CAT B35 Hacking Notes

[Ozesno]

Hi everybody,

after a successful activation of ADB followed by all sort of tweaks and installations on my CAT B35, I decided to put some notes up in here so that other people with similar intentions can also succeed in breaking this phone.

First of all, I wanna post the material I used to better understand what I had to do.

First of all, Bananahacker's website post on how to activate ADB via EDL:

https://sites.google.com/view/bananahackers/development/edl

https://web.archive.org/web/20210911232017/https://sites.google.com/view/bananahackers/development/edl (Wayback link in case its down in the future)

Second and most important, Augustin Reille's blog post follow up of Bananahackers post:

http://areille.com/blog/hacking-cat-b35-developer-options-adb/

https://web.archive.org/web/20210412114924/http://areille.com/blog/hacking-cat-b35-developer-options-adb/ (Wayback link in case its down in the future)

I tried Augustin's method first and failed, then I tried Bananahacker's one and failed too. The main distinction is that each proposes using a different EDL software version. They are basically the same (as in one being the fork of the other). Over the course of time they have parted from each other to the point where not even the commands listed in both articles will be taken by the software, so you need to rewrite the commands each time, which is not a big deal if you know what you are doing but might be confusing if you're not an experienced terminal user.

My first day-long session failed, both EDL programs where not letting me print GPT tables and much less download USERDATA partition into my harddrive so as to edit it and push it back into the phone. I tried and tried and thru some debugging I came to the idea that maybe both programs have evolved in such a way that its no longer working with CAT B35. So I looked at the date in the article posted by Augustin and went to Github and looked at the repo that was around that time, ran the command:

git checkout `git rev-list -n 1 --before="2020-01-01 10:00" master`

and boom! everything worked as it was supposed to, used the commands listed in the article, got the same responses, no friction whatsoever. EDL connected with the phone without any extra --memory commands, GPT partition was readable, all partitions where downloadable and specially: USERDATA was available.

So as both articles say, I went ahead and opened my gHex editor, loaded the USERDATA image, edited the bits as instructed, saved it as a separate file, pushed it to the phone and DONE! Developer mode was present under the Device menu.

What followed was a bunch of alternative store installs, Telekram being the most desired app on my phone. Lots and lots of removed programs by hanging removable from false to true  in the webapps.json file and some other small changes like adding my own links to the carousell app.

The only thing I was unable to do was to remove the INCREDIBLY ANNOYING truck engine startup sound, which is insanely loud. Anybody succeded on that one?

A last coment, I had the temptation of simply buying another KaiOS phone, specially one thats listed as an easy break-in. Being that Kaios phones are all over the place in second hand marketplaces (I guess cause unless you hack them, they are a piece of crap). But what held me motivated to hack into the B35 is the fact that, to my knowledge, is the only  KaiOS device that can support 64gb or 128gb SD Cards. Also the ruggedness of it comes handy as im travelling all the time and not from bed to bed, so to speak.

I seriously hope my experience serves somebody, its always nice to know that I might be the last person spending 2 entire day and nights breaking into this phone.

[Farooq Karimi Zadeh]

thanks for sharing. it is a good idea to post a wiki page regarding these. please let me know if you have not got an account.

banana...@googlegroups.com wrote:

--
You received this message because you are subscribed to the Google Groups "comp.mobile.nokia.8110" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bananahacker...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bananahackers/ef217169-d997-4a37-8b83-b2c08019e806n%40googlegroups.com.

[Ozesno]

hi! not to my knowledge. If I can get an account ill port my notes into the wiki. thanks!

[Farooq Karimi Zadeh]

visit wiki.bananahackers.net

banana...@googlegroups.com wrote:

To view this discussion on the web visit https://groups.google.com/d/msgid/bananahackers/44f07569-82bf-4e5d-b4d6-a0a516b0b55cn%40googlegroups.com.