Hi folks,
So, after a long wait (over 3 weeks), for about $187 of the main price and about $20 of extra different customs and delivery fees I finally got my Crosscall Core-S4 and a separately ordered X-Link (Magconn) cable for it today, on November 3 2021. In the bundle, it also has a (vacuum) wired stereo earbud headset, some replaceable buds for it, some "X-Blocker" attachable phone grip, a 5V/1A USB wall charger and a normal microUSB cable. And a branded SIM pin, of course, because the battery here is non-removable.
The device exterior is very impressive, to say the least. Well, French design is French design. It's a bit longer and wider than I expected but still very comfortable to hold and operate. Anyway, now to the main topic - its hardware and software features that matter for our research process. So...
Hadware
Chipset: MediaTek MT6731 (looks like a stripped-down MT6739 version)
RAM: 512 MB
Flash memory: 4GB, user partition has ~1.07 available OOTB (that's what Storage info and MTP file transfer utilities show)
SIM slot: hybrid (1 nano-SIM + microSD or 2 nano-SIMs, which is quite inconvenient for my purposes)
Battery capacity: 2300 mAh
Able to use X-Link/Magconn cable for data transfer/charging/ADB: yes (fully replaces usual microUSB if necessary)
Able to use X-Link/Magconn cable for low level transfer/flashing: no (for some reason, maybe a power management issue)
Software
KaiOS version: 2.5.3.2
Base Android API/ABI level: 23 (Android 6.0)
Firmware version: L1840.6.02.03.FR00
Internal product name: L740
Software tag:
kaios_sfp_2_5_3_modric_20201210_2 (pay attention to the "modric" codename, probably has a board similar to Sigma sKai or, at least, the build had that board as a test target)
Baseband firmware version (called "Vendor base version" in Settings menu):
alps-mp-m0.kaios.mp1-V1.28.1_hs6731.kaio.m_P1USB storage protocol: MTP, disabled by default
Preinstalled but removable apps (OOTB, shown without SIM cards): Astrolo, Whatsapp (shown in the left carousel only), Facebook (shown in the left carousel only)
Hackability out of the box
- Debug code (
*#*#33284#*#*) is not working (just like in sKai);
-
W2D method works but only allows to enable the debugger in the ADB + WebTools mode;
- ADB shell is opened as
shell@L740:/ $ prompt;
- SELinux is set to the
Enforcing mode;
-
ro.debuggable is set to 0,
ro.secure is set to 1;
- In non-privileged mode, installing apps with
engmode-extension permission is forbidden, all other apps are installable via WebIDE on Waterfox Classic or
gdeploy with no issues;
- for all the boot modes,
Down arrow key is replacing Vol+ and Up arrow key is replacing Vol-, remember that, and holding Power for 10+ seconds force-reboots from any boot mode if you're stuck;
- recovery can be entered with
adb reboot recovery (if ADB is enabled already) or by turning on with Down pressed, and it's quite unusable here (probably lacking another button necessary to operate it), so just force-reboot it if you got there;
- fastboot can be entered with
adb reboot bootloader (if ADB is enabled already) or by connecting the cable with Up pressed, but I couldn't get X-Link to see it, only a normal microUSB;
- the
fastboot oem unlock command actually
does unlock the bootloader (doing factory reset and setting the "orange state", just like some MTK-based Androids of the time) but prompts (on the device itself) to push Volume Up and Volume Down keys that the device doesn't have, and using normal Up or Down keys is actually reversed - you confirm with pushing Down and reject with pushing Up, and then you still don't get any privileged access, you have to do all the procedures again;
- the existing
ca.in method only works after the aforementioned bootloader unlock. Well, at least it works and allows you to see the developer menu without W2D and to see all the system processes and preferences in the WebIDE. Now you can go to the "Device Preferences", search for the
devtools.apps.forbidden-permissions preference and clear this string. Then you should be able to install apps with
engmode-extension permission, but beware that this still has SELinux on, so most Wallace Toolbox features still won't work at all...
Phew. This is definitely the most interesting KaiOS phone I've got in these 3 years (after the original 8110 4G, of course). And this is just the basic stuff. Not even on how to properly dump the boot partition (without the proprietary tooling) and how to patch it correctly to achieve ADB root + SELinux off +
debuggable on. This is still to be researched. So stay tuned, and good luck!
Regards,
Luxferre