iPod shuffle headphone remote reverse engineered

The headphone remote for the third generation iPod shuffle has a special chip that identifies it to the iPod itself. [David Carne] posted an in-depth report about the process he used to reverse engineering that protocol. He’s discovered that the remote uses a peculiar signal to identify it as authentic when the device powers up. We’ve talked about Apple’s use of peripheral authorization before and it seems this is no different. [David] did manage to emulate the authentication using an ATmega88. If you’ve got a shuffle 3G sitting around this info will allow you to operate it with a microcontroller in your next project.

35 thoughts on “iPod shuffle headphone remote reverse engineered

  1. good to know, but it’s alot easier to just to solder wires to the remote’s button pads. saves space too bcuz the thing is so damn tiny. I wold like a shuffle with a microsd slot. it would cost apple alot less than built-in memory, and i also have a 16gb uSD i am dying to use on something.

  2. A shuffle with microsd slot would be the right thing to do from a consumer point of view, but would also be much less profitable for Apple because the expandable device would become obsolete much later, and they couldn’t sell you the new and improved shuffle with twice the memory size.

    Welcome to the dark side of capitalism!

  3. Can you tell me a good reason why they should control everything and everyone who touches their shiny proprietary products?

    There is no good reason.

  4. if it was true drm then the remote would have to have a receiver built in too to detect a signal from the device.

    also apple may try to sue because of reverse engineering.

    if they do just ignore the c&d notices because they are probably a fake.

  5. i gave up on apple long long ago. i enjoyed playing oregon trail on the apple.. but then when i got my first(and last) ipod i realized how apple is all controlling &shit. now that my parental units have an ipod, i actually took the time to learn how to put crap on your ipod (FLOOLA)
    but idk how to interface with iphone. i tried with my friends but he wouldnt let me try tkfe. i say F apple, iphone, all that shit. my phone has expansion capabilities(microSD), i can bluetooth whoever i want (except iphones for above reason), slide out a keyboard, dont have to buy my apps in a store, and i can use my screen with gloves(if i wore gloves..) lol i just h8 apples unless they’re granny smith. (those other apples suck) that said, nice reverse engineer. looks like it took alot of time

  6. It is not, and has never been, a DRM chip. Follow the link in the article:

    “Given the simplicity of the chirp – my thoughts are that it is purely an identifier, and less an authentication method. Any manufacturer that wanted to design a compatible accessory without Apple’s permission would be able to reverse engineer the chirp just as I did.”

  7. @jeditalian
    one word: jailbreak. I even have an app that let’s me send and recieve via Bluetooth…and I haven’t payed for an app on my iPhone in months. App store ain’t all that bad anyways. Great selection.

  8. This is super interesting to read. But the final sentence gives me mixed feelings:

    “I’d like to investigate building a capacitive touch sensor remote, since that could be made completely waterproof.”

    He dedicated all this time to replacing the remote because he wanted to build a better one, but so far he’s spent all his time trying to get around this weird, proprietary, undocumented signal…

  9. Nice as these hacks are, there comes a time where you should consider not putting up with Apple’s practices any more. Why further support them by hacking their products thus making them even more attractive?

  10. @wdfowty,

    I’ve got no problem with jailbreaking itself, but as someone whose app has been mire widely pirated than purchased I sure hope that your not pirating apps. You seem to imply that you are but it isn’t entirely clear.

  11. I’ve been wanting to build an adapter for my ipod touch 3g that would let me use a standard stereo headset w/mic to control my ipod, this article provided half of the info i was needing, anyone know how the mic is hooked up in the Remote w/mic version? Also how to hook up a standard mic to it?

  12. Nicely documented and well done hack! Apple needs to get a life and just leave the damn headphones alone. I cannot think of any reason beyond money that this was done by apple. So yeah, Steve Jobs keep parking in handicap spaces, crapping on your employees, live in a delusional world of yes men, and completely alienate you total user base that is not on the hollywood a-list… You’ll learn what MS did about a decade ago. They are at least trying to fix it. And I wouldn’t be so cocky of having 5% of the market share. Apple can’t afford to lose over a million dollars a day to a BS European lawsuit and survive like MS did. Someone in another forum said something to the effect of “it’s nice to see Satan skating in to work” and I agree at this point.

  13. This is a nice hack, and great work!

    However, I think if would be of more use just writing an MP3 decoder for the Atmel, wire a memory device, and leave the shuffle out of the equation. A micro-controller with a memory device would do great as a stand alone player, instead of using the whole device for interfacing a headphone. (Seriously Apple, devices for interfacing a headphone?)

  14. Mr.R, the headphones actually use a standard push-to-talk button/mic that you can find on just about any hands-free phone headset. Since you are also getting a stereo audio signal the headphones use 4 connections (tip, ring, ring, sleeve). Long before the Shuffle came out I was using a cheap $5 mic adapter just so I could have play/pause/forward/backward via that button on my iPod touch. Just about any of these should work: http://www.google.com/products?q=iphone%20mic%20adapter

    This gives you everything but volume, which is the only reason there is a chip inside.

  15. id, they added the chip so that the volume up/down signal could be encoded on the wire. It does not actually prevent other headphones from being used.

    If any of you going “omg, why apple do tis?” would actually read the article then you would see that it’s not a DRM chip. Apple did call it an “auth” chip once, but like the author of the linked article notes, the chip is only used to identify what controls are being used (and converting the signal so it can work with only one wire). The signal is so simple that it wouldn’t make sense for Apple to use it as a way to stop 3rd parties from making their own headphone/remote combos.

    Apple pisses me off for plenty of reasons, just like the rest of you, but they didn’t do anything evil here. They did not do this so you were forced to buy their hardware. The proof is out there in existing 3rd party adapters and headphones, which don’t even license the “made for ipod” mark, let alone the control chip.

    Again, THE CHIP IS NOT A DRM CHIP. READ THE LINKED ARTICLE.

  16. @Kyle McDonald – I originally started reverse engineering the remote just for the fun of teasing the protocol out. Building a capacitive sensing remote was just a spur of the moment thought that occurred to me while doing the writeup.

    @Tom – but then what would I have to RE.

    @scuba steve – I can be reached on irc: davidc__ on freenode/oftc.

    @id – the atmega88 series of devices doesn’t have the compute power to decode MP3s.

    @Ned Scott – push to talk won’t work on the shuffle unless something that generates the “chirp” is also plugged into the cable. [At least, it doesn't work on my shuffle, since the shuffle turns off power to the CTL pin if it doesn't get a response].

  17. David,

    Ah, that’s strange that the chirp is needed even for that on the Shuffle, but it should still work on Mr.R’s ipod touch.. unless they changed it for the 3rd gen (I only have a 2nd gen).

  18. My plan is to combine the board from one of the remote w/mic ear-buds with a Griffin inline remote and add a connector so i can use a standard computer headset with mic or my headphones as I hate to use ear-buds. I’ve already purchased the remote (i thought it had the chip in it, but i was wrong and i cant return it). I just don’t know how to wire the mic into the ipod’s 4th ring. I’m currently waiting for one of the ear-bud’s speaker coils to fail before i attempt this.

  19. I didn’t say it was DRM. I’m just saying that adding that, if adding that functionality requires a chip on your headphones, then there may be something wrong with the design. I’m still thinking that headphones/headsets should still be passive rather than active devices. That would make them more affordable.

    If it requires “hacking” to make the iPod Shuffle to correctly work with regular headphones, then some standard is flawed, or someone is aiming at getting a lot of money out of this business.

    I never thought it was DRM, but if you think about it, it could be just a step closer to it. Just like HDCP was added to HDMI. Now, note from the summary: “the remote uses a peculiar signal to identify it as authentic when the device powers up”, which to me, it’s some sort of IP protection mechanism.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s