Millions of people worldwide have just added new Apple gadgets to their lives thanks to the annual end of December consumerism event. Those who are also Hackaday readers are likely devising cool projects incorporating their new toys. This is a good time to remind everybody that Apple publishes information useful for such endeavors: the Accessory Design Guidelines for Apple Devices (PDF).
This comes to our attention because [Pablo] referenced it to modify an air vent magnet mount. The metal parts of a magnetic mount interferes with wireless charging. [Pablo] looked in Apple’s design guide and found exactly where he needed to cut the metal plate in order to avoid blocking the wireless charging coil of his iPhone 8 Plus. What could have been a tedious reverse-engineering project was greatly simplified by Reading The… Fine… Manual.
Apple has earned its reputation for hacker unfriendliness with nonstandard fasteners and liberal use of glue. And that’s even before we start talking about their digital barriers. But if your project doesn’t involve voiding the warranty, their design guide eliminates tedious dimension measuring so you can focus on the fun parts.
This guide is packed full of dimensioned drawings. A cursory review shows that they look pretty good and aren’t terrible at all. Button, connector, camera, and other external locations make this an indispensable tool for anyone planning to mill or print an interface for any of Apple’s hardware.
So let’s see those projects! Maybe a better M&M sorter. Perhaps a time-lapse machine. Or cure your car’s Tesla envy and put a well-integrated iPad into the dashboard.
The decryption key for Apple’s Secure Enclave Processor (SEP) firmware Posted Online by self-described “ARM64 pornstar” [xerub]. SEP is the security co-processor introduced with the iPhone 5s which is when touch ID was introduced. It’s a black box that we’re not supposed to know anything about but [xerub] has now pulled back the curtain on that.
The secure enclave handles the processing of fingerprint data from the touch ID sensor and determines if it is a match or not while it also enables access for purchases for the user. The SEP is a gatekeeper which prevents the main processor from accessing sensitive data. The processor sends data which can only be read by the SEP which is authenticated by a session key generated from the devices shared key. It also runs on its own OS [SEPOS] which has a kernel, services drivers and apps. The SEP performs secure services for the rest of the SOC and much more which you can learn about from the Demystifying the Secure Enclave Processor talk at Blackhat
[xerub] published the decryption keys here. To decrypt the firmware you can use img4lib and xerub’s SEP firmware split tool to process. These tools make it a piece of cake for security researchers to comb through the firmware looking for vulnerabilities.
Not so long ago, mapping WiFi required a laptop, GPS, a big antenna and Kismet/NetStumbler. Today’s smartphones have replaced even this task. For those of us running a GPS and WiFi equipped Windows Mobile phone, WiFiFoFum is an excellent and simple solution, as well as a great companion for installing an AP. Continue reading “WiFi Mapping with a smartphone”
In middle of all the adding features that should have been available day-one, Apple announced something really interesting for the hardware hacking community. The new iPhone 3.0 OS will support application communication over bluetooth or through the dock connector using standard or custom protocols. From Engadget’s coverage:
10:19AM “They talk over the dock, and wirelessly over Bluetooth. Things like playing and pausing music, getting artwork — or you can build your own custom protocols.”
10:19AM “Now here’s a class that we think will be really interesting — medical devices.” Scott’s showing off a blood pressure reader that interfaces with the iPhone — wild.
10:18AM “Here’s an example — an FM transmitter. With 3.0, the dev can build a custom app that pairs up with it, and automatically finds the right station and tunes it in.”
10:18AM “With 3.0, we’re going to enable accessory developers to build custom apps that talk directly to that hardware.”
No solid connection specification has been published yet. We’re excited about the prospect of developing our own accessory hardware, but we wonder what sort of hoops you’ll have to jump through. Apple doesn’t have the best track record when it comes to approvals. Just this week they denied MSA Remote client App Store entry; it’s a multitouch client that uses the standard TUIO protocol. Prepare for similar roadblocks in the future.
As promised, the iphone-dev team has released yellowsn0w. You can install/uninstall via Cydia. It works fine with the latest firmware too. This sentence is filler.
As promised in their yellowsnow demo, [pytey], [MuscleNerd], and [planetbeing] from the iphone-dev team presented at 25C3 on their work Hacking the iPhone. The team originally formed in 2007 and this is the most comprehensive presentation on how the iPhone was compromised to date. You can find the full talk embedded above.
Continue reading “25C3: Hacking the iPhone”
Hackers are continuing to outpace Apple with feature additions. The team at iMobileCinema has created a flash plugin for the Mobile Safari browser. It’s a beta release and still a bit buggy. This app is only available to people who have jailbroken their iPhones. You just need to add d.imobilecinema.com to your sources in Cydia to get the package to appear. While it can crash from time to time, it’s certainly better than no support at all.