The FPC adapter shown soldered between the BGA chip and the phone's mainboard, with the phone shown to have successfully booted, displaying an unlock prompt on the screen

IPhone 6S NVMe Chip Tapped Using A Flexible PCB

March 3, 2024 by 3 Comments

Psst! Hey kid! Want to reverse-engineer some iPhones? Well, did you know that modern iPhones use PCIe, and specifically, NVMe for their storage chips? And if so, have you ever wondered about sniffing those communications? Wonder no more, as this research team shows us how they tapped them with a flexible printed circuit (FPC) BGA interposer on an iPhone 6S, the first iPhone to use NVMe-based storage.

The research was done by [Mohamed Amine Khelif], [Jordane Lorandel], and [Olivier Romain], and it shows us all the nitty-gritty of getting at the NVMe chip — provided you’re comfortable with BGA soldering and perhaps got an X-ray machine handy to check for mistakes. As research progressed, they’ve successfully removed the memory chip dealing with underfill and BGA soldering nuances, and added an 1:1 interposer FR4 board for the first test, that proved to be successful. Then, they made an FPC interposer that also taps into the signal and data pins, soldered the flash chip on top of it, successfully booted the iPhone 6S, and scoped the data lines for us to see.

This is looking like the beginnings of a fun platform for iOS or iPhone hardware reverse-engineering, and we’re waiting for further results with bated breath! This team of researchers in particular is prolific, having already been poking at things like MITM attacks on I2C and PCIe, as well as IoT device and smartphone security research. We haven’t seen any Eagle CAD files for the interposers published, but thankfully, most of the know-how is about the soldering technique, and the paper describes plenty. Want to learn more about these chips? We’ve covered a different hacker taking a stab at reusing them before. Or perhaps, would you like to know NVMe in more depth? If so, we’ve got just the article for you.

We thank [FedX] for sharing this with us on the Hackaday Discord server!

DOOM On IPhone OS, On Android

July 24, 2023 by 7 Comments

So you want to play some games from the early days of 32-bit iPhone OS that no longer run on recent OS versions? [Hikari-no-yume] wrote a sweet high-level emulator, touchHLE, to do so on modern iOS phones. But maybe you don’t have an iPhone? [Ciciplusplus] has your back. He ported the iPhone OS emulator, written in Rust, to Android, and then ported a version of DOOM that runs on iPhone OS to go with it.

[Ciciplusplus] also made a video (embedded below) where he documented the trials and tribulations of porting Rust code to the Android platform – an intensely Java environment. It doesn’t sound like it was at all trivial. Of course, this couldn’t have been accomplished without [Hikari-no-yume]’s original work on touchHLE, which was made essentially to fulfill [Hikari-no-yume]’s long-time obsession with the game Super Monkey Ball.

So for now, touchHLE can boast the ability to run a few old 32-bit games on Android and desktop operating systems. What other games from the first years of gaming on smart phones (and iPods) do you need to see ported? Get involved in the project if you’ve got an itch you need scratched.

Continue reading DOOM On IPhone OS, On Android”

Your IPhone Can’t Do What This WinCE Device Can!

June 16, 2023 by 44 Comments

Most of us probably now have a smartphone, an extremely capable pocket computer — even if sometimes its abilities are disguised a little by its manufacturer. There are many contenders to the crown of first smartphone, but in that discussion it’s often forgotten that the first generally available such devices weren’t phones at all, but PDAs, or Personal Digital Assistants. The fancier ones blurred the line between PDA and laptop and were the forerunner devices to netbooks, and it’s one of these that [Remy] is putting through its paces. He makes the bold claim that it can do things the iPhone can’t, and while the two devices are in no way comparable he’s right on one point. His HP Journada 720 can host a development environment, while the iPhone can’t.

The HP was something of a turn-of-the-millennium object of desire, being a palmtop computer with a half-decent keyboard a 640×240 pixel TFT display, and 32 MB of RAM alongside its 206 MHz Intel StrongARM CPU. Its Windows CE OS wasn’t quite the desktop Windows of the day, but it was close enough to be appealing for the ’90s exec who had everything. Astoundingly it has more than one Linux distro that can run on it with some level of modernity, which is where he’s able to make the claim about the iPhone being inferior.

We remember the Journada clamshell series from back in the day, though by our recollection the battery life would plummet if any attempt was made to use the PCMCIA slot. It was only one of several similar platforms offering a mini-laptop experience, and we feel it’s sad that there are so few similar machines today. Perhaps we’ll keep an eye out for one and relive the ’90s ourselves.

Virtualizing IPhoneOS 1.0

December 25, 2022 by 3 Comments

Virtualizing computers is nothing new. However, Apple devices always present challenges. Just ask anyone who has built a Hackintosh. At least computer hardware is usually exposed, but on phones, the challenge is even harder due to mysterious devices. [Martijn] managed to reverse engineer the iPod Touch 1G enough to run iPhoneOS 1.0 on it and has several blog posts explaining how he did it.

The emulator is the ubiquitous QEMU. He has emulation for the critical hardware, including the cryptographic modules, the hardware clock, and the timer, along with memory and display and interface hardware. However, Wifi, some USB, audio, the light sensor, and some graphics hardware are still absent. That doesn’t stop the OS from booting, however.

Continue reading “Virtualizing IPhoneOS 1.0”

An iPhone sits in a users hand open to the YouTube app. What is unusual is that the iPhone is bent in an L shape and is still functioning properly.

First Folding IPhone Doesn’t Come From Apple

November 11, 2022 by 26 Comments

Folding phones are all the rage these days, with many of the major smartphone manufacturer’s having something in this form factor. Apple has been conspicuously absent in this market segment, so [KJMX] decided to take matters into their own hands with the “iPhone V.” (YouTube – Chinese w/subtitles via MacRumors).

Instead of trying to interface an existing folding phone’s screen with the iPhone, these makers delaminated an actual iPhone X screen to use in the mod. It took 37 attempts before they had a screen with layers that properly separated to be both flexible and functional. Several different folding phones were disassembled, and [KJMX] found a Motorola Razr folding mechanism would work best with the iPhone X screen. Unfortunately, since the iPhone screen isn’t designed to fold, it still will fail after a relatively small number of folds.

Other sacrifices were made, like the removal of the Taptic Engine and a smaller battery to fit everything into the desired form factor. The “iPhone V” boasts the worst battery life of any iPhone to date. After nearly a year of work though, [KJMX] can truly claim to have made what Apple hasn’t.

Curious about other hacks to let an iPhone do more than Apple intended? Check out how to add USB-C to an iPhone, try to charge it faster, or give one a big memory upgrade.

PSU charging an externally connected supercapacitor bank that's powering the phone. There's a current clamp on one of the wires to measure charging current, and a multimeter measuring the charging voltage.

Just How Fast Could You Charge An IPhone?

November 3, 2022 by 23 Comments

An iPhone 8, now a relatively cheap model, can charge its battery fully in two hours’ time. There’s hardly ever a need for faster charging, but it’s fair to ask – how much faster could it really go? [Scotty Allen] from [Strange Parts], back after a hiatus, is back to stretching the limits of what a regular iPhone can do, and decides to start off with an exploration of battery technologies.

What people commonly encounter is that charging speed depends on the charger involved, but even one hundred chargers in parallel won’t speed up this iPhone’s charging rate, so what’s up? First off, the phone’s charger chip and the battery’s BMS will both limit charging current, so for experiment purposes, those had to be bypassed. First attempt was using a hefty DC power supply with the original cell, and, unsatisfied with the lack of fire and still relatively slow charging, [Scotty] decides to up the ante.
Continue reading “Just How Fast Could You Charge An IPhone?”

Rollercoasters Are Triggering The IPhone’s Crash Detection System

October 12, 2022 by 68 Comments

Apple has been busy adding new features to its smartphone and smartwatch offerings. Its new iPhone 14 and Apple Watch 8 now feature a safety system that contacts emergency services in the event the user is in a automobile accident.

As with so many new technologies though, the feature has fallen afoul of the law of unintended consequences. Reports are that the “crash detection system” is falsely triggering on rollercoasters and in other strange circumstances. Let’s take a look at how these systems work, and why this might be happening.

Continue reading “Rollercoasters Are Triggering The IPhone’s Crash Detection System”