Navigon 8110 Firmware Download



  1. Navigon Updates Free Download
  2. Navigon 8110 Firmware Download Software
  3. Navigon 8110 Firmware Download Flash Tool

While considered dead by some people Nokia recently started releasing remakes of successful phones from the 90s based on modern hardware that have battery lifetimes that seem insane at a time, where smartphones need to be charged once a day. The latest device is the Nokia 8110 4G.

NAVIGON MyBest POI Always know how far away you are from your favourite points of interest with NAVIGON MyBest POIs This service is a real asset which will show you points of interest that are important to you and ensure that you keep your bearings. Instructions and tips for operating the software More detailed information and explanations Warnings 1.2 Legal notice 1.2.1 Liability The software and manual are subject to change without notice. NAVIGON AG is not liable for the accuracy of the information contained in this manual or for damages resulting from the use of this manual. This is 'Navigon 8110 - SD Update to 8310 - No Funktion' by FMHT on Vimeo, the home for high quality videos and the people who love them.

A lot of people around me started buying the phone, as it supports 4G, can be used as a wifi hotspot and as it has such a great battery performance. Most of them are hoping that it will be possible to modify the firmware as well. The device has been built as a feature-phone but it is actually run on KaiOS which is based on linux, so it is theoretically possible to extend the phone by own functionality.

So I basically decided to buy my own device to get my hands on it and try to find a way to get own software onto it. It turned out to be amazingly easy as firmware images are just signed with the AOSP default keys which can be obtained by cloning the AOSP repositories.

AOSP - Android Open Source Project

Wait? AOSP? I thought the device is run by an OS called KaiOS. If you take a look at the Gonk layer of the KaiOS Architecture, you will recognize that there is indeed a lot of Android build into it. This is actually no surprize as the SoCs manufacturer qualcomm basically provides Android systems for their devices via Codeaurora.

Using some of the Android functionalities saves a lot of money, as KaiOS can just reuse existing hardware bindings and just wrap those.

I do not know, how exactly KaiOS is compiled but I would also guess that it is build from a AOSP alike sourcetree, as Google basically provides a somewhat messy but quite funciton build environment that does a lot of things like packing and signing images on its own and I would say that it does it quite well, if you know what you are doing and are reading the documentation.

Boot Modes

Most android devices can be booted into different modes. I have been able to boot the device into QDL and recovery mode. This are the keystrokes you need to press and hold when powering up to boot the device to both modes:

  • QDL: press and hold all direction buttons (just press the frame at two points) and power the device on.
  • recovery: press and hold _up_and_hangup_ and then power the device on.

QDL mode

If you enter this mode, the display just flashes with the KaiOS logo and then turns black. If you use lsusb, you will see a line like this

Bus 001 Device 002: ID 05c6:9008 Qualcomm, Inc. Gobi Wireless Modem (QDL mode)

The device will now respond to the Sahara protocol. This mode for example allows dumping device fuses. This includes the SHA256 hash of the root key used for signing the qualcomm binaries, which happens to be

1357fdaeabb7becbe49095f000d9d3dadf198885106d98598cac6d1b9b2edb3a

in reverted byteorder.

This mode normally also allows to load the eMMC emergency downloader (firehose) to the device. I have been able to send a firehose downloader for some msm8909 based device to the phone and it at least acceppted the elf-header but the execution of the loader finally failed. I have not checked at which phase it fails, but as the root-key will not match the one fused into the device, I doubt that it will be possible to run some downloader if there is no leak of a properly signed binary.

Recovery mode

The device just uses the AOSP recovery. The source for that can be found in the AOSP recovery repository. It is likely that the running variant has been modified in some ways, but the original recovery is always a good reference, if you are messing with it.

Whatever you do: Do not write to the recovery partition. If you destroy this, you would brick your device. As all bootable images, the recovery image is signed. I have not yet looked at the signatures, but it is likely that you are not able to sign your own and thus you will break your device as soon as you modify it.

The recovery mode basically allows loading a signed update.zip from sdcard or via adb sideload. It also provides access to bootlogs that reveal interesting information.

The KaiOS used seems to have been built based on Android 6.0.1 and is running on a Kernel version 3.10 (which I would guess is the version provided by Codeaurora for the SoC).

The recovery always accepts update files that are properly signed with normally the releasekey of the device. Files are signed using signapk, so the same mechanism that Android packages are signed with.

When the signature of an update can be properly verified, the updater unpacks an application located at META-INF/com/google/android/update-binary from the update package and executes it. This application can than modify the image.

Android Boot

On Qualcomm devices, there are a lot of things happing during the boot process. I simplify this a lot. Most of the stuff happening can be obtained by Qualcomm under an NDA or you just search the web for the leaked documentation.

So the basic process is something like this

  1. Some boot-ROM is loaded and executed. If there is no need to jump to Sahara, the device will continue loading a lot of firmware images like the SBL1, NON-HLOS, TZ and the aboot. All those images are signed with keys that lead back to the root signing key. If any of the signature does not match, the boot process will be stopped and the device will not boot.
  2. At some point, the aboot is executed. This loads the boot or recovery kernel and checks it signature against a key compiled into it. As aboot is signed, it cannot be modified, so it is not possible to change the kernel keys.
  3. The boot or recovery kernel will then start loading the device and boot Android or in the case of the Nokia 8110 4G it just boots KaiOS.

The Android kernel contains a initial ramdisk containing the bootscripts. If this will mount the /system partition which contains most of the applications and services. This partition can be signed using Verity to have a completely signed bootchain. If this is the case, any modification on the /system partition will stop the device from accessing the modified blocks (and probably boot). Luckily the Nokia 8110 4G does not use Verity.

Access Vectors

If the signing environment has been set up properly, it is quite hard to get into the device and modify software or firmware. The problem is that breaking signatures means that the device will not boot anymore.

Updating the Kernel

I have not yet checked the signatures of the boot and recovery partition. If there are no design flaws and the signatures are checked (there are some build modes, where aboot does not check signatures), it might be impossible to modify the kernel without the signing keys. This is worth being checked.

Recovery Keys

After playing with QDL a while, I started poking the recovery. It turned out that they just reused the test signing keys available form the AOSP tree. This is basically a common mistake and I have seen that several times. The problem is that the AOSP tree just builds fine and does not warn you about that at all. It turned out that someone seems to have already found this issue some days before I started looking at the device and used it enabling adb. Before you just jump and do the same thing he did, please not that you might lose update capabilities for your device when applying this change.

The normal process would be building the system with the test-keys and then you use sign_target_files_apks to resign the system with your own releasekeys. Anyway: let's assume that the manufacturer has done this intentionally to allow us, to modify the phone.

This actually means that we can create our own updates and modify everything on the /system partition. This actually causes one problem: We do not know, what type of update process Nokia is using. If this is block based OTA, any change on the /system partition will break OTA in the future. So it is always a good idea to create a backup before changing anything.

Dumping the Firmware

I have made a simple application to dump the firmware of my Nokia 8110 4G. It is written in poor C and has some flaws and maybe should not be used if you fear to lose your device, but it worked at least on my device. You can find it on github, if you like to use or modify it.

I compile it from within an Android 6.0.1 tree (as I happen to have one on my harddisk anyways), but it should be possible to build it using ndk-build as well. The commands I used to pack and build the update.zip are:

If you do not have a AOSP build laying around, you might want to obtain a version of signapk that works on your system. Maybe I might also upload the required tools at some point if I find the time to do this.

There is also a prebuilt update.zip in the github repository. The update basically executes the included application which then iterates over all partitions on the flash and writes their content to an sdcard inserted to the phone. To execute it, you can sideload it via adb sideload or just copy it to a vfat formated sdcard.

The most interesting files are the boot.bin, recovery.bin and system.bin, as they contain the actual system and would allow us to modify the system. The system.bin can be mounted as ext4 filesystem.

8110

Conclusion

Having a way to modify the firmware shifts this device from nice to awesome. It might be worth digging into the system and try to find new ways to make it even better. I hope that Nokia does not decide to close this by updating the certificates the device as this actually makes the device worth the money.

So if you guys at Nokia might read this, it would be great if you either leave this open or provide a way for OEM unlocking as other manufacturers do. It makes it worth to totally get your hands on this device, as it makes it possible to hack the device matching your own needs.

Garmin’s Navigon sat nav apps are to be withdrawn from sale from 14 May, the company announced today.

The move affects all of its vehicle navigation apps – the most relevant to UK users is Navigon Europe for Android and iOS devices.

Garmin is citing ‘strategic reasons’ for the decision. This will end a 25-year run for the German brand, which Garmin acquired in 2011. However, with a cost structure for the apps that included a hefty initial purchase price, as well as annual subscriptions for premium features such as live traffic services, it would appear to have struggled against a raft of free-to-download competition from the likes of Google and Waze.

Navigon

Top five sat nav apps for 2018 – find an easy-to-use alternative to Navigon for your smartphone.

Is my Garmin Navigon app affected?

Almost certainly – the only exception is a version of the software known as ‘Select’, which is only available in Germany.

If you’re currently using a Navigon app and have paid for ‘FreshMaps’, subscriptions or in-app features, these will continue to be available until the end of your current subscription, which are normally monthly or yearly.

Users who took out the ‘Unlimited Navigation’ option will be able to use the service for a further two years.

However, Navigon users will no longer be able to update subscriptions or make further in-app purchases after 14 May.

Android users beware

While iOS users won’t have to take any action at the end of their subscription, Garmin has warned that Android users will need to manually cancel it or risk being charged a renewal fee, despite support being dropped next month. The brand has posted instructions on how to cancel subscriptions on its support site, which will continue to be available to app owners.

Should you need to reset or change your phone, you’ll still be able to download and use the Navigon app from your app store library, provided you don’t change operating system (for instance from Apple to Android), as they are separate products.

Can’t decide whether a smartphone app or dedicated sat nav unit would be the best solution for you? Head to our guide to how to buy the best sat nav.