A bit of info about 8110 sound interception
Here's what I managed to find out as of now regarding audio routing:
KaiOS, as well as Android, use ALSA version called TinyALSA. And beside the /proc/asound and /dev/snd filesystems, only three utilities are exposed: tinyplay (play WAV at specified device), tinycap (record WAV from specified defice) and tinymix (mixer parameter control).
The tinymix utility shows all mixing options exposed by chipset itself and a handful of other properties. Most properties are boolean but there also are enum and string values. To get/set the option, one has to refer to it by its id.
Option format is the following: [id] [type] [amount_of_parameters] [name] [current value]
Where [name], when we're talking about audio commutation properties on Qualcomm devices, always has the form "[channel_to] Mixer [channel_from]".
For instance, take a look at this line from tinymix output:
244 BOOL 1 VoiceMMode1_Tx Mixer AFE_PCM_TX_MMode1 Off
This means literally the following: boolean flag with a single parameter and id 244, that routes the AFE_PCM_TX_MMode1 channel to VoiceMMode1_Tx channel, is now off.
To change the value(s), just issue tinymix [prop_id] [prop_value(s)]. In out case, to turn this particular routing on, just issue tinymix 244 1, then we see it's on:
root@Nokia 8110 4G:/data/local/tmp # tinymix 244
VoiceMMode1_Tx Mixer AFE_PCM_TX_MMode1: On
Now, let's talk about channels of interest (for the purpose of audio traffic interception) particularly on 8110 (they may differ from chipset to chipset or even from microcode to microcode). Note that properties having "TX" or "UL" markings are related to microphone, and the ones having "RX" or "DL" markings are related to speakers respectively.
Note: most of the below are guesses from the monitoring of live call behavior. They have yet to be verified!
1. TERT_MI2S_TX_MMode1 - local microphone input channel during the call.
2. VoiceMMode1_Tx - uplink microphone channel during the call.
3. PRI_MI2S_RX_Voice - local speaker output channel during the call.
4. VoiceMMode1 - downlink speaker channel during the call.
5. AFE_PCM_TX_MMode1 - reference to a proxy PCM device where we can grab the stream from during the call.
6. AFE_PCM_RX_Voice - reference to a proxy PCM device where we can send the stream into during the call.
7. VOC_REC_DL - the channel to record all speaker traffic from multimedia mixers without interception. Already verified (see the thread about recording).
8. VOC_REC_UL - the channel to record all microphone traffic from multimedia mixers without interception. Already verified (see the thread about recording).
To be continued...