37C3: When Apple Ditches Lightning, Hack USB-C

December 30, 2023 by Elliot Williams 11 Comments

[Thomas Roth], aka [Ghidraninja], and author of the [Stacksmashing] YouTube channel, investigated Apple’s Lightning port and created a cool debugging tool that allowed one to get JTAG on the device. Then, Apple went to USB-C for their new phones, and all his work went to waste. Oh well, start again — and take a look at USB-C.

Turns out, though, that the iPhone 15 uses the vendor-defined messages (VDM) capability of USB-PD to get all sorts of fun features out. Others had explored the VDM capabilities on Mac notebooks, and it turns out that the VDM messages on the phone are the same. Some more fiddling, and he got a serial port and JTAG up and running. But JTAG is locked down in the production devices, so that will have to wait for an iPhone 15 jailbreak. So he went poking around elsewhere.

He found some other funny signals that turned out to be System Power Management Interface (SPMI), one of the horribly closed and NDA-documented dialects owned by the MIPI Alliance. Digging around on the Interwebs, he found enough documentation to build an open-source SPMI plugin that he said should be out on his GitHub soon.

The end result? He reworked his old Lightning hardware tool for USB-C and poked around enough in the various available protocols to get a foothold on serial, JTAG, and SPMI. This is just the beginning, but if you’re interested in playing with the new iPhone, this talk is a great place to start. Want to know all about USB-C? We’ve got plenty of reading for you.

Reverse Engineering The Apple Lightning Connector

February 22, 2023 by Chris Lott 7 Comments

A frequent contributor to the hacker community, [stacksmashing] has prepared an excellent instructional video on reverse engineering Apple’s Lighting connector proprietary protocol. The video begins by showing how to gain physical access to the signals and hooking them up to a logic analyzer. He then notes that the handshaking uses only a single signal and proposes that Apple isn’t going to re-invent the wheel (perhaps a risky assumption). Using a ChatGPT search, obligatory these days, we learn that Dallas Semiconductor / Microchip 1-wire is probably the protocol employed.

Which embedded single-wire busses exist that encode bits with different lengths of low and high signals?

At the basic level, 1-wire and protocols like Texas Instruments SDQ operate in a similar manner. It turns out that [stacksmashing] already wrote a SDQ analyzer module for the Saleae logic analyzer. Aided by this tool, he digs deeper and learns more about the kinds of messages and their contents. For example, upon being plugged in, the host system queries the accessory’s serial number, manufacturer, model number, and product description. Finally, he introduces the CRC reverse engineering tool reveng to determine which CRC polynomial and algorithm the protocol uses to frame each packet.

Even if you have no interest in Lightning cables, this video is a great tutorial on the types of things you need to do in order to make sense of an unknown communications protocol. Gather what information you can, make some educated guesses, observe the signals, revise your guesses, and repeat. In part two, [stacksmashing] will show how to build a homemade iPhone JTAG cable.

We wrote in more detail about cracking the Lightning interface back in 2015. The Lightning interface may have been a good solution in its day, foreshadowing some of the features we now have in USB-C. But its proprietary and closed nature meant it wasn’t used outside of the Apple ecosystem. With the proliferation and capabilities of USB-C, not to mention various legislative edicts, Lightning’s days seem numbered. Is the industry finally settling on one interface? Let us know your thoughts in the comments below.

Continue reading “Reverse Engineering The Apple Lightning Connector” →

An iPhone sits in a users hand open to the YouTube app. What is unusual is that the iPhone is bent in an L shape and is still functioning properly.

First Folding IPhone Doesn’t Come From Apple

November 11, 2022 by Navarre Bartz 26 Comments

Folding phones are all the rage these days, with many of the major smartphone manufacturer’s having something in this form factor. Apple has been conspicuously absent in this market segment, so [KJMX] decided to take matters into their own hands with the “iPhone V.” (YouTube – Chinese w/subtitles via MacRumors).

Instead of trying to interface an existing folding phone’s screen with the iPhone, these makers delaminated an actual iPhone X screen to use in the mod. It took 37 attempts before they had a screen with layers that properly separated to be both flexible and functional. Several different folding phones were disassembled, and [KJMX] found a Motorola Razr folding mechanism would work best with the iPhone X screen. Unfortunately, since the iPhone screen isn’t designed to fold, it still will fail after a relatively small number of folds.

Other sacrifices were made, like the removal of the Taptic Engine and a smaller battery to fit everything into the desired form factor. The “iPhone V” boasts the worst battery life of any iPhone to date. After nearly a year of work though, [KJMX] can truly claim to have made what Apple hasn’t.

Curious about other hacks to let an iPhone do more than Apple intended? Check out how to add USB-C to an iPhone, try to charge it faster, or give one a big memory upgrade.

PSU charging an externally connected supercapacitor bank that's powering the phone. There's a current clamp on one of the wires to measure charging current, and a multimeter measuring the charging voltage.

Just How Fast Could You Charge An IPhone?

November 3, 2022 by Arya Voronova 23 Comments

An iPhone 8, now a relatively cheap model, can charge its battery fully in two hours’ time. There’s hardly ever a need for faster charging, but it’s fair to ask – how much faster could it really go? [Scotty Allen] from [Strange Parts], back after a hiatus, is back to stretching the limits of what a regular iPhone can do, and decides to start off with an exploration of battery technologies.

What people commonly encounter is that charging speed depends on the charger involved, but even one hundred chargers in parallel won’t speed up this iPhone’s charging rate, so what’s up? First off, the phone’s charger chip and the battery’s BMS will both limit charging current, so for experiment purposes, those had to be bypassed. First attempt was using a hefty DC power supply with the original cell, and, unsatisfied with the lack of fire and still relatively slow charging, [Scotty] decides to up the ante.
Continue reading “Just How Fast Could You Charge An IPhone?” →

Quick Hack: The Phone To Stream Deck Conversion

July 18, 2022 by Al Williams 8 Comments

What do you do with those old Android or iPhone phones and tablets? You have plenty of options, but it is pretty easy to build your own stream deck with a little off-the-shelf software. What’s a stream deck, you ask? The name comes from its use as a controller for a live-streaming setup, but essentially, it’s an LCD touchscreen that can trigger things on your computer.

The software I’m using, Deckboard, is a server for Windows or Linux and, of course, an Android app. The app is free with some limitations, but for under $4 you can buy the full version. However, even the free version is pretty capable. You can use an Android phone or tablet and you can connect to the PC with a USB cable or WiFi. I’ve found that even with WiFi, it is handy to keep the phone charged, so realistically you are going to have a cable, but it doesn’t necessarily have to connect to the host computer.

Linux Setup

Setup is very easy. The biggest hurdle is you might need to set up your firewall to allow the server to listen on port 8500 with TCP. There are a few small issues when installing with Linux that you might want to watch out for. There are 32-bit and 64-bit versions in deb, tar.gz, and appimage format. There’s also a snap. The problem with the snap is it is sandboxed, so without effort you can’t easily launch programs, which is kinda the entire point. I finally removed it and installed the deb file which was fine.

There were still two other wrinkles. First, while Deckboard offers a way to launch programs, it must be a program from a list it reads from your system. That would be acceptable, but the list wasn’t complete. I never did figure out why some things show up on the list and others don’t. For example, GIMP which shows up on my application menu was absent. Yet other things that were fairly obscure did show up.

I thought this might be a dealbreaker until I found that Deckboard has a well-developed plugin system and one of those plugins lets you run an arbitrary command line. I guess it is a little less convenient, but it is much more flexible since you can launch any program you want and provide options to it as well.

The only other complaint I had is that when you run the program, it shows its configuration interface and puts itself in the system tray. That’s great the first time you run it, but on system startup, it would be nice to just have it quietly start. If there’s an option for that I haven’t found it. I’ll tell you how I solved that later, but, for now, just live with it.

Continue reading “Quick Hack: The Phone To Stream Deck Conversion” →

Building A Better 3D Scanner With An IPhone, And Making Art

July 14, 2022 by Lewin Day 14 Comments

Apple’s FaceID system uses infrared depth-sensing technology to authenticate people via their faces. It can also be used for simple 3D scanning, and [Scott Yu-Jan] found a better way to do that.

The main problem with using an iPhone as a 3D scanner in this manner is that the sensor is built into the front side of the device. It’s great for scanning your own face, but if you’re trying to scan an object, you can no longer see the iPhone’s screen. [Scott] solved this problem by slapping together a handheld 3D printed device to hold the iPhone along with an external monitor. This allowed Scott to scan while still seeing what was going on.

Having noticed that some of the 3D scanning apps produced strange, glitchy results when scanning faces, [Scott] decided to innovate artistically. He employed [Andrea] to model, took some scans, and Photoshopped the results into some impressive posters.

Overall, [Scott] demonstrates that it’s relatively easy to repurposed the iPhone for improved 3D scanning. With a simple design, he has a handheld scanner that works way better than just the phone on its own. Alternatively, consider getting into photogrammetry instead.

Continue reading “Building A Better 3D Scanner With An IPhone, And Making Art” →

iPhone 6 with Linux boot log on its screen

Boot Mainline Linux On Apple A7, A8 And A8X Devices

June 12, 2022 by Arya Voronova 10 Comments

[Konrad Dybcio] tells about his journey booting Linux on A7/8/8X processors, playing around with an old iPhone 5 he’s got in a drawer. It’s been a two-year “revisit every now and then” journey, motivationally fueled by the things like Linux on M1 Macs announcement. In the end, what we have here is a way to boot mainline Linux on a few less-than-modern but still very usable iPhones, and a fun story about getting there.

[Konrad]’s work is based on the Sandcastle project research, but he couldn’t quite figure out how to make their code work, and had to make sense of it as he went. At some point, he got stuck on enabling the MMU, which was the main roadblock for a while. Joined by another developer intrigued by Apple hardware, they were hacking away at it, developing tools and neat tricks on their way, but to no avail. With the framebuffer accessible and no other decent debugging methods in sight, he tells about a code snippet they wrote that printed register values as valid barcodes Continue reading “Boot Mainline Linux On Apple A7, A8 And A8X Devices” →