Hexinverter ¬ Feeling a bit scammed by the RufusCuff

What the?

So a long, long, heck of a long time ago (2014) if you were like I was, you'd have backed an IndyGogo project called Rufus Cuff. It promised a nice wearable Android device which felt really cool and futuristic. This seemed a bit dodgy after the initial offering, with frequent and not so frequent emails to backers promising that things were really progressing, showing manufacturing and things happening. Sometimes messages would be frequent once every few weeks, sometimes it'd be over a year. I just categorized this as a tried and failed backing, a curiosity that'd never pay off. Eventually here we are six years later, and they sent out a survey, do you want a thing now? Well then, yes I answered, give me a thing now.

What we got was, to say the least, a bit disappointing. It was a device that looked nothing like their visualizations, nothing like manufacturing work in progress pictures. We suspected right away that this was an OEM device sent to mollify the hangers on. Some investigation showed that yes, this was absolutely a several year old device sold also as a LEMFO LEMT (many other resourses a google away, I do not believe they are still sold by LEMFO). It seems like they were New Old Stock that RufusLabs purchased and sent to people who backed the Cuff.

Kind of a galling aspect of this is that RufusLabs created commercial and military wearable hardware which more or less matches what they promised IndyGogo backers but didn't give them to us. It's more than a little ridiculous.

So what did we actually get?

An image of the Mediatek C10 480x640 branded as the RufusCuff showing a size comparison to my hand An image of the Mediatek C10 480x640 showing the side buttonsAn image of the Mediatek C10 480x640 showing the RufusCuff boot image

It's too big to be a watch, which is why I assumed this didn't really worked out as a commercial product. It's like a very small phone with no phone stuff like microphones and things. It does have a beautifully long battery life, and might make a fine backup phone, just without the band in your pocket because it's huge even for my beefyish arms and has a huge uncomfortable strap. It can take a micro SIM and has a 4g baseband. All of that works great. It has a small front facing camera which is reasonably ok but obviously awkward to use for taking pictures. It has Bluetooth and works OK with headsets.

The software stack is kind of odd, it has Android 7.1 with a custom watch-ish launcher. It can run other Android apps fine, but it has very limited buttons (a back button and a power button) and no way to access the normal back/home/apps button, a function which is handled in this case by the launcher for apps that cooperate, running other apps is from annoying to impossible if you hope to navigate to other things running or access alerts and things. There are a bunch of watch faces in a market of sorts.

The hardware is based on the Mediatek C10 480x640 LFLT platform, which turns out to be interesting because several other things are based on similar hardware, see next section.

What can we do with this thing?

As soon as I obtained this, I was able to boot to the fastboot bootloader: I don't know a heck of a lot about rooting Android devices, but I did enable developer options by repeatedly clicking on the Build Number in About Watch in the settings. Then I allowed ADB access to my computer - and then I could look around with adb shell. This didn't prove too interesting, so I tried and succeeded in rebooting into the bootloader with adb reboot bootloader. This boots to the fastboot bootloader, which allows some more probing.

A screenshot of the output of fastboot getvar all showing the product variable with a value of C10_480x640_LFLT among other things

The way I figured out the platform was with fastboot getvar all. This is, incidentally, how I discovered the platform information. The "product" variable has the value "C10_480X640_LFLT". Searching for this lead down an interesting path, notably that there is a local root exploit, so we can root this! Rebooting into the system, and copying the tar file downloaded from that thread, untarring and running it in adb shell as described in the thread above, and blammo it done worked! I have a root shell. Fun times.

A screenshot showing mtk-su rooting the RufusCuff from adb shell

I spent some time hacking the supersu flashable tar to install it. This required editing the install script that would normally be run so it'd run under the shell that you get when you run the su program. It wasn't hard but I'm not completely convinced that it worked.

In other news, searching around for the platform information lead to some rather interesting discovereies. While there's no official TWRP (an open bootloader for Android devices) there has been some work on making a working port for this platform from the OpenWatch project, along with some interesting other developments. Although these haven't been touched in some time it seems like they could be an interesting thing to pursue for somebody who has more experience building things for Android stuff, and time. As for me, well a spare phone is cool to have anyways.