So, here are the current rooting instructions.
What you will need:
- a non-US-based Nokia 8000 or 6300 4G (in my example, it's 8000 4G TA-1303);
- a working ADB installation;
- a working Docker and Git installation;
- a method to replace partitions via EDL (in my example and instructions, it's Python 3.9 and bkerler's edl.py v3.1 release
- an image of Gerda Recovery
in case you don't already have a more reliable way to read partitions from the phone (in my case, I don't).
Rooting process is divided into three stages: boot partition pulling, boot image patching and boot partition replacing. Let's review them one by one.
First, I'll remind you how to switch the phone into EDL mode:
From the turned on state if you have ADB working with *#*#debug#*#* code: adb reboot edl
From the turned off state: insert USB cable while holding * and # at the same time. The screen should blink with KaiOS logo and become black.
Now, let's go!
Stage 1: Pulling the boot partition image
Here, we exploit the fact that OS will rewrite the recovery partition on the next "normal" boot anyway. So, we temporarily write the Gerda Recovery without worrying about stock state and then pull the image via ADB console.
1. Switch the phone into EDL mode.
2. Flash the Gerda Recovery: python edl.py w recovery /path/to/recovery-8110.img --loader=/path/to/8k.mbn
3. Without doing anything else, disconnect the phone from PC and remove the battery. Then insert the battery back.
4. Turn the phone on while holding * key only. Normally, it should boot into stock recovery, but now it should boot into a white screen (that's totally normal, 8110's and 8000's display drivers are different).
5. Connect the phone back to PC and check its availability with adb devices command.
6. Pull the boot image from the phone: adb pull /dev/block/bootdevice/by-name/boot boot.img
7. Reboot the phone into normal mode with adb reboot or, if it doesn't work, just by reinserting the battery.
Now we have the boot.img pulled from the phone and recovery automatically restored to stock. Let's patch our boot!
Stage 2: Patching the boot partition image
Note: keep the original boot.img file backup somewhere safe in case you need to restore it (for instance, to re-enable stock OTA updates)!
2. Build the patcher image: docker build -t 8kbootpatcher . (note the dot in the end of the command - it's important)
3. Ensure that the boot.img file is called exactly boot.img and put into some directory (say, /path/to/image/dir).
4. Run the patching process according to the README: docker run --rm -it -v /path/to/image/dir:/image 8kbootpatcher
5. The boot.img will be patched. The original file will be copied into boot-orig.img.
Stage 3: Replacing the boot partition with the patched image
1. Switch the phone into EDL mode again.
2. Flash the image: python edl.py w boot /path/to/patched/boot.img --loader=/path/to/8k.mbn
3. Reboot the phone into the normal mode: python edl.py reset
That's it! Now, if you enter ADB, your shell will be rooted, getprop ro.secure will return 0 and getenforce will return Permissive. Just as planned.
To restore the stock boot, just repeat stage 3 with the original boot.img backup made in stage 1.
P.S. Depending on your distribution, you may want to use python3 command instead of just python in the examples above.