iPhone NVMe Chip Reversed with Custom Breakout Boards

Ever so slowly, the main storage in our computers has been moving from spinning disks, to SSDs over SATA, to Flash drives connected to a PCI something or other. The lastest technology is NVMe — Non-Volitile Memory Express — a horribly named technology that puts a memory controller right on the chip. Intel has a PCI-based NVMe drive out, Samsung recently released an M.2 NVMe drive, and the iPhone 6S and 6S Plus are built around this storage technology.

New chips demand a reverse engineering session, and that’s exactly what [Ramtin Amin] did. He took a few of these chips out of an iPhone, created a board that will read them, and managed to analize the firmware.

Any reverse engineering will begin with desoldering the chip. This is easy enough, with the real trick being getting it working again outside whatever system it was removed from. For this, [Ramtin] built his own PCIe card with a ZIF socket. This socket was custom-made, but the good news is you can buy one from ITEAD. Yes, it is expensive — that’s what you get with a custom-made ZIF socket.

With the chip extracted, a custom PCIe card, and a bit of work with the NVMe implementation for Linux, [Ramtin] had just about everything working. Eventually, he was able to dump the entire file system on the chip, allowing anyone to theoretically back up the data on their iPhone or MacBook Air. Of course, and especially for the iPhone, this data is encrypted. It’s not possible to clone an iPhone using this method, but it is a remarkably deep dive into the hardware that makes our storage tick.”

38 thoughts on “iPhone NVMe Chip Reversed with Custom Breakout Boards

        1. “within English, -ize, is added to adjectives and nouns to form transitive verbs with the general senses “to render, make” ( actualize; fossilize;…”
          Trying to actuality the anal.

    1. It’s not an Apple technology, it’s from the NVMe workgroup and had someone from Intel chairing it. First release was 2011. Read all about it on wikipedia.

      This article makes it sound like it’s brand new technology which it isn’t but it’s mostly been in use in high end PCs and servers so maybe not everyone’s heard of it.

      1. When has that ever stopped Apple from re-branding something?

        It’s actually been in use for far more than that. Pretty much any x86 tablet has been using that for a while, as well as a lot of small computers. M.2 is a rather common form factor for a while.

  1. Nice to see some people really trying out interfacing these new memories.

    Some months ago, I got a Galaxy S6 for Data resurrection.
    As it was basically bricked I already started to collect all information I could get about the UFS 2.0 bus architecture.

    Hopefully next project to see here is a UFS 2.0 breakout board :)

    1. Probably not. Apple is viciously against any sort of extended use or reuse of any of their devices. They want you to buy something, use it for 2 years tops, TOPS, and then have no other choice but to buy whatever new garbage their slinging. They don’t even want you to reuse complimentary headphones or chargers. Apple executives have a pretty substantial appetite for high class hookers and cocaine, they would spit on an AIDS baby’s face if they caught one trying to teeth on an old iphone 4. They think you and the rest of their customers are stupid, and will throw money every time they whip out their dicks and helicopter it on a stage. And they aren’t entirely wrong.

      1. OK, Apple might be against it, but go to Shenzhen and see what they’ll do with an iAnything (or samsung, or …yeah) in the markets there. Milling chips off boards to upgrade them, board-level rework while you wait, books with the schematics and PCB layouts in… seriously extreme recycling.

  2. “Eventually, he was able to dump the entire file system on the chip, allowing anyone to theoretically back up the data on their iPhone or MacBook Air.” Unfortunately, for “anyone” doing so would require first de-soldering the chip off their device. Sure wish we had a backup for that!

  3. since the chip is soldered can the chip be removed and put into something so it can be used on pc and then wipe the chip and install it back in the phone to get rid of the user locks on the phone such as the icloud lock?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s