A CaptionCall Phone Succumbs To Doom, Again

March 2, 2025 by Arya Voronova 11 Comments

Pour one out for yet another device conquered. This one’s a desk phone for conferences and whatnot, a colour display, a numpad, and a bog standard handset with a speaker and mic. Naturally, also running Linux. You know what to expect – [Parker Reed] has brought Doom to it, and you’d be surprised how playable it looks!

This is the second time a CaptionCall device has graced our pages running Doom — CaptionCall patched out the previous route, but with some firmware dumping and hashcat, root has been acquired once again. [Parker] has upgraded this impromptu gaming setup, too – now, all the buttons are mapped into Doom-compatible keyboard events coming from a single input device, thanks to a C program and an Xorg config snippet. Feel free to yoink for your own Doom adventures or just general CaptionCall hacking!

If you’re interested in the hacking journey, get into the exploitee.rs Discord server and follow the hack timeline from password recovery, start to finish, to Doom, to the state of affairs shown in the video. Now, as the CPU speeds have risen, should the hackerdom switch away from Doom as the go-to? Our community remains divided.

Continue reading “A CaptionCall Phone Succumbs To Doom, Again” →

DOOM On A Desk Phone Is Just The Tip Of The Iceberg

August 13, 2021 by Tom Nardi 23 Comments

These days we expect even the cheapest of burner smartphones to feature a multi-core processor, at least a gigabyte of RAM, and a Linux-based operating system. But obviously those sort of specs are unnecessary for an old school POTS desktop phone. Well, that’s what we thought. Then [Josh Max] wrote in to tell us about his adventures in hacking the CaptionCall, and now we’re eager to see what the community can do with root access on a surprisingly powerful Linux phone.

As the names implies, the CaptionCall is a desk phone with an LCD above the keypad that shows real-time captions. Anyone in the United States with hearing loss can get one of these phones for free from the government, so naturally they sell for peanuts on the second hand market. Well, at least they did. Then [Josh] had to go ahead and crack the root password for the ARMv7 i.MX6 powered phone, started poking around inside of its 4 GB of onboard NAND, and got the thing running DOOM.

If you’re interested in the technical details, [Josh] has done a great job taking us step by step through his process. It’s a story that will be at least somewhat familiar to anyone who’s played around with embedded Linux devices, and unsurprisingly, starts with locating a serial port header on the PCB.

Finding the environment variables to pretty tightly locked down, he took the slow-route and dumped the phone’s firmware 80 characters at a time with U-Boot’s “memory display” command. Passing the recovered firmware image through binwalk and a password cracker got him the root credentials in short order, and from there, that serial port got a whole lot more useful.

[Josh] kicked the phone’s original UI to the curb, set up an ARM Debian Jessie chroot, and started working his way towards a fully functional Linux environment. With audio, video, and even keypad support secured, he was ready to boot up everyone’s favorite 1993 shooter. He’s been kind enough to share his work in a GitHub repository, and while it might not be a turn-key experience, all the pieces are here to fully bend the hardware to your will.

Historically, running DOOM on a new piece of hardware has been the harbinger of bigger and better things to come. With unfettered access to its Linux operating system up for grabs, we predict the CaptionCall is going to become a popular hacking target going forward, and we can’t wait to see it.

Classic British Phone Gets A Google Makeover

September 28, 2017 by Dan Maloney 20 Comments

It may seem like an odd concept to younger readers, but there was once a time when people rented their phones rather than buying them outright. Accordingly, these phones were built like tanks, and seeing one of these sturdy classics of midcentury modern design can be a trip down memory lane for some of us. So retrofitting a retro phone with a Raspberry Pi and Google’s AIY seems like a natural project to tackle for nostalgia’s sake.

The phone that [Alasdair Allan] decided to hack was the iconic British desk telephone, the GPO-746, or at least a modern interpretation of the default rental phone from the late 60s through the 70s. But the phone’s looks were more important than its guts, which were stripped away to make room for the Raspberry Pi and Google AIY hat. [Alasdair] originally thought he’d interface the Pi to the rotary dial through DIOs, until he discovered the odd optical interface of the dialer — a mask rotates over a ring of photoresistors, one for each digit, exposing only one to light from an LED illuminated by a microswitch on the finger stop. The digital interface brings up the Google voice assistant, along with some realistic retro phone line sounds. It’s a work in progress, but you can see where [Alasdair] is in the video below.

If stuffing a Google Pi into a retro appliance sounds familiar, it might be this vintage intercom rebuild you have in mind, which [Alasdair] cites as inspiration for his build.

Continue reading “Classic British Phone Gets A Google Makeover” →