessie chroot, and started working his way towards a fully functional Linux environment. With audio, video, and even keypad support secured, he was ready to boot up everyone's favorite 1993 shooter. He's been kind enough to share his work in a GitHub repository, and while it might not be a turn-key experience, all the pieces are here to fully bend the hardware to your will.

Historically, running DOOM on a new piece of hardware has been the harbinger of bigger and better things to come. With unfettered access to its Linux operating system up for grabs, we predict the CaptionCall is going to become a popular hacking target going forward, and we can't wait to see it.

#linuxhacks #softwarehacks #binwalk #deskphone #doesitrundoom #doom #embeddedlinux #serialport #uboot