Apple Lightning Video Adaptors Run IOS, Dynamically Loaded

Apple has for a very long time been a company that ploughs its own furrow when it comes to peripherals, with expensive proprietary hardware being the order of the day over successive generations of its products. One of its current line of proprietary interfaces is the Lightning connector, best thought of as an Apple-only take on the same ideas that the rest of the world knows as USB-C. There are a whole host of white dangly peripherals that can be hung from your iDevice’s Lightning port, including a pair of display adaptors that allow them to drive an HDMI or VGA monitor.  [Lisa Braun] has subjected one that had failed to a teardown, and her analysis gives some insight into the way Apple creates its peripherals.

Where you might expect these to contain mostly the equivalent of a graphics card, in fact they have a fully-fledged SoC of their own that runs its own OS with the same Darwin kernel as its host. Unexpectedly this is not held upon the adapter itself, instead it is shipped with iOS and loaded dynamically. Thus the file containing it can be retrieved from iOS and unpacked, leading to some interesting analysis. In a fascinating twist for those of us unused to Lightning’s internals, it’s revealed that the device can be driven from a USB port with the appropriate cobbled-together adapter, allowing a full-size MacOS device to interrogate it. This many not be news to readers with a long memory though, we’ve told you in the past about reverse engineering the Lightning connector.

28 thoughts on “Apple Lightning Video Adaptors Run IOS, Dynamically Loaded

  1. “best thought of as an Apple-only take on the same ideas that the rest of the world knows as USB-C”

    Lightning appeared on the iPhone 5 in 2012, whereas USBC wasn’t even finalised until 2014, and only started popping up in phones in late 2015, often with flawed USB2 implementations.

    So while it is “Apple’s take on the same ideas”, they shipped an implementation while everyone else had USB2 micro.

    1. Would you like some mouthwash after that?
      Lightning is Apple’s 2012 version of Lightning was USB 2.0 with the only difference being the reversible connector, in 2015 the i-Pad Pro upgraded lightning to USB 3.0 and that’s the long and short of the similarities to USB-C.

      As for “best thought of as an Apple-only take on the same ideas that the rest of the world knows as USB-C” Apple is on the USB-IF Board and thus privy to the details of USB-C development. Understanding that, saying that they didn’t try and position lighting as the “Original” reversible connector, despite it being a USB2.0 implementation until after USP3.1 came out, is just naive.

    2. With Apple’s reversible connector, reversibility is achieved by simply doubling the number of pins. There is no increase in the number of signals. With USB-C, reversibility increases the number of pins and also increases the number of signals possible. One pin pair is used to detect the orientation of the connector. The signals are all arranged on the connector such that tx/rx pairs meet regardless of the orientation; it’s just a question of which sets connect together, and that is resolved by the orientation detection. I thought this was very clever.

    3. In a sense, USB-C is the second version of Lightning. Officially the credit for USB-C is applied to about a dozen companies, but it’s quite clear that a great deal of it is based on lessons learned from Lightning.

    1. Though as the original twitter thread notes they have a really bad habit of dying after a few uses & is the reason for the teardown. I am sort of bummed she wasn’t able to discern why that failure happens so often. Still a great teardown, reverse engineering and write up on what’s going on inside.

    2. If only there were an open standard of how to transfer video wirelessly which were supported by almost every (non apple) phone, (non apple) notebook, smart tv, mid-range projector that were made in the past 5 years.

      Oh wait, there is one, its called Miracast.
      It even supports streaming video directly without re-encoding it, supports using it as an independent secondary screen or supports streaming back input devices like keyboard, mouse, tv remote, touchscreen, presentation remote that is connected to the tv/projector.

      But apple and its closed, proprietary, dongle world is the way to go. Right?

      1. If you have an Apple device, and don’t have a TV with Miracast support, then yes.

        Or I suppose a person could replace lots of devices in their life in order to avoid buying a <$100 adapter. Of course even then you don't have any control over what TV you get in your hotel or hospital room.

      2. I have literally never turned up somewhere and found a miracast capable projector. It’s always VGA or HDMI cables.
        So I love my lightning to VGA/HDMI adaptors, as I can plug my phone to the projector and use keynote to control it on my iPad.

  2. This feels like quite a bodged together device. I don’t see why one needs a whole unix kernel to recieve packets and convert them to video signals. At least this means there might be a way to “jailbreak” these video dongles to do other zany things.

    1. $$$ could be one thing. If Apple decides to reuse silicon from an older/defunct product it could potentially be cheaper than spinning a new part or buying one from another vendor. Also perhaps the throughput on Lightning isn’t high enough for a simple line buffered video converter and rescaler. Instead, maybe they’re compressing the video and using a H/W video decoder?

    1. It’s an AirPlay streaming client. The phone or ipad sends video to the dongle over a wire rather than wirelessly, but it’s apparently the same data format. So the dongle is kind of like a limited functionality AppleTV connected directly to the phone and the TV.

  3. So the kernel is shipped with IOS and you can unpack it? Can you modify it? Who will be the first to get a rootshell on an adapter? Can you put malware there?
    Don’t know, seems massively overkill to me. But interesting.

    1. … yes you can modify it? But since it’s part of iOS, and loaded from the phone onto the connector, you’d have to have root access to the phone already in order to put the modified version onto the connector, and as soon as you unplugged it you’d lose your modifications, so it’s not too clear to me what you’d buy from doing any of that?

      1. Loading from iOS means they don’t need flash on the device and can potentially upgrade it via updating iOS (probably to support new versions of AirPlay). That would also mean that the software is always in sync with iOS.
        But it sounds like the hacked image would need to defeat a signature check in the bootrom code in the dongle (though maybe someone will be able to get a ROM dump and find a vulnerability). I can’t think of any immediate value in running the dongle without being connected to an iDevice. Perhaps there would be some value in creating something that sits in the middle telling the iDevice that the desired FW is loaded but loading something else on the actual device to add some sort of capability.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.