iphone hacks

243 Articles

Apple’s Secure Enclave Processor (SEP) Firmware Decrypted

August 18, 2017 by 14 Comments

The decryption key for Apple’s Secure Enclave Processor (SEP) firmware Posted Online by self-described “ARM64 pornstar” [xerub]. SEP is the security co-processor introduced with the iPhone 5s which is when touch ID was introduced. It’s a black box that we’re not supposed to know anything about but [xerub] has now pulled back the curtain on that.

The secure enclave handles the processing of fingerprint data from the touch ID sensor and determines if it is a match or not while it also enables access for purchases for the user. The SEP is a gatekeeper which prevents the main processor from accessing sensitive data. The processor sends data which can only be read by the SEP which is authenticated by a session key generated from the devices shared key. It also runs on its own OS [SEPOS] which has a kernel, services drivers and apps. The SEP performs secure services for the rest of the SOC and much more which you can learn about from the Demystifying the Secure Enclave Processor talk at Blackhat

[xerub] published the decryption keys here. To decrypt the firmware you can use img4lib and xerub’s SEP firmware split tool to process. These tools make it a piece of cake for security researchers to comb through the firmware looking for vulnerabilities.

Charge Your Phone On An Iron Throne

July 20, 2017 by 8 Comments

Game of Thrones season 7 is finally here! [Hoecrux] is celebrating by building a GoT inspired cell phone charger. No, this isn’t a 3D print, nor is it vacuum molded. This iron throne was hand made from hundreds of cocktail swords. The frame of the chair is made from medium density fiberboard (MDF). The frame is covered with upholstery foam, then a layer of thin gray foam which forms the surface of the chair.

[Hoecrux] then began the painstaking process of hot gluing 600 cocktail swords to her creation. Each sword had to be modified by cutting off the loop guard. Some of the swords are bent, which was achieved with a heat gun. The completed chair was finished with a coat of black spray paint, followed by dry brushing with acrylic silver paint.

This particular iron throne charger is built for an android phone. [Hoecrux] embedded a micro USB cable in the base of the seat. If you’re of the iOS persuasion, you can substitute a lightning cable.

Check out the video after the link, and while you’re at it, get a look at this beach ready solar charger setup.

Continue reading “Charge Your Phone On An Iron Throne”

Hacking IBeacons For Automating Routines

July 17, 2017 by 17 Comments

Every self-respecting hacker has an automation hack somewhere in his/her bag of tricks. There are a lot of modern-day technologies that facilitate the functionality like GPS, scripting apps, and even IFTTT. In an interesting hack, [Nick Lee] has combined iBeacons and a reverse engineered Starbucks API to create an automated morning routine.

By creating a mobile app that scans for iBeacons, [Nick Lee] was able to reduce the effort made every morning while heading to his office. When the app encounters a relevant beacon, a NodeJS app sitting in the cloud is triggered. This consequently leads to desired actions like ordering an Uber ride and placing an order for an iced latte.

[Nick Lee] shares the code for the Starbucks application on GitHub for anyone who wants to order their favorite cup of joe automatically. This project can be easily expanded to work with GPS or even RFID tags and if you feel like adding IoT to a coffee machine, you could automate all of your beverage requirements in one go.

Siri Controls Your PC Through Python And Gmail

April 27, 2017 by 8 Comments

Voice-based assistants are becoming more common on devices these days. Siri is known for being particularly good at responding to natural language and snarky responses. In comparison, Google’s Assistant is only capable of the most obvious commands, and this writer isn’t even sure Microsoft’s Cortana can understand English at all. So it makes sense then, if you want voice control for your PC, to choose Siri as your weapon of choice. [Sanjeet] is here to help, enabling Siri to control a PC through Python.

The first step is hooking up the iPhone’s Notes app to a Gmail account. [Sanjeet] suggests using a separate account for security reasons, as you’ll need to place the username and password in a Python script. The Python script checks the Gmail account every second, looking for new Notes from the iPhone. Then, it’s as simple as telling Siri to make a Note (for example, “Siri, Note shutdown”) and the Python script can then pick up the command, and act accordingly.

It’s a quick and easy way to get Siri to do your bidding. There’s other fancy ways to do it, too — like capturing Siri’s WiFi data on your home network.

VR Mech’s Missing Link: The Phone In Your Pocket

April 26, 2017 by 10 Comments

In the process of making a homemade Mech Combat game that features robot-like piloted tanks capable of turning the cockpit independent of the direction of movement, [Florian] realized that while the concept was intuitive to humans, implementing it in a VR game had challenges. In short, when the body perceives movement but doesn’t feel the expected acceleration and momentum, motion sickness can result. A cockpit view that changes independently of forward motion exacerbates the issue.

To address this, [Florian] wanted to use a swivel chair to represent turning the Mech’s “hips”. This would control direction of travel and help provide important physical feedback. He was considering a hardware encoder for the chair when he realized he already had one in his pocket: his iPhone.

By making an HTML page that accesses the smartphone’s Orientation API, no app install was needed to send the phone’s orientation to his game via a WebSocket in Unity. He physically swivels his chair to steer and is free to look around using the VR headset, separate from the direction of travel. Want to try it for yourself? Get it from [Florian]’s GitHub repository.

A video is embedded below, but if you’re interested in details be sure to also check out [Florian]’s summary of insights and methods for avoiding motion sickness in a VR Mech cockpit.

Continue reading “VR Mech’s Missing Link: The Phone In Your Pocket”

Defeat The Markup: Iphone Built By Cruising Shenzhen

April 13, 2017 by 46 Comments

[Scotty Allen] from Strange Parts, has just concluded a three month journey of what clearly is one of the most interesting Shenzhen market projects we have seen in a while. We have all heard amazing tales, pertaining the versatility of these Chinese markets and the multitude of parts, tools and expertise available at your disposal. But how far can you really go and what’s the most outrageous project can you complete if you so wished? To answer this question, [Scotty] decided to source and assemble his own Iphone 6S, right down to the component level!

The journey began by acquiring the vehemently advertised, uni-body aluminium back, that clearly does not command the same level of regard on these Chinese markets when compared to Apple’s advertisements. [Scotty’s] vlog shows a vast amount of such backings tossed as piles in the streets of Shenzhen. After buying the right one, he needed to get it laser etched with all the relevant US variant markings. This is obviously not a problem when the etching shop is conveniently situated a stones throw away, rather simplistically beneath a deck of stairs.

Next came the screen assembly, which to stay true to the original cause was purchased individually in the form of a digitizer, the LCD, back-light and later casually assembled in another shop, quicker than it would take you to put on that clean room Coverall, you thought was needed to complete such a job.

[Scotty] reports that sourcing and assembling the Logic board proved to be the hardest part of this challenge. Even though, he successfully  purchased an unpopulated PCB and all the Silicon; soldering them successfully proved to be a dead end and instead for now, he purchased a used Logic board. We feel this should be absolutely conquerable if you possessed the right tools and experience.

All the other bolts and whistles were acquired as separate components and the final result is largely indistinguishable from the genuine article, but costs only $300. This is not surprising as Apple’s notorious markup has been previously uncovered in various teardowns.

Check out [Scotty’s] full video that includes a lot of insight into these enigmatic Shenzhen Markets. We sure loved every bit of it. Now that’s one way get a bargain!

Continue reading “Defeat The Markup: Iphone Built By Cruising Shenzhen”

IPhone Brain Surgery

February 24, 2017 by 44 Comments

You think you’re good at soldering? Can you solder a CPU? A CPU inside an iPhone? A decapped CPU inside an iPhone? Can you solder inside a decapped CPU inside of an iPhone?

If you can’t, fear not – someone can, and we found him or her courtesy of a video that [Bunnie Huang] tweeted a while back. There’s not much information in the video, but from what we can gather it comes from an outfit called G-Lon Technology in Guang Zhou. Their Facebook page suggests that they teach cellphone repair, and if they take their repairs this far, we’d say the students are getting their tuition’s worth.

The reason for the repair is unclear, although the titles refer to a “CPU to U0301 AP31 AR31 broken repair,” which we take to refer to a boot error that can be repaired by exposing a couple of pads inside the CPU and wiring them to another chip. We’d love to hear comments from anyone familiar with the repair, but even in the absence of a clear reason for undertaking this, the video is pretty impressive. The epoxy cap of the CPU is painstakingly ground away under a microscope, then tiny tools are used to scrape down to the correct layers. Solder mask is applied, hair-thin wires are tacked to the pads, and a UV-curing resin is applied to fill the CPU’s new gaping hole and to stabilize the wires. It seems like a lot of work to save an iPhone, but it sure is entertaining to watch.

Can’t get enough of poking around the innards of chips? We’ve got decapping stories aplenty: one, two, and three that you might like. We’ve even covered at least one CPU internal repair before too.

Continue reading “IPhone Brain Surgery”