On a recent trip to Kerala, I had a short layover in Dubai and whilst wandering around the duty-free shops something caught my eyes:
I couldn’t resist! The salesperson asked whether I would prefer it in blue or grey, but because I intended to bring the phone back to CCL, I was more interested in making sure I got the dual-SIM version. A few hours later I bought a new SIM and launched Opera, and then realised two things:
• I’d just bought a 2G phone.
• HMD Global has made three 3310 variants, each with different hardware and software.
HMD who?
Once upon a time there was Nokia and everyone knew that they made phones; there have been times when they made electricity and toilet paper, but that’s a long story. In 2011, shortly after making the rather excellent N9, Nokia forged an alliance with Microsoft and started putting the Windows Phone operating system on their smartphones. Nearly three years later, the struggling Nokia sold their phone business to Microsoft. Nokia continued to operate primarily in the network equipment space, even acquiring Siemens’ stake in Nokia Siemens Networks and Alcatel-Lucent in the process.
Curiously, the latter acquisition has resulted in Nokia coming to own Bell Labs (formerly AT&T Bell Laboratories) and the Alcatel Mobile brand (licensed to TCL Corporation).
Meanwhile, Microsoft Mobile produced Windows Phone based smartphones (Lumia) and several feature phones based on MediaTek’s hardware and software platforms. They even inherited a few Android-based devices (Nokia X). But Microsoft’s Windows Phone and Windows 10 Mobile haven’t been able to prosper in an environment dominated by Android and iOS.
In 2016, the feature phone business and the rights to the Nokia brand name were sold to HMD Global, a new company founded by former Nokia employees. Since then it has launched a wide range of new Android-based smartphones and continued to release MediaTek-based feature phones.
A new 3310, or three?
The original 3310 was released in 2000 and has gone on to gain iconic status. It was no surprise therefore that the announcement that the model was to be revived was received with much excitement.
The first announcement came in February 2017, and the 2G model was released soon afterwards. This was followed up in September with the news that a model which supports 3G networks was on its way. In January 2018 a 4G version was announced too, but it seems that variant will be exclusive to China. The following table contains a summary of all the new 3310 versions out now:
| Type | Model | Operating System | Chipset manufacturer |
| 2G | TA-1008 (single SIM) | Series 30+ | MediaTek |
| TA-1030 (dual SIM) | |||
| 3G | TA-1022 (single SIM) | Feature OS | Spreadtrum |
| TA-1006 (dual SIM) | |||
| TA-1036 (single SIM, quad band) | |||
| 4G | TA-1077 (single SIM) | Yun OS | Spreadtrum |
Now I was keen to get my hands on the 3G and 4G models as well, especially since they are based on completely different hardware and software platforms. They just happen to have the same name, and look mostly the same when the screen is off. As my colleague Alex has put it, this isn’t even like comparing computers running Windows and macOS, it’s like comparing a Windows computer with an old PowerPC-based Mac.
In case you haven’t heard of them, MediaTek (MTK) and Spreadtrum (SPD), both based in China, are two of the world’s largest manufacturers of mobile phone integrated circuits. Their chips power feature phones and smartphones from cheap, knock-off devices all the way to flagship models for major brands.
I do now own a dual-SIM 3G 3310 as well. We haven’t found anywhere that is selling the 4G version yet though. I’ll hopefully be able to describe both in future blog posts. This time I’ll describe the 2G model a bit more.
Features
The dual-SIM 2G 3310 has the model name TA-1030. Inside it has a MediaTek MT6260CA System-on-Chip which has 16 MiB of flash memory. The operating system is the MediaTek-derived Series 30+, which we first saw on the 2013 Nokia 108, but it includes Opera Mini 4.4, a few games and apps, as well as access to an app-store. There is also a new version of Snake pre-installed which is made by Gameloft; there are 27 levels, and yes, I have completed them all. It has a micro-USB port for charging and data transfer. In case you were wondering, the phone does have a 3.5mm headphone connector and its screen does not have a notch.
I stated that the SoC had 16 MiB of flash, but according to the phone’s file browser only 1.4 MB is available for storage. I also stated that there’s an app-store: it’s actually just a link which opens in Opera. Applications are built using MediaTek’s MRE (MAUI Runtime Environment) SDK, which as far as I can tell was deprecated in 2015. I’ve spotted a few Java-related artefacts on the phone (and on a memory card), but it’s not clear whether third-party Java apps can be side-loaded.
Analysis
The MediaTek MT6260 chipset is supported by the major digital forensic programs and by several phone flashing tools. The files present in the two FAT12 volumes inside are similar to what we’ve seen on other Series 30+ devices. So, I shan’t describe those in full here, but just cover some of the highlights.
The traditional phone related artefacts (contacts, calls and SMS) as well as notes, events etc. are present in files within the NVRAM directory. Like on other Series 30+ devices, many of these files are obfuscated with that most simple of encryption methods: a simple XOR cipher.
The XOR cipher is an unsophisticated encryption method where the bitwise XOR operator is applied to each byte of the input and a repeating key. Even though it is simple on its own, XOR is used as a component within many robust encryption algorithms.
Once the SMS file (MPA3_001) is deciphered, each SMS message block (Protocol Data Unit or PDU) can be seen to be followed by some extra metadata, including the times when outgoing messages were sent. The epoch for these timestamps has changed since the last time I played with a Series 30+ phone: it’s 2000-01-01.
The call records are stored in a file (MPD1_002) which is not encrypted. Each record includes the IMSI of the relevant SIM. This can be used to attribute each call to a particular SIM and therefore subscriber (i.e. phone number). This is especially useful if the phone one is examining does not contain a SIM card, or worse comes with the wrong SIM(s).
PACKALID is another very useful file. It contains the ICCID and IMSI of both the SIM cards and the phone’s security code.
If a memory card is present in the phone, it is used by programs such as Opera and Twitter to store their data.
The artefacts created by Opera Mini (bookmarks, history, saved pages etc.) use the same formats as their equivalents on other platforms. Despite Opera Mini being the only web browser listed in the launcher, the old MTK/Obigo WAP browser is still present and used as well. For instance, if a picture on a web page is opened or saved, that seems to happen in Obigo.
Bookmarks for the MTK browser are present in two locations in the file system (NVRAM/MP6R_000 and @vbookmarks/BKM.DAT). These contain several pre-loaded entries, but these URLs are not listed in the phone’s user interface.
I can confirm that the following star-hash codes work on this phone (this is not an exhaustive list):
| *#0000# | Firmware version |
| *#06# | IMEI |
| *#2820# | Bluetooth MAC |
| *#6774# | Copyright notices |
| *#92702689# | Serial no. Dates of manufacture, purchase (editable) and repair (if applicable) Life timer |
That’s all for now. I hope to be back soon with details of another 3310. Meanwhile, happy forensicating!
Arun Prasannan
Principal Analyst (Research & Development)
Article Link: https://cclgroupltd.com/the-new-nokia-3310-part-1/