iPod shuffle headphone remote reverse engineered

The headphone remote for the third generation iPod shuffle has a special chip that identifies it to the iPod itself. [David Carne] posted an in-depth report about the process he used to reverse engineering that protocol. He’s discovered that the remote uses a peculiar signal to identify it as authentic when the device powers up. We’ve talked about Apple’s use of peripheral authorization before and it seems this is no different. [David] did manage to emulate the authentication using an ATmega88. If you’ve got a shuffle 3G sitting around this info will allow you to operate it with a microcontroller in your next project.

Comments

  1. kisuke says:

    apple cracked again

    FIRST POST

  2. Paul Potter says:

    Impressive. I’ve got this model of shuffle, and it’s a superb little device.

  3. googfan says:

    good to know, but it’s alot easier to just to solder wires to the remote’s button pads. saves space too bcuz the thing is so damn tiny. I wold like a shuffle with a microsd slot. it would cost apple alot less than built-in memory, and i also have a 16gb uSD i am dying to use on something.

  4. The Steven says:

    Um… but now, it’s not pocket sized. (you may flame me now)

  5. nomnomnom says:

    A shuffle with microsd slot would be the right thing to do from a consumer point of view, but would also be much less profitable for Apple because the expandable device would become obsolete much later, and they couldn’t sell you the new and improved shuffle with twice the memory size.

    Welcome to the dark side of capitalism!

  6. RoboGuy says:

    @nomnomnom

    Music players that support micro SD are available pretty cheaply.

    Welcome to the light side!

  7. Apple Hates Freedom says:

    Gonna get DMCA’d, apple hates freedom.

  8. Lint says:

    Can you tell me a good reason why they should control everything and everyone who touches their shiny proprietary products?

    There is no good reason.

  9. therian says:

    why not just give up on apple ?

  10. nave.notnilc says:

    @Lint

    to make money, duh.

  11. jproach says:

    This is how every hack should be documented. High res pics, lots of scope traces, schematics, sample code.

    Excellent stuff.

  12. Spliff666 says:

    It may be an iPod shuffle, but I still miss my skip button, wish I had a 2g one now

  13. ejonesss says:

    if it was true drm then the remote would have to have a receiver built in too to detect a signal from the device.

    also apple may try to sue because of reverse engineering.

    if they do just ignore the c&d notices because they are probably a fake.

  14. Georgio says:

    @ Lint

    26 yrs ago,they made a promise to the public not be like “big brother”.

  15. jeditalian says:

    i gave up on apple long long ago. i enjoyed playing oregon trail on the apple.. but then when i got my first(and last) ipod i realized how apple is all controlling &shit. now that my parental units have an ipod, i actually took the time to learn how to put crap on your ipod (FLOOLA)
    but idk how to interface with iphone. i tried with my friends but he wouldnt let me try tkfe. i say F apple, iphone, all that shit. my phone has expansion capabilities(microSD), i can bluetooth whoever i want (except iphones for above reason), slide out a keyboard, dont have to buy my apps in a store, and i can use my screen with gloves(if i wore gloves..) lol i just h8 apples unless they’re granny smith. (those other apples suck) that said, nice reverse engineer. looks like it took alot of time

  16. Ned Scott says:

    It is not, and has never been, a DRM chip. Follow the link in the article:

    “Given the simplicity of the chirp – my thoughts are that it is purely an identifier, and less an authentication method. Any manufacturer that wanted to design a compatible accessory without Apple’s permission would be able to reverse engineer the chirp just as I did.”

  17. Wdfowty says:

    @jeditalian
    one word: jailbreak. I even have an app that let’s me send and recieve via Bluetooth…and I haven’t payed for an app on my iPhone in months. App store ain’t all that bad anyways. Great selection.

  18. john says:

    found this on this secret torrent site

    – no need for xbins anymore!

  19. This is super interesting to read. But the final sentence gives me mixed feelings:

    “I’d like to investigate building a capacitive touch sensor remote, since that could be made completely waterproof.”

    He dedicated all this time to replacing the remote because he wanted to build a better one, but so far he’s spent all his time trying to get around this weird, proprietary, undocumented signal…

  20. Tom says:

    Nice as these hacks are, there comes a time where you should consider not putting up with Apple’s practices any more. Why further support them by hacking their products thus making them even more attractive?

  21. @wdfowty,

    I’ve got no problem with jailbreaking itself, but as someone whose app has been mire widely pirated than purchased I sure hope that your not pirating apps. You seem to imply that you are but it isn’t entirely clear.

  22. Tachikoma says:

    Nah don’t give up on Apple – think of their products as an elaborate puzzle for hackers.

  23. Mr.R says:

    I’ve been wanting to build an adapter for my ipod touch 3g that would let me use a standard stereo headset w/mic to control my ipod, this article provided half of the info i was needing, anyone know how the mic is hooked up in the Remote w/mic version? Also how to hook up a standard mic to it?

  24. blue carbuncle says:

    Nicely documented and well done hack! Apple needs to get a life and just leave the damn headphones alone. I cannot think of any reason beyond money that this was done by apple. So yeah, Steve Jobs keep parking in handicap spaces, crapping on your employees, live in a delusional world of yes men, and completely alienate you total user base that is not on the hollywood a-list… You’ll learn what MS did about a decade ago. They are at least trying to fix it. And I wouldn’t be so cocky of having 5% of the market share. Apple can’t afford to lose over a million dollars a day to a BS European lawsuit and survive like MS did. Someone in another forum said something to the effect of “it’s nice to see Satan skating in to work” and I agree at this point.

  25. scuba steve says:

    anybody know how to contact him? I have some info i would like to share with him.

  26. id says:

    This is a nice hack, and great work!

    However, I think if would be of more use just writing an MP3 decoder for the Atmel, wire a memory device, and leave the shuffle out of the equation. A micro-controller with a memory device would do great as a stand alone player, instead of using the whole device for interfacing a headphone. (Seriously Apple, devices for interfacing a headphone?)

  27. Ned Scott says:

    Mr.R, the headphones actually use a standard push-to-talk button/mic that you can find on just about any hands-free phone headset. Since you are also getting a stereo audio signal the headphones use 4 connections (tip, ring, ring, sleeve). Long before the Shuffle came out I was using a cheap $5 mic adapter just so I could have play/pause/forward/backward via that button on my iPod touch. Just about any of these should work: http://www.google.com/products?q=iphone%20mic%20adapter

    This gives you everything but volume, which is the only reason there is a chip inside.

  28. Ned Scott says:

    id, they added the chip so that the volume up/down signal could be encoded on the wire. It does not actually prevent other headphones from being used.

    If any of you going “omg, why apple do tis?” would actually read the article then you would see that it’s not a DRM chip. Apple did call it an “auth” chip once, but like the author of the linked article notes, the chip is only used to identify what controls are being used (and converting the signal so it can work with only one wire). The signal is so simple that it wouldn’t make sense for Apple to use it as a way to stop 3rd parties from making their own headphone/remote combos.

    Apple pisses me off for plenty of reasons, just like the rest of you, but they didn’t do anything evil here. They did not do this so you were forced to buy their hardware. The proof is out there in existing 3rd party adapters and headphones, which don’t even license the “made for ipod” mark, let alone the control chip.

    Again, THE CHIP IS NOT A DRM CHIP. READ THE LINKED ARTICLE.

  29. David Carne says:

    @Kyle McDonald – I originally started reverse engineering the remote just for the fun of teasing the protocol out. Building a capacitive sensing remote was just a spur of the moment thought that occurred to me while doing the writeup.

    @Tom – but then what would I have to RE.

    @scuba steve – I can be reached on irc: davidc__ on freenode/oftc.

    @id – the atmega88 series of devices doesn’t have the compute power to decode MP3s.

    @Ned Scott – push to talk won’t work on the shuffle unless something that generates the “chirp” is also plugged into the cable. [At least, it doesn't work on my shuffle, since the shuffle turns off power to the CTL pin if it doesn't get a response].

  30. Ned Scott says:

    David,

    Ah, that’s strange that the chirp is needed even for that on the Shuffle, but it should still work on Mr.R’s ipod touch.. unless they changed it for the 3rd gen (I only have a 2nd gen).

  31. Mr.R says:

    My plan is to combine the board from one of the remote w/mic ear-buds with a Griffin inline remote and add a connector so i can use a standard computer headset with mic or my headphones as I hate to use ear-buds. I’ve already purchased the remote (i thought it had the chip in it, but i was wrong and i cant return it). I just don’t know how to wire the mic into the ipod’s 4th ring. I’m currently waiting for one of the ear-bud’s speaker coils to fail before i attempt this.

  32. Jason Knight says:

    So… anyone taking bets on how long it’s going to be before Apple legal starts sending C&D’s to all the websites posting about this?

  33. ID says:

    I didn’t say it was DRM. I’m just saying that adding that, if adding that functionality requires a chip on your headphones, then there may be something wrong with the design. I’m still thinking that headphones/headsets should still be passive rather than active devices. That would make them more affordable.

    If it requires “hacking” to make the iPod Shuffle to correctly work with regular headphones, then some standard is flawed, or someone is aiming at getting a lot of money out of this business.

    I never thought it was DRM, but if you think about it, it could be just a step closer to it. Just like HDCP was added to HDMI. Now, note from the summary: “the remote uses a peculiar signal to identify it as authentic when the device powers up”, which to me, it’s some sort of IP protection mechanism.

  34. hawky316 says:

    can it be downsized?

  35. Mark says:

    I’m pretty sure this is the same remote used on the iPhone 3GS and probably 3G too.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 94,486 other followers